Tag: https

Chrome HTTP “Not Secure” Warning Fixed with SSL

Posted by Ken Moire & filed under Security.

Google, in their latest effort to ramp up security, has begun rolling out changes in its Chrome browser that will alert users when they are visiting any non-encrypted HTTP website. Formerly considered neutral, HTTP websites are now deemed not secure by the browser. If you’re a site owner or developer, this can impact your site’s traffic and trustworthiness.

HTTPS is not the plural of HTTP

When checking your bank account or shopping online, you probably already know to look for the lock icon in your web browser’s address bar. This indicates your client (browser) is passing data to the site with encryption.

By default, a web page is served to the browser using the non-encrypted HTTP protocol. The protocol is the bit found at the beginning of a URL, or web address.

Web address protocol

HTTP is the web protocol

When a site is secure, the protocol changes to HTTPS, which stands for “HTTP over SSL”.  An HTTPS site means that the website operator has secured an SSL (or secure socket layer) certification, and any web traffic passed to that website is encrypted. When using HTTPS, this protocol is often highlighted in the address bar, along with lock icon, to tell users that the connection is encrypted and thus secure.

Until recently, purchasing SSL certificates was expensive and difficult to install, so unless the website provided a login or shopping cart, website operators typically opted not to buy a SSL certificate and relied on HTTP for general web traffic.

Encryption for all!

A lot has changed in the last couple of years, driven in part by high-profile data breaches. In response to the current threat environment, organizations like Let’s Encrypt now provide SSL certificates for free. Furthermore, if your hosting provider uses CPANEL, you are able to use HTTPS instead of HTTP, so there are no reasons to not encrypt your site. Google even rewards HTTPS in search rank – secured sites are deemed more trustworthy by the search giant.

Google is not waiting for developers

Initially, only pages that accept a login or provide a shopping cart will show the alert, but eventually this alert will be displayed site-wide across all HTTP pages.

Chrome-HTTP-warning

The Not secure warning in Chrome

Receiving this alert may be alarming to site visitors who are already skittish about web security, so if you own or operate a website you should get to work implementing a SSL certificate for your website. In web security, we’re only as strong as our weakest link, so this push by Google to encourage all websites to go HTTPS is a step in the right direction.

How To Fix It

Site owners and developers should take immediate steps to implement a SSL certificate to avoid the not secure warning in Chrome. Instructions how to do so can be found here.

Dispatches from the Spry Hive 2014: Week 46

Posted by Ben Scherliss & filed under Tips.

In a week during which the human race somehow, some way managed to land a space explorer on a freaking COMET, much of the news was naturally dominated by the Moon of Kim Kardashian. But then, maybe this is why we compile Spry Hive each week. We’re out here trending a little differently with a little tech, a little development, and some silliness too. So let’s get on to it.

Web

If you read last week’s Spry Hive, we discussed Mozilla’s launch of a new browser for developers. As an additional part of it’s tenth anniversary the company is also launching a special release of Firefox with new features that it says puts the user in control. Much of this appears to translate into one word: privacy. New additions include a pre-installed search option which doesn’t track the user’s identity or search results and a “Forget” feature which clears-out recent activity.

With Google’s recent announcement that https sites are a positive factor in search engine rankings, many with http addresses are taking notice and coming on board. Google itself also provided a few additional positive points as to why a non-ecommerce site should go https, such as the protection of data integrity and the trust factor amongst users. If you also find that interesting, Bill Hartzer expounds a bit more in this article.

Tech

Tuesday Microsoft released a gang of hot fixes for a set of bugs called Schannel which, according to the company, could be one of the most serious threats that the Windows operating system has faced in years. As this affects nearly every version of Windows currently on the market, here’s more detail as to why you should drop what you’re doing and apply the latest update now (if you haven’t already).

Big Hero 6

Animation takes another big step forward with the release of Disney’s Big Hero 6.The film features the debut of Hyperion, which is a cutting-edge light rendering software that Disney’s artists and engineers have been working on for the past two years. In simpler terms, the software tracks how light rays bounce off multiple objects in an environment before they enter your eyes. “Seeing is believing,” may have never been as fitting as it is now.

Development

Do you suffer from “Blank Walls Syndrome?” Do you tend to think every nook and cranny is screaming for an object, painting or piece of furniture? Well, often these same urges can overcome Developers during site builds as well. It’s a concept called horror vacui, which is the natural tendency of humans to fill empty spaces with stuff. As this writer explains, the lesson for both interior design and development is simple: “If you want your software to be perceived as valuable, don’t fill every empty corner with some kind of feature or widget.”

Not to be outdone by Google’s debut last week, Amazon has now followed with their own announcement of it’s first docker-centric product. Their EC2 Container Service for managing Docker containers on its cloud computing platform. It’s available in preview now and developers who want to use it can do so free of charge.

If you’d like to manage all of your Vagrant machines in one place, take a look at Vagrant Manager for OS X, which is both customizable and has indicators for which VM’s you have up or halted.

From our friends at Javascriptissexy.com come these guides for learning Meteor for both beginners and seasoned developers. They even start-off with a comprehensive overview of the technology before you invest any time and resources.

If you’d like a little primer for SVG’s and their benefits, we like this write-up on Styling And Animating SVGs With CSS. They also go over how to export and optimize SVGs, techniques for embedding them and how each one affects the styles and animations applied.

Misc

What’s in a Gnome? Well, a lot for non-profit Gnome Foundation, which recently challenged Groupon’s use of it’s trademarked Gnome namesake. Groupon attempted to strong-arm the small company and take over the “Gnome” name for it’s new tablet point-of-sale system. The non-profit then raised over $87,000 in donations to oppose registration for the trademark, and Groupon eventually backed-off.

So, you think you’ve got skills? Well, let The Skill Project be the judge of that. Their aim is to build the largest, most accurate skills database ever made by allowing a diverse and skillful community to contribute their individual skills to a global map. The thinking is that humans have been around for centuries, yet we have no actual comprehensive database of all the various human skills.


With that, we’ve reached the finish line of Week 46. Come on back around next week for another full serving, and we’ll have you covered. And as always, please do leave a thought or comment below – we’d love to hear from you!