Hacker News new | past | comments | ask | show | jobs | submit login
This is party time; Internet Explorer 8, 9 and 10 die on Tuesday (thenextweb.com)
277 points by kostas_echarta on Jan 6, 2016 | hide | past | favorite | 175 comments



Unfortunately this is not true:

"Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical supports and security updates."

The latest Internet Explorer version that runs on Windows Vista is Internet Explorer 9. So there will still be users using that... Windows Vista will have security updates till 2020.


Versions of IE as old as 7 are still supported if you look at various embedded and server editions of Windows and their support windows.

https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-I...


> Windows Vista will have security updates till 2020

This isn't true. Windows Vista EOL is April 11, 2017. See http://windows.microsoft.com/en-us/windows/lifecycle What makes you think it is 2020?


The fun thing is that Server 2008 does, and it is based on the same code as Vista.


Indeed, Vista being EOL 11 April 2017. It does mean that IE 10 is EOL, but not 9 for another 15 months.


Have they no Firefox? no Chrome?


Chrome will drop support for Windows Vista and XP in April 2016. Firefox still supports Windows versions all the way back to XP SP2. About 14% of Firefox users still run XP!


Maybe it's time to stop running a 10+ year old operating system?


Maybe, maybe not.

Some people are running programs that won't work on newer versions of Windows, and they would be using XP Mode anyway.

Others just do Web stuff and Firefox is really their OS.


Only those with Windows 7/8 can get the free upgrade to 10 and W7/W8 themselves aren't free, which could be a factor to some.


Why? It does the jobs well enough


Oh poor, deluded TNW. Software only dies in the way developers care about when users stop using it.

Well beside its actual expiry (which seems to be 2020), people STILL use XP with an ancient versions of IE6 and IE7. Many Vista users stick on IE7.

So calm yourself and put flexbox back down. You've got a few years before that's supported enough.


If I was a developer, I'd carefully look at my referer logs and if only 15% of my user community was using IE 8-10, I'd just develop for IE 10. I would NOT warn the end users about needing to upgrade, I'd just let script errors occur and not release any compatibility fixes. I'd respond to support tickets explaining that there are bugs in their old version of IE and suggest they upgrade, or install Chrome or Firefox.

If they are corporate users, I would be about now announcing that as Micirosft are EOL'img these IE versions only IE 11 and upwards will be supported. I'd probably give a grace period of 3 months officially, and depending on which can clients are affected I'd possibly give them 4-5 months to upgrade.


That's not a very good way to run a commercial entity. And it is also why developers should not be making the call about which browser to support and which not.

The reason why is that the fixed cost of a business are that: fixed. The profit is usually over-represented in the last few percentage points of the people using the service or buying the products so if you lop off some arbitrary percentage at the top that 15% of your users might be 80% of your profits. That's a very quick way to die.


Encouraging or even assisting users with browsers that have security bugs is also not a responsible way of going about doing business!


Every browser has security issues. And as a business it is not up to you to decide what browsers people use, the best you could do is inform them but the decision is up to them.


Still using MD5 summed SSL certificates?

What security issues does the latest version of Chrome have, incidentally?


It's a fine way to run. data based decision based on the cost of support and the amount of traffic.


It is extremely rare that the cost to support a browser outweighs the economic importance of those using those browsers. If it is then you are probably too small an entity to matter anyway, but as soon as your IE6 users are numerous enough that you can assign a percentage to the population you would probably be well advised to simply serve them rather than to attempt to force them to upgrade, if they haven't done so yet they either have very good reasons or you won't be able to convince them anyway.


>It is extremely rare that the cost to support a browser outweighs the economic importance of those using those browsers.

Citation please. Are you really sure this applies to modern front-end web app with reasonable complexity?


I don't need to 'cite' what I can see with my own eyes from the stats of my payment services provider. Browsers are very easily released, they take a very long time to die. This is one reason why I tend to keep things simple, this vastly reduces the amount of resources required to make something work on a lot of different platforms and browser combinations.

Of course if your web app relies on all kinds of sexy stuff then you're going to have to convince yourself that those people don't matter.


>I don't need to 'cite' what I can see with my own eyes from the stats of my payment services provider.

Your original statement was broad and general, not qualified. Your anecdotal evidence is not sufficient to support this claim.

In the context of the discussion about supporting IE 8,9 and 10 and using your terminology flexbox (which IE 8-10 doesn't support) seems to be "all kinds of sexy stuff" and "not keeping things simple". Right, got it.

http://caniuse.com/#search=flexbox


Suit yourself. One thing I do know: if you are serious about commerce you can't afford to lose customers that you've spent a lot of money to acquire it tends to wreak havoc with your spreadsheets.


If I was running a train ticketing system or an old ATM, I guess I'd keep supporting OS/2.

If the cost of supporting old browsers was more than the profit you make, then that spreadsheet will show a different story.


> I don't need to 'cite' what I can see with my own eyes from the stats of my payment services provider

You could be a liar, idiot, troll, or just really love IE. Why would anyone take your word for it.


> You could be a liar, idiot, troll, or just really love IE.

You omitted the possibility that I might be right, am not an idiot, am not prone to either lying or trolling and absolutely detest IE (and have not used windows for a really very long time).

> Why would anyone take your word for it.

Please don't. Ignore me and whatever I write here on the off chance that there is a grain of truth in it and that it will make you money.

Forgive me if I did not anticipate the Spanish inquisition demanding proof for something that to me simply makes good sense. Feel free to offend your users, to limit your products to function only with the latest browsers and to spend your marketing money to attract people that can then not use your product.


As someone who has taught himself development after more than ten years in entrepreneurship, marketing, advertising and strategy, I find you arguments too simplistic, with no regard to strategic tradeoffs. A successful business needs to be able to "fire" some of its clients to gain competitive advantage or increase operational efficiency. And sometimes those clients are users with old browsers.

Branding a request for proofs to general, overarching statements as personal prosecution (Spanish inquisition, really?) is a sign of discourse grounded in ideology, not practical considerations.


This is a forum, not a scientific paper. If you want to have everything cited and backed up by independent review by peers and so on I suggest you communicate by paper only, this is a discussion forum and as such I'm not required to provide you or anybody else for that matter with whatever they demand. I'm not exactly on your payroll.

If you choose to interpret that as ideologically grounded discourse then I think that says a lot more about you than it does about me.


You are right. As much as people love to hate IE7/8 etc, they still help make a lot of money. (millions of $)


This applies only for a diminishingly small amount of large corporations and is not applicable to absolute majority of HN startups/bootstraps/side projects.


Bootstrappers (when they are small) and side projects can ignore the smaller percentages because they are still validating their concepts. For side projects this goes even more because they are usually not commercial in nature.

Why would it have to be applicable to the 'absolute majority of HN startups/bootstraps/side projects' to be useful information?


I can speak to the fact that on the ecommerce site I work, only 1-2% of users are on older IE, but they account for many thousands of dollars of sales.


Well, i know of sites that still support IE7, IE8 and the revenues from those users are in millions.


I am working at a Fortune 100 financial company currently, IE8 support is already retired, and IE9 in the next month or so. This being a numbers based decision.


I suspect that the demographic make-up of the customer base is a huge factor in this. Location and age, predominantly.


Location yes.. mostly U.S. customer acquisition. As for age, skewed towards middle/older demographic, but that's true of most financial companies. That said, more mature users are more likely to be using an iPad (with a current OS) than any version of IE.


> If I was a developer,

It's pretty clear you're not a developer (or wouldn't be for long).

There are two really bad decisions here:

1) You are driving away up to 15% of people who actually use your product. How much would you spend to acquire that many active users? It's easier to keep existing users than acquire new users.

2) Sending users through a ticket system for errors you could have prevented with a simple warning is a bad experience for them and far more work for you. And most users will silently disappear instead.


I feel inclined to agree. These kinds of decisions are the ones that get you in deep trouble when the vocal minority starts to scream. It really is very trivial to at least give some sort of message, warning or guide to upgrade when attempting to use a web product with an incompatible browser.


Depends on your user base. In my current application/site, our IE < 11 userbase combined is under 5% and declining. IE8 has already been dropped, and IE9 soon. The product I work on is directly related to customer acquisition at a financial institution. So I'd say it's a pretty safe bet the numbers have been run thoroughly.

disclaimer: my opinions are my own and do not necessarily reflect those of my employer.


It's easy to say this stuff, less easy to implement in a business. It depends on your demographic and your content. Take B2B sales or B2B SaaS. Enterprise users are THE main reason for crappy old browsers in my experience, so the real question becomes...

Are you really willing to take a 10% hit on sales?

You can announce EOLs until the cows come home (Microsoft has and look how well it has done them). If your product stops working, they'll complain at you and then cancel their contract and find another provider who will support them.

I'm speaking from a gruelling 15 years experience developing enterprise SaaS. We've only just dropped IE6. It'll be years before IE8 goes away.


It's the 80/20 rule for me. Think about the type of client (individual user/corporation) that is still using < IE 10. I'd wager that they're well paying, yet difficult to deal with. They're entities who live in a legacy world. I've worked in those places, and honestly I won't develop software for anything but the first-most and second-most recent platform, because I want to target people like me. People who care about value over cost. People who value time over money.

Entities who use legacy software have more problems than their browser. It's symptomatic of a much larger issue, and I love being able to filter them out!


> It's the 80/20 rule for me. Think about the type of client (individual user/corporation) that is still using < IE 10. I'd wager that they're well paying, yet difficult to deal with.

At an entity level, they may be difficult to deal with, but at the level of an individual in the organisation they know their company has problems. These people move around, and personal relationships are really important long term. This is my main motivating factor.

As long as the client pays (20% of revenue...) and there are no other risks, I'm happy to employ a front end developer who has probably has years of experience making IE6/7 degrade somewhat gracefully. If it were my own product, my own time, my own cost, absolutely not, but if sales were assured with this type of customer, sure.

This is a personal opinion. No one client is the same. I find it interesting to contrast 2 clients I work with who are in differing fields of the same space: (massive names in) financial services: One does QA on only the latest stable version of major browsers (down to Opera, my personal favourite) browser on Windows and Mac; The other does QA on any browser or platform with 2% visitor share (measured by visitors to their website), and also accommodates customers who may be on something obscure but the customer demands it. The former's approach sounds pretty aggressive r.e. serving, or not serving, the customer, but the latter's caused them to avoid abandoning a really backward platform for 5+ years for all customers. Swings and roundabouts. Interesting how we take varying judgments.


Definitely! Are you from the UK? "Swings & Roundabouts" is something I associated with that land.


On behalf of other developers, thanks for the extra business.


You're welcome! I know it's easy money. It's just not worth it to me. :)


And then when your clients don't renew, your revenue is significantly affected, you have to lay off staff, you have a realization that this works in an ideal world, but we don't live in one.


i don't know... how much is the cost to develop an application to cover 100% of the available desktop browsers? maybe use that value to improve mobile target make more sense at this point?!


It really, really depends on your site's demographic.

Example: skin care website, they sell women's beauty and anti aging products. Their demographic is 15% IE8, but you know who are most likely to buy their products? Mature women, who are also more likely to be the ones in that 15%.

The next part of that puzzle was when they launched into China. China has a huge population still on XP and IE8. Literally millions of uniques from IE8. We even had a percentage from Netscape!

Fortunately the agency handling them was smart enough to research the demographic in both instances, but many agencies won't. They will brazenly force their opinions on their users who frankly, don't give a crap how you feel. They just want it to work so they can buy stuff.

You have to view every hit as a customer. Imagine if Walmart stopped letting in 15% of customers.


I would think mature women would be the ones more likely to be using an iPad/iPhone. I've worked in several positions where the demographics are skewed towards middle age, and the use of the iPad alone is far larger than IE<11.


