Gopher talk 

It's neat to see so many people talking about doing weird things within he Gopher protocol.

I'm excited, especially because I feel at least partially responsible for keeping this conversation rolling.

I'm also seeing some pretty negative comments, both from folks that don't understand why we'd wanna do this, and from folks that use gopher now and see our ideas as evil and bad and worthy of ridicule.

That's less neat.

This is a thread.

Gopher talk 

Doing silly things with Gopher is neat! You wanna serve DAT via gopher? Cool! That's neat! You wanna implement SSL? You wanna use it like the web? Great!

It will not hurt people who use gopher the way it has been used for ~30 years. It won't break things. Those folks can ignore what we're doing.

This doesn't have to be antagonistic. If you don't wanna take part, that's cool! I'm not here to force you. Keep doing what you're doing, or do what we're doing. Either is wonderful.


Gopher talk (goals) 

What I want:

- A gopher client with the ability for the user to select fonts and colors for menus.

- A gopher client that renders HTML, Markdown and Plaintext.

- While rendering HTML, it explicitly ignores any scripting or styling (aside from anything the user has defined.)

- The client offers users the option to download and render inline images in HTML and markdown files (but only over gopher)

- Links within HTML and Markdown files to work the same as in menus.

Gopher talk (goals) 

- This HTML and Markdown rendering is entirely optional, you can just as easily download the files and render them somewhere else.

- I personally prefer Markdown to plaintext in pretty much all contexts, because people *already* use markdown formatting in plain text, and I'd rather read an unrendered markdown file than something with _no_ links, etc. So I want to see more gopher publishers publishing markdown.

Gopher talk (goals) 

- I want more gopher servers,

- I want more scripts for publishing to gopher. I really like the descriptions I've read of the phlog software on SDF, but I've never used it.

That's pretty much it. Beyond that, I just want to see more people hosting Gopher sites on their home computers. I want to see more people focusing on substance over style.

Gopher talk (Stuff other people have mentioned) 

Security/Encryption -
Long term, yeah, this is probably something we need.

I don't know of a way to do SSL style encryption over gopher at this time. I don't know if this would even really be valuable. For my personal use, I'm fine with SSHing to another server, and doing my gophering from there. No one local is snooping, at least.

If you need security, use .onion you know?

Gopher talk (Stuff other people have mentioned) 

So yes! Security and encryption is something someone can build. Implement it in a way that's backwards compatible. At the very least, it won't hurt anything.

But also, if you need security go use something designed to be secure.

- Gopher + DAT: This sounds absolutely wild and ridiculous. Go for it! I dunno why you'd want that, but if you do, go for it.

- Other Gopher "abuse:
As long as you don't break backwards compat, do whatever.

Gopher talk (why?) 

The Gopher protocol was written in like 1991 or something? And it will run pretty much anywhere.

The protocol is so simple that you can hack together a client in a few dozen lines of whatever.

You can implement clients on 8 bit hardware. It will be faster and easier to use and more accessible than a web browser.

It's been around forever. It's simple. It works well. It provides just enough functionality to get you to your content.

Gopher talk (why?) 

Plus, most modern Gopher servers provide an HTTP gateway. (See

So even if you think that we should just focus on making the web less antagonistic towards users, we can use gopher as one avenue towards that.

Gopher talk (wrapping up) 

Gopher isn't ever going to replace the web.

That's not my goal. That's not anyone's goal.

Gopher is just a weird little non-capitalist, human scale way for us to publish and consume stuff.

It's fun, it's easy, and it's a weird way for folks (like you and me) to resist, in our own small way, the shit that the big centralized services do, and the things that netflix pushed the w3c in to doing.

Gopher talk (w3c) 

I guess I gotta talk about the w3c a second, too.

The modern web is kind of crap. I won't rehash that here, but you know it's crap.

The w3c has moved to make it more crap by bundling DRM in our web browsers, and making it a felony to do security research on browsers that include that DRM.

This is *real* bad.

That's my biggest reason for embracing this gopher stuff.

The w3c sold us out, and the web browser isn't, can't be, truly safe anymore.

Gopher talk (DRM and stuff) 

We don't need more in our lives. We don't need more very complex software that no one understands.

Simple software, when possible, is better software.

the fucked us when they voted to allow without even basic protection for security research.

But before that, Google and Facebook screwed us over by stuffing more and more javascript in to our pages, and normalizing more tracking everywhere.

Gopher talk (tldr) 

Be kind to one another.

Don't worry, we won't break the thing you love.

We're only here because the modern web is user hostile, and modern web browsers do/will have stuff in them that makes it a felony to keep them secure.

Tim Burners Lee killed Gopher way back when, and then his bad decisions made the web unsafe, so some of us are going back to Gopher.

@remotenemesis :-D That's my hope.

