Effective June 28, 2024: Due to a court order in France issued under Article L.333-10 of the French Sport code and a court order in Portugal issued under Article 210-G(3) of the Portuguese Copyright Code, the OpenDNS service is not currently available to users in France and certain French territories and in Portugal. We apologize for the inconvenience.
July 23, 2024: Cisco's OpenDNS service has been reactivated in Portugal and is currently available following a decision by the Lisbon Court of Appeal.
It's laudable that Quad9 want to fight censorship, but they too could block French requests in this way. Maybe redirect to an HTTP/HTTPS IP that tells users about the issue and gives them contacts to their government representatives?
Hoping the HN DNS savvy reading this can help me understand a Quad9 thing I ran into. I was debugging (as in scratching my head) a bank website login problem and ended up doing some DNS checks against their domain, usual stuff, while using Quad9 as my DNS provider.
While testing, I was using Google and Cloudflare as well, and started noticing something - Quad9 does not return all A records listed for a domain, the same way Google/Cloudflare do.
dig -t A google.com @8.8.8.8 +short (6x IPs)
dig -t A google.com @1.1.1.1 +short (6x IPs)
dig -t A google.com @9.9.9.9 +short (1x IP)
This gave me a weird feeling; I get there's a lot of DNS geo magic and 8.8/1.1 serve 2 different subnets, and 9.9 a third. But... where did the other 5 expected IPs from Quad9 get off to?
While I'm here: Google uses edns0 client subnet to geo target your client IP.
Try a dig -t txt o-o.myaddr.l.google.com @8.8.8.8 vs the others to see the src IP of the packet sent to Google's DNS server, and any edns0 info that came along with it.
I used quad9 as the primary upstream DNS for my home. about 11 days ago I wasn't able to send any query to quad9, kinda blocking. Their status page was green I suspected my ip was blocked. Now I'm on quad1 :(
I'm sure geo has something to do with it - my connections generally terminate in Austin, TX but it varies around Central US. I have T-Mobile Home Internet and our IPs show up to remotes under the same general ASNs as the traditional mobile network (big huge CGNAT, my IP can change 5 times a day or whatnot and it doesn't reflect where I actually am located).
Edit: in case useful to someone reading, right now I have an IP assigned out of this block:
I actually do (did, I demoted it for now) use the unfiltered service (9.9.9.10) but find the same result on both, so I used .9 here to keep the chat more streamlined. But, could still be relevant somehow?
In Japan the PM's office once considered to block online piracy websites[1] with DNS in 2018. Japanese tech community fought against it[2][3][4] and it wasn't implemented.
The telco authority currently considers to block online casino websites[5] (gambling is illegal in Japan).
Seems like a great use case for Pi-hole to add include lists - have files with lists of DNS entries that are delisted in some areas. Of course a VPN is probably more beneficial in general though.
If we are talking about the actually root servers, there are 13 redundant names spread out (thanks to anycast) on around 1700 servers located around the world, and the lookup a user would do is cached for 2 days. That mean the highest amount of traffic a system will generate is one request per unique TLD (like .com) per 2 days, and it will fit a single UDP package.
We can then do some guesses about size for questions like "what is the nameservers for .com". Those are a bit larger than most dns queries since the answer is a bit bigger than most, since .com has a lot of nameservers, so lets put it down to 800 bytes. Every 2 day a average use might then, using some guessing, generate maybe 10 kb of traffic, or about 0.015 seconds of watching a 1080p video on youtube.
Everyone used to query the root servers directly from their ISP or corporate edge servers until the big platforms wanted to gather more of everyone's data in the name of "keeping people safe" from "bad ISP's". As with any manipulation campaign there are a few incidents corporate propagandists can site to say, "See! We are protecting you!!" forcing people to debate the issue and knowing the majority will accept the default settings.
The root Anycast clusters are absolutely designed to handle the entire internet querying them which I do from Unbound. If one wishes to help reduce load they can enable large memory caches and rewrite min-ttl to something sane to protect the root servers from Amazon EC2's default 5 second ttl and others like them. Blocking known spam and tracking domains also helps reduce the total number of queries. Groups of friends can even further reduce the load by setting up their own DoH/DoT servers using Unbound DNS and sharing the cache and using cron to keep their favorite domains hot in the cache and increasing private by making the crond queries from a VPS node.
