Mathwiz

That is correct. The problem appears to be that if it's too recent, it seems to trigger that blasted "[0x80072F8F] Your computer's date and time appear to be out of sync with an update certificate." The original CA.crt ran from 2015-2025 and seems to work just fine. Yours runs from 2020-2030 and also seems to work fine. Dave's runs from 2021-2031 and does not seem to work. I also had one that ran from 2021-2031 that didn't work. I had to replace it with the original 2015-2025 one to fix it. I assume a new one was created when @Dave-H installed @Thomas S.'s version, which presumably runs from 2022-2032. It doesn't work either.

So, maybe 2020-2030 works too? If so that would be better than 2015-2025; it would give us another five years, assuming the remnants of WU/MU last that long....

Ironically that may be the solution: CRTs just don't "do" sub-pixel font rendering. I guess in theory they could, but you'd have to set up a custom screen resolution that exactly matched the details of the CRT's shadow mask, and only a Trinitron-style CRT could possibly work with ClearType. OTOH, a CRT may make things worse on an OS that "assumes" sub-pixel font rendering is always possible. FWIW, I don't think Win 7 is "evil," but if you can't stand to look at it, it's pretty useless to you. (I do have a few very old but working CRT monitors lying around; if anyone wants one PM me. Pay for shipping and they're yours.) As for myself, sub-pixel font rendering has always looked great as long as the colors involved were black and white; but when other colors get used, it starts to look pretty awful. Looks fine. Unfortunately we're all trying to render that image on our own monitors, so it may not look to us the same way it looks to you! I had no idea the vagaries of font rendering were causing so many of us so much grief. Too bad M$ isn't listening. Now, what were we talking about again? Oh, yes.... I never thought I'd say this, but thank M$ for IE!

I see D.Draker uploaded it for you. (Thanks!) It won't make any difference, though, unless you need it to validate another certificate that was signed by that one. I understand. I don't think there's any problem with ProxHTTPSProxy. I think there's a bug with Windows Update when it tries to validate a site certificate signed by your ProxHTTPSProxy certificate that runs from 2021 (last year) to 2031. It's throwing that date/time error code when it shouldn't be; your ProxHTTPSProxy certificate is fine but WU still chokes on it. As to actually finding that bug and fixing it, where's @mixit when you need him? For some reason, WU seems to like the original ProxHTTPSProxy certificate (the one that runs from 2015-2025) better. But, it won't work unless you put it in your trusted root store (with a command like the one D.Draker gave you for the M$ certificate) and also recreate your site certificates. I think ProxHTTPSProxy will re-create your site certificates automatically if it sees that CA.crt has changed, but just in case, you can rename your ...\Certs folder and create a new, empty one. That will force ProxHTTPSProxy to generate all new site certificates and sign them with the new CA.crt. The reason for renaming the folder vs. just clearing it is just for performance; if things go wrong, you could just delete everything in ...\Certs, but if instead you go back to your current configuration, ProxHTTPSProxy won't need to re-create all your site certificates yet again. If you have to put your current CA.crt back, it can just go back to using the old ones. A final note: CA.crt contains both a certificate and its private key. The private key is needed to sign the site certificates that ProxHTTPSProxy creates. From a pure security standpoint, it's unwise to share a file with a private key like CA.crt, because (in theory) any two folks using the same CA.crt could decrypt each other's communications, if they had access to each other's computers. But for what we're doing, it's probably fine. I doubt that any of us is inclined to spy on anyone else! That said, does anyone using ProxHTTPSProxy have a CA.crt expiring between 2025 and 2031? It'd be interesting to see if it works or not. I suspect there's a particular point in between (1/1/2028?) where things go wrong.

Clean Flash Installer version 34.0.0.211 is now available at https://gitlab.com/cleanflash/installer/-/releases/. Confirmed working on Windows XP. Don't forget you need JustOff's GitHub-wc-polyfill add-on installed to access GitLab from a UXP browser; also Serpent 52 must be in single-process mode. 360EE should work without issue.

I have Windows 7 too, which actually isn't too bad (someone once joked that Windows 7 was just Vista SP2; M$ just bumped the version so they could charge you for it again). And I do have a copy of ChrEdge on it, although I rarely use it anymore - I just use the same 360EE v13 as on XP.

Well, at least Micro$oft uses Javascript to remove the "browser not supported" banner, rather than just looking at the User Agent and "assuming" the browser isn't supported! Most sites just don't work at all if the Javascript errors out, and/or give "browser not supported" if the UA is unexpected, even if the page's Javascript does work! The https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-createwindowexa page renders correctly in 360EE v13, but shows "browser not supported" in Serpent 52 even with 360EE's user agent. That said, there's nothing on that page that requires any particularly advanced Javascript. Micro$oft just wants you to use their Edge - and of course a Windows version that supports it (not to mention a PC that will run that Windows version). How dare you try to browse a Micro$oft site with XP!

