💾 Archived View for gemi.dev › gemini-mailing-list › 001072.gmi captured on 2024-05-12 at 16:22:46. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-12-28)

-=-=-=-=-=-=-

A Writeable Gemini

1. Mansfield (mansfield (a) ondollo.com)

All,

Hello! :-)

It's been a while, but someone referenced something I said and... that's
awesome!! :-D

I wanted to share references to my response (however short it is for now)
with the mailing list, to support further discussion in Gemlogs. I still
haven't found a Gemini-worthy 'cross-link' solution that I like... so...
this list is it. :shrug:

One of the things I said:
   gemini://gemi.dev/gemini-mailing-list/messages/005353.gmi
The reference to it:
   gemini://skyjake.fi/gemlog/2021-11_re-making-gemini-easy.gmi

https://gem.ondollo.com/external/skyjake.fi/gemlog/2021-11_re-making-gemini-easy.gmi
My limited response:
   gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem

Thanks for remembering me skyjake! :-)

-Mansfield

Link to individual message.

2. Balázs Botond (balazsbotond (a) gmail.com)

Hi,

On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com> wrote:
> My limited response:
>    gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem

There's a problem with the certificate at ondollo.com so your link doesn't work.

Botond

Link to individual message.

3. Mansfield (mansfield (a) ondollo.com)

On Tue, Nov 9, 2021 at 2:16 AM Balázs Botond <balazsbotond@gmail.com> wrote:

> Hi,
>
> On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com> wrote:
> > My limited response:
> >    gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem
>
> There's a problem with the certificate at ondollo.com so your link
> doesn't work.
>
> Botond
>

Oh... interesting... the classic "works for me"... well, here's the cert
from the Mozz proxies perspective:

https://portal.mozz.us/gemini/ondollo.com?crt=1

I wonder what's wrong with it? Mozz doesn't load the site either...

I guess I gave a poor link as well... the spaces weren't encoded. Does this
link work for you? gemini://
ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem

Link to individual message.

4. Mansfield (mansfield (a) ondollo.com)

On Tue, Nov 9, 2021 at 6:46 PM Mansfield <mansfield@ondollo.com> wrote:

> On Tue, Nov 9, 2021 at 2:16 AM Balázs Botond <balazsbotond@gmail.com>
> wrote:
>
>> Hi,
>>
>> On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com> wrote:
>> > My limited response:
>> >    gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem
>>
>> There's a problem with the certificate at ondollo.com so your link
>> doesn't work.
>>
>> Botond
>>
>
> Oh... interesting... the classic "works for me"... well, here's the cert
> from the Mozz proxies perspective:
>
> https://portal.mozz.us/gemini/ondollo.com?crt=1
>
> I wonder what's wrong with it? Mozz doesn't load the site either...
>
> I guess I gave a poor link as well... the spaces weren't encoded. Does
> this link work for you? gemini://
> ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem
>
>
>
I tweaked the server to accept connections that don't provide a cert -
seems to have turned the Mozz close_notify red x to a green checkmark.

Maybe now things will work better for you (and others with similar clients,
no doubt).

Many thanks for letting me know that that was broken!

Link to individual message.

5. babiak (babiak (a) disroot.org)


According to Lagrange, the problem appears to be a domain name mismatch. 
It also says it isn't trusted, but I expect that that's because of the previous problem.

On 10/11/2021 08:25, Mansfield wrote:
> On Tue, Nov 9, 2021 at 6:46 PM Mansfield <mansfield@ondollo.com 
<mailto:mansfield@ondollo.com>> wrote:
> 
>     On Tue, Nov 9, 2021 at 2:16 AM Balázs Botond <balazsbotond@gmail.com
>     <mailto:balazsbotond@gmail.com>> wrote:
> 
>         Hi,
> 
>         On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com
>         <mailto:mansfield@ondollo.com>> wrote:
>          > My limited response:
>          >    gemini://ondollo.com/~/mansfield/A
>         <http://ondollo.com/~/mansfield/A> Writeable Gemini.gem
> 
>         There's a problem with the certificate at ondollo.com
>         <http://ondollo.com> so your link doesn't work.
> 
>         Botond
> 
> 
>     Oh... interesting... the classic "works for me"... well, here's the
>     cert from the Mozz proxies perspective:
> 
>     https://portal.mozz.us/gemini/ondollo.com?crt=1
>     <https://portal.mozz.us/gemini/ondollo.com?crt=1>
> 
>     I wonder what's wrong with it? Mozz doesn't load the site either...
> 
>     I guess I gave a poor link as well... the spaces weren't encoded.
>     Does this link work for
>     you? gemini://ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem
>     <http://ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem>
> 
> 
> 
> I tweaked the server to accept connections that don't provide a cert - 
seems to have turned the Mozz close_notify red x to a green checkmark.
> 
> Maybe now things will work better for you (and others with similar clients, no doubt).
> 
> Many thanks for letting me know that that was broken!

