-- Leo's gemini proxy

-- Connecting to gemini.thegonz.net:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini

How cheap can you get?


It occurred to me that interactive fiction, with its single-line input interspersed with line-based output, should fit well with gemini.


So how to go about it? You want a continuously running z-machine (say) interpreter interacting with a gemini server, such that a query in a gemini request is passed as a command to the interpreter, and whatever the interpreter writes before it next blocks for input is sent as a response to the request. This sounds straightforward, and it wouldn't be too hard to do more-or-less "properly" -- I'd write a little haskell server to handle firing up an instance of the interpreter for each client certificate it sees, sending commands from requests using that certificate to the appropriate interpreter instance, killing off processes once they've been inactive for too long, limiting the number of them to prevent DoS attacks, and so forth... Meanwhile the interpreter could be using Andrew Plotkin's RemGlk which outputs JSON descriptions of IO which could be straightforwardly converted to text/gemini.


But maybe more interesting that doing it properly is doing it cheaply. Just how cheap is it to knock up some basically functional line-based service like this?


Turns out: very! At least as long as you're willing to forego client certificates.


You may want to test it out before reading the details.


Basically all this took was

ncat -C -vvv -l -k --ssl -p 1962 --ssl-cert [...] --ssk-key [...] -c wrap-terp.sh

where wrap-terp.sh simply reads a line, extracts the query, sanitises it a bit, then writes it to a fifo `in`, then reads `out` and sends it as a gemini response; meanwhile the interpreter is running as

while true; do tail -f in | rcheapnitfol Tangle.z5 >| out; sleep 5; done

(where rcheapnitfol is the nitfol z-machine interpreter compiled with the cheapglk line-based IO library, with some quickly hacked-in restrictions to prevent file access outside the current directory).



That's it. Is this a good idea, or useful for anything? Probably not. But I think it's nice how easy it is to hack something like this together. Of course ncat, a version of netcat from the nmap project, is doing all the heavy lifting of handling tls -- and it doesn't do quite enough to be really useful, because it seems it can't send client certificate information through to the executed command. Using one of the gemini servers with CGI would make more sense really, or writing a dedicated server using a decent tls library.


I hope someone else will do this properly. For now, I'm happy to delight in the cheapness.

-- Response ended

-- Page fetched on Thu Mar 28 11:15:15 2024