I /really/ need to add http://n-gate.com to my rss reader because it’s *so good*. This is the best description I’ve ever seen of the Microsoft acquisition of Github.
@wxcafe Interestingly, n-gate doesn't seem to support https.
@wxcafe Maybe if security doesn't matter to you. Especially given how easy and cost-free it is to set up these days.
@tyil ain’t no point in setting up https for a static site with no exchange of information. Literally who cares.
@wxcafe HTML is information, and the purpose of HTTP is to exchange it.
Anyone intercepting the connection at any point can still inject stuff (like scripts), even if the original host only provides static content. And anyone can still read out the entire message and use it for personal/meta data harvesting.
Anyone understanding what the words "information", "exchange" and "security" mean would care.
@wxcafe @tyil so friendly.. I think he has a good point: Setting up TLS certificates is super easy these days.
After all it is the authors decision not to do it. Can not really blame someone for that. If he doesn't know better: educate him.
If you really cared for "security" in that context you should try to get a cert fingerprint in-person from the author/admin. The certificate authority system is broken anyway...
@ocdtrekkie @andi @wxcafe That's fair. I acknowledge the current CA system is broken, and that we should adopt a better system.
@andi @tyil look, I know. I have TLS everywhere. I used to have self-signed certs everywhere before LE came along. I have a yubikey to store my gpg key. I do totp 2fa on ssh logins. I get crypto. But I also get that some things are not worth tls-ing, and that who the fuck gives a shit. It’s literally not a problem for anyone. It’lol be flagged as insecure by browsers soon and they’ll probably upgrade then. It’s fine, calm down, stop telling strangers on the internet.