I'm still a few days/weeks away from being able to contribute, but yeah. That's what I want.

I want to see some folks building new libre gopher clients.

Gopher talk (tldr) 

@ajroach42 Do you have a list or example of some of the early bad choices? I've had a hard time finding them actually defined, which if it weren't for the fact that very practical & knowledgeable people were stating it, would make it sound like it was just nostalgia. A design document for fixing the web is needed & these early concerns need to be defined to help.

@Sci most of the bad choices have been recent.

The web was a good platform until it wasn’t anymore.

Recent bad decisions: EME (rendering browsers essentially permanently inesecure to make Netflix happy), allowing css to be, essentially, a complete programming language, stuffing JavaScript in to the browser.

There have been other questionable or shortsighted choices (the use of the anchor tag for links, the competing image tags in early html—the worst one won)

@Sci I fully expect EME to be the worst of these choices, though. It’s going to be bad.

Beyond that, a lot of the bad web decisions were made by browser vendors and web developers, but many of those were pretty horrible too. Cross-site tracking cookies, flash, JavaScript.

The web shouldn’t have ever become an application layer. It should have remained a content delivery platform. Apps should be native, and hook in to the net via apis.

@ajroach42 It's been a long time since I was into the deep technicalities, so I'm playing catch-up a bit.

If I understand correctly, EME renders browsers insecure because it allows a remote vendor to install a decryption module into your browser, which could contain anything including malicious code or security vulnerabilities, yes?

And both CSS and Java because they push browsers beyond just displaying static documents, but allow code execution within them?

@Sci EME is a form of DRM that is/will be/is bundled in to web browsers.

Technically it's sandboxed and tested and should be "safe", but because it is a form of DRM it is protected by the DMCA making the disclosure of security vulnerabilities in the webbrowser that *might* be related to EME a felony.

The w3c was given the opportunity to stop this, and make members provide an exception for security research and/or accessibility. They refused.

@Sci So now every major web browser has a thing in it that it's illegal for anyone to look at, and we don't have even the most basic assurances that someone who discovers a flaw in EME (and there will be flaws) won't go to jail for disclosing it.

CSS and Javascript I'll address separately.

CSS is supposed to define how a browser displays elements on a page. It's now a programming language. Current CSS takes lots of computing power (which is bad) and can be used to hide/do malicious things.


Some things are easier and more secure because of CSS3. A lot of things are harder, and more complex (and less secure because they are more complex, if not because they are directly less secure.) This means that you've got to update your hardware more often. Modern CSS techniques also frequently wreak havoc with accessibility, because everyone is trying to reinvent the wheel.

@Sci Javascript.

Javascript is complicated. I am of the opinion that netscape made a mistake including it in browsers to begin with, but that's just me.

All the stuff I said about accessibility and hardware/performance issues goes double for JS.

Except that JS is a full programming language from the ground up. You can run modern applications in it. You can use it to emulate old computers.

IT's neat!

It's also a huge performance and security hole. Malicious JS can cause many problems.

@Sci That is not to say that I think Javascript in general is bad!

I think it's great. Having this almost universal platform for application delivery is really neat!

I don't think it should be required to view a news article, or to log in to mastodon, or send an email.

I think js should be downloaded from your web browser and then rendered in a separate application.

Browsers shouldn't assume Javascript is available. Browsers shouldn't know about JS.

@Sci You want AJAX features in your web page? Great! What you want is no longer a web page, it's now an application. We'll run it in a separate environment.

You want to mandate AJAX features so that I can read your news article or watch your video? That's probably actually sketchy!

And then you've got shit like: which illustrates the tracking problem back in 2009. (it's worse now.)

Show newer
@ajroach42 From my understanding the way firefox implements it, with a heavily sandboxed blob is safe.
Even though it sucks that it promotes drm.


Everyone is trying to implement it as safely as possible, but we'll *never* know if it's actually safe, because disclosing vulnerabilities in the EME is a felony.

I'm not trying to fearmonger here. Firefox is probably reasonably safe for most users.

But, so long as EME is in the browser, I will trust my browser even less.

@ajroach42 Well as long as the sandbox is safe everything should be safe? Same as running untrusted javascript in a trusted browser?

@ayy Right.

But untrusted javascript crashes browsers or does malicious stuff all the time.

And then we fix it, because we can do security research on sanboxed javascript.

@ayy Like, you're not going to convince me that any sandbox is safe.

Malicious code can already break out of sandboxes in browsers to OSs in virtual machines, and then break out of those virtual machine OSs in to the host machine OS.

Have a recent example:

But we only know about these things, so that we can patch them, because it's not illegal to do security research on these platforms.

EME is unsafe. Full stop.

@a_breakin_glass we'll have that or something like it quick.

Alternately browsers still have an analog hole.

