[hnolable]

I guess they didn't mark their cookies as 'Secure'. Oh well, the real story here is an app.net link at #1 on HN.

[coderrr]

Looks like app.net isn't perfect either. Their HSTS isn't implemented correctly. Only 'alpha.app.net' and 'join.app.net' are protected while 'app.net' is not. They fell into one of the common pitfalls with their http->https redirects: http://coderrr.wordpress.com/2010/12/27/canonical-redirect-p... You can verify this at: chrome://net-internals/#hsts

[chollida1]

> Oh well, the real story here is an app.net link at #1 on HN.

I can't tell if this is sarcasm or a serious comment. Could you elaborate on this comment? I don't get why a link by app.net would be news worthy.

[hnolable]

My understanding is app.net is trying to be a paid version of twitter. There was/is much debate whether it could ever take off. This is the first time I've ever seen someone link to it. Although now I realize that the link is to the app.net cofounder so that doesn't really say much.

[millzlane]

OP works there according to his twitter feed.

[heroic]

I guess because it's not twitter!

[asdfaoeu]

> Oh well, the real story here is an app.net link at #1 on HN.

Looks like the app.net post was by a founder so I would take that with a grain of salt.

Edit: While I'm at it according to https://twitter.com/mikegreenspan , the submitter also works at app.net.