Hi,
I would prefer https to be the default by redirect for visits to
hackerpublicradio.org or www.hackerpublicradio.org.
For those who just want http you could have
idontcareaboutsecurity.hackerpublicradio.org.
That way everyone would have what they want.
--Mad
On 16/12/2021, Ken Fallon wrote:
> Hi Chris,
>
> > I concur with Jon and other people that the advantages of the use of
> HTTPS far outweigh the disadvantages
>
> Yes and if this was about having a HTTPS site you would have a point.
>
> Let's review what everyone said.
>
> Jon's email has 2 points,
>
> > 1. Better SEO (not sure whether that's a thing that HPR will care
> *that* much about?)
> > 2. Reducing the risk of your ISP/Law Enforcement Community/Malicious
> nare-do-well being able to man-in-the-middle a connection between you
> (the browser/listener) and the web server, and inject content without
> there being some sort of obvious injection.
>
> Both are covered by the fact we have a HTTPS site in place. Just to make
> clear what I said before, if there are any cases when you are browsing
> the HTTPS site and you are getting HTTP content then that is a bug which
> we will fix.
>
> Kevin pointed out that if he goes to the http version of a site his
> "https everywhere" extension will send him to the https version.
>
> Jon pointed out that that extension has been dropped and linked to the
> EFF page which says "Now that world is closer than ever, with mainstream
> browsers offering native support for an HTTPS-only mode."
>
> >
> https://developers.google.com/search/blog/2014/08/https-as-ranking-signal
>
> > And that goes back seven years.
>
> Back in 2014 we got a lot of emails from Google about moving to HTTPS.
> Which we did, and issues they found, which we fixed. We still get
> regular emails whenever there is anything that the self appointed rulers
> of the Internet feel would hamper our SEO there.
>
> So let's be clear what you are suggesting is that we remove the option
> of having a http site on port 80 and force everyone to the https site on
> 443.
>
> That will prevent claudio "vintage" computers from accessing the site
> easily. It will also prevent low cost IOT devices like the ESP32's from
> connecting to the site. They should all be using https as well but to
> get the initial connection there is the http option available.
>
> So given that Google have no issues with our current situation, and that
> the EFF are happy as browsers will automatically redirect to the HTTPS
> version, and that it will make life harder for hackers, I still see no
> argument for turning off http.
>
> Again what am I missing ?
>
> --
> Regards,
>
> Ken Fallon (PA7KEN,G5KEN)
> https://kenfallon.com
> https://hackerpublicradio.org/hosts/ken_fallon
>
>
> On 2021-12-16 07:28, Christoph wrote:
>> https://developers.google.com/search/blog/2014/08/https-as-ranking-signal
>>
>> And that goes back seven years.
>>
>> It's safe to assume that search engines like Google nowadays put more
>> and more emphasis on HTTPS vs. HTTP for the reasons mentioned. I
>> concur with Jon and other people that the advantages of the use of
>> HTTPS far outweigh the disadvantages - that's precisely the reason why
>> top-ranking sites have moved to a HTTPS-only approach
>> long ago.
>>
>> So if we are serious about the episodes being found on search engine
>> result pages and thus improving HPR's popularity in general, I propose
>> putting a 301 in place.
>>
>> Cheers, Chris
>>
>> ___
>> Hpr mailing list
>> Hpr@hackerpublicradio.org
>> http://hackerpublicradio.org/mailman/listinfo/hpr_hackerpublicradio.org
>
___
Hpr mailing list
Hpr@hackerpublicradio.org
http://hackerpublicradio.org/mailman/listinfo/hpr_hackerpublicradio.org
