
Gemini – A new, collaboratively designed internet protocol - _emacsomancer_
https://gemini.circumlunar.space/
======
colinplamondon
This is so intensely cool.

Urbit was on its own island until recently - the only project challenging the
domination of WWW.

This + Tildeverse feels like the very, very, very early days of hackers
starting to play with alternate protocols, and the style and format of WWW.

It's fun, non-commercial, social, and aimed at hobbyists - just like the early
WWW.

Given another 10 years of experimentation, I could 100% imagine WWW being seen
as corporate, commercial and professional space.

Right now there isn't a good pseudonymous layer, because everything is very
tied to real identity. Privacy doesn't really exist in a world of shadow
profiles. And, with my commercial hat on, not do I want it to. I _want_ to be
able to retarget the shit out of email lists, and run intensive Facebook ad
campaigns.

The needs of commercial space are not the needs of personal space. One
solution could be different protocols, or at least different spaces, for each.

~~~
x3blah
"Given another 10 years of experimentation, I could 100% imagine WWW being
seen as corporate, commercial and professional space."

Excerpt below is from the file /scripts/web included with the original netcat
in 1995.

    
    
       #! /bin/sh
       ## The web sucks.  It is a mighty dismal kludge built out of a thousand
       ## tiny dismal kludges all band-aided together, and now these bottom-line
       ## clueless pinheads who never heard of "TCP handshake" want to run
       ## *commerce* over the damn thing.  Ye godz.  Welcome to TV of the next
       ## century -- six million channels of worthless shit to choose from, and
       ## about as much security as today's cable industry!
       ##
       ## Having grown mightily tired of pain in the ass browsers, I decided
       ## to build the minimalist client.  It doesn't handle POST, just GETs, but
       ## the majority of cgi forms handlers apparently ignore the method anyway.
       ## A distinct advantage is that it *doesn't* pass on any other information
       ## to the server, like Referer: or info about your local machine such as
       ## Netscum tries to!
       ##
       ## Since the first version, this has become the *almost*-minimalist client,
       ## but it saves a lot of typing now.  And with netcat as its backend, it's
       ## totally the balls.  Don't have netcat?  Get it here in /src/hacks!
       ## _H* 950824, updated 951009 et seq.
       ##
    

FWIW, I still use original nc and similar TCP clients to "interact" with the
www. Works great.

Not fan of SSL, now TLS, which was in fact created to facilitate commercial
use of the www, or "e-commerce", in 1990's.

As an ongoing experiment in a different protocol/space, I run CurveCP on home
LAN.

~~~
fancyfish
For mobile users:

The web sucks. It is a mighty dismal kludge built out of a thousand tiny
dismal kludges all band-aided together, and now these bottom-line clueless
pinheads who never heard of "TCP handshake" want to run _commerce_ over the
damn thing. Ye godz. Welcome to TV of the next century -- six million channels
of worthless shit to choose from, and about as much security as today's cable
industry!

Having grown mightily tired of pain in the ass browsers, I decided to build
the minimalist client. It doesn't handle POST, just GETs, but the majority of
cgi forms handlers apparently ignore the method anyway.

A distinct advantage is that it _doesn 't_ pass on any other information to
the server, like Referer: or info about your local machine such as Netscum
tries to!

Since the first version, this has become the _almost_ -minimalist client, but
it saves a lot of typing now. And with netcat as its backend, it's totally the
balls. Don't have netcat? Get it here in /src/hacks!

