Notices by Jernej Simončič � (jernej__s@infosec.exchange), page 2

@joshuaelliott @mcc But they're smart!

@ryanc @jima Looked at the config pages:

@ryanc @jima As of 0.80 (latest release, addresses the Terrapin vulnerability), PuTTY supports:
Key exchange algorithms:

• NTRU Prime / Curve25519 hybrid
• ECDH
• Diffie-Hellman (no group specified)
• Diffie-Hellman groups 16, 17, 18, 15, 14, 1
• RSACiphers:
• AES
• ChaCha20
• AES-GCM
• Blowfish
• 3DES
• DES
• Arcfour

@freedosproject About 13 years ago a client bought a new high-end workstation (i7, 16 GB RAM, SSD). He also wanted to be able to still run his old QuattroPro for DOS on it, and to print from it. I set him up with DOSBox-X to do that.

@emilygorcenski If you haven't seen it yet, you have to opt-out of arbitration: https://infosec.exchange/@thomasfuchs@hachyderm.io/111531294830031367

@emilygorcenski I've got a .htaccess that redirects a bunch similar endpoints to a tarpit (short perl script that outputs around 9 bytes/second, limited to at most 20 simultaneous requests, to not DoS my own server).

@foone Sounds like the clipboard is in a weird state, and hitting print screen (which copies the screen content to clipboard) somehow fixes it?

@aral What if you use Bаlkаn instead (using Cyrillic а instead of Latin a, assuming your last name is not normally written with a diactric)?

@hramrach @Polychrome And yet fansubs manage to be released within hours of the episode airing…

@hramrach @Polychrome Those hours include typesetting (including animating all the moving signs) and at least one QC pass (or at least they did back when I was doing this).

@scalzi

@Suiseiseki @niconiconi Doesn't that lose all the replies?

@friend @shauna @oblomov Modern Microsoft Office uses GPU acceleration (with hilarious results when the drivers are having trouble).

@inkling @kasdeya WinPE used during installation does not include WoW64, so only native executables are supported.

But why go with Solitaire, when you can play Space Cadet?

@Migueldeicaza /[,\(\s]?#1(s)(\s+-?\d+(?{}\.\d+)?\s+-?\d+(?{}\.\d+)?\s+-?\d+(?{}\.\d+)?\s+-?\d+(?{}\.\d+)?\s+-?\d+(?{}\.\d+)?\s+-?\d+(?{}\.\d+)?)(\s+-?\d+(?{}\.\d+)?\s+-?\d+(?{}\.\d+)?)+(\)?=|\s|$)/

@christian @Suiseiseki You have to do it within the program itself (according to the strict AGPL interpretation, you have to offer the source code as the very first thing when any user accesses the program running on your server). And no, NextCloud does not do this, and neither does any other AGPL program I've come across – it's a mess.

marcan had a great twitter thread on this (with a bunch of examples), but it's unfortunately gone.

@christian @Suiseiseki That's the problem with AGPL – it hasn't been tried in a court.

@Suiseiseki The point of AGPL is that any end-user of the software has the right to the source code of the program they're using, even if it's running on a remote server. It doesn't matter that the patching here was done by the distro – since you're running the program, you're the one that has to provide the exact source of the running program, otherwise that'd be a loophole anybody could use to avoid complying with AGPL.

And while marcan's post was about dspam, where it's questionable if its use even counts as end-users having interacted with it, there are a lot of web apps, where the end-user interaction is obvious (eg. NextCloud).

@christian @Suiseiseki The problem is that if you put NextCloud (or any other AGPL-license program) on the internet, you yourself have to provide the source code of your running instance to anybody who accesses it. How do you achieve that?

@amshepherd @mirabilos @starshine It's an EULA. @marcan wrote a nice explanation here: https://news.ycombinator.com/item?id=24764481