It’s actually worse than that. It wasn’t always whole coubtries who decided to adopt (or not) but cities and sometimes people within cities (i.e. the protestants in the city would be lagging, or maybe I’m misremembering and this was about people who where abroad)
In any case, for awhile, the date you picked depended on who you were writing to. And then also the relative standing. If he was of much lower standing you might force your own calendar on them.
Also, I think with the previous calendar it was always a bit debatable what year december belonged to. I can’t quite remember the details.
We still have this sort of thing today. In the occupied West Bank, Israeli settlers change to daylight savings time on a different day than the Palestinians
Arizona in the US does not observe DST at all. Within Arizona is the Navajo nation, which does observe DST. Within the Navajo nation are Hopi enclaves, where DST is not observed, and finally, within one of those Hopi enclaves is a Navajo community where, again, DST is observed.
> It’s actually worse than that. It wasn’t always whole coubtries who decided to adopt (or not) but cities and sometimes people within cities (i.e. the protestants in the city would be lagging, or maybe I’m misremembering and this was about people who where abroad)
There was some of that indeed, depending on the centralization of the country e.g. Spain and France adopted the gregorian calendar wholesale because the king decreed it, but in less centralised countries like the Dutch Republic or Switzerland it happened by region (the seven catholic cantons switched to the gregorian calendar in 1584, the protestant canton only switched over piece by piece during the 18th century, and Schiers and Grüsch were the last remnants of Julian calendar in the entirety of western europe, only adopting the gregorian calendar in 1812).
... and then there's Sweden, which started on a plan to gradually approach the Gregorian calendar by skipping leap years over 40 years, except they immediately forgot to skip the second and third so concluded the plan was stupid, then instead of switching to gregorian they reverted to julian, before finally switching to gregorian 40 years after that.
Julian date is sometimes used to synchronize timing for encrypted radio systems. My understanding is that early radio systems adapted it because it was used by astronomers. Astronomers used it because it didn't skip any days which would cause issues tracking long term astronomical cycles.
I deal with those radio systems occasionally and I've always wanted to find or modify a digital watch to display the Julian date. It feels like that would be such a simple firmware change to something like a g-shock.
Check out the Sensor Watch project[1]! It's "An ARM Cortex M0+ board swap for the classic Casio F-91W wristwatch" that allows you to write custom firmware.
I wonder how Paradox handles this stuff in their games like Europa Universalis. Have they ever made a "the pope wants you to switch calendar systems" event which changes the actual in-game date?
Sounds like they just ignore any calendar weirdness. I don't envy anyone the task of trying to properly program this. You basically have to decide for everything time related in the simulation whether it is tied to the calendar or the physical passage of time. Sometimes you would have to split variables, like characters are legally older, but no closer to old age. Bonus points if your solution allows characters to get into conflict with each other about stuff like when a treaty ends or whether their loans are due 15 days sooner.
My initial thought was that that would probably be taking the simulationism too far. My second thought was how funny it would be to swap calendars to get out of a truce early.
“My Lord, you can attack them until March of next year!”
> My second thought was how funny it would be to swap calendars to get out of a truce early.
Congress did something similar last year - National Emergencies declared by the president, such as for tariffs, are required by law to be reviewed within 15 days by Congress. So Congress redefined the calendar so that the remainder of the days during that session are not officially considered to be calendar days. https://www.nytimes.com/2025/04/10/us/congress-johnson-calen...
EU3 and EU4 at least had no leap years. I assume 1, 2 and 5 are the same.
Checking the wiki, eu5 has an advance (guess these are like the nation ideas in eu4?) for Julian calendar which gives you +10% to orthodox or miaphysite nations. I doubt it has any effect in the calendar system in the games UI.
Paradox's Clausewitz game engine seems to handle "negative" years very poorly, so stuff like historical Roman emperors in Crusader Kings have some oddities. It's probably also why Imperator: Rome uses ab urbe condita dating (aside from immersion).
