Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


  • Content count

  • Donations

  • Joined

  • Last visited

  • Days Won


mixit last won the day on September 17

mixit had the most liked content!

Community Reputation

44 Excellent

About mixit

Profile Information

  • OS
    XP Pro x86
  • Country
  1. I thought you were using -a sha1 to begin with? In any case, I'm glad it worked out in the end. BTW, it turns out that if you want to use -a sha256|sha384|sha512 on XP, you can do so by adding -sp "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" -sy 24 (24 is PROV_RSA_AES type), and of course you can use -len 2048|4096 for longer keys. The CSP makecert defaults to doesn't have SHA-2, hence the NTE_BAD_ALGID (0x80090008) errors. http://www.msfn.org/board/topic/176299-latest-version-of-software-running-on-xp/ has a bunch, even if the list is spread all over the topic. (In fact, had occurred to me to look there first, I wouldn't have had to hunt down procmon on my own.)
  2. List of Web Browsers Working with XP 2017

    @sdfox7 The Do not disturb me checkbox is for the current session. To permanently disable PUSH NOTIFICATIONS, dom.webnotifications.serviceworker.enabled = false. To permanently disable ALL NOTIFICATIONS, dom.webnotifications.enabled = false. More detail: https://support.mozilla.org/en-US/questions/1141113#answer-922152
  3. Windows Embedded POSReady 2009 is an XP flavor with a few added features that is still getting official updates from Microsoft until early 2019. These updates can very easily be used on regular XP, so far with no real compatibility issues (that I can recall, anyway). This very forum here happens to have some mighty good ongoing coverage on this subject. The Microsoft Windows SDK for Windows 7 and .NET Framework 4 that you linked to above contains the 6.1.7600.16385 I have (GRMSDK_EN_DVD.iso, \Setup\WinSDKTools\WinSDKTools_x86.msi). I didn't notice before that you're (apparently) using a version from Microsoft Visual Studio 8 SDK v2.0. Using the newer version might make a difference. The current v3.40 from MS no longer works with XP, but you still can get v3.20 from archive.org. Set your filter to Include when Process Name "is" makecert.exe, run makecert, and go from there - the interface is pretty self-explanatory, assuming you have some idea about registry and file API calls. (It usually makes sense to turn capturing off as soon as you've run whatever you're interested in, leaving it on while you browse the log will just put needless load on the system.) I don't know off the top of my head what those errors could be about and I'm sure you can google just as well as I could. Good luck!
  4. Welcome to the forum! FWIW, your exact command works fine on my XP SP3 with POSReady updates. I don't actually have the SDK properly installed, only the tools manually extracted from the installer into a C:\Program Files subfolder. My makecert.exe version is 6.1.7600.16385. I'm logged in as a member of the local Administrators group, so I just ran this in my regular command prompt. I got prompted to create a private key password (at which point root.pvk had been created but was empty; the file got filled in after completing the dialog), then to enter said password (after which root.cer was created). When I disabled my Write permission for the folder, I got two error messages: "Error: Unable to create file for the subject ('root.pvk')" plus the one you saw. Might want to try tracing the execution with Sysinternals Process Monitor (procmon) to narrow down which registry keys and/or files makecert seems to have a problem with. Judging from my output when I ran the command without the " -ss Root -sr localMachine" part (since with the error you're seeing you'd never get to updating the cert store). the only file writes (except for the .pvk and .cer, and directory updates) seemed to be two files that were created and later deleted under ?:\Documents and Settings\username\Application Data\Microsoft\Crypto\RSA\S-*, and you say you've already checked the permissions there. There also seemed to be no registry writes in this case.
  5. seems to be needing a few post-XP API functions (12 from kernel32.dll, 2 from dbghelp.dll) so what's probably happening is that when Chrome "detects" and lists it, it's just checking that all the plugin files are there and reading the manifest data, but when it's time to actually use the plugin, it won't load on XP. seems fine in this regard. (I don't use Chrome myself, this is just based on static analysis.)
  6. Simply spoofing the user agent won't work in this case, because (at least right now) it doesn't look like they're blocking IE8 based on its UA, they really seem to be doing it by the encryption method, so the POSReady AES update is still needed. When I tested with IE8 earlier, I was getting the warning page every few page loads when i disabled AES128-SHA and left only 3DES, whereas I couldn't get it to appear at all when I disabled 3DES and re-enabled AES128-SHA. I also tried it with a spoofed IE9 UA just now and it made no difference, the warning page still appeared periodically without AES128-SHA. (I did see @dencorso suggesting UA spoofing earlier, but the way that whole thing got sidetracked into a .reg file line endings discussion, its point had disappeared from my mind by the time I got to running my initial tests.)
  7. Windows XP - Deepest Impressions

