Menu
What's new
By:
Filters Better Search

pixelserv pixelserv - A Better One-pixel Webserver for Adblock

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

brec said:
We're off-topic, so if there's anything wrong with this please point me at another thread: each of my two AC86Us has a LAN-only OpenVPN server to allow my remote access to it, and the .OVPN files are identical -- same keys -- except for the "remote" field, i.e., DDNS domain name specific to that router.
Click to expand...
Slightly off topic, yes, but in the same spirit as what @thelonelycoder was pointing out. If you have two 86Us each with diversion/pixelserv running, it is convenient to generate one certificate and use it for both. My experience with Chromebooks is that importing two certificates with the same name will cause the first to be overwritten. I have one 86U with two servers running, and they would otherwise have two different certs, so I have to copy them over so that I can connect to either using the same certificate. I think your experience must be similar, in that with a Chromebook if your cert was different you could only connect to one of the LANs.
 
OK, if I understand correctly, I'm all set even though there are currently no Chromebooks in my life. I am using the same cert on both AC86Us for pixelserv-tls, and the same cert on both for OpenVPN server.
 
brec said:
OK, if I understand correctly, I'm all set even though there are currently no Chromebooks in my life. I am using the same cert on both AC86Us for pixelserv-tls, and the same cert on both for OpenVPN server.
Click to expand...
That's my view, except for the part about no Chromebooks. Off topic, I say that 7 days without power or internet and just back.
 
On my mobile phone, I now get the net:err_cert_validity_too_long error with a chromium 85 browser. Can we get a configurable cert validity length option?
 
blaatschaap said:
On my mobile phone, I now get the net:err_cert_validity_too_long error with a chromium 85 browser. Can we get a configurable cert validity length option?
Click to expand...
Have you recreated your cert? Any cert trying to go over 39 months will cause this.
 
QuikSilver said:
Have you recreated your cert? Any cert trying to go over 39 months will cause this.
Click to expand...
Since September 1 it's now down to 13 months. Apple started it. Google and Mozilla followed.

www.bleepingcomputer.com

Mozilla reduces TLS certificate lifespan to 1 year in September

Mozilla has officially announced that starting September 1st, 2020, they will no longer consider any newly issued certificates with a lifespan greater than 398 days, or a little over one year, as valid.
www.bleepingcomputer.com www.bleepingcomputer.com
 
dave14305 said:
Since September 1 it's now down to 13 months. Apple started it. Google and Mozilla followed.

www.bleepingcomputer.com

Mozilla reduces TLS certificate lifespan to 1 year in September

Mozilla has officially announced that starting September 1st, 2020, they will no longer consider any newly issued certificates with a lifespan greater than 398 days, or a little over one year, as valid.
www.bleepingcomputer.com www.bleepingcomputer.com
Click to expand...
Thats what I get for "googling" the error and clicking first URL...from 2017. :oops:
 
QuikSilver said:
Thats what I get for "googling" the error and clicking first URL...from 2017. :oops:
Click to expand...
I wonder if this change will bring back @kvic for another update. Or if Jack will spring into action to save the day like last time. I suppose this only affects newly-generated pixelserv certs generated after Sep 1, so don't go clearing your certs unnecessarily!
 
^^^ 99% of computer users have NO CLUE about certificates, what they enable or how powerful they are when in the wrong hands. We might as well get used to regenerating these yearly to stay ahead of this mess.. Apple is creating. While I understand the reasoning, it's going to cost a pretty $$$. Just maintaining cert generation at large companies will be a full-time job - especially since most do not like to use "wildcard" certs due to their own security rules. All those devices.. wow.. makes my head really ache.

Jack if you do "spring into action", 12 months should become the default for all the AMTM tooling. Just my .02. If the community decides it's time to sunset PixelServlTLS then that's OK too. I think the community should determine how effective it will be and how many people will actually re-gen certs properly yearly now.
 
Last edited:
Or maybe it's time to retire pixelserv-TLS?

I used to be a big proponent of using pixelserv-TLS, and defended its use over the spring/summer in the Diversion thread. I even tried to help a few people creating exemptions so that apps like "Amazon" would work on their mobile devices. (if you route certain problematic domains to 0.0.0.0 instead of the pixelserv IP, you can get the Amazon app to work properly, for the most part).

HOWEVER:

I spent the last 3 weeks with pixelserv-TLS disabled, with my household essentially running in Diversion "Lite" mode. I have not noticed any difference in "performance" of adblocking, and neither have my other household members. Therefore, I'll be keeping pixelserv-TLS disabled for the foreseeable future.
 
