author: @sprock
I don't think I've mentioned it anywhere since it basically duplicates information available on the capsule's root page, but I added a security.txt file to my capsule a few months back, as described in:
Why you should add security.txt to your capsule
My birthday is on tuesday, and I am looking forward to (at least) my present for myself, which is due to arrive tomorrow. I suspect that any other gifts will arrive late, as my sister was just asking what I wanted on the call today.
It's sunday, which means I had a family call today. It's a tradition that one of my older sisters started at the beginning of COVID, with a video call each weekend for everyone that could make it. Usually, this happens in the morning over coffee (or over a second cup for those out east), but today's call was delayed as my parents are on a cruise and couldn't make the usual time. I was sitting outside enjoying the weather during the call, but shortly after it ended a thunderstorm blew in and I had to calm my over-anxious dog.
I have tentatively set LetsEncrypt to reuse the key when renewing from now on, which may help some TOFU-only clients. I am still reluctant to fully commit to TOFU, but I understand that is the most common client behaviour. Maybe it would be worth working out and showing how to implement a simple, automatic CA-fallback when there is a new certificate that is not trusted.
Something triggered runaway CPU usage in my server process. I've stopped it and restarted it with a profiler attached, but I think it's in my path normalization code, as that is the only loop without blocking file I/O involved. We will see if the problem reöccurs, as it didn't start immediately.
When I made this capsule, I intentionally chose to use a CA-signed certificate (from LetsEncrypt) instead of a self-signed certificate. Mainly, this is because I don't love the usage of TOFU and would ideally like clients to use CAs like Lagrange: accepting certificates on a TOFU basis, but verifying changed certificates with the CA. In recognition of the fact that TLS libraries make this non-trivial, I am considering (but not yet ready to commit to) changing my stance. If LetsEncrypt's short expiration times become bothersome, feel free to let me know.
I've been getting occasional HTTP requests to my capsule ("GET / HTTP/1.1"). I don't know how this happens: to my knowledge, there is not link here from HTTP land, so they must support gemini:// to find the capsule in the first place (and using the default gemini:// port, despite it being absent from URLs). These requests are in my logs with the spaces percent-encoded which baffled me at first, but I think this is a consequence of me parsing the URL before logging it, not the client making the request.