Renaud (Ron) OLGIATI <ren...@olgiati-in-paraguay.org> wrote: > If the developpers are worried about users wandering into unsafe sites, I > would understand a warning, but why the complete blockage ? > > And is there a way around it ?
While not directly addressing your problem, it's a symptom of the "nothing old exists, all (would be) legacy stuff gets replaced by 3 years old, we don't care" approach from several quarters. Browsers that won't connect to sites running old and deprecated encryption methods (which I suspect is your problem), Java that refuses to run "old insecure" code that comprises the GUI for network switches, and so on. As you say, issuing warnings, even going through several levels of "this is dangerous, are you REALLY sure" would be better than the outright "no way" approach that's creeping in. It would be an interesting exchange to have with vendor support, I suspect it would go along the lines of : I can't connect to X Ah, you need to upgrade X because it's using old insecure encryption So, can you provide me with such an upgrade for X ? No, you'll have to ask the vendor $Vendor ended support several years ago, that's not going to happen In that case, you need to throw away your perfectly functional gigabit switch and buy a new one that will do nothing more than the old one except have more up to date firmware ! Well perhaps not those words ! With my professional hat on, at work we have had quite a few clients keeping old and unsupported stuff around just to service such issues. With one client, they kept an old Win2008 server running **JUST** to interface (dealing with the logged in domain user <--> non-domain aware PBX mapping) between the PBX and some desktop CTI stuff, plus an old laptop running the right (old) versions of stuff like Java to be able to manage the PBX. Keeping VMs of older OSs/installations is one way of being able to update your main desktop/laptop while still being able to administer your "legacy" equipment (I still have a Win95 VM, not that it gets fired up very often !) But I really agree with you that it's darned annoying when developers make decisions which are effectively "we aren't going to allow you to do this even if you *must* do it and you *do* know what you are doing". Even when you are connecting to your own kit, on your own network, and there's more chance of watching a porcine aviation display than seeing a firmware update for your 5 year old router/switch/whatever. That latter bit is going to be (already is ?) yet another issue people will find as they take on IoT stuff - finding that it becomes an expensive paperweight when the vendor stops supporting it or the backend it's been engineered to require. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng