Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×


  • Posts

  • Joined

  • Days Won

  • Donations


Everything posted by mixit

  1. I'm definitely under the impression that @JodyT sincerely believes in whatever he believes in at any given time (in the past: NT 6.x is an abomination and needs to die; at the moment: NT 5.x is an abomination and needs to die ). But in any case, I don't see why it's such a big deal that he gets to express his opinions in a sequestered thread. It's not like there aren't any arguments that could be made in favor of getting off XP, so if someone feels the need to keep making them even to a perfectly well informed audience, why nor just shrug it off without getting too aggravated about it?
  2. @Dave-H, @heinoganda I'm not on Facebook myself, so I'm only able to check public videos, but all seem to be working fine for me. A family member using XP with Primetime on and Flash off is also able watch all FB videos in their feed. So it must be a change that's not rolled out to everyone/everything yet. In any case, I'm not sure what you guys mean by FB "dropping Primetime support", because AFAIK sites don't need any specific "Primetime support" to play normal HTML5 video in the browser, the plugin simply makes it so that the browser will advertise its capability to play MP4/H.264 and the various players don't care what exactly is providing it. Since you don't appear to be talking about videos with the actual Primetime DRM, the fact that Primetime is used to play them should be mostly transparent. (I say "mostly", because I'm sure there are ways to detect that the plugin is present if someone starts looking for it specifically, it's just that it shouldn't matter to anyone for ordinary videos.) Two things I can suggest are trying FB with a fresh clean profile + Primetime; and spoofing the user agent. I know there are extensions that have been screwed up by various degrees after being forced to move to the WebExtensions API, so if one of them is messing with page content incl. videos, you might have to downgrade it. And FB may have simplified its server-side logic to assume that ESR 52 on XP requires Flash for H.264, and is therefore serving different kinds of pages to it without bothering with detection.
  3. Both commands work fine for me (with cmd), so right now I don't really have a clue why it should give you NTE_BAD_ALGID again (assuming you're running all three commands in the same environment).
  4. I think you can just put [Solved] in front of the title to mark it as such (right, @dencorso?). I'm far from "insisting" on changing the title , I just thought what eventually got covered here was a bit more general than what the initial title would suggest and something like "makecert.exe tool quirks on Windows XP" might get more future readers to check it out. It was just a thought; and I'm definitely not suggesting that you were wrong to initially give the title maximum specificity when asking the question.
  5. You need to quote the attribute content and escape the quotes to get them passed to the command, no need to escape the comma itself. And you don't even need to quote for the shell when there are no spaces or special characters. All of these work for me: -n "CN=Litware,OU=\"Docs,Adatum\",DC=Fabrikam,DC=COM" -n CN=Litware,"OU=\"Docs,Adatum\"",DC=Fabrikam,DC=COM -n CN=Litware,OU=\"Docs,Adatum\",DC=Fabrikam,DC=COM (I actually didn't know about the comma thing, but fortunately this was the top result for googling "makecert comma". )
  6. Thanks for the tip! Yet another naming suggestion: Lunar XPale (or just plain XPale), ex-Pale Moon for XP
  7. @glnz Unless you have software with specific need for this upgraded TLS functionality (which currently doesn't work with IE, for example), you don't need to install it right now. it's not a security patch (not in the usual sense, anyway) and it has no direct bearing on the WiFi vulnerability (presumably addressed by KB4042723). It wouldn't be a problem to wait until becomes available on WU early next year; but it wouldn't be a problem if you installed it now, either. Totally up to you.
  8. @roytam1 I've been meaning to get to building this on my own, so let me ask you this, to avoid reinventing the wheel: was it easy enough to get the builds working with the instructions on Pale Moon's site or did you have to jump through any hoops before everything clicked? It's been a while since I've built something as complex as a Mozilla-based browser, and I seem to recall people talking about having no small amount of trouble with such beasts (especially with Windows builds).
