[HN Gopher] Gemini is a little gem ___________________________________________________________________ Gemini is a little gem Author : soapdog Score : 128 points Date : 2022-01-25 14:26 UTC (1 days ago) (HTM) web link (andregarzia.com) (TXT) w3m dump (andregarzia.com) | zepto wrote: | > The Web is your orchestral music, Gemini is low-fi chiptune. | | Likening the web to orchestral music is questionable. | boring_twenties wrote: | Noisecore might be a better comparison. | gwern wrote: | The other end is questionable too. IMO, Gemini has _too many_ | features to be the 'low-fi chiptune' of hypertext. Every time | I look at it, I come away thinking it is not in any sweet spot | but perhaps the worst of both worlds: too featureful to truly | foster creativity by constraint, and yet lacking entirely too | many features to compete with a simple robust Markdown static | site stack. | | If we wanted the pixel art or low-fi chiptune of hypertext, | both historically and in terms of esthetic, we'd be targeting | classic textfiles: 80-col ASCII art .txt (maaaybe with the | absolute bare minimum of adding a clickable link for navigation | to make up for the lack of a TUI BBS interface wrapping the | individual text files). | zepto wrote: | That's pretty much gopher already. | shuntress wrote: | > Since the markup language is so simple, it lowers the barrier | of entry for those wanting to produce content | | I see this as one of the major problems with The Web. | | It's just too technically difficult for a normal person to make a | useful reliable website. That naturally drives people from the | open web into closed web-replacements like facebook. | | EDIT: With that said. I can't really get behind something like | gemini whole-heartedly. It just feels like adding rendering | support to browsers for gemini style markdown and serving them | with appropriate Content-Type headers over regular HTTP would be | a better way to do it. | | EDIT 2: Or campaigning to add support for the protocol in common | browsers. That is, after all, why URLs include the protocol and I | know people here are extremely fond of bashing client | implementations for not displaying the protocol part of a URL. | [deleted] | lbotos wrote: | I think you are conflating two points. | | > It's just too technically difficult for a normal person to | make a useful reliable website. | | There are many hosting providers from the hostgators of the | world to wix and squarespace that make this pretty easy if you | want to _host_ content. | | > That naturally drives people from the open web into closed | web-replacements like facebook. | | The _social_ aspect is what drives people to social networks. | All of their friends are there. | | Many people don't want to just host content, they want chat, | video, messenger, photo storage. For those that don't need it | widely accessible, group chats seemed to have filled gap | between forum <-> text message/email. | shuntress wrote: | That all still relates to the technical difficulty of hosting | (and, to be a bit more specific, account/identity | management.) | | Facebook doesn't have some magic technical secret that makes | chat, video, messenger, storage, etc handled by their servers | somehow different than if it were handled by a server in your | home. | nine_k wrote: | Account and identity management is naturally slightly non- | trivial, once you consider things outside the happy path. | kkjjkgjjgg wrote: | What is Gemini? Google turns up a Bitcoin Exchange and lots of | astrology? | Jtsummers wrote: | There's a link to the description in the first paragraph of the | article, and elsewhere in this discussion already: | https://gemini.circumlunar.space/ | airstrike wrote: | Ironically, there are two current projects competing for the | Gemini name: the Winklevi's bitcoin exchange (indubitably named | after their twinship) and the more-than-a-protocol for a no- | frills version of the World Wide Web, which is what TFA is | talking about. | throw10920 wrote: | The problem isn't Gemini, the problem is Gemini marketing. | | Gemini enthusiasts (or, at least the ones I've seen posts from, | most notably ddevault) market Gemini as a replacement (edit: in | whole or part, it doesn't matter, the argument is the same) for | "the web". | | Then, when you point out that Gemini has basically none of the | features of "the web" (and is incapable of supporting the vast | majority of its content, and even the vast majority of its _good_ | content), they then say that "oh, you don't _need_ those | features, inline images are an anti-pattern! " Or something. | | The problem isn't that Gemini has no features, the problem is | that it's being marketed as a replacement (edit: in whole or in | non-trivial part, it doesn't matter) for the web, which is it | _clearly_ unsuited for. | | Gemini is bad at conveying almost