search

fchollet / keras-blog

Blog with Keras news, tutorials, and demos.
133 stars 58 forks source link

Use HTTPS not protocol-agnostic URLs in RSS feed #17

Open bittlingmayer opened 6 years ago

bittlingmayer commented 6 years ago

Currently the feed at https://blog.keras.io/feeds/all.rss.xml has links like this:

<link>
//blog.keras.io/user-experience-design-for-apis.html
</link>

However some platforms (like Slack, and various email clients, and some versions of some mobile browsers) do not handle these links as links.

Therefore, given that the site is on HTTPS, it would be more robust to simply use the full URL with protocol (https:) included.

<link>
https://blog.keras.io/user-experience-design-for-apis.html
</link>

See also: https://github.com/getpelican/pelican/issues/1532

danuker commented 3 years ago

Some of my readers use HTTP. Why? HTTPS gives you a false sense of security. They prefer not to be lied to, and do their own security (through things like critical thinking and GPG).

Anyone with access to a root CA can impersonate any other website. Your browser does not even check for duplicate certificates. This was exploited by Lenovo's Superfish. When have you last looked through your browser's trust chain?

In addition, my featurephone comes with ancient certificate authorities (most of them are expired). I can not visit any modern HTTPS sites with it. This is an accessibility issue.

I think the bugs are with the aforementioned platforms (only Slack is a concrete one) for not implementing //.