💾 Archived View for gemi.dev › gemini-mailing-list › 000677.gmi captured on 2023-11-04 at 13:02:08. Gemini links have been rewritten to link to archived content

View Raw

More Information

➡️ Next capture (2023-12-28)

-=-=-=-=-=-=-

gemini browsers

Jose Cruz <jlcruz2318 (a) gmail.com>

Hi. I have a question regarding the gemini browsers. I came across gemini
recently and I was wondering about the browsers.

Please correct me if I am wrong in any of my understandings.

It seems one of the key components of the gemini project is that once the
client makes a request to the server, the server fills the request and then
the connection closes.

Also - gemini does not have inline image displays.

My question is - would it be against gemini protocol to build a browser
that would be able to open audio files or http audio streams as well as
image files in the same window? Or - has this already been done?

Thank you!

Link to individual message.

Nikolay Korotkiy <sikmir (a) gmail.com>

Lagrange supports playing audio.

Jose Cruz kirjoitti 9.2.2021 klo 20.18:
> Hi. I have a question regarding the gemini browsers. I came across 
> gemini recently and I was wondering about the browsers.
> 
> Please correct me if I am wrong in any of my understandings.
> 
> It seems one of the key components of the gemini project is that once 
> the client makes a request to the server, the server fills the request 
> and then the connection closes.
> 
> Also - gemini does not have inline image displays.
> 
> My question is - would it be against gemini protocol to build a browser 
> that would be able to open audio files or http audio streams as well as 
> image files in the same window? Or - has this already been done?
> 
> Thank you!

-- 
Best regards,
Nikolay

Link to individual message.

Thomas Adam <thomas.adam22 (a) gmail.com>

On Tue, 9 Feb 2021 at 17:18, Jose Cruz <jlcruz2318 at gmail.com> wrote:
>
> Also - gemini does not have inline image displays.
>
> My question is - would it be against gemini protocol to build a browser 
that would be able to open audio files or http audio streams as well as 
image files in the same window? Or - has this already been done?

Why?  It's up to the browser to decide that behaviour.  Lagrange (from
a graphical browser) displays things in-line, but can be told not to.

As for console browsers, doing that becomes harder, and not worthwhile.

-- Thomas

Link to individual message.

Omar Polo <op (a) omarpolo.com>


Jose Cruz <jlcruz2318 at gmail.com> writes:

> Hi. I have a question regarding the gemini browsers. I came across gemini
> recently and I was wondering about the browsers.
>
> Please correct me if I am wrong in any of my understandings.
>
> It seems one of the key components of the gemini project is that once the
> client makes a request to the server, the server fills the request and then
> the connection closes.
>
> Also - gemini does not have inline image displays.
>
> My question is - would it be against gemini protocol to build a browser
> that would be able to open audio files or http audio streams as well as
> image files in the same window? Or - has this already been done?
>
> Thank you!

In theory, a client can do whatever it wants.  There are some guidelines
that defines "best practices" that client authors should follow (like
don't make requests behind the user back etc).

There is at least one browser that I know, Lagrange[0], that is able to
display images inline (upon user request), but there can be others too.

Cheers,

[0]: https://gmi.skyjake.fi/lagrange/

Link to individual message.

Jose Cruz <jlcruz2318 (a) gmail.com>

Got it. Thanks everyone! Just wanted to make sure I wasn't

On Tue, Feb 9, 2021, 12:27 PM Omar Polo <op at omarpolo.com> wrote:

>
> Jose Cruz <jlcruz2318 at gmail.com> writes:
>
> > Hi. I have a question regarding the gemini browsers. I came across gemini
> > recently and I was wondering about the browsers.
> >
> > Please correct me if I am wrong in any of my understandings.
> >
> > It seems one of the key components of the gemini project is that once the
> > client makes a request to the server, the server fills the request and
> then
> > the connection closes.
> >
> > Also - gemini does not have inline image displays.
> >
> > My question is - would it be against gemini protocol to build a browser
> > that would be able to open audio files or http audio streams as well as
> > image files in the same window? Or - has this already been done?
> >
> > Thank you!
>
> In theory, a client can do whatever it wants.  There are some guidelines
> that defines "best practices" that client authors should follow (like
> don't make requests behind the user back etc).
>
> There is at least one browser that I know, Lagrange[0], that is able to
> display images inline (upon user request), but there can be others too.
>
> Cheers,
>
> [0]: https://gmi.skyjake.fi/lagrange/
>

Link to individual message.

Ben Bader <ben (a) bendb.com>

My personal take is that user privacy and control are cornerstone
principles of the Gemini project, and to me that implies that user agents
should maximize user choice.  Auto-loading images could lead to user
tracking, and users should be in charge of when and how they expose
themselves to such.

