-- Leo's gemini proxy

-- Connecting to dfdn.info:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini;lang=en-US

What is this Gemini thing anyway, and why am I excited about it?

November 1, 2020 on Drew DeVault's blog

I’ve been writing about some specific topics in the realm of Gemini on my blog over the past two months or so, but I still haven’t written a broader introduction to Gemini, what I’m doing with it, and why you should be excited about it, too. Let’s do that today!

Gemini is a network protocol for exchanging hypertext documents — “hypertext” in the general sense of the word, not with respect to the hypertext markup language (HTML) that web browsers understand. It’s a simple network protocol which allows clients to request hypertext documents (in its own document format, gemtext). It is, in some respects, an evolution of Gopher, but more modernized and streamlined.

Gemini is very simple. The protocol uses TLS to establish an encrypted connection (using self-signed certificates and TOFU rather than certificate authorities), and performs a very simple exchange: the client sends the URL it wants to retrieve, terminated with CRLF. The server responds with an informative line, consisting of a numeric status code and some additional information (such as the document’s mimetype), then writes the document and closes the connection. Authentication, if desired, is done with client certificates. User input, if desired, is done with a response code which conveys a prompt string and a request for user input, followed by a second request with the user’s response filled into the URL’s query string. And that’s pretty much it!

$ openssl s_client -quiet -crlf \

-servername drewdevault.com \

-connect drewdevault.com:1965 \

| awk '{ print "response: " $0 }'

gemini://drewdevault.com

response: 20 text/gemini

response: ```ASCII art of a rocket next to "Drew DeVault" in a stylized font

response: /\

response: || ________ ________ ____ ____ .__ __

response: || \______ \_______ ______ _ __ \______ \ ___\ \ / /____ __ __| |_/ |_

response: /||\ | | \_ __ \_/ __ \ \/ \/ / | | \_/ __ \ Y /\__ \ | | \ |\ __\

response: /:||:\ | ` \ | \/\ ___/\ / | ` \ ___/\ / / __ \| | / |_| |

response: |:||:| /_______ /__| \___ >\/\_/ /_______ /\___ >\___/ (____ /____/|____/__|

response: |/||\| \/ \/ \/ \/ \/

response: **

response: ```

[...]

So why am I excited about it?

My disdain for web browsers is well documented1. Web browsers are extraordinarily complex, and any attempt to build a new one would be a Sisyphean task. Successfully completing that implementation, if even possible, would necessarily produce a Lovecraftian mess: unmaintainable, full of security vulnerabilities, with gigabytes in RAM use and hours in compile times. And given that all of the contemporary web browsers that implement a sufficiently useful subset of web standards are ass and getting assier, what should we do?

The problem is unsolvable. We cannot have the “web” without all of these problems. But what we can have is something different, like Gemini. Gemini does not solve all of the web’s problems, but it addresses a subset of its use-cases better than the web does, and that excites me. I want to discard the parts of the web that Gemini does better, and explore other solutions for anything that’s left of the web which is worth keeping (hint: much of it is not).

There are some aspects of Gemini which I approve of immensely:

It’s dead simple. A client or server implementation can be written from scratch by a single person in the space of an afternoon or two. A new web browser could take hundreds of engineers millions of hours to complete.

It’s not extensible. Gemini is designed to be difficult to extend without breaking backwards compatibility, and almost all proposals for expansion on the mailing list are ultimately shot down. This is a good thing: extensibility is generally a bad idea. Extensions ultimately lead to more complexity and Gemini might suffer the same fate as the web if not for its disdain for extensions.

It’s opinionated about document formatting. There are no inline links (every link goes on its own line), no formatting, and no inline images. Gemini strictly separates the responsibility of content and presentation. Providing the content is the exclusive role of the server, and providing the presentation is the exclusive role of the client. There are no stylesheets and authors have very little say in how their content is presented. It’s still possible for authors to express themselves within these constraints — as with any other constraints — but it allows clients to be simpler and act more as user agents than vendor agents.

Some people argue that what we should have is “the web, but less of it”, i.e. a “sane” subset of web standards. I don’t agree (for one, I don’t think there is a “sane” subset of those standards), but I’ll save that for another blog post. Gemini is a new medium, and it’s different from the web. Anyone who checking it out should be prepared for that and open to working within its constraints. Limitations breed creativity!

For my part, I have been working on a number of Gemini projects. For one, this blog is now available on Gemini, and I have started writing some Gemini-exclusive content for it. I’ve also written some software you’re welcome to use:

libgmni, gmni, and gmnlm are my suite of Gemini client software, all written in C11 and only depending on a POSIX-like system and OpenSSL. libgmni is a general-purpose Gemini client library with a simple interface. gmni is a cURL-like command line tool for performing Gemini requests. Finally, gmnlm is a line-mode browser with a rich feature-set. Together these tools weigh just under 4,000 lines of code, of which about 1,600 are the URL parser from cURL vendored in.

gmnisrv is a high-performance Gemini server, also written in C11 for POSIX systems with OpenSSL. It supports zero-configuration TLS, CGI scripting, auto-indexing, regex routing and URL rewrites, and I have a couple more things planned for 1.0. It clocks in at about 6,700 lines, of which the same 1,600 are vendored from cURL, and an additional 2,800 lines are vendored from Fabrice Bellard’s quickjs regex implementation.

kineto is an HTTP-to-Gemini gateway, implemented as a single Go file (under 500 lines) with the assistance of ~adnano’s go-gemini library. My Gemini blog is available through this portal if you would like to browse it.

So dive in and explore! Install gmnisrv on your server and set up a Gemini space for yourself. Read the feeds from CAPCOM. Write some software of your own!

Exhibit A, Exhibit B, Exhibit C ↩︎

Articles from blogs I readGenerated by openring

Megapixels 2.0: DNG loading and Autowhitebalance

After getting some nice DNG exporting code to work with libdng in the last post I decided to go mess with auto white-balancing again on the Librem 5. I got the Megapixels 2.x codebase to the point where it smoothly displays the camera feed on the Librem 5 …

via BrixIT Blog

December 22, 2023

Payroll providers, Power, Respect

Payroll processors exist to provide financial infrastructure and because political economy is complicated.

via Bits about Money

December 21, 2023

Status update, December 2023

Hi all! This month we’ve finally released wlroots 0.17.0! It’s been a long time since the previous release (1 year), we’ll try to ship future releases a bit more frequently. We’re preparing 0.17.1 with a collection of bugfixes, it should be ready soon. I’ve be…

via emersion

December 18, 2023

The content for this site is CC-BY-SA. The code for this site is MIT.

1vuio0pswjnm7 on Sept 21, 2021 | parent | context | favorite | on: What is this Gemini thing, and why am I excited ab...

"My disdain for web browsers is well documented1."

Ha, I am not the only one.

I do like links though, somewhere around 2.3pre2, with stunnel or haproxy for up-to-date TLS.

Someone submitted an "improved" version of linenoise the other day, which added UTF-8 and ANSI codes by default.

But I prefer to avoid Unicode in the console (cf. terminal, I do not use a graphics layer plus emulator).

This is an example of enforcing developer preferences on the user where the result is added complexity. Perhaps nowhere is this added complexity more evident (obvious) than in the "modern" web browser and websites.

Links does not try to enforce its authors preferences too much on the user; for example, it has compile time options to disable utf8, ipv6 and getaddrinfo. The user makes the choice, not the developer.

The fundamental problem with "web development" is that its extremely aggressive in enforcing the developers (or web development cargo cult) preferences on the user.

Anyone remember that period where many commercial sites were a hollow shell that loaded a Flash animation. Perhaps a precursor to todays "SWAs". Funny, the Flash idea didnt last long. It died out long before browsers stop supporting Flash. These "trends in web development" are tiring and annoying.

Gemini doesnt allow for that level of "creativity". The focus is shifted to the information, not the presentation. The user comes first. The protocol may refelect the authors preferences but the result is reduced complexity.

Great project.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

TLDR; Gemini ROCKS and tired of the WWW web tracking and sucking. Those of us ~40ish year old geeks will understand.

Sorry for the long read..

tldr; Gemini is awesome, the web sucks

This post is kinda directed at those of us either approaching or past our 40's. If you are outside that bracket, awesome and hope this helps you discover another way to use the 'internet', not the 'WEB'; they are different.

Who of us remembers BBS's, America Online and CompuServe?

I was reading about the "Net" in a magazine called .Net in 1993 and couldn't wait to get surf'n (lol). It all sounded so exciting, a new world to explore ..... and it was ..... for a time .....

Skip forward 30+ years.

The web is broken, EVERYTHING tracks us, advertising is everywhere and data is collected and considered worth more than gold, but is it really?

TLDR; Gemini ROCKS and tired of the WWW web tracking and sucking. Those of us ~40ish year old geeks will understand.

Sorry for the long read..

tldr; Gemini is awesome, the web sucks

Who of us remembers BBS's, America Online and CompuServe?

I was reading about the "Net" in a magazine called .Net in 1993 and couldn't wait to get surf'n (lol). It all sounded so exciting, a new world to explore ..... and it was ..... for a time .....

Skip forward 30+ years.

The web is broken, EVERYTHING tracks us, advertising is everywhere and data is collected and considered worth more than gold, but is it really?

Enter;Project GEMINI

Project Gemini aims to sit between GOPHER and the WEB; meaning a little more bells and whistles than GOPHER (which was more popular over http for some time, before the web kicked it's ass) far less (very intentionally) than the web.

Imagine a space that is internet connected with no advertising, no tracking, no hacking and in my opinion is quite beautiful in the sense that is resembles the very early and interesting stages of the internet back in the 90s.

Well, wish no more. Gemini is here and it is glorious.

I've spent many hours using command line interfaces and Graphical User Interfaces to narrow down my favorites to

CLI client: Amfora

GUI client: LaGrange

My experiences of using this 'Small web' have been amazing. Just opening a tab in firefox; you can feel the weight and difference, the web appears to me as vapid and heavy with so many dark patters aimed right at me to keep me addicted and doom scrolling.

Not any more, I actually enjoy reading about every person on the Gemini network and they all seem like friends that i haven't met yet; So much in common, such as all of us feeling utterly exhausted with the WWW and defeated with the over-commercialization of it.

Looking forward to seeing more of us on the Gemini Network.

edit: just adding my Gemini space..

gemini gemini://corstar.flounder.online

web mirror: corstar.flounder.online

Upvote

654

Downvote

229

comments

Sort by:

Best

Add a Comment

PandaMoniumHUN

•

3 yr. ago

You realize that it’s the people that you dread, not the technology, right? The web as it is could be fast and tracking free but it is not, because it’s not in people’s interest who want to make money from it. Had gopher or gemini became the new standard it would be just as bad.

Upvote

247

Downvote

BraveNewCurrency

•

3 yr. ago

Had gopher or gemini became the new standard it would be just as bad.

Sure, starting with any protocol would have eventually added all the cruft we have today.

But Gemini was not created first, it was created as a reaction to the cruft we added. So it's not like someone could get away with adding that cruft back. Gemini can easily say "if you want those features, they are already in regular HTTP+HTML5 (duh), so don't ask them to be added." The the future of Gemini is not "to accumulate cruft just like HTML5".

The medium is the message. If websites were more like books than apps, we would have fewer dark patterns trying to keep people on a page. If advertisers couldn't track your every move on the internet, they would have to go back "spray and pray" advertising (targeting online newspapers/magazines instead of people). You couldn't hide your ad buys

from the public, preventing anyone from knowing what you are doing.

Upvote

Downvote

25 more replies

u/gybemeister avatar

gybemeister

•

3 yr. ago

•

Edited 3 yr. ago

That looks great, care to sure a couple of gemini links for beginners? I got Lagrange installed and I am not sure what to do next. I mean the web had Yahoo and Altavista back then, what does Gemini have?

Actually found a couple of interesting lists:

Search engines:

https://proxy.vulpes.one/gemini/geminispace.info/

And a list of Gemini links

https://proxy.vulpes.one/gemini/gemini.circumlunar.space/servers/

These links can be viewed in a web browser (they are proxies to the Gemini world).

Upvote

Downvote

corstar

•

3 yr. ago

•

Edited 3 yr. ago

**Yeah, LaGrange

is amazing, I found that pages just look and feel like the mid 90's but just more functional and beautiful.

I'm so exhausted of the internet as we know it and that seems to be a VERY common theme in the Gemini community, just plain tired and fed up....

On to some addresses:

amfora-wiki gemini://makeworld.space/amfora-wiki/

medusae.space gemini directory gemini://medusae.space/index.gmi?65

xkp gemini://republic.circumlunar.space/users/xkp/

Drew DeVault's geminispace gemini://drewdevault.com/

jay.scot

gemini://jay.scot/

geminispace.info - Gemini Search Engine gemini://geminispace.info/

Tilde.pink-emily

gemini://tilde.pink/~emily/

emilog — emily

gemini://gemini.circumlunar.space/users/solderpunk/gemlog/

Solderpunk versus the windmills: a Gemlog — solderpunk

*** gemini://cosmic.voyage/***

Cosmic Voyage

gemini://guardian.shit.cx/world/

A Guardian Mirror - world

gemini://flounder.online/

flounder! gemini://medusae.space/

medusae.space gemini directory

bitreich.org gopher://bitreich.org:70/1/

Chris's gemini capsule gemini://gem.chriswere.uk/

gemini://gemini.spelk.online/gems.gmi

Friendo dot monster gemini://friendo.monster/

Getting Started gemini://skyjake.fi/lagrange/getting_started.gmi

gemini://gemini.barca.mi.it/

A Guardian Mirror - au gemini://guardian.shit.cx/au/

xkp gemini://republic.circumlunar.space/users/xkp/

Lagrange gemini://skyjake.fi/lagrange/

medusae.space gemini directory

Project Gemini

gemini://gemini.circumlunar.space/

Welcome to the Trendy Talk podcast

gemini://gem.chriswere.uk/trendytalk/

midnight.pub

gemini://midnight.pub/

A Guardian Mirror

gemini://guardian.shit.cx/

gemini://distro.tube/

Samsai's Gemini site

gemini://samsai.eu/

ajft — phlog — ajft

gemini://apintandaparma.club/~ajft/phlog/

Upvote

Downvote

4 more replies

u/W-a-n-d-e-r-e-r avatar

W-a-n-d-e-r-e-r

•

3 yr. ago

You mean something like this

Upvote

Downvote

1 more reply

Rocky_Mountain_Way

•

3 yr. ago

•

Edited 3 yr. ago

I'm old enough to remember when the World Wide Web also had no advertising. (and yes, I used Mosaic and Netscape Navigator in the early 1990s)

What is to stop advertising from appearing on Project Gemini if it stays around for ten years?

Upvote

Downvote

u/livrem avatar

livrem

•

3 yr. ago

Nothing is stopping anyone from posting ads on Gemini, but the simplicity of the file format and that the client is in full control of how everything is rendered, normally never automatically rendering any images inline for instance, and with a lot less possibility to track users, and no scripting, I do not see how ads could become anywhere near as annoying as it quickly became on www.