Sorry I probably worded that poorly. In their sample they found that those in the 15% were normally mature women.

This isn't to say the majority of mature women use IE8 or that only mature women use IE8, just that they were over-represented inside that 15% and they were purchasing customers.

You are right that iPads and iPhones are the majority of their demographic.


In my experience it is far less than the cost of acquiring new customers, onboarding and supporting them, also far less risky.


Why this, specifically?

> I would NOT warn the end users about needing to upgrade

People using your product are discussing it on review sites, on social media, with friends/family, etc.. If you silently give some of them a broken product, a few will contact support; but I imagine most will assume your product is just low quality. So that's the word they'll spread.

For corporate users: well, you'd need to talk with your customers. They might be facing a seriously expensive upgrade process, and could be extremely unhappy to hear you're setting an arbitrary deadline for them.


> but I imagine most will assume your product is just low quality

And they would be right.


While I completely get where you're coming from, realistically this can be very messy. You'd quickly find that an increasing number of your support calls were from those users having issues. 15% doesn't sound like a lot, but 15% of a million people is 150,000 people.

So, you'd succeed in angering a lot of customers. Much better to try and inform all of your customers (not just corporate) of the upcoming changes, and provide support materials for them to follow while giving them a reasonable timeframe to do so.


Maybe you should use conversion metrics combined with usage statistics weighted against trending and flow relative to feature enhancements and capabilities instead of any raw value against general hits?

Each business is different, and even then different areas of a product can have differing requirements and needs. What is 15% for you, may be <2% and declining for others. My current and former positions see iPad users in greater numbers than any other single platform/browser, as an example. It may be better served to create features that work for the larger audience and other platforms easily supported than grasping at a fraying edge.


Giving 15% of your users a shitty experience is a really bad of doing business.


Where I work IE<11 accounts for under 5%, ymmv.


It's not as if web developers like supporting broken, outdated browsers. It's done because without the users using those browsers, the business would be worse off.

There are lots of intermediate steps like warning about an inferior experience, but at this point it's necessary to test most websites on at least a few versions of IE9.

I've found that using react I've had very easy compatibility with older IE, etc. The only thing I've had to do is install a polyfill or two.


Not showing a message to your users is very user hostile. It's one thing to not offer a service, it's another to frustrate your potential users.


At my current job, IE < 10 is less than 2% and support for IE8 has already dropped, and IE9 will next month iirc.


Very funny, End of Life for a popular product just means more trouble for 3rd-party-devs since they need to continue supporting the product as long as a significant chunk of their users don't feel like upgrading, but with support for the required SDKs cut off. Case in point: WindowsXP's End of Life was 2 years ago, but between 25% and 35% of (mostly casual) gamers still run it worldwide (this is heavily skewed by XP installations in China): http://hwstats.unity3d.com/web/os-win.html, http://hwstats.unity3d.com/pc/os.html.


Yeah. Microsoft may no longer support them but we'll be stuck supporting them until june 2018 at least, when the tls apocalypse may cause holdouts to upgrade - or just complain loudly at Web developers for "breaking my Internet".


I am in this situation. A good chunk of my users are stuck on xp so I am stuck on supporting xp too. There is no way around this for me as the reason my users are stuck on xp is because of hardware. Arg!


They can still install Firefox.


Firefox probably won't help with non-browser software, if that's what the parent comment was referring to. I also have to develop an app for a client for XP because of some proprietary hardware that still doesn't have a Windows 7/8/10 driver.


Yes this is my problem. The hardware manufacturer does not want to support upgrades (they want to sell new hardware) and so I am stuck supporting XP.

In my situation there is not even hardware the customer can upgrade to as the original hardware supplier has left the market. We are all stuck with XP until something catastrophic happens.


I know a chemist still stuck with a windows 98 machine for a similar reason (it's the most recent OS that a particular piece of lab equipment has a driver for).


There are developers out there who would be willing to write new drivers if the manufacturers won't and the labs are willing to pay.


The problem is for an individual lab the cost is very high - there needs to be some sort of forum where labs can get together and put a bounty together for new drivers.


Is the hardware expensive enough that reverse engineering the driver would be economical?


It would be worthwhile doing, the problem is the cost is really high for an individual lab.


The problem is hardware. The amount of equipment out there running on XP with no ability to upgrade is a nightmare.


> They can still install Firefox.

Latest versions of Firefox cannot be installed on XP. Though, Chrome still works.


This seems really short-sighted on Firefox's part.


Given that IE may be the only widely-used browser that restrains web developers from going completely gung-ho with the fancy new stuff and creating even more sites that are just plain user-hostile and annoying (e.g. see the rise of superfluous SPAs and/or massive amounts of JS required to load simple static content, replacing sites that worked fine without), I fear that this will make casual browsing a worse experience even for those not using IE...

It's not the new sites which are already fancy webapps, the ones doing new things that would be nearly impossible in older browsers and require the very latest browser versions that I'm concerned about; it's the sites that cater to a mass audience like news, webmail, search engines ( https://news.ycombinator.com/item?id=8254743 ), and other valuable repositories of information which are most at risk of being "appified" and making the Internet less accessible overall.

Related article: http://www.quirksmode.org/blog/archives/2015/07/stop_pushing...

...and discussion: https://news.ycombinator.com/item?id=9961613


It's at least as much the case that devs load up their apps with tons of third-party junk CSS and JS to smooth over the differences between old, broken versions of IE and modern browsers. If we could count on people using reasonably modern browsers we could code to the standards and dispense with a lot of these clunky wrappers and workarounds.


That ship sailed long ago. The people who make use of all the cool new stuff either explicitly don't care about IE, or ship polyfills and then don't really check to make sure they work (because they don't care about IE).


I don't understand why Microsoft divides its browsers this way.

They seem to be the only one that actually has versions, and [security] updates within a version.