any content except text, which | also means that it's unsuitable for scientific papers, education, | browser games, social media (even for less "social" social media, | like Reddit and HN, where you could be exchanging purely | technical information), web services, web applications | (disclaimer: I think that web applications are generally slow and | dumb, but I'd much rather use HN from my browser than download a | dedicated .deb just for it), wikis and encyclopedias, Stack | Overflow, search engines, and various other web things that your | life would be significantly less great without. | | So, by all means, use Gemini. Just don't say that it's a | "replacement" for the web (edit: not even part of it - Gemini | does so little that the comparison is entirely invalid), or | "better" than the web (or associated technology). It is its own | thing with its own community that is entirely complementary to | the web, and nothing more. | | If _you_ want to go back to the internet dark ages without | Wikipedia, Google, Stack Overflow, Compiler Explorer, and | Shadertoy, have fun - just don 't drag me down with you. | Gigachad wrote: | Gemini really seems like throwing the baby out with the bath | water. The primary gripe seems to be that they don't like | javascript and modern web tracking. But in the process they | lost inline links, images, video, and a bunch of other things | which are useful for reading static documents. | nathell wrote: | In 2019, I wrote about the need for a web of documents [0], | where I wrote about the importance of having static documents | and sketched another approach. | | Gemini is a web of documents. A rudimentary one, but very | content-focused - the signal-to-noise ratio is typically much | higher than on WWW. You can visit any capsule in the | Geminispace and have full confidence that it'll only serve | you gemtext to read. | | [0]: https://blog.danieljanus.pl/2019/10/07/web-of-documents/ | throw10920 wrote: | On a technological level, the web that we have now is _far_ | better suited to being a web of documents than Gemini is or | ever will be. | | It's one thing to say "we're going to build our own silo of | high-quality content", but another to intentionally cripple | its technical capabilities, which is what happened with | Gemini. | | Gemini, the protocol, is extremely bad even for making a | web of documents. | | Gemini, the network of content, might have a higher SNR | than the web - but that's no excuse for pushing a protocol | that is flat-out hostile to the transfer of information and | knowledge. | cartesius13 wrote: | This is probably the most annoying straw man argument against | Gemini. One of the first things you see in their official page | is: | | "Gemini is a new internet protocol which: | | Is heavier than gopher Is lighter than the web Will not replace | either" | | And if you hang out and talk to people using it you find out | that most, if not all, of them are well aware that Gemini will | not and can not replace the Web. | | Even Drew Devault has said this about Gemini: "Gemini does not | solve all of the web's problems, but it addresses a subset of | its use-cases better than the web does, and that excites me. I | want to discard the parts of the web that Gemini does better, | and explore other solutions for anything that's left of the web | which is worth keeping". And don't think anyone here in good | faith will say that this is "marketing Gemini as a Web | replacement". You are imagining these marketers and arguing | against them | throw10920 wrote: | > "I want to discard the parts of the web that Gemini does | better, and explore other solutions for anything that's left | of the web which is worth keeping" | | You conveniently left off the next part of that sentence: | "(hint: much of it is not)" It's pretty clear that ddevault | thinks that Gemini can replace a large fraction of the web | (which is the issue under dispute). | | The difference between "Gemini can replace the whole web", | "Gemini can replace a large fraction of the web", and "Gemini | can replace anything more than a vanishingly tiny sliver of | the web" is largely irrelevant, as all of them are false, and | my argument reads the same if you substitute either of those | other two phrases in. | agumonkey wrote: | to me what gemini lacks, is a sense of information ergonomics | | so far it seems less usable than a badly coded as400 terminal | applicatoin | s5806533 wrote: | Did ddevault specifically say that Gemini should be regarded as | a replacement for the web? I never read him that way. As far as | I can tell, people are constantly stressing the converse, | namely that Gemini is not supposed to be the next web. It's | even in the FAQ [1] -- if that's not part of the "marketing | material", then I don't know what is. It would be very kind if | you could provide specific