Not just Government regulators, but if your insurance company either
raises your premiums exorbitantly or threatens to cancel your policy
altogether if you don’t take certain actions, that can have quite a
stimulating effect.

The math has not changed.

How fast we compute the math has changed considerably.

I don't recall -- after a very long day -- if there have been any attack
vulnerabilities in AES or if it's just chasing the number of bits to
stay ahead of computation power.

What advances have been made on that score?

The original recommendation was to stick with AES-128, and not bother with
AES-192 or AES-256; as far as I know that hasn’t changed.

How does that work for the original XUL-based version of Firefox so
that you can get back the functionality you used to have ?

How many people are trying to maintain the old XUL version of Firefox,
especially on Android, while trying to keep it moving forward with all
the other changes happening in the (new) mainstream Firefox ?

I picked this example because I am writing an extension for current
Firefox on Android and this Web Extensions is a complete and utter
bloody joke compared to what you could do in the old Firefox for Android.

Hell, they don't even support context menus on Android in the current
Firefox:

https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/menus#browser_compatibility

This was absolutely standard functionality in the original Firefox for
Android. I know this because I wrote extensions in the past that used it :-(

And BTW, the bloody control freaks at Mozilla no longer allow you to
load your own extensions into Firefox without having to upload it to
Mozilla for signing. You had to work to turn signing off in the older
versions (which was OK because a user could not easily load an unsigned
extension without having to go through some non-obvious steps) but if
you were a developer, you could do it.

You can sideload Android applications, so I wonder why the bloody control
freaks at Mozilla think its OK to stop you from sideloading your own
extensions that you wrote.

IOW Lawrence, you picked a really bad week to bring that up. :-)

Simon.

In theory yes.

But most companies has no interest in going into the
software library business. They switch to a technology
where they don't have to take on library maintenance
themselves.

Arne

Sure does. As an Intel engineer said to me: "COM is not only a weird
meta-API designed to contort your code into forms where you'd have to
re-write from scratch to run it on anything else. It does that job fine,
but it also has positive features."

Writing COM components was a /lot/ harder than consuming them. Microsoft
decided to replace it with .NET, over twenty years ago. They tried to
bring it back in WinRT, but that did not achieve significant acceptance
or market share, and is dead.

John

In some cases an encrypted tunnel can be used to mitigate the
problem of unencrypted or weakly encrypted traffic.

But it is not always possible. Like in B2C scenarios.

And strictly speaking it does not provide the same
as app-to-app encryption.
The communication part is one possible part of what the old stuff would
be missing.

Arne

OpenSSL is widely used for a certain type of languages in modern time.
If you have an application written in a native language within
the last two decades, then there is a pretty good chance that it uses
OpenSSL. JVM languages, CLR languages, script languages - no (at least
not directly). Something written 30 years ago - no (it would use
Bsafe or something else that had the proper RSA license).

VB6 is a bit in the middle. VB6 can call functions in regular
Win32 DLL's, but often a COM component will be preferred - OO API,
the choice between static and dynamic (dynamic only if a scriptable
COM component), usually nicer API with less hacking with data types.

Arne