I've had conversations  with at
least   two   geminiers    lately,  https   is  a combination  of  two
zdrmonster    and  anthonyg.    It  things.     Firstly,   there's   a
highlights   that I  should   have  whitelist  of internet  sites that
friendlier    tone   with   gemini  you can get a domain  name onto by
people,  who are pretty  cool, and  periodically  providing control of
share  my musings  about security.  your   server   to  the  whitelist
I'm  not looking  up or into   any  managers. Google, Microsoft, Apple
attacks or kinds of attack. (Great  and Mozilla  will spam you and try
security phost, I know.).           to  trick   you (whether   or  not
                                   appropriate)   into  not  visiting
Gopher's     strength    is    the  unwhitelisted websites. Every time
tremendous   beauty  and power  of  you  visit  a domain,  you contact
internetworked gopherholes          the  whitelist   people  over  the
combined with the minimal elegance  internet   to check  if they think
of the gopher singular. You make a  you should visit that domain.  The
TCP  connection,  the server  says  domain   you   are  visiting    is
nothing, the client sends the item  recoverable    from   your   https
specifier    string,  the   server  request in general anyway.  If you
replies   with  the item  and  the  trust the whitelist  managers more
client closes the connection  when  than some other people,  there are
it  thinks  the item  is finished.  gains   to  the newish   DNS  over
The end.  Sure, gophernicus   will  HTTPS.
automatically  give ogg files  the
unofficial  s itemtype, which lynx  There is also the second,  sincere
supports, but basically  the thing  benefit   of  https ;  there's   a
about   gopher   is that it's  not  process  for negotiating   session
going   to  change,  and  it  does  encryption   with the  server  you
almost nothing.   Ldbeth likes  to  have  connected  to, so  only  the
point out that openbsd netcat is a  server   knows   which   page   in
fine gopher browser.                particular    you  are   visiting.
                                   Imagine those safe links companies
From  what  I  can  tell,   gemini  provide   that  are private   from
sacrifices  this elegance  to gain  others  unless  shared;    they're
two-ish  things. Instead of making  talking  about it being https.  If
directories     with    lots    of  the https negotiation  is suitably
unofficial itemtype i               strict, information  can be shared
informational   lines in order  to  only with the trusted server. This
have interspersed  gophermap  item  comes at the cost of needing to do
lines    (links),   gemini    just  complicated  negotiations,   which
supports   link lines in  general,  open   up   extra   avenues    for
and some gemini markdown  styling.  datascraping/profiling among
Secondly    and  moreso   firstly,  problems,    which  is  at   least
gemini supports https.              counter  to the intuition  that it
                                   was safer.
I  think informational   lines  do
fine  in gopher  directories   and  Whitelisting   can  sod off in  my
searches, and attaching a markdown  opinion, by providing
to the standard  is feature creep.  unaccountable trust to someone you
However the standard  is such that  don't  know  doubly  so.  However,
gemini    markdown    files    are  having  a form authentication  and
acceptable  stylistic  text files,  encryption   at all is a big deal.
and  there  is relatively   little  Let's   try   and  apply   it   to
usage difference  when using emacs  downloading  music from a  gopher.
elpher-mode to browse either.       Imagine  you make a gopher request
                                   specifying  a music file.  Someone
                                   who  wishes  you ill gets  in  the
                                   middle  of the request  and  sends
                                   you back  a music  file  that  can
                                   crash your music  player  or cause
                                   other problems instead of the real
                                   one.   Even if not sabotaging  you
                                   like this, basically every company
                                   and  government  is  cyberstalking
                                   you in order to sell private facts
                                   about  you (this is used on normal
                                   people  in real life!   It's worse
                                   than you think.).


GNU  Privacy  Guard  (or a  crypto
signing equivalent like
signify(1)) can provide
strong-enough  signing to mitigate
the  bad  file sabotage   problem,
though  this connects  back to the
whitelisting  problem  - you can't
just download  a public  key, what
if it was a sabotaged  public key.
You  need  to get to know  the key
owner well enough to establish  it
is really  their key,  in a libOTR
sort   of way (using  a contextual
question   to   establish   you're
talking to the right person at the
start     of     an      encrypted
conversation).    This  is a  good
point,  and I will try to roll out
signing  everything  on my gopher,
synth music links included.  I can
do   this  without   freezing    a
security   norm  as  part  of  the
standard,     leading    to    the
travesties   like  https   version
supported   that  are  known   not
secure.

Also I hope I can be friends  with
the geminiers even though I stay a
gopher.

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.