  9. @DrWho3000 & @procrastistamper Adobe re-enabled access to the install package some time after it had disappeared, so currently the GUI method still works. It may disappear again at any time though (and not come back again), so I'm going to keep the manual method as the main one in the OP. As for your problems: as long as you have all the prefs set right (cOrReCt cAsE, no typos like %51.0%), both the GUI method and the manual method should currently work. I ran tests with 52.4.0 ESR and saw no issues with either process. Based on @roytam1's contribution, I thought maybe they'd changed things so that %CHANNEL% being esr would no longer work, but changing only %VERSION% was still sufficient. I believe you should still be able to install the plugin even if it later turns out it won't work properly (no SSE2, non-Intel, etc.) If something doesn't work with your everyday profile, create a new profile (with firefox -P) and try with that one. Disable automatic update checks - while I haven't been able to reproduce this, FF could run its auto-update while you're in the middle of things and mess things up for you. (Checking for updates without all the prefs set can leave you in an inconsistent state and you'd have to start from the beginning.) Since pre-existing plugins are initially enabled in a new profile, disable them all. Enter the preferences all in one go (copy&paste can avoid typos ) and don't fiddle with the Plugins page until you've added everything; best to close it beforehand, actually, to avoid an update check at the wrong time. If using the manual method, add all the preferences first, then close FF, then add the plugin files, then restart FF and verify. If it didn't take, make sure you've added the files in the right profile folder (open it from about:support). If still failing, recheck that all your prefs are still set the way you entered them and FF hasn't messed with them. Assuming you can get Primetime working with a clean profile, make sure you start the installation as fresh as possible on your existing profile. Go to about:config, search for gmp-eme-adobe and use the Reset menu item to remove all those prefs, then close FF, then delete the gmp-eme-adobe folder under your profile, then open FF and do everything just as you did with the new profile. If it still doesn't take, try to eliminate possible external interference (such AV blocking the plugin files, firewall blocking download attempts). This seems unlikely to affect Primetime installation, but you can try and see if disabling all your browser extensions changes anything. (They can definitely interfere with playback, for example I've seen Video DownloadHelper mess up chunked streaming (as opposed to playing a single MP4 file) with its hooks.) Can't really think of anything else that might help right now - it's a "works for me" situation after all. If all else fails, you could always try the custom Pale Moon XP builds with added MP4 playback capabilities @roytam1 and some others have been contributing.
  10. @olspookishmagus No reward is necessary , but it might be useful to change the topic title into something more generally descriptive, since most of what we've discussed here isn't really about Powershell scripts.
  11. Aha, so I wasn't that far off with my speculation prior to September Patch Tuesday - looking at file dates, the TLS fix had already been completed at that time, but for some reason it was held back for two regular release days. Thanks for keeping tabs on this, @heinoganda! According to Microsoft, It'll be on WU/WSUS as Optional starting January 16 and will turn Recommended on February 13. (Perhaps they'll fix IE and WinHTTP by the time to make it more useful.) Just so there's no confusion: Chrome was capable of TLS 1.2 on XP even before this fix. (relevant forum topic)
  12. I thought you were using -a sha1 to begin with? In any case, I'm glad it worked out in the end. BTW, it turns out that if you want to use -a sha256|sha384|sha512 on XP, you can do so by adding -sp "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" -sy 24 (24 is PROV_RSA_AES type), and of course you can use -len 2048|4096 for longer keys. The CSP makecert defaults to doesn't have SHA-2, hence the NTE_BAD_ALGID (0x80090008) errors. http://www.msfn.org/board/topic/176299-latest-version-of-software-running-on-xp/ has a bunch, even if the list is spread all over the topic. (In fact, had occurred to me to look there first, I wouldn't have had to hunt down procmon on my own.)
  13. Windows Embedded POSReady 2009 is an XP flavor with a few added features that is still getting official updates from Microsoft until early 2019. These updates can very easily be used on regular XP, so far with no real compatibility issues (that I can recall, anyway). This very forum here happens to have some mighty good ongoing coverage on this subject. The Microsoft Windows SDK for Windows 7 and .NET Framework 4 that you linked to above contains the 6.1.7600.16385 I have (GRMSDK_EN_DVD.iso, \Setup\WinSDKTools\WinSDKTools_x86.msi). I didn't notice before that you're (apparently) using a version from Microsoft Visual Studio 8 SDK v2.0. Using the newer version might make a difference. The current v3.40 from MS no longer works with XP, but you still can get v3.20 from archive.org. Set your filter to Include when Process Name "is" makecert.exe, run makecert, and go from there - the interface is pretty self-explanatory, assuming you have some idea about registry and file API calls. (It usually makes sense to turn capturing off as soon as you've run whatever you're interested in, leaving it on while you browse the log will just put needless load on the system.) I don't know off the top of my head what those errors could be about and I'm sure you can google just as well as I could. Good luck!
