When Outlook becomes a PWA (currently in test, I think it's probably two-three years from stable), it'll be rendering mail with all the functionality of Blink. Which depending on your point of view, means a sigh of relief or time to buy more RAM.
But Gmail is already a web app, and only supports a tiny subset of modern HTML and CSS. The limitation is of course arbitrary, it could in theory support any modern standards. But HTML mail is so quirky and full of hacks, that they probably have to do it that way to preserve compatibility. Apple's Mail app is one of the few modern mail clients that can render modern HTML/CSS
Given that email is MIME (i.e. you can add multiple “bodies” to a message, with different content-types, and the email client will select the best one it can render), you’d think we could just come up with a new content-type for email meaning “HTML, but for real”, and add that to email in addition to the current “HTML, but sucky” semantics we get from text/html-typed bodies.
For a while, people would be sending both text/html and text/html-for-real, but eventually we’d maybe be able to switch to only sending text/html-for-real (while also continuing to send text/plain for fallback.)
I get what you mean, but it's not like we'd have to keep adding these on. "text/html" on email clients currently means "some specific ossified version of HTML4"; but text/html-for-real would hopefully mean "the newest and most featureful version of HTML that your rendering engine can manage." So there'd just be the one version of it.
Eventually, if everybody switched to sending text/html-for-real first, maybe the email clients could follow along and make text/html also mean "the newest and most featureful version of HTML5"; and then we could all revert to just calling it text/html.
Rather than a distinct MIME type, I believe it could also make sense to borrow the HTTP header X-Content-Type-Options: nosniff (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-...) into the MIME envelope of the text/html document, to signal that this envelope is "really" using HTML, no second-guessing. (This is how the header was used in IE8: to tell the renderer to explicitly not trigger IE historical-renderer compat mode.)
That might get into a situation where the message has two MIME bodies that are both text/html, though, and I'm not sure existing clients have been written to cope with that. A well-engineered solution would work with existing clients (by having them ignore the body of unknown-to-them media-type, and render the old fallback body of known media-type.)
That's true, and I wish that emails could just work like everything else on the web. But simply removing Outlook and all its baggage from the equation would be a big, big improvement on the status quo.
By "I wish that emails could just work like everything else on the web" I meant modern web HTML/CSS - I was replying to the GP - not the full set of browser capabilities such as Javascript. I suppose it's possible you'd also want to exclude certain CSS abilities, but at that point you're now diverging from the web CSS spec which isn't ideal either.
Yes, but then who maintains the whitelist? What's to stop individual email providers from deciding they do/don't like certain standards? I agree that email doesn't need much of the CSS spec, but nor do the vast majority of web sites and yet we don't like it when browsers aren't standards-compliant...
HTML/CSS is designed to be safe for web by browser vendors and working groups. Unused HTML/CSS feature is fine as long as it's not vulnerable, but blacklist for email is problem because new feature is not designed to be safe for email.
Theoretically email client vendor can host working group like WHATWG to define standard by picking subset from web HTML/CSS. I don't know why it's not happened.
Can you share some CSS vulnerabilities that would work in email but not in a browser? I can certainly think of CSS vulnerabilities that would not work in email because email can't execute javascript, but can't come up with the reverse off the top of my head. Genuinely curious here.
* Any way that reference external resource like css url() can be used as beacon. It should be blockable by client like image, but thinking how it affect is difficult if all tags are allowed.
* iframe content inside message is editable after message sent.
* Java Applet/ActiveX is almost dead, but still available. Should it be allowed on email? (for web mail on IE11/Trident)
* Sanitizing JavaScript from HTML by blacklisting isn't simple operation. Possibly attack vector. (for web mail)
> * Any way that reference external resource like css url() can be used as beacon. It should be blockable by client like image, but thinking how it affect is difficult if all tags are allowed.
You can already use url() to load background images - seems like this is a solved vector.
> * iframe content inside message is editable after message sent.
Does this really increase the attack surface area, since you can't execute javascript from the iframe?
* Java Applet/ActiveX is almost dead, but still available. Should it be allowed on email? (for web mail on IE11/Trident)
No, because that's not in the HTML/CSS spec and modern browsers don't support it.
* Sanitizing JavaScript from HTML by blacklisting isn't simple operation. Possibly attack vector. (for web mail)
Seems like a solved problem considering there's currently no way to execute arbitrary javascript in webmail.
> You can already use url() to load background images - seems like this is a solved vector.
Background image with url() is very easy to be whitelisted because it's very similar to <img> tag.
> Does this really increase the attack surface area, since you can't execute javascript from the iframe?
Sorry, this concern isn't about security for browsers, but for text editable email without indication. Maybe you can argue that it's not a problem because external image is already replaceable, but IMO it's more problematic.
> No, because that's not in the HTML/CSS spec and modern browsers don't support it.
Blacklist approach means that any tags just work unless explicitly specified on blacklist. "Not in spec" won't help.
