[nmglug] Let's Encrypt
Anthony J. Bentley
anthony at anjbe.name
Tue Oct 4 22:20:27 PDT 2016
Hi Mars,
J. Marsden DeLapp writes:
> One little twist is that I have weather stickers (images) on my home
> page that come from http://weathersticker.wunderground.com and
> consequently that causes a warning that "parts of the page are not
> secure".
This is called "mixed content." Any HTTP resources, even on an HTTPS
page, can be sniffed by passive attackers and modified by active
attackers. All in all, a good thing to avoid in general.
My understanding is that modern browsers block HTTP JavaScript, CSS and
iframes on HTTPS pages, but don't block HTTP images (yet). I would not
be surprised if policies changed in the future to block insecure images
as well.
> I could install a weather station and connect it to my network and HVAC
> system and write a bunch of software to maximize my comfort.
>
> I could get up from my computer and stick my head out the window to see
> what the weather is like.
>
> And my last option is to ask for help. Anyone know of a good way to
> show current weather on a https site?
Here's a working one from AOPA, although it's not very pretty:
https://www.aopa.org/airports/KABQ/embed/wx
www.weather.gov used to provide graphical widgets, but they now 404:
http://www.nws.noaa.gov/widgets/fcst_widget_displays.php?id=KABQ
The feds provide several web APIs for weather data; Weather Underground
does too. So you may want to look into a server-side solution.
Or you could complain to Weather Underground to support HTTPS for those
stickers... but they seem to be an old feature that they may not care
about anymore.
--
Anthony J. Bentley
More information about the nmglug
mailing list