1. 20
  1.  

  2. 5

    A friend pointed me to a ‘gopher successor’ called Gemini. https://gemini.circumlunar.space/

    1. 7

      Right at the top of that page, it doesn’t claim to be a Gopher successor:

      Gemini is a new internet protocol which:

      • Is heavier than gopher
      • Is lighter than the web
      • Will not replace either

      My big beef with Gemini is mandatory TLS. If you’re hosting your own server anyway, avoiding the overreach of adtech oriented HTML/CSS/JS is easy to do. TLS appears to be on a path to being unavoidable, which ends up obsoleting older clients even for public content that’s intended to be globally accessible. Since it requires annual cert renewal and contains periodic protocol changes, this isn’t a one time thing: it turns the web into a sliding compatibility window, where if you want your server to talk to the install base of browsers you have to drop support for older ones. That, in turn, forces your users to run software that’s written by companies doing adtech.

      In fairness, Gemini addresses the last point: a sliding compatibility where the client is written by people who aren’t trying to abuse you. But it’s still a sliding compatibility window.

      At some point I’ll end up hosting Gopher (still haven’t yet) mainly to opt out of TLS and use a protocol that can be reached from anything. FTP is another option that’s more specific in nature but is more widely supported than Gopher. Both feel like a computing form of Latin: being obsolete means being unchanging means very broad compatibility.

      1. 5

        What I find amusing about your reply is that there is a group of people who are adding TLS to gopher.

        FTP is not popular anymore due to it’s lack of encryption (kids today!) and it’s rather baroque method of working (client connects to send commands, but the server then connects back to the client to send a file), but it does have a feature I haven’t seen on HTTP—the ability to direct a transfer of a file from server A to server B from a client on C.

        1. 2

          Since it requires annual cert renewal and contains periodic protocol changes, this isn’t a one time thing: it turns the web into a sliding compatibility window, where if you want your server to talk to the install base of browsers you have to drop support for older ones. That, in turn, forces your users to run software that’s written by companies doing adtech.

          Adtech company effects aside, the main reason behind both certificate renewal (at least according to Comodo) and TLS version updates is to force servers to stop using ciphers that have vulnerabilities. I don’t know the answer here myself, so I present the questions to others on this site: Is there a way to design an evergreen cipher, or will changing our ciphers be a constant battle against humans and increasing compute?

          1. 4

            Is there a way to design an evergreen cipher

            Personally I think the first step is to stop and ask “why do we encrypt data?”

            It’s true that some applications require confidentiality, like when interacting with a bank website.

            But I’d argue the vast majority of cases here - essentially every Let’s Encrypt user - is really trying to achieve tamper resistance, despite the content being well known. The post you just wrote is public - it’s not encrypted in transit because it’s sensitive information, and it seems highly unlikely that the fact that I read your post is confidential either (particularly now I’m replying.)

            But if the real problem is tamper resistance, the obvious solution is digital signatures, not encryption. The great thing about digital signatures is you can have many of them. You have a cleartext message, so any client can see the contents; an old client can verify contents to some outdated level; and a new client can verify contents more thoroughly.

            At the risk of going conspiratorial, I think Comodo have a financial interest in frequent certificate purchases. The real question is why the browser vendors are in favor of it, but their identities hint at potential answers. Compute capacity doesn’t increase enough in 365 days for that to be the real reason. Perhaps ciphers can be flawed (in the design sense), or perhaps this is trying to prevent a brute force attack that takes >365 days to complete from being feasible, but both of these seem unlikely to be the real reasons.

        2. 2

          I’ve thought about running my own Gopher server or mocking one as a source of easter egg content for my visual novel set on the 90’s Internet. Wondering how practical that would be.