This page dates from before kermitproject.org was converted to HTTPS in February 2021.
[The Kermit Project]
[The New Deal in New York City]
[The History of Computing at Columbia University]
Plus all other sites and pages linked to from my personal website.
Starting about 2015, popular browsers like Chrome and Firefox started to warn people that unencrypted websites such as this one were "insecure" by crossing out the padlock icon or simply putting "Not secure" in the address bar.
Is this website insecure? No. Is it dangerous to use? No. Not only is it not dangerous to use, it is infinitely less dangerous to use than almost any other website because when you visit a page here, that's all you're doing: looking at one single page. Watch the progress bar on the bottom of your browser when you visit a mass-market website like cnn.com: you'll see dozens or hundreds of addresses flash by of unknown stuff it is loading into your computer. Who knows what all of that is! And then, while "browsing" the page you wanted to look at, myriad unwanted ads and promotions pop up to obstruct your view, forcing you to try to click them away, and WHO KNOWS WHAT HAPPENS when you do that. This is 99.9999% of the Web in 2020, a gigantic money-making scheme based on getting and selling information about every single thing you do and look at.
This website doesn't do any of that. When you visit a page here, you'll see only ONE address in the progress bar: the address of the page you visited (perhaps redirected, but that's another topic).
This site that you are looking at is, by contrast, a READ-ONLY website. In the early days of the Web, most websites were like this one: information you could read, exactly like books in a library, and images you could see. One-way-traffic. Read-only websites are no more dangerous than books. Here, for example, is the very first website, made by Tim Berners Lee, inventor of the World Wide Web, on August 6, 1991;
If you visit it in Chrome, you will appreciate the irony of the father of the Internet being admonished by Google, a company that owes its existence to his work and that has made around a trillion dollars from it.
You can assure yourself of the security of any page on this site by looking at its source code, which in most browsers is accomplished with Ctrl-U or menu View→source. All pages on my sites are created by hand with the express goal of legibility for human readers who, when they look at the source code in the future when HTML is long forgotten, can still read them as if they were a plain-text files, with most lines less than 80 characters long so they fit on a terminal screen or a printed page. Compare with (say) cnn.com, where "view souce" doesn't show any "content" at all, just program code, and the lines of code can be extremely wide (for example, in the page I looked at just now, one line was 18,773 characters long). There's no way you can tell if a page like that is secure by looking at its source code. Yes, it might be "secure" in the sense that the connection is encrypted, but what is all that code doing on your computer???
But before long, the Internet turned from a big library into a shopping mall where everybody orders products online, and to do that the vendors had to obtain your identity and credit-card information as part of the ordering process. Since the architecture of the Internet potentially allows anybody to spy on the traffic of anybody else, your payment information had to be encrypted so lurkers couldn't capture it. Eventually, all E-commerce sites had adopted end-to-end encryption protocols between the Web browser on the user end, and the Web server at the Internet host.
That doesn't solve the problem once and for all, though, because any code can be cracked, and there are millions of people working full-time to crack whatever the current code is, and eventually they succeed. So Internet security has become a big and ongoing business, which has to be paid for. If I want to have a secure E-commerce site so I can make money, I have buy security services on top of the basic web services: an HTTPS address instead of the original HTTP: — OK, fair enough.
But if I am not trying to sell anything, and I never attempt to solicit or capture information from visitors, I don't need the security services, any more than books need to be encrypted.
But that means I'm not paying money to a security company every so often to maintain my "security certificate". So now, the makers of some Web browsers have decided to coerce all websites to be secure even when they are read-only and don't need to be. This is understandable in Chrome, for example, because it's from Google and its only purpose is to generate revenue. So Chrome pioneered in scaring Web users every time they visited a read-only website, to blackmail the authors of those sites into making periodic payments to remove the scary warning that visitors see. Probably browser makers like Google get "rewards" from the security companies for adding this feature.
Not fair enough! Consider the consequences:
A better approach would have been for the Internet itself to incorporate security in its basic structure, as part of the TCP/IP definition, so that all end-to-end connections would be secure automatically. This should have happened decades ago, when it first became evident that the Internet was becoming a playground for hackers, criminals, and spies. Instead, elaborate security protocols were developed for use at the application level, forcing every single software maker to implement them in each software product that made or accepted Internet connections: Web browsers, Web servers, Telnet and FTP clients and Servers, terminal emulators, email clients and servers, distributed file systems, chat programs, instant messaging, telephony, programming languages, voting machines, home security systems, cell phone apps, and on and on. Every time a flaw in the security protocols is discovered, all of these applications have to be "updated". Something that tends not to happen, leaving increasing numbers of individuals, companies, and institutions vulnerable to attack.
In an ideal world, there would be a place to store this information and keep it accessible "forever". The US Library of Congress recognizes the problem and is trying, in a small way, to do something about it; see this page. But one single organization with a limited budget and small staff can't possibly fill this role. By "going digital", humanity has literally thrown its heritage to the four winds. I should also mention the Internet Archive at https://archive.org, a massive and truly noble effort to preserve snapshots of Internet content over time, but it is not a basic service of the Internet itself, but rather a volunteer effort supported by partnerships, grants, donations, and fund-raising drives, meaning it could disappear at any moment; read more about the Internet Archive here.