The Elder Kings 2 mod actually has custom date handling (it's actually a custom date localisation system) to enable transitioning to the 3rd era on founding the Empire of Tamriel.
Ah, the cause of the weirdest bug I ever debugged. Obvious in hindsight - but we were totally puzzled as we continued debugging further and further down the stack of why one particular random seed would cause a fuzzed-input test to cause some date-handling code to error out.
It's wild to think about how different things were in pre-modern times.
There are no computers, sensors, watches, or spaceships. There are also no TV-style distractions, and a lot more people are growing food. When would you notice that the longest day of the year is a few days away from what the books say it's supposed to be?
For that matter, the printing press was only a century old. How well-known was it that particular days are meant to be the longest or shortest of the year?
In an agrarian economy people are definitely much MORE attuned to the cycles of the seasons. If your town always starts planting crop X two weeks before the solstice, and the harvest festival is the week after the equinox, you’re going to keep track of these things.
Yeah, but I took the parent comment as a non-rhetorical question. Say you were one of these "MORE attuned" people of the past: how long [literally] do you think it would take you to notice that the calendar was drifting? Like, if the calendar says the equinox should be on Monday, but in fact it's actually technically more like Tuesday, would you notice? What if it was technically on Wednesday?
If the rate of drift was like 5 days per year, then sure, people'd probably notice in a year or two — three tops, right? But how fast would the drift be? It's a question about how much people can detect small changes in daylight and how big the change actually is.
I also observe that we put up with tons of drift in our months: the new moon is hardly ever on the first of the month! And that's really easy to detect (within a day or two). So maybe people would notice a drift relative to the seasonal cycle and just not mind, the way we don't mind a drift relative to the lunar cycle.
I think that when OP said "When would you notice" they meant you the reader in contemporary times, to draw attention to the high level of attunement you're referring to
If I recall correctly - it was surprisingly well known (in fact it was a common way to make fun of "lettered" people because they'd claim dates that were obviously silly; everyone knew when the solstice was).
Some of the earliest things we have a sun-based calendar trackers, which need not be more complicated than a stick and a rock (meaning millions more have not survived).
I use HTTPS only. I don't think HTTP is acceptable for anyone let alone a technical blog post. It takes a few minutes, and it prevents me and all your visitors from getting all kinds of MITM injections.
It also prevents all kinds of clients who (for various reasons) can't implement SSL from visiting your website. I'm sure this is a "small web" blog, whose author wants to be visited by e.g. a Commodore 64, an OS 9 iMac, or somebody who just wants to telnet in. If the sensitivity of the information on this page was critical or you were going to be submitting information then by all means yes, SSL is important, but if you're going to be reading a personal blog about calendars then http is probably fine. Of course the ideal solution is offering both and letting the client choose.
Man I really hope this doesn't get autoflagged because people need to see that this is an opinion people actually have, and what the (justified) reaction to it is.
HTTPS on a blog does nothing. It doesn't protect you from anything. I guarantee you're not getting "all kinds of MITM injections" on this block of text. The only reasonable desire I can think of for "HTTPS everywhere" is hiding the content from your ISP but a) they still see the URL so they can get the content if they want it, and b) if you're so worried about that, use a VPN which coincidentally is even better because it will also hide the URL, and most importantly c) it puts the onus on you, the person who wants the thing, instead of hundreds or thousands or tens of thousands of text-only website owners who rightly couldn't care less about HTTPS.
> they still see the URL so they can get the content if they want it
That's incorrect, a MitM can only reveal the server hostname by inspecting the SNI during the TLS handshake, but the HTTP request, including the URL and headers, is encrypted.
No they can't. They obviously know the IP addresses, but that's not terribly useful since everything is behind a cloudflare proxy nowadays. The server hostname may provide some more information, if the server doesn't support ECH [1], but the full URL is encrypted.
