Proxying TLS is becoming unusable, thanks again to cloudflare. You keep getting kicked out because they detect the Client Hello[1] does not match whatever they think it should be, based on the User Agent string. I'm not even sure what this is supposed to protect the website from.

[1]: https://github.com/mitmproxy/mitmproxy/issues/4575

(author) Interesting. That may have been what I ran into. carl itself was unaffected, just proxying through it.

It's probably part of about detection system which cf is usually trying to prevent for their customers. It'd be a relatively easy to detect metric to add to a score for that kind of thing. A bot using a browser use agent string but the wrong tls settings is probably very common.

Cloudflare does not care about MITM enterprise proxy nor mass surveillance, so there should be wiggle room to get it to work.

I love these sorts of posts. Is there a Hacker News just for cool retro-computing hacks and weird hobby OSes I could read?

Sometimes I wonder whether tagging support for HN articles wouldn’t be useful. Members could assign arbitrary publicly visible tags to articles, and upvote/downvote/flag those tags. Everyone could filter by tags and maybe see a vote count for each tag. Of course, that would be one more thing to moderate.

https://www.vogons.org/ For the more mainstream retro machines and hardware.

https://forum.vcfed.org/ For the rarer esoteric stuff (but still loads of old Macs, DOS machines, Amigas and 8-bit stuff)

There loads of others, often machine specific, but these 2 are a good place to start.

Reddit's Retrobattlestations, and at Usenet:

comp.infosystems.gopher

comp.infosystems.gemini

alt.folklore.computers

comp.misc (sometimes)

comp.os.cpm

comp.os.misc (from time to time)

There is Lunduke journal substack but nothing like hacker news.

lobste.rs has computing only related content (no business - world news) and has a fair amount of retro computing posts

I wonder if anyone has asked Access (https://www.access-company.com/) about the BeOS source? I hardly think they care about it now.

Access has been somewhat reluctant to make BeOS-related material available in the past. For example, they did provide access to the BeOS API documentation (called the Be Book) to the Haiku project, but only under a restrictive no-derivatives license (see [1]). This has caused some pain the past, as extra care must be taken that Haiku's API documentation, the Haiku Book [2], is not a derivative work, so everything had to be rewritten from scratch, even documentation for parts of the API that are largely unchanged.

[1] https://www.haiku-os.org/legacy-docs/bebook/LegalNotice.html

[2] https://www.haiku-os.org/docs/api/index.html

What a joke. Gotta protect the future of those massive profits from BeOS sales I guess.

The BeOS source is not clean. It had loads of third party closed source licensed stuff in the tree. It is also massive, it is a complete OS and most of the supporting apps source code. It would be non trivial to make it open and it would not compile cleanly as massive gobs of drivers and low level stuff (like font rendering engines) would be gone. And there are the unfortunate GPL violations. It would also need a lot of work to manage any opensourcing effort.

> And there are the unfortunate GPL violations.

While I would normally make my "[citation needed]" joke, I'm sincerely curious about this. I can't find any references to this with an admittedly quick and cursory search. What were the violations?

When drivers are based on GPL code then you do not release the changes, but sell the resulting drivers as part of your OS. That was what I was told.

Not sure how I feel about websites blocking vistors based on their browser type. Is that just a necessary evil at this point because of all network abuse on the public internet?

It seems like a very odd strategy since for real attackers it's absolutely trivial to pretend to be some random Internet Explorer. However I suppose it may be part of some kind of Bayesian / machine learning black box at Cloudflare.

I have great difficulty believing that there are armies of online miscreants spoofing NetPositive, but perhaps Cloudflare has data I don't.

Being someone who actually has hardware that can run this, I look forward to giving it a spin. Great work!