329 sats \ 4 replies \ @ek 18 Oct 2023
Paul Graham's blog is great but I really wonder why it doesn't use HTTPS.
Googled a bit and found this. But no answers from him personally.
Of course, he doesn't owe anyone anything, but I think it's weird to not have HTTPS nowadays. But I have a cryptography background, so I might be biased.
reply
308 sats \ 1 reply \ @WeAreAllSatoshi 18 Oct 2023
I found this comment on the linked HN thread insightful and probably very useful for a lot of folks. Sensitive data isn’t the only argument for TLS
reply
21 sats \ 0 replies \ @ek 18 Oct 2023
Yes. It's about CIA: confidentiality, integrity and authenticity.
People most of the times only think about C
reply
364 sats \ 1 reply \ @k00b 18 Oct 2023
I've seen him call this an IQ test, ie he sees it as unnecessary for his site.
reply
0 sats \ 0 replies \ @ek 18 Oct 2023
I totally get why one might think that HTTPS is not necessary for a site like this but damn, I really believe we should always err on the side of caution with stuff like this. Getting a certificate and setting up auto-renewal with free TLS providers like Let's Encrypt really isn't that hard anymore.
I guess I've heard too many stories about people not taking cryptography seriously or just handwaving arguments so I am always baffled when people say: ohhh, I don't need it, what could go wrong?
That might be true but are you 100% sure?
We should be humble when it's comes to cryptography.
But as mentioned, I get it that most people don't think like this. It's too abstract.
Regarding the IQ test: is it about people being considered dumb if they follow advice like "use HTTPS" blindly?
Well, I would rather fail such a test and say I'm dumb and actually be dumb than say I'm smart but with the risk of actually being dumb, lol
reply
0 sats \ 0 replies \ @chaoticalHeavy 18 Oct 2023
"There's another more subtle lesson in the list of fields with superlinear returns: not to equate work with a job"
--Paul Graham
reply