I think it's time we made everything on code4lib.org use HTTPS by default and redirect people to HTTPS from HTTP when needed. (Right now there's an outdated self-signed SSL certificate on the site, so someone took a stab at this earlier, but it's time to do it right.) StartCom gives free SSL certs [0], and there are lots of places that sell them for prices that seem to run over $100 per year (which seems ridiculous to me, but maybe there's a good reason). I don't know which is the best way to get a cert for a site like this, but if people agree this is the right thing to do, perhaps someone with some expertise could work with the Oregon State hosts? More broadly, I think everyone should be using HTTPS everywhere (and HTTPS Everywhere, the browser extension). Are any of you implementing HTTPS on your institution's sites, and moving to it as default? It's one of those slightly finicky things that on the surface isn't necessary (why bother with a library's opening hours or address?) but deeper down is, because everyone should be able to browse the web without being monitored. Bill [0] https://cert.startcom.org/ -- William Denton Toronto, Canada http://www.miskatonic.org/