Chrome 70 drops HTTPS certificate provider Symantec

[labbe5]

https://techcrunch.com/2018/10/08/chrom ... ccounter=1

Chrome 70 is expected to be released on or around October 16, when the browser will start blocking sites that run older Symantec certificates issued before June 2016, including legacy branded Thawte, VeriSign, Equifax, GeoTrust and RapidSSL certificates.

[Mike Walsh]

I'm assuming this means that all Puppians will only be able to access the Forum using Firefox in a fortnight's time.

I'm the last person to say anything negative about John de Murga's generosity in providing the Forum for our use.....but I very much doubt John is using up-to-date certificates.

With the reported 'breaking'of so many sites predicted, it's going to make me question the wisdom of even bothering to continue producing the Chrome packages in future. Kind of a paradox, producing packages for one browser, then needing to use a different one to inform Puppians of their availability.....

Time will, unfortunately, tell on this one, I feel. That said, apparently there are organisations which are offering totally free HTTPS replacement certificates, referenced in some of the linked article's comments.

Perhaps this could be an opportunity for John to upgrade the site's status at no extra cost.....and in the process, silence some of the native 'critics' who've been bitching about this very item for the last few years? I'm sure I don't need to mention names; y'all know who you are, I daresay.....mostly regular habitués of the 'Security' sub-forum!!

We shall see.


Mike.

[s243a]

I'm assuming this means that all Puppians will only be able to access the Forum using Firefox in a fortnight's time.

I'm the last person to say anything negative about John de Murga's generosity in providing the Forum for our use.....but I very much doubt John is using up-to-date certificates.

With the reported 'breaking'of so many sites predicted, it's going to make me question the wisdom of even bothering to continue producing the Chrome packages in future. Kind of a paradox, producing packages for one browser, then needing to use a different one to inform Puppians of their availability.....

Time will, unfortunately, tell on this one, I feel.


Mike.

I think I have a browser fetish because I seem to install many different ones. Please continue with the firefox and Chrome versions even if one day we can't access this forum with them.

P.S. this forum is not using https, so this topic doesn't directly apply to this forum.

[Mike Walsh]

@ s243a:-

P.S. this forum is not using https, so this topic doesn't directly apply to this forum.

If only that were the case. Unfortunately, what Google will be doing from Chrome 70 onwards is to refuse access to any site which doesn't provide 'https' signing at the beginning of its URL.

The Forum uses 'http'. Chrome will see this, flag it as 'insecure', and instead of accessing it, will throw up 'insecure' error messages instead.....

I follow the official Google Chrome blog on a semi-regular basis, and this is exactly what they've been explaining about for over a year now. I have to wonder how long it will be before Mozilla also take this same route; I believe they've already taken small steps in this direction already...

Don't get me wrong; if 'HTTPS' signing makes the net more secure for everybody, then eventually it'll only make sense for every site to follow suit, I guess.


Mike.

[rufwoof]

If you block google via your /etc/hosts (and facebook/youtubes) as per the first two posts in this thread ... https://forums.radioreference.com/compu ... -file.html your browser will really fly (indicative of google increasingly being malware that really slow things down).

You can dynamically exchange /etc/hosts for the times you might want to watch youtubes or whatever.

If google start censoring what sites you can/cannot see, then I'll opt for an alternative. Increasingly http(s) is becoming just one big ad service, a primary reason why other protocols are again rising in popularity (just hope the contagion doesn't spread into other protocols).

[Mike Walsh]

@ rufwoof:-

I shall just stick with Chrome 69 for 64-bit, in exactly the same way as I've stuck with Chrome 48 for the 32-bitzers in the kennels. It works , so I'll continue to use it.

Chrome 69 won't be 'deprecated' anytime soon.


Mike.

[perdido]

Simple workaround for all you chrome users. Quit.

The biggest information thief is worried about your security so badly they will censor the internet for your own good

cen·sor/ˈsensər/
noun

an official who examines material that is about to be released, such as books, movies, news,
and art, and suppresses any parts that are considered obscene, politically unacceptable, or a threat to security.
(in ancient Rome) either of two magistrates who held censuses and supervised public morals.

Its funny to see people complain about and then continue using the google "free" products.


.

[Mike Walsh]

Simple workaround for all you chrome users. Quit.

The biggest information thief is worried about your security so badly they will censor the internet for your own good

cen·sor/ˈsensər/
noun

an official who examines material that is about to be released, such as books, movies, news,
and art, and suppresses any parts that are considered obscene, politically unacceptable, or a threat to security.
(in ancient Rome) either of two magistrates who held censuses and supervised public morals.

Its funny to see people complain about and then continue using the google "free" products.


.

@ perdido:-

And constant, never-ending 'sniping' gets boring. Fast.

You dislike Google, and prefer Firefox. No problem. Each to their own.

I've used Chrome since day one.....and still believe it to have been, for the greater part of the last decade, a superior browser. Quantum is, however, changing my opinion on that score, since at long last it's what it should have been, years ago.....were it not for the continual 'in-fighting' between the Mozilla devs.

