I’ve been doing a variety of things pertaining to web security in recent weeks
and one thing that’s been gnawing at my brain is the fact that my blog could
still only use insecure http:// because of GitHub Pages. My blog’s
content was using GitHub Pages for its serving and gh-pages really hasn’t
been seeing a lot of love - that I know of - since its inception a few years
back, especially since the development of concepts like Let’s Encrypt with
free SSL certs for the web.
My recent work has involved copying files from a remote host, only
accessible via a hop, back to my local computer. This has been simple in
the past as the remote host has been able to connect to the local
computer and SCP files directly, on account of the firewall allowing
this. Recently, the firewall against the local computer has been
reconfigured for security and direct connection is no longer possible. I
could pass my files through a 3rd-party that both the remote and local
machines can get to, but let’s say I don’t have one.