Slashdot Mirror


Chrome 43 Should Help Batten Down HTTPS Sites

River Tam writes The next version of Chrome, Chrome 43, promises to take out some of the work website owners — such as news publishers — would have to do if they were to enable HTTPS. The feature might be helpful for publishers migrating legacy HTTP web content to HTTPS when that old content can't or is difficult to be modified. The issue crops up when a new HTTPS page includes a resource, like an image, from an HTTP URL. That insecure resource will cause Chrome to flag an 'mixed-content warning' in the form of a yellow triangle over the padlock.

3 of 70 comments (clear)

  1. great, chrome becomes even more annoying by X0563511 · · Score: 3, Interesting

    For a good long while it's been annoying when dealing with mangled SSL configurations - at least firefox let's you tweak stuff in about:config to work around them.

    No, getting the site fixed is not always an option, and validation of the certificate is not always necessary. For instance, there was a good long while where Chrome was completely unusable with some of our ZFS storage appliances (which live on a nonrouted private management network) because of retarded cert validation changes. Sure, that makes sense when you are visiting your bank's site... but not so much when you're trying to get into something on 10.0.0.0/8 when you're directly connected to the thing with a crossover cable... and no, updating the software in the controller wasn't an option because of outstanding critical-level bugs.

    Fun times.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  2. Re:Is this supposed to be a new thing? by Billly+Gates · · Score: 3, Interesting

    Go read IE 7 goes RTM from slashdot circa 2006?

    Webmasters freaked by SSL https:/// won't display pictures with non secure hyperlinks.

    This is not news as for 9 years ancient IE did not allow

  3. Re:HTTPS Everywhere - 3rd Party Certs? by fahrbot-bot · · Score: 3, Interesting

    "Does it really matter...." is an intellectually lazy argument. Yes it matters.

    No it doesn't not for everything or even most things. You're over-thinking things and conflating the important with the unimportant, the big things with the little. Stop sweating the little things.

    I used to get more worked up about things, like you apparently are, but then in late 2005, after 20 years together, my wife was diagnosed with a brain tumor and died, literally in my arms, just 7 weeks later. I heard her last breath, felt her last heartbeat and learned what the word "forever" means.

    So, having my NYT or /. connection encrypted isn't really that important - my banking connection, yes, but I try to keep everything in perspective. The scenarios you've described lack some of that.

    I'm not "intellectually lazy" I just know what is and is not important - for me anyway.

    Also, entities like Google are not encrypting their connection to protect your privacy, it's to protect their revenue stream, so third-parties cannot skim ad/search information w/o paying Google for it.

    --
    It must have been something you assimilated. . . .