> Seems like a solved problem considering there's currently no way to execute arbitrary javascript in webmail.
The surface of HTML+CSS is pretty big by now. Perhaps you could use CSS to restyle the "From" address: hide the original content and use an :after property to put "$bank_name" there. Perhaps you can generate a unique @font url for each user to track opening of messages. Just two things of the top of my head that maybe won't work, but it would probably be a cat and mouse game for a while when security researchers start poking at it.
Most ePub readers are intentionally not compliant with the standard, because the standard allows way too much. Including, for example, arbitrary execution.
EPUB3 is a half-baked standard that nothing actually fully supports. The JavaScript parts especially—most e-readers don’t ever plan on adding JS support, even if they nominally support EPUB3.
Why have HTML email in the first place? No other messaging client lets you send entire HTML documents as messages. Just send me some words and a link to click on in a proper browser. The fact that HTML email is so bloated and a nightmare to eyeballs eveywhere is (IMO) a huge reason why conversations (even professional ones) shifted over to Slack, SMS, WhatsApp, FB Messenger, etc. I want a place to talk to people, not to shitty template engines. But if you're going to automate my conversation, use words, not posters.
You're comment made me think about why we actually use slack/IM when email is just as capable and I think the answer is that I can have notifications turned on for IM and I can't do that for email. Which means I respond much slower to email.
IM is one of the last places on the internet not filled with automated crap, advertisers and spam. And to be fair, some of that automated crap I actually want and browse through at a later time but IM explicitly separates real time messages and newsletters.
Email supports instant notifications, via your provider’s app or IMAP IDLE. I use Fastmail and get push notifications for email the instant it is received.
The point is if I turned on instant notifications I would go insane because they would never stop. I receive lots of emails and a lot of them are not very important or at least not urgent. While every IM I receive is something I at least want to glance at now.
I'm intrigued by that idea. Markdown or Markdown-like subsets have proven to be sufficient for communication in a variety of media (Slack, Wikipedia, forum comments, GitHub issues/comments, etc.)
Email clients are a bit of an oligopoly, so execution would depend on which player(s) are involved. Most of these initiatives would need an "everyone but Outlook" coalition to succeed.
A few thoughts on implementation:
- Multipart MIME is still a big part of HTML mail, so it would make sense to piggypack on that support. Instead of adding a new MIME attachment for Markdown, it would make sense to extend the existing support for text/plain renditions and find some way to signal that it's Markdown. (e.g. text/plain; charset=UTF-8; variant=MarkdownMail)
- For mail clients that aren't Markdown-aware, it would be important to produce an HTML-rendered variant with a reasonable style sheet.
- A Markdown-first mail client would either need to limit formatting to Markdown or soft-block access to non-Markdown formatting. ("Custom text colors will not be visible on some devices and may be lost when replying. Continue?")
- When viewing a Markdown-enabled message, a Markdown-first mail client would render the text/plain variant in its preferred style sheet, not the HTML-rendered variant.
- When replying to a Markdown-enabled message, a Markdown-first mail client would use the text/plain variant as the source of truth for quoted replies, not the HTML-rendered variant.
A few tricky areas:
- Mail clients would need to agree on a Markdown dialect, especially for extensions like tables.
- Markdown isn't very incompatible with quoting. There would need to be a solution for inline quoting.
- For everyone's sanity, it would seem important to agree on a delimiter to separate prior messages and their headers.
- To not be worse than HTML mail, we'd really need a way to signal that a paragraph is part of a mail signature so that it can be rendered in a subtle way. As much as we might wish that mail signatures would just go away, they will continue to be used, and rendering them as standard paragraph text just makes them more distracting.
> I just moved to an outlook company after years on google. It’s so nice having my mail client be native.
Hehe, I also moved to an Outlook company a few years back. I’ve had to switch completely to the Outlook Web App (OWA), the native app gets too bogged down after a while, and it’s frustrating to deal with Outlook native across multiple machines. My Outlook experience was vastly improved when I stopped using the native client. And there are a lot of reasons I prefer Gmail as well, Outlook seems to lose threads easily, the spam filtering isn’t as good, and it has all kinds of unintuitive UI quirks and gaps.
For an application which has rendering HTML content (emails) as its primary function, being a PWA and using something like Electron actually sounds like a good choice.
Damn, hopefully it is more than two or three years out. I'm enjoying Outlook being one of the most stable and least resource-hungry applications that I run on a daily basis.
Also, if it's going to be a packaged-up version of the Outlook webapp, I'm going to lose the global unread mail folder, which is going to kill me, given the way my inbox folders and rules are set up by customer.
If you want to switch to this, PWA install is available for Outlook Web App right now (just sign into outlook.office.com and click on the plus button that appears in the address bar in Edge or Chrome). If you don't have any crazy mail needs it works fine.
Going a bit further back, IE 5 and 6 were the best browser by far. Strange for me to think that my now-beloved Firefox has its heritage embedded in Netscape, which at the same time as IE5 was an absolute pig.
