That would mean putting effort ("working hard") at understanding something outside one's own thought bubble.

PG's essays are exercises in narcissism and confirmation bias: they're the last place to go to for the kind of wisdom you suggest.

Admittedly I'm a puzzled by the quality-level of these posts.

A lot of stuff, like the lack of formatting and HTTPS, give off an antique feel, almost like a signal that they're not meant to be taken seriously. Ditto for the over-the-top arrogant tone and relatively sparse content.

I might be off-base on this, but I sometimes wonder if these articles aren't like a honey-pot for non-serious YCombinator applicants. Like maybe people who resonate with these articles are flagged as non-serious applicants, to better focus the pool? Maybe we're all looking a little silly for commenting here at all, rather than moving on with our days and being more productive?

All the things you noted aren’t substantive arguments against the essay, in my view.

The casual assertions, the unsupported and contentious theme, and the complete omission of anything approaching a consideration of alternatives are common themes in PG’s essays. And those are what make them almost uniformly worthless, in my opinion.

Did you find anything about the current post, "How to Work Hard", contentious?

Honestly that'd probably be the one criticism I don't have.. most of the content I've seen is pretty mild-mannered and mundane.

> A lot of stuff, like the lack of formatting and HTTPS

What's the point of HTTPS for a static website which doesn't convey any secrets? (that's a genuine question, I'm not a web expert).

The reason I'd advocate in more public settings is that things ought to be secure-by-default, and that adopting security only upon realizing its necessity is a hazard-prone policy that constantly backfires.

But for a specific example of something that could go wrong: someone could inject malicious content into a non-secure page. The original content might be plain-text, but a man-in-the-middle can still inject whatever they like regardless.

As a common example of a simple attack: an attacker could man-in-the-middle people who connect to a nearby wireless network. Notes:

1. There're a bunch of ways that an attacker could get people to connect to their network. Examples: spoofing a legitimate network; setting up a password-less network; putting up a poster falsely advertising the SSID/pass to a network that falsely purports itself to be official; they're an actual employee of the establishment and just compromise the legitimate network; they're a remote-hacker who's exploited a vulnerability in the router.

2. The attacker could do lots of random stuff. Examples: they could inject malicious code; they could inject misinformation to facilitate scamming someone; they could insert ads; steal CPU-time/electricity for crypto-mining; they could just put gross porno on everyone's phone in a restaurant as a troll. Or something else. Or multiple things.

3. The original site being just plain-text doesn't really matter; the attacker can replace the entire thing without even contacting the real website. Or they can get the real website, then add other stuff to it.

The simple rule-of-thumb for website-operators is to just keep everything secure(-ish, if we're being realistic).

---

Further reading:

1. https://www.youtube.com/watch?v=_BNIkw4Ao9w

2. https://www.troyhunt.com/heres-why-your-static-website-needs...