Upvote

Downvote

8 more replies

27 more replies

[deleted]

•

3 yr. ago

•

Edited 3 yr. ago

I just don't understand. If you want to create static, minimalist web pages without formatting and images you can already choose to do so in HTML. If you want to build a community out of it, just get you and your buddies to commit to writing basic web pages, and run one of the many non-mainstream browsers with limited formatting capability with https, javascript and cookies disabled. Adopt a subset of HTML and HTTP without the features you don't like. This way you're still able to serve your content to people using any Web browser (which after all, seems to be what ends up happening, as seen by the fact most of these pages are dual-published via the Web anyway) and take advantage of all of the work that has gone in to Web technology such as all of the work that went in to making the HTTP protocol as generally useful as it is right now (things like proper caching and proxy support), and using existing battle-tested HTTP servers/proxies, etc, so you're not just a sitting DoS target.

Upvote

Downvote

16 more replies

u/Negirno avatar

Negirno

•

3 yr. ago

I'm over 40, and I was fascinated with multimedia and integrated GUI applications, and honestly, I find it saddening that we're forced to go back into the stone age so to speak because "evil" people misuse the web.

Although yes, there are a lot of aspect of the modern web which I dislike, and I often use reader mode on websites partly because it's more readable on my tablet (text is very small on its screen on a lot of pages), but I don't like this gushing about this text desert of a protocol. Yeah, you can link any format in it, but oftentimes it just opens in a seperate window. Yes, I know that many prefers it because "Unix philosopy", but still...

Yeah, this is probably get downvoted, but I stand by my word. Even if I proved to be wrong with GUIs and multimedia...

Upvote

Downvote

3 more replies

u/livrem avatar

livrem

•

3 yr. ago

I discovered Gemini a month or two ago and have had a lot of fun with it. Reminds me of the www back when it was still fun to just randomly following links from one site to the next. I have Gemini clients installed on my computers and other devices and it is perfect just to pass some time to get some reading. I subscribe to a few gemlogs and there are enough new posts every day to keep me busy. Obviously can never come close to replacing www, but it is fun and I hope it will stay around.

The gemini text markup language is pretty nice too. I can see how maintaining a gemini capsule would be way more fun than even the simplest website these days. There is no layout to stress over, so a gemini page will look just as good as all other gemini pages, and it is up to the user to use a client that renders pages the way they think looks nice.

With the simplicity of the protocol I can see some value in using it for self-hosting things, or maybe for simple debug-interfeces when writing other software, with far fewer security risks to worry about and far simpler stack overall to implement something and keep it functional.

Upvote

Downvote

1 more reply

u/Arcakoin avatar

Arcakoin

•

3 yr. ago

Gemini is not exempt of issues. The firsts that come to mind:

Its creators are promoting self signed certificates and TOFU

(“iT’s USeD fOR SsH”, you know, that thing at the first connection to which everyone just answer “yes” without checking anything)

There are no hyperlinks (links that are part of the text, not separated from it)

There are no “embedded media” (for when I want to show a network diagram next to my documentation).

EDIT: btw, TOFU in SSH can easily be avoided with DNSSEC and SSHFP.

Upvote

Downvote

u/monkberg avatar

monkberg

•

3 yr. ago

Not gonna comment about the first point but I believe the third is deliberate - one request is one response, and you always know what you’re requesting. It’s a bit of a hassle when one wants to do something with images, but that can be resolved on the client-side rather than in the protocol, and the rule really helps ensure that control over what is loaded remains with the user.

tl;dr it’s a deliberate trade off.

Upvote

Downvote

5 more replies

u/billFoldDog avatar

billFoldDog

•

3 yr. ago

Ditching certificate authorities is a huge bonus in my book.

They absolutely can't be trusted, and they are an obvious weak point for any government that wants to do global surveillance.

Upvote

Downvote

19 more replies

5 more replies

UnattributedCC

•

3 yr. ago

I'm honestly of two minds about Gemini.

It's cool to have a content focused system that is extremely lightweight.

But, the overall system is a bit too far of a step backwards in terms of functionality. For example, lacking inline images greatly restricts the ability for creators of documents of things like tutorials.

That could be okay, if you could host other content types -- like PDF documents, but it seems that large file downloads aren't well supported, so even that type of work-around is restricted.

IMO - it would be cool if this were built around something like MarkDown. It can be rendered as plain text, or as a graphical document, The user can chose if they want to render inline images. And you get the advantages of having structured text: headings, outlines, lists, tables, footnotes, images, etc.

Of course, this would (possibly) become attractive for advertising since there would be images that could be used for it. However, again, it would be possible to implement the image rendering as an option on the client side, so it might not be too attractive for advertisers.

Another thing that I think the current protocol could do better is supporting compression. If you want a real speed-up, sending compressed documents adds little overhead on the client and server sides, and can greatly reduce bandwidth usage for users on metered connections.

Upvote

Downvote

1 more reply

u/wowsuchlinuxkernel avatar

wowsuchlinuxkernel

•

3 yr. ago

No need for stupid age gatekeeping, we all agree the web sucks

Upvote

Downvote

kuroimakina

•

3 yr. ago

I mean, this is really cool in its own rights, and my upcoming condescending post isn’t at all about the work that’s been put into this, or the cool appeal of something new and shiny.

But, honestly, a lot of this and the responses I’m seeing here are why people thing the FOSS community is a bunch of weirdos and no one takes us seriously. It’s like half of you are stuck in 1993.

If you, personally, want to live a life where you only ever use a DOS interface to connect to text-only webpages so you can relive that period of your youth where your body didn’t hurt, you didn’t have responsibilities, and everything was fun and simple, and you were part of this small elite group of people who were the only ones who knew how to access the network- no one is stopping you. Go right ahead. But the problems with modern tech isn’t that it’s somehow inherently so insecure - it’s that the more people who use it, the more potential bad actors there are. And reliving those days isn’t going to make your life magically better.

Technology moved on. It’s true that malicious actors have moved in, but that will happen with any system that gets such a wide range of users. But nothing is stopping one from making these basic pages with no ads or tracking or anything today, right now. And if you think for even the tiniest second that the government magically won’t find a way to track Gemini if they believe there’s a credible “threat” (whether it actually be a threat or not), you’re delusional. The only thing that this really has going for it over what we have is the tiny user base makes it unattractive for bad actors and government spying. But, realistically, a large portion of people are just attracted to it because it reminds them of the days when being able to access a network like this made them part of some exclusive small group of people who were the only ones who actually knew how to do it.

The current web has a million problems, but those problems are from corporate interests and bad actors, which you will never, ever escape. Meanwhile, the current web allows me to browse a plaintext page or play an entire video game in my browser.

I feel like all of these “it’s just like the old days!” type tech demos are just a thinly veiled form of nostalgia for a simpler time of life, and not actually because you want to give up all the conveniences and comforts of modern technology.

But if you still have a corded landline, use an old car from the 90s, no cell phone, or no anything really that was made past then - well I’ll at least applaud you for your dedication.

I’m sorry for how much this post is basically patronizing people, but, the FOSS community needs to stop focusing on making things like the “good ol days” and realize that technology is never going to move backwards barring some sort of catastrophic, society altering/ending event. So instead of trying to make things based on how things used to be, be a part of what things are naturally becoming, so we can shape a better future for everyone, instead of just trying to withdraw back to secret, exclusive communities.

Upvote

Downvote

10 more replies

u/oldhippy1947 avatar

oldhippy1947

•

3 yr. ago

Old fart checking in. Ran a Fidonet/Waffle BBS 1992-1994 and all this sounds interesting. Going to download both gui and console apps and start exploring. Thanks.

Upvote

Downvote

1 more reply

u/zalazalaza avatar

zalazalaza

•

3 yr. ago

It's strange that people think all solutions should answer all questions.

Gemini answers one or two or three and it's good at answering those, it doesn't have to answer the others.

I like it!

Upvote

Downvote

1 more reply

mnh48

•

3 yr. ago

it seem like gemini don't have support for styling, so how do we handle characters that were unified in unicode which should be displayed differently in different languages? or characters where major font don't have support for it?

in html we usually specify it with something like <html lang="ja"> or declaring it in the paragraph itself or via CSS

plaintext have had issue in that regard because some text just appear completely different from what is intended because of the character unification in unicode

two examples that I would encounter,

character 直 (and many more) in chinese and japanese is different but since it uses the same codepoint it will appear the same when language is not known, which would now varies depending on client. in simplified chinese it should always appear to be connected with the bottom line without any space, in japanese it should always appear to be separated from the bottom line, like it's one of key to differentiate between written chinese and written japanese on hard paper, but when there's no way to define what language the character is being used in then the client will just display the same way for both languages, making it invalid in one of the language without any way to fix it

character اٴ in malay (jawi) that uses arabic script is displayed differently across different clients even in html especially since many fonts don't properly support the character, and we had to "fix" it by explicitly loading font that support the character (usually it will be Amiri, that font had accurate placement), so how to handle this case if we are using gemini for content since it doesn't support styling and so we wouldn't be able to specify the font? from right to left, it should have an alef (ا) followed by a slightly higher hamza (ٴ) which is called "high hamza" in unicode. some font made high hamza as combining character which resulted in it being above alef or "inside" alef, which is wrong since it's NOT a combining character, it should had been on its own space, in its own width, at three quarter height of the line, and in this example it's to the left of alef, NOT above or "inside" alef

here's link to image to show the differences if you can't visualize from the text that I wrote

https://img.mnh48.moe/email/reddit-gemini-chinese-japanese-malay.png

Upvote

Downvote

1 more reply

Homicidal_Reluctance

•

3 yr. ago

saved this for later reference. thanks

Upvote

Downvote

1 more reply

[deleted]

•

3 yr. ago

RedGuilou

•

3 yr. ago

Gemini is great, though it needs time to hopefully grow. The project is still very young and will certainly not attract people who are afraid by text-only reading. No options there to show images or videos for example and that's the part of the basis to keep this protocol "clean". Like mentioned in this post, ¬40ish geeks will enjoy the nostalgia that comes with it :)

Here is my post about Gemini accessible on the www web: http://www-gem.pollux.casa/system/02-Gem_Hostsus.gmi

I hope from here you'll be able to easily take a look at Gemini and get an idea of what it is.

Upvote

Downvote

u/monkberg avatar

monkberg

•

3 yr. ago

•

Edited 3 yr. ago

It is possible to have images or videos, but so far no Gemini browser I know of allows inline display of either, and videos will have to be saved and viewed with a separate application. There are some Gemini capsules that upload photography.

Edit: as has been pointed out, Lagrange implements inline display upon request. My bad! I should have said inline display is not in the protocol but some Gemini browsers like Lagrange do implement it.

Upvote

Downvote

4 more replies

u/Swedneck avatar

Swedneck

•

3 yr. ago

Why would you use yet another centralized protocol instead of just using ipfs?

Upvote

Downvote

u/_ahrs avatar

_ahrs

•

3 yr. ago

I don't think there'd be anything stopping you from hosting a gemini site over ipfs much like you can host a static HTML site over ipfs, the same can probably be done for gemini.

Upvote

Downvote

4 more replies

corstar

•

3 yr. ago

forgive me, I'm noob in terms of broadcast protocols.

Care to elaborate?

Upvote

Downvote

1 more reply

u/mathiasfriman avatar

mathiasfriman

•

3 yr. ago

another centralized protocol

How is gemini centralized?

Upvote

Downvote

2 more replies

u/AnotherRetroGameFan avatar

AnotherRetroGameFan

•

3 yr. ago

Gemini being centralized doesn't mean anything. It's all text, there is not much to have power over.

Upvote

Downvote

[deleted]

•

3 yr. ago

This is fantastic. Thanks for the post, I didn't know Gemini, but I'm going to start using it. It's a pure thing of delight :)

Upvote

Downvote

corstar

•

3 yr. ago

Man, thank you for your feedback. I'm super happy for a change to help one person out.

The web is so broken and this is how things used to be, were promised to be and promises were broken many years ago.

I feel the heaviness and dirtiness of browsing the every day web every time I fire up a Firefox tab, let alone a Edge or Chrome abomination.

Upvote

Downvote

[deleted]

•

3 yr. ago

northbridge10

•

3 yr. ago

I am just 24 and am tired of the tracking and stuff too. Found out about gemini a few weeks back. It is simple and good.

Upvote

Downvote

[deleted]

•

3 yr. ago

u/ghostmech007 avatar

ghostmech007

•

3 yr. ago

Man this brings me back. Are their any links for people to talk to each other? I've only been poking around for about 30 minutes but so far so good.

Upvote

Downvote

[deleted]

•

3 yr. ago

Who is going to pay to host the gemini sites

Upvote

Downvote

UnattributedCC

•

3 yr. ago

From what I'm seeing the cost of hosting a Gemini site is probably going to be a lot lower than hosting a traditional website, even a static website.

My guess is that this is going to appeal to a lot of people that want to have simplified sites they maintain. They won't be a lot of big corporations doing this - it will likely mostly be self-hosted user generated content.

Upvote

Downvote

corstar

•

3 yr. ago

They are free or self hosted, as far as I can see.

Basically, you are hosting text files, you can link to videos and images quite easily, but even a huge gemini site isn't gonna take more than 1MB.

You can host one from your own laptop or server, if you have a static IP or DynDNS setup.

Upvote

Downvote

1 more reply

u/livrem avatar

livrem

•

3 yr. ago

Compared to even a reasonably simple modern web site you need barely any resources at all for Gemini, so on hosting services scaled for you to pay a few $ per month to have a small web site it is practically for free to host Gemini. I seriously doubt Gemini will ever take off in a way that makes you need an expensive server to host a site. In fact if Gemini takes off like that there is a significant risk that it will be a less fun place anyway.

Upvote

Downvote

LiamMayfair

•

3 yr. ago

You can host Gemini sites for free on SourceHut pages, for instance: https://portal.drewdevault.com/x/srht.site

Upvote

Downvote

corstar

•

3 yr. ago

If you can set up a VPS, you can set up and run a Gemini server(Capsule)

Upvote

Downvote

[deleted]

•

3 yr. ago

r/geminiprotocol

Upvote

Downvote

corstar

•

3 yr. ago

Thanks, I thought there would be a subreddit on here somewhere.

Upvote

Downvote

1 more reply

u/void4 avatar

void4

•

3 yr. ago

I'm using self-hosted gemreader and lagrange as a client to read RSS headlines... Well, it works. Multiple certificates to emulate folders. Client certificates is absolutely the best part of gemini imo.

The only downside is that I used docker to bring it all up, which is likely a blasphemy in Drew DeVault's (unsurprisingly, gemreader developer) eyes lol

Upvote

Downvote

u/VelvetElvis avatar

VelvetElvis

•

3 yr. ago

Awesome.

This is like the first time I telneted in to the university system and started exploring the WWW with lynx. All that's missing is Bianca Troll's Smut Shack.