    One of the reasons I personally tend to at these types of posts of yours is that IIRC you've mentioned a number of times how you used to really hate some newer Windows versions, and how now you've learned to like them and "moved on" from XP, with a strong implication that everyone should do the same. Somehow, the way you present it comes across as a religious argument, about how you used to believe in a wrong god but now you've found the right one and everyone should do the same. For starters, logically a big part of "moving on" would be that you don't keep coming back to lecture those who are now in the "wrong" from your point of view. I assume the reason most people say harsh words about Windows 10 is because they've tried it and strongly dislike certain aspects of it and MS behavior surrounding it. It's a fresh experience for them, often an ongoing one, they haven't "moved on" from it years ago. That's completely different from your self-described situation with XP. Then, I think virtually none of the regulars here are still on vanilla XP, they have all gone down the POSReady 2009 route. So talking about it as if people who are (for all intents and purposes) using a product still supported by MS - with updates coming out every month just as for any other supported Windows version - are irresponsible and a major threat to the Internet or whatnot is simply twisting the reality. A lot of the people here are more than capable of determining whether or not their choice of OS is a risk to them and the world at large or not - and they're unlikely to appreciate implications to the contrary. Wait until after the POSReady EOL. maybe? And finally, why does there have to be something irrational about someone still using XP, can't it be a perfectly rational decision? If it still does everything we need (and doesn't do what we don't want), why shouldn't we keep using it? As I think I've already said in a similar discussion in the past, we live in the age of virtualization and can and do use other OS-s in parallel to XP whenever such a need arises. i know that should XP outlive its usefulness for me and become a hindrance or an unacceptable security risk, I will stop using it as my main OS, no question about it. But I'm not going to do so because of marketing speak, scare tactics, artificial crippling of software, or anyone's proselytizing, and I think many people here feel the same.
  8. @Tacit I'm not sure what's going on in your case, but there are unfortunate cases of Primetime failing to work no matter what. I don't think I've ever seen them fully spelled out by Mozilla, but I've seen mentions of AMD chips and non-SSE2 Intel chips causing problems. In any case, these problems were widespread enough to hold Mozilla back from ever officially supporting Primetime on XP. Then again, these problems would supposedly be more likely to manifest as plugin crashes than simply not playing media. So, in addition to what @dencorso already suggested (to hopefully free him from having to keep mentioning it, I've now added a case sensitivity note to the opening post ), you may want to try the whole thing out from scratch with a new clean Firefox profile, and if that changes nothing, why not a newer browser version, unless you have specific reasons for sticking with 47.0.2. You may also want to disable all your other plugins while you're testing. In a new clean profile they're all enabled by default , so make sure you turn them off before you try out any sites.
  9. TL;DR, if for some rather unfathomable reason you still really really really want to use IE8 to browse the web (NOT RECOMMENDED, as already stated by several people above), you won't necessarily be locked out from Wikipedia just yet if (like probably most people here) you have installed POSReady 2009 update KB3055973 or, preferably, its successive security fix KB3081320, These updates install TLS 1.0 cipher suites AES128-SHA (TLS_RSA_WITH_AES_128_CBC_SHA) and AES256-SHA (TLS_RSA_WITH_AES_256_CBC_SHA), the former of which is and will remain supported by Wikimedia sites for now. However, Wikimedia makes it pretty clear that this isn't going to last very long: See also the "The end is coming regardless" section at the end of that page. Apparently, AES128-SHA currently averages about 0.22% of their requests vs DES-CBC3-SHA-s 0.11%. As for its removal:
  10. @glnz The unified browser thread may be a better fit for these types of questions, it may even already have some answers . --------------------------- Regarding POSReady 2009, though, I wonder if there's any chance of it getting TLS 1.2 updates the same way Server 2008 SP2 suddenly did last month with KB4019276. Its extended support ends in January 2020 (I think), less than a year after POSReady 2009, so it might not be an unreasonable expectation in the current security climate. Could them working on this possibly be the reason IE updates were skipped last month? Probably wishful thinking but I guess we'll see soon enough.
  11. Much appreciated, I've added the new link to the OP. Is it OK to still keep your link as the primary? I kind of wanted to advertise your site I'm sure someone reading this can create more mirrors. Since your copy already existed, I didn't upload it anywhere else myself because I don't do this sort of thing often enough to have a good handle on which DL sites people prefer these days.
  12. I was alerted to the unfortunate fact that the Primetime plugin package is no longer downloadable from Adobe servers. This means that from now on the plugin can't be installed via Firefox GUI alone. Since Mozilla had warned about this removal, our friend @sdfox7has saved a copy of Primetime in his XP software archive, so people can still get the plugin from there and install it manually. I've updated the OP with instructions for manual install. The DL link is also there.
  13. List of Web Browsers Working with XP 2017

    Based on everything I've seen, this seems to be nothing more than PR talk designed to motivate people to get off FF on XP sooner rather than later so that Mozilla can show more suitable statistics to justify their decision to drop it at the end of ESR 52. I can't find any recent chatter or bug assignments indicative of them actually removing support in September, mid-52, so at this point I'd bet against it with 99.9% confidence unless someone has any contrary information. September is simply too close in the dev cycle for there to be total silence about it if something is actually supposed to be happening.
  14. That may just be an omission in the blog post (I copied the version list from there), both x86 and x64 Vista versions seem to be available at the Catalog site. Edit: Looks like Vista was still supported when this patch initially came out in March. Hard to keep track of all these EOL dates.
  15. Not sure what's going on there, I'm seeing no problems specifically with 52.1.1. If the plugin looks active on the Plugins page and you're only seeing this problem at some specific sites, it could just be a coincidence and the problem could be with whatever player they're using. There have been a few streaming sites that I haven't been able to get working without Flash, but that's not specific to this latest FF version. If your previous version before 52.1.1 was something older than 52.0, there could be a problem with the site's browser version checking logic that you could maybe overcome by spoofing an earlier version number. like 51.0.