citations to substantiate your claim | about Gemini marketing. | | [1] see 1.6 in https://gemini.circumlunar.space/docs/faq.gmi | throw10920 wrote: | Right in that FAQ is the phrase "You may think of Gemini as | "the web, stripped right back to its essence"". To a | technical person, "foo, stripped right down to its essence" | means that this thing is directly competing with foo - or, at | the very least, that it _exists in the same realm_ as foo. | Gemini does not exist in the same realm as the web, nor is it | at all similar to "the web, stripped right back to its | essence". | | The fact that occasionally fans might disclaim that it's only | meant to replace "part of" the web is materially irrelevant - | Gemini isn't capable of replacing _any_ nontrivial fraction | of it. (its fans claim it is, though - "I want to discard | the parts of the web that Gemini does better, and explore | other solutions for anything that's left of the web which is | worth keeping (hint: much of it is not).")[1] | | [1] https://drewdevault.com/2020/11/01/What-is-Gemini- | anyway.htm... | s5806533 wrote: | I will concede that Gemini folk sometimes have a rather | narrow definition of what the "essence" of the web is, | namely, that the web is basically just a medium for | hypertext. In the early days of Tim Berners-Lee this was | true, though. And I still think that hypertext (as opposed | to "web applications") represents a nontrivial fraction of | the web (see Wikipedia and, to a lesser degree, blogs). | | Drew Devault makes a very valid point: that the web today | is at the mercy of Google, because it depends on browser | technology that has become so complex that only Google (and | maybe a foundation entirely dependent on Google) can | deliver it. An ad company! So we (as humanity) have to find | ways to replace the web, step by step. And Drew says it | right there: "Gemini [...] addresses a subset of its use- | cases better than the web does." And for the other use- | cases (i.e., besides hypertext), other replacements have to | be found. | | So I still think that the marketing is way more nuanced | than you are saying. | rdiddly wrote: | This is kind of a repeat of one of the straw man arguments | mentioned in the article. If it's a response to how Gemini is | being marketed (marketed?) then possibly the "marketers" are to | blame, but I would have to see for myself, whether they're just | saying "Hey here's something nifty" or going all full-blown | "Hey here is the one true good right way and the solution to | all problems and everything else is wrong and bad and anyone | who doesn't go along is a horrifying evil person etc. and | you're either with us or against us!" Sometimes the former | quickly turns into the latter on the internet. | throw10920 wrote: | Please don't accuse me of strawmanning without providing | concrete evidence for it. | hprotagonist wrote: | >Instead of simply commenting on Hacker News like I did in | previous similar posts, I thought I'd write a little blog post I | could link there and in future discussions. | | ... published via https on a website, even. | sudobash1 wrote: | Since HN is on a https website, I think this makes sense. As | the article says, Gemini is not going to (and shouldn't) | replace the web: | | > Gemini is its own thing that will co-exist with the Web. | | So I think being published on the web for other people on the | web makes sence and is not antithetical. | marginalia_nu wrote: | Dunno, I publish most of my content on both gemini and https. | One does not necessarily exclude the other. | thewakalix wrote: | Yes? It's not Fight Club. | jalino23 wrote: | I downloaded the Lagrange browser. but how do I find content? | tpoacher wrote: | start with geminispace.info | | enjoy the rabbit hole | makeworld wrote: | Search engine: geminispace.info | | Protocol homepage: gemini://gemini.circumlunar.space/ | | Feed aggregator (one of many): gemini://warmedal.se/~antenna/ | | Curated Gemini directory: gemini://medusae.space/ | velcrovan wrote: | The key to understanding it is just not to expect it to have mass | appeal, ever. It lowers barriers _for developers and tech | hobbyists_. It is a nice crunchy area for developers to have fun | with that doesn't require herculean feats of programming to serve | or consume. It 's like ham radio. | | My only beef with it is we already have gopher! | spc476 wrote: | But gopher doesn't have TLS. Yes, there are clients that | attempt to make TLS connections to gopher servers and will fall | back to plain TCP on failure, but that's a hack (and a pretty | annoying one at that). | owroomexorcist wrote: | What's wrong with not having TLS? If it's just for hobbiests | to share text documents, why include a TLS layer? | capableweb wrote: | Suddenly you can't trust anything you're being served as | there are so many endpoints you could be