SSL good

I has da dedicated server, I fucked up wih ssl many times, it doesnt fucking work. Fuck you ssl, it was never good

This. Ads and trackers rape performance. Installing ublock origin will make your browser noticeably faster. It's a must on older machines

Absolute state of Jow Forums, folks

There is literally no reason for any traffic on the public internet to be unencrypted in 2019.

Based stroke poster

Attached: 1535488427861.jpg (607x608, 44K)

>i'm stupid and incapable, therefore encryption was never good

Why is NPC posting literally the most NPC you can get?

> being able to set up server and web app
> being unable to set up ssl
I still think that encryption fags suck balls

Ublock slows down your browser, if you surf sites without ads (its pretty hard to find one these days whatsoever)

>assuming that setting up a server is hard

>if you surf sites without ads
Which are such a small number of websites they might as well be a statistical error.

Literally how do you fuck it up. Just install certbot and it just walks you through the setup. It takes 2 fucking minutes..

This is like flat earthers but for technology

When I fixed apache, it starts saying something about invalid certificate, I was unable to fix it. Anyways, you don't require ssl if your app doesn't work with user input

Don't be stupid unless you're only on a lan or corporate intranet page your browser is being loaded up with ads and tracking. Simply removing those reduces load times and memory.

If your great webapp doesn't even have a working SSL certificate, user input or not, I refuse to use it. Why? Because if you can't even fucking put in the literally 2 minute effort of setting up a cert you probably put in the same effort into your shit webapp.

That goes for any technology. Also, IE5 users may have troubles with modern SSL

Meta-irony

>IE5 users
What kind of dystopian hellhole do you work in that you still have to support IE5. Like what the actual fuck? And who the fuck cares about literal boomers still using IE5.

Good thing Jow Forums over HTTPS still loads in IE6 if you turn TLS 1.0 on. Only the site itself is utterly broken and won't let you post, no matter if you have a pass or turn JS off.

>IE5
HAHAHAHAHAHAHAHAHHHHAH

>this entire thread
nuke it and put us out of our misery pls hotpockets

Will it ever end?

If you have a website that say, rates brands of cat food, fine, maybe you don't need https, but if its anything involving user input, or politics, or porn... use https

>IE5
Guys, I've just ran out of arguments, it's just my pet project that I can't set up.

It fucking does, not for your "app" security but for your users security. When they download a webpage or anything through raw http, then anybody can replace it with whatever they want. The most obvious example is somebody in your WiFi range can inject arbitrary javascript in the page, and let's say uses spectre or any browser exploit to gain access to your device.
This is worse of course if you start downloading documents or god forbid executable file from your "app".
It seems that people always associate tls with encryption, but it also does authentication which is as important. Encryption is what let you send sensitive data (e.g. Your credit card info) through the Internet. Authentication is what guarantees you that you're talking to the person you think you're talking to. In the case of websites, authentication tells you that the data that you receive from bigblackcocks.com is indeed sent by the guy that owns bigblackcocks.com, and nobody else.
And no, ssl does not make your connection noticeable slower. If you'd take more than 1 minute to check this, you'd see that every benchmark in existence has supported this fact.

It's nice to see that there are still posters who know something about technology

>In the case of websites, authentication tells you that the data that you receive from bigblackcocks.com is indeed sent by the guy that owns bigblackcocks.com, and nobody else.
Unless government or evil hackers force you to use their root certificate which will fuck any of your preciouse https sessions

>using any IE release
>being a wincuck
wew lad

>t. underpaid police investigator

Why let fucking everyone know what cat food I look at? I don't want my ISP to profile me to that degree

ok NSA

>OP: npc's say "blah blah blah"
>ITT: blah blah blah
op is psychic

SSL is great for anything that takes some kind of user input, but all of the retards slapping it on literally everything just to pander to lazy fucks like is quite tiresome. At least implement fallbacks so I can read your shit from my WinXP/2K or SysV Unix boxes.

Literally nobody is doing this obtuse shit to your unimportant ass when they can just socially engineer you into giving them literally anything they want.

SSL is great for any content that you want to be trustworthy. You want the guide you're reading to be un-altered right?

>MITM your DNS
>HTTPS rendered worthless

I don't think anyone is wasting their time, money and effort on MITMing my home internet connection to whichever very specific machine of literally hundreds I own just to feed me fake Stack Overflow answers, altered programming manuals for dead systems or mess with hard science fiction stories I wish I could still read on my C89 dev box. Even if they somehow were, I really don't care, I know and accept those remote risks.

This kind of absurd paranoia from people who claim to know about security is just retarded.

>tfw my web app has ssl
cya later vir/g/ins

Attached: later.jpg (550x550, 28K)

i use http

why is ssl better

Agreed, fuck off SSL shills
n-gate.com/software/2017/07/12/0/

basado y rojo empastillipildorizado

Attached: 1548607237682.png (960x960, 294K)

This image makes no logical sense, it is like its pro and anti-jew at the same time.

