[voidfunc]

MITM attack on a read-only text webpage... okay.

More annoying is the slightly shiny/shaded text that is supposed to highlight something. Who chose this style palette?

[Aesthetikx]

Haha this is my blog -- its pretty new. I agree it's readability is less than ideal -- going to change it at some point. HTTPS as well probably at some point. Its been an experiment for me doing everything by hand. The entire blog is a large single Rakefile using Markaby :)

[lentil_soup]

for what is worth, I actually liked the shaded links, they made me smile :)

[zzo38computer]

Even just disabling CSS makes it readable. For HTTPS, I think that (like someone else mentioned) it should be made optional (at least for read-only access to public files) rather than mandatory.

[himata4113]

check out certbot + install certbot renew into crontab. Get the python3 variant the "native" package is outdated and removed from newer systems.

[foobiekr]

It’s html. Which is code that your browser executes.

Millions of routers are compromised. BGP attacks happen. Anything http stands out as an interesting target for injection.

This position is foolish. It’s not a major ask to enable https.

[pavon]

For a random blog you have never visited before and have no reason to trust. It could attempt to do all the malicious things that you are worried a man in the middle would do.

[themafia]

The browser still has to execute code over HTTPS. You've just moved the injection perimeter from inside my own network into the providers website. I don't think you've fundamentally changed your level of risk unless you spend a huge amount of time browsing on shared password WPA protected wifi networks.

You cannot browse to sites under any regime and execute code while expecting security to exist.

[toast0]

> BGP attacks happen.

If you control the IP a domain name points to, you can get a certificate issued. Https might help on a small BGP takeover, but it might very well not.