Erez Schatz

Authored Comments

Strike one: A programming language pitch that includes zero code examples.
Strike two: zero code examples on the homepage, the "discover" page, all the way down to the FAQ, actually.
Strike three: But it *does* have a Code of Conduct, which tags along nicely with all the "safeties" resulting in something that sounds too much like a corporate-friendly-bondage-and-discipline language (http://catb.org/jargon/html/B/bondage-and-discipline-language.html).

My immediate question is "Why?"
HTTPS isn't a magic solution, it won't prevent your service provider from being hacked, and if a hacker gets their hand on the server's data, HTTPS won't prevent them from abusing it.

"As a scholar, I am concerned with content integrity."

HTTPS won't help you with that.

"Given how often passwords are reused, HTTP-based published pages threaten the security credentials of people visiting scholarly publishers' websites."

Again, if someone compromises a server where your credentials are stored unsecurely, HTTPS won't help you there. And reusing your password is a recipe for failure. Don't demand others to save you from your own faulty practices.

"Publishers that take a negligent or dismissive position to the situation belittle the security of users and their role in accurate content presentation"

That's true regardless of HTTPS. Twitter uses HTTPS. Didn't help them much protecting their millions of users' password, did it?

HTTPS isn't a magic formula for instant security. Running an HTTPS witchhunt will only result in creating a false sense of security, and also mis-represent sites that have failed to comply but have an overall excellent security models.