Thursday, 2022-05-19

Libera.chat, one year later

One year ago, the failed businessman and accused felon Andrew Lee burned the Freenode network to the ground in a fit of childish pique. Luckily, responsible people were hip to his inept shenanigans and managed to launch a new network - Libera.chat - under his very nose.

In the intervening year, Freenode is a shadow of its former self. Even the alt-right lowlifes who gleefully became mods to settle old scores have slunk away to their slimy holes, and what’s left is an empty tomb, briefly visited by confused chatters who haven’t gotten the memo.

About 2 months after the events, I wrote the following little essay which never got polished enough for publication. I figured I could just dump it here now.

Slava Libera!

Irc culture wars (2020-07-20)

IRC as a mainstream cultural phenomenon peaked in 2002. At around that time, Freenode was started to address the issues with IRC as it was: spam, warez, channel and nick hijacking, and a general juvenile attitude.

Freenode saw a need for FOSS projects to have stability. To be able to claim and keep the channels they wanted, to be able to address spam and trolls, and to have a stable environment to point users to.

At the time, Freenode was the fussy nerd, not participating in the chaos the cool kids reveled in. But it filled the need for FOSS projects, and found its own niche within IRC.

As time passed, people left IRC, but many FOSS projects stayed on Freenode. This meant that as time passed, Freenode become more and more dominant within IRC. And the IRC culture that Freenode fostered became the norm, instead of the exception.

As IRC shrank, those that held the old IRC ideals dear were forced to use Freenode more and more. There they came into conflict with the Freenode norms. Conflicts about channel ownership and the wider issues of “free speech” erupted and were dealt with. Coupled with the entryism strategy of the alt-right and the general undercurrent of right-libertarianism of FOSS, this created a minority of dissidents on Freenode, at least as well versed in IRC warfare as the staff.

The takeover/coup of Freenode should be seen in this context. The dominant ideology of new Freenode is free speech, anti-LGBT, and adherence to fringe Unix shibboleths such as anti-systemd, anti-Codes of Conduct, and anti anti-RMS. And they would have gotten away with it too, had not the old staff adroitly moved to Libera.chat, and convinced almost every FOSS project to move too. Those that didn’t move were soon alienated by the new staff, who were more interested in settling old scores than the boring work of IRC stewardship.

Andrew Lee and his hardcore supporters are now betting that there’s still a market for old-style IRC, while at the same time loudly proclaiming their continued allegiance to FOSS. But their victory is hollow. They have won the battle but probably lost the war.

Monday, 2022-05-16

PSA: unmaintained project channels on Freenode automatically redirect to #freenode

During the management changes at Freenode in Jul 2021, all access lists and channel ownerships were reset. Existing channels that were not reclaimed by projects now automatically redirect to the main channel, which is #freenode.

If you have a specific question about a project, please make sure you’re actually in a maintained channel, and not in the main channel.

If the channel is not maintained, try checking the project’s homepage for their IRC presence. It’s usually under the “Community” section.

Saturday, 2022-04-30

Gemini in April

Link to portal.

Thursday, 2022-03-31

March

Helgeandsholmen

Mar 2021 | Mar 2020 | Mar 2019 | Mar 2018 | Mar 2017 | Mar 2016 | Mar 2015 | Mar 2014 | Mar 2013 | Mar 2012 | Mar 2011 | Mar 2010 | Mar 2009

Gemini in March

I’m really enjoying using my gemlog to vent.

Link to portal.

Saturday, 2022-03-12

18,000 dead in Sweden

DateDeaths DaysDeaths/day
2020-03-11 1 0 0.0
2020-04-09 1 000 29 34.4
2020-04-19 2 000 10 100.0
2020-05-02 3 000 13 76.9
2020-05-18 4 000 16 62.5
2020-06-11 5 000 24 41.7
2020-11-01 6 000 143 7.0
2020-11-27 7 000 26 38.5
2020-12-12 8 000 15 66.7
2020-12-23 9 000 11 90.9
2021-01-02 10 000 10 100.0
2021-01-14 11 000 12 83.3
2021-01-27 12 000 13 76.9
2021-03-01 13 000 33 30.3
2021-04-24 14 000 54 18.5
2021-10-27 15 000 186 5.4
2022-01-26 16 000 91 11.0
2022-02-15 17 000 20 50.0
2022-03-12 18 000 25 40.0

Wednesday, 2022-03-02

Gemini in February

Some more action as I struggle with some server update issues. Other internal Gemini guffing is overshadowed by world events.

Link to portal.

Monday, 2022-02-28

February

St Eriksplan

Feb 2021 | Feb 2020 | Feb 2019 | Feb 2018 | Feb 2017 | Feb 2016 | Feb 2015 | Feb 2014 | Feb 2013 | Feb 2012 | Feb 2011

Tuesday, 2022-02-15

Gemini: TLS and its discontents

(originally posted to 🚀 my gemlog) gemini://gerikson.com/gemlog/gemini-sux/TLS-and-its-discontents.gmi

The TLS requirement of Gemini never really grabbed me. Solderpunk laid out the reason in this gopher post:

Encryption schemes like TLS aim to provide three things: authentication, integrety, and (transmission) confidentiality. Gemini fails to provide two of them.

The problems with TLS on Gemini can be summarized as follows:

External dependencies on a 3rd party library

This makes server development fragile, and complicates it to little gain.

Harder for older hardware to use gemini

On the one hand - super simple protocol that’s easy to parse!

On the other - you need to be able to handle the latest crypto.

TOFU stinks - authentication and integrity

To avoid the complexities of PKI (via Certificate Authorities), Gemini is ok with TOFU (Trust On First Use), which basically means the client will more or less blindly accept whatever cert comes down the pipe. This can crucially be a man-in-the-middle cert. This means that potentially nothing on a gemsite can be trusted to not be manipulated by the MiTM, including any metadata about the certificate.

Not that this really matters, because most clients don’t show any metadata anyway.

To fully trust a server cert under TOFU, the user must

  • be able to view the metadata
  • be able to compare that to a known source - which is impossible to provide on the gemsite itself. The “best” solution is a HTTPS site known to be under the control of the gemsite operator.

In addition, many gemsite operators (re-)use certs meant for HTTPS, often provided via Let’s Encrypt (see below). These certs have a short validity, so if you visit many gemsites, be prepared to see the popup about the cert being changed many times. Is it due to cert rollover or a hostile MiTM? Who knows?

The same goes for stuff like PGP keys, and potentially politically sensitive speech, which was a big selling point in Solderpunk’s original proposal to add encryption to Gopher.

An entry into the pro-column: encrypted transit (confidentiality)

So what’s left? ISPs etc. cannot directly read Gemini traffic. But they can see that Alice’s IP has visited Bob’s IP, using a port other than 443. If gemini ever becomes big, the use of gemini on port 1965 itself is a decent fingerprint. Expect ads appearing in your browsing advertising gemini-adjacent products, like ortholinear keyboards and off-grid cabin living.

Great DANE to the rescue?

DANE does seem to be a nice end-run around the need for CA certs. But they are much harder to set up compared to generating a self-signed cert.

An aside: “Let’s Encrypt!” - but why?!

Let’s Encrypt is an impressive project. They’ve managed to streamline the issuence of TLS certs for websites, they’re running a “real” CA, and they’re doing it at no cost to the user. Behind LE is EFF and other boosters of the 90s Net vision of pervasive encryption. If everyone encrypts traffic, it doesn’t stand out as much, and we are all safer (for some libertarian values of safer). And of course, mainstream browsers are slowly ratcheting up the pressure by showing scary warning triangles for plain http:// sites.

I resisted getting a CA cert for my website for a long time because I only serve read-only content. The main selling point for such sites from LE was

  • authentication - the website is identified through the cert
  • integrity - the contents of the website cannot be altered in transit.

Confidentiality sounds cool but if you’re not serving sensitive data it’s not that big a deal.

Gemini is largely read-only and specifically designed to be that way. The fact that TOFU negates authentication and integrity makes it even more ironic that it was saddled with TLS.

A missed opportunity?

In retrospect, it would have been nice for Gemini to be usable without TLS, and TLS to either use CA certs or DANE (ideally DANE, to kickstart that a bit). But right now, we’re stuck with it.

I don’t see it as a reason not to use Gemini, but I will continue to point out the inherent uselessness of it going forward.

Update

Björn (ew0k) has already written about this, I suggest reading the following which are coming from someone who knows their stuff:

Tuesday, 2022-02-01

Gemini in January

As expected, big slowdown. I still find gemini a good place to rant though.

Link to portal.

Monday, 2022-01-31

January

Jan & Karin

I’m pissed I missed focus on this. This is the day after my dad’s 80th.

Jan 2021 | Jan 2020 | Jan 2018 | Jan 2017 | Jan 2016 | Jan 2015 | Jan 2014 | Jan 2013 | Jan 2012 | Jan 2011 | Jan 2010 | Jan 2009

Wednesday, 2022-01-26

16,000 dead in Sweden

Monday, 2022-01-10

Bookends of the Raj

  • The Last Mughal: The Fall of a Dynasty: Delhi 1857 by William Dalrymple
  • The Burma Campaign: Disaster into Triumph 1942-45 by Frank McLynn

The British Raj arguably started after the Sepoy Revolt, when the British state took direct responsibility for rule in India from the East India Company , and it formally ended in 194? when India and what would become Pakistan were granted independence. The two books here bookend that period - sorta.

The Last Mughal is a brilliant account of the Revolt in Dehli, as opposed to the rest of Company India. The last Mughal emperor is basically compelled to accept the leadership of the rebels, despite not personally being inclined to. The EIC (nominally his subject) actually put him on trial for this, which is grimly hilarious. But by that time they had ruthlessly suppressed the Revolt (initially started by Hindu Brahmin soldiers) with the help of mostly Muslim levies, and the aftermath led to the extinction of the unique syncretism of the Mughal court.

The Burma Campaign will make fans of military history disappointed - it’s a quadruple biography of sorts of four military commanders involved in the Allied campaign against Japan in the Burma theater. McLynn has nothing good to say about Orde Wingate or Chiang Kai-Sheck, mildly positive things to say about Stilwell and Mountbatten, and unreserved admiration of Slim. There’s not much about the actual campaign, but mention is made of the Indian troop’s bravery and how it might have led to an increased desire for independence.

Friday, 2021-12-31

December

Årets gran

Dec 2020 | Dec 2019 | Dec 2018 | Dec 2017 | Dec 2016 | Dec 2015 | Dec 2014 | Dec 2013 | Dec 2012 | Dec 2011 | Dec 2010