๐พ Archived View for bbs.geminispace.org โบ s โบ Gemini โบ 3744 captured on 2024-08-18 at 22:08:43. Gemini links have been rewritten to link to archived content
โฌ ๏ธ Previous capture (2024-06-16)
-=-=-=-=-=-=-
is there some tls implementation for small devicdes? there is a tcp stack in kon-tiki, and maybe other implementations. is it possible to use tls on some 8bit device with 64kb of memory? i am thinking of potential implementations on avr, 6502. i guess m68k may even run real openssl library?
2023-08-01 ยท 1 year ago
๐ Smokey ยท 2023-08-01 at 21:13:
if you consider pi zero and similar devices to be smol then there is the beppy device kelbot shared as well as pocketchip I am looking for beppy when it has a case for PCB. my kobo ereader has verry basic web browser which works well with portal.mozz.us
๐ norayr [OP] ยท 2023-08-02 at 16:17:
heh, something that can run linux (and my understanding that his device runs) is not small, since it can have openssl. i wonder how can we use gemini with smaller devices. let's say c64 can run gopher browser, and i guess i can write a spartan client (spartan doesn't use encryption, yes?) for such a machine. but gemini means tls encryption, and that is what i wonder.
๐ป solderpunk ยท 2023-08-02 at 19:00:
BearSSL (https://bearssl.org/) is designed for embedded devices and claims that a minimal server can take the form of a 20 kb binary that uses 25 kb of RAM. I don't know if anybody has built a Gemini client on top of it yet. I'd love to know if somebody has. I think AVRs and 6502/Z80s are right out of the question, but m68k is not only possible, it has been done, there is a Gemini client for some late model Amigas. There have also been a few people doing Gemini stuff on ESP8266 devices. I am interested in collecting resources on using very limited and/or very old devices for Gemini, and sometime this year I'll ask for help in setting up an official page for it.
๐ mbays ยท 2023-08-03 at 06:27:
gmni and gmnilm also use BearSSL (which also tripped me up in the same way it did michaelnordmeyer).
๐ป solderpunk ยท 2023-08-03 at 16:40:
@michaelnordmeyer Gosh darn it, I didn't want to hear that. Also on my TODO list for this year is to setup a TLS1.3 only, ED25519 certificate version of the official capsule on port 19650 and encourage people to try it out with as wide a range of clients and operating systems as possible to gather some good data on how feasible it would be to start encouraging migration in that direction. I sort of hoped that maybe we'd finally be getting close...
๐ dimkr ยท 2023-08-04 at 07:12:
Probably not as small as you'd like. My capsule was slow when I hosted it on ESP32, and even slower on a Pi Pico W. It works, but the handshake is very slow with EC. (Both with mbedtls, which is still limited to TLS 1.2.)
๐ Smokey ยท 2023-08-04 at 15:36:
@dimkr would the spartan protocol be a better fit for those kinds of devices since it does not do TLS?
๐ dimkr ยท 2023-08-05 at 05:46:
@Smokey In some ways, Spartan is a good alternative for small devices with static content (so no need for "authenticated users"), as long as the users use a client that supports Spartan and not just Gemini
๐ป solderpunk ยท 2023-08-05 at 09:30:
@smokey @dimkr For devices where TLS is really not possible, there's also the option of running something like Cosmarmot on a Pi on the same network, it translates Gemini stuff to Gopher. See https://git.carcosa.net/jmcbray/cosmarmot/
๐ dimkr ยท 2023-08-05 at 13:20:
@solderpunk (Seeing myself mentioned in your reply made me blush) Proxying is definitely an option, but I prefer not to add a "computer" that acts as a "TLS accelerator" for the Pico W running my Gemini capsule, and Gopher is not really an alternative (because of the fixed width and other limitations). I want to like Spartan but I'd prefer an "exactly Gemini minus the TLS" protocol supported by all conformant Gemini clients, for the sake of code reuse.