Oh d*#n, it looks like MVPS is the culprit.
When running the defender_updater.py one sees that there is a certificate error connecting to MVPS.org:
CERTIFICATE_VERIFY_FAILED
But connecting via browser or openssl works flawlessly.
Does python use another certificate store? (tested with SFOS 3.2 only now)
MVPS.org uses LetsEncrypt whose root cert might have been run out…
But in general:
as said some 
posts earlier there might be problems with some “hosts providers”.
And if so the updater silently dies and leave the notification up.
There is a new func (In pulley menu) to get rid of it.
Then you need to try with a single source only and find the bad one. To be noted in some wiki post right early in this topic…
I might catch this but then it would look like the update process worked. But it left the hosts file untouched! So I may think I leave it as is?
Yes, I know.
But why the browser still works (okay read something that browsers might survive / overcome this)
But openssl ? Should this not be affected as well?
I know that Firefox has its own certificate store, it does not need the OS for the certificates.
I assume the last paragraph is you looking for ideas so let me share mine. You could stop updating and hide progress replacing it with an error message there was a wrong source. Even better, also display which source. Even better, add a button offering to disable the particular source and continue.
I have some tips for using Defender.
First is that it takes many times more to update than you are expecting. I am using just 3 lists of Goodbye Ads, and it still takes an hour to finish. But I have to say, if I let it do its thing, it does work reliably and always complete.
Second is that if you want it to be done fast, is to keep your screen on. My Xperia 10 lowers its CPU clock by a lot when screen is off, and that increases the time. So it takes much more than an hour with the screen off.
And you can check in htop or lighthouse if there is a python process using a lot of CPU. If there is, then it is still updating and you simply have to wait more.
So thank you so much Peter for keeping this app updated, it is very reliable, you just need to have a looooooot of patience.
YES!
Implemented a quick fix for the failing MVPS.org source and activated all sources and tapped update.
That was somewhat in the evening (around 8 or so). I locked the device and put it on charger.
Next morning I checked it again and it just finished shortly after 0700.
So the update with all sources may take up to 12 hours!
Leave it running.
(for now deactivate mvps.org)
I will push that fix which will catch the certificate exception and let the update continue in a few days.
So either believe that update message means it is updating. Or check whether
ps aux | grep defender_updater
yields a match. If it is there it is still running.
If not pull the pulley menu and tap ‘show error log’ (soon™ to come )
This is great! If you prevent any error from blocking the process, then there’s no need for messages as I suggested.
Important info
The blocking of names/IPs for the dark side (android) container may not work at all.
Really sorry (but you may understand I forgot about it).
Please see here (and also there).
As said I will try to get a fix for that into the defender package but it might need some testing and therefore time.
Looking forward to this upgrade! I haven’t updated the lists in at least a month, the ads in youtube have started to annoy me.
Just a question from a noob. Why does it actually take so much time to update the resources?
Good question!
Answer from a I-just-took-over-and-tried-to-fix-boot-problem-noob:
No idea!
One would need to look deeper into the used python hosts library and check for nested loops (something python is not good in?).
And tbh I really did/do not care enough to spend time into this. (this only arouse after adding more huge host files)
Thank you for the answer.
It’s perfectly understandable.
I was asking this because usually when using AdAway on Android, it takes a couple of seconds for those lists to get updated. On SFOS as well (if one is using a script from openrepos called Hosts Adblock). I kinda though that these apps/scripts would help you out with the project in the long run.
Selecting only AdAway (as well as selecting other sources separated) on its own is also quite fast, as long as you do not try to merge other sources.
If you only select one source it is normally a matter of less than a minute. (and it is only not a few seconds as defender always tries to eliminate duplicates)
AdBlock is the predecessor of Defender (when you look at the icon and the original developer 
).
Idea for some additional lists to be included in the future:
[oisd_dbl_full.txt]
Source = oisd_dbl
Name = oisd_dbl_full
Info = https://oisd.nl/
Url = https://hosts.oisd.nl/
Description =
License =
SourceEnabled = no
Or DeGoogle your life:
[googleblock]
Source = Nick
Name = De-Google Life
Info = https://github.com/nickspaargaren/no-google
Url = https://raw.githubusercontent.com/nickspaargaren/no-google/master/pihole-google.txt
Description = Special List to Block Google
License =
SourceEnabled = no
The first one blocked some metrics trackers used by Pandora that where not blocked by the current lists.
I’ve tried it out and it works amazingly well. It’s actually quite fast if you select only certain lists.
Well done, Peter!
Would it be possible to block the initial ad that starts before some YouTube videos? I can see that youtube.com is blocked in those lists but maybe it’s necessary to include m.youtube.com as well?
About those ads at the beginning I have no idea but think that goggle is clever enough to not let us block those that easily.
?
You want to watch videos but block the source (www.youtube m.youtube)?
So, that’s what it would do. Sorry, I didn’t realize that.
Nevertheless, it’s working great with everything else, so 4 seconds of commercials is something I can live with. 
As per my understanding YouTube ads cannot be blocked with lists. But what you can do is download Firefox and install uBlock and I have never seen any ads again.