Gopher talk (why?) 

@ajroach42 I'm not sold by any of those arguments, but one possible argument that could be made is that Gopher matches more closely the model of mobile UIs than WWW applications do.

Gopher talk (why?) 

@h How about this:

Gopher doesn't have EME rendering security research in to your browser illegal. Gopher doesn't do arbitrary client side code execution every time you load a page.

And yeah, Gopher will work really well on mobile, when we get there.

Gopher talk (Stuff other people have mentioned) 

@ajroach42 DAT - is that Digital Audio Tape, or something completely different?

Gopher talk (Stuff other people have mentioned) 

@Dustin Nah it's a distributed torrent thing, I think?

Basically, only the owner can update the torrent, but anyone can peer it.

Gopher talk (Stuff other people have mentioned) 

@ajroach42 That makes a lot more sense.

Gopher talk (Stuff other people have mentioned) 

@ajroach42 "If you need security, use .onion you know?" is the wrong way to look at what tor does. We succeed or fail as a herd - tor provides little security unless we provide herd immunity to attacks. The non-security traffic (with the exception of things like bittorrent, which these days there is tribler for anyway) must be routed through tor.

Gopher talk (Stuff other people have mentioned) 

@ajroach42 that said, post EME everything is back on the table that went off as the WWW won. Project Xanadu & Gopher included.

Gopher talk (Stuff other people have mentioned) 

@jeffcliff Project Xanadu!!! What a weird little artifact.

Have you seen the interview Herzog did with that guy?

Gopher talk (Stuff other people have mentioned) 

@ajroach42 i don't know what herzog is so no. It's apparently *still* in active development.

Gopher talk (Stuff other people have mentioned) 

@jeffcliff Werner Herzog is a film maker.

He did a *really, honestly not good* documentary about the internet called Lo and Behold.

The only interesting part was him talking to the Project Xanadu guy.

Gopher talk (Stuff other people have mentioned) 

@ajroach42 @jeffcliff I haven't seen what Herzog did, but this is an interesting Ted Nelson interview with Leo Laporte.

Gopher talk (Stuff other people have mentioned) 

@jeffcliff @ajroach42 I'm working on something tangentially related, by the way.
(been at it for the last couple of years)

Gopher talk (Stuff other people have mentioned) 

Gopher talk (Stuff other people have mentioned) 

@jeffcliff @ajroach42
I'm doing something tangentially related to Xanadu, that is. Borrowing some ideas, not all of them. Ted Nelson is not an engineer or UX designer, some of the things he wanted to do in the 1970s look cool on paper, but they don't work very well for humans, or for real world computers.

That being said, brilliant guy, brilliant vision.

Gopher talk (Stuff other people have mentioned) 

@h @jeffcliff He seemed it in the interview I saw.

But other than the bit with him, the movie was essentially garbage, IMO

Gopher talk (Stuff other people have mentioned) 

@brennen @ajroach42 @jeffcliff

Also recommended:

1. Memory Machines: The Evolution of Hypertext, by Belinda Barnet

2. Bootstrapping
Douglas Engelbart, Coevolution, and the Origins of Personal Computing, by Thierry Bardini

Gopher talk (Stuff other people have mentioned) 

@jeffcliff @ajroach42 @brennen

3. Computer Lib/Dream Machines, by Ted Nelson (PDF scan)


Gopher talk (Stuff other people have mentioned) 

@ajroach42 @jeffcliff My main disagreement with Nelson, however, is that his original vision of Xanadu contemplated royalties for works published online and tight copyright tracking.

He envisioned that in 1965 when the world was a lot different, it may have seemed übercool at the time in liberal arts school, but I don't believe in intellectual property in 2017.

Gopher talk (Stuff other people have mentioned) 

@h @ajroach42 we are together on that one i think.

Gopher talk (Stuff other people have mentioned) 

@h @jeffcliff

See, that's what I'm talking about. IP is outdated.

Gopher talk (Stuff other people have mentioned) 

@h @jeffcliff Yeah, that's the dude, Ted Nelson.

Gopher talk (Stuff other people have mentioned) 

@jeffcliff Yes, you are entirely correct. This wasn't really about tor, but that's a welcome and valuable point.

Gopher talk (types) 

@ajroach42 with type 0 like plain text files or you suggest a new type (e.g. m)?

Gopher talk (types) 

@Dereckson Either?

Markdown files are plaintext files, so I don't mind when I see them published as plaintext files.

Gopher talk (types) 

@ajroach42 To define a new canonlical type would allow rendering by Gopher clients. To detect markdown to try to render headings, code block, etc. is tricky without any hint (especially as there are a lot of other formats like rst used by Python doc).

Sign in to participate in the conversation
R E T R O  S O C I A L

A social network for the 19A0s.