Instead just have a single browser (instead of 5 or more counting from IE6) and any update increments the version. Both Firefox and Chrome work this way.

They would have to allow installing the latest version of IE on any machine all the way back to XP, but there is no reason they can't do that. They just don't want to.

I know they hope people will upgrade the Windows version - but has that ever happened? Has someone ever upgraded Windows just to get a new browser? I highly doubt it, that's not why people upgrade the OS.

So just give it up, let any version of IE run on any version of Windows and stop making developers (and users) crazy.


I don't think they can. IE's (since IE5) is not your usual standalone browser application - it's an operating system component, that's used in a lot of places, starting right from the desktop. Tighter integration and mutual OS-browser dependence means it's not as easy as saying "ok, let's allow IE10 to run on Vista".


Not even counting all the things like COM integration and embedded browser components in WinForms and the like...

I do some work with various embedded extension APIs in different office and collaboration tools, and it's quite a mess trying to figure out what those web browsers actually are


...it's an operating system component, that's used in a lot of places...

This is a strategy tax, for a strategy that stopped being reasonable a decade ago. Numerous alternate browsers have had no problems competing with an "integrated" IE, for many years now. The DOJ case was settled by a completely different set of executives, so the current bunch don't have to pretend that OS integration is somehow vital to the function of a browser. Someone should draft a memo to the browser department: that stupid shit you were supposed to do 15 years ago? stop doing that. An organization that continues with such a farce for so many years is puzzling.


They did exactly this with Edge, which - AFAIK - is not a system component, but a standalone application, just like the others.


Sure that's the plan, but it doesn't seem to have actually rolled out to any users yet? Why do they need IE 11 if Edge is ready to go?


Probably because Edge is a Metro/ModernUI app that doesn't work on Vista and 7.


So... not actually standalone. Chrome and Firefox don't have that dependency. I guess that memo still hasn't been sent.


But it's perfectly normal to depend on some OS parts and have minimum version requirements. Happens with everything out there, just that thresholds are different. Any recent Chrome doesn't run on Windows XP. IE11 doesn't run on Vista. Edge doesn't run on 7. Safari 7 doesn't run on OS X 10.8.

What do you propose to MS - to spend time supporting Windows Vista? Or make a browser that supports it? Bet they just don't care about Vista, besides security patches and alike stuff that they have to do under various enterprise contracts. Given that they go lengths to persuade 7 & 8.x users into upgrading to 10, doubt they care much about those versions, too.


Any recent Chrome doesn't run on Windows XP.

I'm regularly in an office that is rife with XP. I won't be in that office to check the exact versions on all the installed Chromes for a couple of weeks, but they certainly seem up-to-date.


I remember that installing an older version of IE on Windows 95 enabled some features like the Quick Launch bar in the task bar. Previously, I believed that this was a feature exclusive to the newer Windows 98 but that IE installation backported a lot of the visible Windows 98 changes into the Windows 95 Explorer.


That was Internet Explorer 4. It was however an optional part of the installation and if you installed IE5 without installing IE4 before, you couldn't get it.

Messy.


I've heard that, but no one is forcing them to program it that way.

They could do the equivalent of static linking and include the necessary components in the browser instead of the OS.

That's more or less what the Utilu IE Collection does I think.


It's the other way round: programs include the browser as a COM component. https://msdn.microsoft.com/en-us/library/aa752040%28VS.85%29...

So on the older operating systems, programs that shipped with the OS will be embedding the browser as a COM component, usually for help purposes. If they're rendering local HTML (or generated HTML!) then they require that to keep working. So that particular interface has to be maintained, making it very difficult to upgrade.

Microsoft were kind of correct in the "browser choice" lawsuit that they'd used the browser as an OS component, and everyone else was correct that this was kind of a bad idea.

On the other hand, how do you embed a browser component in a forward-compatible way?


> On the other hand, how do you embed a browser component in a forward-compatible way?

Android uses a WebView component. If an app wants to display a webpage, it can make use of this to render HTML. I imagine iOS uses something similar.

I believe this component is compiled separately for different versions of Android, and Android will only update to the newest compatible version.

Docs: https://developer.android.com/reference/android/webkit/WebVi...

Store page: https://play.google.com/store/apps/details?id=com.google.and...


> Microsoft were kind of correct in the "browser choice" lawsuit that they'd used the browser as an OS component, and everyone else was correct that this was kind of a bad idea.

Unfortunately, Microsoft signed a consent decree with the DoJ in 1995 which allowed them to add features to the operating system but meant they couldn't tie a separate program to the operating system. Therefore the browser had to be an added feature.

This was only a tiny part of a much broader decree. None the less, you can thank Janet Reno and the US government for the problems this has caused ever since ;-)


The consent decree is a large part of why we have browser (and OS!) choice at the moment. Imagine the world where IE6 won and use of ActiveX controls on websites was routine.


To quote myself from earlier...

The IE6 era (2001 to 2005 or 2006) was a period of great creativity, and it was when a lot of dominant web properties became established. Examples include Wikipedia, LinkedIn, Second Life, The Pirate Bay, MySpace, Orkut, Facebook, Gmail, Flickr, OpenStreetMap, YouTube, MegaUpload, Pandora and Twitter.

Web 2.0 became popular during that era (2004 onwards).

That "stagnation" compares rather well with much of the flashy, transient rubbish being launched nowadays.

Also, when it came out, IE6 was the most standards-compliant browser and generally performed better than its main rivals.


I don't see how that follows, seeing as the IE dominance era came years after the consent decree was signed (2000-2003).


The implication is that absent the consent decree IE would have been more dominant in that era, and that the dominance would have lasted longer than it did. This is plausible, since a world of sites built with non-web-standard crap would have been barren ground for nascent Firefox. It was for that exact purpose that IE has always been the way it has been, and would have been worse without the decree. Yeah, we're grateful for XHR, but that was just the tip of the iceberg.


But the consent decree didn't impede the creation of non-web-standard crap, and in fact XHR was made after it was signed, so how did it help?

Remember that "the decree does not address any of Microsoft's applications software." It only regarded their dealings with OEMs.


On the other hand, how do you embed a browser component in a forward-compatible way?

Use a consistent API and just upgrade the rendering engine, while maintaining quirks mode. It's not as much of a problem anymore because HTML5 specifies consistent parsing and rendering behavior for new and old documents.


Embedded rendering of local HTML doesn't need security updates, so that's not a major problem. You can leave it alone while you update the actual browser.


Yeah, they could do that now, but that doesn't help the IE 6, 7, 8 problems, does that?


Yes it does. They could ship a statically-linked copy of Edge to Windows Vista (and even XP) users via Windows Update. The old IE DLLs would have to stay there to be used by the system, but the actual web browser could be a newer one.


That's a terrible idea from a security standpoint.


If they're stopping delivering security updates for those versions of IE then it's better than nothing. Actually assuming they keep the statically linked Edge updated via windows update then I don't see any issues (as annoying as a large update to a statically linked program will be).


Microsoft Edge is a Universal Windows App, i.e. uses APIs that exist on Windows 10 only. And Microsoft is not backporting that.


I really don't get the concept of people being "stuck on XP": Vista shipped in 2007, so if your company wrote software after that that was locked to XP they made a mistake - one they've had EIGHT YEARS to fix. Everything except the most expensive, vertical-market hardware (that might require XP for driver support) has nigh-certainly already been depreciated to zero on the books.


When you've got a system that is, for example, underpinning your whole business operation (eg billing, machine controls, whatever) and that cost thousands (often tens or hundreds of thousands) to implement and it only works on a legacy version of an operating system (be that Win 3.11, Linux 2.4, or even just XP) you WILL move heaven and earth to avoid disrupting that system.

Even if it's a smooth migration to a current release, it doesn't have 15 years of perfect history behind it.

And that's when you can migrate. There are plenty of control systems for devices that cost $millions that were bought decades ago that just need to keep working. You don't have source. The vendor went out of business with the dot-com bubble.

Yeah, we probably could replace all the things, but at what cost? Will it beat the last 15 years of perfect uptime? Are you the buy willing to stake your job on it? Or shall we just paper over the cracks and keep shovelling coal into that server in the corner?

Edit: I'm describing worst-case scenarios in specific use-cases but even if there isn't a good reason to stay behind, the feeling of "why fix what ain't broke?" is pervasive in management, especially IT management. Maybe it's a generational thing and we'll see waves on waves of upgrades in the next decade or two but I'm fairly sure that'll just lead to another generation of "make do"ers.


> why fix what ain't broke

Because it will break eventually. That decrepit PC full of metal dust running XP that controls this here multimillion CNC mill will, given enough time, fail. Some part or other will fail, and eventually you won't be able to find new parts anymore that work with it. Granted, for an XP PC it's far in the future but still.

Besides, a Win 3.11 or XP PC won't have a 15 year uptime, it will probably have a sticker on it reminding users to reboot it daily.


I encountered a company with an "antique" mainframe running an "antique" COBOL workload. It had 17 YEARS of continuous uptime. Every single piece of hardware was either double or triple fault tolerant, and nearly everything had been swapped along the way, but the workload (a transaction processing system of a sort) had never ceased operations. It had never needed to be changed.

I know mainframe != Win XP, but it is important to remember that in many systems, it isn't really like a car, where you do maintenance to keep it running, its more like a wrench, where you use it until it breaks, and then get another one that does the same thing. In the years that the wrench is in service, new types of steel, new ergonomics, etc. might come out, but none of that is sufficient reason for upgrade. Only the actual failure of the system justifies replacement. Sure, its rare for that to be the case in a tech company, but not so rare in a company that just uses IT to do something else.


I agree and disagree. As an operation person, I think we need to make an argument for why X can't be done right away, but we must have a plan Y for migration. I know for a fact there is still some ancient database server running in our data center serving our critical business but there's a plan to migrate that to modern databases. While re implementing everything is costly, company has to hire specialist from a specific consulting firm to support such ancient database, and how long can we retain such talent without spending extreme amount and caution? "I am scared if I did this will screw everything up." There will be a point they have to migrate such database to something modern, and the cost is still several million plus.

The same argument that corporate world doesn't allow Python 3 or has a hard time to migrate to Python 3 because machines are running on some ancient RHEL servers or because of some security requirement. I get it and I don't get it. First, let's ditch RHLE. Fuck that. I really don't see reason to use RHLE; fine, YMMV. But it is people's job to do work. Some pieces can die, and some pieces will have to evolve, either from scratch, or slowly. No one said software development and operation support are easy, see https://pbs.twimg.com/media/CWC74tOVAAAsls0.jpg:large.


What's wrong with continuous improvement?

Our entire ethos is that software is never finished.


I love CI but it does only works if it's continuous.

The scenarios I was describing don't lend themselves to it. It's usually vendor deployed, closed source software. Not an in-house production. That or it truly is ancient, from an era when CI wasn't a thing.

You can resurrect development but as I mentioned before, this can often involve resurrecting people, not just the project. And employing them indefinitely for something that —for the past 10 years— has been free. It's a bloody hard sell to higher management.

My last post wasn't my opinion. I wasn't advocating for never updating, I'm just passing along my experiences with the sorts companies that have systems they don't touch out of fear.


Totally true - resurrecting a project is hard, to say the least, particularly if years have passed. We're an isv/agency hybrid, and we deploy monthly. The stack started a decade ago but it's as modern as it was then.

Ultimately the onus sits with the implementers to think about maintainability, and the end-user to think in terms other than the immediate.

Unfortunately, many legacy systems were implemented with the "it'll be replaced soon" view, and 30 years on are still limping along.

The software we build today will, if the species survives, probably still be in use in a century or more.