No. It is confusing though. MCP forked the UXP engine (used in NM 28, Serpent 52, IceDove/IceApe, and MailNews/BNavigator) from the last XP-compatible version of Firefox, 52 ESR. (I think version 52.6 specifically, but I wouldn't swear to it.) And they've made some improvements since, including, apparently, globalThis and modules support for Javascript. NM 27, along with ArcticFox and K-Meleon, were forked from a much earlier Firefox version and hasn't received as much attention in terms of improving the Javascript engine.

Looks like an add-on for the globalThis polyfill should be targeted to NM 27, since globalThis is apparently implemented in UXP (NM 28, etc.) already. Speaking of polyfills, I poked around in JustOff's github-wc-polyfill add-on a bit. It seems to implement custom elements, which has been a JavaScript standard for some time, but still not implemented in UXP. But his add-on limits the polyfill to GitHub/GitLab. Anyone know why? Since it's a standard, I'd think you'd want to add it to all Web pages, wouldn't you?

Thanks, @InterLinked! Now I finally understand what a "polyfill" is! Same reason there are multiple versions of 360EE: the older versions are lighter and thus run better on older hardware. Which reminds me: your ChromeFill extension would be great for 360EE v11, which is based on Chromium 69. Lots of folks don't want to run the RAM-hogging v13. So you might want to post in the 360EE threads too. BTW, the globalThis polyfill won't be as useful on NM 27 as on 28 because, of @roytam1's builds, only UXP browsers like NM 28 support Javascript modules. But it's probably still worth doing if possible.

I don't have that IC and everything seems OK; therefore, that one probably isn't needed. I don't think having it causes a problem, though, aside from wasting an insignificant amount of storage space. (FWIW, I do have an IC called "Microsoft Update Secure Server CA 2.1 which expires 21 June 2027. Do you have that one?) Note: you do need some expired certificates, for verifying things like signed files and the like. I recently made the mistake of deleting all expired certificates from my trusted root certificate store and WU failed spectacularly. Lesson learned! I reran @heinoganda's certificate updater and it fixed my mistake by reinstalling several expired root certificates, including one called "Microsoft Root Certificate Authority" with the same expiration date (9 May 2021) as your IC.

That's the same error code you were getting before you updated your config.ini. I think ProxHTTPSProxy isn't working with the original CA.crt. Try this: Rename the working (new) CA.crt and the ...\Certs folder so you can revert if things go sideways Create a new (empty) ...\Certs folder Run the cert. installer program from @i430VX's version of ProxHTTPSProxy (you don't need to install his version; just run that program). That will put @heinoganda's original CA.crt out there and make it a trusted root cert. Try again - if it still fails, you can reverse the above steps. You'll have to reinstall your new CA.crt as a trusted root again.

It's just a pref, so once you set it, it sticks even when you update New Moon. I can see the argument for turning it off by default (don't let NM ping the MCP server and poke the bear, so to speak), but some folks prefer NM to have the same default prefs as PM - fewer surprises that way - and it can always be turned off easily if desired.

Strangely, that redirects to http://fe2.update.microsoft.com/microsoftupdate. That trailing period looks wrong and the link just gives a server error page. (That may have been the original problem, but I couldn't see the error because IE's https: handling hid it from me.) But if you remove that trailing period (i.e., http://fe2.update.microsoft.com/microsoftupdate), it works! (BTW, MU takes way longer to scan than WU, but that makes sense because I have Office 2010 and I think one of its cumulative updates triggers the old "scans forever" bug. Oh, well; at least I can get to the scan now!) I'd still love to know why the MU link on the WU page worked a few days ago but doesn't now, but since removing the trailing period works, I'll just bookmark the link that way and not worry about it. Yes I copied your config.ini entries from your screen shot earlier. They work fine but didn't solve the MU problem, since the redirect on M$'s server is apparently wrong (has that extra period as shown above).

