If you are interested in contributing to cloud.gov check out all our open source repos: https://docs.cloud.gov/ops/repos/

It would make sense to add HTTPS to your website if you are promoting security and privacy....

Why, the only thing I see on the page that could be compromised is the mailto: link.

Compromising a page doesn't necessarily have to alter existing content. It would be easy to add a "Download Preview Build" link pointing to a trojan, add links to a fake kickstarter, etc.

Yes, a MITM can do that.

And could still do the exact same thing if they had TLS: get the page, add crap, and serve the result (albeit without TLS).

You know, I've never really realized that before. It's actually a pretty huge security hole for average users, no? There should be a way to explicitly forbid non-encrypted connections on a DNS level.

That's roughly the purpose of HSTS, but you need to have visited the site at least once first (or in the case of popular sites, HSTS status of a site is shipped with the browser.)

People who are encountering this for the first time might want to look at

http://www.thoughtcrime.org/software/sslstrip/

for some of the motivation!

A technical user could reasonably be expected to look for https before downloading 'preview build' or something equally payload-ey.

Then sigh and download PuTTY anyway...

It's information leakage at its finest.

HTTPS still leaks the domain name, so that wouldn't help too much. (Unless you meant some other information?)

I have been working on adding other countries as well but right now it is US only, the new importer would let us bring code from many more orgs...

CFPB, Remote or D.C. - Back-end, Front-End, Designers and UX

The Consumer Financial Protection Bureau is hiring technology specialists to join the team for a 2 year term.

The fellowship is a unique opportunity for developers and designers to join a government agency and help it develop new tools for the public.

Regarding tech you will use a combination of Python, Javascript, HTML/CSS, Clojure and other tools so polyglots are welcome.

To apply find the position that best suits you here: http://www.consumerfinance.gov/jobs/technology-innovation-fe...

The project is open source, you can submit an issue (or a PR) here: https://github.com/gsa/data.gov

Why do brands keep pushing traffic to the Facebook/Twitter pages instead of their own pages? They should create dynamic interesting content on their main pages and use social media to push traffic towards it instead of using social media as a goal.

Ownership of your following is really important and at the end of the day the only way to do that is to have a proper standalone website.

Why do people rob banks? Because that's where the money is. Facebook and Twitter are where the people are.

This strategy has been tried way too many times before. It never worked and you can tell it is the beginning of a new debacle.

Stuff like this makes me glad that I left the country.

The video alone looks cool enough to share...

With this kind of move alternatives are going to start to pop up and HTML5 gaming is going to start to pick up.

Adobe seems pretty desperate here.

It looks like 98% of the web is infringing some of these patents.