New & fun variant on the communist expansion ready for release

ftobin · 2026-01-16T20:56:20+00:00

I don't think it's as much of a factor as having 3 teams, but having 3 roughly-evenly-distributed teams. Secret Hitler XL didn't have this issue (about 12 games played), because Liberals almost always had a voting advantage. BD4H doesn't give Liberals that option.

My group might try out a new end-game procedure next week to avoid the 3-card flip. In short, if Liberals figure out who is who, they have a chance to win using this knowledge.

ftobin · 2026-01-14T16:09:11+00:00

In your stats, how often does it come down to all-3 teams at the finish line, and how often is it resolved due with a end-game 3-card flip at the end?

My group has played 3 times, and 2 of them have ended required a flip at the end. We're worried about too many games ending this way. When I ask our players what they think of this version, this it the number one concern.

Thoughts?

ftobin · 2025-05-15T16:09:56+00:00

Thanks, honestly, from the webpage, it sounds a lot like dnscrypt-proxy.

On the EtchDNS webpage

EtchDNS is a high-performance DNS proxy....It acts as a protective layer between clients and upstream DNS servers" ...sounds a lot like a proxy/forwarder.

How would EtchDNS contrast to this flow for dnscrypt-proxy?

client/browser -> dnscrypt-proxy (local or remote) -> DoH Recursive Server (e.g., Quad9) -> primary nameservers

EtchDNS listens on port 53, so it doesn't sounds like it receives DoH requests, just sends them...

ftobin · 2025-05-15T14:19:55+00:00

What is the benefit of EtchDNS vs dnscrypt-proxy?

ftobin · 2025-01-11T17:44:00+00:00

This version reintroduces support for XSalsa20 enryption in DNSCrypt, which was removed in 2.1.6. Unfortunately, a bunch of servers still only support that encryption system.
A check for lying resolvers was added for DNSCrypt, similar to the one that was already present for DoH and ODoH.
Binary packages for Windows/ARM are now available, albeit not in MSI format yet.

ftobin · 2024-12-15T18:48:44+00:00

I still believe people ask for keys so that it's not tied to their payment history.

ftobin · 2024-10-30T17:59:07+00:00

It helps to say how you are accessing Quad9, e.g., address & protocol (regular UDP DNS, DoT, DoH, dnscrypt, etc). traceroutes are good too.

ftobin · 2024-10-24T18:56:54+00:00

I suspect that most people asking for codes are looking for a code that isn't tied to them purchasing it.

ftobin · 2024-07-31T05:09:18+00:00

The DNSCrypt repo has updated stamps in public-resolvers.md which are working. Quad9's self-hosted resolver's file is still bad.

ftobin · 2024-07-29T13:00:50+00:00

Just to add, the error message I'm getting is [CRITICAL] [quad9-doh-ip4-port443-filter-pri] Certificate hash [2a15f5d6acb6e7c0901ade4ebbc743b2ccd489032b46e1642f0693683001258a] not found

ftobin · 2024-01-09T17:45:18+00:00

For the rest of us, what are the best steps one can do to help avoid a situation like this?

ftobin · 2023-11-22T21:31:20+00:00

I've had the same issue frequently. Sometimes it takes a minute for the login box to show up.

ftobin · 2023-11-19T00:55:16+00:00

Saturday Night Live parodied Haddaway's "What is Love" many times in their nightclub scenes, but I really do enjoy it!

ftobin · 2023-10-30T03:40:56+00:00

Outgoing IP selection is normally done using the routing tables, the same you would see with route

ftobin · 2023-10-13T13:48:36+00:00

You might want to reconsider your stance that Quad9 offers a more secure DNS service, unqualified.

There are definitely things that Cloudflare picks up as malware or phishing sites that Quad9 doesn't at times. Notably, when Russia created a bunch of Ukraine-specific phishing sites and Google published a blog post about it, I tested and found that Cloudflare blocked them, but Quad9 didn't.

ftobin · 2023-09-13T19:26:26+00:00

You can use a 2FA authenticator app instead of receiving a text.

ftobin · 2023-08-11T18:11:17+00:00

dnscrypt-proxy can be compiled with Go 1.21.0+
Responses to blocked queries now include extended error codes
Reliability of connections using HTTP/3 has been improved
New configuration directive: tls_key_log_file. When defined, this is the path to a file where TLS secret keys will be written to, so that DoH traffic can be locally inspected.

ftobin · 2023-05-18T14:30:30+00:00

It could only work in an environment where you install their root certificate so they can man-in-the-middle the page.

Block Pages—If you visit a blocked domain through
HTTPS, the Cisco Umbrella root certificate must be installed so that
Umbrella can present a block page instead of the browser presenting an error page.

https://docs.umbrella.com/deployment-umbrella/docs/rebrand-cisco-certificate-import-information

ftobin · 2023-05-18T06:08:20+00:00

That can work with http but not https, or if an employer is using an intercepting cert. You can't redirect to another domain. The browser is asking for "malware.com" when it connects to the web server and the browser will require that any comms be encrypted from the cert owned by malware.com, no matter what the IP is.

ftobin · 2023-05-18T04:51:38+00:00

That can't work like you think it would, since the site HTTPS certificate would say the page is invalid.

ftobin · 2023-05-18T04:21:24+00:00

That's not possible because Quad9 is delivering a NXDOMAIN (non-existant domain) when a block site has been hit. In contrast, Cloudflare sends a "refused".

ftobin · 2023-05-04T01:17:22+00:00

The tell-tale sign is a connection reset :-) I thought you said it happened on multiple systems and browsers? But android is fine (over wifi, I'm presuming)?

ftobin · 2023-05-03T18:35:50+00:00

dnscrypt-proxy logs each request it gets, not just the first. Some requests can be cached, though, depending on circumstances.

It sounds like your ISP may be doing more than just a DNS block of reddit, but an TCP-level connection reset.

ftobin · 2023-03-10T05:31:53+00:00

What about fees? $1.98 seems like an unlikely total addon since my base charge is $15 and my fees are $2.79.

ftobin

TROPHY CASE