Read about logout's idea of NoViCoGe:

<gopher://i-logout.cz/0/phlog/posts/2021-10-28_november_vintage_computer_gophering_event_2021.txt>

I don't really have a *vintage* computer, either, just my Pentium 133
(which can run current OpenBSD, so all the crypto and everything is
available in theory), but maybe I'll give it a shot anyways. :-)

On a similar note, I finally made my web site available using plain HTTP
again. HTTPS can still be used, of course, but the forceful redirect
from HTTP to HTTPS is gone.

Why remove that redirect? To make it easier for old browsers to access
my web site. They might not have support for the required crypto
algorithms. For example, OS/2 Warp 4's default browser doesn't. But
also, there was a letsencrypt issue recently which caused lots of rather
new software to break as well! (IIRC, there were two possible paths to
validate server certificates and one of them had an expired cert in
them. This broke lots and lots of stuff and we're still cleaning up this
mess at work.)

Now, I had actually decided that removing this redirect isn't worth it.
The thing is, many very old browsers don't support HTTP/1.1, only
HTTP/1.0. This means they don't support the "Host:" header -- and
without *that*, you can't access my site anyway, because my web server
routes you to the wrong vhost.

So, even though the redirect has been removed, OS/2 Warp 4's default
browser still can't access my page.

*But* Netscape 2.02 can do it now! That's not the most recent version of
Netscape, but it's very easy to install 2.02 on a vanilla Warp 4 box.
(At least it was for the version of Warp 4 that I own.)

Interestingly, Netscape's requests look like this:

   GET /blog/postings/2021-10-24/0/POSTING-en.html HTTP/1.0
   If-Modified-Since: Sunday, 24-Oct-21 06:20:17 GMT; length=1905
   Referer: http://www.uninformativ.de/blog/
   Connection: Keep-Alive
   User-Agent: Mozilla/2.02 (OS/2; I)
   Pragma: no-cache
   Host: www.uninformativ.de
   Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

It says HTTP/1.0 and yet it adds a "Host:" header among other things.
Very interesting. Actually, logout / Martin Kukac (the author of the
phlog post mentioned above) wrote me about this back in February, but it
took me "a moment" to really *try* it. %)

So, yeah. HTTPS redirect is gone. Web site is easier to access from old
browser. Good!

You are viewing proxied material from uninformativ.de. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.