And good riddance
January 7, 2016 9:53 AM Subscribe
I selfishly wish that instead of just no longer supporting those versions, that Microsoft would actively uninstall and replace with something easier to code for.
There's a surprising number of people in China using IE with XP. probably something to do with Google's status over there..
posted by mikhuang at 10:02 AM on January 7, 2016
There's a surprising number of people in China using IE with XP. probably something to do with Google's status over there..
posted by mikhuang at 10:02 AM on January 7, 2016
I think plenty of offices with cultures resistant to any sort of change will notice. I think you might be overestimating the cutting-edgeness of the vast majority of workplaces in this country; tons of people who know better are stuck using IE and for a lot of IT people (who did not themselves cause this problem and have likely been recommending an upgrade for years) this is likely to be a huge headache as they have to explain to people with no interest in what they have to say that yes, this change actually does need to happen now.
posted by Mrs. Pterodactyl at 10:05 AM on January 7, 2016 [22 favorites]
posted by Mrs. Pterodactyl at 10:05 AM on January 7, 2016 [22 favorites]
People commonly keep using all manner of software (and hardware) long after the maker has ceased support for them, just like most other things in their lives (appliances, tv's, cars, etc.) Most never notice the end of support. This is something only geeks tend to care about.
posted by Thorzdad at 10:06 AM on January 7, 2016 [2 favorites]
posted by Thorzdad at 10:06 AM on January 7, 2016 [2 favorites]
I had someone complain about a lack of IE6 support on one of my messageboards a month ago. So there are still people limping along with it. Microsoft has no one but themselves to blame for the bad reputation, because they tried pushing the whole, "No upgrades until the OS needs upgrading" nonsense. They conditioned a lot of users to stop upgrading their browsers which left a lot of people comfortable with a sub-par experience.
posted by inthe80s at 10:06 AM on January 7, 2016 [1 favorite]
posted by inthe80s at 10:06 AM on January 7, 2016 [1 favorite]
I'm impressed they kept to their original schedule from 2014.
Also, they do support IE 9 on Vista and Windows Server 2008, since they support the latest IE that each platform has. And Vista isn't going end-of-life until April 2017. (XP ended support in April 2014.)
posted by smackfu at 10:09 AM on January 7, 2016 [1 favorite]
Also, they do support IE 9 on Vista and Windows Server 2008, since they support the latest IE that each platform has. And Vista isn't going end-of-life until April 2017. (XP ended support in April 2014.)
posted by smackfu at 10:09 AM on January 7, 2016 [1 favorite]
As long as they can still be used to download Firefox or Chrome, no big deal.
posted by straight at 10:11 AM on January 7, 2016 [3 favorites]
posted by straight at 10:11 AM on January 7, 2016 [3 favorites]
The question is, will anyone notice? Even the people that are still running XP probably aren't using IE.
Au contraire mon frere.
Signed,
The Help Desk
posted by soren_lorensen at 10:11 AM on January 7, 2016 [51 favorites]
Au contraire mon frere.
Signed,
The Help Desk
posted by soren_lorensen at 10:11 AM on January 7, 2016 [51 favorites]
I wonder how this will affect South Korea.
posted by boo_radley at 10:12 AM on January 7, 2016 [1 favorite]
posted by boo_radley at 10:12 AM on January 7, 2016 [1 favorite]
I think plenty of offices with cultures resistant to any sort of change will notice.
In my experience it's not the stick in the mud people that are the issue. It's the fact that there are third-party mission-critical applications out there that are STILL having issues with running in modern browsers.
At my place of work we have to have an outdated version of IE installed AND Firefox installed to client sessions because we have both applications that don't work in modern browsers AND we're starting to see third-party sites that don't support OLDER browsers. So it's a mess!
posted by selfnoise at 10:15 AM on January 7, 2016 [24 favorites]
In my experience it's not the stick in the mud people that are the issue. It's the fact that there are third-party mission-critical applications out there that are STILL having issues with running in modern browsers.
At my place of work we have to have an outdated version of IE installed AND Firefox installed to client sessions because we have both applications that don't work in modern browsers AND we're starting to see third-party sites that don't support OLDER browsers. So it's a mess!
posted by selfnoise at 10:15 AM on January 7, 2016 [24 favorites]
The question is, will anyone notice? Even the people that are still running XP probably aren't using IE.
You haven't met my organization's customers. I think some of them are still running Windows ME.
posted by octothorpe at 10:19 AM on January 7, 2016 [3 favorites]
You haven't met my organization's customers. I think some of them are still running Windows ME.
posted by octothorpe at 10:19 AM on January 7, 2016 [3 favorites]
I have to use IE and use its developer toolbar to fake an older version to use our third party payroll site. Whee.
posted by kmz at 10:19 AM on January 7, 2016 [7 favorites]
posted by kmz at 10:19 AM on January 7, 2016 [7 favorites]
It's the fact that there are third-party mission-critical applications out there that are STILL having issues with running in modern browsers.
A lot of these date to the days before software-as-a-service, and so they are local installs of some web app that the company never paid for an update for.
posted by smackfu at 10:23 AM on January 7, 2016 [1 favorite]
A lot of these date to the days before software-as-a-service, and so they are local installs of some web app that the company never paid for an update for.
posted by smackfu at 10:23 AM on January 7, 2016 [1 favorite]
"We'll never totally eliminate stupidity in this world."
posted by wabbittwax at 10:25 AM on January 7, 2016 [8 favorites]
posted by wabbittwax at 10:25 AM on January 7, 2016 [8 favorites]
The question is, will anyone notice? Even the people that are still running XP probably aren't using IE.
Large organizations can be really slow to upgrade to new versions, because that involves (1) verifying that the latest version doesn't have any gaping security holes or business-killing bugs, and (2) preparing themselves to support the latest version. Now, when we're talking about, say, the US government, it's extremely likely that there are users of old versions of IE. Many departments will simply not allow their people to install another browser or more recent versions of IE on their workstations. So this is big for them, but it's even bigger for people who write software for large organizations. They (we) now don't have to test our web applications against every godawful version of IE that MS squeezed out over the last decade. What I'm saying is that this is great for me.
I have to use IE and use its developer toolbar to fake an older version to use our third party payroll site. Whee.
Wow, that's some epic awfulness. My sympathy, especially because things like that tend not to occur in isolation.
posted by Edgewise at 10:27 AM on January 7, 2016 [2 favorites]
Large organizations can be really slow to upgrade to new versions, because that involves (1) verifying that the latest version doesn't have any gaping security holes or business-killing bugs, and (2) preparing themselves to support the latest version. Now, when we're talking about, say, the US government, it's extremely likely that there are users of old versions of IE. Many departments will simply not allow their people to install another browser or more recent versions of IE on their workstations. So this is big for them, but it's even bigger for people who write software for large organizations. They (we) now don't have to test our web applications against every godawful version of IE that MS squeezed out over the last decade. What I'm saying is that this is great for me.
I have to use IE and use its developer toolbar to fake an older version to use our third party payroll site. Whee.
Wow, that's some epic awfulness. My sympathy, especially because things like that tend not to occur in isolation.
posted by Edgewise at 10:27 AM on January 7, 2016 [2 favorites]
I think plenty of offices with cultures resistant to any sort of change will notice. I think you might be overestimating the cutting-edgeness of the vast majority of workplaces in this country; tons of people who know better are stuck using IE and for a lot of IT people (who did not themselves cause this problem and have likely been recommending an upgrade for years) this is likely to be a huge headache as they have to explain to people with no interest in what they have to say that yes, this change actually does need to happen now.
Like the government. The agency I work for is perpetually 1-3 upgrade cycles back. We upgraded to Windows Vista in 2010, a year after 7 was released. We just got to Windows 7 in 2013, but the many legacy applications we are locked into meant that we were running IE 9 until literally the last 6 months, when they finally skipped all the way to IE 11, probably anticipating this move by MS.
posted by T.D. Strange at 10:29 AM on January 7, 2016 [4 favorites]
Like the government. The agency I work for is perpetually 1-3 upgrade cycles back. We upgraded to Windows Vista in 2010, a year after 7 was released. We just got to Windows 7 in 2013, but the many legacy applications we are locked into meant that we were running IE 9 until literally the last 6 months, when they finally skipped all the way to IE 11, probably anticipating this move by MS.
posted by T.D. Strange at 10:29 AM on January 7, 2016 [4 favorites]
I work for a very large financial institution. IE9 is the only browser we're allowed to use, on company-provided laptops, because they need the information to be secure.
posted by GhostintheMachine at 10:30 AM on January 7, 2016 [6 favorites]
posted by GhostintheMachine at 10:30 AM on January 7, 2016 [6 favorites]
I had someone complain about a lack of IE6 support on one of my messageboards a month ago.
We still use IE6 for some stuff at work because we have million+ dollar enterprise systems built around it. We're finally just upgrading those systems to use IE10....
The vast majority of us are still using XP. There's supposed to be a mass migration to Windows 7 happening soon, but it keeps getting delayed.
Luckily I can use an install of chrome for all web browsing and outside apps that aren't our legacy systems.
On preview: TD Strange, your workplace sounds like Heaven!!!
posted by mayonnaises at 10:31 AM on January 7, 2016 [1 favorite]
We still use IE6 for some stuff at work because we have million+ dollar enterprise systems built around it. We're finally just upgrading those systems to use IE10....
The vast majority of us are still using XP. There's supposed to be a mass migration to Windows 7 happening soon, but it keeps getting delayed.
Luckily I can use an install of chrome for all web browsing and outside apps that aren't our legacy systems.
On preview: TD Strange, your workplace sounds like Heaven!!!
posted by mayonnaises at 10:31 AM on January 7, 2016 [1 favorite]
IE9 is the only browser we're allowed to use, on company-provided laptops, because they need the information to be secure.
Similar here, dealing with many varieties of health records. Installing anything unapproved or trying to circumvent the browser restrictions is cause for a quick walk out the door with all your crap in a box.
posted by T.D. Strange at 10:35 AM on January 7, 2016 [1 favorite]
Similar here, dealing with many varieties of health records. Installing anything unapproved or trying to circumvent the browser restrictions is cause for a quick walk out the door with all your crap in a box.
posted by T.D. Strange at 10:35 AM on January 7, 2016 [1 favorite]
The question is, will anyone notice? Even the people that are still running XP probably aren't using IE.
Au contraire mon frere.
Signed,
The Help Desk
Yeah, I strongly suspect that most of the people who are still running XP (other than, perhaps, a specific circumstance such as compatibility with a required 16-bit application) are not the sort to get around to downloading and installing a different browser or even a newer IE version.
posted by Greg_Ace at 10:43 AM on January 7, 2016
Au contraire mon frere.
Signed,
The Help Desk
Yeah, I strongly suspect that most of the people who are still running XP (other than, perhaps, a specific circumstance such as compatibility with a required 16-bit application) are not the sort to get around to downloading and installing a different browser or even a newer IE version.
posted by Greg_Ace at 10:43 AM on January 7, 2016
Like the government. The agency I work for is perpetually 1-3 upgrade cycles back. We upgraded to Windows Vista in 2010, a year after 7 was released. We just got to Windows 7 in 2013, but the many legacy applications we are locked into meant that we were running IE 9 until literally the last 6 months, when they finally skipped all the way to IE 11
Yup. My org finally upgraded from Vista to Windows 7 in 2015, but we're still on IE9. Which is a problem, it turns out: we can't book our travel because the 3rd-party travel website requires an upgraded version of IE. The security protocols on our machines break our own training software, as well.
(And no, we cannot install Chrome or Firefox or anydamnthing on our machines. Except we're allowed to install our own desktop background photos. But not from Flickr, Instagram, or Google Photos, because those sites are all blocked or broken.)
posted by suelac at 10:47 AM on January 7, 2016 [1 favorite]
Yup. My org finally upgraded from Vista to Windows 7 in 2015, but we're still on IE9. Which is a problem, it turns out: we can't book our travel because the 3rd-party travel website requires an upgraded version of IE. The security protocols on our machines break our own training software, as well.
(And no, we cannot install Chrome or Firefox or anydamnthing on our machines. Except we're allowed to install our own desktop background photos. But not from Flickr, Instagram, or Google Photos, because those sites are all blocked or broken.)
posted by suelac at 10:47 AM on January 7, 2016 [1 favorite]
there are many applications where upgrade just isn't a real possibility. Sitting on my bench right now is a spectrum analyzer that is running windows NT, an impedance analyzer that runs XP and VNA that runs DOS and a logic analyzer that runs a steam powered version of HP/UX . NONE of these machines are upgradable to a newer OS. at all. period.
any one of those machines is $40-150k (or even more in one case) to get a new one running a current OS. that doesn't count the massive and expensive time and money investment to re-write any automation, control or analysis software that was made in-house and built around those specific machines. Until an instrument becomes unable to make a measurement with confidence it won't be replaced. which given the reliability of some instruments we have from the 1970s,
won't be any time soon. In the mean time we perform computational and infrastructure gymnastics to keep what we have protected from malware and preserve old PCs that work with those instruments frozen in amber.
there are whole labs like this representing massive sums of money.
posted by Dr. Twist at 10:51 AM on January 7, 2016 [16 favorites]
any one of those machines is $40-150k (or even more in one case) to get a new one running a current OS. that doesn't count the massive and expensive time and money investment to re-write any automation, control or analysis software that was made in-house and built around those specific machines. Until an instrument becomes unable to make a measurement with confidence it won't be replaced. which given the reliability of some instruments we have from the 1970s,
won't be any time soon. In the mean time we perform computational and infrastructure gymnastics to keep what we have protected from malware and preserve old PCs that work with those instruments frozen in amber.
there are whole labs like this representing massive sums of money.
posted by Dr. Twist at 10:51 AM on January 7, 2016 [16 favorites]
Even the people that are still running XP probably aren't using IE.
We're allowed to install other browsers and I still see plenty of coworkers going with IE. The government people that we work with are required to use IE. Many services that I need access to for my job do not work in any browser other than IE.
posted by backseatpilot at 10:58 AM on January 7, 2016
We're allowed to install other browsers and I still see plenty of coworkers going with IE. The government people that we work with are required to use IE. Many services that I need access to for my job do not work in any browser other than IE.
posted by backseatpilot at 10:58 AM on January 7, 2016
doctor_negative: "The question is, will anyone notice?"
Yes. For the past few months, the sites that my company runs have all been displaying a message similar to this one. It's very difficult to ignore.
Good riddance to IE8.