Some DNS recursive resolvers have longer-than-desired round-trip times to the closest DNS root server; those resolvers may have difficulty getting responses from the root servers, such as during a network attack. Some DNS recursive resolver operators want to prevent snooping by third parties of requests sent to DNS root servers. In both cases, resolvers can greatly decrease the round-trip time and prevent observation of requests by serving a copy of the full root zone on the same server, such as on a loopback address or in the resolver software. This document shows how to start and maintain such a copy of the root zone that does not cause problems for other users of the DNS, at the cost of adding some operational fragility for the operator.
This is also why it is important for Switzerland to not sign the deal with the EU next year. The 8k+ page deal would also require Switzerland to pull the line with EU regulation regarding copyright. The freedom we have right now to download would fall away. Doesn't matter if you are left or right, the deal is bad for all of us.
Going after DNS resolvers seems like the easy win. If a website was breaking the law so egregiously then take it to ICANN to get the domain name seized. I'd wager that's a much harder thing to prove, hence the strong arming of DNS resolvers.
Seizing a domain name via ICANN has to be global, as I understand it, while a website might have only broken some nations laws.
If the UK government wants to ban porn but loves gambling, while the US wants to ban gambling but loves porn, a blocking mechanism that lets them have different blocklists allows both nations to get the censorship their voters have chosen.
Does Quad9 run a resolver with DNSSEC but without "malware" blocking? So far I've had multiple instances (twice for a torrent tracker, once for gist.github.com) where they blocked a non-malware domain for a short while, which is really annoying to deal with.
Would the root DNS servers ever get modified or censored as a result of court action?
My thoughts were that DNS-level censorship is essentially a dead end because the root servers are sacrosanct, and there will always be secondary DNS servers to query, who then use the root servers.
Sucks for DNS providers in authoritarian countries though.
I suspect the US would push back on this unless they were the ones doing the censoring. So far the US has not opened that door with DNS; it’s important to make sure that the door stays closed, as this would create chaos and major fragmentation.
In the meantime it might be worthwhile to develop alternatives, like some kind of DNS-over-Tor or DNS-over-DHT scheme, along with normalizing Tor onion services as an alternative access method for clearnet sites.
Yes, some kind of alternative DNS system where domain assignment is authenticated using some kind of distributed system of ownership consensus! If only such a thing has existed for years already and was well tested and performant...
All the things that crypto true believers believed would happen are slowly coming to pass. It wasn't all bored apes and gambling. There was some legitimate developing going on, and still is.
After the Samourai case, you shouldn’t be so confident in cryptocurrency-based solutions for things like this. If devs can somehow stay anonymous and out of reach, maybe.
I’m not ideologically against cryptocurrency-based solutions, but it isn’t a magic bullet by any means. I still think that the EU in particular isn’t done making life difficult for crypto users.
Not to discourage projects like ENS, I think it’s good to have alternatives, but I do think we need noncommercial fallbacks to the current system as well. Anything involving money will always have choke points.
The root DNS servers basically only tell you where the registry servers are, they don't contain records themselves. If someone censored a domain at the registry level then the root servers would be no help
This is true but I can imagine where they might go after the lowest reachable branch of the tree, up to threatening to remove country-level TLDs from the root servers for noncompliance. Only the US really has the leverage to do this, and it would just fragment the internet, as additional root servers would pop up to serve the missing TLDs. So it’s unlikely but possible.
> “At what point does legal compliance become de facto censorship?”
I genuinely agree with this statement a lot. Also another aspect of this is that the bigger companies can somehow "legally" do things which I don't think would work but they have so many resources to strech the court case for a long time.
And the fact is that even after that, even if they are fined for some dollars. They are more than likely to just pay than try to actually fix the core issues which effects everyone harmfully except the company.
All for profit smh. I sometimes wonder if there is a word for this phenomenon for how our system has gotten into such a rotten state from lobbying to this yet at the same time genuine non profits get existential threats for the same behaviour but they simply don't have the funds...
> Also another aspect of this is that the bigger companies can somehow "legally" do things which I don't think would work but they have so many resources to strech the court case for a long time.
A big part of this impression is that people very often very much underestimate what they can get away with, whereas big companies have lawyers to tell them ”oh yeah you can totally do this”.
Of course there are some exceptions. Uber and AirBnB are probably decent ones, in some jurisdictions anyway.
I find it amusing that it's always the governments fault. Or the users fault.
It's never the fault of the trillion dollar industries that are millions of times more powerful than any individual.
Our system get gotten into a rotten state because a tiny number of modern barons have all the power, and none of the civic responsibility. Concentration of money - when money is power, is the same as concentration of power.
> if there is a word for this phenomenon for how our system has gotten into such a rotten stat
There is, it's the system's name: Capitalism
Noone ever in the universe claimed that this system serves primarily the needs of humans. It serves profit. Now there is a ven diagram that has a union area between profits and needs, but the system does not care about making this union bigger, it cares about making the profits bigger. When that overlaps with needs... it is just a happy side effect.
I tend to agree with this sentiment, but my takeaway is slightly different.
People who would describe themselves as supporters of "capitalism", as well as supporters of "communism" or "socialism", are not able to admit that their belief systems are actually religious in structure. Not spiritual perhaps, but effectively "secular religions".
Both capitalism and its nemesis arose in the mid 1900s, when humanity was obsessed with modernist thinking about "solving problems once and for all". And in that context, the people fell in love with these two "clean systems". A more perfect set of rules.
Sure, capitalism doesn't claim to be the most powerful god. But in surrogacy, it claims to be "the least imperfect system". Which is structurally the same claim: declaring the scripture to be some apex that is not surpassable.
The main difference between communism and capitalism was how it was implemented. The USSR went full-tilt ideologically rigid, and collapsed very quickly. The US didn't go full-tilt capitalism. It implemented a hybrid system with a high marginal tax, welfare programs, subsidies, labour unions, public works projects, along with a market system, and that hybrid non-ideologically rigid model served it well.
Around the time it was clear the USSR was collapsing, the USA went hard tilt in favour of ideological purity in capitalism. Systematic series of clawbacks in the tax regime, privatization, elimination of labour unions.
As they leaned into the religion, it was used against them, much like the communist religion was used against the people of the USSR. And now they have been robbed of their prosperity, of the value of their efforts, much like the people in the USSR were robbed.
Nice read but we also have democracy to prevent things but it still feels effectively hi-jacked by such fictional constructs like capitalism and the lobbying power
Theoretically we should be able to think of the majorities or ourselves and we can have a good system
but we also feel like a lack of choice I suppose, the elections feel between just two parties with choosing the lesser evil (I think zohran is cool tho in the democratic party and maybe he could signify some good things I guess)
Personally I feel like we need to focus more on the incentives and competency of people more than anything and try to vote it on that and not what they speak I suppose.
We don't have democracy because the people with the most money can use a century of learning how to manipulate people through mass propaganda, advertising, pr, spin to get the results they want. People don't form political opinions in a vacuum, they are formed by the messages they receive.
'Both capitalism and its nemesis arose in the mid 1900s, when humanity was obsessed with modernist thinking about "solving problems once and for all". And in that context, the people fell in love with these two "clean systems". A more perfect set of rules.'
All of this is junk. Karl Polanyi famously puts the birth of capitalism very late compared to other important thinkers, in 1834, by defining it as characterised by markets of fictitious commodities, i.e. stuff like labour, land, money. More mainstream would be to point to the Renaissance or british 16th century.
The idea that capitalism and communism would be dependent on an art movement of the early 20th century is quite bizarre, the Communist Manifesto was published in 1848 and by the late 19th century when modernism started to form unions and communist parties were already common.
Actually, modernism is a reaction to the apparent stalling of 'progress', WWI and nostalgia for the optimism of the early modern period. I.e. from 1500 to late 1800s. In part it was also a reaction to what is usually called modern physics, i.e. things like newtonianism and ether hypotheses breaking down in due to Michelson-Morley and early study of quantum phenomena, relativity and so on.
This all started, in earnest, with Response Policy Zones being added to BIND. RPZ allow DNS resolvers to lie to clients by returning (nxdomain or redirects to other domains) and the client does not know it is being lied to.
https://www.isc.org/docs/BIND_RPZ.pdf
At first, RPZ was used to block known malicious domains (drive by malware downloads, etc.). Then, the security weenies started using RPZ to block other things like TikTok (for administrative/legal reasons). That's when the DNS became a big lie.
I guess some day, one political party will use it to block the websites of other political parties, etc. That's stupid to say (I know) but that seems to be the slippery slope we are sliding down.
I've increasingly taken the attitude that digital media is simply lost to corporate interests and there's nothing we can do about it aside from not spending money or time on the internet.
No, "not spending money or time" is utterly worthless.
It has zero leverage. Even if you could convince 1 person in 1000 to do that, you'd represent 0.1%. And that "1 in 1000" is hopelessly optimistic as it is.
If you want to change the world, "individual action" should be at the very last place in your list of actions to take.
>If you want to change the world, "individual action" should be at the very last place in your list of actions to take.
The heliocentric model began with one person out of the entire population of earth having the courage to publicly, loudly, and assertively disagree with TPTB.
Presuming you're talking Europe only, are you talking Copernicus? Brahe? Kepler? Galileo? You know that the heliocentric model had been discussed 2000 years earlier in Europe.
Re: "Cisco has decided to leave france": (https://web.archive.org/web/20250614052849/https://support.o...)
It's laudable that Quad9 want to fight censorship, but they too could block French requests in this way. Maybe redirect to an HTTP/HTTPS IP that tells users about the issue and gives them contacts to their government representatives?Hoping the HN DNS savvy reading this can help me understand a Quad9 thing I ran into. I was debugging (as in scratching my head) a bank website login problem and ended up doing some DNS checks against their domain, usual stuff, while using Quad9 as my DNS provider.
While testing, I was using Google and Cloudflare as well, and started noticing something - Quad9 does not return all A records listed for a domain, the same way Google/Cloudflare do.
This gave me a weird feeling; I get there's a lot of DNS geo magic and 8.8/1.1 serve 2 different subnets, and 9.9 a third. But... where did the other 5 expected IPs from Quad9 get off to?I see a single IP for all 3
While I'm here: Google uses edns0 client subnet to geo target your client IP.
Try a dig -t txt o-o.myaddr.l.google.com @8.8.8.8 vs the others to see the src IP of the packet sent to Google's DNS server, and any edns0 info that came along with it.
Have you tested it with a static domain with multiple IPs?
Using google is bad way to test this scenario, since they use EDNS and many other DNS load balancing methods to distribute the load.
I used quad9 as the primary upstream DNS for my home. about 11 days ago I wasn't able to send any query to quad9, kinda blocking. Their status page was green I suspected my ip was blocked. Now I'm on quad1 :(
interestingly, i only get one IP from each command:
$ dig -t A google.com @8.8.8.8 +short
142.250.184.206
$ dig -t A google.com @1.1.1.1 +short
216.58.206.46
$ dig -t A google.com @9.9.9.9 +short
142.250.185.238
I'm sure geo has something to do with it - my connections generally terminate in Austin, TX but it varies around Central US. I have T-Mobile Home Internet and our IPs show up to remotes under the same general ASNs as the traditional mobile network (big huge CGNAT, my IP can change 5 times a day or whatnot and it doesn't reflect where I actually am located).
Edit: in case useful to someone reading, right now I have an IP assigned out of this block:
Edit edit: in the network record is a link to the self-reported geo data, I missed that.Isn't that because Quad9 does (more) filtering than the other two?
I actually do (did, I demoted it for now) use the unfiltered service (9.9.9.10) but find the same result on both, so I used .9 here to keep the chat more streamlined. But, could still be relevant somehow?
Does anyone use Mullvad DNS servers? https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#... I found them more acceptable.
Didn't know they have publicly available DNS servers. Thanks.
I've also started using/testing the DNS4EU servers: https://www.joindns4.eu/
I have had nothing but problems with their DNS service. Outages what feels like a daily basis.
But the VPN itself is great!
Kind of wild that we're approaching a decentralized internet not for the virtue of decentralization, but because of insane authoritarian censorship.
Many ISPs in Germany have stopped fighting this fight as well and sadly have now even started to self-censor their DNS servers.[1]
[1] https://cuii.info/en
In Japan the PM's office once considered to block online piracy websites[1] with DNS in 2018. Japanese tech community fought against it[2][3][4] and it wasn't implemented.
The telco authority currently considers to block online casino websites[5] (gambling is illegal in Japan).
[1] https://www.kantei.go.jp/jp/singi/titeki2/tyousakai/kensho_h... [2] https://www.nic.ad.jp/ja/topics/2018/20180625-01.html [3] https://www.wide.ad.jp/News/2018/20180912.html [4] https://www.nic.ad.jp/ja/materials/iw/2018/proceedings/d3/d3... [5] https://www.soumu.go.jp/main_sosiki/kenkyu/online_casino/ind...
More people should run their own recursive resolvers with unbound. There’s no need to rely on centralized DNS anymore.
Seems like a great use case for Pi-hole to add include lists - have files with lists of DNS entries that are delisted in some areas. Of course a VPN is probably more beneficial in general though.
Isn't this putting unsustainable load on the root servers?(on the scenario that many people do that)
If we are talking about the actually root servers, there are 13 redundant names spread out (thanks to anycast) on around 1700 servers located around the world, and the lookup a user would do is cached for 2 days. That mean the highest amount of traffic a system will generate is one request per unique TLD (like .com) per 2 days, and it will fit a single UDP package.
We can then do some guesses about size for questions like "what is the nameservers for .com". Those are a bit larger than most dns queries since the answer is a bit bigger than most, since .com has a lot of nameservers, so lets put it down to 800 bytes. Every 2 day a average use might then, using some guessing, generate maybe 10 kb of traffic, or about 0.015 seconds of watching a 1080p video on youtube.
Everyone used to query the root servers directly from their ISP or corporate edge servers until the big platforms wanted to gather more of everyone's data in the name of "keeping people safe" from "bad ISP's". As with any manipulation campaign there are a few incidents corporate propagandists can site to say, "See! We are protecting you!!" forcing people to debate the issue and knowing the majority will accept the default settings.
The root Anycast clusters are absolutely designed to handle the entire internet querying them which I do from Unbound. If one wishes to help reduce load they can enable large memory caches and rewrite min-ttl to something sane to protect the root servers from Amazon EC2's default 5 second ttl and others like them. Blocking known spam and tracking domains also helps reduce the total number of queries. Groups of friends can even further reduce the load by setting up their own DoH/DoT servers using Unbound DNS and sharing the cache and using cron to keep their favorite domains hot in the cache and increasing private by making the crond queries from a VPS node.
Here's my cache stats for a 3 day uptime:
Memory usage:https://datatracker.ietf.org/doc/html/rfc8806
Abstract
Some DNS recursive resolvers have longer-than-desired round-trip times to the closest DNS root server; those resolvers may have difficulty getting responses from the root servers, such as during a network attack. Some DNS recursive resolver operators want to prevent snooping by third parties of requests sent to DNS root servers. In both cases, resolvers can greatly decrease the round-trip time and prevent observation of requests by serving a copy of the full root zone on the same server, such as on a loopback address or in the resolver software. This document shows how to start and maintain such a copy of the root zone that does not cause problems for other users of the DNS, at the cost of adding some operational fragility for the operator.
This document obsoletes RFC 7706.
RFC 7706. Even has config file examples.
> have now even started
This has been the case for a very long time. Back when TBP was popular this was already the case.
This is also why it is important for Switzerland to not sign the deal with the EU next year. The 8k+ page deal would also require Switzerland to pull the line with EU regulation regarding copyright. The freedom we have right now to download would fall away. Doesn't matter if you are left or right, the deal is bad for all of us.
Going after DNS resolvers seems like the easy win. If a website was breaking the law so egregiously then take it to ICANN to get the domain name seized. I'd wager that's a much harder thing to prove, hence the strong arming of DNS resolvers.
Seizing a domain name via ICANN has to be global, as I understand it, while a website might have only broken some nations laws.
If the UK government wants to ban porn but loves gambling, while the US wants to ban gambling but loves porn, a blocking mechanism that lets them have different blocklists allows both nations to get the censorship their voters have chosen.
Does Quad9 run a resolver with DNSSEC but without "malware" blocking? So far I've had multiple instances (twice for a torrent tracker, once for gist.github.com) where they blocked a non-malware domain for a short while, which is really annoying to deal with.
Unfortunately no, they run 9.9.9.10, which is without "malware" blocking and without DNSSEC.
Would the root DNS servers ever get modified or censored as a result of court action?
My thoughts were that DNS-level censorship is essentially a dead end because the root servers are sacrosanct, and there will always be secondary DNS servers to query, who then use the root servers.
Sucks for DNS providers in authoritarian countries though.
I suspect the US would push back on this unless they were the ones doing the censoring. So far the US has not opened that door with DNS; it’s important to make sure that the door stays closed, as this would create chaos and major fragmentation.
In the meantime it might be worthwhile to develop alternatives, like some kind of DNS-over-Tor or DNS-over-DHT scheme, along with normalizing Tor onion services as an alternative access method for clearnet sites.
Yes, some kind of alternative DNS system where domain assignment is authenticated using some kind of distributed system of ownership consensus! If only such a thing has existed for years already and was well tested and performant...
https://www.kraken.com/learn/what-is-ethereum-name-service-e...
All the things that crypto true believers believed would happen are slowly coming to pass. It wasn't all bored apes and gambling. There was some legitimate developing going on, and still is.
After the Samourai case, you shouldn’t be so confident in cryptocurrency-based solutions for things like this. If devs can somehow stay anonymous and out of reach, maybe.
I’m not ideologically against cryptocurrency-based solutions, but it isn’t a magic bullet by any means. I still think that the EU in particular isn’t done making life difficult for crypto users.
Not to discourage projects like ENS, I think it’s good to have alternatives, but I do think we need noncommercial fallbacks to the current system as well. Anything involving money will always have choke points.
The root DNS servers basically only tell you where the registry servers are, they don't contain records themselves. If someone censored a domain at the registry level then the root servers would be no help
This is true but I can imagine where they might go after the lowest reachable branch of the tree, up to threatening to remove country-level TLDs from the root servers for noncompliance. Only the US really has the leverage to do this, and it would just fragment the internet, as additional root servers would pop up to serve the missing TLDs. So it’s unlikely but possible.
> “At what point does legal compliance become de facto censorship?”
I genuinely agree with this statement a lot. Also another aspect of this is that the bigger companies can somehow "legally" do things which I don't think would work but they have so many resources to strech the court case for a long time.
And the fact is that even after that, even if they are fined for some dollars. They are more than likely to just pay than try to actually fix the core issues which effects everyone harmfully except the company.
All for profit smh. I sometimes wonder if there is a word for this phenomenon for how our system has gotten into such a rotten state from lobbying to this yet at the same time genuine non profits get existential threats for the same behaviour but they simply don't have the funds...
> Also another aspect of this is that the bigger companies can somehow "legally" do things which I don't think would work but they have so many resources to strech the court case for a long time.
A big part of this impression is that people very often very much underestimate what they can get away with, whereas big companies have lawyers to tell them ”oh yeah you can totally do this”.
Of course there are some exceptions. Uber and AirBnB are probably decent ones, in some jurisdictions anyway.
I find it amusing that it's always the governments fault. Or the users fault.
It's never the fault of the trillion dollar industries that are millions of times more powerful than any individual.
Our system get gotten into a rotten state because a tiny number of modern barons have all the power, and none of the civic responsibility. Concentration of money - when money is power, is the same as concentration of power.
What is always the governments fault?
> if there is a word for this phenomenon for how our system has gotten into such a rotten stat
There is, it's the system's name: Capitalism
Noone ever in the universe claimed that this system serves primarily the needs of humans. It serves profit. Now there is a ven diagram that has a union area between profits and needs, but the system does not care about making this union bigger, it cares about making the profits bigger. When that overlaps with needs... it is just a happy side effect.
I tend to agree with this sentiment, but my takeaway is slightly different.
People who would describe themselves as supporters of "capitalism", as well as supporters of "communism" or "socialism", are not able to admit that their belief systems are actually religious in structure. Not spiritual perhaps, but effectively "secular religions".
Both capitalism and its nemesis arose in the mid 1900s, when humanity was obsessed with modernist thinking about "solving problems once and for all". And in that context, the people fell in love with these two "clean systems". A more perfect set of rules.
Sure, capitalism doesn't claim to be the most powerful god. But in surrogacy, it claims to be "the least imperfect system". Which is structurally the same claim: declaring the scripture to be some apex that is not surpassable.
The main difference between communism and capitalism was how it was implemented. The USSR went full-tilt ideologically rigid, and collapsed very quickly. The US didn't go full-tilt capitalism. It implemented a hybrid system with a high marginal tax, welfare programs, subsidies, labour unions, public works projects, along with a market system, and that hybrid non-ideologically rigid model served it well.
Around the time it was clear the USSR was collapsing, the USA went hard tilt in favour of ideological purity in capitalism. Systematic series of clawbacks in the tax regime, privatization, elimination of labour unions.
As they leaned into the religion, it was used against them, much like the communist religion was used against the people of the USSR. And now they have been robbed of their prosperity, of the value of their efforts, much like the people in the USSR were robbed.
Nice read but we also have democracy to prevent things but it still feels effectively hi-jacked by such fictional constructs like capitalism and the lobbying power
Theoretically we should be able to think of the majorities or ourselves and we can have a good system
but we also feel like a lack of choice I suppose, the elections feel between just two parties with choosing the lesser evil (I think zohran is cool tho in the democratic party and maybe he could signify some good things I guess)
Personally I feel like we need to focus more on the incentives and competency of people more than anything and try to vote it on that and not what they speak I suppose.
We don't have democracy because the people with the most money can use a century of learning how to manipulate people through mass propaganda, advertising, pr, spin to get the results they want. People don't form political opinions in a vacuum, they are formed by the messages they receive.
'Both capitalism and its nemesis arose in the mid 1900s, when humanity was obsessed with modernist thinking about "solving problems once and for all". And in that context, the people fell in love with these two "clean systems". A more perfect set of rules.'
All of this is junk. Karl Polanyi famously puts the birth of capitalism very late compared to other important thinkers, in 1834, by defining it as characterised by markets of fictitious commodities, i.e. stuff like labour, land, money. More mainstream would be to point to the Renaissance or british 16th century.
The idea that capitalism and communism would be dependent on an art movement of the early 20th century is quite bizarre, the Communist Manifesto was published in 1848 and by the late 19th century when modernism started to form unions and communist parties were already common.
Actually, modernism is a reaction to the apparent stalling of 'progress', WWI and nostalgia for the optimism of the early modern period. I.e. from 1500 to late 1800s. In part it was also a reaction to what is usually called modern physics, i.e. things like newtonianism and ether hypotheses breaking down in due to Michelson-Morley and early study of quantum phenomena, relativity and so on.
This all started, in earnest, with Response Policy Zones being added to BIND. RPZ allow DNS resolvers to lie to clients by returning (nxdomain or redirects to other domains) and the client does not know it is being lied to.
At first, RPZ was used to block known malicious domains (drive by malware downloads, etc.). Then, the security weenies started using RPZ to block other things like TikTok (for administrative/legal reasons). That's when the DNS became a big lie.I guess some day, one political party will use it to block the websites of other political parties, etc. That's stupid to say (I know) but that seems to be the slippery slope we are sliding down.
I've increasingly taken the attitude that digital media is simply lost to corporate interests and there's nothing we can do about it aside from not spending money or time on the internet.
No, "not spending money or time" is utterly worthless.
It has zero leverage. Even if you could convince 1 person in 1000 to do that, you'd represent 0.1%. And that "1 in 1000" is hopelessly optimistic as it is.
If you want to change the world, "individual action" should be at the very last place in your list of actions to take.
>If you want to change the world, "individual action" should be at the very last place in your list of actions to take.
The heliocentric model began with one person out of the entire population of earth having the courage to publicly, loudly, and assertively disagree with TPTB.
Guessing this might be interpreted by some as a reference to Galileo so I'll take the opportunity to mention Against Method.
https://en.wikipedia.org/wiki/Against_Method
Presuming you're talking Europe only, are you talking Copernicus? Brahe? Kepler? Galileo? You know that the heliocentric model had been discussed 2000 years earlier in Europe.
Another side effect of law makers yoloing legislation on things they don’t seem to understand