Upvote

Downvote

u/makeworld avatar

makeworld

•

3 yr. ago

Hey, thanks for the Amfora shoutout! I made it :)

Glad you're enjoying it, and spreading the word about Gemini!

Upvote

Downvote

[deleted]

•

3 yr. ago

I'm 37 yet I still grew up with mostly WWW, FTP, IRC. Never got to try Gopher, Archie or any of the other stuff. I didn't even use newsgroups back then.

There is a very small window between 80s and 1993-1994 or so where you experienced early online connectivity (be it BBS or internet).

We have now had internet and WWW for longer than this period.

Upvote

Downvote

[deleted]

•

3 yr. ago

im_alone_and_alive

•

3 yr. ago

Great read! Here's a Gemini client I've been working on lately in Rust: https://github.com/actuday6418/gremlin

. Thoughts?

Upvote

Downvote

corstar

•

3 yr. ago

Cool, I'll check it out and get back to you.

Upvote

Downvote

Trainzkid

•

3 yr. ago

I hate to be some young millennial who doesn't like how it used to be, but I think intentionally limiting innovation and improvement over time is a bad idea, even if it's for the sake of no tracking/advertising

Upvote

Downvote

[deleted]

•

3 yr. ago

[deleted]

•

3 yr. ago

Yup, use it for quite some time, got used to a pubnix too. Met some great people there!

Upvote

Downvote

u/EumenidesTheKind avatar

EumenidesTheKind

•

3 yr. ago

Based and 90s-internet-pilled. I remember fondly the days when your personal webpage is just that, not some profile you've made on a commercial social network.

Upvote

Downvote

[deleted]

•

3 yr. ago

Man I remember downloading ascii art pron from a local bbs, getting new games via 5 1/4 floppies sneakernet. It taking days to download a 10 megabyte file. 8088 8mhz. Eventually a 286, then 386, etc etc. my first computer was significantly slower than my raspberry pi 3 with 1gb RAM. Oh the good old days of cli and midnight commander. CGA monitors, bbs and phone bills being HUGE just to connect to the dude down the street

Upvote

Downvote

u/nxl4 avatar

nxl4

•

3 yr. ago

I love this idea, and I'm looking at how I can port my own homepage over to a Gemini capsule. One question for anyone currently using the protocol: can you only transfer gmi text files, or can users download other files (e.g. pdf) through capsule links as well?

Upvote

Downvote

corstar

•

3 yr. ago

•

Edited 3 yr. ago

You can put any kind of files in the pages. The way it handles that is by opening the image or video or whatever in your default viewer etc..

Upvote

Downvote

2 more replies

corstar

•

3 yr. ago

As for porting your webpage over to Gemini; the easiest path I've found so far is to use flounder.online.

It only took a couple of hours to get my head around the context and all the tags.

For editing your site, you can do that in the web interface(after registering for free) or do what I've done and just ssh into the site, edit with nano and never leave the command line, but up to you.

i've got a tutorial oh how to do that on my capsule.

gemini://corstar.flounder.online/gemlog/2021-05-26.gmi

Upvote

Downvote

1 more reply

alexw02

•

3 yr. ago

Gemini is a really interesting idea. I have been involved with it for about a year now, and I built a platform for building gemini sites via HTTP for people to get started: https://flounder.online

What I love about it is that it is explicitly aligned towards hobbyists and away from commercialization. Many people would look at it and say, this is useless

, you can do any of this in HTML, it is missing xyz key features, etc, but what makes it unique is that it is technology that deliberately eschews ideas about progress and growth. Gemini comes out of an engineer (solderpunk) and community deeply skeptical about technological "progress" and interested in retrocomputing. Because of Gemini's radical simplicity, every piece of software in the ecosystem can be maintained by a single person in their free time, which enables a kind of DIY hacker ethos that doesn't really exist anymore. Gemini is not just going backwards, it's imagining a different kind of progress that is based on fundamentally different values than the web: making something that is easy for individuals and hobbyists to hack on, without the dependency of large software organizations (which many Geminauts distrust). I hope to see more Gemini-like technology in the future.

Upvote

Downvote

sourpuz

•

3 yr. ago

Being an old curmudgeon, I have to give it a try.

Upvote

Downvote

SecurityBr3ach

•

3 yr. ago

I am 18 and it sounds fascinating to be able to access the old web. Will try it soon but I agree with some previous comments saying that if people start using it it will be filled with ads

Upvote

Downvote

[deleted]

•

3 yr. ago

There's nothing wrong with HTTP, the issue is cookies and client side scripting of which ruins every implementation of HTTP because those "features" are expected.

There's a reason why all of the 80's and early 90's movies that featured realistic hacking, in most of the cases the hacker had to do things locally like in War Games getting the password from the physical office, but he didn't have the number for the school's telnet server, so his computer called numbers from 555-0000 to 555-9999 to find a list of server numbers and Jurassic Park where it was an inside job and even if they had a T3 line, none of Jurassic Park's SGI workstations and Macs had client side scripting.

Upvote

Downvote

nbmbnb

•

3 yr. ago

I, for one, Im old enough to remember the old internet and have absolutely 0 nostalgia to slow, ugly, non standardized, gif riddled shithole it was (bar some shiny examples)

but this looks really awesome.. its simple, early in development and clearly can fill a role since just keeping discord 'app' open in the background drains my laptop in a jiffy

I've read that somebody made a gemini browser for an ebook reader, that is just cool + tried it on an old android phone, it renders every page. withou breaking a sweat.. lots of possibilities

thanks for sharing!!

Upvote

Downvote

corstar

•

3 yr. ago

It does has it's place and so does the www, I find Gemini calming and always finding interesting topics to read. The www in contrast makes me a very unhappy doom-scrolling addict, something had to either break or change.

I've read that somebody made a gemini browser for an ebook reader, that is just cool + tried it on an old android phone, it renders every page. without breaking a sweat.. lots of possibilities

Thanks for prompting me to look, I woun't have connected the dots otherwise. Here's link that explains how to get Gemini working on a kindle

https://tobykurien.com/gemini-epaper/

Upvote

Downvote

[deleted]

•

3 yr. ago

After playing with Lagrange, it feels like everything is more sane.

Upvote

Downvote

u/Gain-Obvious avatar

Gain-Obvious

•

3 yr. ago

How do you get the little glyph next to the site header? I've been trying to make a local .gmi file to play with and I can't seem to get that part to show. (the colors too, actually)

Upvote

Downvote

corstar

•

3 yr. ago

Good question..

I think it's random or at least it might be on flounder.online.

I haven't specified any glyph anywhere, I'd be interested to know how to customize it, if it's possible...if not, doesn't bother me.

The colours seem to be very random too, at least in Lagrange, not much changes in the CLI clients.

Upvote

Downvote

3 more replies

Adarsh_adb

•

3 yr. ago

Can we see normal http website on gemini??

Upvote

Downvote

corstar

•

3 yr. ago

Yes, some clients allow http and https.

What is your plaftorm?

I'll update here as I find some.

Personally, I like to keep the two worlds separate, but each to their own.

Upvote

Downvote

5 more replies

cinatic12

•

3 yr. ago

Well...

Upvote

Downvote

seaQueue

•

3 yr. ago

I'm not seeing nearly enough leetspeak for this to truly be a 90s throwback.

Upvote

Downvote

u/97e1 avatar

97e1

•

3 yr. ago

I am very interested in this, is it just a matter of browsing through until you find something interesting?

Gemini – A new, collaboratively designed internet protocol (circumlunar.space)

200 points by _emacsomancer_ on May 1, 2020 | hide | past | favorite | 62 comments

colinplamondon on May 1, 2020 | next [–]

This is so intensely cool.

Urbit was on its own island until recently - the only project challenging the domination of WWW.

This + Tildeverse feels like the very, very, very early days of hackers starting to play with alternate protocols, and the style and format of WWW.

It's fun, non-commercial, social, and aimed at hobbyists - just like the early WWW.

Given another 10 years of experimentation, I could 100% imagine WWW being seen as corporate, commercial and professional space.

Right now there isn't a good pseudonymous layer, because everything is very tied to real identity. Privacy doesn't really exist in a world of shadow profiles. And, with my commercial hat on, not do I want it to. I want to be able to retarget the shit out of email lists, and run intensive Facebook ad campaigns.

The needs of commercial space are not the needs of personal space. One solution could be different protocols, or at least different spaces, for each.

x3blah on May 2, 2020 | parent | next [–]

"Given another 10 years of experimentation, I could 100% imagine WWW being seen as corporate, commercial and professional space."

Excerpt below is from the file /scripts/web included with the original netcat in 1995.

/bin/sh

The web sucks. It is a mighty dismal kludge built out of a thousand

tiny dismal kludges all band-aided together, and now these bottom-line

clueless pinheads who never heard of "TCP handshake" want to run

commerce over the damn thing. Ye godz. Welcome to TV of the next

century -- six million channels of worthless shit to choose from, and

about as much security as today's cable industry!

Having grown mightily tired of pain in the ass browsers, I decided

to build the minimalist client. It doesn't handle POST, just GETs, but

the majority of cgi forms handlers apparently ignore the method anyway.

A distinct advantage is that it doesn't pass on any other information

to the server, like Referer: or info about your local machine such as

Netscum tries to!

Since the first version, this has become the almost-minimalist client,

but it saves a lot of typing now. And with netcat as its backend, it's

totally the balls. Don't have netcat? Get it here in /src/hacks!

_H* 950824, updated 951009 et seq.

FWIW, I still use original nc and similar TCP clients to "interact" with the www. Works great.

Not fan of SSL, now TLS, which was in fact created to facilitate commercial use of the www, or "e-commerce", in 1990's.

As an ongoing experiment in a different protocol/space, I run CurveCP on home LAN.

x3blah on May 3, 2020 | root | parent | next [–]

Incidentally, "Netscum" is a reference to Netscape Communications Corporation. They introduced SSL. This company was founded to commercialise a web browser, called NCSA Mosaic, that was originally co-written by venture capitalist Marc Andreesen of a16z.com as part of an academic project at U. of Illinois. The name "Mosaic" refers to its support for a variety of internet protocols, not all of them web-based. Netscum code-named their derivative browser "Mozilla", marketed under names like "Navigator" and "Communicator".

Fearing the growth of the web, Microsoft acquired rights to use the NCSA Mosaic code and produced a derivative browser called "Internet Explorer", which they included as part of Windows.

As web use grew, Mozilla Foundation, who inherited rights to publish the Netscape source code, added a "search box" to their derivative browser called "Firefox" and started directing search queries to Google, receiving large payouts in return. Mozilla Corporation was formed.

Google later hired developers from Mozilla to write another derivative browser called "Chrome".

fancyfish on May 2, 2020 | root | parent | prev | next [–]

For mobile users:

The web sucks. It is a mighty dismal kludge built out of a thousand tiny dismal kludges all band-aided together, and now these bottom-line clueless pinheads who never heard of "TCP handshake" want to run commerce over the damn thing. Ye godz. Welcome to TV of the next century -- six million channels of worthless shit to choose from, and about as much security as today's cable industry!

Having grown mightily tired of pain in the ass browsers, I decided to build the minimalist client. It doesn't handle POST, just GETs, but the majority of cgi forms handlers apparently ignore the method anyway.

A distinct advantage is that it doesn't pass on any other information to the server, like Referer: or info about your local machine such as Netscum tries to!

Since the first version, this has become the almost-minimalist client, but it saves a lot of typing now. And with netcat as its backend, it's totally the balls. Don't have netcat? Get it here in /src/hacks!

_H* 950824, updated 951009 et seq.

micael_dias on May 2, 2020 | root | parent | next [–]

Wish I had scrolled down first :D

kitotik on May 2, 2020 | root | parent | prev | next [–]

Whoa CurveCP looks super interesting.

Any resources you’d recommend beyond the main web site?

jcram on May 1, 2020 | parent | prev | next [–]

+1 to all of this. I hope more innovation happens in this area over the next years. This also makes DAT, IPFS, etc. to be interesting technologies (IMO) as they help to decentralize our highly centralized/commercial "web" as it is today.

jhardy54 on May 1, 2020 | parent | prev | next [–]

> Urbit was on its own island until recently

In what way?

colinplamondon on May 1, 2020 | root | parent | next [–]

This might be me missing some awesome projects, but I haven't heard of many other projects with Urbit's scale of ambition and scope.

WWW is so powerful, everything exists within it. There's not much competition at the OS layer, and virtually none at the protocol level.

armitron on May 13, 2020 | prev | next [–]

When people go back to using Gopher, you know the Web has turned to shit. I hope something good can come from these alternative protocols, a new space where oldtimers like me can focus on honest information exchange (what the Internet used to be), without the corporate behemoths tracking our every move.

Google's motto used to be "to organize the world's information". It's a daily occurrence where I'm wasting enormous amounts of time because Google search produces results of such low quality as to defy belief (startup opportunity right there, it's gotten so bad somebody should eat their lunch by doing a better search).

I'm yearning for an alternative that's close to what I experienced two decades ago.

mattkevan on May 1, 2020 | prev | next [–]

After recently discovering Gopher and falling down a deep (gopher)hole of exploration, I’m convinced that it, or something similar is a great alternative to the commercial web. What a volunteer-run co-op which sells food in bulk bins is to Walmart.

Simple, fast and open. The exact opposite to something like Urbit, which while it might be open source is designed to be as closed as possible.

Incidentally I recently found a good Gopher client for iOS has some rough edges but is definitely one of the most usable clients.

https://apps.apple.com/gb/app/gopher-client/id1235310088

mrspeaker on May 1, 2020 | prev | next [–]

I installed `elpher` via emacs and then didn't know where to go to actually see any content. Eventually I followed a link from "The Elpher Project Page" - it linked to "Project Gemini (hosted using gemini)". From there I found something called CAPCOM and am having fun exploring... but my suggestion is "list some gemini content on the gemini site!"

(Update: oh dear, I've never played with Gopher before. This is my kind of internet! There goes the rest of my day...)

stryan on May 1, 2020 | prev | next [–]

If you're looking for a small week-end project, try checking out the spec and implementing a Gemini client or server. I wrote up a server over two days during my lunch breaks and it was relaxing working with such a small and simple protocol.

There's also a lot of neat stuff at CAPCOM[1] (which is sort of like a public RSS feed) if you're looking for capsules (what Gemini calls websites) to check out.

[1] gemini://gemini.circumlunar.space/capcom/

kiwidrew on May 1, 2020 | prev | next [–]

Very cool, this is essentially just an updated (modernised) Gopher protocol.

I wish the protocol was designed so that the server signed the document itself [well, most likely a hash of the document]. That would allow caches, archives, and proxies to prove that a document did in fact come from the claimed origin.

Unfortunately the Gemini protocol uses TLS, and so only offers the standard guarantee of HTTPS: a client can confirm it is communicating with the origin server, but it is unable to transfer that guarantee to anyone else.

0xCMP on May 1, 2020 | prev | next [–]

Having played with this now via their "kiosk"[1] it's very cool and I think there's something here.