-- -------------------------
Gemini capsule: babiak.duckdns.org

Link to individual message.

6. defdefred (defdefred (a) protonmail.com)

Hello,

 From Lagrange:

Domain NAme Mismatch (CN = self)

🙅 Untrusted Server
Connection to the server was cancelled because its TLS certificate does 
not match the one we trust. Please check if the server has announced a 
certificate change. If not, it is possible that a malicious third party is 
masquerading as the server you tried to reach.

The certificate can be marked as trusted in Page Information.

Regards,

Sent with [ProtonMail](https://protonmail.com/) Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, November 10th, 2021 at 07:25, Mansfield <mansfield@ondollo.com> wrote:

> On Tue, Nov 9, 2021 at 6:46 PM Mansfield <mansfield@ondollo.com> wrote:
>
>> On Tue, Nov 9, 2021 at 2:16 AM Balázs Botond <balazsbotond@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com> wrote:
>>>> My limited response:
>>>> gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem
>>>
>>> There's a problem with the certificate at ondollo.com so your link doesn't work.
>>>
>>> Botond
>>
>> Oh... interesting... the classic "works for me"... well, here's the 
cert from the Mozz proxies perspective:
>>
>> https://portal.mozz.us/gemini/ondollo.com?crt=1
>>
>> I wonder what's wrong with it? Mozz doesn't load the site either...
>>
>> I guess I gave a poor link as well... the spaces weren't encoded. Does 
this link work for you? gemini://ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem
>
> I tweaked the server to accept connections that don't provide a cert - 
seems to have turned the Mozz close_notify red x to a green checkmark.
>
> Maybe now things will work better for you (and others with similar clients, no doubt).
>
> Many thanks for letting me know that that was broken!

Link to individual message.

7. Omar Polo (op (a) omarpolo.com)


Mansfield <mansfield@ondollo.com> writes:

> On Tue, Nov 9, 2021 at 6:46 PM Mansfield <mansfield@ondollo.com> wrote:
>
>  On Tue, Nov 9, 2021 at 2:16 AM Balázs Botond <balazsbotond@gmail.com> wrote:
>
>  Hi,
>
>  On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com> wrote:
>  > My limited response:
>  >    gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem
>
>  There's a problem with the certificate at ondollo.com so your link doesn't work.
>
>  Botond
>
>  Oh... interesting... the classic "works for me"... well, here's the 
cert from the Mozz proxies perspective:
>
>  https://portal.mozz.us/gemini/ondollo.com?crt=1
>
>  I wonder what's wrong with it? Mozz doesn't load the site either...
>
>  I guess I gave a poor link as well... the spaces weren't encoded. Does 
this link work for you?
>  gemini://ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem
>
> I tweaked the server to accept connections that don't provide a cert - 
seems to have turned the Mozz close_notify red x to a green
> checkmark.
>
> Maybe now things will work better for you (and others with similar clients, no doubt).
>
> Many thanks for letting me know that that was broken! 

It's still broken unfortunately.  While it's true that the certificate
doesn't include the domain name:

% printf 'gemini://ondollo.com\r\n' | nc -Tnoverify -c ondollo.com 1965
nc: tls handshake failed (name `ondollo.com' not present in server certificate)

even if I throw a -noname at it (which disables the certificate name
checking) the reply is still empty :/

% printf 'gemini://ondollo.com\r\n' | nc -Tnoverify -Tnoname -c ondollo.com 1965
% echo $?
0

Link to individual message.

8. Mansfield (mansfield (a) ondollo.com)

On Wed, Nov 10, 2021 at 4:19 AM Omar Polo <op@omarpolo.com> wrote:

>
> Mansfield <mansfield@ondollo.com> writes:
>
> > On Tue, Nov 9, 2021 at 6:46 PM Mansfield <mansfield@ondollo.com> wrote:
> >
> >  On Tue, Nov 9, 2021 at 2:16 AM Balázs Botond <balazsbotond@gmail.com>
> wrote:
> >
> >  Hi,
> >
> >  On Tue, Nov 9, 2021 at 2:39 AM Mansfield <mansfield@ondollo.com> wrote:
> >  > My limited response:
> >  >    gemini://ondollo.com/~/mansfield/A Writeable Gemini.gem
> >
> >  There's a problem with the certificate at ondollo.com so your link
> doesn't work.
> >
> >  Botond
> >
> >  Oh... interesting... the classic "works for me"... well, here's the
> cert from the Mozz proxies perspective:
> >
> >  https://portal.mozz.us/gemini/ondollo.com?crt=1
> >
> >  I wonder what's wrong with it? Mozz doesn't load the site either...
> >
> >  I guess I gave a poor link as well... the spaces weren't encoded. Does
> this link work for you?
> >  gemini://ondollo.com/~/mansfield/A%20Writeable%20Gemini.gem
> >
> > I tweaked the server to accept connections that don't provide a cert -
> seems to have turned the Mozz close_notify red x to a green
> > checkmark.
> >
> > Maybe now things will work better for you (and others with similar
> clients, no doubt).
> >
> > Many thanks for letting me know that that was broken!
>
> It's still broken unfortunately.  While it's true that the certificate
> doesn't include the domain name:
>
> % printf 'gemini://ondollo.com\r\n' | nc -Tnoverify -c ondollo.com 1965
> nc: tls handshake failed (name `ondollo.com' not present in server
> certificate)
>
> even if I throw a -noname at it (which disables the certificate name
> checking) the reply is still empty :/
>
> % printf 'gemini://ondollo.com\r\n' | nc -Tnoverify -Tnoname -c
> ondollo.com 1965
> % echo $?
> 0
>
>
Well, thanks for all the responses - turns out I had a few bits that needed
adjusting beyond the common_name one.