  14. Welcome to the forum! FWIW, your exact command works fine on my XP SP3 with POSReady updates. I don't actually have the SDK properly installed, only the tools manually extracted from the installer into a C:\Program Files subfolder. My makecert.exe version is 6.1.7600.16385. I'm logged in as a member of the local Administrators group, so I just ran this in my regular command prompt. I got prompted to create a private key password (at which point root.pvk had been created but was empty; the file got filled in after completing the dialog), then to enter said password (after which root.cer was created). When I disabled my Write permission for the folder, I got two error messages: "Error: Unable to create file for the subject ('root.pvk')" plus the one you saw. Might want to try tracing the execution with Sysinternals Process Monitor (procmon) to narrow down which registry keys and/or files makecert seems to have a problem with. Judging from my output when I ran the command without the " -ss Root -sr localMachine" part (since with the error you're seeing you'd never get to updating the cert store). the only file writes (except for the .pvk and .cer, and directory updates) seemed to be two files that were created and later deleted under ?:\Documents and Settings\username\Application Data\Microsoft\Crypto\RSA\S-*, and you say you've already checked the permissions there. There also seemed to be no registry writes in this case.
  15. seems to be needing a few post-XP API functions (12 from kernel32.dll, 2 from dbghelp.dll) so what's probably happening is that when Chrome "detects" and lists it, it's just checking that all the plugin files are there and reading the manifest data, but when it's time to actually use the plugin, it won't load on XP. seems fine in this regard. (I don't use Chrome myself, this is just based on static analysis.)
  16. Simply spoofing the user agent won't work in this case, because (at least right now) it doesn't look like they're blocking IE8 based on its UA, they really seem to be doing it by the encryption method, so the POSReady AES update is still needed. When I tested with IE8 earlier, I was getting the warning page every few page loads when i disabled AES128-SHA and left only 3DES, whereas I couldn't get it to appear at all when I disabled 3DES and re-enabled AES128-SHA. I also tried it with a spoofed IE9 UA just now and it made no difference, the warning page still appeared periodically without AES128-SHA. (I did see @dencorso suggesting UA spoofing earlier, but the way that whole thing got sidetracked into a .reg file line endings discussion, its point had disappeared from my mind by the time I got to running my initial tests.)
  17. EDIT: FWIW, I wrote this reply before this whole opera was consolidated into its own thread; JodyT's comments seemed (to me) rather strikingly off-topic and pointless in the context of the thread they initially appeared in. One of the reasons I personally tend to at these types of posts of yours is that IIRC you've mentioned a number of times how you used to really hate some newer Windows versions, and how now you've learned to like them and "moved on" from XP, with a strong implication that everyone should do the same. Somehow, the way you present it comes across as a religious argument, about how you used to believe in a wrong god but now you've found the right one and everyone should do the same. For starters, logically a big part of "moving on" would be that you don't keep coming back to lecture those who are now in the "wrong" from your point of view. I assume the reason most people say harsh words about Windows 10 is because they've tried it and strongly dislike certain aspects of it and MS behavior surrounding it. It's a fresh experience for them, often an ongoing one, they haven't "moved on" from it years ago. That's completely different from your self-described situation with XP. Then, I think virtually none of the regulars here are still on vanilla XP, they have all gone down the POSReady 2009 route. So talking about it as if people who are (for all intents and purposes) using a product still supported by MS - with updates coming out every month just as for any other supported Windows version - are irresponsible and a major threat to the Internet or whatnot is simply twisting the reality. A lot of the people here are more than capable of determining whether or not their choice of OS is a risk to them and the world at large or not - and they're unlikely to appreciate implications to the contrary. Wait until after the POSReady EOL. maybe? And finally, why does there have to be something irrational about someone still using XP, can't it be a perfectly rational decision? If it still does everything we need (and doesn't do what we don't want), why shouldn't we keep using it? As I think I've already said in a similar discussion in the past, we live in the age of virtualization and can and do use other OS-s in parallel to XP whenever such a need arises. i know that should XP outlive its usefulness for me and become a hindrance or an unacceptable security risk, I will stop using it as my main OS, no question about it. But I'm not going to do so because of marketing speak, scare tactics, artificial crippling of software, or anyone's proselytizing, and I think many people here feel the same.
