Reading "duh... that link looks sketchy" time after time when attempting to nudge people in the direction of good resources, e.g., on-line manual pages, becomes rather irritating. Is typing the URL into VirusTotal or something really such a fucking hassle? Are you sufficiently special to warrant the creation of an IP grabber which is dedicated to targeting you... AFTER you posted your exact location on Instagram last week?

Similarly, some pants-shitting, worm-eating troglodytes who have the gall to claim to know anything about cybersecurity STILL think that for all Web sites k, that k's URL begins with "https" implies that k is secure. NO! Unencrypted Web sites are FINE unless sensitive information is being transferred. Are publicly available manual pages sensitive information now?

Grabbing the campaign hat and writing death threats and very personal insults is sometimes slightly tempting.

  • 3
    I think the http vs https war was lost after google started showing preference for https... and I don't mind that being a best practice anyway.

    Any fuck ups after that ... well those folks probably would have made that mistake regardless.
  • 1
    s/"https" implies that k/"https" iff k/g
  • 1
    So there are still troglodytes out there, who don't support https?
  • 1
    @Oktokolo: "[W]orm-eating troglodytes" refers to the men who believe that HTTPS is _always_ essentially necessary.
  • 2
    Well, if you want to make dragnet surveilance as hard as possible, it is.
    Cryptography done right is cryptography that is always done regardless of the data's security clearance. If you only encrypt the juicy data, you basically mark that data as juicy.

    HTTPS everywhere downgraded the pre-Snowden dragnet survailance to "only" getting IPs and host names instead of also seeing the page the visitor actually looks at.
    It is the maximum three-letter-agency-annoyance possible without upgrading to TOR-like onion routing. And it is damn cheap on current hardware.
Add Comment