Hacker News new | ask | show | jobs
by scrollaway 3750 days ago
It's a failure of the web browsers to work with a site that would let you be so insecure that it "should be taken down immediately".

Also, I appreciate and agree with the mindset that SSL should be ubiquitous and that this site is insecure, but I gotta say, the way you're phrasing this reminds me of the most arrogant, spoiled customers that "demand" whatever pleases them to customer support and take out all their anger on CSRs.

You can share advice without being demanding and arrogant. Try it.
3 comments
zero_iq 3750 days ago
Conversely, I find his comment to be perfectly matter-of-fact, whereas I find yours (esp. your last paragraph) comes across as condescending, haughty and (ironically) arrogant.
link
scrollaway 3750 days ago
So you think it's OK to demand the shutdown of a site, saying it "should be taken down immediately"?

I wasn't kidding when I said it reminded me of the attitude some of the nastiest people adopt when dealing with CSRs. Completely forgetting the human element and just demanding things all the time. A HN comment has even less of a say in whether a site be taken down.

Humility isn't a sin. How hard can it be to stop at "This site is insecure."?

link
binarycrusader 3750 days ago
So you think it's OK to demand the shutdown of a site, saying it "should be taken down immediately"?

If it's potentially exposing the personal information of others, yes. The fact that the above statement values the hypothetical feelings of a person providing the aforementioned site rather than the personal information potentially exposed by anyone using the site suggests that perhaps priorities have not been evaluated properly.

My statement was simple, short, and to the point. No criticism of its author was made nor intended.

link
zero_iq 3749 days ago
Considering it should only take a matter of minutes to bring it back up with https using Let's Encrypt, yes. The longer its available without security, the larger the window for trouble.

There is no excuse these days for not protecting your users' data. It should be taken down and secured ASAP.

link
binarycrusader 3750 days ago
Engineers have a moral, ethical, and potentially fiscal responsibility to secure the personal data of individuals they are asking for.

It is not demanding or arrogant to require and/or expect secure connections when an organization is requesting personal data.

link
d0vs 3750 days ago
You're right, but this is just the HN crowd for you. I wonder how some people here communicate IRL.
link
Retra 3749 days ago
Probably with more words, less anonymity, and the direct attention of other participants.
link