I'm sorry, I wasn't paying attention. Would you mind just putting in a ticket?

Only between Jedi of the same gender. And species.

With the entire 5 minutes I'm willing to look into it, it should be fine as long as the children aren't raised as Jedi.

Can that concern be quantified? Properly implemented (without extra-large DH parameters [no 3072 or 4096 bit params for EDH if your RSA key is 2048 bits], using ECDHE preferentially, and with a sufficient SSL session cache), extra processing should be minimal. Didn't Google quote something like low single digits? 3%? Of course, Google did a lot of work on optimizing their SSL layer, including pushing for higher initial window sizes in linux's tcp stack, and their work on SSL false start even though they later abandoned it.

For organizations that are doing SSL termination on their frontend webservers, it depends on their traffic flow: what percentage of page hits are new vs already established ssl sessions that can hit the cache. Different kinds of sites are going to have different traffic mixes that will affect that cost.

Does Amazon use the google strategy of software SSL termination, or do they use hardware like F5 terminators? Either way, they already have some ssl termination capability, since the secure parts of their website rely on it, so it's only a matter of beefing up existing capability rather than implementing it from zero. They may already have a lot of excess SSL termination capacity that they're not using.

If SSL everywhere always costs a company money, why did Google switch so early? I think there are benefits that at least partially compensate for increased infrastructure costs.

I think it's more likely that embedded resources from non-ssl external pages are blocking SSL deployment. Or Amazon has a bunch of hardcoded http://www.amazon.com links in different parts of their codebase, that have to be tracked down and fixed. Mixed content is what I think is blocking ssl deployment on most sites. Small sites that have switched to SSL-everywhere often haven't spent the time to do it right, and whether because their software has hardcoded http embedded links, or they're linking content from other sites, mixed content warnings are common. (Protip: //domain/path [without the initial http or https] is a protocol-relative link, if you need to link to a different host but keep the protocol the same)

Low single digit could easily be viewed as significant. Given this scenario, it would be easy to guess google wasn't basing their decision entirely off cost. You'd have no real idea in either case unless you were involved in the decision making.

We all know what's said about correlation and causation.   Of course, it applies on the flip side of the argument as well.   My experience (including pharmahuasca, smoked dmt and 5meo-dmt, and so much more) is hallucinogens just hold up a magnifying glass to what's already there.

> who could imagine it's dangerous?

My point of view could be skewed by prior knowledge, but I can still see asking some questions before sticking auto-luminescent material in my mouth.

So, I'm the first to say that it's sketchy at best, but... A quick google of "156.33.241.5" comes up with http://www.verifyphone.com/phone-lookup-reviews/xxx-xxx-xxxx. This lists the phone number as having been looked up by that ip address. A search of the owner's name is quickly associated with what seems to be a relative's name who happens to be a congressional page (http://www.legistorm.com/person/bio/xxxxxx/xxxxxxxxxxxxxxx.h...). Pretty easy to see from there which office she works for. My question is... is it cool here to post details? Google it yourself if not.

Right! Isn't this "Hacker" News? I personally am offended that I didn't have to recompile to change my dns servers.