I expect only the kind of people who visit HN will ever try it and fewer will ever use it, but the protocol is very nice and simple. I wish it would take off and that a nice GUI client was written so that it was easier to use.

[1]: ssh kiosk@gemini.circumlunar.space

svara on May 1, 2020 | parent | next [–]

Awesome, this makes me feel like it's 1998 again, in the best possible way :)

To the sibling comment: It's a bit non-obvious indeed. It allows you to use their AV-98 Gemini client. [0] The source seems to be basically the documentation here ;)

Try this:

AV-98> tour gemini://gemini.circumlunar.space/

Then add links that you want to visit (they're numbered) with, for example

AV-98> tour 1

and navigate there with

AV-98> tour

[0] https://tildegit.org/solderpunk/AV-98/src/branch/master/av98...)

stryan on May 1, 2020 | parent | prev | next [–]

There is the Castor[1] GUI client, which ends up being a bit nicer to use. But the protocol draws heavily from Gopher so text-based clients are the default.

[1] https://sr.ht/~julienxx/Castor/

xkapastel on May 1, 2020 | parent | prev | next [–]

What on earth is this kiosk thing? There's no explanation whatsoever. `help` does not do much.

throwanem on May 1, 2020 | prev | next [–]

I'm acquainted with some of the folks involved in this project, and it's been a privilege to see them bring the concept so much to life in such a short span of time. For those who share an active interest in alternatives to the farrago that the modern web has become, I can unreservedly recommend Gemini to your attention.

Ninn on May 1, 2020 | prev | next [–]

Gemini is such a widely used name for systems. I wish people would stop reusing it, in place of finding new unique names.

riffic on May 1, 2020 | parent | next [–]

of course, someone on HN has to make this ultimate bike-shed comment about a project's name.

carapace on May 1, 2020 | parent | prev | next [–]

Last time I tried to grouch that grouch someone pointed out how the the ratio of amibiguously-named projects to all projects approaches unity. Try it yourself, it's fun:

Swift

Java

Python

Haskell (named for a guy)

Curry (also named for that guy)

Icon

Self

Lisp

...you can go on aaaaaall day...

Eiffel

Octave

Factor

Joy

Julia

...

ReactiveJelly on May 1, 2020 | prev | next [–]

I see that they've specified both a transport protocol, to replace HTTPS, and a document format, to replace HTML.

BLUF: They should have just run the text/gemini format on top of HTTPS 1.1, make a gemini --> HTML formatter, and maybe a restricted subset of HTTPS, and called it a day. Replacing HTTPS is a waste of time. Also, most of the benefits of the document format could be gotten with a sane subset of HTML. There are no mandatory bad parts to HTTP or HTML.

I've seen this "The Web is too complex, we need Gopher" sentiment on the Fediverse a few times and it looks like the same class of thinking as "C++ / Rust is too complex, we need C."

They are complaining about how _bad_ parties use HTTP and HTML and concluding that _good_ people should disavow HTTP and HTML as a result. It is like refusing to drive your pickup truck because someone else's truck has truck nuts on it.

But I've run websites with the "Motherfucking website" HTML style and it's fine.

All the complexity of the web is opt-in. Switching my site to Gemini wouldn't prevent, say, the New York Times from wanting a complex HTML website. All I'm doing is shooting myself in the foot to spite my enemy. The FAQ says they intend to co-exist with the web, so I'm sure they agree with me on this. They just want to lead by example. I also don't think it's a good example.

About extensibility, from Section 2.1.2 in the FAQ:

"Gemini is designed with an acute awareness that the modern web is a privacy disaster, and that the internet is not a safe place for plaintext. Things like browser fingerprinting and Etag-based "supercookies" are an important cautionary tale: user tracking can and will be snuck in via the backdoor using protocol features which were not designed to facilitate it. Thus, protocol designers must not only avoid designing in tracking features (which is easy), but also assume active malicious intent and avoid designing anything which could be subverted to provide effective tracking. This concern manifests as a deliberate non-extensibility in many parts of the Gemini protocol."

These claims are made:

- Privacy violations are inherent to HTTP/HTTPS/HTML - Making a protocol non-extensible is feasible

But if you're specifying a completely new client and server, you could also just refuse to send and accept the ETag and cookie headers that are known to allow privacy violation.

And no protocol is non-extensible. They seem to think that software and ideas are controlled and owned by the first people to think of them. But if Gemini catches on, then it can be forked. This should be obvious to people working in FLOSS. I seem to recall it happened to IRC. Designed simple, forked into incompatible competing versions, the official next version is in dev hell, and now it's also competing with XMPP and Matrix.

Perhaps that belief is why they chose to make a new spec instead of defining a subset of HTTP and HTML. They think that HTTP and HTML are atomic and we must not reuse any good ideas from them, they've been tainted with bad ideas, so we have to change everything all at once.

To this end they even made the status codes different from HTTP.

"Importantly, the first digit of Gemini status codes do not group codes into vague categories like "client error" and "server error" as per HTTP. Instead, the first digit alone provides enough information for a client to determine how to handle the response."

They could have just specified a subset of HTTP status codes, to make it easier to remember which codes are which. Personally I like having 4xx and 5xx separate. Maybe they were really happy to save 33% of status code bytes compared to HTTP.

Regarding performance, the spec says, "Connections are closed at the end of a single transaction and cannot be reused."

I believe there's also no inline media, so 1 document == 1 connection == 1 request.

Again, this is completely possible with a sane subset of HTML and HTTP - Just write a server that can't reuse connections, and write HTML that doesn't have inline media. Use a linter or transpiler (from text/gemini to HTML) to enforce that.

But if you _do_ reuse connections, or use something like QUIC, then you can get better performance. So they are making that impossible. Again, until someone forks it and adds it anyway.

I feel like I'm the crazy one because there's clearly a few people working on this project seriously, and I'm one person writing a rambling comment. But I don't see the point. Now I feel like I owe the world a subset of HTTP and HTML to put my money where my mouth is.

scoopdewoop on May 1, 2020 | parent | next [–]

I've wanted to make something like this, and I'm happy to see its here because implementing a client looks like a lot of fun.

Here is why I want a simpler web: The NewYorkTimes wont be there! Neither will google or facebook or shopify or influencers or clickbait even! I want a web that is hard to make money from. Something that doesn't support fingerprinting and ad tracking, where my interests aren't at odds with the "platforms".

I want a place where people are posting ideas and creations and info and software and labors of love for free, with weird one-off communities that don't get embroiled in national censorship debates.

I might even want the relatively high barrier to entry, the fact that other people there would be looking for the same thing instead of being directed there by browser defaults and content portals.

silvi9 on May 1, 2020 | root | parent | next [–]

That sounds like an online utopia, almost like the feeling of discovering the joy of the internet again. I want that too.

sloum on May 1, 2020 | root | parent | next [–]

That is how I felt when I discovered gopher and then went on to work on gemini. I can wholeheartedly recommend both communities.

sloum on May 1, 2020 | parent | prev | next [–]

I can tell you, from having been involved in a number of the discussions on the mailing list, that these points were definitely discussed. There were a number of people on your side. HTML subsets were discussed, as was using markdown (or a markdown subset). In the end a simple link syntax was chosen along with a few optional items. The simple link syntax is much more than a stripped down html 1.0... it is gopher but with a better syntax that is easier for non-developers to generate content with.

Gemini isn't perfect and is definitely a work in progress that serves a purpose and fits a niche. In my opinion it is geared more to converting people from gopher to gemini rather than from the web to gemini, though I hope we'll get some of both :)

astrobe_ on May 1, 2020 | root | parent | next [–]

Did someone also pointed out that CRLF is a pointless Microsoftian archaism? There's no need anymore to use two characters to mark the end of a line.

spc476 on May 1, 2020 | root | parent | next [–]

Yes, several times. It was kept in because other text based protocols (like SMTP, HTTP) also specify the use of CRLF, at least for the request.

Aeolun on May 2, 2020 | root | parent | next [–]

It also doesn’t really hurt anyone, though it would be nice if new protocols could try to remove the need from their specs.

We’re going to build new clients and servers anyway, so might as well handle just /n

WoodenChair on May 2, 2020 | root | parent | next [–]

> It also doesn’t really hurt anyone

Well it does. Extra characters in the HTTP spec end up getting sent trillions of times per year over the Internet costing real money in bandwidth in aggregate.

naasking on May 1, 2020 | parent | prev | next [–]

> They are complaining about how _bad_ parties use HTTP and HTML and concluding that _good_ people should disavow HTTP and HTML as a result.

A protocol that can be easily abused is perhaps not a good protocol.

A verbose markup language with loads of historical baggage, inconsistent implementations (much better these days), and whose spec is half-baked and incomplete at best, is perhaps not a good markup language.

spc476 on May 1, 2020 | parent | prev | next [–]

With respect to the status codes, the original spec was worse (single digit response codes) than what exists now. I didn't agree with the original spec, so when I wrote my own Gemini server [1][2] I reused codes from HTTP. It was only after a drawn out discussion between myself and the original designer that a compromise was struck and we ended up with two digit response codes (and redirects---those weren't in the original spec either).

[1] https://github.com/spc476/GLV-1.12556

[2] It was the first Gemini server to be written.

brabel on May 2, 2020 | root | parent | next [–]

I still don't see why Gemini couldn't use a small subset of HTTP itself. HTTP is really great, just a little too complicated with all the extra RFC adding stuff to it (cookies, CORS)... if you ignore all that and remove a few of the fancy things in HTTP/1.1 (as defined in RFC-7230), like content-negotiation, you get pretty much what Gemini wants, no?

yepthatsreality on May 1, 2020 | parent | prev | next [–]

God forbid someone explores a few ideas, huh?

defanor on May 1, 2020 | parent | prev | next [–]

> Now I feel like I owe the world a subset of HTTP and HTML to put my money where my mouth is.

There are such subsets around: the one used by Texinfo's HTML export for portability [1] and by XMPP for XHTML-IM [2], the ones supported by simpler web browsers, the ones individual developers or projects stick to. An issue with that is the differences between those subsets (along with presence of multiple ones), although they seem to have quite a bit in common: attempted accessible websites tend to be usable in basic (or restricted) web browsers, possibly about as often as random/unrestricted websites are usable in major web browsers.

[1] https://www.gnu.org/software/texinfo/manual/texinfo/texinfo....

[2] https://xmpp.org/extensions/xep-0071.html

astrobe_ on May 2, 2020 | parent | prev | next [–]

> But if you _do_ reuse connections, or use something like QUIC, then you can get better performance

I don't have opinions about the rest, but this is a good point.

With text-only I think one could easily slurp a whole Gemini site in one go. Although it could complicate the spec, specifying a way to download the whole site as a compressed archive could be nice. Clients could then offer an offline mode and it could help with mirroring sites.

lal on May 2, 2020 | parent | prev | next [–]

Think of it more as a beefed-up Gopher than a pared-down web.

bovermyer on May 1, 2020 | prev | next [–]

Here's the source for one of the clients (Bombadillo): https://tildegit.org/sloum/bombadillo

sloum on May 1, 2020 | parent | next [–]

Thanks for linking! More info can be found here: http://bombadillo.colorfield.space for those that are interested. A number of other clients also host at tildegit.org (a search for gemini will probably yield them).

Aeolun on May 2, 2020 | prev | next [–]

OMG, this spec was so readable I actually read the entire thing for pleasure.

I think this is a first.

qznc on May 2, 2020 | parent | next [–]

I agree it is neat.

My experience tells me it is a sign of too much ambiguity and gaps that will bite you later though. See Markdown for example.

heavenlyblue on May 1, 2020 | prev | next [–]

It’s like religion - one of the reasons they say Christianity won over Judaism is because they didn’t require one to circumcise before the initiation. Yet both are equally rejecting of any other religion.

brink on May 1, 2020 | parent | next [–]

It also helps that the Jewish books predicted Christianity. Isaiah 53, for example.

dsr_ on May 1, 2020 | root | parent | next [–]

Only if you choose to interpret it that way, while ignoring other bits.

thefounder on May 1, 2020 | parent | prev | next [–]

Judaism is also quite "racist". There is only one "chosen" people. Everyone else would be/is a second citizen. Who would join a religion to be 2nd citizen?

pianoben on May 1, 2020 | root | parent | next [–]

I'd encourage you to actually attend a synagogue service, or even just have a chat with a real-life Jewish person, before exposing yourself to ridicule as you have here.

In my life as a Jewish person, I've never _once_ hear a rabbi even hint as such a sentiment. Converts are treated exactly as Jewish as those who are born into the faith. What leads you to think otherwise?

GuiA on May 1, 2020 | root | parent | next [–]

Most every religion does have that bias of "we know better, we've got the holy texts, if you're not with us you're doomed/clueless/need to be saved/unlucky".

The fact that modern practitioners in your geographic locale of choice aren't as bigoted as their more literal brethren doesn't mean much, except perhaps that there is hope in undoing the more harmful superstitiousness of religion by raising quality of living (for all, regardless of faith).

pianoben on May 1, 2020 | root | parent | next [–]

Sure, but that's not what the GP was talking about. They directly stated that those who joined would forever be "second-class citizens", which simply isn't factual.

gbear605 on May 1, 2020 | root | parent | prev | next [–]

I'd suspect that OP was referring to the first century CE when Christianity could be said to have "won out" over Judaism, and yes then Jewish people often were racist in that way, just like people of most cultures then. Nowadays Jewish people aren't racist at all, or at least less so than the average American or European - and OP should have acknowledged and phrased that better.

heavenlyblue on May 1, 2020 | root | parent | next [–]

Yes, I should have me it more clear that I am speaking of the fact that there is no philosophical reconciliation between Christianity or Judaism; rather than people being racist.

thefounder on May 3, 2020 | root | parent | prev | next [–]

I'm not saying that Jewish people are racist but (as far as I read) "in Judaism, "chosenness" is the belief that the Jews, via descent from the ancient Israelites, are the chosen people, i.e. chosen to be in a covenant with God."

Apparently "God" decided that not all the people are equal. I could adopt Judaism customs but I would could never be descent from ancient Israelites. This reduces the number of people interested to join Judaism. That was my whole point.

As far as discrimination/racism is concerned I think most of the religions(inclusing Judaism and Christianity) have some extreme(i won't name them) and less extreme (i.e interfaith marriage) views but fortunately most people care less about them(and religion in general) and more about their well-being/getting along with everybody.

dsr_ on May 1, 2020 | root | parent | prev | next [–]

Judaism is clear that God's choosing is not a thing to be desired.

naasking on May 1, 2020 | prev | next [–]

Gemini sounds neat. Not sure I'll continue playing with it, but from the spec I have a couple of suggestions you are free to implement or ignore.

Denial of Service

Permitting zero or more whitespace characters in a request a introduces a denial of service because the request is no longer bounded. Just keep sending whitespace to keep the connection open. Mandating a single character closes this particular hole.

It's possibly a minor DoS considering other attack vectors, but why leave any low-hanging fruit?

