- I want more gopher servers,

- I want more scripts for publishing to gopher. I really like the descriptions I've read of the phlog software on SDF, but I've never used it.

That's pretty much it. Beyond that, I just want to see more people hosting Gopher sites on their home computers. I want to see more people focusing on substance over style.

Security/Encryption -
Long term, yeah, this is probably something we need.

I don't know of a way to do SSL style encryption over gopher at this time. I don't know if this would even really be valuable. For my personal use, I'm fine with SSHing to another server, and doing my gophering from there. No one local is snooping, at least.

If you need security, use .onion you know?

So yes! Security and encryption is something someone can build. Implement it in a way that's backwards compatible. At the very least, it won't hurt anything.

But also, if you need security go use something designed to be secure.

- Gopher + DAT: This sounds absolutely wild and ridiculous. Go for it! I dunno why you'd want that, but if you do, go for it.

- Other Gopher "abuse:
As long as you don't break backwards compat, do whatever.

The Gopher protocol was written in like 1991 or something? And it will run pretty much anywhere.

The protocol is so simple that you can hack together a client in a few dozen lines of whatever.

You can implement clients on 8 bit hardware. It will be faster and easier to use and more accessible than a web browser.

It's been around forever. It's simple. It works well. It provides just enough functionality to get you to your content.

Plus, most modern Gopher servers provide an HTTP gateway. (See http://gopher.ofmanytrades.com)

So even if you think that we should just focus on making the web less antagonistic towards users, we can use gopher as one avenue towards that.

Gopher isn't ever going to replace the web.

That's not my goal. That's not anyone's goal.

Gopher is just a weird little non-capitalist, human scale way for us to publish and consume stuff.

It's fun, it's easy, and it's a weird way for folks (like you and me) to resist, in our own small way, the shit that the big centralized services do, and the things that netflix pushed the w3c in to doing.

I guess I gotta talk about the w3c a second, too.

The modern web is kind of crap. I won't rehash that here, but you know it's crap.

The w3c has moved to make it more crap by bundling DRM in our web browsers, and making it a felony to do security research on browsers that include that DRM.

This is *real* bad.

That's my biggest reason for embracing this gopher stuff.

The w3c sold us out, and the web browser isn't, can't be, truly safe anymore.

We don't need more #DRM in our lives. We don't need more very complex software that no one understands.

Simple software, when possible, is better software.

the #w3c fucked us when they voted to allow #EME without even basic protection for security research.

But before that, Google and Facebook screwed us over by stuffing more and more javascript in to our pages, and normalizing more tracking everywhere.

Be kind to one another.

Don't worry, we won't break the thing you love.

We're only here because the modern web is user hostile, and modern web browsers do/will have stuff in them that makes it a felony to keep them secure.

Tim Burners Lee killed Gopher way back when, and then his bad decisions made the web unsafe, so some of us are going back to Gopher.

@ajroach42 time to build some modern OSS gopher clients? I'm in

@remotenemesis :-D That's my hope.

I'm still a few days/weeks away from being able to contribute, but yeah. That's what I want.

I want to see some folks building new libre gopher clients.

@ajroach42 Do you have a list or example of some of the early bad choices? I've had a hard time finding them actually defined, which if it weren't for the fact that very practical & knowledgeable people were stating it, would make it sound like it was just nostalgia. A design document for fixing the web is needed & these early concerns need to be defined to help.

@Sci most of the bad choices have been recent.

The web was a good platform until it wasn’t anymore.

Recent bad decisions: EME (rendering browsers essentially permanently inesecure to make Netflix happy), allowing css to be, essentially, a complete programming language, stuffing JavaScript in to the browser.

There have been other questionable or shortsighted choices (the use of the anchor tag for links, the competing image tags in early html—the worst one won)

@Sci I fully expect EME to be the worst of these choices, though. It’s going to be bad.

Beyond that, a lot of the bad web decisions were made by browser vendors and web developers, but many of those were pretty horrible too. Cross-site tracking cookies, flash, JavaScript.

