-* Each AFS cell has its own database of users and groups. If you run `ls`, it will look up users and groups against the local machine's conception of users and groups, so if you take a stock Linux etc. machine and look at most any AFS cell, you'll get a bunch of unhelpful numbers. Make an interface that stands a decent chance of being merged into upstream `ls` to permit it to call `pts examine` (or, rather, the AFS library equivalent) against the appropriate servers instead of `getpwnam` etc. on AFS files. See also [Debathena Trac #300](http://debathena.mit.edu/trac/ticket/300).
-* OpenSSH has an option to enable [non-strict acceptor checking](http://www.sxw.org.uk/computing/patches/openssh-patches/strict-acceptor) for Kerberos authentication, so you can ssh to, say, scripts.mit.edu and successfully authenticate despite being load-balanced to a machine that thinks its name is, say, old-faithful.mit.edu. (Specifically a non-strict acceptor lets you authenticate to a machine using any credential in its keytab; a strict acceptor will require that you authenticate to the specific key for the machine's name.) Port the non-strict acceptor option to [Cyrus SASL](http://asg.web.cmu.edu/sasl/) so that scripts.mit.edu can pull the same trick for SVN and LDAP and so forth.
-* I often find that [sbuild](http://packages.debian.org/stable/sbuild) installs many of the same packages into the "base" chroot; for instance, a bunch of Debathena packages depend on cdbs and config-package-dev. sbuild should have the ability to take advantage a chroot with these packages preinstalled (so long as all the packages in this chroot still are a subset of the build dependencies), and for extra awesome bonus points, look at a repository and suggest what non-base chroots I should create.
-* [Write a caching NSS module](http://debathena.mit.edu/trac/ticket/486) that will play more nicely with Debathena than nscd (the current solution) does. It will probably end up looking like nss_nonlocal.
+* Each AFS cell has its own database of users and groups. If you run `ls`, it will look up users and groups against the local machine's conception of users and groups, so if you take a stock Linux etc. machine and look at most any AFS cell, you'll get a bunch of unhelpful numbers. Make an interface that stands a decent chance of being merged into upstream `ls` to permit it to call `pts examine` (or, rather, the AFS library equivalent) against the appropriate servers instead of `getpwnam` etc. on AFS files. See also [Debathena Trac #300](https://debathena.mit.edu/trac/ticket/300).
+* OpenSSH has an option to enable [non-strict acceptor checking](https://www.sxw.org.uk/computing/patches/openssh-patches/strict-acceptor) for Kerberos authentication, so you can ssh to, say, scripts.mit.edu and successfully authenticate despite being load-balanced to a machine that thinks its name is, say, old-faithful.mit.edu. (Specifically a non-strict acceptor lets you authenticate to a machine using any credential in its keytab; a strict acceptor will require that you authenticate to the specific key for the machine's name.) Port the non-strict acceptor option to [Cyrus SASL](http://asg.web.cmu.edu/sasl/) so that scripts.mit.edu can pull the same trick for SVN and LDAP and so forth.
+* I often find that [sbuild](https://packages.debian.org/stable/sbuild) installs many of the same packages into the "base" chroot; for instance, a bunch of Debathena packages depend on cdbs and config-package-dev. sbuild should have the ability to take advantage a chroot with these packages preinstalled (so long as all the packages in this chroot still are a subset of the build dependencies), and for extra awesome bonus points, look at a repository and suggest what non-base chroots I should create.
+* [Write a caching NSS module](https://debathena.mit.edu/trac/ticket/486) that will play more nicely with Debathena than nscd (the current solution) does. It will probably end up looking like nss_nonlocal.