💾 Archived View for gemini.cyberbot.space › smolzine › smolzine-issue-14.gmi captured on 2023-01-29 at 03:19:22. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

 ___              __ 
/ __) mmmm   ___ (  )   ▀▀█ ▀█▀ █▀▀▄ █▀▀
\__ \ m m m / _ \ )(__  ▄▀   █  █  █ █▀▀
(___/ m m m \___/(____) ▀▀▀ ▀▀▀ ▀  ▀ ▀▀▀

smolZINE - Issue 14

2021-11-15

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Table of Contents

Introduction

We have a new contributor with a nice piece for Emanations and what's that down there in the Spelunking section? Yes, it is another one of ew0k's awesome adventures! I hope you're all as excited as I am.

Hidden (and not so hidden) Gems

Drift Theory (and sloum's capsule)

A perhaps less well known source of original music to discover in geminispace is sloum's Drift Theory. While you're at it I'd highly recommend checking out everything sloum has to offer. You'll find things like the spacewalk aggregator, geminews news proxy, recipes, the bombadillo smolnet browser and the list goes on!

Drift Theory

sloum's capsule

rlamacraft

Another well-rounded capsule with a variety of content. Recipes, music, miscellaneous thoughts and some programming and tech related posts is what you'll find here.

rlamacraft

freeside

With a gemlog, some notes on CP/M and cyberdecks this capsule has some interesting reading.

freeside

Gemrings

If you've been around on the internet for long enough you will likely remember webrings. There are a couple similar setups on geminispace you may want to join or check out to discover some neat capsules.

LEO Gemring

ANN Gemring

Emanations

Security

by remyabel

Gemini is a rather niche and (relatively) small community. While security issues have cropped up here and there, for the most part it's pretty quiet and there haven't been any (that I'm aware of) major exploitation or hacking incidents.

I often hear people say "who would want to hack us?" or "it's a static website, how could you possibly hack it?" These are both of course fallacies. If you're being hacked, most likely you are either being targeted by an automated shotgun approach to steal any secrets (like private keys) or to add your computer to a botnet; or opportunistically, similar to someone seeing a juicy mark and wanting to pounce. Once one target has been compromised, it may give the attacker lateral access to more juicy targets. I don't think the chances of someone being on the receiving end of a targeted attack on Gemini to be very high, at least not at this stage. Furthermore, as brought up on IRC recently, directory traversal attacks are a very real exploit that could lead to your private keys being exfiltrated, so it's not a problem that can just be ignored.

As with any security related topic, it is not black and white. We first have to consider our threat model. Anecdotally, Gemini users love self-hosting, especially from resident networks, and the Gemini servers and clients that are most used do not see security as a priority. Self-hosting from a home network is potentially dangerous as it means that if you are compromised, the rest of your home network is potentially vulnerable. The simplicity of Gemini software may give users a false sense of security (simplicity means less bugs in theory) and since it is rather simple to spin a Gemini server up, one may not be inclined to take any hardening steps.

There are some low hanging fruit steps you can take to decrease the chances of being compromised. In my opinion, a lot of the advice for hardening web servers applies to Gemini servers as well. For example: run your server under a dedicated, non-privileged user, add some sandboxing (systemd units allow this, bwrap, whatever *BSD has), use ACLs on content directories (SELinux, apparmor, or just setfacl) and so on. Store your private keys in a safe, standard location like /etc/ssl/certs or /etc/pki/tls/private and appropriately permissioned. On a high level, this means even if you were to be hacked, the attacker would have less room to work with and may not even be able to actually do any damage. SELinux historically for example has put privilege exploits dead in the water.

Regardless of what approach is taken, I think that as the Gemini community grows, this is an issue that should be looked at and explored more.

Spelunking

Royal Wedding Crasher

by ew0k

You are as desperate as only a fool in love can be. The love of your life, the person who will inherit the kingdom, is getting married to someone else! You are certain that this is a grave mistake and something their parents set them up to. You are equally certain that they would rather marry you, if you only had the courage and confidence to just tell them how you feel. And now it's almost too late.

Luckily you've already managed to enter the castle. Only one problem: the king and queen know what you're up to and have sent guards to stop you. That, and you're a little chicken shit. But you can do it! You can get there in time! And tell them! Maybe...

How to Play

You need a pen, paper and a six-sided die. Keep track of your courage, which starts at 0. Each time you enter a room you'll make a choice and roll on the tables that follow it, if any. When encountering guards you may add courage points to your roll. However: you have to decide how many points to spend before you roll on the table, and those points are lost regardless of the result. When (if) you reach the wedding ceremony to proclaim your love any courage points remaining will be added to your final roll.

The guards are always on your tail, which means you can never turn back. There will always be a way forward, thankfully.

You start in the library, where you broke in.

P.S.

You can also find this adventure on ew0k's capsule here.

Royal Wedding Crasher

Word Search

by Jone

Source Material: Skewed Jaw

gemini://procession.flounder.online/cutups.gmi

 i m f a h r v r s r u s h c o t p
 g t o l p a o x q d l g e o q a r
 s f j w h i s p e r i n g n b k s
 c l l n o s e c a i p j b v r u k
 l a n x w e q t n p s x a e q d e
 i p l l r d v k c p v q p r j a w
 c o m p e l l e d i d u t s k h e
 l r p e v e j h a n d s u a b q d
 d v z r e a r e x g m o u t h w r
 s k i n a h r h a f o d p i x z j
 z d c m l w m i r r o r a o a p d
 x t a y d m y x p s r z u n x i k

compelled

conversation

dripping

flap

hands

jaw

lips

mirror

mouth

nose

raised

rear

reveal

skewed

skin

whispering

Word Search Solution

Community Contributions & Discussion

Please consider taking part in making this zine better and more diverse by contributing your thoughts and finds. If you are interested in contributing a short article or capsule picks email me at: smolzine (at) cyberbot.space.

If you have any feedback or just want to discuss anything related to gemini or smolZINE hit me up at the above email or ping me on the fediverse at kelbot@retro.social and/or use the #smolZINE tag.

Thanks

Thank you to the following geminauts for their contributions to this issue of smolZINE.