My industry is definitely starting to see less tolerance for supporting ancient technologies. If fewer vendors "enable" their customers to run ancient/insecure software, it becomes harder for those customers to demand that we support those ancient browsers (and we don't have to worry about losing their business). In turn this cuts our support costs pretty significantly. It's not particularly difficult to support old browsers that are missing modern features --- however, it's excruciatingly difficult to support IE7/8, which didn't implement several standards correctly, making it difficult to write pages that would render correctly across multiple browsers.
Simply put, there is no rational argument for requiring your users to use IE8 as their default browser. There's no way that these organizations are actually saving money on support/maintenance by requiring their users to stick with IE8 as their only browser.
T.D. Strange: "we were running IE 9 until literally the last 6 months, when they finally skipped all the way to IE 11, probably anticipating this move by MS."
IE 10's a weird one, because it's falling out of official support next week, more than a full year ahead of IE9 (which, contrary to the article's headline, will continue to be supported until Vista hits EOL next Year). Even before IE10 dropped out of support, usage had already dropped to a negligible amount -- there is no major version of Windows that supported IE10 but not IE11. It turns out people are actually pretty good about keeping their browsers up to date, but are very slow to upgrade Windows.
That being said, IE9 is a lot easier to support than IE8. IE11 might become annoying to support in the long-run, because it's the last major "non-evergreen" browser on Windows*, but it doesn't have any of the glaring compatibility issues that plagued older versions. The IE team deserve enormous kudos for actually turning things around, and producing a halfway-decent browser.
They're even transparent about their feature roadmap, which is pretty awesome.
* Rant: This does not apply to Safari.
Safari is not an evergreen browser. Updates are only delivered alongside OS updates, and there's no good technical reason for this.
Apple's OS/Browser support lifecycle policy is basically nonexistent. When does an OS stop recieving security updates? Browser updates? Nobody knows! What versions of Safari run on a given OS? Apple never bothered to write that down anywhere!
Want to run an old version of Safari on your machine? Haha, nope!
Want to test your site on Safari, but don't have a Mac? Sucks to be you!
Want documentation about what features are supported in a given version of Safari? Don't look to Apple for answers. Mozilla are the only ones who seem to have bothered figuring that out, and writing it down.
These things have made it almost impossible for organizations to use MacOS machines as managed clients. This actually ends up being a mixed blessing, because individuals seem to be a lot better about updating their web browser when they are forced to do so.
Apple is the new Microsoft, and Safari is the new IE.
posted by schmod at 10:59 AM on January 7, 2016 [15 favorites]
Yes. For the past few months, the sites that my company runs have all been displaying a message similar to this one. It's very difficult to ignore.
Good riddance to IE8.
My industry is definitely starting to see less tolerance for supporting ancient technologies. If fewer vendors "enable" their customers to run ancient/insecure software, it becomes harder for those customers to demand that we support those ancient browsers (and we don't have to worry about losing their business). In turn this cuts our support costs pretty significantly. It's not particularly difficult to support old browsers that are missing modern features --- however, it's excruciatingly difficult to support IE7/8, which didn't implement several standards correctly, making it difficult to write pages that would render correctly across multiple browsers.
Simply put, there is no rational argument for requiring your users to use IE8 as their default browser. There's no way that these organizations are actually saving money on support/maintenance by requiring their users to stick with IE8 as their only browser.
T.D. Strange: "we were running IE 9 until literally the last 6 months, when they finally skipped all the way to IE 11, probably anticipating this move by MS."
IE 10's a weird one, because it's falling out of official support next week, more than a full year ahead of IE9 (which, contrary to the article's headline, will continue to be supported until Vista hits EOL next Year). Even before IE10 dropped out of support, usage had already dropped to a negligible amount -- there is no major version of Windows that supported IE10 but not IE11. It turns out people are actually pretty good about keeping their browsers up to date, but are very slow to upgrade Windows.
That being said, IE9 is a lot easier to support than IE8. IE11 might become annoying to support in the long-run, because it's the last major "non-evergreen" browser on Windows*, but it doesn't have any of the glaring compatibility issues that plagued older versions. The IE team deserve enormous kudos for actually turning things around, and producing a halfway-decent browser.
They're even transparent about their feature roadmap, which is pretty awesome.
* Rant: This does not apply to Safari.
Safari is not an evergreen browser. Updates are only delivered alongside OS updates, and there's no good technical reason for this.
Apple's OS/Browser support lifecycle policy is basically nonexistent. When does an OS stop recieving security updates? Browser updates? Nobody knows! What versions of Safari run on a given OS? Apple never bothered to write that down anywhere!
Want to run an old version of Safari on your machine? Haha, nope!
Want to test your site on Safari, but don't have a Mac? Sucks to be you!
Want documentation about what features are supported in a given version of Safari? Don't look to Apple for answers. Mozilla are the only ones who seem to have bothered figuring that out, and writing it down.
These things have made it almost impossible for organizations to use MacOS machines as managed clients. This actually ends up being a mixed blessing, because individuals seem to be a lot better about updating their web browser when they are forced to do so.
Apple is the new Microsoft, and Safari is the new IE.
posted by schmod at 10:59 AM on January 7, 2016 [15 favorites]
Installing anything unapproved or trying to circumvent the browser restrictions is cause for a quick walk out the door with all your crap in a box.
I once worked in an office with the same restrictions, but we were given a research project that required us to use a web site that (duh) didn't work properly under IE 8, the most recent version any of us had. The only way to finish the assignment was to bring in personal laptops tethered to our phones. The department head himself demanded that IT install Firefox or Chrome on someone's desktop so we could finish the job, and IT refused. Again, because of "security." I don't think that word means what they think it means.
posted by 1adam12 at 11:00 AM on January 7, 2016 [3 favorites]
I once worked in an office with the same restrictions, but we were given a research project that required us to use a web site that (duh) didn't work properly under IE 8, the most recent version any of us had. The only way to finish the assignment was to bring in personal laptops tethered to our phones. The department head himself demanded that IT install Firefox or Chrome on someone's desktop so we could finish the job, and IT refused. Again, because of "security." I don't think that word means what they think it means.
posted by 1adam12 at 11:00 AM on January 7, 2016 [3 favorites]
We used to have a bunch of in-house developed webapps that required IE to function. But now we've embraced the future and that's no longer the case. Now we've still got the legacy IE-only webapps, but now we also have shiny new Chrome-only webapps.
posted by ckape at 11:02 AM on January 7, 2016 [2 favorites]
posted by ckape at 11:02 AM on January 7, 2016 [2 favorites]
How can anyone still be on XP and using a web browser for anything outward facing? PCI compliance should've broken that sometime last year, because you can't pass a compliance scan with TLS 1.0 open (ask me how I know), and Windows XP doesn't support any newer suite. Eventually you just won't be able to connect to active web sites with that.
posted by graymouser at 11:02 AM on January 7, 2016 [3 favorites]
posted by graymouser at 11:02 AM on January 7, 2016 [3 favorites]
My story from over the holidays while visiting the in-laws, only somewhat related but who cares:
Step-Father-in-Law: "Hey son-in-law, can you tell me why my internet browser forces a refresh due to things not working right when I stay on this site for a while? It's only on this one website."
Me (with a sigh of resignation and a realization that I am DONE trying to go the extra mile to help this asshat), from across the room:
"What browser are you using?"
SFIL: "Huh? Oh.... Windows!"
Me: "No, what browser? The last time I helped you with things like this I highly recommend you use Firefox or Chrome from then on. What browser are you using right now?"
SFIL, indignant now: "It's not those. I use Explorer."
Me, feeling less patient than before (as if that was possible): "Oh. Ok. That's a big part of your problem, you should fix that."
SFIL, becoming aggressive: "But why is it just this one website, it's not like it's a site that has viruses on it? It's a major and trustworthy site."
Me, knowing the answer already and leaning in for the knockout punch: "You'd be surprised. I know a lot of folks that think their website of choice is trustworthy when it's really not at all reliable and is also prone to taking advantage of it's users or readers. By the way, what is the site you're talking about?"
SFIL, perhaps seeing the punch coming but unable to avoid it this late in the exchange: "It's Breitbart.com. Completely trustworthy."
Me, ker-blamo: "Not from what you're telling me. The folks running that site are obviously hitting their users up with a ton of really aggressive ads, possibly even up to and including malware or viruses, to the point that it's causing your browser to cough and choke."
SFIL, from the mat: "BUT IT'S BREITBART!"
Me, going to get another cookie from the kitchen but unable to resist a passing kick to his ego: "Yep, their target audience, being obstinate in their preset beliefs and in denial of reality, is perfect for this sort of behavior. Enjoy the news and reloading every 3 minutes."
posted by RolandOfEld at 11:03 AM on January 7, 2016 [53 favorites]
Step-Father-in-Law: "Hey son-in-law, can you tell me why my internet browser forces a refresh due to things not working right when I stay on this site for a while? It's only on this one website."
Me (with a sigh of resignation and a realization that I am DONE trying to go the extra mile to help this asshat), from across the room:
"What browser are you using?"
SFIL: "Huh? Oh.... Windows!"
Me: "No, what browser? The last time I helped you with things like this I highly recommend you use Firefox or Chrome from then on. What browser are you using right now?"
SFIL, indignant now: "It's not those. I use Explorer."
Me, feeling less patient than before (as if that was possible): "Oh. Ok. That's a big part of your problem, you should fix that."
SFIL, becoming aggressive: "But why is it just this one website, it's not like it's a site that has viruses on it? It's a major and trustworthy site."
Me, knowing the answer already and leaning in for the knockout punch: "You'd be surprised. I know a lot of folks that think their website of choice is trustworthy when it's really not at all reliable and is also prone to taking advantage of it's users or readers. By the way, what is the site you're talking about?"
SFIL, perhaps seeing the punch coming but unable to avoid it this late in the exchange: "It's Breitbart.com. Completely trustworthy."
Me, ker-blamo: "Not from what you're telling me. The folks running that site are obviously hitting their users up with a ton of really aggressive ads, possibly even up to and including malware or viruses, to the point that it's causing your browser to cough and choke."
SFIL, from the mat: "BUT IT'S BREITBART!"
Me, going to get another cookie from the kitchen but unable to resist a passing kick to his ego: "Yep, their target audience, being obstinate in their preset beliefs and in denial of reality, is perfect for this sort of behavior. Enjoy the news and reloading every 3 minutes."
posted by RolandOfEld at 11:03 AM on January 7, 2016 [53 favorites]
Many services that I need access to for my job do not work in any browser other than IE.
Paradoxically, this is especially true of packages that run as software-as-service, many of which, in my industry, require Active X plugins (of all things) to work optimally. So suck it users of Macs or modern Windows browsers!
posted by The Bellman at 11:04 AM on January 7, 2016 [1 favorite]
Paradoxically, this is especially true of packages that run as software-as-service, many of which, in my industry, require Active X plugins (of all things) to work optimally. So suck it users of Macs or modern Windows browsers!
posted by The Bellman at 11:04 AM on January 7, 2016 [1 favorite]
Even the people that are still running XP probably aren't using IE.
I tried to install an XP recently (don't ask). I got caught in an interesting situation where modern browsers wouldn't install because they required driver upgrades, XP's upgrade site (still running) refused to talk to IE6 because IE6 uses an untrustworthy SSL protocol, and I couldn't install the latest (for the platform) IE because... IE6 wouldn't talk to the upgrade site.
That was an interesting hour.
So anyway, I'm pretty sure XP's actually uninstallable at this point.
posted by Leon at 11:05 AM on January 7, 2016 [1 favorite]
I tried to install an XP recently (don't ask). I got caught in an interesting situation where modern browsers wouldn't install because they required driver upgrades, XP's upgrade site (still running) refused to talk to IE6 because IE6 uses an untrustworthy SSL protocol, and I couldn't install the latest (for the platform) IE because... IE6 wouldn't talk to the upgrade site.
That was an interesting hour.
So anyway, I'm pretty sure XP's actually uninstallable at this point.
posted by Leon at 11:05 AM on January 7, 2016 [1 favorite]
Heh. My work is still officially on IE9. We finally ditched XP last year.
posted by fimbulvetr at 11:07 AM on January 7, 2016
posted by fimbulvetr at 11:07 AM on January 7, 2016
As recently as 2014, the Secret Service was soliciting software for social media monitoring, which they specified required compatibility with IE8.
posted by The Pluto Gangsta at 11:07 AM on January 7, 2016
posted by The Pluto Gangsta at 11:07 AM on January 7, 2016
Paradoxically, this is especially true of packages that run as software-as-service, many of which, in my industry, require Active X plugins (of all things) to work optimally. So suck it users of Macs or modern Windows browsers!
That PM, fifteen years ago, who insisted we use IE-specific crud when I could have just reloaded the page? Because everyone uses IE?
I WAS RIGHT YOU BASTARD! I WAS RIGHT!
that felt good
posted by Leon at 11:10 AM on January 7, 2016 [7 favorites]
That PM, fifteen years ago, who insisted we use IE-specific crud when I could have just reloaded the page? Because everyone uses IE?
I WAS RIGHT YOU BASTARD! I WAS RIGHT!
that felt good
posted by Leon at 11:10 AM on January 7, 2016 [7 favorites]
My boss just came by to tell me that he was going over a 180-page contract with a new client that included the phrase "Netscape 3.0 or higher recommended" in the requirements for viewing certain non-appended documents on their website. I think we'll have IE to kick around for another 20 years at least.
posted by Strange Interlude at 11:10 AM on January 7, 2016 [2 favorites]
posted by Strange Interlude at 11:10 AM on January 7, 2016 [2 favorites]
How can anyone still be on XP and using a web browser for anything outward facing?
Right here. I run XP on my photo-organizing PC with the latest Firefox and have no problems. It's not used for much more, but for file organizing I still like Windows Explorer on XP the best.
For installation problems, just use built-in IE 6 to download Firefox portable (yes the portable apps site will still let IE-6 through) and proceed.
posted by numaner at 11:11 AM on January 7, 2016 [2 favorites]
Right here. I run XP on my photo-organizing PC with the latest Firefox and have no problems. It's not used for much more, but for file organizing I still like Windows Explorer on XP the best.
For installation problems, just use built-in IE 6 to download Firefox portable (yes the portable apps site will still let IE-6 through) and proceed.
posted by numaner at 11:11 AM on January 7, 2016 [2 favorites]
Sitting on my bench right now is a spectrum analyzer that is running windows NT, an impedance analyzer that runs XP and VNA that runs DOS and a logic analyzer that runs a steam powered version of HP/UX . NONE of these machines are upgradable to a newer OS.
