SXG[0] looks promising - allows signing (and subsequently caching externally) whole HTTP exchanges.

This may be useful for improving security, especially of CDNs. Binary Transparency seems to be one of the use cases mentioned in the spec[1] - perhaps someday this would be used for an unified scheme for signing application packages/updates, without reinventing the wheel every time.

[0]: https://developers.google.com/web/updates/2019/03/nic73#sgx

[1]: https://wicg.github.io/webpackage/draft-yasskin-http-origin-...

SXG is primarily designed for AMP so that the browser can display the origin in the address bar while the content is being served from Google.

Currently only one CA provides paid certificates with a special extension so that the cert can be used to sign SXG files [0].

[0]: https://www.digicert.com/account/ietf/http-signed-exchange.p...

As for binary transparency it's not enough to stamp the certificate (that's what CT logs do). The artifact would have to be stamped and published in a widely accessible source. Actually Binary Transparency doc published by Mozilla [1] creates a new regular certificate for new published binary thus utilizing CT infrastructure as it is today.

[1]: https://wiki.mozilla.org/Security/Binary_Transparency

If we're at Mozilla, it's also interesting to see what's their position on SXG [2]. There is only one spec there with that status there.

[2]: https://mozilla.github.io/standards-positions/

FWIW, Mozilla's current objections to the standard don't really make sense. See: https://github.com/mozilla/standards-positions/issues/29#iss...

It seems the real issue at the moment is that it just isn't a high priority for them.

Thanks for the link! Subscribed.

> SXG is primarily designed for AMP so that the browser can display the origin in the address bar while the content is being served from Google.

Displays the origin of the content?

Instead of ugly "https://www.google.com/amp/www.example.com/amp.doc.html" links as it displays them now when clicking AMP result on Google.com it would display "https://example.com/amp.doc.html" even though example.com was not contacted at all.

> unified scheme for signing application packages/updates

This is one of our longer term visions for the API, not there just yet.

They executed Nicolae Ceaușescu on December 25th.

I'm not sure whether it's comparable, but Chris Squire from Yes spent months "hibernating" in a hotel after a bad trip with homemade acid:

“I’d had lots of good acid trips prior to that. But I made the mistake of trying some acid some friends of mine had homemade. That knocked me back, and I did sort of hibernate in an apartment in Kensington and spent quite a few months — maybe as much as a year — just playing bass.”

Source: http://www.telegraph.co.uk/news/obituaries/11706204/Chris-Sq...

FastMail - 5$ per month

https://www.fastmail.com/pricing/

I've got relatively simple requirements but I found FastMail to be really good

They are hands down the best email provider I've used. I moved from Gmail to them and the speed, support, and reliability is head and shoulders above even the paid Google service.

FastMail has been great for me, too. They'll host your DNS as well if you want.

Can you add your own TLS cert for your domain with them?

They don't really need a TLS cert for your domain - they don't host your website; the MX record in your domain just points at a host in one of their domains (for which they have the TLS certificate); and the 'mail.yourdomain' address just redirects to https://www.fastmail.com.

I'm pretty sure oasisbob refers to "The Proud Highway: Saga of a Desperate Southern Gentleman, 1955-1967 (The Fear and Loathing Letters, Vol. 1)".

This won't work, at least on Chrome. It blocks all cross-domain requests to localhost[1]. Even if the target is used with a domain that resolves to 127.0.0.1, or has CORS completely disabled with "Access-Control-Allow-Origin: *".

[1] https://code.google.com/p/chromium/issues/detail?id=67743

Similar (I think) techniques were once used by Skype[1]. I wonder how much they've changed in the past few years.

1. https://www.blackhat.com/presentations/bh-europe-06/bh-eu-06...

zsh: http://www.zsh.org/

Link to the benchmark in question: https://gist.github.com/dstogov/12323ad13d3240aee8f1

Would be nice to have an option for different art pieces on different spaces as well. For example, I use 4 spaces on my primary display and 1 space on the external one and I'd be delighted if I had 5 different art pieces shown.