dug VS thegreatsuspender

Just joined the sub after coming across it dozens of times while learning things to help my homelab. My first post is a shameless plug for a CLI tool I made that quickly helps users get an idea of how much their DNS has propagated. I use it all the time for my self hosted stuff (recently when i was playing with external-dns) and wanted to share to see if it can help anyone else. https://dug.unfrl.com https://github.com/unfrl/dug

For people who want to understand, learn about, or stay on top of their, DNS check out dug. Its a cli tool I made to help visualize DNS propagation but is a great learning tool.

https://github.com/unfrl/dug

https://dug.unfrl.com

Good article, totally correct that that is how to definitely 100% get the correct answer.

The bottom of the article, with 'other ways' got me thinking that another way to get what is very probably the correct answer is asking a bunch of other DNS servers what they think the correct answer is.

Using dug (https://github.com/unfrl/dug) like: dug -q NS jvns.ca

Gotta post this every time theres a big DNS issue, which seems daily now.

Check out Dug! Its a global DNS propagation/monitoring toolon the CLI: https://github.com/unfrl/dug/

This release is primarily focused on the 'Watch' feature (-w, --watch) which allows users to monitor their DNS propagation in realtime.

https://github.com/unfrl/dug

Happened in (2021)[https://github.com/greatsuspender/thegreatsuspender/issues/1...], and then a few others have forked the extension and tried to revive it, only to eventually sell to nefarious owners or sell user data themselves

I went to github and downloaded the last known "good version, installed it manually."

You want someone to die for disabling a potentially malicious extension that is unmantained since 2020?

Also if you want to read up on the removal of the app and the malware issues this post goes over it as well as other recovery options

Similar code projects have had issues like this before, like the open source Great Suspender.

What can happen after a project changes hands - https://github.com/greatsuspender/thegreatsuspender/issues/1263

Better link https://github.com/greatsuspender/thegreatsuspender/issues/1...

> TLDR: The old maintainer appears to have sold the extension to parties unknown, who have malicious intent to exploit the users of this extension in advertising fraud, tracking, and more. In v7.1.8 of the extension (published to the web store but NOT to GitHub), arbitrary code was executed from a remote server, which appeared to be used to commit a variety of tracking and fraud actions. After Microsoft removed it from Edge for malware, v7.1.9 was created without this code: that has been the code distributed by the web store since November, and it does not appear to load the compromised script. However, the malicious maintainer remains in control, however, and can introduce an update at any time. It further appears that, while v7.1.9 was what was listed on the store, those who had the hostile v7.1.8 installed did NOT automatically receive the malware-removing update, and continued running the hostile code until Google force-disabled the extension.

For what it is worth, you may have heard of the Great Suspender incident (https://github.com/greatsuspender/thegreatsuspender/issues/1263). It was used by millions, and was also open source on GitHub, but it could still end up becoming malicious.

Long ass comment: That is not true for the most part. While the increased amount of individuals working of an OSS project may lead to better vulnerability detection according to both parties of the closed-source/proprietary debate, it doesn't lead to a massively more secure software overall. Not all reviewers have the similar experience or expertise and, because of it, not everyone will be able to review, identify or patch any flaws or vulnerability of a specific software since it may require other skills beyond just basic programming skills such as network or cryptographic skills. [1] Some even suggested that the large number of users contributing to the project can lead people "into a false sense of security." [2] Overall, some papers conclude that being an open source software or a proprietary software isn't an important factor for security and suggest considering other factors, such as the particular vendor/maintainer that controls the entire process. [3] After all, what if the maintainer decides to sabotage their own code? What if the project was sold to another maintainer for its own shaddy needs?

If you're referring to The Great Suspender, that extension was bought by an advertising company earlier this year. I'm using the last good version (github) though.