💾 Archived View for tozip.chickenkiller.com › 2022-06-30-bombo.gmi captured on 2022-07-16 at 13:55:01. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Created 2022-06-30
I have a bombadillo fork here:
I have recently enhanced it so that you can ignore expired certifi-
cates if you want. The default behaviour is to be strict (which is
the prior behaviour), but you can ride roughshod over all that by
setting:
geminicerts=allow
in your ini file. It is all explained in the manpage.
This is necessary because bombadillo refuses to load bad certs. The
first Gemini capsule in existence:
gemini://gemini.conman.org/
has a certificate that expired on 2022-06-24. The host is Sean, and
I presume he the father of Gemini. This is a worrying development
in light of the fact that his capsule says:
I'm no longer involved with the Gemini development, so all the
tests and tools that were here are have been removed. Why
doesn't matter. I've been told to shut up, sit down, and let
the adults in the room talk. You have been warned.
Ouch.
I am new to Gemini, so I don't know who the main players are, who
is now steering it, if anyone. Does this mean that Gemini is des-
tined to oblivion? Should we stick with it, perhaps migrate to
Spartan, or just throw in the towel and use Gopher? Thoughts are
appreciated.
For the foreseeable future I am happy with Gemini. I will concen-
trate on whatever protocol is the most popular among Gemini, Spar-
tan and gopher. I have found GMI files to be pleasant to write,
whilst I find gophermaps unpleasant. I am new to this game, so per-
haps the whole gophermap thing will grow on me if I try to figure
it out. If it still seems to be too difficult then it's easy enough
to stick to my current workflow of using my Perl script as a gem-
file to gophermap bridge. It's not perfect, but it's getting better
all the time.
I have also started playing around with Dave Bucklin 's groff
script:
I have adapted it to help me generate gmi files from groff files. I
do admit that I really love to see text fully justified.
But onto more contentious issues.
I'm firmly in the camp that TLS is a bad idea for Gemini. Here
goes:
protocol. If anything, it has taken away. I think this is justifi-
cation enough to call TLS a busted flush, notwithstanding any other
arguments that one might posit. However, I will continue my case.
not a security expert, though. Nor am I a system administrator. I
am a programmer, working mostly on applications and small scripts.
It strikes me that if you're going to trust the first certificate
that a site throws your way, then how do you know that the certifi-
cate has any merit in the first place? To put any faith in the cer-
tificate, you need ...
tration, trust and cost escalates the endeavour to a whole new lev-
el.
need to generate the certs, and make sure they don't expire
(Sean!). Plus, if you jigger your system around, you've got to en-
sure that certs are properly migrated.
soup really need encryption?
to be proper work. We can make certs, break and extend them as re-
quired. What is Joe Consumer supposed to make of all this other
than "nah, it'll be fine" and carry on regardless?
Just my 2¢.