- ed
for some reason I have it in mind as IE5.5 specifically that was The Great IE.
I have a version of myself aged in their twenties and working in web development that really wants to stab anyone believing that IE6 was the best browser.
I won't argue that it wasn't decent at launch, but MS kept support for that browser around way too long and failed to actually roll out support for new features that customers desired. I believe it was the era of IE6 specifically that led to the proliferation of top-right-corner.jpg which was an absolute abomination.
Oh, don't get me wrong - it was a Trojan Horse, and my first ever web browsing experience was on Navigator, so it was a hard-hearted appreciation at the time.
Same for me - I started browsing the web on Mosaic and quickly switched to Netscape. I hung on during the Netscape 4.x days but at some point couldn't deny how much better IE was (I think maybe even IE 4 was already as good or better than Netscape).
I switched to IE until the Mozilla suit released and later on switched to Firefox 0.something - it was amazing how fast it was compared to both IE6 and Mozilla.
IE6 almost made me quit web development once it grew stagnant. It was put on the back burner at some point and they rested on their laurels until Firefox started eating IE’s market share.
IE 4 specifically was the big milestone. MS had a lot of catch up to do (they mostly ignored Internet before that).
I've written web apps in IE4 (around 2000), it was capable of dynamically generating and manipulating the dom. While Netscape 4 could barely change a color of an element without crashing.
It was IE 5.5 that was particularly a champ compared to the terrible Netscape Communicator / Netscape 4 product. I continued to regularly use Netscape 4 through those years, as I didn't like IE, and it was a real dog in most every respect. Netscape took their eye off the ball in an attempt to further build their business away from the browser (Communicator of course was their suite attempt), and failed at both things in the process.
Thanks for confirming - I wasn't sure if I was mixing up the version number with Photoshop, which 5.5 was (if memory serves) the one that fixed terribly-kerned typesetting in v5, and added some new web-export wizziness.
I never got the feeling that IE was a good browser. It came by default with windows and that made it specially popular, but never good. Alternatives always looked like a better option.
As someone who used Netscape, IE and Opera back then, Netscape was unfortunately very buggy (and not just in terms of stability). It's offline cache didn't always work (i..e you could resize the window, and it would re-download things instead of using the local cache, which was very painful on 28.8 dialup!) I remember being able to browse some sites very quickly while dialed up in IE, and then later offline be able to view them more leisurely all fine in offline mode. Netscape couldn't consistently do that.
IE 5, 5.5 and 6.0 (this last one at least initially, but clearly it stayed around too long without development) were noticeably faster and more user-friendly in my experience.
Then you weren't around in the IE5-6 era. It was definitely a better browser. But then they decided IE6 could never be improved and sat on it for years.
Nope, still using two of their products today, and waiting for the moment (as, I think, promised soon?) wherein I could donate/pay directly to/for firefox.
I don't broadly support Mozilla's aims (I also don't not - I'm an owner of a 1st-gen Firefox phone, for example), but we're just talking browsers here.
I think you proved his point. ;) He's talking about the Mozilla browser, the precursor to Firefox. (Well actually, Firefox was named Phoenix before it became Firefox.)
My first browser was telnet (1992ish) From 1993 onwards it was all a bit weird in internets land.
For me the golden time for wwwbly_internets was around 2000-5 or so. /. was still (just) worth reading, FB was still a bulge in MZ's trousers. Google was cool, Amazon was clever, Apple was cool. The www was still interesting - US frontier like.
I am of course joking. Today's www is not the same as that in say 2000. Google is not cool, Apple is not cool, Facebook is unpleasant, Amazon is not cool and quite odd.
I often think that EBay are outdated in almost every regard. Their UI is confusing, spaghetti code, an obvious mixture of old pages and new pages and until recently, still seemed to use some bootstrap dll for requests.
I guess your damned if you update and damned if you don't.
I work in small business IT, and I literally have to use IE11 on a weekly basis to interface with some shoddy something.
And it's not necessarily just old stuff, either- there are brand new NVRs and cameras going in today that require IE and some godforsaken ActiveX control to work. IE is going to be around for a long time.
I know for a fact that our company's product for Outlook (an addin.js extension) has suddenly started working for customers in Outlook when they upgrade, and we're not IE11 compatible.
I agree with this one; it will always be etched on our hearts. The good thing is that even though IE 11 will retire, Microsoft Edge is here to stay. It's even better than other browsers, for sure. I tried using it, and I love the browsing experience.
If they took the Edge rendering engine (which is really like Chromium or some close approximation of it now) and put it in the IE UI instead of the opposite, I think that would get a lot of praise from me and probably many others including all the Google-drunk web developers. Those who like IE and prefer it to other browsers are doing so despite its horrible rendering engine.
By moving to Microsoft Edge, you get everything described above plus you’ll be able to extend the life of your legacy websites and apps well beyond the Internet Explorer 11 desktop application retirement date using IE mode. Internet Explorer mode in Microsoft Edge will be supported through at least 2029.
