1. 5
  1.  

  2. 4

    Posted this because it’s an interesting example of reasoning that–while incorrect (for example, the whole “just don’t use compromised networks, duh” bit is silly in practice)–is an interesting counter-point to the prevailing winds.

    The author’s focus on “I’m displaying a simple read-only text document, why does this need to be complicated?” is worth a bit of consideration, even if the wording gruff.

    1. 5

      SEO shitbags rank with email spammers as the absolute lowest pigshit dirtfuck dregs of humanity.

      Is this really the standard of article we want to see here?

      The author seems pretty ill informed as well:

      If people don’t want to see my site with random trash inserted into it, they can choose not to access it through broken and/or compromised networks.

      Earlier you recommended letsencrypt, and now suddenly you want me to pick a competent certificate authority

      1. 2

        The author seems pretty ill informed as well:

        Reposting the “ill informed” opinions without refutation or explanation doesn’t really have much value.

        Is this really the standard of article we want to see here?

        You’re new…maybe wait a bit and contribute more before hand-wringing. :)

        1. 2

          The article states those opinions without refutation or explanation…

          1. 1

            Reposting the “ill informed” opinions without refutation or explanation doesn’t really have much value.

            I included two quotes from the article to explain my point and I think they speak for themselves. Misquoting someone has negative value.

        2. 2

          I don’t agree fully with both of the articles but I am more in favour of this one. Yes he has some silly points, but the original article also has some fairly tin foil haty stuff like ‘do you trust your network equipment?’.

          How about do you trust your computer’s hardware vendor or how about the servers’? Or compromised curves or bad DH params? I also am 100% sure that my website does not need HTTPS. I am also aware that some third party might tinker with the last postcard on the way. I am aware of the pitfalls for both use cases and I made an informed decision about it. But - as n-gate also admits - there are situations where https should be set, like forms.