Friday, May 01, 2015

Why I don't like that Mozilla is "Deprecating non-secure HTTP"


Mozilla wants to deprecate non-secure HTTP, will make proposals to W3C ‘soon’

I'm a blogger and sysadmin. I like running servers, and I like to write. Being able to buy a domain and a server was all I needed to do in order to run a blog. Sometimes I used to use dynamic dns if I wanted to run the blog on my own server at home. Now I need to buy a security cert, which is more money. And we already know the kinds of companies that publish certs. Its hard to trust them after the reputation they have earned. Plus there is the added hassle of configuring the server with the cert you just bought.

If I use a self signed cert like most student bloggers are probably going to do, there is going to be an ugly warning to people who just happen to run across your blog. The warning is bad enough to scare away any potential readers of your blog.

As it is, blogging on your own server is not popular. The above is a simple way of killing it. Who is going to go through this hassle? Instead of making things easier, we've just made it harder.

I don't like it.

Whats the point of requiring security on the public facing page of a blog? It makes no sense. I want people to read what I write, and there is no requirement for security. The admin interface for a blog is a different story. There you want security since you have to enter credentials and secure your admin interface from spammers. Which means it makes sense to secure some parts of a website, and not others.

There was a recent post on hacker news (I can't find the link) of an admin asking mozilla to reconsider, since this would break the way a lot of academics worked.

And all this just because companies out there are too lazy to secure their websites, putting their customers in danger. Why are indie web developers being punished for the laziness of large companies?

Here is another well reasoned article on this topic.

Found this quote which seemed apt:
One must stress that it was not merely technological wizardry that set people dreaming: it was also the openness of the industry then rising up. The barriers to entry were low. Radio in the 1920s was a two-way medium accessible to most any hobbyist, and for a larger sum any club or other institution could launch a small broadcast station. Compare the present moment: radio is hardly our most vital medium, yet it is hard if not impossible to get a radio license, and to broadcast without one is a federal felony. In 1920, De Forest advised, “Obtaining the license is a very simple matter and costs nothing.”
- Tim Wu, The Master Switch

Mozilla and hypocrisy

Right, but what about the experiences that Mozilla chooses to default for users like switching to  Yahoo and making that the default upon ...