💾 Archived View for misfin.org › devlog › 2023-05-11.gmi captured on 2024-05-26 at 14:50:12. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-05-24)
-=-=-=-=-=-=-
Didn't source that claim and I ain't checking. Feels like it's been a week. And what a week it was!
Satch, jthrig, and alexlehm were the first three people to implement mailservers/clients and send me letters, big ups to them. (All of them also managed to break my mailserver at least once 🎉)
If you sent me something and I was rude and didn't respond, you might have been caught up in those bugs (especially if you were writing your own client - the spec was vague in a few places where it really had to not be...). Feel free to try again - the new mailserver's a lot more durable.
Work continues on real, """production""" Misfin tools. The next big improvement will be a server that can save mail on its own - I'm just piping the test server through tee right now. Wanted to implement the new line types before I went any further. After that, mailing lists, and then a torture test/debugging mailboxes for people to test against.
Python is my fuck-around language of choice, because it's a glutton for punishment and will do anything no questions asked. Want a string to be a gigabyte long? On it boss. Need to make some http requests? Sure it's a single line of code and we've taken the liberty of converting the JSON to a dictionary, just because we like you. One time I wrote a script that made Spotify playlists from the Billboard Top 100 charts, and the first two lines were literally `import spotify` and `import billboard`. It's a scripting language in the most delightful sense of the term.
So with that cavalier attitude I decided that Python would be the best choice to implement Misfin. I was still toying with the idea, didn't know where I was going with it, and wanted a language that would keep up. And it totally does, except for the black hole that is SSL.
See, Python includes a library that does SSL, but the way it's written, it's useless for Gemini-style servers. If you let it validate certificates, it checks them against the system CA chain, so self-signed certs are verboten. You can disable validation, but then it doesn't even prompt the client to send a certificate, so you can't implement TOFU either. There's another library, PyOpenSSL, that gives you more control over the handshake, but surprise! it's actually two packages now, `pyopenssl` and `cryptography`, and the documentation about this is lacking, and it works but it likes failing in unique and cryptic ways. It took me like two days just to get a stable certificate exchange working, then another afternoon to fix it when I decided to put the context setup in its own function, and it decided it didn't want to send certificates anymore.
Moral of the story, don't use Python if you want to use SSL without thinking. Smarter programmers than me might not have an issue with it, but I am not smarter programmers than me.