Yep, me too. I have Thunderbird running in the background essentially as an email backup, but I wind up using the web version more. However Thunderbird and Bridge work extremely well that I forget they're running in parallel.
I'm a recent Google GSuite refugee, so it's hard breaking the habit of web based mail I suppose.
And my contingency plan if I can no longer self host, is export from one of my devices and import into the cloud version of Bitwarden. I don't see myself needing to do that, but you never know.
IMAP only download the index - everytime you click on an email, it'll then download it. When you have 150K emails, then you need to click on all that emails 150K times.
Yep, same. After this last G Suite fiasco, I finally moved my domain off Google onto another host that I pay for. It's nice to know I'm supporting a platform that cares more about privacy than Google.
Plus, it lit a fire under me to rely on Google services less and less. I had a second Google One account that I stopped paying for as well, cause f them.
As long as your spf record allows Google to send mail, you can.
You need to setup an "App password" on your Google account. Then, when you create an alias, you enter smtp.gmail.com and your app password credential as the smtp server.
I prefer it since 1080p takes less resources to drive, therefore gets better battery life. On a 14" display, I think 1080p looks more than fine. If I want a hidpi display, I'll just dock to an external display.
The only way to get the original quality photos is by using Google Takeout. Before Google made changes to Drive, you could use rclone (https://rclone.org/) to sync originals. That no longer seems to be the case, unfortunately.
I definitely would not want to use a hostile machine to access my servers remotely, period.
Sure, this will let you bypass outbound port restrictions, but it doesn't help in the slightest if every keystroke is keylogged.
Keystrokes being logged could be avoided with 2FA plus not typing in sensitive content.
That doesn't secure you against MITM from the machines. E.g. if the machine is taken over locally or remotely or there's spyware running on it, you could still end up compromised.
(I'm not saying you should do this; you probably shouldn't.)
They use the "-k" curl flag throughout their code (disabling ALL certificate validation), since I assume is to make initial configuration easier. Rather than fix this going forward, they created a workaround document which all new and existing customers need to follow to secure their setup.
I agree with most of the article. However, what I do disagree with is how they lump "security experts" into a single category:
Computer experts like to pretend they use a whole different, more awesome class of software that they understand, that is made of shiny mathematical perfection and whose interfaces happen to have been shat out of the business end of a choleric donkey.
I'm sorry, but there are vastly different grades of security experts. Security experts make Kali Linux. I'm pretty sure everyone runs their user as root despite it being created by security experts.
Now, look at the OpenBSD developers in comparison. Sure, bugs are found as they inevitably are, but they make it very difficult to take advantage of bugs that might be disastrous on other operating systems. They use privilege separation throughout their operating system (and packages if possible), announced recently their way of making ROP-chain exploits basically useless, and relink their kernel any time it's booted so that no two instances are alike (even if it's the same version on another computer). Using defense in depth is key. Unfortunately it's easy to talk yourself up in this field and not walking the walk.
There's a reason OpenSSH is such a highly deployed application and yet isn't constantly having RCE bugs. Sure there are bugs (as all software inevitably has), but there are definitely different degrees of security experts that the article fails to mention and lumps them all in one bucket.
I'm a recent Google GSuite refugee, so it's hard breaking the habit of web based mail I suppose.