_H* 950824, updated 951009 et seq.

~~~
micael_dias
Wish I had scrolled down first :D

------
armitron
When people go back to using Gopher, you know the Web has turned to shit. I
hope something good can come from these alternative protocols, a new space
where oldtimers like me can focus on honest information exchange (what the
Internet used to be), without the corporate behemoths tracking our every move.

Google's motto used to be "to organize the world's information". It's a daily
occurrence where I'm wasting enormous amounts of time because Google search
produces results of such low quality as to defy belief (startup opportunity
right there, it's gotten so bad somebody should eat their lunch by doing a
better search).

I'm yearning for an alternative that's close to what I experienced two decades
ago.

------
mattkevan
After recently discovering Gopher and falling down a deep (gopher)hole of
exploration, I’m convinced that it, or something similar is a great
alternative to the commercial web. What a volunteer-run co-op which sells food
in bulk bins is to Walmart.

Simple, fast and open. The exact opposite to something like Urbit, which while
it might be open source is designed to be as closed as possible.

Incidentally I recently found a good Gopher client for iOS has some rough
edges but is definitely one of the most usable clients.

[https://apps.apple.com/gb/app/gopher-
client/id1235310088](https://apps.apple.com/gb/app/gopher-client/id1235310088)

------
mrspeaker
I installed `elpher` via emacs and then didn't know where to go to actually
see any content. Eventually I followed a link from "The Elpher Project Page"
\- it linked to "Project Gemini (hosted using gemini)". From there I found
something called CAPCOM and am having fun exploring... but my suggestion is
"list some gemini content on the gemini site!"

(Update: oh dear, I've never played with Gopher before. This is my kind of
internet! There goes the rest of my day...)

------
kiwidrew
Very cool, this is essentially just an updated (modernised) Gopher protocol.

I wish the protocol was designed so that the server signed the document itself
[well, most likely a hash of the document]. That would allow caches, archives,
and proxies to prove that a document did in fact come from the claimed origin.

Unfortunately the Gemini protocol uses TLS, and so only offers the standard
guarantee of HTTPS: a client can confirm it is communicating with the origin
server, but it is unable to _transfer_ that guarantee to anyone else.

------
stryan
If you're looking for a small week-end project, try checking out the spec and
implementing a Gemini client or server. I wrote up a server over two days
during my lunch breaks and it was relaxing working with such a small and
simple protocol.

There's also a lot of neat stuff at CAPCOM[1] (which is sort of like a public
RSS feed) if you're looking for capsules (what Gemini calls websites) to check
out.

[1] gemini://gemini.circumlunar.space/capcom/

------
0xCMP
Having played with this now via their _" kiosk"_[1] it's very cool and I think
there's something here.

I expect only the kind of people who visit HN will ever try it and fewer will
ever use it, but the protocol is very nice and simple. I wish it would take
off and that a nice GUI client was written so that it was easier to use.

[1]: ssh kiosk@gemini.circumlunar.space

~~~
svara
Awesome, this makes me feel like it's 1998 again, in the best possible way :)

To the sibling comment: It's a bit non-obvious indeed. It allows you to use
their AV-98 Gemini client. [0] The source seems to be basically the
documentation here ;)

Try this:

AV-98> tour gemini://gemini.circumlunar.space/

Then add links that you want to visit (they're numbered) with, for example

AV-98> tour 1

and navigate there with

AV-98> tour

[0]
[https://tildegit.org/solderpunk/AV-98/src/branch/master/av98...](https://tildegit.org/solderpunk/AV-98/src/branch/master/av98.py))

------
throwanem
I'm acquainted with some of the folks involved in this project, and it's been
a privilege to see them bring the concept so much to life in such a short span
of time. For those who share an active interest in alternatives to the farrago
that the modern web has become, I can unreservedly recommend Gemini to your
attention.