Haha this is my blog -- its pretty new. I agree it's readability is less than ideal -- going to change it at some point. HTTPS as well probably at some point. Its been an experiment for me doing everything by hand. The entire blog is a large single Rakefile using Markaby :)
Even just disabling CSS makes it readable. For HTTPS, I think that (like someone else mentioned) it should be made optional (at least for read-only access to public files) rather than mandatory.
For a random blog you have never visited before and have no reason to trust. It could attempt to do all the malicious things that you are worried a man in the middle would do.
The browser still has to execute code over HTTPS. You've just moved the injection perimeter from inside my own network into the providers website. I don't think you've fundamentally changed your level of risk unless you spend a huge amount of time browsing on shared password WPA protected wifi networks.
You cannot browse to sites under any regime and execute code while expecting security to exist.
I think you would have a better argument if you said something like: "I don't want my ISP knowing about the content I read" or something along those lines. MITM for a text download is like saying we have to have https for dns (yes DoH exists now), but the point still stands. You aren't sending any sensitive data to the website, MITM is unlikely.
It's still a weak argument since it's extremely rare in practice that's why I suggested blaming the ISP instead since ISP's are the ones that have historically tampered with http content.
Without HTTPS, every link in the chain between me and your website is a potential attack vector. Maybe I trust my ISP, but do I trust my buddy's cheapo router? What about the shadowy cabal that offers airport wifi?
With static webpages, the concern isn't someone snooping in on what I'm reading. It's someone injecting content, probably malware, into the page. Let's say I have a zero-click exploit for Chrome. What can I do with it? If I just stick it on a page I control, best I can hope for is spamming it all over the web and hoping someone clicks on it. Probably not a lot of impact before it gets patched. If instead, I can wait until some router firmware gets pwned, or an ISP, I can do a mass attack where I make all the vulnerable routers inject my exploit into all non-HTTPS web requests. Much greater exposure.
It only does that for me if there's an HTTPS option available but it's expired or not configured correctly. Chrome let me right into this site without that warning.
I have no idea what you're trying to say, there's no IT department managing my laptop and none of the IT departments I've worked in or with "MITM everything." Do you want to try again?
Yep. You apparently need HTTPS for intranet resources too, or you can't develop/use web-apps in Chrome, and since no self-respecting CA would certify your localhost, internal homegrown CA it is, baby — and given the web runs on the lovely model "any CA can attest any website; okay, maybe CAA is not a bad idea"...
It’s actually worse than that. It wasn’t always whole coubtries who decided to adopt (or not) but cities and sometimes people within cities (i.e. the protestants in the city would be lagging, or maybe I’m misremembering and this was about people who where abroad)
In any case, for awhile, the date you picked depended on who you were writing to. And then also the relative standing. If he was of much lower standing you might force your own calendar on them.
Also, I think with the previous calendar it was always a bit debatable what year december belonged to. I can’t quite remember the details.
We still have this sort of thing today. In the occupied West Bank, Israeli settlers change to daylight savings time on a different day than the Palestinians
Arizona in the US does not observe DST at all. Within Arizona is the Navajo nation, which does observe DST. Within the Navajo nation are Hopi enclaves, where DST is not observed, and finally, within one of those Hopi enclaves is a Navajo community where, again, DST is observed.
> It’s actually worse than that. It wasn’t always whole coubtries who decided to adopt (or not) but cities and sometimes people within cities (i.e. the protestants in the city would be lagging, or maybe I’m misremembering and this was about people who where abroad)
There was some of that indeed, depending on the centralization of the country e.g. Spain and France adopted the gregorian calendar wholesale because the king decreed it, but in less centralised countries like the Dutch Republic or Switzerland it happened by region (the seven catholic cantons switched to the gregorian calendar in 1584, the protestant canton only switched over piece by piece during the 18th century, and Schiers and Grüsch were the last remnants of Julian calendar in the entirety of western europe, only adopting the gregorian calendar in 1812).
