You are viewing a single thread.
View all comments
47 points

Website: coding2learn

http site only

Lmao

permalink
report
reply
10 points

I giggled at that too, especially when combined with the blogger’s quote “Ask them what https means and why it is important and they’ll look at you as if you’re speaking Klingon.”

permalink
report
parent
reply
-25 points

Well, your comment just shows your tech illiteracy. https is useless when you don’t need to deal with sensitive data.

permalink
report
parent
reply
30 points
*

It’s definitely not the case that it’s useless. A MITM can embed malware into the page it returns if you aren’t being served over HTTPS. It’s not just about snooping on sensitive data going one or both ways, it’s about being sure that what you’re receiving is from who you actually think you’re receiving it from.

(Edit to add:) I actually went to look at some of the rest of the site and it confirms what I suspected: not using HTTPS here puts the reader at risk. Because this website provides code snippets and command line snippets that the user is to run, by not presenting it over HTTPS, it becomes susceptible to malicious MITM editing of the content.

For example, this line on the site:

  1. Install Homebrew (ruby -e “$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)”)

Could be intercepted, since it’s not being served HTTPS, and be replaced with utf-8 lookalike characters that really downloads and runs a malicious ruby script! Even easier, perhaps, they could just insert an item into the bulleted list that has the user run a malicious command.

HTTPS is not just for security of personal or private information. It is also for verifiable authenticity and security in contexts like this.

permalink
report
parent
reply
8 points

Yeah, it’s also easy enough to set up that a coding website not doing it is almost embarrassing.

permalink
report
parent
reply

Technology

!technology@lemmy.ml

Create post

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

Community stats

  • 3.2K

    Monthly active users

  • 2.9K

    Posts

  • 45K

    Comments

Community moderators