MITM'd at. Reading | a text about some experience someone had? Snippets from | that text could have been replaced if you are not using any | cryptographic protocol what so ever. | owroomexorcist wrote: | Fair point. But if we're talking about a protocol not | meant for the mainstream, is it really an attack vector | to worry about? | spc476 wrote: | For some, yes. | harryvederci wrote: | I upvoted both this and the "Gemini is Solutionism at its Worst" | post mentioned. | | It's a radical idea, but the truth is probably somewhere in the | middle. | Jtsummers wrote: | What is "radical" about Gemini? | ForHackernews wrote: | It's a new internet protocol not designed to make somebody | rich. | Jtsummers wrote: | HTTP and Gopher both filled that role last century so I'm | not certain how that's radical. Admittedly, part of | Gopher's failure in the market was that someone, U of M, | tried to get money out of licensing it, but that came after | its initial release. | | What else is radical about it? | jl6 wrote: | 1) Restraint, and 2) the concept of it being finished and | not extensible. | seanw444 wrote: | This was weird timing. Haven't seen a post on Gemini on here in a | while, and I just started yesterday building an Express-like | Gemini server framework in Go, to get more familiar with Go. | tharne wrote: | I'm really rooting for this project. Sure it's probably over- | idealistic and not entirely practical, but I think that's part of | the appeal - a group of folks trying to build a better web and | having fun doing it. | rossdavidh wrote: | I have no idea what we are talking about, here. Can someone point | me to a good, short introduction? | [deleted] | leephillips wrote: | https://gemini.circumlunar.space/ | | https://www.linuxpromagazine.com/index.php/Issues/2021/245/T... | saxonww wrote: | Thank you. Gemini is also a crypto exchange so I went into | this thinking it was another article trying to justify Web3. | leephillips wrote: | Oh, I didn't know about that. | alamortsubite wrote: | I just read the post and take it as a good introduction. That's | about as much as I've read about Gemini, though, so maybe I'm | wrong. | | EDIT: The first few paragraphs of the post might lead you to | believe it doesn't serve as an introduction, so maybe skip | those. | tephra wrote: | Gemini is a neat little protocol with a neat community around | it. https://gemini.circumlunar.space/ | skybrian wrote: | One problem is the way Gemini and Mastodon (and even Twitter at | one time) are often promoted: | | > Once you have a client that supports it, you're free to enter | the ecosystem. Once there, you'll notice that it is composed of | many vibrant communities. There are artists creating cool | experiments, writers and essayists pouring their hearts and | brains out, etc. You can find a tribe for you or start a new | thing. | | I assume this is true for the person who wrote it, but finding | people who are interesting is often a problem. There is lots of | noise and I have trouble finding "vibrant" communities that are | relevant to me. I'm following only two interesting people on | Mastodon after several years and I found them because links to | interesting things they wrote were posted to a link-sharing site. | | Specific examples beat abstract arguments. The best way to | promote Gemini would be to quote and link to interesting content | you found on Gemini. | | And that means you're playing the same social game as everyone | else, doesn't it? | mediocregopher wrote: | > Also, focusing on protocol only makes one miss the rest of | Gemini, which is the ecosystem and people who are having a great | time using it. Sometimes, it feels to me like someone is at a | party ranting about the music not being good enough while there | is a smiling crowd dancing and having fun. | | This is the biggest point, imo. We don't all have to like the | same things, we don't have to all use the same tools, we don't | have to belong to the same communities. There's room on the web | for all of us. | | Gemini appeals to me as someone who appreciates well designed | constraints. The fact that HTTP+HTML can accomplish the same | things is not only missing the point but is actively against the | point. | tharne wrote: | > We don't all have to like the same things, we don't have to | all use the same tools, we don't have to belong to the same | communities. | | This is one the main reasons I have a hobby computer just for | playing around with openBSD. There's something really | refreshing (and fun!) about a project that's just trying to do | it's own thing without pleasing everyone and their mother. | 1vuio0pswjnm7 wrote: | "This is the biggest point, imo. We don't all have to like the | same things, we don't have to all use the same tools, we don't | have to belong to the same communities. There's room on the web | for all of us." | | Exactly right. | | Tech companies that rely directly or indirectly on the survival | and expansion of web advertising, i.e., most of them, prefer a | world where web users do not think independently. | | It is easier to advertise on (and manipulate) a web where every | participant likes the same things, uses the same tools, and | belongs to the same communities. | ReleaseCandidat wrote: | I see, Gemini is not to make the life of content creators easier, | but the life of the server and client implementers. | | The need for TLS is a bit strange regarding this, especially if | they encourage the use of self-signed certificates. | 4 TLS Use of TLS for Gemini transactions is mandatory. | Clients can validate TLS connections however they like (including | not at all) but the strongly RECOMMENDED approach is to | implement a lightweight "TOFU" certificate-pinning system which | treats self-signed certificates as first- class citizens. | This greatly reduces TLS overhead on the network (only one cert | needs to be sent, not a whole chain) and lowers the | barrier to entry for setting up a Gemini site (no need to pay a | CA or setup a Let's Encrypt cron job, just make a cert | and go). | | https://gemini.circumlunar.space/docs/specification.gmi | | https://gemini.circumlunar.space/docs/best-practices.gmi | spc476 wrote: | Okay, so when you have the "Encrypt All The Things" campaign, | and "never NEVER implement crypto on your own," what else is | there besides TLS? | | One of the triggers for Gemini was the push to add TLS to | gopher, which isn't that easy [1]. | | [1] http://boston.conman.org/2019/03/31.1 | meltedcapacitor wrote: | ssh server.org cat /index.gmi | | not sure if that's much simpler though. | RunSet wrote: | "never NEVER implement crypto on your own" | | I understand that the admonition "never roll your own crypto" | (as in develop your own encryption algorithm) is distinct | from "never implement crypto on your own" (as in implement an | existing encryption algorithm), although it is commonly | misread as the latter. | | The phrase "never roll your own crypto" was originally used | in the context of algorithms. | | http://web.archive.org/web/20030629085904/http://www-106.ibm. | .. | | Hopefully given the description / source code of "a | published, well-used, tried-and-tested algorithm", most | programmers could implement it in a language with which they | are familiar. | spc476 wrote: | I think it even applies to "never implement crypto on your | own"---are you _sure_ you 've taken into account side- | channel attacks? Timing attacks? Random number generation | (if it's required)? Cleaning memory after use? That | memset() isn't optimized out? There's a lot to get right | ... | | Edit: a few more examples. | [deleted] | XMPPwocky wrote: | Two things- one, as a sibling comment's mentioned, it | absolutely includes implementation of cryptographic | primitives too. There are quite a few subtle bugs (mostly, | but not entirely, side-channels) that end up being utterly | catastrophic. | | Second - even using somebody else's (high-quality, trusted) | implementation of (high-quality, trusted) primitives very | much isn't enough to build a secure system that uses | cryptography. The obvious example here is everybody and | their dog going off to implement AES or something, not | using a MAC ("we just care about secrecy, not integrity") | or using a MAC wrong (e.g. MAC-then-encrypt), and then | dying horribly to a trivial padding oracle. | | Or, trying to build a secure transport protocol (i.e. a | TLS-like API, where you just get "a secure socket" after | doing some dance with certificates/keypairs)... you just | encrypt (and MAC, this time) all the data before you send | it out, and decrypt (and verify!) all data that comes in. | But... wait, our API can't really handle that easily - we | have to write the data out to the network in chunks. So, | hm, encrypt and MAC each chunk? Oh, then chunks can be | rearranged in transit, so we'll put a counter in there. | What if the counter wraps around? Do you abort, or do you | just reuse old counter values? Do you get a different | session key for the same (client, server) pair- if not, is | that an issue? Suppose you're using an AEAD mode, like GCM- | how do you manage nonces? (If you reuse a nonce once in | GCM, you often leak your authentication keys(!)) | | Hm, all of that sounds like ... a lot. So maybe we'll just | sign+encrypt requests (and include our public key inside), | and have the server sign+encrypt responses (to the public | key we sent). Hm, but we need to tie responses to requests, | though. So we'll need to put a hash of the request in the | response. Ah, hmm, length extension attacks, right. Maybe | GCM will save us? Hm, not sure... What if somebody wants to | replay old content to us (send us an older version of a | page)? Can