CriticJay said:
Or maybe it's time to retire pixelserv-TLS?

I used to be a big proponent of using pixelserv-TLS, and defended its use over the spring/summer in the Diversion thread. I even tried to help a few people creating exemptions so that apps like "Amazon" would work on their mobile devices. (if you route certain problematic domains to 0.0.0.0 instead of the pixelserv IP, you can get the Amazon app to work properly, for the most part).

HOWEVER:

I spent the last 3 weeks with pixelserv-TLS disabled, with my household essentially running in Diversion "Lite" mode. I have not noticed any difference in "performance" of adblocking, and neither have my other household members. Therefore, I'll be keeping pixelserv-TLS disabled for the foreseeable future.
Click to expand...
While I have not abandoned hope and still run pixelserv-tls on my devices, I see the end coming of this being effective in the long run with requirements for (self) generated certificates increasing and/or being accepted in devices/apps or browsers.
 
thelonelycoder said:
While I have not abandoned hope and still run pixelserv-tls on my devices, I see the end coming of this being effective in the long run with requirements for (self) generated certificates increasing and/or being accepted in devices/apps or browsers.
Click to expand...
Though the certificate requirements being a moving target does have its own considerations, the actual issue reducing the usefulness of pixelserv-tls is that advertisers and developers are increasingly becoming wise to the blocking mechanism and are coding apps/etc to check for a valid server handshake using included certificate payloads. The amount of things that need to be whitelisted to work is growing and becoming not worth the effort, in my opinion. I use ps-tls still, but without the certificate setup.
 
jrmwvu04 said:
I use ps-tls still, but without the certificate setup.
Click to expand...

so essentially you use it as "pixelserv" rather than pixelserv-TLS?

is that really an improvement over 0.0.0.0 host blocking though?

When I disabled pixelserv-TLS and went back to plain 0.0.0.0 host blocking via Diversion, I did not notice any web page performance differences.
 
CriticJay said:
so essentially you use it as "pixelserv" rather than pixelserv-TLS?

is that really an improvement over 0.0.0.0 host blocking though?
Click to expand...
Yes, that would be generally accurate. Performance wise it’s the same, but I use pixelserv for some logging, troubleshooting and statistics purposes.
 
Need some help, please... just noticed this issue with pixelserv on my router:

AX88 with 384.19 - and htop is reporting pixelserv-tls at 39% to 49% CPU utilization. - GUI shows running up of all 4 cores... Also, uiDivStats is displaying Percent-Blocked at 99.2%...

Seems all was normal until I applied entware update of a few days ago - but that's just observation on my part...

up until that entware update, I had over 21 days of stable 384.19 on the AX88... any insight or thoughts would be appreciated...

Thanks in advance...
 
Last edited:
jrmwvu04 said:
Yes, that would be generally accurate. Performance wise it’s the same, but I use pixelserv for some logging, troubleshooting and statistics purposes.
Click to expand...
I thought there was a performance boost just from the fact that pixelserv returned a response, instead of the request timing out.
 
You must log in or register to reply here.

Similar threads

L
pixelserv SOLVED - Is PixelServ WebGui script trustworthy at the moment? Redirects to strange website...
Replies
10
Views
3K
gspannu
gspannu
thelonelycoder
Diversion Need help with selecting new set of filter lists / block lists for Diversion 5.0
Replies
19
Views
2K
Gary_Dexter
Gary_Dexter
blacksheep
pixelserv Does "How to best run Pixelserv tls on asuswrt" still apply?
Replies
3
Views
3K
elorimer
E
garycnew
Entware [SOLUTION] Cross-Compile PixelServ-TLS 2.4 Entware Package via Debian Live DVD
Replies
13
Views
3K
garycnew
garycnew
Jack Yaz
YazFi YazFi v4.x - continued
4 5 6
Replies
107
Views
15K
Martinski
M
Similar threads
Thread starter Title Forum Replies Date
C Diversion Pixelserv replacement Asuswrt-Merlin AddOns 2
D amtm bus error, pixelserv-tls segmentation fault Asuswrt-Merlin AddOns 17
F pixelserv pixelserv-tls stats does not load Asuswrt-Merlin AddOns 1
black-raison-detre Idea for better web Addons Asuswrt-Merlin AddOns 13

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 806 (members: 15, guests: 791)
Top