Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you are too afraid to click a cleartext HTTP link then don't; it's not for you. Just spare the rest of us the melodrama.

While you are at it, better not ever update Debian or any number of other OSes because their updates are served over plain HTTP.



You almost had a great point here. If he began every blog rant with BEGIN PGP SIGNED MESSAGE and included a digital key somewhere secure, somewhere that I could go and verify, just Debian does with updates, I maybe could tolerate the cleartext. But he clearly didn't (pun alert!)


Pardon; your threat model includes someone MITMing Greg's site to misrepresent what the blog article says?

... But you'll happily go to a forum site such as HN to discuss the post?


https://apps.lansa.com/LearnLANSAWebMobile/index.html#!Docum...

XSS is real threat that everyone like you missed.


> The content is not shown because JavaScript is disabled.

Two can play the luddite game.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: