Hacker News new | ask | show | jobs
by londons_explore 2628 days ago
The reality is, for a bunch of usecases, you're gonna need to support 15 plus year old devices.

So Windows XP...

There are a lot of old systems out there running API's, automation, industrial systems, etc. They never get updates, and are expected to last decades. Most of them aren't on the public internet, but HTTPS would still be a good idea. This change is going to mean a bunch of them just get changed over to having no encryption.
3 comments
pcnix 2627 days ago
This is because the IdenTrust root is expiring though, it's not something LetsEncrypt can do anything about.
link
profmonocle 2627 days ago
They could get a new cross-signed intermediate from a root with broader compatibility.

Though I imagine that's extremely expensive. I expect that has something to do with this decision - they are a non-profit after all.

link
panarky 2627 days ago
> it's not something LetsEncrypt can do anything about

This is going to cause a lot of stuff to break, and it's 100% LE's responsibility.

HN's root cert is valid through 2038.

LE could have gotten cross-signed by a cert that didn't expire so soon, but they didn't.

link
londons_explore 2627 days ago
> LE could have gotten cross-signed by a cert that didn't expire so soon, but they didn't.

And they still could.

link
tcd 2627 days ago
If you want to use an old, unsupported OS then don't expect support.

Expecting XP or say Windows 98 to still work on modern day standards is just laughable.

Upgrade, or get left behind. The concept of 'never updating' isn't one that is practical and you'll pay the penalty for it later on.

link
shawnz 2627 days ago
Consider that for mobile users, updated software might not be available for their hardware and they might not be able to afford new hardware.
link
pard68 2627 days ago
Work for a university. We have a number of students in Africa, southeast Asia, and eastern Europe taking online courses. We do not support Windows XP or Vista, except for in the case of these students. Some of these guys don't have the resources for anything else.

I also know that we get a number of students connecting with Android v3 or earlier from these same locales.

link
tomschlick 2627 days ago
Something like Ubuntu sounds like a great fit then.
link
londons_explore 2627 days ago
Modern ubuntu is getting pretty heavyweight. Gone are the days it'll run on any old laptop.
link
watersb 2627 days ago
Absolutely. I just refurbished old Core 2 Duo desktops. Ubuntu creaked along (it was Disco Beta).

I found Linux Lite, based on Ubuntu 18.04 LTS:

https://www.linuxliteos.com

link
isostatic 2627 days ago
Anyone running XP or whatever for a good reason will be able to install the new root certificate
link
aasasd 2627 days ago
Most industrial devices and even consumer kiosks probably access sites that are under the control of the device's owner or manufacturer. So the sites can just use self-signed certificates in the first place.

Or, for industrial use a hundred bucks on a certificate from an older CA is nothing.

link
cpach 2627 days ago
Or, as 'vbezhenar hinted at elsewhere, the operators of the systems can distribute and install the ISRG root certificate to the devices that need them.
link