One of the lingering "why do they do that" features of the internet is finally, albiet slowly, becoming a thing of the past: The loading of non-secured content on a secured page.
On May 23, Firefox 23 will be released, and by default, it will block any non-SSL content loading on an SSL page.
This means that any scripts, CSS, plugin contents, inline frames, fonts, or WebSockets that are loading with http instead of via https protocol will spark a notification to life.
Avoiding this mechanism will be images, video, or audio.
Which is good news for the unseemly side of the internet, in that it will still be possible to attack "secured" web pages via display content.
For the rest of us, it's means that if you run an SSL site, make sure it loads all of its content from an appropriate protocol.
By switching the security.mixed_content.block_active_content option in a copy of Firefox later than version 18, you can have it operate like Firefox 23 by default. For those that do not keep up with Firefox release numbers (who does?), that means the latest version of Firefox, 20, has it.
Some would say that it is a long way from software engineering to journalism, others would correctly argue that it is a mere 10 metres according to the floor plan.During his first five years with CBS Interactive, Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining the company as a programmer.Leaving CBS Interactive in 2010 to follow his deep desire to study the snowdrifts and culinary delights of Canada, Chris based himself in Vancouver and paid for his new snowboarding and poutine cravings as a programmer for a lifestyle gaming startup.Chris returns to CBS in 2011 as the Editor of TechRepublic Australia determined to meld together his programming and journalistic tendencies once and for all.In his free time, Chris is often seen yelling at different operating systems for their own unique failures, avoiding the dreaded tech support calls from relatives, and conducting extensive studies of internets -- he claims he once read an entire one.