Great question. People answered already, but, yeah, basically what they said.
For hobby sites, you could argue (I think the argument is still weak), about the MITM threat being low enough to not be worth doing something, but this is a security blog.
Security blogs matter, because people follow their guidance. This makes them a potentially attractive target for some groups of people.
It is a valid thing to point out, when implementing https on gkh's site would take all of 15 minutes to set up (let's encrypt or cloudflare or whatever you wish).
Things should be https by default these days. There's zero downside anymore.
cogman10|1 month ago
ryanisnan|1 month ago
For hobby sites, you could argue (I think the argument is still weak), about the MITM threat being low enough to not be worth doing something, but this is a security blog.
Security blogs matter, because people follow their guidance. This makes them a potentially attractive target for some groups of people.
fordsmith|1 month ago
Alupis|1 month ago
Things should be https by default these days. There's zero downside anymore.
bqmjjx0kac|1 month ago