Caching, ETags and Tracking

Caching is great, and I'm sure Gemini devs wouldn't object to caching if it could be handled without introducing user-facing privacy issues. Here's a sketch for an ad network protocol that I think would work with Gemini:

1. Client requests URL X.

2. Server replies with a redirect to "X?tracking-id", where tracking-id is associated with a set of IP addresses.

3. All links in the document append the tracking-id to preserve it.

Anytime a client accesses a document in the ad network, the tracking-id quickly returns. People often have multiple IPs for their laptop, desktop, phone, tablet, etc. but there would be enough overlap in these sorts of requests to correctly tie a set of IPs to a unique client.

What cookies, etags, etc. permit on the WWW is doing this without requiring sharing the client IP database.

So maybe what we can do is still enjoy the benefits of caching while at least detecting when some shenanigans are at play. The ad network outline above is observable behaviour from which we might be able to infer shenanigans.

To reintroduce caching without amplifying the tracking powers, and add the ability for the client to verify the server's ETag is legit, rather than treating it as an opaque identifier. If an etag for content specified the hash function used, then the client can verify the integrity of the document. So take the HTTP ETag header to a syntax like "ETag(sha256): ..."

Like the ad network outlined above, malicious servers could craft slightly different versions of a document for each IP and so generate unique ETags that may permit some sort of tracking in a similar way. However, the gemini document has no notion of hidden data (like comments and hidden fields in HTML), so any such shenanigans will always be visible in some way in the document itself, eg. embedding a unique hash code at the end, for instance.

So in the end, adding caching in this way should improve efficiency without appreciably amplifying tracking.

Transclusion

A language with a construct becomes more expressive if it also includes its dual. Gemini has document-level references, where a document points to another document, but it lacks transclusion which is a dereferencing operation, such that you can embed another document into the current document.

So links in Gemini are:

gemini://some/url

Transclusion would be its inverse:

<= gemini://some/url

This is pretty handy actually. Kinda like iframes without the headaches. However, unlike iframes, I don't think the client should load the URL itself, but rather all communication should go via the server for the top-level document. This is again to avoid amplifying the tracking powers, since a top-level document server could append tracking-id to transcluded URLs and then they act just like tracking cookies.

Aeolun on May 2, 2020 | parent | next [–]

I like your first suggestion, the rest don’t sound so great to me.

It’s simple now, let’s keep it like that.

naasking on May 2, 2020 | root | parent | next [–]

Sure, it's simple, but a stated goal is power to weight ratio. Transclusion definitely fits under that. Authoring and organizing information with transclusion is so much easier than without, because it avoids much of the need for special tooling to assemble a final document from fragments that might be reused. It's too unwieldy for very large documents though, so it's perfect for authoring small to medium sized documents, which fits right in with Gemini's goals.

There are many ways to handle it client-side:

1. Behaviour like iframes, although I don't like the tracking implications.

2. Origin server fetch, as I mentioned.

3. Another possibility is to render it as a button which the client must trigger to load the document.

azinman2 on May 1, 2020 | prev [–]

“ In the same way that many people currently serve the same content via gopher and the web”

Is this actually true?

sloum on May 1, 2020 | parent [–]

In my experience the gopher community is very split on this concept with many people doing just that, but many others (myself included) wishing that gopher/web proxies and cross posting did not exist at all.

azinman2 on May 1, 2020 | root | parent [–]

Is there much (any) gopher community left?

_y47r on May 2, 2020 | root | parent | next [–]

There is! I read this on a gopher mirror of the Hacker News, so I thought I'd better come on over to the web version to respond...

In fact, several regular gopherites have commented on this thread.

Funny that this came up on the Hacker News on the weekend that the server is going down. Probably a good thing, since it only has 128MB of RAM.

gladskdks on May 2, 2020 | root | parent | prev | next [–]

There are some. It's had something of a resurgence in the last couple of years and a few new gopherholes have opened up.

You can peruse gopherspace via the overbite gateway, and the big gopher search engine, Veronica, is still up and running.

Take a look! :)

stryan on May 2, 2020 | root | parent | prev [–]

SDF[1] and many of the various tilde PUBNIX's both have gopher communities, and if you're on the fediverse (mastodon/plemora/etc) you'll find people listing gopherholes in the profile

[1] sdf.org

Gemini is a little gem (andregarzia.com)

192 points by soapdog on Jan 26, 2022 | hide | past | favorite | 122 comments

mediocregopher on Jan 26, 2022 | next [–]

> Also, focusing on protocol only makes one miss the rest of Gemini, which is the ecosystem and people who are having a great time using it. Sometimes, it feels to me like someone is at a party ranting about the music not being good enough while there is a smiling crowd dancing and having fun.

This is the biggest point, imo. We don't all have to like the same things, we don't have to all use the same tools, we don't have to belong to the same communities. There's room on the web for all of us.

Gemini appeals to me as someone who appreciates well designed constraints. The fact that HTTP+HTML can accomplish the same things is not only missing the point but is actively against the point.

tharne on Jan 26, 2022 | parent | next [–]

> We don't all have to like the same things, we don't have to all use the same tools, we don't have to belong to the same communities.

This is one the main reasons I have a hobby computer just for playing around with openBSD. There's something really refreshing (and fun!) about a project that's just trying to do it's own thing without pleasing everyone and their mother.

1vuio0pswjnm7 on Jan 26, 2022 | parent | prev | next [–]

"This is the biggest point, imo. We don't all have to like the same things, we don't have to all use the same tools, we don't have to belong to the same communities. There's room on the web for all of us."

Exactly right.

Tech companies that rely directly or indirectly on the survival and expansion of web advertising, i.e., most of them, prefer a world where web users do not think independently.

It is easier to advertise on (and manipulate) a web where every participant likes the same things, uses the same tools, and belongs to the same communities.

throw10920 on Jan 26, 2022 | prev | next [–]

The problem isn't Gemini, the problem is Gemini marketing.

Gemini enthusiasts (or, at least the ones I've seen posts from, most notably ddevault) market Gemini as a replacement (edit: in whole or part, it doesn't matter, the argument is the same) for "the web".

Then, when you point out that Gemini has basically none of the features of "the web" (and is incapable of supporting the vast majority of its content, and even the vast majority of its good content), they then say that "oh, you don't need those features, inline images are an anti-pattern!" Or something.

The problem isn't that Gemini has no features, the problem is that it's being marketed as a replacement (edit: in whole or in non-trivial part, it doesn't matter) for the web, which is it clearly unsuited for.

Gemini is bad at conveying almost any content except text, which also means that it's unsuitable for scientific papers, education, browser games, social media (even for less "social" social media, like Reddit and HN, where you could be exchanging purely technical information), web services, web applications (disclaimer: I think that web applications are generally slow and dumb, but I'd much rather use HN from my browser than download a dedicated .deb just for it), wikis and encyclopedias, Stack Overflow, search engines, and various other web things that your life would be significantly less great without.

So, by all means, use Gemini. Just don't say that it's a "replacement" for the web (edit: not even part of it - Gemini does so little that the comparison is entirely invalid), or "better" than the web (or associated technology). It is its own thing with its own community that is entirely complementary to the web, and nothing more.

If you want to go back to the internet dark ages without Wikipedia, Google, Stack Overflow, Compiler Explorer, and Shadertoy, have fun - just don't drag me down with you.

cartesius13 on Jan 26, 2022 | parent | next [–]

This is probably the most annoying straw man argument against Gemini. One of the first things you see in their official page is:

"Gemini is a new internet protocol which:

Is heavier than gopher Is lighter than the web Will not replace either"

And if you hang out and talk to people using it you find out that most, if not all, of them are well aware that Gemini will not and can not replace the Web.

Even Drew Devault has said this about Gemini: "Gemini does not solve all of the web’s problems, but it addresses a subset of its use-cases better than the web does, and that excites me. I want to discard the parts of the web that Gemini does better, and explore other solutions for anything that’s left of the web which is worth keeping". And don't think anyone here in good faith will say that this is "marketing Gemini as a Web replacement". You are imagining these marketers and arguing against them

throw10920 on Jan 26, 2022 | root | parent | next [–]

> "I want to discard the parts of the web that Gemini does better, and explore other solutions for anything that’s left of the web which is worth keeping"

You conveniently left off the next part of that sentence: "(hint: much of it is not)" It's pretty clear that ddevault thinks that Gemini can replace a large fraction of the web (which is the issue under dispute).

The difference between "Gemini can replace the whole web", "Gemini can replace a large fraction of the web", and "Gemini can replace anything more than a vanishingly tiny sliver of the web" is largely irrelevant, as all of them are false, and my argument reads the same if you substitute either of those other two phrases in.

epicide on Jan 27, 2022 | root | parent | next [–]

It really sounds like you've misunderstood Gemini and what people like about it, and are now working backwards to demonstrate that your gut feeling ("Gemini <<< Web") is correct.

While in reality, most people using Gemini are using it to blissfully ignore parts of the Web that they are tired of. Gemini was intentionally designed to discourage complex experiments and additional functionality.

Sometimes, I just want to ride a bike, not an airplane. That doesn't mean cyclists believe that bikes can replace air travel.

cartesius13 on Jan 26, 2022 | root | parent | prev | next [–]

Also, replace is maybe not the best word here since a lot Gemini enthusiasts believe some things that are possible on the Web don't need a replacement because we would be better off if they didn't even exist.

I also disagree that Gemini is a web replacement as in "everything the Web does Gemini can also do", when read "replace" this is what I think and this is clearly not true. To me it's more like "Some things the Web can do, Gemini also can and the things it can't do aren't really desirable anyway because they can be abused to do things I think is bad and evil"

cartesius13 on Jan 26, 2022 | root | parent | prev | next [–]

My point is that most people using Gemini agrees with this: "It is its own thing with its own community that is entirely complementary to the web, and nothing more" even if they think some parts of the Web can be replaced by Gemini (which it can. Text only web pages with simple markup is a thing)

nonethewiser on Jan 26, 2022 | root | parent | prev | next [–]

>It's pretty clear that ddevault thinks that Gemini can replace a large fraction of the web (which is the issue under dispute).

Replacing a large fraction is EXTREMELY different than replacing the web which is how you originally phrased it.

"Large fraction" is also extremely vague. Unless they've stated a quantitative amount of the web which they think this can replace then this argument is pointless.

throw10920 on Jan 27, 2022 | root | parent | next [–]

You're making quite the fallacy here - that if a quantitative amount is not given, then you can't make arguments about the statement. That's false.

ddevault (and other gemini enthusiasts) use this kind of qualitative marketing speak to portray Gemini as something that is comparable to the web, while avoiding making quantitative claims, and that is part of my grievance, as stated in my original comment.

s5806533 on Jan 27, 2022 | root | parent | next [–]

You have quite the nerve pointing out other people's alleged fallacies, while you yourself are doing everything in your power to interpret the statements of the Gemini community in a very onesided way. IIRC, the etiquette of this very place says:

> Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.

https://news.ycombinator.com/newsguidelines.html

Since this whole discussion has left constructive territory a long time ago and arguably violates these guidelines already, I will refrain from replying to this part of the discussion.

s5806533 on Jan 26, 2022 | parent | prev | next [–]

Did ddevault specifically say that Gemini should be regarded as a replacement for the web? I never read him that way. As far as I can tell, people are constantly stressing the converse, namely that Gemini is not supposed to be the next web. It's even in the FAQ [1] -- if that's not part of the "marketing material", then I don't know what is. It would be very kind if you could provide specific citations to substantiate your claim about Gemini marketing.

[1] see 1.6 in https://gemini.circumlunar.space/docs/faq.gmi

throw10920 on Jan 26, 2022 | root | parent | next [–]

Right in that FAQ is the phrase "You may think of Gemini as "the web, stripped right back to its essence"". To a technical person, "foo, stripped right down to its essence" means that this thing is directly competing with foo - or, at the very least, that it exists in the same realm as foo. Gemini does not exist in the same realm as the web, nor is it at all similar to "the web, stripped right back to its essence".

The fact that occasionally fans might disclaim that it's only meant to replace "part of" the web is materially irrelevant - Gemini isn't capable of replacing any nontrivial fraction of it. (its fans claim it is, though - "I want to discard the parts of the web that Gemini does better, and explore other solutions for anything that’s left of the web which is worth keeping (hint: much of it is not).")[1]

[1] https://drewdevault.com/2020/11/01/What-is-Gemini-anyway.htm...

s5806533 on Jan 26, 2022 | root | parent | next [–]

I will concede that Gemini folk sometimes have a rather narrow definition of what the "essence" of the web is, namely, that the web is basically just a medium for hypertext. In the early days of Tim Berners-Lee this was true, though. And I still think that hypertext (as opposed to "web applications") represents a nontrivial fraction of the web (see Wikipedia and, to a lesser degree, blogs).

Drew Devault makes a very valid point: that the web today is at the mercy of Google, because it depends on browser technology that has become so complex that only Google (and maybe a foundation entirely dependent on Google) can deliver it. An ad company! So we (as humanity) have to find ways to replace the web, step by step. And Drew says it right there: "Gemini [...] addresses a subset of its use-cases better than the web does." And for the other use-cases (i.e., besides hypertext), other replacements have to be found.

So I still think that the marketing is way more nuanced than you are saying.

krapp on Jan 27, 2022 | root | parent | next [–]

>Drew Devault makes a very valid point: that the web today is at the mercy of Google, because it depends on browser technology that has become so complex that only Google (and maybe a foundation entirely dependent on Google) can deliver it.

Except all of that browser technology is open source. So none of it is actually at the mercy of Google.

It's weird how a forum full of technologists, free software believers and millionaire entrepreneurs have decided that browser technology is so hard and complex that it would literally be more feasible to rebuild the entire web from scratch on completely different protocols, yet we'll have warp drives, self-driving cars and VR beamed directly into our brains by the end of the decade, and come hell or high water we'll put a blockchain on everything.

It's not that hard because it's actually that hard, it's that hard because we want an excuse to abandon the web and browsers as a lost cause, because we're tired of it and its normality, and would rather look for still-green pastures elsewhere.

foxfluff on Jan 27, 2022 | root | parent | next [–]

> It's weird how a forum full of technologists, free software believers and millionaire entrepreneurs have decided that browser technology is so hard and complex that it would literally be more feasible to rebuild the entire web

Have you built a web browser? I have. It quickly became useless as the web moved on. I've also been involved in other web browser projects (including a small webkit based browser as well as Firefox).

My experience is that the web is 1) broken beyond repair 2) building a new browser is virtually impossible 3) for all the effort, building a good browser [such as one that pleases Gemini users] is literally impossible because the web standards themselves require you to implement hostile functionality without which your browser is broken and not actually a web browser, and with which you lose control and enable all kinds of malicious and user-hostile behavior.

Ostensibly open standards and open source technology does not help you when said technology enables the other end to run a bunch of code on your client, and decline service because it doesn't approve of your client.

