SoylentNews is people
SoylentNews
from the it's-the-end-of-the-web-as-we-know-it-and-i-feel-fine dept.
Phoronix reports the Mozilla Security Engineering team is planning to make their browser useless for browsing much of the World Wide Web, by deprecating insecure HTTP.
Richard Barnes of Mozilla writes:
In order to encourage web developers to move from HTTP to HTTPS, I would like to propose establishing a deprecation plan for HTTP without security. Broadly speaking, this plan would entail limiting new features to secure contexts, followed by gradually removing legacy features from insecure contexts. Having an overall program for HTTP deprecation makes a clear statement to the web community that the time for plaintext is over -- it tells the world that the new web uses HTTPS, so if you want to use new things, you need to provide security.
See also this document outlining the initial plans.
(Score: 1) by anubi on Wednesday April 15 2015, @08:53AM
Interesting your concept of a https wrapping proxy server. Oughta work.
I currently have a lot of "toys" that use local ( 10.xxx.xxx.xxx and 162.168.xxx.xxx) addresses. These addresses do not route.
Most of my little Arduino and the like uses these addresses, serving up simple web pages, transferring files, and sending messages to each other.
One of the benefits of building the thing is that I get to assign any port I want along with what's in the payloads ( often just a C++ structure ).
However, for anything intended for "the big iron", I usually wrap it up in HTTP so I can see it on the browser instead of cryptically telnetting into the thing. There are a lot of tricks so a nice looking graphical interface does not cost that much more than an arcane text-only interface, and being HTTP is so standard, why not?
Even then, for my own stuff, I almost always send status displays over as http, but often accept commands via telnet. as the commands are short and sweet and I just want minimal overhead. like "$ST70" sent will set the temperature to 70.
Sure, I want HTTPS when I am dealing with money or critical infrastructure at a distance. I would just as soon keep the little thingie that tells me if the roast is done simple and on a local unroutable address. If I am going to instruct my air conditioner to turn on over the net, I would just as soon tell my PC about it over a secure link, then have the PC proxy the command over the local unroutable address to the little Arduino that turns the thermostat up or down.
What I am trying to say is I find the old protocols quite useful for simple stuff.
I am seeing stuff rapidly becoming so complex that its becoming quite difficult to "roll your own" interface, and it seems like its getting so everything I do on my own machine is going to have to be licensed , meaning I have to always be getting permission from someone else to do anything. That can get expensive!
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by urza9814 on Wednesday April 15 2015, @03:11PM
Well, as others have pointed out, this is being phased in over time so it will likely be years before you're forced to change anything.
But if you wanted to, I'd suggest you do what I do -- spend $50 and an hour of your time to set up Apache on a Raspberry Pi and proxy everything through there. It's low power, it's open, it doesn't tie up your laptop, and it'll let you secure your stuff enough that you *could* make it available from the internet should you ever want to. You can get the SSL certs for free, or just use self-signed.
I imagine by the time this is actually enforced on every website you'll be able to bake SSL certs into an Arduino sketch...