------
Ninn
Gemini is such a widely used name for systems. I wish people would stop
reusing it, in place of finding new unique names.

~~~
riffic
of course, someone on HN has to make this ultimate bike-shed comment about a
project's name.

------
ReactiveJelly
I see that they've specified both a transport protocol, to replace HTTPS, and
a document format, to replace HTML.

BLUF: They should have just run the text/gemini format on top of HTTPS 1.1,
make a gemini --> HTML formatter, and maybe a restricted subset of HTTPS, and
called it a day. Replacing HTTPS is a waste of time. Also, most of the
benefits of the document format could be gotten with a sane subset of HTML.
There are no mandatory bad parts to HTTP or HTML.

I've seen this "The Web is too complex, we need Gopher" sentiment on the
Fediverse a few times and it looks like the same class of thinking as "C++ /
Rust is too complex, we need C."

They are complaining about how _bad_ parties use HTTP and HTML and concluding
that _good_ people should disavow HTTP and HTML as a result. It is like
refusing to drive your pickup truck because someone else's truck has truck
nuts on it.

But I've run websites with the "Motherfucking website" HTML style and it's
fine.

All the complexity of the web is opt-in. Switching my site to Gemini wouldn't
prevent, say, the New York Times from wanting a complex HTML website. All I'm
doing is shooting myself in the foot to spite my enemy. The FAQ says they
intend to co-exist with the web, so I'm sure they agree with me on this. They
just want to lead by example. I also don't think it's a good example.

About extensibility, from Section 2.1.2 in the FAQ:

"Gemini is designed with an acute awareness that the modern web is a privacy
disaster, and that the internet is not a safe place for plaintext. Things like
browser fingerprinting and Etag-based "supercookies" are an important
cautionary tale: user tracking can and will be snuck in via the backdoor using
protocol features which were not designed to facilitate it. Thus, protocol
designers must not only avoid designing in tracking features (which is easy),
but also assume active malicious intent and avoid designing anything which
could be subverted to provide effective tracking. This concern manifests as a
deliberate non-extensibility in many parts of the Gemini protocol."

These claims are made:

\- Privacy violations are inherent to HTTP/HTTPS/HTML \- Making a protocol
non-extensible is feasible

But if you're specifying a completely new client and server, you could also
just refuse to send and accept the ETag and cookie headers that are known to
allow privacy violation.

And no protocol is non-extensible. They seem to think that software and ideas
are controlled and owned by the first people to think of them. But if Gemini
catches on, then it can be forked. This should be obvious to people working in
FLOSS. I seem to recall it happened to IRC. Designed simple, forked into
incompatible competing versions, the official next version is in dev hell, and
now it's also competing with XMPP and Matrix.

Perhaps that belief is why they chose to make a new spec instead of defining a
subset of HTTP and HTML. They think that HTTP and HTML are atomic and we must
not reuse any good ideas from them, they've been tainted with bad ideas, so we
have to change everything all at once.

To this end they even made the status codes different from HTTP.

"Importantly, the first digit of Gemini status codes do not group codes into
vague categories like "client error" and "server error" as per HTTP. Instead,
the first digit alone provides enough information for a client to determine
how to handle the response."

They could have just specified a subset of HTTP status codes, to make it
easier to remember which codes are which. Personally I like having 4xx and 5xx
separate. Maybe they were really happy to save 33% of status code bytes
compared to HTTP.

Regarding performance, the spec says, "Connections are closed at the end of a
single transaction and cannot be reused."

I believe there's also no inline media, so 1 document == 1 connection == 1
request.

Again, this is completely possible with a sane subset of HTML and HTTP - Just
write a server that can't reuse connections, and write HTML that doesn't have
inline media. Use a linter or transpiler (from text/gemini to HTML) to enforce
that.

But if you _do_ reuse connections, or use something like QUIC, then you can
get better performance. So they are making that impossible. Again, until
someone forks it and adds it anyway.

I feel like I'm the crazy one because there's clearly a few people working on
this project seriously, and I'm one person writing a rambling comment. But I
don't see the point. Now I feel like I owe the world a subset of HTTP and HTML
to put my money where my mouth is.

~~~
scoopdewoop
I've wanted to make something like this, and I'm happy to see its here because
implementing a client looks like a lot of fun.

Here is why I want a simpler web: The NewYorkTimes wont be there! Neither will
google or facebook or shopify or influencers or clickbait even! I want a web
that is hard to make money from. Something that doesn't support fingerprinting
and ad tracking, where my interests aren't at odds with the "platforms".

I want a place where people are posting ideas and creations and info and
software and labors of love for free, with weird one-off communities that
don't get embroiled in national censorship debates.

I might even want the relatively high barrier to entry, the fact that other
people there would be looking for the same thing instead of being directed
there by browser defaults and content portals.

~~~
silvi9
That sounds like an online utopia, almost like the feeling of discovering the
joy of the internet again. I want that too.

~~~
sloum
That is how I felt when I discovered gopher and then went on to work on
gemini. I can wholeheartedly recommend both communities.

------
bovermyer
Here's the source for one of the clients (Bombadillo):
[https://tildegit.org/sloum/bombadillo](https://tildegit.org/sloum/bombadillo)

~~~
sloum
Thanks for linking! More info can be found here:
[http://bombadillo.colorfield.space](http://bombadillo.colorfield.space) for
those that are interested. A number of other clients also host at tildegit.org
(a search for gemini will probably yield them).

------
Aeolun
OMG, this spec was so readable I actually read the entire thing for pleasure.

I think this is a first.

~~~
qznc
I agree it is neat.

My experience tells me it is a sign of too much ambiguity and gaps that will
bite you later though. See Markdown for example.

------
heavenlyblue
It’s like religion - one of the reasons they say Christianity won over Judaism
is because they didn’t require one to circumcise before the initiation. Yet
both are equally rejecting of any other religion.

~~~
thefounder
Judaism is also quite "racist". There is only one "chosen" people. Everyone
else would be/is a second citizen. Who would join a religion to be 2nd
citizen?

~~~
pianoben
I'd encourage you to actually attend a synagogue service, or even just have a
chat with a real-life Jewish person, before exposing yourself to ridicule as
you have here.

In my life as a Jewish person, I've never _once_ hear a rabbi even hint as
such a sentiment. Converts are treated exactly as Jewish as those who are born
into the faith. What leads you to think otherwise?

~~~
GuiA
Most every religion does have that bias of "we know better, we've got the holy
texts, if you're not with us you're doomed/clueless/need to be saved/unlucky".

The fact that modern practitioners in your geographic locale of choice aren't
as bigoted as their more literal brethren doesn't mean much, except perhaps
that there is hope in undoing the more harmful superstitiousness of religion
by raising quality of living (for all, regardless of faith).

~~~
pianoben
Sure, but that's not what the GP was talking about. They directly stated that
those who joined would forever be "second-class citizens", which simply isn't
factual.

------
naasking
Gemini sounds neat. Not sure I'll continue playing with it, but from the spec
I have a couple of suggestions you are free to implement or ignore.

# Denial of Service

Permitting zero or more whitespace characters in a request a introduces a
denial of service because the request is no longer bounded. Just keep sending
whitespace to keep the connection open. Mandating a single character closes
this particular hole.

It's possibly a minor DoS considering other attack vectors, but why leave any
low-hanging fruit?

# Caching, ETags and Tracking

Caching is great, and I'm sure Gemini devs wouldn't object to caching if it
could be handled without introducing user-facing privacy issues. Here's a
sketch for an ad network protocol that I think would work with Gemini:

1\. Client requests URL X.

2\. Server replies with a redirect to "X?tracking-id", where tracking-id is
associated with a set of IP addresses.

3\. All links in the document append the tracking-id to preserve it.

Anytime a client accesses a document in the ad network, the tracking-id
quickly returns. People often have multiple IPs for their laptop, desktop,
phone, tablet, etc. but there would be enough overlap in these sorts of
requests to correctly tie a set of IPs to a unique client.

What cookies, etags, etc. permit on the WWW is doing this without requiring
sharing the client IP database.

So maybe what we can do is still enjoy the benefits of caching while at least
_detecting_ when some shenanigans are at play. The ad network outline above is
observable behaviour from which we might be able to infer shenanigans.

To reintroduce caching without amplifying the tracking powers, and add the
ability for the client to verify the server's ETag is legit, rather than
treating it as an opaque identifier. If an etag for content specified the hash
function used, then the client can verify the integrity of the document. So
take the HTTP ETag header to a syntax like "ETag(sha256): ..."

Like the ad network outlined above, malicious servers could craft slightly
different versions of a document for each IP and so generate unique ETags that
may permit some sort of tracking in a similar way. However, the gemini
document has no notion of hidden data (like comments and hidden fields in
HTML), so any such shenanigans will always be visible in some way in the
document itself, eg. embedding a unique hash code at the end, for instance.

So in the end, adding caching in this way should improve efficiency without
appreciably amplifying tracking.

# Transclusion

A language with a construct becomes more expressive if it also includes its
dual. Gemini has document-level references, where a document points to another
document, but it lacks transclusion which is a _dereferencing_ operation, such
that you can embed another document into the current document.

So links in Gemini are:

    
    
        => gemini://some/url
    

Transclusion would be its inverse:

    
    
        <= gemini://some/url
    

This is pretty handy actually. Kinda like iframes without the headaches.
However, unlike iframes, I don't think the client should load the URL itself,
but rather all communication should go via the server for the top-level
document. This is again to avoid amplifying the tracking powers, since a top-
level document server could append tracking-id to transcluded URLs and then
they act just like tracking cookies.

~~~
Aeolun
I like your first suggestion, the rest don’t sound so great to me.

It’s simple now, let’s keep it like that.

~~~
naasking
Sure, it's simple, but a stated goal is power to weight ratio. Transclusion
definitely fits under that. Authoring and organizing information with
transclusion is so much easier than without, because it avoids much of the
need for special tooling to assemble a final document from fragments that
might be reused. It's too unwieldy for _very_ large documents though, so it's
perfect for authoring small to medium sized documents, which fits right in
with Gemini's goals.

There are many ways to handle it client-side:

1\. Behaviour like iframes, although I don't like the tracking implications.

2\. Origin server fetch, as I mentioned.

3\. Another possibility is to render it as a button which the client must
trigger to load the document.

------
azinman2
“ In the same way that many people currently serve the same content via gopher
and the web”

Is this actually true?

~~~
sloum
In my experience the gopher community is very split on this concept with many
people doing just that, but many others (myself included) wishing that
gopher/web proxies and cross posting did not exist at all.

~~~
azinman2
Is there much (any) gopher community left?

~~~
visiblink
There is! I read this on a gopher mirror of the Hacker News, so I thought I'd
better come on over to the web version to respond...

In fact, several regular gopherites have commented on this thread.

Funny that this came up on the Hacker News on the weekend that the server is
going down. Probably a good thing, since it only has 128MB of RAM.