For anyone else caught in a tls debug process and wanting an easy way to
test their server, I ended up using a command like this:

 ```
echo -e "/\r\n" | openssl s_client -crlf -connect domain.tld:1965 -ign_eof
 ```

That command alone won't get you all the way there, but it could help. It
also helps that Gemini clients tend to not be complicated to get going with.

Hopefully everything is accessible now!

Link to individual message.

9. Balázs Botond (balazsbotond (a) gmail.com)

On Thu, Nov 11, 2021 at 7:53 AM Mansfield <mansfield@ondollo.com> wrote:
>
> Hopefully everything is accessible now!

Can confirm.

Btw, what was the motivation to limit input length to 1024 bytes in
the first place? I can't find anything about it in either the FAQ or
the specification.

Link to individual message.

10. skyjake (skyjake (a) dengine.net)

On 11. Nov 21, at 9.17, Balázs Botond <balazsbotond@gmail.com> wrote:
> 
> Btw, what was the motivation to limit input length to 1024 bytes in
> the first place? I can't find anything about it in either the FAQ or
> the specification.

Here's a relevant post from the archives where Solderpunk comments on the 
limit: gemini://gemi.dev/gemini-mailing-list/messages/001672.gmi 

IMO, uploading content via URL query strings is not a great idea because 
you must percent-encode all of it, and that can increase the size quite a 
bit. Better to use alternate methods to upload a "raw" octet stream.

--jaakko

Link to individual message.

11. (indieterminacy (a) libre.brussels)


skyjake <skyjake@dengine.net> writes:

> On 11. Nov 21, at 9.17, Balázs Botond <balazsbotond@gmail.com> wrote:
>> 
>> Btw, what was the motivation to limit input length to 1024 bytes in
>> the first place? I can't find anything about it in either the FAQ or
>> the specification.
>
> Here's a relevant post from the archives where Solderpunk comments on 
the limit: gemini://gemi.dev/gemini-mailing-list/messages/001672.gmi 
>
An interesting thread to read, ta!

> IMO, uploading content via URL query strings is not a great idea
> because you must percent-encode all of it, and that can increase the
> size quite a bit. Better to use alternate methods to upload a "raw"
> octet stream.

I must admit having not touched octet streams before (whether raw or
well-cooked), what am I missing out on? Does anybody have pointers/suggestions?

I noticed a nice downstream post from Sean Conner, concerning his
experience publishing via emails to his server
=> gemini://gemi.dev/gemini-mailing-list/messages/001722.gmi 2020-06-16 
gemini+submit:// (was Re: Uploading Gemini content)

I get this approach a little more readily. Im wondering whether a
public-inbox type approach would be interesting:
=> https://public-inbox.org/

Equally so, given its symbiosis with Grokmirror
=> https://github.com/mricon/grokmirror
>
> --jaakko


Jonathan

Link to individual message.

12. (tidux (a) sdf.org)

On Thu, Nov 11, 2021 at 03:50:47PM +0200, skyjake wrote:
> On 11. Nov 21, at 9.17, Balázs Botond <balazsbotond@gmail.com> wrote:
> > 
> > Btw, what was the motivation to limit input length to 1024 bytes in
> > the first place? I can't find anything about it in either the FAQ or
> > the specification.
> 
> Here's a relevant post from the archives where Solderpunk comments on 
the limit: gemini://gemi.dev/gemini-mailing-list/messages/001672.gmi 
> 
> IMO, uploading content via URL query strings is not a great idea because 
you must percent-encode all of it, and that can increase the size quite a 
bit. Better to use alternate methods to upload a "raw" octet stream.
> 
> --jaakko

An IPFS hash is guaranteed to be under 1024 characters so treat that as
passing a pointer rather than passing by value for uploads.  This
doesn't work for private data, but if you need secure uploads of private
files you probably want a system that's not Gemini anyways.

Link to individual message.

---

Previous Thread: May user-friendly link names be empty?

Next Thread: Geminispace Statistics Visualized