HTTPS-only mode (is briefly mentioned and I recommend to LWN readers)

Posted Jun 13, 2024 12:36 UTC (Thu) by mbunkus (subscriber, #87248)
In reply to: HTTPS-only mode (is briefly mentioned and I recommend to LWN readers) by jch
Parent article: Firefox 127.0 released

Use sub-domains: *.it-department.myimaginarycompany.de Or even use something your official domain is not a suffix of.

HTTPS-only mode (is briefly mentioned and I recommend to LWN readers)

Posted Jun 13, 2024 16:10 UTC (Thu) by mikebenden (guest, #74702) [Link] (2 responses)

> Use sub-domains: *.it-department.myimaginarycompany.de Or even use something your official domain is not a suffix of.

Yeah, but now you're just reinforcing jch's point: I have a box serving static content (file downloads, replacing ye olde ftp server) for public unauthenticated access.

I don't need, nor do I want, the hassle of having to ssl/https-ify this box just because browser developers decided, in their wisdom, that their users are too dumb to be trusted to access plain unauthenticated http web sites :)

This situation is getting hilariously stupid. If my browser starts dictaging policy to me, and I can't disable that "feature" (because in practice it's WAY too much hassle to patch out undesireable behavior from a browser), then it's free/open source in name only ("de jure", fine, OK, but no longer "de facto")...

That, in a nutshell, is why we need a third party browser, one that respects the idea that really Free software ought to side with its *user*, not enforce some overbearing idea of "developer knows best", through either closed source or through the sheer PITA that is rebuilding currently available open source with all this crap edited out...