Why Windows XP users need to dump Internet Explorer - NOW!
Here we are in the year 2013, and Microsoft's incompetence (or is it arrogance?) still continues to astound me. We are now (and have been for nearly twelve months) at a stage where the normal age-old Internet Address ranges are depleted, yes, they have now pretty much run out of IP addresses all around the world, most regions will no longer issue any more IPv4 addresses to existing organisations, and new organisations are severely restricted in how many they can obtain - because there are little to none to give out. The problem of IPv4 address depletion has been solved for some time by the new IP address scheme, called IPv6, however, at present less than 1% of the world is using IPv6, many service providers, businesses and governments are moving that way, albeit very slowly, and there is going to be serious problems in the near future.I'm not going to go off on a tangent like many of the IPv6 fanboi's do, and lets face it, they have been crying wolf since late nineties about running out of addresses within two years, when that was never the case and time has proved that, so they have no-one else to blame but themselves for the slow take-up of IPv6 today but now it is essential that all service providers, businesses, and governments stop delaying, and start configuring their entire networks for IPv6 - especially the service providers with end users, where here in Australia,
only one of the top ISPs is doing anything about it, the top three ISP's with the vast majority of users, are not, of course when you have a million users or so it's not something you can do overnight, but there is no excuse for not having started the roll out at all, after all, it's going to be your helpdesk staff flooded with tickets about unreachable sites if you don't.
It is a known fact however that IPv4 will continue to be around for a very long time yet, I personally think it'll be perhaps mid 2020's by the time it is completely withdrawn from use, because of this, and the slow take up on IPv6, there will be a lot of reachability problems if networks don't roll it out quickly, and we'll start seeing these problems by next year.
To get around reachability problems, hosting web sites will do what's called dual stack, it means each server will have an IPv4 and an IPv6 address, in shared hosting situations (the most common method), this is fine, since you can put many thousands of websites on one single IP address, limited only by the ability of your hardware, allowing for bursts and the unexpected, two or three thousand websites per industry standard rack server would be common, some may handle less, some more.
However, even in shared hosting, this all changes with secure websites (those with https://), traditionally, SSL sites have been one host per IP address, this is because of the way the web server, SSL, and certificate matching works, it finds the first or best match, any second host attempt is regarded as a possible tampering (man in the middle attack) and results in a failure to view the website.
To get around this, in 2004 an extension to the transport layer security in OpenSSL was developed called Server Name Indication, or commonly known as SNI, this allows, identically like non secure shared hosting, one IP to host multiple secure web sites, but, for all this to work, the client software (your web browser) must also support SNI, and this is where the problem exists.
Most web browsers that have been released or had any sort of maintenance in the past 5 years or more have supported SNI, except of course for one well known, and heavily used browser, Internet Explorer. Microsoft did however resolve this for users of IE 8 onwards but only for Vista, Windows 7 and above, not XP, which is the real issue here, the most commonly used Windows operating system today by around 75% is still XP, which today, still receives updates, but apparently Microsoft would rather tell you buy an upgraded operating system like vista/win7, than fix IE on XP. The annoying thing is, SNI has been supported as general availability for more than five years, back in the days of Mozilla 2, it's even supported on old linux browsers with no support for years now like Epiphany and Galeon since 2006, even the text based browser lynx can support SNI, as well Internet Explorers prime competition - Firefox and Chrome.
What all this means is that service providers who run out of IPv4 addresses, will have to start using SNI for SSL sites to be reached by IPv4 users, resulting in XP users using IE that do not have an IPv6 address, getting failures and unable to access those SSL websites. Now, it's not entirely just Microsoft here, Apple's Safari (or perhaps this is because it links into the XP operating system the same way IE does) on XP (but not on Mac's since v3.0) will also fail, as will java prior to 1.7 (you really aren't going to admit to using that are you?).
The only way around this for XP users is, no, not to go out and spend a couple hundred dollars on a Windows OS upgrade like certain official Microsoft staff bloggers (@EricLaw) would suggest you do, but spend a minute to download and install Firefox or Google's Chrome, the cheap, as in free, and immediate resolution to the problem.
Is it a fact that Microsoft care more about their bottom line than customer loyalty? Don't think for one moment this wont affect you, what if you start a small business in two years time and want a shopping cart? You'll need SSL! What if your desperate for that one special item that can only be bought at one online shop, from a secure shopping cart, on a server using SNI. Perhaps you should let @Microsoft know you're not happy and that they should fix the XP SNI problem. Despite Microsoft's wishes, XP is not going to go away any time soon.
It is a known fact however that IPv4 will continue to be around for a very long time yet, I personally think it'll be perhaps mid 2020's by the time it is completely withdrawn from use, because of this, and the slow take up on IPv6, there will be a lot of reachability problems if networks don't roll it out quickly, and we'll start seeing these problems by next year.
To get around reachability problems, hosting web sites will do what's called dual stack, it means each server will have an IPv4 and an IPv6 address, in shared hosting situations (the most common method), this is fine, since you can put many thousands of websites on one single IP address, limited only by the ability of your hardware, allowing for bursts and the unexpected, two or three thousand websites per industry standard rack server would be common, some may handle less, some more.
However, even in shared hosting, this all changes with secure websites (those with https://), traditionally, SSL sites have been one host per IP address, this is because of the way the web server, SSL, and certificate matching works, it finds the first or best match, any second host attempt is regarded as a possible tampering (man in the middle attack) and results in a failure to view the website.
To get around this, in 2004 an extension to the transport layer security in OpenSSL was developed called Server Name Indication, or commonly known as SNI, this allows, identically like non secure shared hosting, one IP to host multiple secure web sites, but, for all this to work, the client software (your web browser) must also support SNI, and this is where the problem exists.
Most web browsers that have been released or had any sort of maintenance in the past 5 years or more have supported SNI, except of course for one well known, and heavily used browser, Internet Explorer. Microsoft did however resolve this for users of IE 8 onwards but only for Vista, Windows 7 and above, not XP, which is the real issue here, the most commonly used Windows operating system today by around 75% is still XP, which today, still receives updates, but apparently Microsoft would rather tell you buy an upgraded operating system like vista/win7, than fix IE on XP. The annoying thing is, SNI has been supported as general availability for more than five years, back in the days of Mozilla 2, it's even supported on old linux browsers with no support for years now like Epiphany and Galeon since 2006, even the text based browser lynx can support SNI, as well Internet Explorers prime competition - Firefox and Chrome.What all this means is that service providers who run out of IPv4 addresses, will have to start using SNI for SSL sites to be reached by IPv4 users, resulting in XP users using IE that do not have an IPv6 address, getting failures and unable to access those SSL websites. Now, it's not entirely just Microsoft here, Apple's Safari (or perhaps this is because it links into the XP operating system the same way IE does) on XP (but not on Mac's since v3.0) will also fail, as will java prior to 1.7 (you really aren't going to admit to using that are you?).
The only way around this for XP users is, no, not to go out and spend a couple hundred dollars on a Windows OS upgrade like certain official Microsoft staff bloggers (@EricLaw) would suggest you do, but spend a minute to download and install Firefox or Google's Chrome, the cheap, as in free, and immediate resolution to the problem.
Is it a fact that Microsoft care more about their bottom line than customer loyalty? Don't think for one moment this wont affect you, what if you start a small business in two years time and want a shopping cart? You'll need SSL! What if your desperate for that one special item that can only be bought at one online shop, from a secure shopping cart, on a server using SNI. Perhaps you should let @Microsoft know you're not happy and that they should fix the XP SNI problem. Despite Microsoft's wishes, XP is not going to go away any time soon.
Trackbacks
No Trackbacks
Comments
Display comments as Linear | Threaded
resume examples on :