Whatever happened to Martin Korth?

[spotanjo3]

Is he okay ? Does anybody know that he is still doing the project like NO$GBA and others ? I hope that he is alright. Loved his emulators and his working!

[tepples]

When the forum moved from nesdev.com under WhoaMan to nesdev.org under the new team, the new server had a couple changes to its Transport Layer Security (TLS) configuration. The old policy is not available at the moment. The new behavior, as observed using Qualys SSL Labs, is as follows:

• All connections through cleartext HTTP are redirected to the corresponding URL on HTTPS.
• When connecting using an obsolete TLS client that does not supply Server Name Indication (SNI), such as Internet Explorer on Windows XP and earlier, the certificate is for NesCartDB, which is hosted at the same IP address.
• Supported protocol versions are TLS 1.2 and TLS 1.3. The disabling of TLS 1.1 means that older web browsers cannot establish a connection. This includes Firefox before version 24, Chrome before version 30, Internet Explorer on Windows before Windows 7, and Safari before Mac OS X 10.9 and iOS 5.

This is why nocash's final post was "Broken User Database" on Jul 07, 2021, two years ago, just as forums.nesdev.com had started to become unusable. It's believed he uses obsolete computers that cannot run operating systems compatible with recent versions of popular web browsers.

[creaothceann]

https://old.reddit.com/r/EmuDev/comment ... lp_me_out/
https://old.reddit.com/r/emulation/comm ... series_of/

[Zonomi]

He's still posting in PSXdev's board.

[spotanjo3]

He's still posting in PSXdev's board.

I am glad that he is still around. Loved his No$GBA emulator and still enjoyed it today. Thank you!

[tepples]

Qualys SSL Labs test gives a B grade to psxdev.net because it still supports TLS 1.0 and 1.1.

[tepples]

forums.nesdev.org uses a 301 permanent redirect from HTTP to HTTPS and gets an A from Qualys SSL Labs for not supporting versions of TLS prior to 1.2. I've emailed Nocash via the (obfuscated) address on his website to ask if he can still see it.

I was in the gbdev Discord server and found a take written June 2022 claiming that indiscriminately redirecting HTTP users to HTTPS is overrated, especially when some members of your community contribute using outdated hardware and outdated operating systems: "Consider Disabling HTTPS Auto Redirects" by Bradley Taunt. Reading that article reminded me of this topic. Nocash still hasn't posted here since the crash. Nor did he reply to the mail I sent to the address on his website in December 2021.

I guess one way to have it both ways is to parse the User-agent header and don't redirect if the browser is known not to work with TLS 1.2 by default. According to "TLS 1.2" on Can I use, this roughly means browsers prior to late 2013: IE pre-11, Chrome pre-29, Firefox pre-27, Safari pre-7, and Opera pre-16.

[nitro2k01]

Currently, http://problemkaputt.de (with or without https) asks for http authentication. Does anyone know what's up?

[freem]

The auth dialog shows "webseite wurde kompromittert/gehacked/infiziert", which seems to roughly translate to "Website was compromised/hacked/infected"

Hopefully this is just temporary and things get fixed.

[nitro2k01]

The auth dialog shows "webseite wurde kompromittert/gehacked/infiziert", which seems to roughly translate to "Website was compromised/hacked/infected"

Hopefully this is just temporary and things get fixed.

Interesting. It's not showing that message to me. I just see a standard authorization required message. Do you see the same message with the link below? Same link but with https. Maybe you're using a privacy focused browser that inserts a warning message like that when a site isn't forcing https.

https://problemkaputt.de/

[TmEE]

That is what I get here :

[tepples]

Browsers that receive HTTP error 401 with WWW-Authenticate: Basic (basic access authentication) show a prompt for name and password. The WWW-Authenticate header lets a server specify a "realm", a string to show to the user as a prompt for what name and password the user ought to be entering. Here, the realm is Webseite wurde kompromittert/gehacked/infiziert. The answer to a question about realm on Stack Overflow from September 2021 claims that Chrome, Firefox, and Edge hide the realm on grounds that phishing attacks have abused it.

[freem]

Interesting. It's not showing that message to me. I just see a standard authorization required message. Do you see the same message with the link below?

Interestingly enough, the https link works normally on my end, and after a hard refresh, the non-https link is also working.

[tepples]

Today I learned that Crypto Ancienne (Cryanc) can be used as an HTTPS proxy on vintage computers that are stuck on outdated web browsers.