...and hopefully NONE are being used to run a browser?
posted by Slothrup at 11:33 AM on January 7, 2016 [1 favorite]
...and hopefully NONE are being used to run a browser?
posted by Slothrup at 11:33 AM on January 7, 2016 [1 favorite]
...and hopefully NONE are being used to run a browser?
or have an IP address?
posted by murphy slaw at 11:35 AM on January 7, 2016 [2 favorites]
or have an IP address?
posted by murphy slaw at 11:35 AM on January 7, 2016 [2 favorites]
The only thing that is going to stop older versions of IE from being used everyday is when they're out of ciphers and nobody can buy anything with them. IE8 on XP has one left, its day is coming. IE7 and IE9 can continue for a while yet.
Otherwise, older versions are always going to be with us.
posted by fifteen schnitzengruben is my limit at 11:37 AM on January 7, 2016
Otherwise, older versions are always going to be with us.
posted by fifteen schnitzengruben is my limit at 11:37 AM on January 7, 2016
Our organization's third-party payroll self-service site only runs on IE currently. Amusingly, the other organization-wide application that I support is barely functional on IE and I tell at least one person a day to please stop using it. Except then they go to do their time card and it tells them to go back to using IE.
posted by soren_lorensen at 11:41 AM on January 7, 2016 [1 favorite]
posted by soren_lorensen at 11:41 AM on January 7, 2016 [1 favorite]
How can anyone still be on XP and using a web browser for anything outward facing? PCI compliance should've broken that sometime last year, because you can't pass a compliance scan with TLS 1.0 open (ask me how I know), and Windows XP doesn't support any newer suite. Eventually you just won't be able to connect to active web sites with that.
We have a waiver to keep TLS 1.0 open, which I assume is what most companies with PCI compliance are doing. That's going to expire in June, however. I don't know whether it's a self-imposed deadline or coming from PCI, but either way I feel really bad for our customer support people when it comes around.
posted by segfaultxr7 at 11:42 AM on January 7, 2016
We have a waiver to keep TLS 1.0 open, which I assume is what most companies with PCI compliance are doing. That's going to expire in June, however. I don't know whether it's a self-imposed deadline or coming from PCI, but either way I feel really bad for our customer support people when it comes around.
posted by segfaultxr7 at 11:42 AM on January 7, 2016
> I think you might be overestimating the cutting-edgeness of the vast majority of workplaces in this country
Public librarian here; a lot of older patrons think IE *is* the internet. When I suggest they use Chrome or Firefox they sometimes tell me "No, I want to go on the internet."
posted by The Card Cheat at 11:50 AM on January 7, 2016 [12 favorites]
Public librarian here; a lot of older patrons think IE *is* the internet. When I suggest they use Chrome or Firefox they sometimes tell me "No, I want to go on the internet."
posted by The Card Cheat at 11:50 AM on January 7, 2016 [12 favorites]
Heh, I have been warning my clients about this for 1.5 years now.
As a "SharePoint guy", I work with a lot of large Enterprises - and boy, they are typically very behind the times. In the past, I have even been part of a skunkworks project where we had to "double-browser" the users (i.e. install a secondary browser and leave IE6/7 alone) for 130,000 desktops... During that project, I researched the various alternatives; Chrome, FireFox, Opera and Safari (at the time, it was still available for Windows) - and came to the conclusion that Chrome was the most supportable from a centralized IT perspective. It supports the same Active Directory Group Policy management configuration settings as IE - plus it has it's own settings. (At the time, Google also had IE "frame", so within Chrome, you could load certain pages using the IE rendering engine...)
Unfortunately, no one listened to me and they went with user-based installs of FireFox instead.
Personally, as a "SharePoint guy", I cannot wait for this - it will finally mean that we can start actually leveraging decent HTML5 and CSS3 capabilities and have them work most places...
posted by jkaczor at 11:50 AM on January 7, 2016 [1 favorite]
As a "SharePoint guy", I work with a lot of large Enterprises - and boy, they are typically very behind the times. In the past, I have even been part of a skunkworks project where we had to "double-browser" the users (i.e. install a secondary browser and leave IE6/7 alone) for 130,000 desktops... During that project, I researched the various alternatives; Chrome, FireFox, Opera and Safari (at the time, it was still available for Windows) - and came to the conclusion that Chrome was the most supportable from a centralized IT perspective. It supports the same Active Directory Group Policy management configuration settings as IE - plus it has it's own settings. (At the time, Google also had IE "frame", so within Chrome, you could load certain pages using the IE rendering engine...)
Unfortunately, no one listened to me and they went with user-based installs of FireFox instead.
Personally, as a "SharePoint guy", I cannot wait for this - it will finally mean that we can start actually leveraging decent HTML5 and CSS3 capabilities and have them work most places...
posted by jkaczor at 11:50 AM on January 7, 2016 [1 favorite]
Will nobody think of the Enterprise Extranet for doing expenses? Patiently kept going, year after year, the versions of Java and Flash that it likes installed each time Joe Employee gets a new laptop and all the security patches that might keep it from working lovingly avoided and now Microsoft comes along and pulls this???? That's how Joe Employee has done his express since 2002, dammit, you can't up-end that!
posted by Artw at 11:53 AM on January 7, 2016
posted by Artw at 11:53 AM on January 7, 2016
The question is, will anyone notice? Even the people that are still running XP probably aren't using IE.
The hospital called. They'd like a word with you. Something about an embedded EMR that relies on an IE6 rendering engine to display an iframe loading data that has to be HIPAA compliant, and we can't tell them to go pound sand because that damned EMR system drives half the goddamned medical care in this godforsaken wasteland even though they have to run virtual instances of decade-old operating systems to host crucial--
I'm sorry, I blacked out there for a second. What were we saying about IE10?
posted by Mayor West at 12:00 PM on January 7, 2016 [18 favorites]
The hospital called. They'd like a word with you. Something about an embedded EMR that relies on an IE6 rendering engine to display an iframe loading data that has to be HIPAA compliant, and we can't tell them to go pound sand because that damned EMR system drives half the goddamned medical care in this godforsaken wasteland even though they have to run virtual instances of decade-old operating systems to host crucial--
I'm sorry, I blacked out there for a second. What were we saying about IE10?
posted by Mayor West at 12:00 PM on January 7, 2016 [18 favorites]
I think if web developers for my industry (legal) ever got their heads out of their asses I'd be out of job since half my workload will have disappeared.
-One website complains and is wonky if you're using a browser other than IE9.
-Another (government) website previously required playing the "wait until we say its okay to use the latest Java" game, sometimes skipping up to five updates until they were ready.
-Another (BANKING!) website won't work with anything newer than Java 7.
-Another website only works with IE9 and has so many special needs (Java, MSXML, security settings) that I have toss it in the Trusted category with its own settings and not make anything else trusted since other websites tend not to like all those security changes.
I would LOVE to just use the latest stuff, but then most of the stuff we need wouldn't work. I can't wait to see what this results in.
posted by charred husk at 12:01 PM on January 7, 2016 [2 favorites]
-One website complains and is wonky if you're using a browser other than IE9.
-Another (government) website previously required playing the "wait until we say its okay to use the latest Java" game, sometimes skipping up to five updates until they were ready.