  18. @Tacit I'm not sure what's going on in your case, but there are unfortunate cases of Primetime failing to work no matter what. I don't think I've ever seen them fully spelled out by Mozilla, but I've seen mentions of AMD chips and non-SSE2 Intel chips causing problems. In any case, these problems were widespread enough to hold Mozilla back from ever officially supporting Primetime on XP. Then again, these problems would supposedly be more likely to manifest as plugin crashes than simply not playing media. So, in addition to what @dencorso already suggested (to hopefully free him from having to keep mentioning it, I've now added a case sensitivity note to the opening post ), you may want to try the whole thing out from scratch with a new clean Firefox profile, and if that changes nothing, why not a newer browser version, unless you have specific reasons for sticking with 47.0.2. You may also want to disable all your other plugins while you're testing. In a new clean profile they're all enabled by default , so make sure you turn them off before you try out any sites.
  19. TL;DR, if for some rather unfathomable reason you still really really really want to use IE8 to browse the web (NOT RECOMMENDED, as already stated by several people above), you won't necessarily be locked out from Wikipedia just yet if (like probably most people here) you have installed POSReady 2009 update KB3055973 or, preferably, its successive security fix KB3081320, These updates install TLS 1.0 cipher suites AES128-SHA (TLS_RSA_WITH_AES_128_CBC_SHA) and AES256-SHA (TLS_RSA_WITH_AES_256_CBC_SHA), the former of which is and will remain supported by Wikimedia sites for now. However, Wikimedia makes it pretty clear that this isn't going to last very long: See also the "The end is coming regardless" section at the end of that page. Apparently, AES128-SHA currently averages about 0.22% of their requests vs DES-CBC3-SHA-s 0.11%. As for its removal:
  20. @glnz The unified browser thread may be a better fit for these types of questions, it may even already have some answers . --------------------------- Regarding POSReady 2009, though, I wonder if there's any chance of it getting TLS 1.2 updates the same way Server 2008 SP2 suddenly did last month with KB4019276. Its extended support ends in January 2020 (I think), less than a year after POSReady 2009, so it might not be an unreasonable expectation in the current security climate. Could them working on this possibly be the reason IE updates were skipped last month? Probably wishful thinking but I guess we'll see soon enough.
  21. Much appreciated, I've added the new link to the OP. Is it OK to still keep your link as the primary? I kind of wanted to advertise your site I'm sure someone reading this can create more mirrors. Since your copy already existed, I didn't upload it anywhere else myself because I don't do this sort of thing often enough to have a good handle on which DL sites people prefer these days.
  22. I was alerted to the unfortunate fact that the Primetime plugin package is no longer downloadable from Adobe servers. This means that from now on the plugin can't be installed via Firefox GUI alone. Since Mozilla had warned about this removal, our friend @sdfox7has saved a copy of Primetime in his XP software archive, so people can still get the plugin from there and install it manually. I've updated the OP with instructions for manual install. The DL link is also there.
  23. That may just be an omission in the blog post (I copied the version list from there), both x86 and x64 Vista versions seem to be available at the Catalog site. Edit: Looks like Vista was still supported when this patch initially came out in March. Hard to keep track of all these EOL dates.
  24. Not sure what's going on there, I'm seeing no problems specifically with 52.1.1. If the plugin looks active on the Plugins page and you're only seeing this problem at some specific sites, it could just be a coincidence and the problem could be with whatever player they're using. There have been a few streaming sites that I haven't been able to get working without Flash, but that's not specific to this latest FF version. If your previous version before 52.1.1 was something older than 52.0, there could be a problem with the site's browser version checking logic that you could maybe overcome by spoofing an earlier version number. like 51.0.

  • Create New...