When you start ProxHTTPSProxy, if there's no CA.crt found when you start it, it will create one, valid from that date until 10 years hence. It then uses CA.crt to sign all the certificates it creates for the https: sites you visit, so you must install CA.crt as a trusted root certificate for ProxHTTPSProxy to work at all. I'm guessing your ProxHTTPSProxy install didn't come with a CA.crt, so it created the one you installed. @i430VX's install comes with the one that's valid from 10/1/2015 until 9/30/2025 (presumably it was created on the former date). The .exe I ran appears both to place that CA.crt in your ProxHTTPSProxy directory and to install it as a trusted root, so I believe ProxHTTPSProxy will create new site certificates and continue working. At worst, you may need to clear the ...\Certs subfolder to get rid of the old, no-longer-valid site certificates so that it will create new ones. To be safe, you could back up both your current CA.crt and your entire ...\Certs folder, so you could put them back in place if anything goes wrong with the new CA.crt. I don't really understand why it would matter either. But, at least in my case, it did fix the date/time issue with Windows Update. The message seems to indicate that your system date is earlier than the start date of a certificate, which is impossible unless either your system date is incorrect, or there's a bug in WU's certificate validation routine. Clearly it must be the latter. Perhaps there's a bug in dealing with dates after some point between 2025 and 2031. Not sure what we'll do if we still need Windows Update after 2025.... I was going to post on this myself, but you beat me to it! The .cmd file deletes wuaueng.dll from ...\DLLCache, then renames the one in ...\System32, then it copies the patched file into System32. But then SFC sees the new file, tries to compare it to the one in ...\DLLCache, and, not finding it there, it copies the original version from \i386! Then when you try to run Windows Update, it sees you have the old version and downloads the original, unpatched version that you started with. Round and round we go.... I didn't disable SFC; instead, I copied the patched file first to ...\DLLCache, then to ...\System32. That way SFC found the file in ...\DLLCache, discovered it matched, and left it in place. That brings up a curious problem I ran into. When I started on this journey, I could click the link and pull up the Microsoft Update page without issue. (Of course neither WU nor MU worked at the time, but I could at least bring up the page.) But now, I only get "Internet Explorer cannot display the web page." The error comes up immediately. The IE address bar shows https://update.microsoft.com/microsoftupdate and I can see a 302 (Moved Temporarily) response in the ProxHTTPSProxy window, so the link is redirecting (somewhere) but immediately failing.

Well, how about that; it works! Yes, his response was a bit terse for my taste too, but I figured it out. So let me fill in the details a bit: Download & extract the version of ProxHTTPSProxy at @i430VX's site: http://i430vx.net/files/XP/ProxHTTPSProxyMII_REV3d_PY344.7z The .7z has four folders. Open the folder labeled ProxHTTPSProxyMII_CertIns_Windows. It contains two .exe files: ProxHTTPS Cert Install.exe and ProxHTTPS Cert Uninstall.exe. Run the Install one. It won't seem to do anything, but it will silently install the needed certificate wherever it needs to go. It'd be nice to know exactly what it's doing; nonetheless, try Windows Update again, and you should get past the dreaded clock date/time error. It's a bit of a moot point, since there aren't going to be any new updates; yet it's quite gratifying. I never thought I'd see that Web page again!

This isn't actually a "fix;" it's more of a performance enhancement for systems with more RAM. Unfortunately I know nothing about how to install FF 52 on Windows 2000, dual-core or otherwise. I hope someone else here can answer your question, though; there are a lot of smart folks in this forum!

Wait a minute - I've been trying to follow along but missed a step somewhere. To get past the date/time error, what certificate did you install and where did you install it?

I rewrote the first post a bit. The first two paragraphs are all you need: That's all there is to it. The rest of the post just warns you about other FF-based browsers and provides an alternative method that works in some circumstances. You may find it interesting but if not, you don't need to bother with it. If you don't know how to set preferences in Firefox or Serpent, here are more detailed instructions: Type about:config in the URL bar and press Enter A warning screen will pop up. Accept the risk or promise to be careful as warned. Start typing a preference name, e.g., browser.tabs.remote.force-enable, in the search field. You can stop typing once the list of preferences is narrowed down to a single page and the scroll bar on the right disappears. If the browser.tabs.remote.force-enable preference doesn't exist, create it by right-clicking somewhere in the list and selecting New / Boolean. Otherwise, just right-click the preference. In either case, set the desired value. To increase the number of processes, repeat steps 3-5 for the other preference. (It should already exist.)

What soggi said. You'll probably find IceDove, MailNews, and Mozilla's Thunderbird all have a similar look & feel. IceDove and MailNews are both UXP-based, so there are probably few significant differences between them. IceDove does have a few add-ons available from Hyperbola. The only mail client that makes for a smooth transition from OE6, AFAIK, is Windows Live Mail from Microsoft. Only the 2009 version is compatible with XP. You'll need to find the offline installer (~140 MB) for it; the small online installer no longer works as M$ has removed the files it downloads from their Web site. There's a version number mismatch between Pale Moon and New Moon that causes this. Pale Moon is at v29.4; the New Moon equivalent version is v28.10.4. So you need to download the .xpi and edit the install.rdf file in it (it's actually a .zip file), replacing 29.4 with 28.10, before installing it.

