Announcement

Collapse
No announcement yet.

Mozilla Start Drafting Plans To Deprecate Insecure HTTP

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #41
    The HTTPS version of this forum doesn't load the CSS styling or something and the phoronix site redirects to the HTTP version :\ Time to enable HTTPS! (on my private server I first learned about all the attacks and stuff like not to use RC4, ..., and configured SSL/HTTPS all within hours and it has an A rating on https://www.ssllabs.com/ssltest, so it's all not too time consuming or hard -- and HTTP redirects to HTTPS)
    Last edited by opensource; 14 April 2015, 11:21 AM.

    Comment


    • #42
      Originally posted by droidhacker View Post
      We really need to add the overhead of ssl handshakes when pulling a weather report from local news?
      Oh my god, I can't believe how my privacy is being violated, the government knows that I want to know what the weather is like outside, this must mean that I actually go outside sometimes and they know it!!!!!!!!
      Actually, using HTTPS will be faster than plain HTTP.

      Because deploying HTTP/2 over plaintext is going to cause compatibility problems it will only be deployed as HTTPS. And HTTP/2 is faster than HTTP even when it's running over HTTPS.

      On the topic of privacy and why we need HTTPS I already mentioned a number of reasons above, but here are some of the people working on this:

      Speaker(s):Ilya Grigorik, Pierre FarDescription:Data delivered over an unencrypted channel is insecure, untrustworthy, and trivially intercepted. We must pro...


      You have to remember that since the whole NSA things came out standards organizations like the IETF and W3C said:

      "This no more, let's fix ALL our protocols to be secure and private by default. We want the Internet [protocols] to be something people can trust. Not a way to empower organizations like the NSA."

      Comment


      • #43
        Originally posted by opensource View Post
        The HTTPS version of this forum doesn't load the CSS styling or something and the phoronix site redirects to the HTTP version :\ Time to enable HTTPS! (on my private server I first learned about all the attacks and stuff like not to use RC4, ..., and configured SSL/HTTPS all within hours and it has an A rating on https://www.ssllabs.com/ssltest, so it's all not too time consuming or hard -- and HTTP redirects to HTTPS)
        Yeah, since obviously it's horrible if someone could read your posts on a public forum. Oh, wait...

        Comment


        • #44
          Originally posted by droidhacker View Post
          No kidding. There is something very definitely piggish going on in Firefox, and it isn't just v37, its been this way for quite a long time. Just leave it running *long* enough, and it sucks up all your memory, cranks up all your cores, and turns into a brutal resource hog. Wish they would just stop adding bullshit "features" that nobody needs or wants or uses, and focus on making it actually usable again.

          Mozilla's plan SHOULD be;
          1) Strip all the bullshit,
          2) Fix all the brokenness.
          ... in that order, because there is no point in fixing brokenness in bullshit that should be stripped.
          Mozilla is actually a very small organisation in comparison to the other browser builders: Apple, Microsoft and Google.

          I think you underestimate how much work goes into this.

          Rewriting large parts of the browser is a lot of work and takes the best programmers of the business to do it.

          And they have a number of things they need to balance:
          - improve the code base, partly change the architecture to fix the kind of problems you mentioned above
          - improve the capabilities of the web-platform
          - don't break addons

          They've been working on improving things for many years now.

          Basically it's 3 parts:
          - improve memory usage: from all the stats I've seen Firefox is now more efficient than Chrome.

          So I think they've checked that box.

          - improve responsiveness: Firefox is one multi-threaded process. There is one 'main thread', they are moving more and more parts of Firefox does off this main thread.

          So most of the work there has already been done.

          - move to a multi-process architecture: a large part of the problem they need to prevent breaking addons. Because it's one of the reasons people use Firefox. So they have to make sure they don't break that. In FirefoxOS it's already multi-process and it works pretty good there. They are now working on making sure multi-process Firefox works for everything and fixing any addons they break. If you download Firefox Nightly you can enable multi-process Firefox.

          Here is the list of working and not working addons:


          Did you know you can help test them ?

          Comment


          • #45
            Originally posted by Lennie View Post
            Actually, using HTTPS will be faster than plain HTTP.

            Because deploying HTTP/2 over plaintext is going to cause compatibility problems it will only be deployed as HTTPS. And HTTP/2 is faster than HTTP even when it's running over HTTPS.
            HTTP, HTTPS and HTTP/2 are different protocols.
            HTTPS is HTTP, just encrypted. It can not in any theory be faster.

            HTTP/2 is kinda HTTP (not exactly), but binary instead of text. HTTP/2 over plaintext is impossible.

            Comment


            • #46
              Originally posted by gens View Post
              HTTP, HTTPS and HTTP/2 are different protocols.
              HTTPS is HTTP, just encrypted. It can not in any theory be faster.

              HTTP/2 is kinda HTTP (not exactly), but binary instead of text. HTTP/2 over plaintext is impossible.
              Sorry I'll rephrase, I meant HTTPS as in the URL (HTTP/2 or HTTP over SSL/TLS will both be HTTPS in the URL):

              "Actually, using HTTPS will be faster than plain HTTP.

              Because deploying HTTP/2 over plaintext is going to cause compatibility problems it will only be deployed with SSL/TLS. And HTTP/2 is faster than HTTP even when it's running over SSL/TLS."

              Comment

              Working...
              X