Think of your great-grandchildren when you go "that'll do"!


much like "perfect is the enemy of good", one might even say "better is the enemy of 'good enough'"


Let me play the devil's advocate:

Why should I as a user be forced to upgrade from a system which does it's job just fine only because the system's manufacturer decides that they don't want to spend any more resources on patching up errors in this system? Having bought the system, shouldn't I have gotten a product that is reasonably secure in the first place? How do I know that the new shiny replacement system doesn't introduce new problems which take years until they are discovered and could be much worse than the old system where already a lot of work has gone into fixing bugs?

I bet the real reasons are much more mundane. I've seen several times where updating a single tool in game production teams takes years, because the 'time is never right', the update can't be done incrementally, and the production can't afford to switch the whole team over and risk weeks of instability and bug-hunting because unexpected bugs crop up that didn't manifest in small-scale tests.

Basically: never change a running system :)


> Why should I as a user be forced to upgrade from a system

You aren't forced. But you will be exploited for it, any security vulnerability will destroy your entire operation, and your customers should distrust you for being so stupid.

Its not that you made a mistake trying to keep the system running. Your mistake was using a proprietary foundation with no commitment from the provider it will be supported forever. So of course you have no option when the rug is pulled out from under you - but that was your mistake. If you were built on top of Linux 2.4 like the superposter said, you could just pay the developer costs to maintain it yourself.


> Why should I as a user be forced to upgrade from a system which does it's job just fine only because the system's manufacturer decides that they don't want to spend any more resources on patching up errors in this system?

Because by choosing that system in the first place you implicitly chose to tie yourself closely to their support. Both the buyer and the seller have a responsibility to plan for following these support decisions. Scenarios like this should inform future purchase decisions, including whether or not to buy again from the company who failed to keep up.


Because the browser isn't isolated to only using a single website/application... users are likely to hit any number of sites, including those with popups that look like security warnings that then exploit and infect the rest of your network only to destroy everything.

For example look at speedtest.com in a windows browser, when you really meant speedtest.net ... This is only a single example, it happens and bad people are out there.


I guess if you don't mind the person running an unsupported system then don't. Most businesses desire support, however. You can't control when the old unsupported system is going to fail. You might find yourself doing a forced upgrade to a new system at an inconvenient time with zero time for transition. Strikes me as irresponsible.


This is just maintenance, pure and simple. Applies to any other piece of equipment, software or otherwise.

Plenty of hardware components that can probably keep running for a long time without maintenance, but you wouldn't do that would you?


> I really don't get the concept of people being "stuck on XP"

Can you understand the concept of people being too poor to ever upgrade? Can you understand the concept of people who live in places where up-to-date technology is hard to get? (see Cloudflare's recent SHA1 deprecation post: https://blog.cloudflare.com/sha-1-deprecation-no-browser-lef... )

And before you say "there's Linux that's free", the idea of Linux being free if you don't value your time is absolutely applicable to these people. They perceive their time as having more important uses than acquiring and learning different software.


The mistake is not what they are using, the mistake is every person today falling into that trap. We know it exists, yet everyone is still buying Windows computers running versions of a proprietary operating system we know Microsoft will stop supporting within 8 years (at least for Vista through 8, we still have no idea what Microsoft is doing with 10 going forward, and they honestly can do whatever they want - they control the software).

I mourn those stuck on XP, destined to be exploited for eternity by the thousands of malware payloads targeting them now, but you are right in nothing can be done about them really. But the real injustice is every person without the time to learn new systems (and that is a barrier on Windows and Linux - try switching someone from XP to 10 and it as massive a leap, or even more massive, than going from XP to Lubuntu).


I'm always amazed by what kind of software is so tied down to an operating system like that. Windows has incredible backwards compatibility so I struggle to see what exactly is so hard to move.

This strikes me more as management and economic policy issues within the organization of why waste money for something they might not appreciate or see the necessity of.


This is a frustrating thing as a software developer: not enough people outside the industry know how to audit what they're buying. The expectation is that you reward a developer for simply implementing X, and no attention is given to whether or not the implementation sucks. A lack of open-source mandates may be one factor, and a lack of quality regulation may be another.

It is entirely possible to implement a "working" system that will require Herculean efforts to make the slightest change: a system that will collapse in on itself entirely if anything is touched anywhere else. And if you already spent a lot of money to get this far, you may assume a lot more is required to patch it.

Sadly, although we as an industry do know how to build hardened systems that are a lot more likely to adapt with the times and provide stable operation, people outside of the software industry really don't seem to know the difference. And if better software comes at a premium up front, cheap organizations may always pick the lower bid because they're thinking of software like an office chair and not a bridge that's holding up a road.


No fear, Webkit has replaced IE, with each device using its own version of it.


I feel like users in China will be more likely to install a "don't nag me about upgrading" counter-patch than actually upgrade to a newer version of Internet Explorer.


If they are stuck on XP it's not really a choice.

I work for a major European corporation and I am also stuck on XP. We don't exactly have the best in class IT dept (despite claims by a senior IT guy that we have more developpers than google and facebook together... we don't really have much to show for it).


> If they are stuck on XP it's not really a choice.

I never understood why users stuck on XP don't just install a different browser (Chrome or Firefox). You don't have to use IE, especially not in the version is so old it barely works with modern sites.


Because corporate policy says "no Chrome or Firefox Portable for you".


Corporate policy is not a law of physics. It's just some dude that decided something. They can decide something else instead.

Saying that doesn't actually answer the question, it just shifts it to "why would corporate policy say that".


we have more developpers than google and facebook together

That's probably why you can't get anything done (Mythical Man-Month passim)


More than one entity is paying for continual patches for XP -- http://money.cnn.com/2015/06/26/technology/microsoft-windows...


Is it because of an in-house software maintenance problem, or mostly due to being tied to 3rd party software and would have to buy new licenses / migrate?


I think it is a mix of lots of internally developped software which is not compatible, or at least not tested as compatible (and often this software is not developped anymore), cost constrains, and mostly a lot of bureaucracy and glacial-paced processes. I don't think it has to do with third party software.

