TomDotTom's Tinylog

author: @TomDotTom

2022-05-22 20:42 UTC

• Having seen references to Toki Pona a few times here on geminni I decided

try and learn it. The best resources I've found so far are:

12 days of toki pona

toki pona dictionary

A gemini toki pona <-> English translator

2022-05-20 16:26 UTC

• Over the last few days I've spent some time looking into Message Integrity

Codes (or Message Authenticity Codes). One of the most interesting ideas

I stumble across was the 'Hash Chain' which can produce a fintite set of MAC

secrets.

Hash Chains

• As it (seemingly) impossible to create MIC's without a shared secret there

seems little point to not just use full encryption to secure a message. This

in turn had led me down a QUIC rabbit hole as packet encryption is a core part

of the protocol. One of the better introductions to QUIC is CloudFlare post

'The Road to QUIC'. And if you want to dive in deeper you might as well

watch the 3hr 'QUIC Protocol Tutorial'.

The Road To QUIC

QUIC Protocol Tutorial - SIGCOMM 2020

2022-05-17 02:01 UTC

• Publised "Disloyal User-Agents" and sumbitted them to gemini aggregators.
• Spent the last few hours combing the internet for application layer data integrity

solutions.

2022-05-01 14:31 UTC

• Finished a draft of "Disloyal User-Agents" which can, for the moment, be found in

Ideas and drafts

2022-05-01 14:31 UTC

• Looking at HTTP/2 reminds me a bit of the BEEP application protocol.
• Came to the realisation over my morning coffee that when you make a DNS

lookup you are almost always looking up the address of a proxy server. URLs

server a dual function as a proxy IP lookup address, and an appliaction routing

address for the proxy. No reason for this to be the case, and you could create

an application level protocol around this idea.

2022-04-29 14:40 UTC

• Scans of tilde.chat#spartan and tilde.chat#gemini show that other share my thoughts

on a modular browser. @yeti pointed out that the Dillo browser was designed to be

extensible via plugins, and that a couple of gemini plugins exist.

2022-04-28 23:28 UTC

• After a back and forth on tilde.chat#gemini with a group of gemini

enthusiasts I've landed on the ideas of the "Faithless Browser" or "Disloyal

User-Agent" (DUA). The basic premise is that they are supposed to represent

the users interests but through default behaviour can actual represent a

servers interests (think Cookies).

• Also from discussion, I think Gemini's desire of non-extensibility and

completeness has been compromised by mandating the use of TLS and making

client certs a first class concern. A DUA could add metadata into a client cert

and work around the lack of headers in the Protocol. Establishing standard server

behaviour in popular software by getting them to return a 63 CERTIFICATE METADATA ABUSE

might encourage good behaviour.

2022-04-27 03:20 UTC

• Just created a tiny bash spartan:// client to add to my tiny bash gemini:// client.

gemini://gemini.ctrl-c.club/~TomDotTom/gemlog/2022-04-25-A-Tiny-Bash-Gemini-Client.gmi

gemini://gemini.ctrl-c.club/~TomDotTom/gemlog/2022-04-27-A-Tiny-Bash-Spartan-Client.gmi

2022-04-27 02:44 UTC

• Spent a bit more time on the 'bring your own I/O' gemini protocol library.

Currently have a server and client state machine which are very similar, but

not perfectly asymetric. I'm not sure if it would be better if they were

symetric. Interestingly I'm having to think quite hard about where the

protocol's concerns ends and a client/servers concerns start.

2022-04-25 12:36 UTC

• This weekend I had a go at implementing a 'bring your own I/O' protocol

library for gemini. Took inspiration from the python-hyper http projects, and

a MicroMike's socks5 project. Got as far as implementing the Client role, and

then used this to create an example python Gemini client. Will have to wait

until next weekend to clean up and post to a tilde git repo.

h11: A pure-Python HTTP/1.1 protocol library

h2: A pure-Python HTTP/2 protocol stack

A pure-Python socks5 protocol library

2022-04-22 17:55 UTC

• Slowly making my way through an excellent 41 episode podcast on Free Speech.

It's very likely I'll go back and listen to the series a second time just

to let everything sink in.

Clear and Present Danger: A History of Free Speech

2022-04-20 03:43 UTC

• Having tried to modify nytpu's 'gemlog.sh' and getting frustrated by bash I

have just reimplemented something similar in Python using the subscription

spec. Ctrl-C users can find it in my bin dir.

https://gemini.circumlunar.space/docs/companion/subscription.gmi

2022-04-19 18:26 UTC

• Poked at ctrl-c.club's gemini server and was unsurprised to find that gemini

also suffers from exposed git repos (the .git is readable). I suspect it

won't be long before a gemini version of GitTools appears.

GitTools for pwn'ing sites with exposed git repos

• Played around with ctrl-c.club's `Iris` topic board. Bumped into @calamitous

on irc.tilde.chat#ctrl-c and had a chat about the software.

• Posted a quick topic to ctrl-c.club gemini users that they should be careful

of exposed .git dirs.

2022-04-19 12:12 UTC

• I'm completely enthralled by "The Whinam Papers archive" on @Stack's gemini

capsule. I'm undecided whether using Joanathan Swan's satirical style to

comment on the state computing is genius or madness. Even worse it keeps

going over my head and I can't tell if I'm ignorant of the real science

behind the proposed Houyhnhnm technology, or if it's all just sci-fi, I'd

bet on the former.

The Whinam Papers archive

2022-04-19 12:12 UTC

• Got a ctrl-c.club account (thanks Eric).
• Battled with irssi and connecting to ctrl-c.tilde.chat. Finally got it all

working only to find it very quite in there.

• Started messing around with Gemini.