But then again, who would use a web browser that didn't show pictures?  Not
many.

A pragmatic choice (and one I'm taking in my own browser) is to have a
setting to enable inline image display.

Just my two cents.
Ben

On Tue, Feb 9, 2021 at 10:27 AM Omar Polo <op at omarpolo.com> wrote:

>
> Jose Cruz <jlcruz2318 at gmail.com> writes:
>
> > Hi. I have a question regarding the gemini browsers. I came across gemini
> > recently and I was wondering about the browsers.
> >
> > Please correct me if I am wrong in any of my understandings.
> >
> > It seems one of the key components of the gemini project is that once the
> > client makes a request to the server, the server fills the request and
> then
> > the connection closes.
> >
> > Also - gemini does not have inline image displays.
> >
> > My question is - would it be against gemini protocol to build a browser
> > that would be able to open audio files or http audio streams as well as
> > image files in the same window? Or - has this already been done?
> >
> > Thank you!
>
> In theory, a client can do whatever it wants.  There are some guidelines
> that defines "best practices" that client authors should follow (like
> don't make requests behind the user back etc).
>
> There is at least one browser that I know, Lagrange[0], that is able to
> display images inline (upon user request), but there can be others too.
>
> Cheers,
>
> [0]: https://gmi.skyjake.fi/lagrange/
>

Link to individual message.

Omar Polo <op (a) omarpolo.com>


Ben Bader <ben at bendb.com> writes:

> My personal take is that user privacy and control are cornerstone
> principles of the Gemini project, and to me that implies that user agents
> should maximize user choice.  Auto-loading images could lead to user
> tracking, and users should be in charge of when and how they expose
> themselves to such.

I completely agree with you, I just wanted to emphasise that it's
an important cultural thing, as nothing really prevents clients to start
auto-downloading images, pre-fetching pages and all that evil stuff.

> But then again, who would use a web browser that didn't show pictures?  Not
> many.
>
> A pragmatic choice (and one I'm taking in my own browser) is to have a
> setting to enable inline image display.
>
> Just my two cents.
> Ben

Link to individual message.

nervuri <nervuri (a) disroot.org>

February 9, 2021 5:44 PM, Ben Bader wrote:

> But then again, who would use a web browser that didn't show pictures? Not many.
> 
> A pragmatic choice (and one I'm taking in my own browser) is to have a 
setting to enable inline image display.

To preserve privacy, it's best to only display inline images from the same host.

Displaying inline images at all goes somewhat against the vision for 
Gemini (see the FAQ [1]), but as long as it's constrained to the same 
host, and to a reasonable file size, I don't see anything wrong with it.

[1] gemini://gemini.circumlunar.space/docs/faq.gmi

Link to individual message.

Stephane Bortzmeyer <stephane (a) sources.org>

On Tue, Feb 09, 2021 at 06:50:52PM +0100,
 Omar Polo <op at omarpolo.com> wrote 
 a message of 21 lines which said:

> I just wanted to emphasise that it's an important cultural thing, as
> nothing really prevents clients to start auto-downloading images,
> pre-fetching pages and all that evil stuff.

Pre-fetching images THAT ARE ON THE SAME CAPSULE could be good for
privacy, because it would deprive the capsule's admin of some
knowledge (no way to know if the user really clicked).

Link to individual message.

nervuri <nervuri (a) disroot.org>

February 9, 2021 8:06 PM, nervuri wrote:

> Displaying inline images at all goes somewhat against the vision for 
Gemini (see the FAQ [1]), but as long as it's constrained to the same 
host, and to a reasonable file size, I don't see anything wrong with it.

Come to think of it, I do.

1. Increased browser complexity and attack surface.  Think of buffer 
overflows in graphics libraries.

2. Inline GIFs...  Distracting ads aside, I remember that time when a 
bunch of imbeciles targeted an epilepsy website with flashing animations 
in order to provoke seizures.  Let's not allow for any of that.  At the 
very least, inline GIFs should not auto-play.

3. Size bombs, the solution to which can lead to browser fingerprinting.  
A gemtext page may link to enormous images.  Downloading them without the 
user's consent would be wrong, at least on limited mobile data 
connections.  So a responsible browser developer might limit the total 
size of inline images on each page.  But if each browser has a different 
size limit, servers can identify the user agent by checking how much of 
the payload was downloaded.  And if the size limit is user-configurable, 
those who change the setting can be fingerprinted... and we're back to the web.

February 10, 2021 8:23 AM, Stephane Bortzmeyer wrote:

> Pre-fetching images THAT ARE ON THE SAME CAPSULE could be good for 
privacy, because it would deprive the capsule's admin of some knowledge 
(no way to know if the user really clicked).