I don't believe I've ever once, anywhere in this forum, actively criticised or 'moaned' about Google products. I still use the Drive, now in preference to my MediaFire a/c, since they started getting 'awkward' about a lot of things, several months ago. G-Drive, conversely, has never once given me issues. And Fred's excellent G-Drive GUI has made it even easier to access it, if I don't want to do so in the browser itself.

It's a free world, after all. The choice is available, here in the western world, and individuals would be foolish not to make use of that fact while they're able to.

But some folks just enjoy sniping. However, I've said my piece, and won't be drawn any further on the matter. You may respond if you wish, and remain happy, secure in the knowledge that you've 'had the last word'.

Live and let live, that's my motto.


Mike.

[bigpup]

We are Chrome!
Resistance is futile!

We are Google!
There will be no resistance!

Nothing is wrong with your computer.
Do not attempt to change the browser.
Because I am controlling the transmission.
I control the horizontal.
I control the vertical.
And those buttons on your mouse and keyboard that don't seem to do anything!
I know what they're for!
From this moment on, your computer belongs to me—

You have entered the Outer Limits of the Twilight Zone!

WE are watching you

[perdido]

Simple workaround for all you chrome users. Quit.

The biggest information thief is worried about your security so badly they will censor the internet for your own good

cen·sor/ˈsensər/
noun

an official who examines material that is about to be released, such as books, movies, news,
and art, and suppresses any parts that are considered obscene, politically unacceptable, or a threat to security.
(in ancient Rome) either of two magistrates who held censuses and supervised public morals.

Its funny to see people complain about and then continue using the google "free" products.


.

@ perdido:-

And constant, never-ending 'sniping' gets boring. Fast.

You dislike Google, and prefer Firefox. No problem. Each to their own.

I've used Chrome since day one.....and still believe it to have been, for the greater part of the last decade, a superior browser. Quantum is, however, changing my opinion on that score, since at long last it's what it should have been, years ago.....were it not for the continual 'in-fighting' between the Mozilla devs.

I don't believe I've ever once, anywhere in this forum, actively criticised or 'moaned' about Google products. I still use the Drive, now in preference to my MediaFire a/c, since they started getting 'awkward' about a lot of things, several months ago. G-Drive, conversely, has never once given me issues. And Fred's excellent G-Drive GUI has made it even easier to access it, if I don't want to do so in the browser itself.

It's a free world, after all. The choice is available, here in the western world, and individuals would be foolish not to make use of that fact while they're able to.

But some folks just enjoy sniping. However, I've said my piece, and won't be drawn any further on the matter. You may respond if you wish, and remain happy, secure in the knowledge that you've 'had the last word'.

Live and let live, that's my motto.


Mike.

Sorry I hurt your feelings but the post was not aimed at you, just those that complain about google but refuse to quit.
Deal with it.

.

[8Geee]

Well, the Google swipe at Symantec is actually old news. The fact that 'old' Certs are cancelled like a stamp is for Symantec's own good. No, I don't think Google is the good guy here, just protecting their monetizing.

If you're a Google person or an Apple person or a Microsoft person, most of the opines here regard the sheeple nature of being such. And I find it personally amazing how each of those three people regard anything else as bad/destructive. Such regards almost define the slang-word sheeple.

Regards
8Geee

[mikeslr]

Hi Mike,

Your time and how you use it are your own. So, I can only request that even if you don't spend much of it churning out Google-Chromes that you spend a little of it keeping track of what pitfalls Google-Chrome may throw up in the future.

I really don't have a strong preference for either the "Chromes" or the "firefoxes". About an hour ago I opened firefox with the idea of printing driving directions as I actually wanted to get someplace tomorrow without wasting a lot of time. [My middle name is Wrongway]. And to get directions, I like Mapquest, not just because it isn't Google, but because where there is a choice, you can select between different routes. If you know the traffic patterns during rush-hours, you know that what may be the fastest route other times may not be at those times.

Guess what. Firefox wouldn't let me use Mapquest. It insisted that I install the Mapfox addon which doesn't provide any choice of routes. I had to open Google-chrome in order to access Mapquest.

"Power corrupts and absolute power corrupts absolutely." Lord Acton. In the games played for control among government agencies and corporations we, the people, are always the losers. Where are the Teddy Roosevelts when we need them?

[dancytron]

Hi Mike,

/snip

Guess what. Firefox wouldn't let me use Mapquest. It insisted that I install the Mapfox addon which doesn't provide any choice of routes. I had to open Google-chrome in order to access Mapquest.

"Power corrupts and absolute power corrupts absolutely." Lord Acton. In the games played for control among government agencies and corporations we, the people, are always the losers. Where are the Teddy Roosevelts when we need them?

I just tried mapquest. I was able to get directions, choose between 2 routes, switch to the printable view and then print it without any problem at all. That is on the latest firefox with ublock origin and tracking blocked.

There was a little ad for the Mapfox addon thing, but I didn't press it and it didn't make any difference. A link for hotels got past my ad blocker but it didn't effect the functionality at all.

Not sure what your problem was.