they do that? Right, need to either include some | "challenge"/nonce in requests, or at least make sure | session keys are unique per-request. What about possible | reflection attacks - if we send the server _its own public | key_ as our public key, does that cause any weirdness? Oh, | what _is_ a public key, anyways? If (God forbid) you 're | using RSA, does that include both the exponent and the | modulus, or just the modulus? If you do a key exchange | (e.g. for forward secrecy), who picks the parameters- are | they just fixed? | | Cryptography is the sort of thing that almost actively | resists abstraction, and it's really tricky in a way that's | hard to appreciate. It's a world where you find a claw | hammer and use it to remove a nail from your floor- maybe | even looking on CarpentryOverflow first to make sure a claw | hammer can be used to remove nails from floors- and it | works fine, so you then go to remove a nail from your wall | and discover that this makes the hammer burst into flames | because, yes, most people think "claw hammers can pull | nails out of stuff" and that's usually true but the | unstated assumption there is that you're holding the hammer | with your _right_ hand and you 're actually _left-handed_ | and it 's a Tuesday in the southern hemisphere so you | actually should have used a completely different tool or | used a higher-level misuse-resistant nail-pulling API which | does _almost_ exactly what you want, but that 's what you | thought the hammer did so... | Jtsummers wrote: | My understanding of the issue as it relates to Gemini is that | the Gemini community is: | | 1. Largely using self-signed certificates on the servers. | That gets you into the protocol, but doesn't really help with | trust. | | 2. Using "trust on first use" (TOFU) in the clients, which | doesn't scale. The clients have to know whether a particular | cert is valid or not, and that means the user needs to | manually verify or some trusted data source has to be | distributed to clients. Manual verification turns into "yeah, | yeah, just let me read the page" after a while. And a trusted | data source is, well, hard to keep maintained, and even | harder if it wasn't in the model from the start. | | So TLS gets Gemini security, of a sort, but the way it's | being used makes it less effective than it should be. | tedunangst wrote: | The whole point of TOFU is the user doesn't manually | verify. | Jtsummers wrote: | That's not really true, though. Like with SSH, the first | time you receive a certificate for a server you are | prompted to either trust it or not. If you choose to | trust it then from that point on it remains trusted | unless explicitly removed from the set of known hosts. Of | course, the client could just take the option away from | the user and automatically trust every host the first | time. But then there's even less point in having TLS | here. | | Even Signal's TOFU method offers a way for users to | manually verify that the keys of the people they're | communicating with, even though it permits communication | from the start _without_ verification. | spc476 wrote: | The push for TOFU really only began about a year after the | protocol was first designed, as it was deemed "too | difficult" to obtain a real certificate, even from Let's | Encrypt. | | On the other hand, those that want something SSH-like for | the web have something to point to as an example, as well | as those that don't think SSH-like for the web is a good | idea as an example. | nine_k wrote: | TLS gives you protection against casual eavesdropping or | tampering. | | Of course, self-signed certs + TOFU theoretically allow a | third party to insert itself as a MITM at the first | connection. This needs a lot of tracking and preparation | beforehand; no adversary of this caliber is going to be | interested in Gemini content. | s5806533 wrote: | > I see, Gemini is not to make the life of content creators | easier, but the life of the server and client implementers. | | As far as I understand, the distinction (content creator on the | one hand, server and client implementers on the other) goes | against the Gemini philosophy. The idea is rather that it | should be reasonably easy to be both. | koeng wrote: | I have a lot of fun with Gemini! Since I couldn't find a good | static gmi -> html converter that I liked for my website, I built | my own. It works great and is pretty simple! This is one thing | that people miss out on - I can actually build things on top of | gemini / gemtext because it is so simple. | jl6 wrote: | The most important words in the Gemini FAQ: _a clearly demarcated | space_. | | Regardless of the protocol's technical merits and demerits, | that's what generates a lot of the value. ___________________________________________________________________ (page generated 2022-01-26 23:00 UTC)