-Another (BANKING!) website won't work with anything newer than Java 7.
-Another website only works with IE9 and has so many special needs (Java, MSXML, security settings) that I have toss it in the Trusted category with its own settings and not make anything else trusted since other websites tend not to like all those security changes.
I would LOVE to just use the latest stuff, but then most of the stuff we need wouldn't work. I can't wait to see what this results in.
posted by charred husk at 12:01 PM on January 7, 2016 [2 favorites]
I would LOVE to just use the latest stuff, but then most of the stuff we need wouldn't work. I can't wait to see what this results in.
I don't know how exactly but it is definitely going to end up with just as many (but new) problems.
(I believe we work with government sites that still required an old version of IE; I wonder if they'll update or just say fuck you.)
posted by jeather at 12:07 PM on January 7, 2016
I don't know how exactly but it is definitely going to end up with just as many (but new) problems.
(I believe we work with government sites that still required an old version of IE; I wonder if they'll update or just say fuck you.)
posted by jeather at 12:07 PM on January 7, 2016
Schmod:
Updates are only delivered alongside OS updates
Nuh-uh! They also update outside of OS updates!
Want to test your site on Safari, but don't have a Mac? Sucks to be you!
What do you mean? There's Safari for Windows! :D Which was last updated in 2012 wtf apple
Want documentation about what features are supported in a given version of Safari?
https://webkit.org/status/?
posted by slater at 12:08 PM on January 7, 2016 [2 favorites]
Updates are only delivered alongside OS updates
Nuh-uh! They also update outside of OS updates!
Want to test your site on Safari, but don't have a Mac? Sucks to be you!
What do you mean? There's Safari for Windows! :D Which was last updated in 2012 wtf apple
Want documentation about what features are supported in a given version of Safari?
https://webkit.org/status/?
posted by slater at 12:08 PM on January 7, 2016 [2 favorites]
IIRC Safari is no longer webkit? I pretty much work on the basis that if it works on Chrome it'll work on Safari these days. Hell, it'll probably work on Firefox and IE9+ as well, for the most part. There's way less esoteric compatibility lore required for development on desktop browsers these days. But if webdevs are worried there might not be enough crazy browser specific bugs on outdated browsers that never go away out there after this, welcome to the whole world of mobile...
posted by Artw at 12:14 PM on January 7, 2016 [1 favorite]
posted by Artw at 12:14 PM on January 7, 2016 [1 favorite]
For a long time I had to use remote desktop to connect to a Citrix server to run IE 9 so that I could enter my bi-weekly time sheet so I could get paid because the version of Kronos we had refused to run on anything newer. They finally upgraded so that we can use IE 11 but Chrome still doesn't work. The annoying thing is that I just fill in '8' for every day since I'm salaried and don't get overtime but I don't get paid if I don't put those 10 eights into Kronos in IE every two weeks.
posted by octothorpe at 12:14 PM on January 7, 2016 [3 favorites]
posted by octothorpe at 12:14 PM on January 7, 2016 [3 favorites]
All this browser-proprietary shit is why we can't have nice things. Well, that and the New Cruelty.
posted by fifteen schnitzengruben is my limit at 12:16 PM on January 7, 2016
posted by fifteen schnitzengruben is my limit at 12:16 PM on January 7, 2016
The annoying thing is that I just fill in '8' for every day since I'm salaried and don't get overtime but I don't get paid if I don't put those 10 eights into Kronos in IE every two weeks.
That sounds really perfect for a script. Hell, maybe you could quit and leave it running.
posted by T.D. Strange at 12:20 PM on January 7, 2016 [5 favorites]
That sounds really perfect for a script. Hell, maybe you could quit and leave it running.
posted by T.D. Strange at 12:20 PM on January 7, 2016 [5 favorites]
Ugh, the phone system at work relies on some godawful old version of IE, and it's smart/dumb enough to know when that particular version is being spoofed.
posted by infinitewindow at 12:34 PM on January 7, 2016
posted by infinitewindow at 12:34 PM on January 7, 2016
IIRC Safari is no longer webkit?
There was a split between Safari and Chrome several months back. Chrome's fork of WebKit is called Blink, and according to webkit.org, Safari's version is still called WebKit.
posted by shponglespore at 1:04 PM on January 7, 2016 [1 favorite]
There was a split between Safari and Chrome several months back. Chrome's fork of WebKit is called Blink, and according to webkit.org, Safari's version is still called WebKit.
posted by shponglespore at 1:04 PM on January 7, 2016 [1 favorite]
Slothrup: "...and hopefully NONE are being used to run a browser?"
"Running a browser" is a tricky concept when it comes to embedded devices.
posted by boo_radley at 1:15 PM on January 7, 2016 [1 favorite]
"Running a browser" is a tricky concept when it comes to embedded devices.
posted by boo_radley at 1:15 PM on January 7, 2016 [1 favorite]
I used to get into all sorts of fights with my webdev clients about browser versions we had to code for. Now I just put 'the website will be tested with supported versions of all major browsers', and am done with it.
posted by signal at 1:19 PM on January 7, 2016 [2 favorites]
posted by signal at 1:19 PM on January 7, 2016 [2 favorites]
IE9, we just finalized the Windows 7 "upgrade" in 2015. The forced conversion triggered around a million dollars in out-of-cycle capital expenditures in my little lab alone. Branchwide, the butcher's bill was into 8 figures. I think my management is still a little too shell-shocked to contemplate a W10 upgrade or whatever.
And, in fact, while we're "supposed" to use IE9, everyone up to the director level in the computer side insists we run a fully up-to-date and patched version of Firefox (maintained and installed by corporate even, just like all our other official applications). Recent webapps have worked in FF first, then the "official" IE later. So that's actually a decent solution.
posted by bonehead at 2:15 PM on January 7, 2016
And, in fact, while we're "supposed" to use IE9, everyone up to the director level in the computer side insists we run a fully up-to-date and patched version of Firefox (maintained and installed by corporate even, just like all our other official applications). Recent webapps have worked in FF first, then the "official" IE later. So that's actually a decent solution.
posted by bonehead at 2:15 PM on January 7, 2016
I'm actually kinda shocked that more companies haven't gone to the model of having their people use modern desktops and browsers and then have them RDP or do VDI into virtualized instances of older operating systems in order to maintain access to older applications and tools. That way you can have you frozen in amber internal apps and tools protected while not subjecting everyone of your desktops to an insane amount of persistent threats.
I understand having scientific equipment that only works with SGI Irix of HPUX or something ancient as fuck standing in front of your microscope or whatever because you need to run some old fortran subroutine that some GRA that was last in your lab 20 years ago wrote but there is absolutely no reason those types of machines to be on a modern network. If you need to get data off of them you need to have out of band networking or sneakernet or something like that.
All of the IE6 only intranet shit needs to be virtualized and accessed through terminal services or frankly you are asking for a shit load of trouble. Thank god I work in an industry where the idea of locking down the desktop is a total non-starter and thus all the denial about needing to actually update software periodically is avoided.
posted by vuron at 2:33 PM on January 7, 2016 [2 favorites]
I understand having scientific equipment that only works with SGI Irix of HPUX or something ancient as fuck standing in front of your microscope or whatever because you need to run some old fortran subroutine that some GRA that was last in your lab 20 years ago wrote but there is absolutely no reason those types of machines to be on a modern network. If you need to get data off of them you need to have out of band networking or sneakernet or something like that.