While IE11 as an independent program is going away, the rendering engine is still around for 8+y.
Here's hoping that this deprecation removes the expectation that things support IE11, however!
This is what I love about Microsoft. While Google is eager to go ahead and cancel Google Cloud Print and say "find an alternative before next month", Microsoft would be the company to announce it'll be cancelled in 2023, extended support lasts until 2029, and you can buy Extended Warranty 365+ for Business that lasts until 2067.
I think that's what happens when your root is in enterprise software or at least some of your heritage is in enterprise. I have no great love for MSFT but I agree with you about their willingness to support things well past their expected expiration. IIRC they even went so far as to detect programs that used some "bugs" in earlier versions of Windows and emulated those same buggy behaviors just for those programs.
Too lazy to look but I believe someone in a vm went from windows 1.0 to windows 7 (with all upgrades in between) and some of their personalization options from 1.0 (or maybe 3.11) were still present in 7. Insane!
Hah, I can see how my wording could be interpreted that way. The timelapses I saw had music or the stereotypical content creator greeting - couldn't post that here in good conscience.
You're definitely right that Microsoft is better about this, but it wasn't "find an alternative before next month". Cloud Print's shutdown was announced with a bit over a year of notice, in November 2019: https://web.archive.org/web/20191121200236/https://support.g...
While I wouldn't want to do it, if you've been working on that codebase for years and you're no longer young and fired up about always going for the latest things, it could be a good way to sunset your career. A guaranteed position using technology you understand rather than being thrown out into the job market, struggling to get up to date on the latest programming fads so you can compete with people half your age, would be nice for many.
That's fair! I guess I just assume the codebase is terrible (not just because of age, but also judging by the end-product) and will remain terrible; why would you do a refactor, or optimize something, or add new features when it's become a niche project that nobody likes and is on its way out? It's probably just patching over critical bugs from here forward
It's not just about doing something new; a bad codebase that I don't have the opportunity to genuinely improve is probably the most miserable type of project I can possibly think of
If the task is just "keep this working", I could see plenty of people being alright with not making major changes to a codebase. It pays the bills, and that's all a good number of people care about.
And that is all they should care about if the product is EOL.
Good software engineering is all about building something that meets current business needs while being flexible enough to adapt to future needs. When you lose this flexibility, you need to refactor or changes become too difficult to implement.
IE11 isn’t getting any new features. It’s in maintenance mode. Cleaning up the code in major ways at this point would be a waste of time.
I could really only see that if your job title is "IE11 maintainer" and for the next 10 years you clock in, drink coffee and chat while waiting for a CVE to come in to fix. But you'd still rather not touch anything because there's really only risk and no reward to it.
Realistically it'll just be part of a far larger security team that fixes bugs in a large number of software preferably prioritising bugs based on severity where there's always going to be something better to do than mess with old codebases.
Honestly using modern web technology (Babel, PostCSS, etc.) makes it pretty easy to maintain IE11 support without TOO much effort and there aren't that many features you absolutely can't use (CSS grid is probably the most painful missing feature).
That being said, our company is deprecating IE11 support in October and I already have the PRs ready to rip out some of the code that bloats our JS/CSS with polyfills.
I doubt anyone will be actively maintaining it once it gets implemented as a rendering engine in Edge. It will probably be implemented including the existing bugs as issues and remain unchanged until it's late retirement date. Kind of what happened with flash player.
Managing a legacy codebase can be a lot of fun if one thinks of oneself as a digital analog to Indiana Jones or Sherlock Holmes. It does take more work to keep up one's reputation though.
I’m pretty sure almost no one is. There are tons of IE11 layout bugs (not missing features, straight-up bugs) that have not gotten fixed in 8 years. I get the vibe that MS may have totally cut off development and all but the most critical security maintenance in order to speed the plow of Edge adoption.
Yeah, I'm happy if they change nothing about IE11 till the end of time at this point. Software that currently requires IE11 isn't going to change either.
Yes it will. Microsoft is gradually pulling out all support for it, with this year being the big start of that.
Very soon, it'll become more work for admins to maintain IE11 installations than it will be for them to migrate to Edge with IE11 compatibility mode. Admins tend to choose the path of least work.
You're only going to need to support IE11 indefinitely if your enterprise app requires IE11. Otherwise, your company is probably going to be able to pull the plug at some point in the next 2 years, depending on your specific customer base.
In an AD environment, you can push out a centralized list that is easy to update. We've found that IE Mode unfortunately works very well. I wish it didn't work so well because it allows us to keep these IE sites around indefinitely.
While it keeps existing IE11 compatible sites around indefinitely, it stops everyone else from having to support IE11 because that's the default and only browser IT allows on the machine.
We have a critical 3rd party business app that absolutely requires IE11 (actually it requires IE11 to be in compatibility mode for IE5 or something). We currently use Internet Explorer only for this app and I think we will welcome the change to IE11 mode in Edge.
Luckily it only to last another year or so before we replace this product. Some people don't understand the cost and effort required to replace some of these older but hugely important legacy products.
> Here's hoping that this deprecation removes the expectation that things support IE11, however!
Always sounds good in theory but when trying to maximise reach, it can be hard to instantly tell a whole bunch of the web, who might be running old PCs, that they can't use your site any more.
Also, when you have large corporate customers, you often do not have enough muscle to tell them that unless they upgrade their client browsers, they can no longer use your service.
That decision might sound simple but there can be loads of regulatory or accreditation hurdles to overcome to use a new browser and it can affect 1000s of corporate employees.
Do you know if there's a way to see that XML list they mention anywhere publically? I can't find a link to it on that page.
I guess it should be possible to spin up IE11 in a VM on macOS and inspect the network, but would be nice to take a look and see which sites are on there.
To be fair, this has been on the cards for the last couple of years - should be no surprise to anyone.
Also, if there's a genuine need to keep IE around for longer, then you have some options, e.g. deploy Win 10 LTSC for specific legacy use-cases, or publish IE11 via Citrix.
For that type of project, it might be worth it to write a detailed spec for how the back-end talks to the front-end so in the future it's possible to write a more modern client.
I'm not sure you appreciate how much work it is to both "write a detailed spec" and then also to "write a more modern client".
All of that on top of a system which has likely changed in the intermediate years. Basically, you might as well milk the existing system for as long as possible and then replace it with a completely new system that probably runs on newer hardware (1990s instead of 1980s), is much more maintainable and does things in a more modern way.
The other day I was inspecting some software for an industrial pump to advise how to customise/debug it and sure enough the source code is in some proprietary language which compiles into a Java applet.
Not sure when was that app written, but the control unit was assembled just months ago.
That sounds just unbelievable to me, and I've worked at government agency doing Lotus Note programming on Windows XP past EoL. What was the decision process like, to decide to create a new Java applet in 2021??
Edit: I've seen a later comment mentioning it was started a while ago. But still... this is a dead platform. To me this is on the level of launching a new app targeting Windows XP. It's just a disaster
About 5 years ago I briefly contracted for a large multinational, who shall remain nameless, who were still running a version of some Lotus thing (I forget whether it was Notes or Smartsuite) that was well over a decade out of support, and possibly two decades old, running on a long since obsolete niche operating system, on hardware that probably dated from the 90s.
None of it could be upgraded.
Which would have been fine except that it had dependencies, and those dependencies had dependencies, and... you get the idea. I got the distinct impression that were it to fail or be unplugged every system in the business might slowly and inexorably fail over a period of days or weeks, eventually grinding all trading activity to a halt.
They were trying to figure out what to do about it and, fortunately, the guy in charge of replacing it really seemed to enjoy that kind of problem but, for all I know, they're still running it.
I think many companies have a short and medium-term view but not a longer-term one.
People should know that hardware will become obsolete or fail, that software will become unsupported, the supplier might go bust etc.
You need to be able to run generations of IT in parallel so that you always have newer hardware/software getting used/proved alongside the old nonsense and if you will need to replace an aging system, you better have seen it coming enough years earlier to give you time to find a replacement.
Also, large corporates have a habit of over-customising what they want so a new system has to be completely bespoke = slow and expensive to replace.
Depends on the constraints. Qt was around and mature for many years in 2006. Ruby on Rails had it's first release mid 2004. Django mid-2005.
Again it depends on the constrains, what you can "the best choice in 2006" is limping now. Meanwhile an app built in 2006 on Qt/RoR/Django would be on a platform that is currently still being considered for green field devt.
Without knowing all constraints I'd be willing to say that IE+applets was not the best choice in 2006, neither was: GWT, WebSphere or any of the MS GUI toolkits around in that year.
I'm still on the fence wrt Vaadin. It was not around in 2006, but soon after. Never used it, but it seems to still be actively maintained to this day.
The oil and gas sector are not going to be using 2-year old software to develop safety critical systems. Can you honestly imagine using Ruby on Rails for monitoring an oil rig?
The timescale for a supplier to be in-business in order to prove their safety-critical credentials, the time it takes experienced developers to learn a language or framework and prove that it works, the time it takes to find, specify, build and deliver a project in these circles means you would be hard pushed to find anything that is less than 10 years old being used outside of startups.
It's still very common in a lot of niche industries. Though apparently it's also still supported, since they just embed the entire Trident engine in Edge. So really this is just yet another way for Microsoft to try to force Edge on users?
We relaunched a 12 year old SaaS app last month and dropped IE support. It was the most wonderful feeling to remove support for that dumpster fire out of the repos.
I work on a SaaS app in the healthcare space where IE11 is the preferred browser, and was getting worried watching all of our favorite tools begin to completely drop IE11 support (Tailwinds, Bootstrap) - effectively punishing us for the sins our customers IT orgs.
