More on HTTPS

Chrome-SecureDo you remember this TechBits post about http and https? If you have time, read it over again and be sure to watch the 3-minute CommonCraft video because you're going to be hearing a lot more about https in upcoming months.

What are the advantages of https?

  • Confidentiality - information is passed securely between websites and browsers
  • Authenticity - when you see that little lock, you know you're really talking to the website that belongs to that name
  • Integrity - that lock indicates that the content of the site hasn't been changed by a 3rd party on its way to your browser

Chrome and Firefox are the browsers at the forefront of the push to move all sites to https. They already warn you that a page is "not secure" if it is http and prompting you to put in a username and password.  Very soon (July 2018 for Chrome), they will be alerting users that ALL http pages are "not secure."

The winds of change are blowing
As websites move to https, a couple of things will happen:

  • Everyone with a website will be scrambling to configure their sites to be https
  • Very old browsers may not be able to use https sites

SCLS has a team of folks looking at what needs to happen to move SCLS websites and SCLS-hosted library websites to https, and we and will be sharing more information on the SCLS Technology News blog and in Top 5 emails as we have more details. If your library has a website that isn't hosted with SCLS, you may need to look into what steps to take to enable https for your website.

In the meantime, if you're looking for some more in-depth information, try these posts:

Printing in Landscape Mode

    It's not often that I need to print a webpage in landscape mode. I found the other day that I needed to however because the site had a lot of information that became squished and hard to read in standard portrait mode.  I wasn't sure if users knew this was possible within web pages and not just reserved for Microsoft Office Documents.  Each browser is capable of this and the steps slightly vary between them.

Google Chrome:   Printing in Chrome

    At the print preview screen:  

        Select the drop down box next to Layout and select Landscape.

FireFox:   

    At the print preview screen:

        Select Landscape within the top menu bar.

Internet Explorer:   

    At the print preview screen:

        Select the icon with the sideways paper for Landscape.

Microsoft Edge:   

    At the print preview screen:

        Select the drop down box next to Orientation and select Landscape.

Gone in a Flash

Adobe_Flash_Player_v10_icon

This week, Adobe announced it plans to stop updating and distributing Flash at the end of 2020. While this will come as a bit of a relief to some due to the seemingly never ending circle of vulnerabilities, warnings that your Flash player was out of date and updates, it does mean that any site that relies on Flash will need to transition to a different format such as HTML5, WebGL or WebAssembly.  (Flash updates are one of the reason we love Ninite.)


A number of browsers have already switched to asking to run Flash by default and, as it gets closer to the deadline, Chrome, Internet Explorer, Edge and Firefox will start disabling Flash by default. It will still be possible to enable it for a website until Adobe ceases support in 2020. Facebook has also said that they will shut off Flash games by the end of 2020.


So if your website still relies on Flash, you’ll need to start looking at the alternatives.  (And if there's a game you haven't finished yet that may not get updated, you might want to finish it too.)

Non-secure HTTP

In recent months, you may have noticed browser icons and messages like these...

Notsecure--mypc

What's going on?

Earlier this year, certain browsers began to warn users when they visit a login page that doesn't use https. Https is a secure version of the http protocol used to pass information between websites and browsers and is commonly used by websites passing usernames/passwords, credit card information, and other sensitive information.

There is a big push to implement https on all websites to help keep users' browsing and personal data secure. Not all websites currently use https, and it will take time to convert them. You may have already noticed some websites managed by SCLS have not yet made the jump, but some like LINKcat and the ecommerce payment website DO provide secure connections. In upcoming months, we will be working on converting more of the SCLS-managed sites.

In the meantime, remember: never (NEVER!) enter your credit card, social security number, bank information, or other super-sensitive information on a website that is NOT https.  ALL banking, tax, financial, and retail sites should provide https for security.

Want to know a little more about https and secure websites? Take a look at this short but informative 3-minute CommonCraft video!

Additional reading
A short tutorial on your browser's security features: http://www.gcflearnfree.org/internetsafety/your-browsers-security-features/1/
Mozilla's and Google's blog posts about https:

Guest Post: Open all in tabs

This guest post is from Nichole Fromm, a cataloger at Madison Public Library.

I rely on the browser trick "open all in tabs." Once you have a set of frequently-used tabs open in your web browser, you can bookmark/favorite the group as a folder, and later open the entire group in one step from the bookmarks/favorites menu (aka "open all in tabs").

Right click a tab and select Bookmark All Tabs

Name your group of tabs

Open all in tabs from the Bookmarks menu

Internet Duct Tape has a nice summary of the steps.

I have two folders that I use "open all in tabs" for. In Firefox, it's Koha staff access, GetIt, and Outlook webmail. In IE, it's the several ways my cataloging tasks are reported: Google form reply spreadsheets & shared Google docs, and file sharing/drop sites (OCLC ftp, the shared SCLS ILS reports folder), etc. Other folks would have their own favorites, but these help me stay on top of all the ways in which I need to keep on top of stuff.

F12 for website developer tools & device modes

Modern versions of Firefox, Chrome, and Internet Explorer each come with powerful tools for website development. In your browser of choice, hit F12 on your keyboard to toggle them on and off.