[Moat]

... what Google will be doing from Chrome 70 onwards is to refuse access to any site which doesn't provide 'https' signing at the beginning of its URL.

Hmm - I'd hafta' think there would be a background/hidden config setting ("chrome:settings", or whatever Chrome uses) that would allow disabling this action...?? If so, you could possibly disable it pre-packaging, and continue on making your packages as usual (with an added note/caveat about this feature being disabled).

First thing I do on my Firefox installs is go through it's "about:config" and disable all such nanny stuff. I know exactly where I'm going, what I want to do and accomplish while on the web - I need no nannies nagging and forcing me otherwise. I'll get bitten on my own dime - thank you very much - if I'm being foolish while doing so.

What's the old sentiment... "Make a truly idiot-proof product for your users - and what you'll end up with is creating a bunch of users whom are idiots"... or something like that. These types of "bad" moves are ultimately functionally crippling otherwise excellent computing products/applications, and thus computing itself - indeed, letting "one bad apple spoil the whole bunch (girl)", via FUD and other sneaky tactics. Aarghh...

Bob

[BarryK]

My new easyos.org has SSL. My host omnis.com offered Let's Encrypt, a free SSL certificate provider:

https://letsencrypt.org/

It seems to be working OK. Maybe John could use this for the Puppy Forum?

[mikeslr]

Hi All,

Following dancytron's post above, I did the same. But this time I was on my computer running Xenialpup64. My previous experience was on my wife's Window 10 computer which is attached to the printer. The MapFox "offer' took up half the screen, was in the center and did not have a close button.

Maybe I just don't understand Windows 10. Maybe the ploy hasn't yet been ported to Linux versions of firefox.

[Mike Walsh]

Following a read of an article on CNet, I felt some 'clarification' was in order.

The Forum will still work with Chrome 70, albeit with stronger warnings about being insecure.

The original post is about certain supposedly 'secure' sites that will run into problems; any site, in fact, with a certificate issued by Symantec (following a fall-out between Google's top brass and those at the helm of the company that brings you Norton AntiVirus, amongst others.)

-----------------------------------------

The following article was written back in late July, just to give context to date references.

From CNet, the 'roadmap' of the changes expected with the recent versions of Chrome (and those yet to arrive):-

"What'll I see in Chrome with an HTTP website?

Chrome's changes have been gradual, starting with the Chrome warning plan way back in 2016 and continuing with a warning in February that the HTTP "not secure" alert would arrive in July. Here are the steps in the transition.

Right now if you visit an HTTP website, Chrome shows a circled "i" icon to the left of the address denoting an opportunity for more information. If you click it, Chrome says, "Your connection to this site is not secure." That's not particularly alarming, though it isn't as comforting as the green padlock and word "secure" shown there for an HTTPS-protected connection.

Starting Tuesday with Chrome 68, an HTTP connection instead will show the words "not secure" alongside the information icon.

Then Chrome 69, due in September, will emphasize that secure HTTPS connections are ordinary, not something surprising, by dropping the green color for the padlock icon and "secure" word it shows now. Instead you'll see a less noticeable black lock, Google said in a May blog post. At some point later, that lock will disappear as Google tries to convince us that HTTPS should simply be what we expect.

Last, in October, Chrome 70 will take a more aggressive stance against unencrypted HTTP sites by changing the black "not secure" warning to a more alarming red color."

And there you have it. So I must apologise for perhaps misleading y'all, by being 'alarmist' over this one.....!

----------------------------------

Barry himself, a couple of posts back, mentioned Let'sEncrypt. At one time, the obtaining of encrypted HTTPS certificates meant jumping through many hoops, and was also quite expensive. But the afore-mentioned people now issue digitally-signed HTTPS certificates for free in just a matter of minutes.

"Why haven't we been using HTTPS all along?

HTTPS is decades old, but in the early days of the web, it was only used to protect us when typing obviously sensitive data like passwords and credit card numbers into websites.

Why was it unusual? Years ago, HTTPS taxed server processors and network speeds, and website operators had to pay for certificates that enabled the feature. The performance problems have long been solved, though, and an effort called Let's Encrypt -- sponsored by Google, Facebook, Mozilla, Akamai, Cisco Systems, Brave and the Electronic Frontier Foundation, among others -- means certificates are now free, and issued almost immediately."

Hardly surprising to see Google's name at the front of the list of 'sponsors', eh? With Chrome's market share approaching 60 %, this does, of course, give them even more global 'clout' than ever.....

However, some individuals believe an even more aggressive stance should be taken against websites that refuse to 'toe the line':-

"Google's choice to call out HTTP sites as insecure, though, means there's a strong new incentive for website operators not to put it off anymore.

Some would like to see browsers make us jump through even more hoops to load HTTP websites. "Users should have to opt-in to putting themselves at risk," said Josh Aas, executive director of Let's Encrypt. "Nobody is saying the old unmaintained websites have to be taken down. But it's absolutely not worth putting everyone at risk, by default, just to enable viewing historic or unmaintained websites.""

That last bit really smacks of 'Big Brother' and 'the nanny-state', don'tcha think?

(*jeez*)


Mike.