1. 39
  1.  

  2. 5

    I share the longing for simpler (and more secure) access to simple text. Javascript off, a good content blocker, and HTTPS Everywhere in block mode helped, but I always wanted the option to just pass some domains through an Instapaper or Readability-like service. This seems to be an attempt at doing that!

    However, the TLS security cost is just too high. The Go stack is good, but it’s a different beast from a browser one. No revocation, no CT, no HSTS, no HPKP, right off the top of my head. This is probably doable in an extension though, and there would be no such issue.

    1. 1

      Depends. If you’re using chrome, there’s no revocation. HSTS still works, it passes right through. HPKP is dead, though. But the interception is configurable, so you don’t have to push all traffic through it.

      Or do what I do. Use a different browser (nonproxy) for important sites.

    2. 4

      This looks pretty cool! How does it work under medium to heavy load? I’d like to set it up as an online service for a small community of ~100 users.

      Thanks for sharing!

      PS: I feel bad that every good post from @tedu just end up discussing his SSL cert choice..

      1. 3

        I don’t know if I’d want to set this up for unsuspecting users. I can be a little heavy handed with my aesthetic choices. :) Generally though it’s pretty fast. I have nothing like benchmarks, though. Over the past week, I couldn’t tell when I was using the proxy or not except when visiting particular sites.

        I’d look into proxy auto config, too, where you write a little javascript file that tells the browser when to use the proxy based on hostname.

        1. 1

          I just tested it locally. It works rather well indeed! Navbars get in the way a lot though.. This is definitely not something you want to force onto your users indeed. But that could be a service, eg, “use proxy strip.your.domain:8090 for cleaner content”. And then users are free to use it or not.

          The code’s pretty easy to modify (eg, add input boxes, new domains/tld, …), so really, thanks for this!

        2. 1

          ~100 users is not meant to be medium to heavy load

          1. 1

            It’s not much, but you’ll agree that “Can this software support ridiculous load?” would be a stupid question

          2. 1

            I’m reasonably confident he was able to determine in advance that discussion of the resultant tedium would be an unavoidable result of this particular performance art.

            1. 9

              But now the mods will delete tedious comments, so all is well.

          3. 4

            When, oh, when will ted get a proper certificate for his website? :-)

            1. 4

              Tomorrow.

              1. 3

                I’m pretty sure he’s just trolling at this point, but it’s easy enough to just add the cert to your browser’s keychain.

                1. 8

                  I don’t think it’s a troll so much as a principled stand that says: “I reject a system that claims that I must have a 3rd party’s blessing in order to protect my readers from spying governments and ad-injecting isps”.

                  I know he knows that it’s not going to help him grow his reader base, but this seems to be one of the few blogs where growth hacking isn’t the primary purpose.

                  I’m glad it exists.

                  1. 3

                    I don’t think it’s a troll so much as a principled stand that says: “I reject a system that claims that I must have a 3rd party’s blessing in order to protect my readers from spying governments and ad-injecting isps”.

                    Just to be clear, I agree. “Troll” is too harsh, because he’s making a really valid point; maybe performance statement? Principled stance also works.

              2. 2

                Nifty idea! I’m biased, but I’m specifically worried about breaking HTTPS, given how broken verification and especially revocation is in most things that aren’t browsers. And I do wonder how many of those tweaks can be achieved with a browser reconfiguration or an extension that just blocks a lot of requests. This would have the benefit of not breaking HTTPS.

                1. 1

                  hijicking tls connexion for doing a handful of replacement looks like dangerous. It would perfectly fit with a browser extension.

                  1. 1

                    The page simply fails to load now.

                    1. 1

                      Everytime I see an “outbrain” ad spam I cry for humanity a little bit.