Screen shot of a website with Chrome DevTools & Device Emulation

Each browser offers variations on these tools, but these common utilities are my favorites:

A code inspector for viewing the page's HTML and CSS code and making on-the-fly edits to what you see onscreen. Edits made from the code inspector aren't saved anywhere—they only last until you refresh the page. Use it for: debugging tricky formatting, experimenting with new text or styling before actually making live edits.

A network tab reporting how quickly every component of the page loads, including total load speed and weight. Use it for: figuring out exactly which files may be slowing down the page.

Device modes for seeing how a web page looks on screens of varying sizes (with resolution presets for common devices). Use it for: checking how pages behave on small screens when you don't have access to the latest phones and tablets.

If you hit F11 by mistake, something scary happens—all your toolbars disappear! Your browser has gone full-screen. Take a deep breath, and hit F11 again to toggle full-screen mode off.

More about developer tools:

Browser plug-ins, a thing of the past

 

Cat_PluginsA browser plug-in (or plugin) is extra software installed on a PC that allows a browser to display additional content it was not originally designed to display.  Some examples of popular plug-ins are Flash Player, Java and Silverlight.  Plug-ins were created because, at the time, browsers were fairly immature and browser development was not happening fast enough, if at all.  So this created big opportunities for plug-in developers to create software that would expand the capabilities of browsers.

Now, let's talk about what the problems are with plug-ins.  The biggest problem that I see is  the fact that they are not very secure.  There have been numerous attacks through either Flash or Java and since everyone has the same plug-in an attack works across every browser and operating system.  Other problems include not working on different operating systems as they are designed to only work on certain ones or they can be be very unstable which can cause your browser to crash or just behave badly.  These are the reasons why Mozilla announced in 2013 that they would changing the way Firefox loads third party plug-ins such as Flash, Java and Silverlight. Google has also announced their three-step approach to plug-in elimination:

  1. In January 2015 they began blocking plug-ins by default.
  2. In April 2015 they will begin to disable Chrome's ability to run plug-ins at all, unless a user specifically enables it by setting a flag in Chrome's technical preferences.
  3. In September 2015, they will begin to completely remove all ability to run plug-ins from Chrome.

So now you're probably wondering, "If they're going away, what's going to be replacing them?".  The answer is that we are in a much healthier environment of rapid browser development (Firefox and Chrome both release a new browser version every 6-weeks) and web standards.  Many of the features plug-ins implemented are now being introduced in the form of built-in browser features.  Don't feel bad that plug-ins are going away -- they had their time and now like everything else on the Internet it's time for a change.

Duplicating Browser Tabs

Have you ever needed to duplicate a tab while browsing in your favorite browser?  I know I have and in the past what I would do is copy the web address, open a new tab and then paste the web address into the new tab.  This always seemed SO cumbersome and I thought: "There must be an easy, quicker, better way to do this!" So I went searching and found that there IS an easy way to duplicate a browser tab and it works the same in IE, Firefox and Chrome.  Here are the steps:

  1. Press Alt+D to move the focus to the location bar.
  2. While still holding down the Alt key press the Enter key.
  3. The current tab has now been duplicated.

That's it.  Easy as could be.

Office 365 Bookmarks Toolbar Shortcuts

The Office 365 rollout to the libraries has been going great so far and we are looking forward to other libraries coming aboard in the next couple months.  One topic that I’d like to address is the correct way to create an Office 365 login screen shortcut for your browser’s Bookmarks Toolbar.  We have had a few calls come in about this issue.

For most sites, the easiest way to make the shortcut is to open your browser, go to the website, then drag the icon (or lock) to left of the URL in the address bar to your bookmarks toolbar.   Unfortunately, if you do this with the mail.scls.info URL, your shortcut will end up only working temporarily.  After you go to mail.scls.info, your browser actually redirects you to a session-specific URL that only works for a short amount of time. Bookmark

Here is the correct way to make Bookmarks Toolbar shortcuts for each browser:

Firefox

  1. Open Firefox
  2. Right-click an empty area of your Bookmarks Toolbar
  3. Click New Bookmark…
  4. Name it something like Office 365 Login
  5. For the location, simply enter mail.scls.info
  6. Click Add

Chrome

  1. Open Chrome
  2. Right-click an empty area of your Bookmarks Toolbar
  3. Click Add Page…
  4. For the Name, delete what is already there and enter something like Office 365 Login
  5. For the URL, clear out what is there and enter mail.scls.info
  6. Click Save

Internet Explorer

  1. Open Internet Explorer
  2. Go to mail.scls.info
  3. Drag the icon to the left of the URL to your Bookmarks Toolbar
    Icon
  4. Right-click the new shortcut
  5. Select Properties
  6. Delete the URL that is listed and simply enter mail.scls.info
  7. Click OK

Easy way to clear a browser's cache

Do you want a quick and easy way to clear a browser's cache?  Well here it is:

  1. With the browser open, press Ctrl+Shift+Del
  2. Select what you want to delete (i.e. cookies, cache, etc.)
  3. Click the appropriate button at the bottom of the window to confirm the delete

Now isn't that easy.  The best part is that these steps work for IE, Firefox and Chrome.