The web shouldn’t have ever become an application layer. It should have remained a content delivery platform. Apps should be native, and hook in to the net via apis.

@ajroach42 It's been a long time since I was into the deep technicalities, so I'm playing catch-up a bit.

If I understand correctly, EME renders browsers insecure because it allows a remote vendor to install a decryption module into your browser, which could contain anything including malicious code or security vulnerabilities, yes?

And both CSS and Java because they push browsers beyond just displaying static documents, but allow code execution within them?

@Sci EME is a form of DRM that is/will be/is bundled in to web browsers.

Technically it's sandboxed and tested and should be "safe", but because it is a form of DRM it is protected by the DMCA making the disclosure of security vulnerabilities in the webbrowser that *might* be related to EME a felony.

The w3c was given the opportunity to stop this, and make members provide an exception for security research and/or accessibility. They refused.

@Sci So now every major web browser has a thing in it that it's illegal for anyone to look at, and we don't have even the most basic assurances that someone who discovers a flaw in EME (and there will be flaws) won't go to jail for disclosing it.

CSS and Javascript I'll address separately.

CSS is supposed to define how a browser displays elements on a page. It's now a programming language. Current CSS takes lots of computing power (which is bad) and can be used to hide/do malicious things.

@Sci

Some things are easier and more secure because of CSS3. A lot of things are harder, and more complex (and less secure because they are more complex, if not because they are directly less secure.) This means that you've got to update your hardware more often. Modern CSS techniques also frequently wreak havoc with accessibility, because everyone is trying to reinvent the wheel.

@Sci Javascript.

Javascript is complicated. I am of the opinion that netscape made a mistake including it in browsers to begin with, but that's just me.

All the stuff I said about accessibility and hardware/performance issues goes double for JS.

Except that JS is a full programming language from the ground up. You can run modern applications in it. You can use it to emulate old computers.

IT's neat!

It's also a huge performance and security hole. Malicious JS can cause many problems.

@Sci That is not to say that I think Javascript in general is bad!

I think it's great. Having this almost universal platform for application delivery is really neat!

I don't think it should be required to view a news article, or to log in to mastodon, or send an email.

I think js should be downloaded from your web browser and then rendered in a separate application.

Browsers shouldn't assume Javascript is available. Browsers shouldn't know about JS.

@Sci You want AJAX features in your web page? Great! What you want is no longer a web page, it's now an application. We'll run it in a separate environment.

You want to mandate AJAX features so that I can read your news article or watch your video? That's probably actually sketchy!

And then you've got shit like: https://www.eff.org/deeplinks/2009/09/online-trackers-and-social-networks which illustrates the tracking problem back in 2009. (it's worse now.)

@ajroach42 From my understanding the way firefox implements it, with a heavily sandboxed blob is safe.
Even though it sucks that it promotes drm.

@ayy

Everyone is trying to implement it as safely as possible, but we'll *never* know if it's actually safe, because disclosing vulnerabilities in the EME is a felony.

I'm not trying to fearmonger here. Firefox is probably reasonably safe for most users.

But, so long as EME is in the browser, I will trust my browser even less.

@ajroach42 Well as long as the sandbox is safe everything should be safe? Same as running untrusted javascript in a trusted browser?

@ayy Right.

But untrusted javascript crashes browsers or does malicious stuff all the time.

And then we fix it, because we can do security research on sanboxed javascript.

@ayy Like, you're not going to convince me that any sandbox is safe.

Malicious code can already break out of sandboxes in browsers to OSs in virtual machines, and then break out of those virtual machine OSs in to the host machine OS.

https://en.wikipedia.org/wiki/Virtual_machine_escape

Have a recent example: https://www.vmware.com/security/advisories/VMSA-2017-0018.html

But we only know about these things, so that we can patch them, because it's not illegal to do security research on these platforms.

EME is unsafe. Full stop.

@ajroach42 DeEME when?

@a_breakin_glass what?

@ajroach42 I'm joking about the possibility of an EME equivalent to https://en.wikipedia.org/wiki/DeCSS

@a_breakin_glass oh right.

@a_breakin_glass we'll have that or something like it quick.

