...Unless you're savvy. Thank goodness for the availability of https://publicsuffix.org/ (as long as you only use your main domain and don't need to share cookies with your own subdomains), and the includeSubDomains directive to HSTS! But - if you already set this up, you probably are savvy enough to avoid the problems created (or your provider is)
HSTS won't prevent this at all; the advertiser merely needs to also set up TLS by getting a certificate for that subdomain, which they can already do precisely because it goes to their web server -- not yours. This also lets them steal cookies marked secure (sent over HTTPS only).
Edit: A combination of DNS CAA with an account identifier restriction in the record would prevent this. Then the advertiser would complain, and any ads served would have to be over plaintext, which would cause browser warnings about mixed content and allow MITM injection of (more) malicious content.
Yup. some implementations provide similar ANAME, and Cloudflare has flattened CNAME which is probably the best implementation I came across in years of supporting folks trying to use these kinds of records on a large CDN.
If you liked that, check out also his newsletter and his fiction writing - both are stellar (his is the only newsletter I read, even though I pay for other ones!)
You are aware that any headless CMS works well with netlify, right? (even some less headless ones, but these are easy): Contentful, Sanity, Ghost, Forestry? Our CMS is an open source project that is community maintained these days, not managed by us :)
Safeway no longer accepts that number at least in the 503 area code, I found out upon trying as was my custom, a few years ago. The cashier recognized it and laughed with me as she scanned her own card which they keep on hand precisely for these reasons, as I understand it.
Actually, I did have trouble at Safeway with this recently but the cashier kindly gave me a card that scans -- very nice because it has none of my information associated with it.
Related, but when I am forced to read the number instead of just typing it in, I consciously say "Eight Six Seven Five Three Zero Nine" instead of "Oh"!
These are probably the two best interesting aka "seemingly not in wide use" ideas we've tried, with great results:
- create a culture of actually RSVP'ing for meetings (yes or no!) so that people know who will be in a call and you don't waste 5 minutes wondering if X will be joining or if anyone will be joining at all. Pairs best with a culture of actually being on time for meetings and ending on time (so you can all be on time for the next one).
- to facilitate this, if you have a good agenda, people can opt out of coming if there are no relevant topics, or in some cases they can share their feedback on to a colleague or the organizer who will pass it on to the group on their behalf. As a result of this process, some of our "best" (from today's point of view; they used to be the worst in terms of getting through the agenda or understanding if this instance will be relevant to you) meetings have morphed into an actual commitment to have every participant spending 5-10 min to write down status updates in advance, with 2 minute actual "live meeting" check-ins: "anything besides the notes we all left for eachother, to discuss?"
This second one has been especially effective for our distributed management team in very different timezones where "overlap" meeting times (usually beginning-of-day-US/end-of-day-EU) are at a premium. You can do a few of those ("whole product team + stakeholders" "whole back-end dev team" "all engineering managers") meetings in one traditional-meeting time slot if you keep the agenda razor focused.
I really appreciate the second point and the mentioned ideas! That is great advise. I think having everybody write status updates in advance can be a great idea but how do you make sure that does not turn out to be more work than just sharing those updates verbally in the meeting?
By one measure it's "more work" - if you think about the time that each person spends creating their content in advance, vs what they could spend wall clock time talking in the meeting - 30 min meeting can only have thirty minutes of talking - vs N x 10min pre-writing. It's just parallelizable outside of the tiny synchronous need as the mutex is passed, and a better use of everyone's time - you can write the status update any time before the meeting, whenever you have downtime.
I run the Netlify Support team, and this statement from @michaelmior is correct: apex domains are served using redundant, global CDN if you use Netlify's DNS hosting, or Flattened CNAMEs from Cloudflare.