Building a gemini client is actually very easy.

krapp on Jan 27, 2022 | root | parent | next [–]

>My experience is that the web is 1) broken beyond repair 2) building a new browser is virtually impossible 3) for all the effort, building a good browser [such as one that pleases Gemini users] is literally impossible because the web standards themselves require you to implement hostile functionality without which your browser is broken and not actually a web browser, and with which you lose control and enable all kinds of malicious and user-hostile behavior.

Your first item has nothing to do with browsers, it's a purely subjective opinion (albeit one so strongly held by so many here I'm not going to bother trying to disabuse anyone of it anymore.)

Your second item implies that it's too difficult for a hobbyist to build a modern browser in their free time, but the unstated assumption that any new browser must be simple enough to be built by a single person, entirely from scratch, is an arbitrary technical limit based on political ideals. Obviously it isn't actually impossible and, given the number of Firefox forks in the wild, doesn't even require billions of dollars in resources.

And your final item dismisses the entire premise of modern browsers as user-hostile and "not actually web browsers." Which again, has nothing at all to do with the actual technical difficulty of browser implementation but is essentially a declaration that "it sucks any way so why bother?"

You're proving my point, as are the other commenters. This is obviously an argument driven primarily by emotion (disgust with the modern web and complexity) and politics (anti-capitalist and anti-corporatist sentiment) rather than fundamental technical limitations.

foxfluff on Jan 27, 2022 | root | parent | next [–]

My first item has everything to do with the web technology, which browsers are intimately related to. Outdated and insecure firefox forks and their bitter users who complain about the web being broken when they browse it on their Firefox fork serve to prove the point more than to disprove it. And yes, the third point doesn't stop at merely claiming that the web is complex and hard; it just claims that even if you somehow manage to implement it all, you're still at the mercy of corporations because the very technology you implemented has built-in support for discrimination; Google, Cloudflare, et al can decide that they don't want your browser. It is broken technology and it should be thrown away.

throw10920 on Jan 27, 2022 | root | parent | next [–]

> Outdated and insecure firefox forks and their bitter users who complain about the web being broken when they browse it on their Firefox fork serve to prove the point more than to disprove it.

Wait, most Firefox forks that I've seen (such as Pale Moon) were forked because the XUL addon model was deprecated in mainline, and they want to keep it - it had nothing to do with the complexity of the web.

Unless you're saying that "the web" is "too large and complex" (because that's the cause of those forks becoming insecure and outdated) - in which case yes, I think that you can make a case for that.

However, that doesn't have anything to do with the infeasibility of building a new web browser, so it's irrelevant.

> you're still at the mercy of corporations because the very technology you implemented has built-in support for discrimination; Google, Cloudflare, et al can decide that they don't want your browser

If by "Built-in support" you mean user agents - those are trivially spoofable. If you mean browser fingerprinting - that's not built-in, that's an attack against the technology. If you mean checking for the presence of features - that is a feature, not a bug.

> It is broken technology and it should be thrown away.

The technology isn't broken - everything else is. The reason why Google has so much control over the web is because so many people use (1) Chrome and (2) Google services. If neither of those were the case, the web could be technologically identical and yet there wouldn't be a constant feature churn. The problem is not technical, it's a market and social problem.

It's not solvable on a technological level, because (1) even if you convinced everyone to switch to Gemini, if everyone started using the Microsoft Gemini Browser (or whatever), the exact same problem would arise (embrace, extend, extinguish!) and (2) you are never going to be able to convince anything more than a tiny sliver of the population to use Gemini.

The only viable solutions are social (convince people to use Firefox/Safari/Opera and complain when it doesn't work, convince webdevs to support/prefer non-Chromium engines) and political (antitrust action against Google, more regulation).

Gemini is not a solution to this problem.

(you also conveniently didn't answer the rebuttal to your second point, so, to quote krapp: "the unstated assumption that any new browser must be simple enough to be built by a single person, entirely from scratch, is an arbitrary technical limit based on political ideals")

(also, I don't know why you're saying "should" - why "should" I throw it away? You have no authority on this matter, as far as I can tell)

s5806533 on Jan 27, 2022 | root | parent | next [–]

> convince people to use Firefox/Safari/Opera

What would that change? These browsers implement the same standards Chrome does, and on top they probably implement the non-standards that Chrome imposes, because people will still want to use Google Meet and stuff. So this at least means to convince people not to use Google Meet and stuff. This goes to show that indeed the web is broken.

> convince webdevs to support/prefer non-Chromium engines

I guess the people who need convincing are not the devs, but their superiors. See https://www.baldurbjarnason.com/2021/software-crisis-2/

> the unstated assumption that any new browser must be simple enough to be built by a single person, entirely from scratch, is an arbitrary technical limit based on political ideals

First of all, I'm not sure if anyone really said that it had to be achieved "by a single person". Second of all, I don't understand why its political nature should devalue the argument. At any rate, it has been argued that the web is at fault, the standards are problematic, etc., so let's not argue about minor details.

foxfluff on Jan 27, 2022 | root | parent | prev | next [–]

> Unless you're saying that "the web" is "too large and complex" (because that's the cause of those forks becoming insecure and outdated) - in which case yes, I think that you can make a case for that.

That is precisely what I'm saying.

> However, that doesn't have anything to do with the infeasibility of building a new web browser, so it's irrelevant.

I agree; it was krapp who said "Obviously it isn't actually impossible and, given the number of Firefox forks in the wild, doesn't even require billions of dollars in resources", as if those outdated forks somehow were relevant.

> If by "Built-in support" you mean user agents - those are trivially spoofable. If you mean browser fingerprinting - that's not built-in, that's an attack against the technology. If you mean checking for the presence of features - that is a feature, not a bug.

User agents are indeed trivially spoofable, that's not the issue. Fingerprinting is a bug, and one that is impossible to fix because web technology is fundamentally broken and was never designed to resist such an attack. Feature checking and finger printing kinda go hand in hand. I can't consider it a feature, I consider it an antifeature.

> The technology isn't broken - everything else is. The reason why Google has so much control over the web is because so many people use (1) Chrome and (2) Google services

I think that's another "goes hand in hand" thing. Yes, you can consider it a social problem, but it is also technological problem, because it is the technology that is used against us and it is the technology that enables it to be used that way. It's very difficult to use Gemini against you without first changing the technology to support it; if that happened, then yes, I would say that Gemini has become broken too, just like the web now is.

And whether there's a social problem and abuse of technology going on or not, one can totally consider the massive complexity and resulting bloat and loss of practical freedom to be a problem with the technology. I could not make a browser I like, and nobody else will make it for me. It goes beyond what Google does; the web on whole is today architected for a server agent, not a user agent. Even without actively hostile & malicious parties abusing technology to discriminate you / invade your privacy / sell your eyeballs, it will still have features that do not respect the user and only punish the user for trying not to play the play according to the server's script.

> The only viable solutions are social (convince people to use Firefox/Safari/Opera and complain when it doesn't work, convince webdevs to support/prefer non-Chromium engines) and political (antitrust action against Google, more regulation).

I believe that social and political solutions are as lacklustre, limited and prone to subversion as technical solutions. You do what you can in that space, but I believe we will never have enough (or the right kind of) legislation.

However, as a practical matter, it takes time for technology to be turned against you (and there was a time when the web was despite its flaws relatively fine). This will be especially true for any new technology that flies under the radar. Therefore technical solutions are not without merit.

> Gemini is not a solution to this problem.

It does not solve all the web's technical problems, nor will it solve all its social or political problems, and nobody is claiming it does.

But creating new technology (including Gemini) and encouraging individuals to use it is an actionable way to make a difference today. By contrast, my use and support for Firefox (for nearly two decades now) hasn't prevented the web from turning into a disaster. There's not much political or social action going around trying to fix these problems. There are a few who toot the horn and shout into the void, the rest don't give a fuck.

I cannot solve the web's problems, I cannot change the world. It is a lost cause as far as I'm concerned.

But as long as there are enough people interested in alternative technology, it's a way we as a community can help ourselves today. It will not "fix the web" but it gives us some of what we want and it won't be turned against us tomorrow. Either it never gets too popular, or it gets popular and one day the cycle starts afresh. Until then, there's something for us. Nothing is eternal, nothing is perfect.

> (you also conveniently didn't answer the rebuttal to your second point, so, to quote krapp: "the unstated assumption that any new browser must be simple enough to be built by a single person, entirely from scratch, is an arbitrary technical limit based on political ideals")

I didn't really want to, because it's putting words in my mouth and also IMHO a pointless tangent.

It's very hard to consider any technology purely objectively and without influence from "political ideals" or personal beliefs. For example, the claim that bitcoin is broken could be "rebutted" by saying that it's only broken if you have the political ideal that it's not ok to destroy the environment with excessive energy use.

The claim that DES is broken could be "rebutted" if you consider it a political ideal that you should have freedom to communicate without being spied on by corporations and nation-states with enough money to bruteforce your encryption keys.

Any opinion on technology comes with an implicit personal bias. It's not an argument nor is it a rebuttal to point it out. It's too reductionist and can be used to shut down any discussion without addressing it. If someone wants to have that discussion [whether internet technology that individuals rely on should be implementable by individual experts working in the field], then they should start that discussion and not merely shoot down a discussion about technology by saying that doo hoo not everyone agrees with your goals. What's the point? I could come up with equally reductionist "rebuttals" but it's "no u" at that point.

> (also, I don't know why you're saying "should" - why "should" I throw it away? You have no authority on this matter, as far as I can tell)

Pardon my phrasing. Of course I mean to write that I think it is broken technology and it should be thrown away (for the few people who can't otherwise discern personal opinion). You, of course, are free to do whatever the fuck you like.

s5806533 on Jan 27, 2022 | root | parent | next [–]

Thank you so much! I couldn't agree more.

Also, Gemini works for me, and it works for many other people. If the web is not to our liking, and we can't change the web, we can at least try something else (so far I'm just lurking in Gemini, I don't have a capsule of my own). I don't understand the problem with that.

As someone already said, Gemini is already in the "they fight you" phase (First they ignore you, then they ridicule you, then they fight you). It's like with veganism (no, I am not a vegan, though I sympathize).

lmm on Jan 27, 2022 | root | parent | prev | next [–]

Microsoft have literally abandoned maintaining their own browser engine. If staying independent of Google isn't affordable and worthwhile for them, who could it be affordable and worthwhile for?

throw10920 on Jan 27, 2022 | root | parent | next [–]

Microsoft abandoned their own browser engine for business reasons. I feel like it should be obvious that what's "worthwhile" for a for-profit organization is very, very different than what's "worthwhile" for a non-profit, individual, or group of open-source developers; "affordable" isn't even in the picture.

This line of reasoning is entirely invalid.

lmm on Jan 28, 2022 | root | parent | next [–]

KDE have also abandoned writing their own browser engine. Mozilla continues to produce one but they continue to attract very few outside contributors and rely largely on Google for funding. If no-one's actually doing something we should be wary of blithely assuming that it would be esay or even possible.

krapp on Jan 27, 2022 | root | parent | prev | next [–]

Why do we have more than one fork of Linux? Why don't we all just admit that Ubuntu won and call it a day?

lmm on Jan 27, 2022 | root | parent | next [–]

The fact that operating systems maintained by small organisations are more viable than web browsers maintained by small organisations should tell you something about the complexity of the web stack.

s5806533 on Jan 27, 2022 | root | parent | prev | next [–]

Reading this whole thread again, I want to add the following: this whole matter of whether web browsers have become too complex or not is just a tangent. The main debate revolves around the question of whether the web is broken, whatever this means, and this question is not a technical one, but a matter of taste and political attitude. Which is to be expected, because the internet is a social thing. So let's agree to disagree, maybe, but let's stop arguing about tangents the way little internet trolls do.

zepto on Jan 27, 2022 | root | parent | prev | next [–]

Are you seriously making the claim that web browsers are not hard and complex to build?

Given that the source code is available, you might want to take a look. It may inform your answer.

krapp on Jan 27, 2022 | root | parent | next [–]

> Are you seriously making the claim that web browsers are not hard and complex to build?

No, I'm making the claim that web browsers are hard and complex, but not impossible and that it's weird how the tech community seems to have decided that it's impossible because it isn't simple.

foxfluff on Jan 27, 2022 | root | parent | next [–]

What is the point though? Yes, in theory it is possible to make yet another broken implementation of broken technology. Going all pedantic on Devault and armchairing "no but acshually" isn't really contributing to the discussion at all, nor does it undermine their argument.

s5806533 on Jan 27, 2022 | root | parent | prev | next [–]

I don't get your polemics here. Where's the line between hard and impossible? It's no less impossible to build a web browser than it is to build pyramids, because both these things have been done before. But what does this mean? Why should we accept something that -- while theoretically not impossible -- is way harder and requires way more resources than necessary, and that is guided by the most pathological incentives (ad revenue)?

1vuio0pswjnm7 on Jan 26, 2022 | parent | prev | next [–]

"So, by all means, use Gemini. Just don't say that it's a "replacement" for the web (edit: not even part of it - Gemini does so little that the comparison is entirely invalid), or "better" than the web (or associated technology). It is its own thing with its own community that is entirely complementary to the web, and nothing more."

1.6 Do you really think you can replace the web?

Not for a minute! Nor does anybody involved with Gemini want to destroy Gopherspace. Gemini is not intended to replace either Gopher or the web, but to co-exist peacefully alongside them as one more option which people can freely choose to use if it suits them. In the same way that some people currently serve the same content via gopher and the web, people will be able to "bihost" or "trihost" content on whichever combination of protocols they think offer the best match to their technical, philosophical and aesthetic requirements and those of their intended audience.

Source: https://gemini.circumlunar.space/docs/faq.gml

1vuio0pswjnm7 on Jan 27, 2022 | root | parent | next [–]

Corrected URL: https://gemini.circumlunar.space/docs/faq.gmi

nonethewiser on Jan 26, 2022 | parent | prev | next [–]

>The problem isn't that Gemini has no features, the problem is that it's being marketed as a replacement

Is it? This is at the very top of their front page:

>Gemini is a new internet protocol which:

>Is heavier than gopher

>Is lighter than the web

>Will not replace either

https://gemini.circumlunar.space/

rdiddly on Jan 26, 2022 | parent | prev | next [–]

This is kind of a repeat of one of the straw man arguments mentioned in the article. If it's a response to how Gemini is being marketed (marketed?) then possibly the "marketers" are to blame, but I would have to see for myself, whether they're just saying "Hey here's something nifty" or going all full-blown "Hey here is the one true good right way and the solution to all problems and everything else is wrong and bad and anyone who doesn't go along is a horrifying evil person etc. and you're either with us or against us!" Sometimes the former quickly turns into the latter on the internet.

throw10920 on Jan 26, 2022 | root | parent | next [–]

Please don't accuse me of strawmanning without providing concrete evidence for it.

rdiddly on Jan 27, 2022 | root | parent | next [3 more]

Gigachad on Jan 26, 2022 | parent | prev | next [–]

Gemini really seems like throwing the baby out with the bath water. The primary gripe seems to be that they don't like javascript and modern web tracking. But in the process they lost inline links, images, video, and a bunch of other things which are useful for reading static documents.

nathell on Jan 26, 2022 | root | parent | next [–]

In 2019, I wrote about the need for a web of documents [0], where I wrote about the importance of having static documents and sketched another approach.