All of the IE6 only intranet shit needs to be virtualized and accessed through terminal services or frankly you are asking for a shit load of trouble. Thank god I work in an industry where the idea of locking down the desktop is a total non-starter and thus all the denial about needing to actually update software periodically is avoided.
posted by vuron at 2:33 PM on January 7, 2016 [2 favorites]
I understand having scientific equipment that only works with SGI Irix of HPUX or something ancient as fuck... but there is absolutely no reason those types of machines to be on a modern network. If you need to get data off of them you need to have out of band networking or sneakernet or something like that.
There are a few international standards and certifying bodies that will tell you the exact opposite: there needs to be a fully automatic backup system in place for critical data. They're not really allowing sneakernet backups now as they've proven to have poor reliability in real practice. And from a practical perspective, we we finding that just doing manual backups was about 10% of one full-time job back when we were using single tapes for each instrument pc. Finally, high-priority business needs really don't allow this either---it's highly desirable that data get into a LIMS or similar asap. Keeping instruments disconnected simply to manage their age really doesn't wash, with our management, with the accreditation we have to keep, or make sense from a financial perspective.
Instruments really need to be on a local network, but that network needs to be protected and isolated.
posted by bonehead at 2:48 PM on January 7, 2016 [2 favorites]
There are a few international standards and certifying bodies that will tell you the exact opposite: there needs to be a fully automatic backup system in place for critical data. They're not really allowing sneakernet backups now as they've proven to have poor reliability in real practice. And from a practical perspective, we we finding that just doing manual backups was about 10% of one full-time job back when we were using single tapes for each instrument pc. Finally, high-priority business needs really don't allow this either---it's highly desirable that data get into a LIMS or similar asap. Keeping instruments disconnected simply to manage their age really doesn't wash, with our management, with the accreditation we have to keep, or make sense from a financial perspective.
Instruments really need to be on a local network, but that network needs to be protected and isolated.
posted by bonehead at 2:48 PM on January 7, 2016 [2 favorites]
Instruments really need to be on a local network, but that network needs to be protected and isolated
especially since loading AV software on instruments can have unpredictable results.
posted by Dr. Twist at 4:02 PM on January 7, 2016 [2 favorites]
especially since loading AV software on instruments can have unpredictable results.
posted by Dr. Twist at 4:02 PM on January 7, 2016 [2 favorites]
Nuh-uh! They also update outside of OS updates!
They release updates for older versions of the OS but what I think schmod is trying to point out is that the only time Safari increases its version number is when OS X increases its version number. So all of these people running 10.11.0 (i.e. if it ain't broke don't fix it tautologies) are running an insecure version of Safari and unless they take external action it'll always be insecure.
Meanwhile Chrome is up to 47.0.2526.106 from 47.0.2526 and silently updates itself every time Google fixes a bug, user preferences be damned.
This is the difference which is critical in this day and age for keeping on top of threats. Hell, in 10.11.2 they fixed a bug in zlib that would have allowed a web page that was compressed in memory to break out of the sandbox and do some real damage.
posted by Talez at 4:10 PM on January 7, 2016 [1 favorite]
They release updates for older versions of the OS but what I think schmod is trying to point out is that the only time Safari increases its version number is when OS X increases its version number. So all of these people running 10.11.0 (i.e. if it ain't broke don't fix it tautologies) are running an insecure version of Safari and unless they take external action it'll always be insecure.
Meanwhile Chrome is up to 47.0.2526.106 from 47.0.2526 and silently updates itself every time Google fixes a bug, user preferences be damned.
This is the difference which is critical in this day and age for keeping on top of threats. Hell, in 10.11.2 they fixed a bug in zlib that would have allowed a web page that was compressed in memory to break out of the sandbox and do some real damage.
posted by Talez at 4:10 PM on January 7, 2016 [1 favorite]
Instruments really need to be on a local network, but that network needs to be protected and isolated.
Interesting thought. What if you set up a Raspberry Pi (or maybe a micro-pc) with dual NIC's (do they make those? Can you make those?) and had your ancient behemoth connected to one NIC, and the other NIC connected to your hopefully secure private network? At least that would be my solution, rather than operating on the hope and prayer that nothing gets "accidentally" infected by something. Or worse, just up and dies. I'm not saying use it to replace the control components of the devices, but just as a basic IDS measure. You could even have the micro computer (running linux with nfs and samba) act as a pass-through to your main file storage, but still behaving as a buffer between any kind of malicious actors that might infiltrate your network.
I had to do something like this to manage an embedded system that only had access through the console port (no video, no networking), and so we put in a tiny barebones linux box that we could log into to get the data from the device (as well as command and control, etc). Prior to that, they had a Windows NT box hooked up to it that would access the console port and pull the data, but it let the magic blue smoke escape one weekend, and we had to come up with a solution before start of business on Monday. The linux box was great for that, once we were able to dig up the console port settings from the ancient manual and could "fake" the command and control session using binary strings. Anyway. Yeah, I complete understand labs and other specialized industries where the equipment costs more than a house, but the software support is about as up to date as still struggling with not using token-ring.
Actually, another anecdote. One time when I was working for a Mac repair shop (before the Apple Store's came about), we got to go do some service/support for a lab with a bunch of machines in a clean room. Thankfully these were all totally isolated, and none of them were connected to any network (because, you know, clean room). Got to get all dressed up in a clean room suite and everything (this was a DNA testing lab). Really interesting because a lot of the computers in that lab were still running System 7 in 2001 (and were never, ever, ever going to be upgraded). When I finished in the lab, they asked me if I knew anything about NeXTStep, and being the fledgling nerd that I was, I knew just enough to be dangerous (well, that and I had been reading up about NeXT and how it related to OS X, and had been using the public beta of OS X 1.0 for about a month). I think they also had a box running OS/2 Warp for some very specialized application. That was definitely a strange service call.
posted by daq at 5:13 PM on January 7, 2016 [1 favorite]
Interesting thought. What if you set up a Raspberry Pi (or maybe a micro-pc) with dual NIC's (do they make those? Can you make those?) and had your ancient behemoth connected to one NIC, and the other NIC connected to your hopefully secure private network? At least that would be my solution, rather than operating on the hope and prayer that nothing gets "accidentally" infected by something. Or worse, just up and dies. I'm not saying use it to replace the control components of the devices, but just as a basic IDS measure. You could even have the micro computer (running linux with nfs and samba) act as a pass-through to your main file storage, but still behaving as a buffer between any kind of malicious actors that might infiltrate your network.
I had to do something like this to manage an embedded system that only had access through the console port (no video, no networking), and so we put in a tiny barebones linux box that we could log into to get the data from the device (as well as command and control, etc). Prior to that, they had a Windows NT box hooked up to it that would access the console port and pull the data, but it let the magic blue smoke escape one weekend, and we had to come up with a solution before start of business on Monday. The linux box was great for that, once we were able to dig up the console port settings from the ancient manual and could "fake" the command and control session using binary strings. Anyway. Yeah, I complete understand labs and other specialized industries where the equipment costs more than a house, but the software support is about as up to date as still struggling with not using token-ring.