... and then there's Sweden, which started on a plan to gradually approach the Gregorian calendar by skipping leap years over 40 years, except they immediately forgot to skip the second and third so concluded the plan was stupid, then instead of switching to gregorian they reverted to julian, before finally switching to gregorian 40 years after that.
Good write up! Relevant folklore Usenet post about the history of the calendar I am again obligated to share: https://neosmart.net/forums/threads/an-extended-history-of-t...
Julian date is sometimes used to synchronize timing for encrypted radio systems. My understanding is that early radio systems adapted it because it was used by astronomers. Astronomers used it because it didn't skip any days which would cause issues tracking long term astronomical cycles.
> Astronomers used it
And still use, in fact!
I deal with those radio systems occasionally and I've always wanted to find or modify a digital watch to display the Julian date. It feels like that would be such a simple firmware change to something like a g-shock.
Check out the Sensor Watch project[1]! It's "An ARM Cortex M0+ board swap for the classic Casio F-91W wristwatch" that allows you to write custom firmware.
[1]: https://www.sensorwatch.net/
Julian date works exactly like Unix epoch, but instead of starting in junary 1 1970 it starts something like 2500 years ago.
Super easy for astronomy as you don't need to handle timezones and other junk
I wonder how Paradox handles this stuff in their games like Europa Universalis. Have they ever made a "the pope wants you to switch calendar systems" event which changes the actual in-game date?
Sounds like they just ignore any calendar weirdness. I don't envy anyone the task of trying to properly program this. You basically have to decide for everything time related in the simulation whether it is tied to the calendar or the physical passage of time. Sometimes you would have to split variables, like characters are legally older, but no closer to old age. Bonus points if your solution allows characters to get into conflict with each other about stuff like when a treaty ends or whether their loans are due 15 days sooner.
My initial thought was that that would probably be taking the simulationism too far. My second thought was how funny it would be to swap calendars to get out of a truce early.
“My Lord, you can attack them until March of next year!”
“Then March of next year it shall be!”
> My second thought was how funny it would be to swap calendars to get out of a truce early.
Congress did something similar last year - National Emergencies declared by the president, such as for tariffs, are required by law to be reviewed within 15 days by Congress. So Congress redefined the calendar so that the remainder of the days during that session are not officially considered to be calendar days. https://www.nytimes.com/2025/04/10/us/congress-johnson-calen...
EU3 and EU4 at least had no leap years. I assume 1, 2 and 5 are the same.
Checking the wiki, eu5 has an advance (guess these are like the nation ideas in eu4?) for Julian calendar which gives you +10% to orthodox or miaphysite nations. I doubt it has any effect in the calendar system in the games UI.
Some notes:
Paradox's Clausewitz game engine seems to handle "negative" years very poorly, so stuff like historical Roman emperors in Crusader Kings have some oddities. It's probably also why Imperator: Rome uses ab urbe condita dating (aside from immersion).
The Elder Kings 2 mod actually has custom date handling (it's actually a custom date localisation system) to enable transitioning to the 3rd era on founding the Empire of Tamriel.
Ah, the cause of the weirdest bug I ever debugged. Obvious in hindsight - but we were totally puzzled as we continued debugging further and further down the stack of why one particular random seed would cause a fuzzed-input test to cause some date-handling code to error out.
It's wild to think about how different things were in pre-modern times.
There are no computers, sensors, watches, or spaceships. There are also no TV-style distractions, and a lot more people are growing food. When would you notice that the longest day of the year is a few days away from what the books say it's supposed to be?
For that matter, the printing press was only a century old. How well-known was it that particular days are meant to be the longest or shortest of the year?
In an agrarian economy people are definitely much MORE attuned to the cycles of the seasons. If your town always starts planting crop X two weeks before the solstice, and the harvest festival is the week after the equinox, you’re going to keep track of these things.
