Realistically you should never use the registrars dns to begin with. But you can set your own dns with porkbun, I have customs dns on all of my domains. I especially have been doing that since the Namecheap hsts issue. Can't trust any of them.
I'm pretty sure google never used them for their own domains, and the whole markmonitor/squarespace thing was their "google domains" product where they sold registrar services to others. Besides that they also are a registry for .app/.dev and others, but don't sell them via their own registrar anymore.
I've worked at places that are SOC 2 Type 2 compliant with similar ways of installing tools on dev boxes. I would say yes but like anything SOC 2 related, "it depends". The compliance requirement is on the org being compliant.
I'm not sure I understand, but haven't you just moved the problem to the out of band layer? And is that layer not secured using the same normal (somewhat) long-lived TLS as most sites?
I don't think I understand the threat model you are using here?
Think of the out of band layer as two human executives exchanging URLs and GUIDs in person. You still need a secure transport, but in this model the thing that is being secured on the wire expires within 15 minutes. The only way to break the model is to defeat a transport or protocol key and only before rotation, revocation and expiration can catch up each time.
> floated the idea of using Stawart as the "server" implementation of JMAP and using something like mbsync to sync IMAP from their mail provider. And build a client on top of this Stalwart "server."
That really does not seem like a workable solution. It would probably be brittle, require double the storage, require mapping of accounts and and credentials, would not account for caldav/carddav, etc.
If JMAP is to take off we need proper clients, servers and bridges. I'm not sure we even have one proper OSS implementation for each.
> The key: proxy_ssl_verify off — the new server’s SSL cert is valid for the domain, not for the IP address. Disabling verification here is fine because we control both ends.
Not really, a MITM could do anything here. It's not very likely to happen here, but I think this comment shows a misunderstanding of what certificates and verification does.
> Really the EU needs to apologize for those damned cookie popups and invest in a privacy-first browser.
You clearly misunderstand when they are required and how they are legally required to work, the key points (as I take them) that are often misunderstood are:
* They are not about cookies, but any persistent identifier
* If a identifier is needed for your core functionality (ads/tracking is not a core functionality) and not misused for other purposes you do not need consent
* It is required to be as easy to decline as it is to consent
* Not consenting is not allowed to degrade or gate the content
* Even if you consent to tracking/cookies you should be allowed to withdraw that consent
Frankly I feel having to clear modal dialogs is like getting a lobotomy. I don’t ever want to see one. I don’t want to ever be asked “click on the traffic lights”. I don’t want to have to clear 1, 2, 3 or 4 more modals asking for my email address on a blog.
I want “respect DNT or go to jail”
GDPR normalized enshittification, turned it from something that was unambiguously evil to something that was required, virtuous even.
I could care less personally if you track me or not but if you pop up a meaningless distraction in my face there is no limit on how much I want to hurt you and blowing our your kpis and wrecking your analytics by disabling your tracking it is the least I can do. We need to resist the Google Economy that wants to divert 99% of your attention to worthless trash.
It also made people realize that they are tracked like crazy (there are regularly memes about this for example) - before people reacted to this fact like you were sharing a conspiracy theory.
Since cloudflare is basically the only registrar that will not allow you to host nameservers anywhere else I'd be weary to use them (even indirectly).
reply