I'd guess someone who wants to be seen as a trustworthy expert wouldn't want modern browsers to show a big "This website is insecure" landing page before people see their website.
I guess this would filter non-technical people, but Let's Encrypt existence has made any argument against web certificates moot. There's no sensible reason not to.
How many times must this question be answered? TLS is a requirement because otherwise nodes between your device and the server can easily modify the HTTP requests and responses to inject malicious code. Your traffic is also trivially tracked.
Because it's a security liability not to have it enabled, so if he's going to complain about others security problems, the least he could do is put his metaphorical pants on first. He could be forgiven for not having it locked down to an few specialist cyphers he personally believes are resilient to attack, but to not even have it enabled is on the level of not putting your pants on before leaving the house.
Yes and no. It's more like flossing than wearing a seatbelt. The html tags won't fall out if you use http:// over port 80. It's not nice to end users in that it permits eavesdropping and content modification of website traffic in the clear by anyone in the network path. The assumption of http:// is that "pamphlets for the public" don't require privacy, confidentiality, and nonrepudiation for other users such as downloading software sources &| binaries or exchanging secret PII. The post-Snowden/-PRISM world opted to deploy https:// ubiquitously as both a virtue signal and technical defense to various problems inherent to using port 80.
Why does it not need verification? 3rd parties can a) replace the real content with lies, or more likely, b) inject it with 3rd-party ads. (this is not theoretical! *) c) inject crypto-mining/other malicious javascript into it. Outside of that though, d) Other people can see what you're looking at. Even if you don't take privacy seriously, you can at least understand that some people do, and would like their viewing habits to remain private.
John Gilmore's done more for the Internet than I ever could. I'm sure he's got a deeply philosophical, if not cogent reason for why http://www.toad.com/gnu/ is served over HTTP, but more than that, he's John Gilmore and his work speaks for itself. Dick Morrell, aka CloudGuy has no such chops. He's name dropped three unrelated government agencies and a car maker as a reason that his (dubious) claims should be respected, but, well, he's no John Gilmore.
There are dozens upon dozens of companies doing exactly this sort of service for AWS. And they all use the describe API calls requiring IAM permissions.
I definitely understand that Cloudflare Workers are likely to be unsatisfying as a Lambda replacement for people who want to use a language like Python.
I think there is a decent reason why Cloudflare, at least initially, went the route that it did. V8 Isolates allow them to run code from many different people without many of the cold-start, memory, and performance issues of offering a more full environment. V8 Isolates allow them to be a lot more efficient than something like Lambda. It does come with the cost of being more limited for things like language support.
I think it's a pretty good bet. Lots of people are comfortable with JavaScript/TypeScript (even if you or I don't love it) and WebAssembly is likely to become a decently supported compilation target over the next 5 years from a lot more languages. Microsoft has done a lot for C#/.NET support of WebAssembly and it should be quite good with .NET 6 coming in 2 months. Python, Go, and many other languages have at least some support for WebAssembly and it seems like that will only get better over time.
I definitely understand it being a turn-off. If you haven't read their post introducing them, I'd read it: https://blog.cloudflare.com/cloud-computing-without-containe.... It doesn't solve your problem, but I think it's a good read on why they made that trade-off.
I have a 3/8" dough joe baking steel slab and even preheating it to 550 for an hour in a "regular" oven never turns out as good as my Roccbox was capable of. I can never get my crust and cheese to match in baking times at 550 degrees. Either the crust isn't cooked enough for my liking or I end up cooking the cheese more than I'd prefer. The only times I've been able to make perfect pizza with my baking steel is when I used it in a friend's professional kitchen with an industrial convection oven that could go up to I think 700 degrees.
It's amazing. Get it if you're interested in this topic.