Seems unusual for someone as high profile in tech as him to not serve his site with an SSL cert. Is this just laziness? Since it's just a basic content site, I suppose it doesn't matter?
You're not submitting data to him, so no benefit to protect you there.<p>There is a risk downloading the text. Does it warrant a signature? I don't think so.<p>When you hand out candy on Halloween you could include a digital signature with each piece you hand out. People receiving the candy would have more confidence it came from you, and not a bad guy wearing a mask, sitting on your front porch impersonating you.<p>Does everything need signatures? The stakes of accepting candy are much higher simple raw text.
My company spent precious developer hours this week 'fixing' old intranet websites that recently started giving Chrome 'insecure' warnings on internal links. HTTP is definitely not a risk in this scenario. And PG's website is not a risk either.<p>Google's war on http is misguided, dumb, and wasteful.
It is a feature. As a frequent user, I would rather have it on plain HTTP as well. Aside from the performance benefit, it also helps if people monitoring my internet traffic (my ISP, NSA, Putin, Zuck etc.) reads Paul Graham and they may get enlightened. May not seem much but it is actually one of the few steps humanity is taking towards world peace.
53 days ago
<a href="https://news.ycombinator.com/item?id=24676257" rel="nofollow">https://news.ycombinator.com/item?id=24676257</a>
While being satire, this page makes some good arguments - <a href="http://n-gate.com/software/2017/07/12/" rel="nofollow">http://n-gate.com/software/2017/07/12/</a>. You will need to copy the link and paste it into a new tab, as it blocks HN refers.