Yeah, but I took the parent comment as a non-rhetorical question. Say you were one of these "MORE attuned" people of the past: how long [literally] do you think it would take you to notice that the calendar was drifting? Like, if the calendar says the equinox should be on Monday, but in fact it's actually technically more like Tuesday, would you notice? What if it was technically on Wednesday?
If the rate of drift was like 5 days per year, then sure, people'd probably notice in a year or two — three tops, right? But how fast would the drift be? It's a question about how much people can detect small changes in daylight and how big the change actually is.
I also observe that we put up with tons of drift in our months: the new moon is hardly ever on the first of the month! And that's really easy to detect (within a day or two). So maybe people would notice a drift relative to the seasonal cycle and just not mind, the way we don't mind a drift relative to the lunar cycle.
I think that when OP said "When would you notice" they meant you the reader in contemporary times, to draw attention to the high level of attunement you're referring to
If I recall correctly - it was surprisingly well known (in fact it was a common way to make fun of "lettered" people because they'd claim dates that were obviously silly; everyone knew when the solstice was).
Some of the earliest things we have a sun-based calendar trackers, which need not be more complicated than a stick and a rock (meaning millions more have not survived).
Please use HTTPS.
I use HTTPS only. I don't think HTTP is acceptable for anyone let alone a technical blog post. It takes a few minutes, and it prevents me and all your visitors from getting all kinds of MITM injections.
Thanks.
It also prevents all kinds of clients who (for various reasons) can't implement SSL from visiting your website. I'm sure this is a "small web" blog, whose author wants to be visited by e.g. a Commodore 64, an OS 9 iMac, or somebody who just wants to telnet in. If the sensitivity of the information on this page was critical or you were going to be submitting information then by all means yes, SSL is important, but if you're going to be reading a personal blog about calendars then http is probably fine. Of course the ideal solution is offering both and letting the client choose.
Man I really hope this doesn't get autoflagged because people need to see that this is an opinion people actually have, and what the (justified) reaction to it is.
HTTPS on a blog does nothing. It doesn't protect you from anything. I guarantee you're not getting "all kinds of MITM injections" on this block of text. The only reasonable desire I can think of for "HTTPS everywhere" is hiding the content from your ISP but a) they still see the URL so they can get the content if they want it, and b) if you're so worried about that, use a VPN which coincidentally is even better because it will also hide the URL, and most importantly c) it puts the onus on you, the person who wants the thing, instead of hundreds or thousands or tens of thousands of text-only website owners who rightly couldn't care less about HTTPS.
>I guarantee you're not getting "all kinds of MITM injections" on this block of text
You actually can’t guarantee anything of the sort. BGP hijacks are real.
> they still see the URL so they can get the content if they want it
That's incorrect, a MitM can only reveal the server hostname by inspecting the SNI during the TLS handshake, but the HTTP request, including the URL and headers, is encrypted.
Surely your ISP can see every URL you visit if they have a reason to? They're routing the traffic.
No they can't. They obviously know the IP addresses, but that's not terribly useful since everything is behind a cloudflare proxy nowadays. The server hostname may provide some more information, if the server doesn't support ECH [1], but the full URL is encrypted.
https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypt...
Routing only shows the server IP address, which isn’t very useful if it is AWS or Azure or CloudFlare or some other CDN.
MITM attack on a read-only text webpage... okay.
More annoying is the slightly shiny/shaded text that is supposed to highlight something. Who chose this style palette?
Haha this is my blog -- its pretty new. I agree it's readability is less than ideal -- going to change it at some point. HTTPS as well probably at some point. Its been an experiment for me doing everything by hand. The entire blog is a large single Rakefile using Markaby :)
for what is worth, I actually liked the shaded links, they made me smile :)
Even just disabling CSS makes it readable. For HTTPS, I think that (like someone else mentioned) it should be made optional (at least for read-only access to public files) rather than mandatory.
check out certbot + install certbot renew into crontab. Get the python3 variant the "native" package is outdated and removed from newer systems.
