Tell HN: 6.3% of HN top submissions in plain HTTP, more than half upgradable

栏目: IT技术 · 发布时间: 4年前

内容简介:I was using the HN front page to test a library I was writing when I noticed some links that probably should be HTTPS are in plain HTTP. This piqued my interest a bit so I did a little analysis on how prevalent plain HTTP links are on HN. I probably don't

I was using the HN front page to test a library I was writing when I noticed some links that probably should be HTTPS are in plain HTTP. This piqued my interest a bit so I did a little analysis on how prevalent plain HTTP links are on HN. I probably don't need to rehash the harm of using plain HTTP, even for personal blogs -- they can be snooped, and they can be modified to inject either ads or more sinister payloads. In fact, years ago I once disabled my ad blocker by accident and saw an ISP-injected ad on my personal site; never again, I swore.

The methodology is simple. I gathered all links from https://news.ycombinator.com/front ("past" on the navigation bar) for each day from 2020-01-01 to 2020-07-09. These are the top stories of each day. This is a trivial task and resulted in 17566 links (raw data [0][1][2]). There are <100 duplicates, which I kept. Among these are 1112 plain HTTP links, amounting to ~6.3% out of 17566.

Next I analyzed how many of the 1112 plain HTTP links are available over HTTPS. Methodology:

1. Check if the HTTP version redirects to the HTTPS version; if so, done, otherwise record the HTTP response;

2. Replace http:// with https:// and see if the HTTPS URL works; if so, record the HTTPS response;

3. Compare the HTTP and HTTPS responses. If they're identical, done. If not, compare the length of the responses; if they differ by <=1%, record this as HTTPS response almost identical as HTTP, and assume the HTTPS version works (the page may not use relative URLs or omit the protocol, so the HTTPS response may be subtly different while having the exact same rendered output).

The analysis script is available at [3].

---

To be continued in a comment since I'm hitting the 2000 char limit.


以上所述就是小编给大家介绍的《Tell HN: 6.3% of HN top submissions in plain HTTP, more than half upgradable》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

玻璃笼子

玻璃笼子

[美]尼古拉斯·卡尔 / 杨柳 / 中信出版社 / 2015-11 / 49.00元

这是一本关于自动化的书,它提醒我们自动化对人类的影响,人们心安理得享受技术带来的便利却忽视了,它已经渗透进了生活和工作改变了我们的思维和认知方式。商家在设计程序和应用时,早就把他们的想法埋入了编程和APP中。 卡尔的作品无疑是给我们这个时代灌入了的一剂清醒药。他独特的思考问题角度,犀利甚至略为偏激 的言论再加上丰富的*前沿的科技案例会让人读起来畅快淋漓,且醍醐灌顶,意识到自动化等高科技潜移默......一起来看看 《玻璃笼子》 这本书的介绍吧!

JS 压缩/解压工具
JS 压缩/解压工具

在线压缩/解压 JS 代码

HTML 编码/解码
HTML 编码/解码

HTML 编码/解码

RGB HSV 转换
RGB HSV 转换

RGB HSV 互转工具