Firefox bares teeth, attacks sites that collect personal data Shoddy sites will have fewer places to hide with Firefox joining Chrome in badging cleartext sites that collect personal information as insecure. Mozilla's labels won't be as prominent as Google's, introduced this year, which places the red letter label in the address bar. Firefox will instead tuck its warning in the same spot …
"I didn't notice as the articles are still using http."
You can read the articles on https as well now.
And on that subject ... might I ask the wider audience whether (in general) there is any reason to keep the http version of a site (any site) going alongside an https version?
And on that subject ... might I ask the wider audience whether (in general) there is any reason to keep the http version of a site (any site) going alongside an https version?
Just in case that's not meant to be ironic ...
Yes of course, HTTP is much more efficient and imposes vastly less load on the 'net than HTTPS. You might ignore the minor matter of processing overhead at each end of a secure connection, but you can't ignore the damage it does to cacheability. Think of it like moving a million people out of commuter trains each morning, and each into their individual cars.
> I noticed ... had to change all my ad-block filters that remove the annoyingly big pictures at the top of each article and all the irritating "look at a me" badges in the comments section!
So you're missing half the fun, and occasionally crucial context.
I bet you're the kind of commenter who writes long serious rebuttals without noticing that the poster is obviously trolling.
I'd be more tempted to block the badges... but it's helpful to know which commentards have nothing better to do than post here all day.
If there is one thing that gets on my nerves it's the %$#@ nannying approach that FF has chosen for its warnings - I appreciate the warning but I'd like an expert mode where it's easy to accept and progress regardless.
If you're testing you typically do that with a self-signed cert and at that point FF becomes an utter menace.
So please, leave those know know what they're doing an option to make their own decisions - don't hide it several layers deep.
I wouldn't get my hopes up...
The insecurity stickers will expand in future releases with a floating box triggered when users click password entry fields on cleartext sites that reads "logins entered here could be compromised".
A further development will expand the struck-out lock icon and slap it on all cleartext sites regardless of whether they collect passwords or credit cards.
Looks more like FF will start pestering you with popups and crap.
The lock struck out with red stripe is fine (along with floating box/popup if you hover over it), but leave it at that. There really is no need to go overboard and treat all of us like 5-year olds.
At the very least provide an option to turn it down/off in about:config, please.
Moving to a floating box may confuse many thousands of people who use username/passwords to secure relatively simple sites they installed via an automated script, (For example Coppermine, or a personal Wordpress site). Many of these will not know or care how its installed, only that they can use it.
Its easy to say use SSL, but many of the Domain hosting sites are currently not interested in setting or implementing an upgrade to the management software on their basic level of shared hosting products to use Lets Encrypt certs as the Hosting Companies have a business reason not to, they want to sell you a SSL cert from a big brand.
"many of the Domain hosting sites are currently not interested in setting or implementing an upgrade to the management software on their basic level of shared hosting products to use Lets Encrypt certs as the Hosting Companies have a business reason not to, they want to sell you a SSL cert from a big brand for a substantial markup.
FTFY.
"Its easy to say use SSL, but many of the Domain hosting sites are currently not interested in setting or implementing an upgrade to the management software on their basic level of shared hosting products to use Lets Encrypt certs as the Hosting Companies have a business reason not to, they want to sell you a SSL cert from a big brand."
Not to mention the added consumption of IP space, since a lot of those kinds of sites run as Apache virtual servers. Switch to SSL, and suddenly every one of them needs its own IP address.
It could be more informative and accurate of the situation, but the crossed circle motif is already programmed into most people's heads as a warning sign.
As a result, what's the goal: To warn or inform? Personally, I feel having a clear text site where a password is going in is right up there with being about to back into something. Get my attention (and make me stop) first, then tell me what's going on. I'll make the call at that point.
.deb packages The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
