The website serves JS and does not serve it over https, and discusses Spectre bug and how to patch it. I know he is the second most important guy on linux, but the irony.
And you probably know much better than the second most important guy on linux what security means on the Internet: securing some javascript script on a random blog.
It's not about that guy's blog. This causes desensitization to non-HTTPS traffic and when people then actually visit non-HTTPS malicious blog, they get infected. If all "trusted" websites were HTTPS, then whenever there was untrusted access, people will notice it and raise alarm.
I get the irony, but if you could magically visualize the entire internet security threat matrix, this would fall so far down the list and his other work is so high in terms of impact, that it would absolutely no sense for him to take even one minute away from his other activities to address this.
Yes, hence my question. I have tried to setup a HTTPS service and it seems incredibly complicated if you have your own domain name. Even with lets encrypt, if you are using github pages for hosting but your own custom domain, you are out of luck. The point is not that he is not serious about security, point is, it is too hard to get normal security correct. And I am not talking about "cryptography is hard". I am talking about tools which should be easy and standardized. Those are hard.