Mozilla fires a wild shot.. hits wrong guy.

[IanMacdonald]

Mozilla have stated an intention to cause new HTML/css markup to deliberately malfunction if the webserver the site is on isn't using HTTPS.  Evidently, the next iteration in their  version of MITM McCarthyism. (Your ISP must NOT be trusted under ANY circumstances... but advertisers, naturally, are saints.  )

This is a dumbass thing to do anyway, but what they seem to have failed to notice is that software developers are not the people responsible for maintaining webservers. Typically, that would be the end user's hosting company. If the end user insists on choosing a host with no SSL, then there's really not much the coder can do about it.

Yet, it will no doubt be the software developer who gets badmouthed when the code malfunctions.   

[rsjsouza]

Oh, then THAT is what's going on?!? I noticed their latest browser incarnation messes up several click and radio buttons that otherwise work perfectly using a different browser.

[radar_macgyver]

Mozilla have stated an intention to cause new HTML/css markup to deliberately malfunction if the webserver the site is on isn't using HTTPS.

Citation needed.

My understanding is that *new* features introduced will not be available unless they are requested from a secure context (one of the ways something's in a secure context is that the origin is an https connection). This is a good thing. I wouldn't want, for example, WebAssembly code to be delivered to my browser over an insecure connection where malicious (or plain buggy) code could be inserted. Older features (all of html4, most of html5) are not affected by this. Also, Chrome has already been doing this for a while.

[cdev]

How can you see whats getting sent back and forth during, for example, over web sockets?

Also, both Chromium and Mozilla keep changing preferences that I attempt to set to what I consider to be secure settings, changing them back. Its impossible to keep up with the changes they make.

Also, Chromium and Mozilla both make numerous requests to their mother ship that it seems cannot be turned off, period.

Please correct me if I'm wrong on this but it seems to me that the number of these issues is increasing rapidly. Its like a slight of hand trick where they try to confuse the eye.

[Red Squirrel]

I realize they want to try to force HTTPS, but deliberatively breaking stuff is not the way to go about it.  They already have warnings if a site is not HTTPS and you go to put a password, I think warnings like this are a good idea, and sufficient.

I recently converted my sites to HTTPS using Letsencrypt. It's great that it's free and mostly automated.

[james_s]

I dumped Firefox back when they ruined the UI with Australis, that was the final straw after repeatedly breaking/removing/changing things I used. Been using Pale Moon and Cyberfox since then and haven't missed Mozilla.

[hli]

I realize they want to try to force HTTPS, but deliberatively breaking stuff is not the way to go about it.

They do not break stuff. Anything that works now will work in the future. When you want to use a new CSS / HTML / whatever feature, you need to use HTTPS. How is that breaking things? Its your decision - stay with HTTP and keep your site as it is, or go to HTTPS and use new features.