Gemini is a web of documents. A rudimentary one, but very content-focused – the signal-to-noise ratio is typically much higher than on WWW. You can visit any capsule in the Geminispace and have full confidence that it’ll only serve you gemtext to read.

[0]: https://blog.danieljanus.pl/2019/10/07/web-of-documents/

throw10920 on Jan 26, 2022 | root | parent | next [–]

On a technological level, the web that we have now is far better suited to being a web of documents than Gemini is or ever will be.

It's one thing to say "we're going to build our own silo of high-quality content", but another to intentionally cripple its technical capabilities, which is what happened with Gemini.

Gemini, the protocol, is extremely bad even for making a web of documents.

Gemini, the network of content, might have a higher SNR than the web - but that's no excuse for pushing a protocol that is flat-out hostile to the transfer of information and knowledge.

chillfox on Jan 27, 2022 | root | parent | prev | next [–]

Images and video are significant content and while some text does just as well without it, like fiction, most text content is made better by images, video, animations, diagrams or drawings.

gorjusborg on Jan 27, 2022 | root | parent | prev | next [–]

How can it be throwing the baby out with the bathwater when it isn't a replacement for X (and I assume you are implying X is the web)?

I love the idea of a set of technologies targeted at text, and only text.

Nobody is saying you can't have the web. I'm not giving it up.

On the other hand, I welcome the a place I can go and not being accosted by ads, images, videos and cookie banners. A place where content is king.

Gigachad on Jan 27, 2022 | root | parent | next [–]

Because very few kinds of content benefit from purely text display. Books, documents, blog posts, news, etc all benefit massively from inline images, animations, and videos. It seems that Gemini users wanted to avoid ad tech and commercialization and lost all visual communication in the process.

throw10920 on Jan 27, 2022 | root | parent | next [–]

Exactly - that's why I like the use of "anti-intellectual" as an adjective for Gemini - Gemini's design is anti-conducive to thought and information transfer because of the massive impact of mathematical notation, images, and animations.

agumonkey on Jan 26, 2022 | parent | prev | next [–]

to me what gemini lacks, is a sense of information ergonomics

so far it seems less usable than a badly coded as400 terminal applicatoin

readyplayeremma on Jan 26, 2022 | root | parent | next [–]

Can you elaborate on this a bit?

The protocol itself, as far as how it conveys and interlinks information seems comparable to early HTML. Documents with very basic formatting, that can be navigated via a hyperlink, forming a web or information graph in the big picture.

It sounds a bit like you didn't enjoy the browser you used rather than the protocol? There are terminal based browsers that might seem very non-modern, but there are also full GUI browsers that aren't much different than a web browser as far as UX. Within the limitation of the defined protocol of course, meaning text only with basic formatting and no inline images.

I personally find the formatting limitations and lack of inline images leads to a richer experience of taking in the information being conveyed. It's almost like the difference between reading a book and watching a movie. Both have their place in our culture. Even today in the age of VR/AR, 3D IMAX films, etc., we still read books, and it is a pleasant experience for many to take in content that way. There are no distractions, only the content.

Gemini is uniquely enjoyable because the imposed limitations provide many of the same benefits that people enjoy about reading books vs watching movies. The modern web very rarely provides content in that form. Nearly every article is interspersed with all kinds of media to "engage" the viewer. I enjoy a lot of it, however, I think there is something to be said about just putting the text out there bare as it is.

Gemini creates a space where the content doesn't have to compete with distractions. All content is on equal footing and must stand solely on the written words themselves. No distractions. No way for one piece of content to sway you over another just because of high-budget media production. Just bare words that you must interpret yourself. It leads to an atmosphere that is engaging in some ways today's web cannot be, like a movie cannot be in place of a book. It requires a different kind of interpretation and imagination to take in, and I really appreciate that.

epicide on Jan 27, 2022 | root | parent | next [–]

I think books are a great comparison for Gemini.

Sure, some books have the occasional image and are made better for including it. However, thumbing through a lot (not all) of my stack of books, I see maybe one or two images in an entire book [0]. A lot of those are simple diagrams that could be conveyed (albeit crudely) via text.

The remaining image (singular) could have easily been a URL or even a description. "A picture is worth a thousand words" works both ways. Therefore, sometimes it's better to just say a thousand words.

And none of that is to say that we shouldn't have movies or shows or newspapers and textbooks full of pictures! Books pose no threat to any of those, so it's pretty odd to see people threatened seemingly by the mere existence of Gemini. Especially when part of its introduction is that it's not a replacement for the Web!

Perhaps that upfront clarification is what's so scary? Depending on context, "we mean you no harm" can also sound like a threat.

[0]: Though most have precisely 0. Obviously depends on author and their intent.

throw10920 on Jan 27, 2022 | root | parent | next [–]

I don't think that books are a great comparison for Gemini.

Go read The Art of Computer Programming or Linear Algebra Done Right and tell me how easy it would be to process that information without mathematical equations.

Gemini doesn't just eschew images - it gets rid of math notation, too.

Imagine how much further we would be back if we had been unable to use mathematical notation that didn't fit the ASCII character set.

Not to mention all of the thousands of books that are massively better off with actual diagrams in them, and the fact that many books (textbooks especially) that should use images don't.

Gemini isn't even as capable as a book.

And yes, the marketing material states that it's not a replacement for the Web, but it is constantly compared with the Web - sure sounds like a wink and a nod, a subtle suggestion that it is somewhat of a replacement.

If Gemini users want to collectively go off and exclusively create content in Geminispace without bothering me, that's great. However, I'm not very amiable towards any efforts to start moving other people's stuff there, or even the possibility of getting big brains or educators onto that permanently crippled medium.

readyplayeremma on Jan 28, 2022 | root | parent | next [–]

I am curious to understand why it feels like you are perceiving Gemini as some kind of existential threat? There are many mediums in this world that are technically inferior but have an important role in many people's lives. Why listen to vinyl when your digital download doesn't require unnecessary space for storage, and has the ability to skip between albums and tracks instantly? Why use Twitter with a very limited set of characters and features? Twitter existing did not kill long-form writing? Gemini existing will not kill the web somehow? Why the hostility? There is room enough for all the mediums. And they each have their place in our culture. I think the space Gemini creates is unique, and a very welcome value-add to this world of never-ending distractions.

Nbox9 on Jan 27, 2022 | parent | prev | next [–]

> thanks to the inclusion of a MIME type in the response header Gemini can be used to serve plain text, rich text, HTML, Markdown, LaTeX, etc. [0]

I think you are referring to the text/gemini format which isn’t a required portion of the IP.

[0] https://gemini.circumlunar.space/docs/specification.html

ReleaseCandidat on Jan 26, 2022 | prev | next [–]

I see, Gemini is not to make the life of content creators easier, but the life of the server and client implementers.

The need for TLS is a bit strange regarding this, especially if they encourage the use of self-signed certificates.

4 TLS

Use of TLS for Gemini transactions is mandatory.

Clients can validate TLS connections however they like (including not at all) but the strongly RECOMMENDED approach is

to implement a lightweight "TOFU" certificate-pinning system which treats self-signed certificates as first- class

citizens. This greatly reduces TLS overhead on the network (only one cert needs to be sent, not a whole chain) and

lowers the barrier to entry for setting up a Gemini site (no need to pay a CA or setup a Let's Encrypt cron job,

just make a cert and go).

https://gemini.circumlunar.space/docs/specification.gmi

https://gemini.circumlunar.space/docs/best-practices.gmi

spc476 on Jan 26, 2022 | parent | next [–]

Okay, so when you have the "Encrypt All The Things" campaign, and "never NEVER implement crypto on your own," what else is there besides TLS?

One of the triggers for Gemini was the push to add TLS to gopher, which isn't that easy [1].

[1] http://boston.conman.org/2019/03/31.1

Jtsummers on Jan 26, 2022 | root | parent | next [–]

My understanding of the issue as it relates to Gemini is that the Gemini community is:

1. Largely using self-signed certificates on the servers. That gets you into the protocol, but doesn't really help with trust.

2. Using "trust on first use" (TOFU) in the clients, which doesn't scale. The clients have to know whether a particular cert is valid or not, and that means the user needs to manually verify or some trusted data source has to be distributed to clients. Manual verification turns into "yeah, yeah, just let me read the page" after a while. And a trusted data source is, well, hard to keep maintained, and even harder if it wasn't in the model from the start.

So TLS gets Gemini security, of a sort, but the way it's being used makes it less effective than it should be.

spc476 on Jan 26, 2022 | root | parent | next [–]

The push for TOFU really only began about a year after the protocol was first designed, as it was deemed "too difficult" to obtain a real certificate, even from Let's Encrypt.

On the other hand, those that want something SSH-like for the web have something to point to as an example, as well as those that don't think SSH-like for the web is a good idea as an example.

nine_k on Jan 26, 2022 | root | parent | prev | next [–]

TLS gives you protection against casual eavesdropping or tampering.

Of course, self-signed certs + TOFU theoretically allow a third party to insert itself as a MITM at the first connection. This needs a lot of tracking and preparation beforehand; no adversary of this caliber is going to be interested in Gemini content.

tptacek on Jan 27, 2022 | root | parent | next [–]

Adversary of what caliber? All they have to be able to do is redirect a host (for instance by poisoning a local DNS lookup); the actual exploit is trivial. They're self-signed certificates; in the absence of a "TOFU" scheme that doesn't yet meaningfully exist, they provide no security against attackers willing to spoof DNS responses.

"TOFU" is also a truly abysmal fit for any application with a mass audience (at any given time, a huge percentage of your inbounds are going to be people making their first request, all totally open to attack --- contrast that with SSH, where you make first contact with a host on a new machine fairly rarely).

tedunangst on Jan 26, 2022 | root | parent | prev | next [–]

The whole point of TOFU is the user doesn't manually verify.

Jtsummers on Jan 26, 2022 | root | parent | next [–]

That's not really true, though. Like with SSH, the first time you receive a certificate for a server you are prompted to either trust it or not. If you choose to trust it then from that point on it remains trusted unless explicitly removed from the set of known hosts. Of course, the client could just take the option away from the user and automatically trust every host the first time. But then there's even less point in having TLS here.

Even Signal's TOFU method offers a way for users to manually verify that the keys of the people they're communicating with, even though it permits communication from the start without verification.

RunSet on Jan 26, 2022 | root | parent | prev | next [–]

"never NEVER implement crypto on your own"

I understand that the admonition "never roll your own crypto" (as in develop your own encryption algorithm) is distinct from "never implement crypto on your own" (as in implement an existing encryption algorithm), although it is commonly misread as the latter.

The phrase "never roll your own crypto" was originally used in the context of algorithms.

http://web.archive.org/web/20030629085904/http://www-106.ibm...

Hopefully given the description / source code of "a published, well-used, tried-and-tested algorithm", most programmers could implement it in a language with which they are familiar.

spc476 on Jan 26, 2022 | root | parent | next [–]

I think it even applies to "never implement crypto on your own"---are you sure you've taken into account side-channel attacks? Timing attacks? Random number generation (if it's required)? Cleaning memory after use? That memset() isn't optimized out? There's a lot to get right ...

Edit: a few more examples.

remexre on Jan 27, 2022 | root | parent | prev | next [–]

There's large class of exploits that appear despite the implementation having identical input-output behavior to a correct one -- a side-channel-free software implementation of AES is quite non-intuitive (bitslicing), and not the sort of thing I think most programmers could implement performantly. Worse than AES is RSA; there are a _ton_ of attacks that are subtle enough, that professional cryptographers' implementations end up being vulnerable (see [0]).

More recent algorithms (I'm thinking of ChaCha20 in particular, but there are quite a few others) are explicitly designed such that there shouldn't be any "more obvious" implementation than the secure one, but the programmer needs to know to implement them. I don't _think_ I've seen or heard of a vulnerable "rolled my own AES" since everyone started shipping AES in hardware, but people roll their own RSA all the time. I've had "write RSA" as a class assignment twice, and neither time was "don't use this for _anything_, you're definitely vulnerable to 20+ years of attacks" brought up.

[0]: https://blog.trailofbits.com/2019/07/08/fuck-rsa/

XMPPwocky on Jan 26, 2022 | root | parent | prev | next [–]

Two things- one, as a sibling comment's mentioned, it absolutely includes implementation of cryptographic primitives too. There are quite a few subtle bugs (mostly, but not entirely, side-channels) that end up being utterly catastrophic.

Second - even using somebody else's (high-quality, trusted) implementation of (high-quality, trusted) primitives very much isn't enough to build a secure system that uses cryptography. The obvious example here is everybody and their dog going off to implement AES or something, not using a MAC ("we just care about secrecy, not integrity") or using a MAC wrong (e.g. MAC-then-encrypt), and then dying horribly to a trivial padding oracle.

Or, trying to build a secure transport protocol (i.e. a TLS-like API, where you just get "a secure socket" after doing some dance with certificates/keypairs)... you just encrypt (and MAC, this time) all the data before you send it out, and decrypt (and verify!) all data that comes in. But... wait, our API can't really handle that easily - we have to write the data out to the network in chunks. So, hm, encrypt and MAC each chunk? Oh, then chunks can be rearranged in transit, so we'll put a counter in there. What if the counter wraps around? Do you abort, or do you just reuse old counter values? Do you get a different session key for the same (client, server) pair- if not, is that an issue? Suppose you're using an AEAD mode, like GCM- how do you manage nonces? (If you reuse a nonce once in GCM, you often leak your authentication keys(!))

Hm, all of that sounds like ... a lot. So maybe we'll just sign+encrypt requests (and include our public key inside), and have the server sign+encrypt responses (to the public key we sent). Hm, but we need to tie responses to requests, though. So we'll need to put a hash of the request in the response. Ah, hmm, length extension attacks, right. Maybe GCM will save us? Hm, not sure... What if somebody wants to replay old content to us (send us an older version of a page)? Can they do that? Right, need to either include some "challenge"/nonce in requests, or at least make sure session keys are unique per-request. What about possible reflection attacks - if we send the server its own public key as our public key, does that cause any weirdness? Oh, what is a public key, anyways? If (God forbid) you're using RSA, does that include both the exponent and the modulus, or just the modulus? If you do a key exchange (e.g. for forward secrecy), who picks the parameters- are they just fixed?

Cryptography is the sort of thing that almost actively resists abstraction, and it's really tricky in a way that's hard to appreciate. It's a world where you find a claw hammer and use it to remove a nail from your floor- maybe even looking on CarpentryOverflow first to make sure a claw hammer can be used to remove nails from floors- and it works fine, so you then go to remove a nail from your wall and discover that this makes the hammer burst into flames because, yes, most people think "claw hammers can pull nails out of stuff" and that's usually true but the unstated assumption there is that you're holding the hammer with your right hand and you're actually left-handed and it's a Tuesday in the southern hemisphere so you actually should have used a completely different tool or used a higher-level misuse-resistant nail-pulling API which does almost exactly what you want, but that's what you thought the hammer did so...

meltedcapacitor on Jan 26, 2022 | root | parent | prev | next [–]

ssh server.org cat /index.gmi

not sure if that's much simpler though.

s5806533 on Jan 26, 2022 | parent | prev | next [–]

> I see, Gemini is not to make the life of content creators easier, but the life of the server and client implementers.