It’s html. Which is code that your browser executes.
Millions of routers are compromised. BGP attacks happen. Anything http stands out as an interesting target for injection.
This position is foolish. It’s not a major ask to enable https.
For a random blog you have never visited before and have no reason to trust. It could attempt to do all the malicious things that you are worried a man in the middle would do.
> BGP attacks happen.
If you control the IP a domain name points to, you can get a certificate issued. Https might help on a small BGP takeover, but it might very well not.
The browser still has to execute code over HTTPS. You've just moved the injection perimeter from inside my own network into the providers website. I don't think you've fundamentally changed your level of risk unless you spend a huge amount of time browsing on shared password WPA protected wifi networks.
You cannot browse to sites under any regime and execute code while expecting security to exist.
I think you would have a better argument if you said something like: "I don't want my ISP knowing about the content I read" or something along those lines. MITM for a text download is like saying we have to have https for dns (yes DoH exists now), but the point still stands. You aren't sending any sensitive data to the website, MITM is unlikely.
Without HTTPS someone could alter the content, spread false information, inject ads, malware, and other stuff, redirect to some other site, …
(This is a general remark, but it goes for a blog post like this as well.)
It's still a weak argument since it's extremely rare in practice that's why I suggested blaming the ISP instead since ISP's are the ones that have historically tampered with http content.
Attacks in general are all rare in practice in the grand scheme of the internet. So?
Yes, that's why you present a better argument, that's the entire conversation.
Not everyone has to prepare their home for a leopard attack.
The site owners could do all of that even with HTTPS, and no-one would revoke their certs. Just saying.
And the best Windows malware is actually digitally signed.
Without HTTPS, every link in the chain between me and your website is a potential attack vector. Maybe I trust my ISP, but do I trust my buddy's cheapo router? What about the shadowy cabal that offers airport wifi?
With static webpages, the concern isn't someone snooping in on what I'm reading. It's someone injecting content, probably malware, into the page. Let's say I have a zero-click exploit for Chrome. What can I do with it? If I just stick it on a page I control, best I can hope for is spamming it all over the web and hoping someone clicks on it. Probably not a lot of impact before it gets patched. If instead, I can wait until some router firmware gets pwned, or an ISP, I can do a mass attack where I make all the vulnerable routers inject my exploit into all non-HTTPS web requests. Much greater exposure.
Just as a reminder, this was standard before SSL/TLS. Every webpage was http-only.
Surprised this is downvoted. Chrome forces me to click through a warning to even visit HTTP sites nowadays.
"Please don't complain about tangential annoyances..." <https://news.ycombinator.com/newsguidelines.html>.
A long-standing HN guideline. Regardless of how merited the complaint may be.
It only does that for me if there's an HTTPS option available but it's expired or not configured correctly. Chrome let me right into this site without that warning.
Turns out the warning I get is due to the Chrome setting "Always use secure connections"
I don't remember turning it on but it's probable that I did, it's not a default yet but will be come October: https://blog.google/security/https-by-defau/
Yup, very secure. Then every single IT department installs a cert on the machines to MITM everything.
I have no idea what you're trying to say, there's no IT department managing my laptop and none of the IT departments I've worked in or with "MITM everything." Do you want to try again?
On the flip side, every company I've ever worked for has installed trusted company certs on their computers and do MITM everything.
Yep. You apparently need HTTPS for intranet resources too, or you can't develop/use web-apps in Chrome, and since no self-respecting CA would certify your localhost, internal homegrown CA it is, baby — and given the web runs on the lovely model "any CA can attest any website; okay, maybe CAA is not a bad idea"...
Even with CAA records, any CA can still create a cert for any website. So if you're worried about an untrustworthy CA, then this won't help you.
It could make it less likely for a CA with buggy code to accidentally issue a cert for your domain.