HTTPS Changes in Firefox and Chrome

For as far back as I can remember, browsers have always denoted HTTPS pages with a padlock icon, a tiny warning to let you know that anything you submit on the specific page will be securely encrypted. As with all never-changing warnings though, I imagine you’ve stopped noticing it as much as you used to years ago, and that effect combined with HTTPS usage reaching over half of all web pages and the popularity of extensions like HTTPS Everywhere, has spurred some changes in how Firefox and Chrome approach this.

Launched this week, Firefox 51 and Chrome 56 have reversed that age-old warning. Login forms over HTTP now display a “Not Secure” warning. This new warning should be enough to catch the attention of those of us who have begun to ignore the time-honored padlock, but I imagine site owners might be caught a bit off guard.

If you own a site with a login form over HTTP, don’t worry (sort of), your login form isn’t suddenly not secure … it has never been secure. If you’re the only person who uses that login form, and you never use it over a public internet connection, you generally have nothing to worry about.

If other people are expected to log in to your site over HTTP, or you often log in over a public internet connection, it’s time to start moving your site over to HTTPS. You’ll need to acquire an SSL/TLS certificate from a certificate authority to being with, and in the past those have been ridiculously expensive, but all of that changed when Let’s Encrypt premiered, offering free SSL/TLS certificates for everyone. Today, you’ll most likely find that your hosting provider either offers free or incredibly inexpensive certificates, like all of WordPress’s recommended hosting providers do (as does my hosting provider, Pressable). If your hosting provider still wants to charge you a ridiculous rate for a certificate, you might as well take this opportunity to check out the rapidly growing list of hosting providers who offer free Let’s Encrypt certificates.

Once you have your certificate, setting it up is generally just a matter of consulting the documentation from your hosting provider (though this is typically automated if you acquire the certificate from them) and your website’s software. If you use WordPress, the process is very simple.

As site owners, let’s do what we can to proliferate HTTPS and thus provide a more safe and secure web for everyone.

Firefox and Videos without Flash

firefox300Update: On July 13, 2015 (almost a year after the publication of this post), Firefox 35 was released, finally bringing native H.264-encoded MP4 support to all desktop platforms.

I really want to love Firefox again, I really do. It’s open source, the add-on library is massive, and (because it’s open source) it’s really easy to get involved. I had used Firefox for everything for quite a long time, but then I got tired of Flash, and that’s when Firefox fell apart for me.

You see, it’s 2014, and videos online are a very popular thing. Probably 20% of the pages you view on a daily basis have a video embedded somewhere. Most of these videos are H.264-encoded MP4s, fewer are WebM (either VP8 or VP9), and even fewer are OGG (seriously, try to find an embedded OGG video outside of Wikipedia). To get an idea for the magnitude of this situation, YouTube (the largest online library of embed-able videos in existence) still has not finished transcoding their entire library (all currently available as H.264-encoded MP4s) to WebM, and Vimeo (the second largest) only uses H.264-encoded MP4s with no plans to transcode their library to WebM or OGG.

Well, can you guess what Firefox on a Mac still doesn’t support? If you guessed H.264-encoded MP4s, you’re right! You also get a lesser prize if you guessed VP9-encoded WebMs, which really aren’t all that popular yet.

If you really want to view the most popular online embedded video format with Firefox on a Mac, you will need to install Flash. Firefox on Windows and Linux has supported H.264-encoded MP4s natively without Flash for quite some time, but not Firefox on a Mac. The people behind Firefox on a Mac don’t want to support H.264-encoded MP4s natively without Flash, because H.264 is a proprietary codec, meaning it’s not open source.

Well, I ask you, what is Flash then? Flash is proprietary software, it’s not open source either. Firefox’s solution to viewing the most popular video format online is to install proprietary software, which brings me to a very important question. If I need to install proprietary software to view the most popular video format online, why don’t I simply use a proprietary browser (like Safari or Chrome) instead of Firefox and continue to not use Flash?

Really, Firefox, what is the point if not to spread the value of open source software by making the web a better place through a free and open source browser which simply offers the best possible web experience to the average user? If you do not provide the ability to view the most popular video format online without the help of proprietary software, you have made the web a worse place for your users and damaged your efforts to promote open source software by promoted a piece of proprietary software as the only solution to a problem which almost every single one of your users will face.

Now, to be fair to Firefox and anyone reading this article searching for a solution, you can install Greasemonkey and ViewTube to view videos on the video sites themselves (YouTube, Vimeo, etc) without the need for Flash, but due to the limitations of these types of scripts, it will not work for videos embedded elsewhere, like the Vimeo video embedded below. This is not a solution, as more videos are consumed via embeds elsewhere than on the video sites themselves. The solution is to bring native H.264-encoded MP4 support to Firefox so that users no longer need to rely on proprietary software to view the most popular video format online.

(Note: The content of the above video from The Sunday Times: Culture is not related to this rant, except for the fact that it’s an amazing embed-able H.264-encoded MP4 video that you still can’t view on Firefox without the help of Flash.)

Your move, Firefox.