Alternately browsers still have an analog hole.

@ajroach42 I'm not sold by any of those arguments, but one possible argument that could be made is that Gopher matches more closely the model of mobile UIs than WWW applications do.

@h How about this:

Gopher doesn't have EME rendering security research in to your browser illegal. Gopher doesn't do arbitrary client side code execution every time you load a page.

And yeah, Gopher will work really well on mobile, when we get there.

@ajroach42 DAT - is that Digital Audio Tape, or something completely different?

@Dustin Nah it's a distributed torrent thing, I think?

Basically, only the owner can update the torrent, but anyone can peer it.

@ajroach42 That makes a lot more sense.

@ajroach42 "If you need security, use .onion you know?" is the wrong way to look at what tor does. We succeed or fail as a herd - tor provides little security unless we provide herd immunity to attacks. The non-security traffic (with the exception of things like bittorrent, which these days there is tribler for anyway) must be routed through tor.

@ajroach42 that said, post EME everything is back on the table that went off as the WWW won. Project Xanadu & Gopher included.

@jeffcliff Project Xanadu!!! What a weird little artifact.

Have you seen the interview Herzog did with that guy?

@ajroach42 i don't know what herzog is so no. It's apparently *still* in active development.

@jeffcliff Werner Herzog is a film maker.

He did a *really, honestly not good* documentary about the internet called Lo and Behold.

The only interesting part was him talking to the Project Xanadu guy.

@ajroach42 @jeffcliff I haven't seen what Herzog did, but this is an interesting Ted Nelson interview with Leo Laporte.

https://www.youtube.com/watch?v=k1QjcUbku6Q

@jeffcliff @ajroach42 I'm working on something tangentially related, by the way.
(been at it for the last couple of years)

@h @ajroach42 ??

@jeffcliff @ajroach42
I'm doing something tangentially related to Xanadu, that is. Borrowing some ideas, not all of them. Ted Nelson is not an engineer or UX designer, some of the things he wanted to do in the 1970s look cool on paper, but they don't work very well for humans, or for real world computers.

That being said, brilliant guy, brilliant vision.

@h @jeffcliff He seemed it in the interview I saw.

But other than the bit with him, the movie was essentially garbage, IMO

@brennen @ajroach42 @jeffcliff

Also recommended:

1. Memory Machines: The Evolution of Hypertext, by Belinda Barnet https://www.amazon.com/Memory-Machines-Evolution-Hypertext-Scholarship/dp/0857280600

2. Bootstrapping
Douglas Engelbart, Coevolution, and the Origins of Personal Computing, by Thierry Bardini
http://www.sup.org/books/title/?id=308

@jeffcliff @ajroach42 @brennen

3. Computer Lib/Dream Machines, by Ted Nelson (PDF scan)

https://www.scribd.com/document/244137228/07-Ted-Nelson-Computer-Lib-Dream-Machine-pdf

WARNING: THESE BOOKS ARE DANGEROUS, THEY CAN ALTER YOUR MIND AND CHANGE YOUR LIFE FOREVER.

@ajroach42 @jeffcliff My main disagreement with Nelson, however, is that his original vision of Xanadu contemplated royalties for works published online and tight copyright tracking.

He envisioned that in 1965 when the world was a lot different, it may have seemed übercool at the time in liberal arts school, but I don't believe in intellectual property in 2017.

@h @ajroach42 we are together on that one i think.

@h @jeffcliff

See, that's what I'm talking about. IP is outdated.

@h @jeffcliff Yeah, that's the dude, Ted Nelson.

@jeffcliff Yes, you are entirely correct. This wasn't really about tor, but that's a welcome and valuable point.

@ajroach42 with type 0 like plain text files or you suggest a new type (e.g. m)?

@Dereckson Either?

Markdown files are plaintext files, so I don't mind when I see them published as plaintext files.

@ajroach42 To define a new canonlical type would allow rendering by Gopher clients. To detect markdown to try to render headings, code block, etc. is tricky without any hint (especially as there are a lot of other formats like rst used by Python doc).