Given, however, that many founders and tech journalists use the site, a compromised account could be used to severely damage a startup's credibility. All it would take would be a few posts on HN before a funding round that called into question the founder's ethics, skill, or common sense, and someone from TechCrunch to pick up on it. It could cause sufficient uncertainty, if properly timed, to make potential investors stay away. That, in turn, could spell big trouble for a company.
Granted, that scenario may seem far-fetched, but it's not unreasonable to suppose that some unscrupulous person might have motive to do something of the sort. Rather than deal with the fallout if it does occur, why not simply allow people the option of having a secure login? If they choose not to use it, that's their prerogative.
Exactly. Take a tour of the SF and Mountain View coffee-shops which offer free wifi with a laptop to sniff traffic. Isn't there a not-negligeable chance you might recolt some HN cookies from "interesting" accounts? Once you get them, it's just a matter of imagination before causing some harm.
HN is not the small and unfamous news site it was 2 years ago anymore.
And not just interesting like a high-profile person, but interesting like a YC founder who is a moderator. It's possible that PG has instructed mods not to log in over public connections, but I bet they occasionally do it.
And how much damage could a hacked moderator account do to the site? This whole conversation seems like a symptom of taking this site way too seriously. The community is very valuable and even important. The site is just an artifact of it.
As evidence for my point of view (and, you can say "you're welcome" if my brinkmanship with this sentence is paid off by Graham promptly enabling SSL, which he could easily do in the process of fixing the far-more-important bug of this site not being served through a front-end proxy), note that next week SSL will in all likelihood not have SSL enabled. That request --- provide SSL --- has been outstanding forever. Does Graham also share my cavalier attitude towards the site?
But remember that this is also the YC application system. A lot of alumni help read apps, probably just by getting a permission added to their account. So a lucky firesheep-er can probably read every application to YC. And mess up people's applications (if they get the account of an applicant before the deadline). And may reject people/delete apps if they were to get, say, pg's or harj's account.
And possibly other stuff. I don't know what all YC uses it for, but I get the impression that they continue to use it for various things (signing up for office hours?), some of which may be sensitive, once teams are accepted.
I addressed this point in another comment. Briefly: my advice regarding that fact would not be to improve HN's security; it would be to get the YC functionality off HN, stat. HN is way more a target than YC's stuff ever will be. Most of the people who will take a run at this site don't even know what YC is.
> Declining quality of comments? Creeping influence of politics?
It's a fallacious argument in my book. Like comparing apples and oranges.
Say I run a bakery. What I care the most about is the quality of
my bread. So much, I spend all my time working on that and only that.
So much, I didn't ever bother to have a lock at the door. But it's
not even a big deal if someone comes in and poisons one of the bread, as long
as the overall quality is increasing!
> SSL is a giant waste of time for Hacker News
Yes, if by "giant" you mean that it takes like 2 hours to set-up, and a small payload for each
negociation. But concerning the payload, Arc is not especially fast,
so there is room for improvements there to compensate, if needed.
> modulo the fact that people might be crazy enough to use a shared password here.
Not the point, the point is HTTP sniffing.
And anyway, people could use a shared password, making it easier for them (don't overestimate
human memory), if HN used (HTTPS and) a "real" password encryption scheme (bcrypt or the like). Why put the burden on the user when you can put it on the computer?
No, that is an extremely bad idea. Even if they use bcrypt. Bcrypt exists to protect the site owner from calamity, like, "thousands of user passwords posted to Rapidshare". It does very little to protect individual users against the attacker who busts into your server; whether you use bcrypt or not, they still get the contents of every input type=PASSWORD that hits the site.
If this was a real product, this would clearly not be my advice. But it's not. It's just HN. The worst case to an attack here is not all that bad.
There's some goofy YC stuff that happens through this site. If asked, my advice regarding security and YC would not be "make HN more secure so the YC stuff is safer". It would be "get the YC stuff the hell off HN."
Granted, that scenario may seem far-fetched, but it's not unreasonable to suppose that some unscrupulous person might have motive to do something of the sort. Rather than deal with the fallout if it does occur, why not simply allow people the option of having a secure login? If they choose not to use it, that's their prerogative.