💾 Archived View for gemini.susa.net › cgi-bin › gemini-irc captured on 2023-06-14 at 14:13:17. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-05-24)
-=-=-=-=-=-=-
congratulations! :D
congrats, jcowan !
Thanks to all
what if instead of nickserv is was nickserb
something to think about
amby: My first thought is that someone would create a rival bot named nickcroat
Good day all and AHOY
helo mhj
o/
\o tomasino
I dont even know gemini, someone can tell me a bit about how its used?
Think of it as an alternate web. You have Gemini browsers and Gemini sites.
It resembles gopher in some way?
yep!
https://ino.is/small-internet-talk - i talk about it here
tomasino's link to 'https://ino.is/small-internet-talk'
Exactly. Somewhere between Gopher and the Web, actually.
and here: https://www.youtube.com/watch?v=DoEI6VzybDk&list=PLH6DGA0TYVjrN5sSGSghUjoRqh9_8PWhV&index=3
but short version: gopher-like with markdown-like syntax and TLS
I get into tilde world looking to have fun on internet gain
I still not tried gopher and gemini, those seem good
gemini is pretty simple
i made my own server in like. one weekend
I love simple things ><
tomasino: your website is blocking tor exit nodes?
nevermind it loaded now
gopherlike, weblite
for fun and profit
to browse gemini (to get started), you can use the gemini gateway from tilde
gemini.tildeverse.org
tomasino: i just noticed that your short domain is "ino", so you could use tomas.ino.is
i could! but i also own tomasino.is and tomasino.org so ... ;)
(which my office firewall unhelpfully blocks).
I finally got my web/gemini setup working for The Transjovian Council. https://transjovian.org/ and gemini://transjovian.org/ both work with different certificates. No more port 1965 for the web (which resulted in conflicts with web browers or gemini browsers depending on whether I used a self-signed cert or not), no more port 1966 for the web
kensanata's link to 'https://transjovian.org/'
kensanata's link to 'gemini://transjovian.org/'
I'm always surprised that people still connect to the MUSH gemini://campaignwiki.org/play/ijirait/type?who
kensanata's link to 'gemini://campaignwiki.org/play/ijirait/type?who'
the gemini url currently gives me incomplete headers with Lagrange
alexlehm: Strange. I see no problems. The gemini://transjovian.org/ URL? I'm using Lagrange Version 1.13.7. Perhaps I should make another build?
kensanata's link to 'gemini://transjovian.org/'
the one with /play/
that campaignwiki.org link isn't returning anything it seems
maybe I should have a checker script people can use to test if it is just them or not
i use a web-gemini page to check usually
maybe a gemini proxy?
righ
gemini.tildeverse.org
Ah, my servers end up blocking almost all web proxies because the web proxies don't handle 44 SLOW DOWN and so they're incrementally blocked for longer and longer.
As soon as a search engine discovers the web proxy and starts indexing, it eventually triggers the trap… and then everybody else using the web proxy is blocked along with them.
its not working from my windows ip either or from my shared linux host
i do have robots blocking gemini.tildeverse.org, so hopefully you won't get any search traffic through that entryway
Let me check the logs.
OK, alexlehm. You found another bug. :D
he's good at that
Apparently I never triggered it because there's a character for my client certificate, but using a cheap command line script, the client gets no reply and the server crashes: "Main process exited, code=killed, status=11/SEGV"
Wow.
haha
i have written the most simple test script that just calls openssl s_client, that has found a lot of bugs in my stuff
Sadly, it works if I contact my server at home. "60 You need a client certificate to play" How strange.
I think I know what my problem is.
Remember how I bragged about having finally resolved the HTTPS/gemini dual hosting situation.
Well, that involved the web server acting as reverse proxy and the gemini server running HTTP.
And so whenever there is code that wants to know whether you are logged in… it's actually not an encrypted socket.
And all bets are off.
Fuuuuuuh
Hm.
Waitaminute. That's not right.
proxying client certs likely will not work
or it requires alpn-based proxying which does not really terminate the tls connection, which supposedly works with nginx, but i have not tried that
I think the problem is somewhere else. As far as I can tell, the Perl library is broken somehow (ever since the Debian 12 upgrade?). The IO::Socket::SSL get_fingerprint() crashes.
And leads into the OpenSSL innards.
Uuugh
major perl version changes or openssl updates could cause problems
Indeed. Skimming https://www.openssl.org/docs/man3.0/man7/migration_guide.html
kensanata's link to 'https://www.openssl.org/docs/man3.0/man7/migration_guide.html'
When I think of all the hassle TSL has given me over the Gemini years, I wonder if it was worth it.
Probably not.
should have rolled our own crypto. ;)
both have their bad points
Should have stuck to Gopher and Spartan.
allowing the NSA and your ISP to do all sorts of naughty things
should have never come down from the trees
crawled out of the ocean*
replicated molecules*