[bullen]

They are those that disable HTTP.

Like it was not enough to make HTTPS default, they need to eradicate the opposition.

The list is too long to enumerate but they all have one thing in common; they profit from root certificates.

The web is not faster, it's bloated. It's only open if you can understand it and implement it.

HTTP/1.1 is the fastest, most open, web you'll ever have; because it is small.

[knorker]

> They are those that disable HTTP.

Who's disabling HTTP?

> Like it was not enough to make HTTPS default, they need to eradicate the opposition.

I think you need to elaborate your world view by many paragraphs before I can understand what you're trying to say.

You're against HTTPS? Plain TLS wrapping HTTP?

> they profit from root certificates.

The (web) root certificate industry has never been weaker than it is today, thanks to free root CAs like LetsEncrypt.

> HTTP/1.1 is the fastest, most open, web you'll ever have; because it is small.

So run it. Nobody's stopping you. I won't. Aside from firesheep, the fact that you thanks to Snowden we no longer have to be called a conspiracy theorist to believe in Echelon, and with all the webpage ad and bitcoin mining injectors, or just plain DPI middleboxes, I don't think HTTP is a reasonable default.

Google used to provide "Conncetion: Close" (with the typo), to work around middle boxes that did shenanigans to headers, but luckily only compared some bad checksum of the header, not string comparison.

HTTP/1.1 is open and simple, sure, but it's also being interfered with on a massive scale. Companies out there are selling ad injector boxes to ISPs. They only work on HTTP. You don't have ads on your blog? Well, you do now, for the visitors from some ISPs.

Now HTTP/2 and HTTP/3, I see more of your point. Encryption is just table stakes to get a working website, at this point, but nobody's obligated to race to eliminate every RTT. Plain HTTPS is fine.

CSS sprites is still (last I checked) a bit faster than individual resources over HTTP/2 or 3. But if I'm making a photo album showing 50 thumbnails at once, then I'm unlikely to use plain simple HTTPS with individual resources. I'd at least have to choose between CSS sprites or HTTP/2/3. It would just make for a poor user experience otherwise. And if you're not making a website for your users, then what is it for?

[bullen]

All major browsers have now removed HTTP available as default = you need to change a setting to even be able to access a HTTP url.

Anti-virus software blocks native apps that try to connect on port 80 and you cannot make them open the port even if the setting is available.

I will always use HTTP/1.1 on port 80 but my customers wont be able to connect even if they try, my only option is to tell them to uninstall their anti-virus and hope that works.

To force a certificate that is gate kept by root-certificates and forces you to identify yourself is the largest censorship humanity has had so far: It protects the consumer from those that don't have a root-cert., but hurts a producer that is not complying with the authority.

And HTTP/2 & 3 tries to insert the cert. as a base function meaning you wont even be able to connect without it.

Pseudonymity was always the most important feature of the internet.

Watch them come after TCP and UDP soon: They will say that to use unencrypted protocols you need a license from your government.

[knorker]

> you need to change a setting to even be able to access a HTTP url.

No. http://captive.apple.com seems to load just fine for me.

> I will always use HTTP/1.1 on port 80 but my customers wont be able to connect even if they try, my only option is to tell them to uninstall their anti-virus and hope that works.

Because of infrastructure malware like ad injectors at ISPs, it's probably in your customers best interests to use HTTPS.

Hell, it's better to use HTTPS with a self signed cert than HTTP.

> hurts a producer that is not complying with the authority.

There's always the risk of a conspiracy of vendors deplatforming someone. That's true. I'd be more worried about your ISPs or electricity companies unilaterally shutting off your service.

If you see Letsencrypt going all political, like Patreon, and kicking off people with the wrong views, then yeah we have a problem.

> They will say that to use unencrypted protocols you need a license from your government.

Haha, the wind is blowing the other way, buddy.

[bullen]

It loads fine because you enabled it.

[knorker]

Default chrome. I'm not even aware of the option you mention.

[bullen]

Does http://rupy.se work?