I don't think this information is sensitive enough to warrant the 
complications outlined above.

So my recommendation to all Gemini browsers is to *follow the spec* and 
not display inline images:

> clients MUST NOT automatically make any network connections as part of 
displaying links whose scheme corresponds to a network protocol (e.g. 
links beginning with gemini://, gopher://, https://, ftp:// , etc.).

gemini://gemini.circumlunar.space/docs/specification.gmi

The one exception I find acceptable regards web proxies, like 
https://proxy.vulpes.one/ . This is because they can block or resize huge 
images server-side, to avoid #3.  They can also block GIFs or put them 
behind static images, to tackle #2.  And #1 is already present in web browsers.

Link to individual message.

colecmac@protonmail.com <colecmac (a) protonmail.com>

Hello,

Section 5.4.2 of the Gemini spec states:

 > clients MUST NOT automatically make any network connections as part of
 > displaying links whose scheme corresponds to a network protocol

So Gemini clients can display things however they want, but you can't make a 
compliant client that automatically loads images.

 > My question is - would it be against gemini protocol to build a browser that
 > would be able to open audio files or http audio streams as well as image files
 > in the same window? Or - has this already been done?

In the same window? Sure! Just not automatically. The Lagrange client already 
does this with audio and images. If you click a link that leads to one of those 
file types, it will open a player or image viewer inline with the document.

https://gmi.skyjake.fi/lagrange/

Hope this answers your question.

makeworld

Link to individual message.

Thomas Frohwein <tfrohwein (a) fastmail.com>

On Sun, Feb 14, 2021 at 05:10:05AM +0000, colecmac at protonmail.com wrote:
> Hello,
> 
> Section 5.4.2 of the Gemini spec states:
> 
>  > clients MUST NOT automatically make any network connections as part of
>  > displaying links whose scheme corresponds to a network protocol
> 

adding the rest of that paragraph:

> [...] (e.g. links beginning with gemini://, gopher://, https://, ftp:// , etc.).

This reads to me as though automatically displaying links _without_ a network
protol (e.g. gemini://, gopher://, https://, etc.) would be okay. That sounds
like it applies to relative links pointing to a resource on the same domain
with the same protocol.

> [...]

Link to individual message.

John Cowan <cowan (a) ccil.org>

On Sun, Feb 14, 2021 at 12:23 AM Thomas Frohwein <tfrohwein at fastmail.com>
wrote:


> >  > clients MUST NOT automatically make any network connections as part of
> >  > displaying links whose scheme corresponds to a network protocol
> >
>
> adding the rest of that paragraph:
>
> > [...] (e.g. links beginning with gemini://, gopher://, https://, ftp://
> , etc.).
>
> This reads to me as though automatically displaying links _without_ a
> network
> protol (e.g. gemini://, gopher://, https://, etc.) would be okay. That
> sounds
> like it applies to relative links pointing to a resource on the same domain
> with the same protocol.
>

I don't think so, though the wording is ambiguous.  I take it to refer to
both explicit and implicit schemes, but to allow automatic fetching of
file: links, about: links, and others that don't involve the Internet.


John Cowan          http://vrici.lojban.org/~cowan        cowan at ccil.org
Objective consideration of contemporary phenomena compel the conclusion
that optimum or inadequate performance in the trend of competitive
activities exhibits no tendency to be commensurate with innate capacity,
but that a considerable element of the unpredictable must invariably be
taken into account. --Ecclesiastes 9:11, Orwell/Brown version

Link to individual message.

Nathan Galt <mailinglists (a) ngalt.com>



> On Feb 13, 2021, at 9:23 PM, Thomas Frohwein <tfrohwein at fastmail.com> wrote:
> 
> On Sun, Feb 14, 2021 at 05:10:05AM +0000, colecmac at protonmail.com wrote:
>> Hello,
>> 
>> Section 5.4.2 of the Gemini spec states:
>> 
>>> clients MUST NOT automatically make any network connections as part of
>>> displaying links whose scheme corresponds to a network protocol
>> 
> 
> adding the rest of that paragraph:
> 
>> [...] (e.g. links beginning with gemini://, gopher://, https://, ftp:// , etc.).
> 
> This reads to me as though automatically displaying links _without_ a network
> protol (e.g. gemini://, gopher://, https://, etc.) would be okay. That sounds
> like it applies to relative links pointing to a resource on the same domain
> with the same protocol.
> 
>> [...]

This sounds like an implicit thumbs-up to data:image/png;base64,? URLs, 
for better or for worse.

Link to individual message.

---

Previous Thread: Re outreach and YouTubers

Next Thread: Some thoughts on Gemini from a new user