No. Fuck (((ads))) then. That's what makes pages load so slowly. Unless you're browsing on a Pentium 2, the difference from SSL being added is miniscule.

Use a non-cucked browser or OS then

imagine being this fucking bluepilled

This, any browser add-on will make the web slower because it needs to parse shit which means delay. However having a VPN/filter or hosts style filter will be much faster but sadly current year web will still try to load a pile of remote fonts, prefetching and tracking junk anyway unless you tediously go through about:config and disable almost everything.

That site forgot the #1 reason for having https: avoiding ISP ad injections. In much of the world, all the ISPs are injecting bullshit ads and numerous other things if you're not connected directly via https.

The reason we have all these shitty things like mandatory SSL is because our access to communications is monopolized and filled with AIDS infecting manipulations to make your use of said communications useless.

If you say so.
Let me guess, you are from the land of Kristina.

>everyone taking the most obvious bait in ages

>Literally nobody is doing this obtuse shit to your unimportant ass
t. someone who never used public Wi-Fi when the majority of websites and services were served unencrypted
scripddies didn't collect your ass because you're important, they collected everyone's because it was fucking easy.

SSL is bad. Use TLS instead.

>implying only important people are targeted
>being this fucking retarded
you shouldn't be allowed near a computer

This. Fucking hell Jow Forums, I thought you were smarter than this.

I purposefully use features not supported by IE 8 (because fuck 'em), nevermind FIVE.

Ascii porn must be really awesome

>t. someone who never used public Wi-Fi when the majority of websites and services were served unencrypted
Absolutely correct. I rarely used public Wi-Fi or did anything important over it when I did because I wasn't an idiot. I still don't.
>scripddies didn't collect your ass because you're important, they collected everyone's because it was fucking easy.
Exactly, which is why it's so stupid to worry about getting MITM'd in your own home or even in a hipster coffee shop because the same amount of effort that could be put into skimming a handful of credential sets could net you hundreds if you directed it towards a social engineering attack instead.
See above. No skiddo is wasting their time trying to MITM your shitposting session to inject a fucking Spectre exploit when they can just get your personal/work email address from a list, pretend to be the IRS and make you fill out a fake tax return form you probably will be too lazy/distracted to check the validity of anyway.

There's no way to protect yourself though, everything is a botnet. You either roll the dice and go bateback or trust sime privacy policy.

you glow in the dark

am i gay if i watch ascii porn over http and someone injects second dick to the traffic?

I believe it was originally porky instead of the Jews but this poster changed it to make it more usable outside of /leftypol/.

>it's so stupid to worry about getting MITM'd in your own home or even in a hipster coffee shop
That's false. Open Wi-Fis at coffee shops were one of the most common places to steal data from users.
Even if you are at home, ISPs have injected ads on unencrypted http requests before:
thenextweb.com/insights/2017/12/11/comcast-continues-to-inject-its-own-code-into-websites-you-visit/
>No skiddo is wasting their time trying to MITM your shitposting session to inject a fucking Spectre exploit when they can just get your personal/work email address from a list, pretend to be the IRS and make you fill out a fake tax return form you probably will be too lazy/distracted to check the validity of anyway
That's false, social engineering takes much more effort compared to sniffing unencrypted traffic.

Okay bro just send me your bank account credentials in plaintext.

>I don't want my ISP to profile me to that degree
sounds like a personal problem bud
find isp that doesn't suck

>he doesn't know about DNS-over-HTTPS or DNS-over-TLS

This thread makes me ill

Attached: 1550537289874.png (297x247, 148K)

>install certiorari
>install bot of the cert
>install botnet

What could possibly go wrong

>>That's false. Open Wi-Fis at coffee shops were one of the most common places to steal data from users.
Sure, but not anymore. Now there are much easier and lucrative ways of stealing data that SSL doesn't do much against.
>Even if you are at home, ISPs have injected ads on unencrypted http requests before:
Never seen this happen with any ISP here.
>That's false, social engineering takes much more effort compared to sniffing unencrypted traffic.
Not really, and it also nets you much more data by sheer volume. There's a reason social engineering constitutes the majority of attacks and high-profile breaches, popping vulnerabilities or sniffing one pissant's unencrypted dog porn surfing session to try to blackmail them isn't worth it anymore.

This site is fucking great. If only they hated themselves enough to do a weekly shitpost review for Jow Forums as well.

>IE5
Just kill yourself already

Retarded bait aside, Let's Encrypt certs shit all over even relatively recent browsers and platforms and lazy developers who just say 'fuck em they should just buy something newer' as an excuse to not implement proper fallbacks are part of the problem with the internet today.

I like my UMPCs just the way they are, I'm not bloating them out with Embedded 7 or a GNU/Linux distribution that doesn't properly support them just so I can regain access a non-interactive plaintext website that never needed to be encrypted in the first place. Same deal for all of my Unix workstations.

Attached: 1551744205178.jpg (300x300, 69K)

unencrypted traffic allows for opera turbo or caching

And you can't inspect encryped telemetry. What a coincidence Google, a telemetry company, pushed the https agenda the hardest :ˆ)