Tyil is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

I /really/ need to add n-gate.com to my rss reader because it’s *so good*. This is the best description I’ve ever seen of the Microsoft acquisition of Github.

@tyil ain’t no point in setting up https for a static site with no exchange of information. Literally who cares.

@tyil @wxcafe I mean, I agree that not using TLS is just kinda lazy now, but if I had the capability to pull off the cleartext packet injection attack you're describing literally what prevents me from just rerouting your next DNS request to a fallback insecure host of my own for more pwnage?

@tyil @wxcafe And herein lies the crux: cost/benefit.

Just as there's no magic bullet for security, nor should anything be assumed as default secure, one can't be dogmatic in telling a total strangers what their threat model or cost/benefit is.

I've seen lots of people introduce new security holes trying to make TLS work in their environment. LE made it soooo much easier, but in shared environments (i.e. most hosting), TLS is still non-trivial.

Tyil @tyil

@nickfarr I agree with you, don't get me wrong.

I just wanted to clear up to that person that static pages aren't "secure" any more than other pages. In reality, all content transmitted over HTTP are static pages.

· Web · 0 · 0