Fifth group here: HTML mail should never have been implemented. Better, never thought of in the first place.

And require that if any colours are set, both foreground and background are set. (I've seen too much breakage with assumptions about one or the other.)

MX records don't send messages. Assuming that “sent to them via SMTP” is meant… well, moving all messages to ‘junk’ isn't a good idea: it needs to be restricted to messages sent on or after that time. But why not just respond with “554 No SMTP service here” on opening the connection?

Debian have reverted xz-utils (in unstable) to 5.4.5 – actual version string is “5.6.1+really5.4.5-1”. So presumably that version's safe; we shall see…

Is that version truly vetted? "Jia Tan" has been the official maintainer since 5.4.3, could have pushed code under any other pseudonym, and controls the signing keys. I would have felt better about reverting farther back, xz hasn't had any breaking changes for a long time.

It looks like this is being discussed, with a complication of additional symbols that were introduced https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024

Thanks for this! I found this URL in the thread very interesting!

https://www.nongnu.org/lzip/xz_inadequate.html

It is an excellent technical write-up and yet again another testimonial to the importance of keeping things simple.

It's not only that account, other maintainer has been pushing the same promotion all over the place.

TIL that +really is a canonical string. [0]

[0]: https://www.debian.org/doc/debian-policy/ch-controlfields.ht...

There are suggestions to roll back further

Hmm… I'd look but there don't seem to be any builds since late November on mozilla.debian.net.

I recently switched from Firefox to Vivaldi due to the upcoming dependency on PulseAudio. Depending on what happens, I may end up switching back; but if I do, I expect support for ALSA either by default, a run-time option or a compile-time switch.

Google can prompt you to confirm the login via your phone. It appears to work well: there's a time-out, and this time-out is also triggered if a second login attempt is made in parallel (and reaches the confirmation stage).

So… whichever login attempt gets to confirmation stage last wins (not relevant in this situation), and the confirmation screen on (at least) my phone does not indicate anything regarding location (which is highly relevant).

This looks a little weaker than TOTP (you're basically trading a little security for the convenience of not entering a code while keeping the second factor) and a lot weaker than U2F.

Sometimes, it's clear what minimum window size they've assumed. I know of one (bank login) which doesn't work well on a netbook due to this.

I tried to report the problem via the site feedback link which they helpfully provide in most of their page footers. It fails in Firefox but works fine in Chromium; I ended up reporting two problems reported instead of one.

I think that the IE11 one, of those, is best. I would have said that Firefox's rendering matched it but it's doing that broken kind of anti-aliasing which adds colour fringing.

Oops. Somebody forgot to set the background colour on that page. As I've changed the default to light grey (white's too bright), that makes it rather less readable...