Oops! Something went sideways.

Looks like the styling got goofed up. Sorry about that, unless it's what you wanted. If this isn't what you were looking for, try force refreshing your page. You can do that by pressing Shift + F5, or holding Shift and clicking on the "reload" icon. (It's the weird circle arrow thing "⟳" just above this page, usually next to where it says https://blog.unitedheroes.net...)

isn't quite ashamed enough to present

jr conlin's ink stained banana

:: Black Electrical Tape Based Security

So, both Apple and Google have decided to be quiet about letting you know a page is not as secure as it should be. Instead of showing you a warning, they’ve opted to just show the page as insecure and not raise any concerns. It’s a fair point. Most folks STILL don’t know to look for the “lock icon” showing that a site is running a secure connection. Heck, this block runs in the clear currently. Why bother the user’s pretty little head with scary symbols?

Well, probably for the same reason that if your Factory Authorized Vehicle Service told you “Oh that? Yeah, just put some black tape over that “Check Engine” light. It’ll be fine!” you’d probably consider going somewhere else to get your brakes checked.

The problem is that the page has said “i’m going to be secure. Everything we talk about is going to be encrypted. It’s safe here, so you can talk about anything.”

Only it’s not. It’s invited friends, some of which can’t keep their mouths shut.

So the browser has instead said “Yeah, no, this isn’t a safe spot, so no encryption. No lock for you, but it’s a normal page.”

But it’s not. The site is going to do things based on the idea that the page is safe, like ask your for passwords or personal info. Sure, you may realize that it’s a bad idea, but the folks far less familiar with security (that would be the VAST MAJORITY of people online) will look at the happy plain-gray icon and feel it’s A-OK to type in their credentials, because there’s nothing to scare them off from doing it.

Thing is, i get some of the complaints. Sure, it’s annoying that you’ve got some jpgs on a CDN, and sure, it’s hard to make a page that doesn’t specify scheme, but yeah, no. You might feel a tad differently if there’s a rogue bit of javascript reporting back keystrokes.

Yes, having that odd looking icon is troubling and confusing to users. That’s kind of the point. It’s the proverbial “Check Engine” light of the internet and yes, there’s going to be some users that happily ignore it and horrible things will happen to them. Those folk are doomed to their gleeful ignorance regardless.

i’d rather not doom the small percentage of folks that have Darwin-like evolved to look for those warning signs.

Oh, and by the way? Go secure your site. It’s free now.

And then this happens:

Blogs of note
personal Christopher Conlin USMC memoirs of hydrogen guy rhapsodic.org Henriette's Herbal Blog
geek ultramookie

Powered by WordPress
Hosted on Dreamhost.