Actually, another anecdote. One time when I was working for a Mac repair shop (before the Apple Store's came about), we got to go do some service/support for a lab with a bunch of machines in a clean room. Thankfully these were all totally isolated, and none of them were connected to any network (because, you know, clean room). Got to get all dressed up in a clean room suite and everything (this was a DNA testing lab). Really interesting because a lot of the computers in that lab were still running System 7 in 2001 (and were never, ever, ever going to be upgraded). When I finished in the lab, they asked me if I knew anything about NeXTStep, and being the fledgling nerd that I was, I knew just enough to be dangerous (well, that and I had been reading up about NeXT and how it related to OS X, and had been using the public beta of OS X 1.0 for about a month). I think they also had a box running OS/2 Warp for some very specialized application. That was definitely a strange service call.
posted by daq at 5:13 PM on January 7, 2016 [1 favorite]
If you need to get data off of them you need to have out of band networking or sneakernet or something like that.
They're not really allowing sneakernet backups now as they've proven to have poor reliability in real practice.
And can be pwned to hell and back by a malicious usb, (see stuxnet and Iran). Sneakernet is really good for small scale (less than ten instances), absolutely terrible enterprise-wide.
posted by eclectist at 5:19 PM on January 7, 2016 [1 favorite]
They're not really allowing sneakernet backups now as they've proven to have poor reliability in real practice.
And can be pwned to hell and back by a malicious usb, (see stuxnet and Iran). Sneakernet is really good for small scale (less than ten instances), absolutely terrible enterprise-wide.
posted by eclectist at 5:19 PM on January 7, 2016 [1 favorite]
There are large departments in the UK government which are standardised on IE8 for security reasons. IIRC it's only a couple of years since they upgraded from IE6.
posted by EndsOfInvention at 2:45 AM on January 8, 2016
posted by EndsOfInvention at 2:45 AM on January 8, 2016
I agree that sneakernet is less than ideal especially if you have massive datasets but continuing to put out of date OSes on a computer network and hoping that your border firewalls and security devices can somehow protect them is dubious to the extreme. Out of band has pretty significant issues in terms of cost but you only have to maintain a limited number of gateway devices and they can be more modern OSes which you use as a launchpoint to get to your limited access systems. You still have the issue of having your lab be utterly dependent on ancient hardware (believe me I sympathize but how long can you reasonably expect to find parts for old SGI soap bubbles to run your lab software?
Emulation in VMs isn't ideal but it's certainly better than continuing to hope that old vulnerable OSes won't get hacked.
posted by vuron at 7:33 AM on January 8, 2016
Emulation in VMs isn't ideal but it's certainly better than continuing to hope that old vulnerable OSes won't get hacked.
posted by vuron at 7:33 AM on January 8, 2016
Most lab instruments last into their second decade, and I've used some that are more than twenty years old. I think our oldest is currently around 25 (Zeiss makes fantastic microscopes). It was the same model instrument offered by the manufacturer until last year, btw. Our nominal end-of-life is eight years, and even that's too short for MS now. Parts aren't really the hard bit, with one exception, the instrument computers.
Believe me, the instrument companies, Agilent, Thermo and so on are acutely aware of this problem too.
hoping that your border firewalls and security devices can somehow protect them is dubious to the extreme
We don't of course. Our systems are behind at least two layers of security, and we're asking for a third, to be isolated from the general departmental network as well. As Dr. Twist notes above, most mfgs require the instrument computers have a) no firewall, b) no anti-virus (though this is a little better than a few years ago) and c) that the collection software run with full local admin rights.
posted by bonehead at 8:30 AM on January 8, 2016
Believe me, the instrument companies, Agilent, Thermo and so on are acutely aware of this problem too.
hoping that your border firewalls and security devices can somehow protect them is dubious to the extreme
We don't of course. Our systems are behind at least two layers of security, and we're asking for a third, to be isolated from the general departmental network as well. As Dr. Twist notes above, most mfgs require the instrument computers have a) no firewall, b) no anti-virus (though this is a little better than a few years ago) and c) that the collection software run with full local admin rights.
posted by bonehead at 8:30 AM on January 8, 2016
And can be pwned to hell and back by a malicious usb,
All of our malware problems on local computers (lab and desktop) in the last decade have come from infected USB sticks people have brought in from home. We're to the point now where we issue them to staff, have strict protocols to follow (don't take off site, wipe after use, etc...). It was an enormous pain to implement, but we've had no problems since.
Even this is a compromise. The first impulse of our ITSEC folks was to superglue all non-required ports shut on all computers.
posted by bonehead at 8:48 AM on January 8, 2016 [1 favorite]
All of our malware problems on local computers (lab and desktop) in the last decade have come from infected USB sticks people have brought in from home. We're to the point now where we issue them to staff, have strict protocols to follow (don't take off site, wipe after use, etc...). It was an enormous pain to implement, but we've had no problems since.
Even this is a compromise. The first impulse of our ITSEC folks was to superglue all non-required ports shut on all computers.
posted by bonehead at 8:48 AM on January 8, 2016 [1 favorite]
Evergreen browsers can't do anything about the kind of corporate culture where updates aren't permitted. In those scenarios you either disable updates (I believe Chrome has a special mode for this) or you don't install the software. In no case do you have software randomly updating itself as it feels like it.
posted by Rhomboid at 10:05 AM on January 8, 2016
posted by Rhomboid at 10:05 AM on January 8, 2016
I came in to make the same complaints about our corporate infrastructure which is half reliant on IE6 and half reliant on being somewhere close to the tips but that horse is badly battered already. All I can add is that our organization has a habit of conflating the name of apps and the infrastructure on which they're based. So we'll get emails from the payroll side telling us Oracle will be down for maintenance and we're all like, what? Really? All of Oracle is going to take a snooze for a few hours? This couldn't possibly end well.
The oppressive environment of corporate security has recently been ratcheting up at $EMPLOYER. On the other hand, they still let me have an install of VirtualBox on my workstation and provide enough hardware to support several guests. You can guess how much work actually happens on the host workstation these days.
But, yes, I'm still scarred enough by the turn or the century firefights to rejoice every time a crap IE version is taken out back and shot.
posted by Fezboy! at 10:24 AM on January 8, 2016
The oppressive environment of corporate security has recently been ratcheting up at $EMPLOYER. On the other hand, they still let me have an install of VirtualBox on my workstation and provide enough hardware to support several guests. You can guess how much work actually happens on the host workstation these days.
But, yes, I'm still scarred enough by the turn or the century firefights to rejoice every time a crap IE version is taken out back and shot.
posted by Fezboy! at 10:24 AM on January 8, 2016
If you think this is bad, well - here comes the Internet Of Things. Billions of embedded devices made by thousands of companies (most cobbling together their firmware from stuff written by n other sources), most of whom will go bust/be bought/transform before their products EOL, and most entirely undocumented.
I'm not sure what ITSEC is going to do when replacing a lightbulb creates a whole new threat surface. Superglue plastic plates over the light sockets?
Strap in, people.
posted by Devonian at 8:45 AM on January 9, 2016
I'm not sure what ITSEC is going to do when replacing a lightbulb creates a whole new threat surface. Superglue plastic plates over the light sockets?
Strap in, people.
posted by Devonian at 8:45 AM on January 9, 2016
« Older “We’ll never totally eliminate stupidity in this... | The bean is crushed to make the coffee, as I am... Newer »
This thread has been archived and is closed to new comments
posted by doctor_negative at 9:56 AM on January 7, 2016 [1 favorite]