I run both (LS on Mac, at least), they do different things - pi.hole is a great ad blocker which applies to all of the devices on your network. Little Snitch is doing something different - it tells you every call that every app you use is making, and allows you to approve or deny each one. So, you can block telemetry for apps, or you can block certain apps from contacting certain servers, or you can just use it to watch what apps on your system are calling out to where.

To clarify, I'm aware that pihole is not intended to run on a client OS, and doesn't monitor at a process level. I'm focused on the intended effect rather than the process itself (blocking malicious/ad servers). And I think I framed my initial question incorrectly as if LS and PiHole as subtitutes. It's perfectly fine and even preferrable to use both as layered protection. I'm just thinking however when it comes for bang-for-buck it seems like PiHole is the better value proposition if you could only set up one.

pi.hole is primarily billed as an ad blocker, but the fundamental way it works is by applying a curated set of DNS lists that are blocked (commonly telemetry and ad servers), and the admin dashboard which is just a web page (therefore works on all platforms, smartphones included) will do the same thing: it tells you every call that every app on every device on your network is making, and you can approve or deny it. You can curate your own list as well and block servers/connections you don't want on the network.

LS afaik operates in the same area where it's intended to be used for privacy. I guess I could see it being useful for people who don't have admin access to their router, but for people who do have such access I would think the benefits of network-wide DNS monitoring/blocking would outweight the costs of having to configure your router settings.

Yeah, if you're just looking for ad blocking, you're right, pi.hole is the better bet.

Little Snitch is intended for per-process, per-connection blocking - for example, you may need, eg, an Instagram uploader app to contact Meta's servers, but an unrelated app should not be able to (and even in the case of the hypothetical IG uploader, you can get very fine grained about the controls - media.facebook.net, not telemetry.facebook.net). In that way, LS does have some advantages over pi.hole in that space - You'd need to set up every single item that you normally get for free from a blocklist, but it gives you much finer control over what's getting blocked and much better visibility into what connections your processes are trying to make.

Again, I don't think Little Snitch is the right answer if you're looking for ad blocking specifically, and if that's the extent of your privacy concerns, pi.hole's a better bet. Little Snitch is a per-application connection monitor and firewall - it _can_ block ads, but that's not its primary purpose.

LS seems to not be claiming any security promise on Linux because it can't make any guarantees given eBPF limitations. But the entire purpose is different and there is very little overlap in my view. PiHole is entirely (I think?) just applying the blocklist made easy. LS allows you to build the blocklist in real time.

I would guess that to the extent the blocklists include things that are loaded by applications and not websites, they are almost entirely built by users of something like LittleSnitch or OpenSnitch. This is also entirely doable with wireshark logs, but I think that requires more infrastructure to build into usable lists.

Some telemetry uses hardcoded addresses when DNS doesn't work.

Some telemetry might not be recognized by pi-hole as it is new or has nothing to do with ads.

> How come any ships don't turn their transponders off and try to make a run for it?

Because the cost of failure is death and the crew aren’t going to risk it, and the other cost of failure is a couple hundred million dollars in ship and cargo and the insurance companies aren’t going to risk it either. This is like asking why your DoorDash driver wouldn’t just try to run the police blockade to get you your burrito.

> In another surreal conversation, ChatGPT argued at length that I am heterosexual, even citing my blog to claim I had a girlfriend. I am, of course, gay as hell, and no girlfriend was mentioned in the post. After a while, we compromised on me being bisexual.

This is a bit of a throwaway in the article, but when people talk about biases encoded in the algorithms, this is what they’re talking about.

They do more than that - our local PD gave a presentation on what Flock’s pitching - ALPRs, fixed pan/tilt cameras, “citizen cameras,” drones, and a whole “sensor fusion” software suite that lets you stitch in everything along with data from surrounding precincts which also have Flock (think Palantir for local cops). We were pretty shocked at the scale.

Kobo has a bookstore that’s pretty comprehensive - I haven’t found anything missing. Not sure that gets you out of DRM land, but at least you’re not giving money to Jeff Bezos.

Brother, I live in Oakland. To hear it from the media, statistically I’ve been dead for a decade now. This is always the narrative around cities, which is fine, because it keeps away the kinds of people who find my town scary instead of invigorating.

You can send a submarine down to crushing depths while violating all the traditional rules about "good" engineering, too.

Right, and often the tested depth isnt maximum. So you slowly acclimate to worse and worse code practices if the effort needed to undo it is the same as doing.

> if the effort needed to undo it is the same as doing.

That’s the rub, yes - as long as your failures are nice and gradual and proportional to the changes you’re making, everything’s fine.

sure, but undo isn't the only path to a newer better version of the code

it's easy to see how the product (claude code) could be abstracted to spec form and then a future version built from that without inheriting previous iterations tech debt

> The US and German models are consequences of just yelling 'Free market!' without stopping to think about what's actually being sold in that market, and how to encourage genuine competition.

The point of a system is what it does. In America, it fosters centralization of wealth on a massive scale. That’s the point, not some unexpected side effect of the theory nobody saw coming.

We're somehow in a race between LLMs curing cancer, destroying the planet by "You're right to be mad, I shouldn't have issued those launch codes, it's even in my Claude.md file, I'm sorry," and rendering modern technological civilization uneconomical. I know this is statistically the best time in history to live, but lord, I could use a vacation.

One of my favorite fun facts is that it’s nearly impossible to get a hamster drunk - their foraging method is to get, eg, grains and fruits and store them piled up underground in their burrow, where they of course ferment, so hamsters’ livers have become unreasonably good at metabolizing alcohol.