This brings me hope. But only a little. I’m sure they’ll find a way to keep running it.
>in the healthcare space where IE11 is the preferred browser
Do you know why that is?
I noticed that there are prominent links to a Korean and Japanese version, presumably because Internet Explorer is still used to a large extend in those two countries. Korea had some crypto stuff that only worked in IE, but that was years ago. Why haven't those markets moved on more modern browsers?
I worked at a hospital about 10 years ago, and at that time only IE was available on our PC. PC workstation was locked down for security reason and users were not allowed to install 3rd party software without approval (including chrome, etc). Also Chrome's browser extensions were security concerns (esp for medical records, HIPPA regulations, etc)
It was also a time when IE was used in enterprise for mostly legacy web app that was written long ago. We were also using command line apps (TUI-based) at that time, mostly for nurse and doctors, but we were migrating to the fancy web apps.
As for Korea, IE was mostly for ActiveX, but now most Korean website supports modern browsers ie Chrome.
> users were not allowed to install 3rd party software without approval (including chrome, etc)
This should be, and always should be, the case. Chrome is such a bad actor in allowing userspace install, we mark it as malware to prohibit unauthorized installation. Chrome Enterprise policies don't seem to be able to disable this, marking it as malware is the only way out...
That said, we offer two modern browsers to everyone in our environment, Edge and Firefox.
Same as anywhere else, I suppose: because changing it costs time/money and has no obvious value. In regulated areas like health care there can also be a recertification or audit support cost if you change something.
Only hope is more and more services actually having the balls to drop IE11, e.g. Office 365.
Imagine Google would not support IE11, I'm sure the pressure to upgrade these browser would be much higher (not sure about the health care space though)
This announcement is a much better hope: IE11 being replaced by edge, which will also have a modern rendering engine, which will be only one anyone needs to support.
To the extent (if any, though I'd be surprised if there were none) IE11 doesn’t support standards required effectively, if indirectly, via the HITECH guidance on secured PHI, IE11 use could have some some adverse consequences under HIPAA (and, as a SaaS operator with a BAA that would include the vendor, not just the customer), but not in and of itself noncompliance for use or support. Mostly just making it more likely that situations would become reportable breaches.
That's a real end of an era. Internet Explorer's legacy engine is going to be relegated to old grayhair horror stories. Not unhappy it's going away, but it feels like a big chapter is closing.
The real shame of IE's passing is that we'll forget the lessons we learned and therefore repeat that particular disaster. It's already happening. I'd be happy to relegate the nightmare of IE to old war stories... except the same thing is happening today! Different method, nearly the same end result.
We nearly lost the damn open web to the horror of IE6 and the peak "embrace, extend, extinguish" version of Microsoft.
Now, of course, we're happily creating another browser monoculture and handing the web over to Google. This time, we're doing it with a smile instead of a grimace.
Unlike IE6's reign of incompetent terror, Chrome is actually a competent browser. Techies are embracing the takeover instead of fighting it. It's guaranteed to succeed.
> Unlike IE6's reign of incompetent terror, Chrome is actually a competent browser. Techies are embracing the takeover instead of fighting it. It's guaranteed to succeed.
IE6 was also a good browser. It didn't stay a good browser over the 5-10-15 year lifespan it had (depending on who you ask) but at the time of release it was easily the best.
Arguably the best user experience in some ways- relative to other browsers at the time it "felt fast". Partly because it used native widgets instead of XUL like Mozilla, and also probably because various parts of it probably were loaded when Windows booted up.
But it was pretty bad in other ways: security, stability, etc.
There are obvious benefits to Chromium being open-source, but you're kidding yourself if you think that gives you an ounce of control over the direction of web standards and the web as a whole.
Sure, you can look at (most of) Chrome's source code, and fork it all day long if you want. But it will amount to little when it comes to actual control of the web. You simply won't have the marketshare to steer the direction of the web standards themselves.
The end result will be the same as we suffered with IE's dominance: de facto control of the web by a single entity.
The more I see distasteful things happening around Chromium, the more exclusively I use Firefox these days. And frankly I have had vanishingly few problems using FF alone.
> Internet Explorer 11 desktop application will be retired ... on ...
Woo. And, indeed, hoo.
> for certain versions of Windows 10
Ah. And there begineth the weasle words. I'm guessing there will be significant organisations in finance/wealth management (our general area) and other industries that will still demand IE11 support for some time after that date.
I think first a combination of our move towards "more smaller clients, not being beholden to a few large ones", the reducing budgets if those big clients, and the fact the others are more up-to-date, will mean we'll be able to say "Support IE11 or will go elsewhere? OK then, see you around." long before IE11 really exits the industry. Whether the company will have the balls to go through with that, is something I'll find out in future, but I'm allowing myself a little hope.
Reality is much simpler - as mentioned directly below that section "Note: This retirement does not affect in-market Windows 10 LTSC or Server Internet Explorer 11 desktop applications." and those version already have precommitted support lifecycles that extend well past this date. Nobody needs to ask/push for an extension, that's what those versions exist for and support is already committed to nearly 2030.
I work somewhere that focuses on software for the public sector, so we sell to a lot of state, city, and federal customers. We're currently taking the stance that we're going to end IE11 support in October, but I'm betting that a handful of our customers will be very very upset about it and we'll reverse course and support it indefinitely.
> significant organisations in finance/wealth management (our general area)
I can have some sympathy to support IE for some cash-strapped local government department struggling to keep their old systems running with duck tape and prayers. "Finance/wealth management" is exactly where that sympathy stops.
It sorta did through Windows/Microsoft update. They just didn't focus on releasing major editions often or at all for Windows, but it got security patches and minor point releases all the time.
Actually, IIRC the very first versions of Windows Update were an ActiveX control. You had to use IE to run it, so from a certain point of view, that was IE updating itself.
Interesting. Do you know of anywhere that has screenshots of that native application, for curiosity's sake? When I first used Windows Update in Windows 9x, it was already a (very slow) ActiveX applet.
I was curious, because that's very much not my memory of how things were.
After fighting with QEMU and getting Windows 98 4.10.1998 up and running, the wupdmgr.exe stub that it ships with just detects if the machine is connected to the Internet, if it is, it opens MSIE and sends you to a page that doesn't exist anymore.
If you're not connected, it loads a local webpage in MSIE telling you about how great Windows Update is. Funnily enough, that page also includes instructions to get rid of the Windows Update launcher should you not want to see it anymore.
It's kinda weird to see Edge having its own auto-update system on Windows. (Which of course has a system-wide auto-update system called Windows Update.)
Auto-update was never important or even desired on GNU/Linux distros world. A simple apt-get update/upgrade always felt much better than having each app implementing their own failure prone update mechanism. It is a good thing that the competition chose to mimic this feature. It is way more convenient.
The one thing I regret about this is that IE11 was stable. By 'stable' I don't mean 'not crashing', but rather stable as in 'fixed feature set'.
These days, sites and apps that support FireFox/Chrome tend to test only on latest versions. Which come out frequently and can and do break things. Supporting IE11 means it works in IE11. Supporting FF/Chrome means it mostly works in the latest tested version.
If devs were more aware of Firefox ESR version and tested against it, we could have more stability again.
I hope someone finds a way to use its interface with a better rendering engine, which I think is the best part of IE - no infantile HUGE buttons, patronising error messages, or other dumbed-down things, just a serious UI with good ideas like per-zone trust security settings and user stylesheets built-in. It also doesn't have gobs of phone-home "telemetry".
(Firefox is a close second but is clearly starting to become user-hostile too... and now you may realise much of why they want to kill IE and dumb down Firefox: herding users is easier when they're turned into obedient and docile consumers, instead of masters over how they decide to consume your content.)
I am genuinely curious, what do you think is the end game of this apparent conspiracy by browser creators to reduce the intelligence of users through simplified user interfaces? They will convince them to buy more things... somehow? And that benefits the browser creators... somehow?
It is undeniably happening. One benefit is you ship the same UI for all screens.
For several billion people, the power user features mostly serve to shoot themselves in the foot, and then they blame the browser manufacturer. On their phone the software either works, or it does not without explanation, in which case you need an expert, and for most people this is perceived as an improvement. Desktop software development is pushed in the same direction. Fewer people complain, and its a lot simpler than doing fine grained settings and informative error messages.
It's not "browser creators"; it's one huge company which is literally the gateway to the Internet for the majority of the population, effectively controls the web standards now, knows far more than the population thinks it knows about them, and profits off an industry whose primary goal is to convince users to buy and consume increasingly more through misinformation and misdirection.
I'm currently enjoying nostalgia as I'm currently using IE for a full on ActiveX app which has no use the loose obtuse constructs of the HTML.
Much live a headcrab, the ActiveX takes over the the full device context and reaches deep into the OS. I CAN pulp my own WM messages thank you very much Mr browser ... Brakes my alt tab from time to time, can't grab focus from a miss Z'd dialog. Yes... Nostalgia
Nostalgia
Nostalgia
Looks like the customer would have to download the Edge driver from Microsoft, picking the right version (and supposedly update the drivers as Edge auto-updates).
That's a complete non-starter, compared to automating IE that just requires our .exe to create an IE object via CoCreateInstance(CLSID_InternetExplorerMedium ...), and no additional installation by the customer organization.
For better or worse (better, I'd argue), I don't think browsers want you to drive the browser for the customer. My takeaway from most modern browser security developments is that if you can't do it with the standard APIs, you aren't supposed to be doing it.
People talking about certain spaces (eg healthcare) where Citrix on windows server is the norm are going to support ie11 for the lifespan of windows 2019. So don't pop the cork just yet..
