MITM attack on a read-only text webpage... okay.

More annoying is the slightly shiny/shaded text that is supposed to highlight something. Who chose this style palette?

Aesthetikx 7 hours ago | parent | next [-]

Haha this is my blog -- its pretty new. I agree it's readability is less than ideal -- going to change it at some point. HTTPS as well probably at some point. Its been an experiment for me doing everything by hand. The entire blog is a large single Rakefile using Markaby :)

	▲	lentil_soup 5 hours ago \| parent \| next [-]
		for what is worth, I actually liked the shaded links, they made me smile :)
	▲	zzo38computer 5 hours ago \| parent \| prev \| next [-]
		Even just disabling CSS makes it readable. For HTTPS, I think that (like someone else mentioned) it should be made optional (at least for read-only access to public files) rather than mandatory.
	▲	himata4113 6 hours ago \| parent \| prev [-]
		check out certbot + install certbot renew into crontab. Get the python3 variant the "native" package is outdated and removed from newer systems.

▲

foobiekr 4 hours ago | parent | prev [-]

It’s html. Which is code that your browser executes.

Millions of routers are compromised. BGP attacks happen. Anything http stands out as an interesting target for injection.

This position is foolish. It’s not a major ask to enable https.

	▲	pavon an hour ago \| parent \| next [-]
		For a random blog you have never visited before and have no reason to trust. It could attempt to do all the malicious things that you are worried a man in the middle would do.
	▲	themafia 4 hours ago \| parent \| prev [-]
		The browser still has to execute code over HTTPS. You've just moved the injection perimeter from inside my own network into the providers website. I don't think you've fundamentally changed your level of risk unless you spend a huge amount of time browsing on shared password WPA protected wifi networks. You cannot browse to sites under any regime and execute code while expecting security to exist.