[edit] in fact if anything third party software is forcing us to upgrade as we see some critical third party software progressively becoming incompatible with XP.


Aren't old android browsers more of a problem nowadays?


Depends who you're developing for. If you're selling SaaS and your customers are large public or private sector organizations whose staff work at their desks, old versions of IE are still your biggest headache.


I have a fun story.

IE10 and below have two modes. "Browser" mode, which means the IE10, IE9, IE8, IE7 rendering engines. "Document" mode which means the engine treating the page like it was meant for IE9, IE8, IE7 etc. Or so it says.

Confused? Take a look at this chart:

https://i-msdn.sec.s-msft.com/dynimg/IC780294.jpg

More confused? So was and am I. I don't fully understand document mode and I suspect Microsoft doesn't either. Likely the reason they deprecated the moment Windows 10 came out[1]

So what's the problem? Well, even though a web page would render fine in IE9, IE9 could look at it, take issue with your markup, and then, surprise! Your user sees it like it's IE7... using the IE9 rendering engine.

For most web developers that needed to support IE, you basically always needed to insert a <meta> tag with a value of X-UA-Compatible in the <head> of your page. It forces the latest document mode, i.e., "treat this page like a modern page and render it without being stupid." 99% of the time this is what you want. 1% of the time (the need for document mode) is when a page was so reliant on older browser quirks that it needs to be treated as an IE7 page.

Cool, that's all we need right?

Enter oracle.com. In all versions of IE9, there is a hidden, built in compatibility mapping which will always force a certain document mode[2]. So even if your little page brings with it a valid meta tag and uses completely valid markup, IE9 will take look at its name on its blacklist, smile, pat your page on the head, and then shove it the trash compactor.

Smash. So IE9 forces a terrible document mode upon all pages on oracle.com and several other domains mode and Microsoft, to this days, says just about nothing about the hidden blacklist in their documentation. The only way I found this out was by searching "oracle.com" in all of IE9's source code, whereupon I found the responsible XML file, the blacklist.

So what's the solution?

Well, after some hair loss, I discovered the solution is to bring the X-UA-Compatible OUTSIDE of the <head> tag and put it right above the HTML one. In complete contrivance to everything Microsoft said in its documentation, and also normal browser logic.

... That, kids, is why IE9 and below needs to die.

[1]https://msdn.microsoft.com/en-us/library/dn384051(v=vs.85).a...


IE9 support is already in a sad state. Many new websites already look in IE9 as bad as in IE6.

Chrome should spawns less processes (hold some more tabs in one process). IE spawns less processes than Chrome and therefor is less of a memory hog.

Firefox finally needs a proper multi-process implementation. Even the latest Developer edition just uses two processes (firefox.exe and plugin-container.exe) - I just tried it again with a new profile. Good luck keeping 100 tabs open (with "open" I mean "in memory"). If one tab crashes... you switch back to IE/Chrome. In the current state Firefox is great for development, but not for my daily web usage.


I'm kind of sick of hearing complaints about Chrome's multiple processes being somehow a bad thing. You want fewer processes in Chrome, then you go on to complain about Firefox's crashed tabs. Do you understand that's one of the benefits of having multiple processes? If one process crashes, it very rarely effects the performance of any other processes. It's not keeping all of your eggs in one basket. It provides better security as well. So I'm at a loss as to why so few people can appreciate it. Considering these benefits, memory usage is totally reasonable.


Are you answering my comment? You wrote your own unrelated rant.

I only wrote about it would be great if you could configure Chrome's process spawning logic. IE does it in an more intelligent way to consume less memory by spawning a bit less processes (a trade off, as if one tab crashes more tabs have to be reloaded). But giving a power user (who have 100+ tabs open) a choice would be great.


It's not the default yet, but you can already enable multi-process in Firefox by toggling the "browser.tabs.remote" option in about:config. It should ship as the default this year.


It will be a while still before you can actually party. As long as a measurable percentage of your users are still on these browsers, you're missing out on money of you don't support them.


Businesses might be missing out on customer money if they don't support obsolete browsers, but the people developing the webapp/website/whatever are definitely missing out if they don't start with 'we support all modern mainstream browsers' and then supply a separate bid for old IE support. Let the business decide whether the significant extra cost is offset by the extra income from these users.


"As long as a measurable percentage of your users are still on these browsers, you're missing out on money of you don't support them."

This seems to be a common refrain here. It's missing an important caveat: "unless supporting those browsers costs more than the customers are worth". Supporting ancient IEs means things like: avoiding features that can't be polyfilled, providing XP images for CI, debugging IE issues, etc. None of these happen for free.


True but at least now Microsoft will be bugging them (and more likely their IT departments) to upgrade.

Even the most conservative CIO will have a hard time justifying not upgrading at this point.


Does this mean jquery will lose a significant part of its utility?


Unlikely..

- 1% of traffic is still significant for most businesses.

- Consistency/Training/Hiring. Everyone that has ever written JavaScript has learnt jQuery. Some people don't even "know" JavaScript, they "know" jQuery (I say this as a testament to jQuery, not as a detriment to these developers. jQuery is all they have needed, why know anything else?)

- jQuery has so many plugins/frameworks that depend on it. Bootstrap alone gives it a ton of utility. Backbone/Ember are extremely tied to jQuery (or "clones").

- While ofcourse plugins/frameworks can be rewritten to exclude the jQuery dependency. jQuery is provenly stable. You would need significant counter inertia to rock the boat. At that point, why rock the boat? No one ever got fired for using jQuery: huge utility.

- Ergonomics. AJAX, Animations, Custom Events would all need custom wrappers / util libraries

- Forward compatibility. If you use jQuery today, all you'll have to do is upgrade the version of jQuery and you're using the latest and greatest browser internals (when appropriate) but no change to your API (mostly)

And I'm sure I'm missing a couple.