There was a time when I was really good in fixing bugs in IE6. This made me go to school because I realized no matter what happens, IE will eventually die and my skills will be useless. So, final goodbye, although I haven't thought about you much in the last years.
I am just waiting to hear back from a customer on a support ticket request where functionality in my app is not working as expected.
They sent me a screenshot of what should be a form in a modal but the modal has failed to load so it has loaded just the form in a new page looking pretty unstyled. The JS for the modal uses fetch() so possibly why it broke.
I'm 95% sure that the browser in the screenshot is IE10. I pointed them to this announcement if only to make them aware of the security risks in running IE10 but it beggars belief that anyone would choose to run IE10, individual or enterprise.
Not accusing you of this, but the primary reason people run outdated software is a really problematic insistence, mostly by front-end people, on using the new-and-shiny instead of the tried-and-true. Breaking changes galore - so people stick with the past as much as possible.
Example: Office 365 OWA doesn't work well on modern browsers other than the latest version of Edge on Windows. But it does work fine on browsers that are older or pretend to be older! I'm technical enough to spoof my user agent, but Mom & Pop are just going to say "I don't like the new one, it broke stuff" and that will be that.
Pretty sure the primary reason people stayed stuck in IE for so long was that Microsoft shipped it by default until very, very recently (even in home editions of windows).
You can add on top of that the rebranding they went through. If they had just done what they did now, and shipped the old rendering engine inside the new one as some kind “legacy mode” that sites could request then everyone else could have moved forward years ago and not had to deal with a stagnant browser.
For me, and maybe this is just my organization, but the new O365 OWA interface is extremely slow. Latency is so bad that typing results in only 1 in every 4-5 keystrokes not failing to register.
If I pretend my user agent is from circa 2012-2013 (e.g., Internet Explorer 10), it will default to an older interface that has marginally fewer features and is much, much more performant.
Do we expect legacy TLS versions to remain supported under Edge’s compatibility mode? I note MS deferred the end-of-support in IE11 for TLS 1.0/1.1 last year and haven’t announced a new end date.
Hate it or hate it, Internet Explorer paved the way for a lot of developers to provide web content and applications as it was the de-facto browser used by a lot of end consumers.
It also paved the way for technology to focus on security, standards and most of all, a better and standardized approach for browser technology.
One of my former employer will be devastated (a fortune 10). There was absolutely no other way for employees to use the company's websites without IE. (payroll, hr, internal services, etc)
Even mac users had to use IE. I never figured out how they were running IE on the mac, but there it was running in all its glory.
Fortunately (or unfortunately depending on your perspective), they will be fine... Enterprises are able to configure Edge to load certain websites using the legacy IE rendering engine (until 2029). Shouldn't break anything at this point, while allowing the rest of the internet to abandon IE.
IE is used in some unexpected places, one of the weirder ones for example a ingame display frame for the ingame wiki of older Total War series games. They'll need to update the game and replace it in some way else ingame help will be unavailable when they remove it via an update.
It's probably just WebView but from the UI and elements it was obvious that it's IE-based.
What's also interesting is that for the manual's videos Flash was required which now obviously doesn't work as it was removed via cumulative updates on W10
According to https://gs.statcounter.com/ FF is more popular than Edge. Many years ago I used to complain to webdesigners how they simply ignored FF.
It is a victory and not an empty one. Firefox is the most independent among last remaining browsers. It is a good browser and an important alternative now that most other major browsers all use the same engine.
Stunning to me that so few people use Firefox. It works nearly flawlessly for everything I do, no worse than any other browser including Chromium. And it's clear they actually care a little about privacy and democratic standardization.
As someone actually working in operations, and keeping our current suite of software/apps/etc compatable with these upgrades, I say - Microsoft, your documentation is very poor and lacking, and I have to invent fixes to your lack of effort... probably by design.
It is annoying when we can quickly proof up software, and specialized utilities when consulting with business. It is wayyyy to much work to port from IE to Edge though.. yeesh, waste of my productive time.
Sad trombone. You could have avoided all that if you had written the software to the standards and not to IE. Then you didn’t use the many years you got to transition.
It’s way too much work to port your app? Well guess it isn’t that important after all. Because whether you want it or not, IE is a dead end and it’s going away.
Yup, that is the case - Gov. is slow to react with such poor funding. We tend to wait until our hand is forced, and support tons of legacy apps - if this was my own PC/network I would have been way ahead of this train wreck.
We've replaced one monopoly browser (IE) with another monopoly browser (Chrome), except this time it's worse because Microsoft's business model is selling software and Google's business model is tracking and selling user information for advertisements. Because of this, I don't have a rosy outlook for the future of the web.
Can we just retire the entire Windows operating system already?
I recently started working on a new project that's running on Windows Server 2019 and the experience so far has been absolutely terrible. One Windows related headache after another.
But fear not! Outlook still uses the HTML parsing engine from MS Word (!) to display your HTML emails, and it's not going anywhere.