<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
Hi all,<br>
<br>
Since I brought up OpenDNS, even though I'm a user and a fan, I should
point out some limitations. About 10%, as a rough guestimate, of the
ugly stuff will sneak through the filter. The purveyers of junk bring
up new sites too fast for everything to be in the database. Do not
assume your kids will be totally prevented from getting to any and all
"insert bad category" stuff.<br>
<br>
Also, if your kid knows how to do any of the following, he / she can
bypass the filter: choose an alternate dns server on the pc, use a
proxy / anonymizer (although you can filter that category), browse by
ip alone without dns, start up a vpn, take their laptop / smartphone to
a friend's house or hotspot or step parent's house. Anything that
bypasses the use of the OpenDNS servers or changes their public ip
bypasses the filter. I have wished in the past that I could tie the
filter to a specific pc, but OpenDNS does not provide that as far as I
know.<br>
<br>
Internet Explorer provides some built in content filtering options,
which can tie into things like NetNanny (I think), but I've never used
it. Firefox doesn't provide any of that natively that I'm aware of,
but there may be plugins for it.<br>
<br>
I have links to a couple of Christian sites related these topics I
could try to dig up if anyone wants.<br>
<br>
Note that, even if they cannot easily access "uglyjunk.com" because of
OpenDNS, they can see links to it in google and bing, and in the latter
case, with live video coming though bing. The child's pc need not ever
visit "uglyjunk.com" to see some of its content, albeit with smaller
pictures.<br>
<br>
You can make things harder to bypass by putting the OpenDNS servers in
your router settings. Then, any pc which just uses basic dhcp to get
it's ip and dns will pick that up from the router. But, that does not
prevent the pc from querying another dns server directly if it wants
to. If the pc can get an ip for "uglyjunk.com", it can still visit the
site.<br>
<br>
I have heard that you can get hosts files of preconfigured blacklist
sites, then the computer is just directed to nowhere when they try to
get those sites, before even querying the dns. I've never used that
though.<br>
<br>
The service also depends on linking your public ip to your account.
That's why going to a hotspot bypasses the filter. They'll have a
different public ip which is not linked to your account. Even if the
pc was set to use the OpenDNS servers, your personal filter settings
would not be in affect. You would still get phishing protection though.<br>
<br>
Since your public ip is subject to change periodically when your cable
/ dsl modem resets, you need to run a small utility, which I run in
Windows, to link your current public ip with your account and filter
settings. You'll have to check on whether they have a linux utility,
but they probably do. When your ip changes, if the utility runs, the
OpenDNS servers get set to respond to the new ip. If your ip setting
utility doesn't run for a few days, then your filters won't be in
affect for a few days if your ip has changed.<br>
<br>
I do NOT recommend running the ip setting utility on the child's
computer. Here's why. Let's say you did that. They go to starbucks.
They login, then the ip utility links STARBUCKS public ip to YOUR
filter account. Your child would then be subject to your filters, but
so would EVERYONE ELSE in starbucks. That might cause some problems.
This would remain in effect until your child logged into another
network and got another public ip.<br>
<br>
Because ip's change, the system occasionally gets confused as to which
account owns which ip. This is rare, but, for example, let's say there
is a disruption at the isp and all the cable modems get reset. You may
end up with what was someone else's public ip and they may end up with
yours. It may take a little while for the ip setting utilities to set
everything straight. So, the possibility does exist that they could
see stuff in their account logs on OpenDNS that came from you and you
could see theirs.<br>
<br>
One other slight disadvantage of the OpenDNS system is that all pc's in
the house with the same public ip will have the same filters. You
could always active a vpn or proxy on your own pc though and bypass
your own filter.<br>
<br>
Despite these limitations, I found the service extremely useful and
wouldn't want to be without it with a child in the house. You could
gang other technologies on top of this, if you wish. I still have it
active, even though my child has moved out, to filter out rubbish that
I might hit accidentally.<br>
<br>
This is slightly off topic to the original question, but I'd consider a
certain amount of monitoring of my kid's communications online. Chat,
email, facebook, whatever. How much is up to you. I'd also set rules
on who it was appropriate to communicate with. Again, up to personal
discretion. You can get books about how to deal with these issues.<br>
<br>
Sincerely,<br>
<br>
Ron<br>
<br>
<br>
On 7/14/2013 8:09 PM, Doug Hall wrote:
<blockquote
cite="mid:CAJ+1ZCHG+6mk8JLpzQq+7r+Pf_X4TSgWJ_4=v80qrD6be_bjgQ@mail.gmail.com"
type="cite">
<div dir="ltr">27" iMac is sweet. But I agree with Ron. There's no
reason to buy ANYTHING if you use OpenDNS to filter content. I'm very
satisfied with the free service. Okay, maybe paranoia is a reason. I
wouldn't be surprised to know that OpenDNS is releasing records to the
NSA. But then again, so could your current ISP.</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Sun, Jul 14, 2013 at 5:03 PM, Jerald
Sheets <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:questy@gmail.com" target="_blank">questy@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div dir="auto">
<div>I do. It's a slamming 27" iMac. :)
<div class="im"><br>
<br>
<div>Jerald Sheets</div>
Sent from my iPhone5</div>
</div>
<div>
<div class="h5">
<div><br>
On Jul 13, 2013, at 10:20 PM, Jim Kinney <<a moz-do-not-send="true"
href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<div dir="ltr">
<div>Jerald, you're missing the entire point: Upgrade _your_
machine and give the old one to the young-uns. Put squid-guard on it
and provide a pile of bookmarks they are interested in. <br>
<br>
</div>
<div>:-)<br>
</div>
<div><br>
</div>
<div>House Rule: Dad ALWAYS has the best hardware unless someone
else is paying for it.<br>
</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Sat, Jul 13, 2013 at 10:00 PM, Neal
Rhodes <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:neal@mnopltd.com" target="_blank">neal@mnopltd.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
I would think you could look for off-lease "no-os" refurb units on
TigerDirect for maybe $100. <br>
<div>
<div><br>
On Sat, 2013-07-13 at 21:22 -0400, Jerald Sheets wrote:
<blockquote type="CITE">
<pre>Hi all.
I've come to the point where my next generation o little ones will be going online, and I'm going to build me a content filtering firewall. (Ipcop)
Thing is, I don't have any old hardware and need to get something, but anything I would buy in a store would be overkill.
I'm looking for something P3 or later, mid tower with one drive bay is fine and 4-8G of memory.
Anyone have anything like that you'd like to unload?
Jerald Sheets
Sent from my iPhone5
_______________________________________________
Ale mailing list
<a moz-do-not-send="true" href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a>
<a moz-do-not-send="true"
href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a>
See JOBS, ANNOUNCE and SCHOOLS lists at
<a moz-do-not-send="true" href="http://mail.ale.org/mailman/listinfo"
target="_blank">http://mail.ale.org/mailman/listinfo</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a moz-do-not-send="true" href="mailto:Ale@ale.org"
target="_blank">Ale@ale.org</a><br>
<a moz-do-not-send="true"
href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a moz-do-not-send="true"
href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
-- <br>
James P. Kinney III<br>
<i><i><i><i><br>
</i></i></i>Every time you stop a school, you will have to build
a jail. What you gain at one end you lose at the other. It's like
feeding a dog on his own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br>
<i><i><i><i><br>
<a moz-do-not-send="true" href="http://electjimkinney.org"
target="_blank">http://electjimkinney.org</a><br>
<a moz-do-not-send="true"
href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br>
</i></i></i>
</i></i></div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
(PS - If you email me and don't get a quick response, you might want to
call on the phone. I get about 300 emails per day from alternate energy
mailing lists and such. I don't always see new email messages very quickly.)
Ron Frazier
770-205-9422 (O) Leave a message.
linuxdude AT techstarship.com
Litecoin: LZzAJu9rZEWzALxDhAHnWLRvybVAVgwTh3
Bitcoin: 15s3aLVsxm8EuQvT8gUDw3RWqvuY9hPGUU
</pre>
</body>
</html>