P.S. Before anyone starts, there are tons of good reasons to not use jQuery. Are the reasons to drop jQuery greater than the reasons to keep it? I don't really care. That is for individuals/teams to decide. I am just answering the parent's implicit question: "Is there utility to jQuery beyond legacy browser support?"


Plus with the current state of the web, jQuery from a major CDN is in probably every single browser cache in the world. There's something to be said for a core web library that almost never has to be re-downloaded.


Superior DOM API is the biggest utility of jQuery anyway.


Obligatory comment about Safari being the new IE.


Those companies that have kept running outdated IE versions will most likely still ignore upgrading. I've had a client upgrade their IE6 machines to IE8 just a few months ago. Even their own employees were frustrated with the old equipment, but there was nothing they could do until their IT dept. finally provided the upgrade for them.


Oh, this must be why the company I work for is finally pushing out IE11. (I upgraded my own machine a long time ago, but many people here are still on IE8.)


How does an article like this, with such a blatantly false clickbaity title, not get flagged into oblivion rather than getting 270+ upvotes?


I get that this is good news in that it should reduce the number of users running them, but this doesn't remove them from machines running them.


The big issue with IE<11 is that they are not happybrowsers, i.e. with automatic updates. Thanks God, the world evolves and things get better.


Their obituaries have been posted and celebrated so many times that I feel we're all secretly enjoying IE, with some sort of guilty pleasure.


If you were writing HTML documents would it really matter which browsers people were using?


You mean without JavaScript and CSS? The reason browser versions matter is because there has been a massive amount of innovation in JS and CSS in the last decade. That innovation has allowed websites to move closer and closer to the capabilities of desktop applications, which is a win for ease-of-installation, security and for the web as a platform.


Yes, basically. You don't need javascript for presentation. You don't need overloaded eye candy driven by oodles of css. An HTML document is like http://motherfuckingwebsite.com/ or http://bettermotherfuckingwebsite.com/ or this website Hacker News.


"I see dead browsers"


Does Edge have Java yet? No? Then IE isn't going anywhere.


I have no idea how confident I should be in Edge's security. Microsoft just doesn't have a great history there.


A major category of IE vulnerabilities involved tricking it into loading COM objects. The Chakra JS engine moved from a COM based implementation to compiled JS. And Edge doesn't support ActiveX or Browser Helper Objects (BHOs) like IE did either. It looks like most of the COM attack vectors have now been shut down, though some components like the clipboard still use COM to interact with the broader OS.


Out of couriosity: As BHOs were the closest IE had to browser extensions, does that mean Edge doesn't support extensions at all - or is there a different system in place?


Edge will actually support both Chrome and Firefox extensions,,, http://www.theverge.com/2015/4/29/8515771/microsofts-edge-br... But not until later this year.


I'm just skimming this, but this sounds as if they plan to implement the WebExtension spec. That would really be a remarkable step forward and a distinct difference from IE.


Microsoft has actually had a pretty good security record for the past decade now... Most of the truly stupid decisions regarding security were prior to Windows XP. Since Melissa/ILoveYou and several other worms that wreaked havoc on data centers i the late 90's and early 00's there was a massive shift in terms of security conscience at MS.

There have been attack vectors since, but that is true of every platform, and since Windows 7 in particular, most of them have been from third party software.


I think it should have a built in kill switch. It knows it's own EOL date, and just wouldn't work after that.


Really? I know that would be easier for developers, but think about it from a "it's my computer" point of view - do you really want people doing that to you?

It's your computer, you should be able to to run whatever software you like.

A reminder to upgrade, OK, that's fine. But actually disabling? You go too far.


That's definitely the direction we appear to be heading, though. Different 'app stores' are varying degrees of the way there, but auto-updates coupled with an inability to download past versions makes this almost a thing.

I don't want to be overly negative, though. I foresee a future in which there is a split between completely walled gardens and completely open systems, so those who really want the latter will still be catered for.


Except most of the time, it's not really your computer anymore. First, if it's proprietary software, you've licensed it, you don't own it, it's not yours, you have no say what the policy is. The company lawyers could make a case such an EOL switch is necessary just to avoid liablity once they're no longer providing security fixes.

If you want this kind of choice, the only way is free and open source software. That's the reality, and it's been that way for a very long time, just read the EULA. It isn't yours. They're not doing things "to you" by preventing it from working, they're protecting themselves. Free software could decline to work by default, with something like an about:config opt out feature. That's because free software belongs to everyone.

Next, hardware. Apple, the most among all the companies making hardware, explicitly reserves the right to modify the hardware after sale. There is in effect a hardware EULA. Your rights are fairly limited to turning it off or disposing of the phone. You don't have a right to modify it, you don't have a right to jail break it, you don't have a right to run software that Apple doesn't, through its license that you've agreed to, approve of. Not only is the software not yours, there is tacit residual hardware right reserved by Apple. I don't like it, you don't have to like it, that's how the agreement effectively works though. So if you really don't like it, then you shouldn't buy those kinds of products.

Android, it's fairly similar license wise, but there is at least in most implementations the option to enable 3rd party software installation. So you could install some ancient unpatched web browser if that's what you wanted to do. And of course Cyanogenmod and other free OS's you have a lot more control because the software is yours by virtue of you having possession of it. You have a legal right to modify it if you don't like how it behaves.


I laughed a little bit imagining a user yelling out "it's my computer!" and actually believing they should have full, absolute control over anything it does... while running a Microsoft operating system.


My Windows 3.11 VM works fine though thanks!


If that got popular in general, think of the fun malware possibilities where "setting the clock" becomes a major security issue. Not to mention sabotage. Shut down the chemical plant by changing the time on a PC to the year 2200 (assuming it works past 2039 anyway), etc.


Changing the clock is already a legitimate security concern. Only root should be able to make such modifications anyway, and if root is compromised it doesn't matter anyway because there are much easier ways to take down a system once someone's escalated privileges that far.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: