Microblogging via Gemini: a sketch
Here's a quick sketch for an idea I've been toying with for an ultralight, totally decentralised, self-hosted "microblogging" (in the style of Twitter, Mastodon, Pleroma, whatever) system built around Gemini. Please consider reading it even if you're not remotely into microblogging, because I think it's still a neat example of how Gemini's client certificate and prompted input ideas can be combined to do useful things in a quick and easy way.
So, the sketch:
- Your "account" is nothing more than an Atom feed (yep, I like me some feeds), served over Gemini, each entry of which is the equivalent of a tweet, toot, whatever.
- People "follow" you by subscribing to your feed with the Gemini-supporting feed reader of their choice. There's no easy way for you to know exactly how many followers you have. This is fine. People can follow you without having an "account" of their own. This is wonderful.
- If you just want to share you thoughts with a small circle of friends, you can protect your account feed by having its URL requiring a client certificate. Your friends can generate a self-signed certificate and tell you its fingerprint via whatever you and your friends' personal favourite out-of-band means of communication is. You add them to a whitelist and that's it. This is a very safe environment in which to use fingerprinting of long-life certificates: if your friend's hard drive dies one day and they didn't back up their certs and keys, they can just make a new one and tell you about it, no drama.
- You "post" to your feed using a URL which returns status code 10 and prompts you for your tweet/toot/thing (so there's a 1024 byte limit on twoots). The posting URL is, again, client certificate protected, this time so that only *you* can access it. You can whitelist multiple certificates, so that you can post from multiple devices, or so that multiple people can post to a single feed, e.g. if the feed belongs to a project or organisation.
- You can retweet/boost somebody else's twoot by just inserting it into your own feed. The <author> element and different domain in the <link> element make it clear it's not one of your own twoots.
- If you want, you can receive notifications of replies to your twoots via something like the mechanism outlined in my previous post, linked below. This is strictly an optional add-on.
Replies in Geminispace
Obviously this is not as capable as a "real" microblogging platform, but it should be perfectly usable for those with modest enough ambitions. I freely grant that this is not the most exciting thing that ever hit the internet, in terms of what it actually does. But I'm excited about how tremendously easy Gemini makes stuff like this. The server and client do all the heavy-lifting of authentication via TLS: the server can just pass along the client certificate fingerprint as an (S)CGI variable and all the app itself has to do is check that fingerprint against a whitelist. No cookies, no salting and hashing passwords. Getting input from the user is just a matter of sending status code 10 and a prompt. This interface is usable from within a standard Gemini client, which on the web would require sending a small pile of tags (<html>, <body>, <form>, <input>,...) which would surely be larger than the prompt itself. Grabbing a single line of text from the user is an extremely cheap operation in Gemini. It's easy to do in Gopher, too, but reliably restricting access to the URL for doing it is not, so you have to rely on security-by-obscurity and hope nobody guesses the URL (which travels in the clear as part of a Gopher request). Cute little apps like this can be simple *and* secure with Gemini, which feels genuinely novel. I'm excited to see people start exploring their potential.