As far as I understand, the distinction (content creator on the one hand, server and client implementers on the other) goes against the Gemini philosophy. The idea is rather that it should be reasonably easy to be both.

shuntress on Jan 26, 2022 | prev | next [–]

> Since the markup language is so simple, it lowers the barrier of entry for those wanting to produce content

I see this as one of the major problems with The Web.

It's just too technically difficult for a normal person to make a useful reliable website. That naturally drives people from the open web into closed web-replacements like facebook.

EDIT: With that said. I can't really get behind something like gemini whole-heartedly. It just feels like adding rendering support to browsers for gemini style markdown and serving them with appropriate Content-Type headers over regular HTTP would be a better way to do it.

EDIT 2: Or campaigning to add support for the protocol in common browsers. That is, after all, why URLs include the protocol and I know people here are extremely fond of bashing client implementations for not displaying the protocol part of a URL.

lbotos on Jan 26, 2022 | parent | next [–]

I think you are conflating two points.

> It's just too technically difficult for a normal person to make a useful reliable website.

There are many hosting providers from the hostgators of the world to wix and squarespace that make this pretty easy if you want to host content.

> That naturally drives people from the open web into closed web-replacements like facebook.

The social aspect is what drives people to social networks. All of their friends are there.

Many people don't want to just host content, they want chat, video, messenger, photo storage. For those that don't need it widely accessible, group chats seemed to have filled gap between forum <-> text message/email.

shuntress on Jan 26, 2022 | root | parent | next [–]

That all still relates to the technical difficulty of hosting (and, to be a bit more specific, account/identity management.)

Facebook doesn't have some magic technical secret that makes chat, video, messenger, storage, etc handled by their servers somehow different than if it were handled by a server in your home.

errcorrectcode on Jan 27, 2022 | root | parent | next [–]

People think technology is "too complicated" and "magic" because they don't try to understand it. That's the problem. The "secret sauce" is in configuration and knowledge of architecture, software engineering, and production engineering, which are all gradually acquirable through sweat equity.

There are plenty of cheap VPSes all over the world where someone can run just about anything live without the costs of GCP or AWS.

nine_k on Jan 26, 2022 | root | parent | prev | next [–]

Account and identity management is naturally slightly non-trivial, once you consider things outside the happy path.

errcorrectcode on Jan 27, 2022 | root | parent | next [–]

OAuth is trivial because of libraries.

Hashed database secrets are also easy. Rails is mindlessly-simple. Django isn't bad either. There are CMSes that can provide these too.

The problem is people don't want to know anything about anything. They want something (results) for nothing (free, and without skills or effort).

brimble on Jan 27, 2022 | parent | prev | next [–]

> It just feels like adding rendering support to browsers for gemini style markdown and serving them with appropriate Content-Type headers over regular HTTP would be a better way to do it.

One of the nice things about keeping it separate is that clicking a link is safe. Relaxing. If the linked page wants to spy on you or run a crypto miner or bug you with stupid pop-ups or try to trick you into automatically clicking "allow" on notifications, it'll first have to pop a "would you like to open this link in [web browser]?" window or something.

Yes you can cut down permissions on the web but then 90% of it doesn't work without a bunch of fiddling.

errcorrectcode on Jan 27, 2022 | parent | prev | next [–]

That's a skills and lack of software (CMS) problem, not a blame-the-tools problem.

Dumbing-down the web is a dumb idea. It's dumb enough already and shouldn't be any dumber.

velcrovan on Jan 26, 2022 | prev | next [–]

The key to understanding it is just not to expect it to have mass appeal, ever. It lowers barriers for developers and tech hobbyists. It is a nice crunchy area for developers to have fun with that doesn’t require herculean feats of programming to serve or consume. It's like ham radio.

My only beef with it is we already have gopher!

spc476 on Jan 26, 2022 | parent | next [–]

But gopher doesn't have TLS. Yes, there are clients that attempt to make TLS connections to gopher servers and will fall back to plain TCP on failure, but that's a hack (and a pretty annoying one at that).

owroomexorcist on Jan 26, 2022 | root | parent | next [–]

What's wrong with not having TLS? If it's just for hobbiests to share text documents, why include a TLS layer?

capableweb on Jan 26, 2022 | root | parent | next [–]

Suddenly you can't trust anything you're being served as there are so many endpoints you could be MITM'd at. Reading a text about some experience someone had? Snippets from that text could have been replaced if you are not using any cryptographic protocol what so ever.

owroomexorcist on Jan 26, 2022 | root | parent | next [–]

Fair point. But if we're talking about a protocol not meant for the mainstream, is it really an attack vector to worry about?

spc476 on Jan 26, 2022 | root | parent | next [–]

For some, yes.

skybrian on Jan 26, 2022 | prev | next [–]

One problem is the way Gemini and Mastodon (and even Twitter at one time) are often promoted:

> Once you have a client that supports it, you’re free to enter the ecosystem. Once there, you’ll notice that it is composed of many vibrant communities. There are artists creating cool experiments, writers and essayists pouring their hearts and brains out, etc. You can find a tribe for you or start a new thing.

I assume this is true for the person who wrote it, but finding people who are interesting is often a problem. There is lots of noise and I have trouble finding “vibrant” communities that are relevant to me. I’m following only two interesting people on Mastodon after several years and I found them because links to interesting things they wrote were posted to a link-sharing site.

Specific examples beat abstract arguments. The best way to promote Gemini would be to quote and link to interesting content you found on Gemini.

And that means you’re playing the same social game as everyone else, doesn’t it?

tharne on Jan 26, 2022 | prev | next [–]

I'm really rooting for this project. Sure it's probably over-idealistic and not entirely practical, but I think that's part of the appeal - a group of folks trying to build a better web and having fun doing it.

zepto on Jan 26, 2022 | prev | next [–]

> The Web is your orchestral music, Gemini is low-fi chiptune.

Likening the web to orchestral music is questionable.

gwern on Jan 26, 2022 | parent | next [–]

The other end is questionable too. IMO, Gemini has too many features to be the 'low-fi chiptune' of hypertext. Every time I look at it, I come away thinking it is not in any sweet spot but perhaps the worst of both worlds: too featureful to truly foster creativity by constraint, and yet lacking entirely too many features to compete with a simple robust Markdown static site stack.

If we wanted the pixel art or low-fi chiptune of hypertext, both historically and in terms of esthetic, we'd be targeting classic textfiles: 80-col ASCII art .txt (maaaybe with the absolute bare minimum of adding a clickable link for navigation to make up for the lack of a TUI BBS interface wrapping the individual text files).

zepto on Jan 26, 2022 | root | parent | next [–]

That’s pretty much gopher already.

errcorrectcode on Jan 27, 2022 | parent | prev | next [–]

The web used to be jazzier with blink tags, Comic Sans, red-on-blue H1, and giant spew walls of yellow text lacking subpages.

boring_twenties on Jan 26, 2022 | parent | prev | next [–]

Noisecore might be a better comparison.

rossdavidh on Jan 26, 2022 | prev | next [–]

I have no idea what we are talking about, here. Can someone point me to a good, short introduction?

leephillips on Jan 26, 2022 | parent | next [–]

https://gemini.circumlunar.space/

https://www.linuxpromagazine.com/index.php/Issues/2021/245/T...

saxonww on Jan 26, 2022 | root | parent | next [–]

Thank you. Gemini is also a crypto exchange so I went into this thinking it was another article trying to justify Web3.

leephillips on Jan 26, 2022 | root | parent | next [–]

Oh, I didn’t know about that.

rossdavidh on Jan 26, 2022 | root | parent | prev | next [–]

Thanks!

tephra on Jan 26, 2022 | parent | prev | next [–]

Gemini is a neat little protocol with a neat community around it. https://gemini.circumlunar.space/

rossdavidh on Jan 26, 2022 | root | parent | next [–]

Cool, thanks.

alamortsubite on Jan 26, 2022 | parent | prev | next [–]

I just read the post and take it as a good introduction. That's about as much as I've read about Gemini, though, so maybe I'm wrong.

EDIT: The first few paragraphs of the post might lead you to believe it doesn't serve as an introduction, so maybe skip those.

ajioasfnokal on Jan 27, 2022 | prev | next [–]

Honestly insane this post is even needed. Doubters really glance at Gemini and just make up shit on the spot. Makes you wonder what else they bullshit about.

I use Lagrange to browse Gemini blogs as a reprieve from the bloat, just gimme ideas with text. It's nice and super easy, just try it and find an aggregator like Antenna, and if you hate it uninstall it.

harryvederci on Jan 26, 2022 | prev | next [–]

I upvoted both this and the "Gemini is Solutionism at its Worst" post mentioned.

It's a radical idea, but the truth is probably somewhere in the middle.

Jtsummers on Jan 26, 2022 | parent | next [–]

What is "radical" about Gemini?

harryvederci on Jan 27, 2022 | root | parent | next [–]

I didn't refer to Gemini. It was meant to be read as:

"Here's a radical idea: the truth is probably somewhere in the middle."

Jtsummers on Jan 27, 2022 | root | parent | next [–]

That makes a lot more sense than how I initially read your comment.

ForHackernews on Jan 26, 2022 | root | parent | prev | next [–]

It's a new internet protocol not designed to make somebody rich.

Jtsummers on Jan 26, 2022 | root | parent | next [–]

HTTP and Gopher both filled that role last century so I'm not certain how that's radical. Admittedly, part of Gopher's failure in the market was that someone, U of M, tried to get money out of licensing it, but that came after its initial release.

What else is radical about it?

jl6 on Jan 26, 2022 | root | parent | next [–]

1) Restraint, and 2) the concept of it being finished and not extensible.

koeng on Jan 26, 2022 | prev | next [–]

I have a lot of fun with Gemini! Since I couldn't find a good static gmi -> html converter that I liked for my website, I built my own. It works great and is pretty simple! This is one thing that people miss out on - I can actually build things on top of gemini / gemtext because it is so simple.

jalino23 on Jan 26, 2022 | prev | next [–]

I downloaded the Lagrange browser. but how do I find content?

makeworld on Jan 26, 2022 | parent | next [–]

Search engine: geminispace.info

Protocol homepage: gemini://gemini.circumlunar.space/

Feed aggregator (one of many): gemini://warmedal.se/~antenna/

Curated Gemini directory: gemini://medusae.space/

tpoacher on Jan 26, 2022 | parent | prev | next [–]

start with geminispace.info

enjoy the rabbit hole

jl6 on Jan 26, 2022 | prev | next [–]

The most important words in the Gemini FAQ: a clearly demarcated space.

Regardless of the protocol’s technical merits and demerits, that’s what generates a lot of the value.

dataangel on Jan 28, 2022 | prev | next [–]

ELI5 why use Gemini? This post is my first hearing about it, so maybe I'm missing something, but nothing here is obviously compelling. As a user, I could care less whether Gemtext is technically easier to parse than Markdown. "We simplified some technical details and left out all modern features" seems neither like a technical feat nor a selling point.

errcorrectcode on Jan 27, 2022 | prev | next [–]

I don't understand. What problem does it solve? Why fracture pervasive, compatible ecosystems with emperor's new clothes? It throws away decades of infrastructure interop and support. If you want to "take privacy seriously", there's onion hidden sites and tor browsers.

It appears to mix together too many concerns, but best of luck.

blippage on Jan 27, 2022 | prev | next [–]

I investigated Gemini a few months back. I had problems either getting the clients to compile or work.

dillo-gemini looked cool, but I couldn't get that to work either.

After trying a few clients, I eventually gave up.

seanw444 on Jan 26, 2022 | prev | next [–]

This was weird timing. Haven't seen a post on Gemini on here in a while, and I just started yesterday building an Express-like Gemini server framework in Go, to get more familiar with Go.

pvaldes on Jan 26, 2022 | prev | next [–]

Feels like an improved gopher and facing similar problems. People try the vehicle, but stay for the content.

kkjjkgjjgg on Jan 26, 2022 | prev | next [–]

What is Gemini? Google turns up a Bitcoin Exchange and lots of astrology?

Jtsummers on Jan 26, 2022 | parent | next [–]

There's a link to the description in the first paragraph of the article, and elsewhere in this discussion already: https://gemini.circumlunar.space/

airstrike on Jan 26, 2022 | parent | prev | next [–]

Ironically, there are two current projects competing for the Gemini name: the Winklevi's bitcoin exchange (indubitably named after their twinship) and the more-than-a-protocol for a no-frills version of the World Wide Web, which is what TFA is talking about.

hprotagonist on Jan 26, 2022 | prev [–]

>Instead of simply commenting on Hacker News like I did in previous similar posts, I thought I’d write a little blog post I could link there and in future discussions.

... published via https on a website, even.

sudobash1 on Jan 26, 2022 | parent | next [–]

Since HN is on a https website, I think this makes sense. As the article says, Gemini is not going to (and shouldn't) replace the web:

> Gemini is its own thing that will co-exist with the Web.

So I think being published on the web for other people on the web makes sence and is not antithetical.

marginalia_nu on Jan 26, 2022 | parent | prev | next [–]

Dunno, I publish most of my content on both gemini and https. One does not necessarily exclude the other.

soapdog on Jan 27, 2022 | parent | prev | next [–]

Because people inside Gemini ecosystem already know all the stuff I wrote in the post. That is an article for people on the Web who are talking about Gemini.

thewakalix on Jan 26, 2022 | parent | prev [–]

Yes? It’s not Fight Club.

Search:

-- Response ended

-- Page fetched on Mon May 13 01:37:41 2024

/bin/sh

The web sucks. It is a mighty dismal kludge built out of a thousand

tiny dismal kludges all band-aided together, and now these bottom-line

clueless pinheads who never heard of "TCP handshake" want to run

*commerce* over the damn thing. Ye godz. Welcome to TV of the next

century -- six million channels of worthless shit to choose from, and

about as much security as today's cable industry!

Having grown mightily tired of pain in the ass browsers, I decided

to build the minimalist client. It doesn't handle POST, just GETs, but

the majority of cgi forms handlers apparently ignore the method anyway.

A distinct advantage is that it *doesn't* pass on any other information

to the server, like Referer: or info about your local machine such as

Netscum tries to!

Since the first version, this has become the *almost*-minimalist client,

but it saves a lot of typing now. And with netcat as its backend, it's

totally the balls. Don't have netcat? Get it here in /src/hacks!

_H* 950824, updated 951009 et seq.

Denial of Service

Caching, ETags and Tracking

Transclusion

commerce over the damn thing. Ye godz. Welcome to TV of the next

A distinct advantage is that it doesn't pass on any other information

Since the first version, this has become the almost-minimalist client,