[requinot59]

> Declining quality of comments? Creeping influence of politics?

It's a fallacious argument in my book. Like comparing apples and oranges.

Say I run a bakery. What I care the most about is the quality of my bread. So much, I spend all my time working on that and only that. So much, I didn't ever bother to have a lock at the door. But it's not even a big deal if someone comes in and poisons one of the bread, as long as the overall quality is increasing!

> SSL is a giant waste of time for Hacker News

Yes, if by "giant" you mean that it takes like 2 hours to set-up, and a small payload for each negociation. But concerning the payload, Arc is not especially fast, so there is room for improvements there to compensate, if needed.

> modulo the fact that people might be crazy enough to use a shared password here.

Not the point, the point is HTTP sniffing.

And anyway, people could use a shared password, making it easier for them (don't overestimate human memory), if HN used (HTTPS and) a "real" password encryption scheme (bcrypt or the like). Why put the burden on the user when you can put it on the computer?

[tptacek]

No, that is an extremely bad idea. Even if they use bcrypt. Bcrypt exists to protect the site owner from calamity, like, "thousands of user passwords posted to Rapidshare". It does very little to protect individual users against the attacker who busts into your server; whether you use bcrypt or not, they still get the contents of every input type=PASSWORD that hits the site.