AIUI Azure servers live in Microsoft's "cloud" - they aren't a piece of hardware you can buy. So I think M$ is just saying they'll keep their own servers updated with all the latest fixes. I'm sure those fixes are the same ones available to all of us via the M$ update catalog - the ones that won't install without an ESU license. So it just means M$ has licensed their own servers to get their own updates I don't think that helps the rest of us. Edit: Looking at your screen shot, it looks to me like year 4 of the ESU updates won't be available to the rest of us at all! It says ESU year 4 is Azure only, so I suspect M$ is keeping those updates to themselves.

Google.com comes up just fine in MyPal 29.3 for me, so I don't think it's a problem with MyPal itself. But just to be sure, try another browser or two (one of @roytam1's or one of the 360EE builds). If it does come up on other browsers, it could be something in how you have MyPal configured. You could also go to about:profiles, create a new, "clean" profile, restart MyPal with the new profile as your default, and then see if google.com works.

As @NotHereToPlayGames said, there's no way for us to answer that question for you, but here are the key differences: New Moon 28, Serpent 52, and IceApe all use the same underlying platform: UXP. The main difference is the user interface. If you've been using Firefox 52.9, Serpent will look the most similar. Serpent also supports a few features not in the others, such as "Web Extension" add-ons and a multiprocess mode. Since you have lots of RAM you may find multiprocess mode helpful. If you've been using SeaMonkey 2.49, IceApe will look the most similar. Like SeaMonkey, IceApe is actually a suite that includes both a Web browser (IceWeasel) and a mail/news reader (IceDove), so if you download IceApe, you don't need to download IceDove. New Moon 28 (and 27) have a user interface from an older version of Firefox that you may prefer. Arctic Fox, New Moon 27 and K-Meleon use an older underlying platform. The main advantage is, these browsers take less RAM/CPU, but it looks like you have plenty, so you'll probably be happier with one of the UXP browsers above. Finally, there's Serpent 55, derived from an alpha version of Firefox 53. It looks very similar to Serpent 52, supports more/newer "Web Extension" add-ons, but is less compatible with some modern Web sites. You might consider it if you need a specific add-on that requires Firefox 53.

I think Instagram changed the "ZyFrc" to another random string, "Igw0E", some time ago. I put the following into <profile folder>\Chrome\UserContent.css; supposed to achieve the same result: @-moz-document domain(instagram.com) { div._97aPb > div { display: block !important; } div.Igw0E > div { display: block !important; } div.Igw0E > div > div { display: block !important; } } Seems to work in St 55; I need to try FF 52.9.1 and see what's happening there now. Edit: I guess it depends on the specific Instagram page! "Misinformed Californian" link, https://www.instagram.com/tv/CNZX7dWA0iG/?igshid=1tlxn9t5hvfgp, works in St 52 but not FF 52.9.1. St 55 is weird; above link works on my home PC but not on my work PC. Both running Win 7. Oh, wait: I don't have the above .css block on my work PC. Let me see if that fixes it. Edit 2: Well I guess I'll have to wait a day to try it. I'm now getting the same symptom @msfntor reported: clicking the link only brings up Instagram's login page now. I'm guessing Instagram fingerprints your browser and won't let the same browser view the same link more than once per day without logging in.

I don't recommend FF 52.9 unless one needs Firefox Sync. That was the case for @Dave-H, who originally ran into the problem with Instagram videos, so I pointed out that uBO can be installed in FF 52.9 for his benefit. Since it seems to let Instagram videos play in Serpent 55, I think there's a good chance it'll do the trick for FF 52.9 also. Evidently uBO in FF 52.9 didn't work for you, @msfntor, but I notice that the uBO version you have in FF 52.9, v1.13.8, is quite old. The version you have in Serpent 55, v1.16.4.26, is much newer. Perhaps the newer version would do the trick in FF 52.9 even though v1.13.8 didn't. You can get all of JustOff's uBO versions, all the way up to his latest, 1.16.4.30, at the link I gave in my last post. (I have uBO set to update automatically, so I'm at v1.16.4.30.) P.S. I'm not sure what's going on with the intermittent login demands from Instagram that @msfntor has been experiencing. That is a truly baffling problem, but login demands aren't the problem @Dave-H described (for one thing, I think @Dave-H has an Instagram account and can log in if he wants). He just isn't seeing (and thus can't play) the videos.