Why Xojo Web 1.0 is a big risk to use

Many Customers of Xojo still using Xojo Web 1.0. There is still Support but there will not be an Update or a Patch when and if a new OS Version will break the functionality of the Libraries behind. Also the Libraries are not getting updates. This results for the Web Libs in security Issues.

And the day can and will come that Web 1.0 compiles will not work anymore in modern browsers and the use will stop. The Showstopper is there. From that moment on the Web 1.0 Application is worthless and not functional anymore.

The IDE you can run on Windows, Linux, MacOS older Versions. But the browsers outside you can’t. And that is the time bomb included in the use of Web 1.0. I can’t see that it is a real issue that the IDE will not run. A virtual machine and it works.

But how big is the chance that there will be something happened that it does not run in Browser anymore? Oh. Simple. One Apple Safari Update with a new security setting and there is no Xojo Web 1.0 App anymore. So it is recommended to rewrite. In Xojo Web 2.0, Vaadin or what ever you want to use.

1 Like

tic, toc … good for Xojo that half of the web still depends on HTTP/1.1 but that won’t last for eternity.

This will not remain for long anymore. There will be a deprecation in a cold way: the new security technologies are not working together with http 1.1 but 2.0 and 3.0 and we will have soon 4.0

Yes, a good example is Microsoft and Office 365.

For years, MS only threatened that we no longer want to allow “basic authentication”, everyone should please use “modern authentication”. But almost everyone just clicked “later”.

On September 30th this year they have started to convert one tenant after the other. No more exceptions, no tolerance.

All accounts will be converted by January 1st, 2023 at the latest. Period.

The entry Point for ending of Web 1.0 is definitely changes in security standards. And they will come soon while it is a three years old Software. So there is no secure way to work with it. The oldLIbraries are one point. The age of the compiled Product the other. Since it compiles a Binary aged in 2019…if even the modern while only small changes made to Web. Resulting in an insecure Web App and a Webapps which will stop working in near future. That is the entire point. All people wrote Web 1.0 Apps can decide to rewrite with Xojo Web 2.0 or Vaadin, Jpro and so on. The most valuable way would be writing with Jpro as a Single Page Application like Xojo Web 1.0 was also but with the most modern security behind the Jpro Server. For production it costs around 1000 Dollar per year. Not expensive for a Production environment.

Speaking about the risks: we speak about a Web 1.0 Application with http 1.1 Support, a protocol developed in 1997. It is very old. Http 1.0 and http 3.0 are the modern standards and http 1.1 will be soon obsolete and not supported from the browsers of the OS`ses. That is for http 1.0 already the case, web 1.1 would lead into not running Xojo Web 1.0 Applications on newly updates computers.

Yeah at work we got Microsoft to hold off until Jan 1 2023 but that is the hard and non-negotiable deadline. It took a LOT of work (async code, hard to get right, had race conditions, etc) to get our services talking to our own outlook mail server with OAuth. One of the legacy services, which automatically accepts data contributions, is impractical to retrofit so we are telling the 7% of clients still emailing data to us (some daily or weekly, most monthly) to switch to SFTP. I will manually troll the inbox and still process data coming by email but it will stack up for a day or two at times and they won’t get the real time results they are used to. At some point probably late next year we will just not take emailed data at all.

1 Like

Same here, in some areas we had a lot of work.

And it is sometimes difficult to convey to customers, but I still welcome the consistent step taken by MS, after all they had announced it for a very long time. That it didn’t do much is another matter, but hard to give MS the buck.

This is good communication strategy compared to the communication strategy of “others” :wink: