💾 Archived View for rawtext.club › ~sloum › geminilist › 006887.gmi captured on 2024-02-05 at 10:54:56. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

Malicious Links

ew.gemini ew.gemini at nassur.net

Sat Jul 10 15:22:21 BST 2021

- - - - - - - - - - - - - - - - - - - 

Hello,

Chris Brannon <chris at the-brannons.com> writes:

nothien at uber.space writes:
In Gemini, the restriction that information can only be sent to a server
by performing a request is considered a feature. However, this can
backfire by removing the need for user interaction, even when it is
absolutely necessary. Below, I provide an example to show why this
feature, combined with the existence of malicious links, can prevent (or
at least hinder) the sole use of TLS certificates in account-based sites
on Gemini.
I think having destructive operations (create, update, delete) running
over Gemini is probably a mistake to begin with, because it will lead
down the path of trying to build yet another application platform on top
of yet another document delivery system. They tried that trick in the
90s. Sadly it's still with us, and it's called the WWW.

Full ACK!

~ew

-- Keep it simple!