smolZINE - Issue 14
smolZINE - Issue 14
2021-11-15
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Table of Contents
- Introduction
- Hidden (and not so hidden) Gems
- Emanations
- Spelunking
- Word Search
- Community Contributions & Discussion
- Thanks
Introduction
We have a new contributor with a nice piece for Emanations and what's that down there in the Spelunking section? Yes, it is another one of ew0k's awesome adventures! I hope you're all as excited as I am.
Hidden (and not so hidden) Gems
Drift Theory (and sloum's capsule)
A perhaps less well known source of original music to discover in geminispace is sloum's Drift Theory. While you're at it I'd highly recommend checking out everything sloum has to offer. You'll find things like the spacewalk aggregator, geminews news proxy, recipes, the bombadillo smolnet browser and the list goes on!
=> gemini://gemini.circumlunar.space:1965/~sloum/ Drift Theory
=> gemini://rawtext.club/~sloum/sloum's capsule
rlamacraft
Another well-rounded capsule with a variety of content. Recipes, music, miscellaneous thoughts and some programming and tech related posts is what you'll find here.
=> gemini://gemini.rlamacraft.uk/ rlamacraft
freeside
With a gemlog, some notes on CP/M and cyberdecks this capsule has some interesting reading.
=> gemini://freeside.wntrmute.net/ freeside
Gemrings
If you've been around on the internet for long enough you will likely remember webrings. There are a couple similar setups on geminispace you may want to join or check out to discover some neat capsules.
=> gemini://tilde.team/~khuxkm/leo/LEO Gemring
=> gemini://gem.rmgr.dev/blog/2020-07-31-ann-gemring.gmi ANN Gemring
Emanations
Security
by remyabel
Gemini is a rather niche and (relatively) small community. While security issues have cropped up here and there, for the most part it's pretty quiet and there haven't been any (that I'm aware of) major exploitation or hacking incidents.
I often hear people say "who would want to hack us?" or "it's a static website, how could you possibly hack it?" These are both of course fallacies. If you're being hacked, most likely you are either being targeted by an automated shotgun approach to steal any secrets (like private keys) or to add your computer to a botnet; or opportunistically, similar to someone seeing a juicy mark and wanting to pounce. Once one target has been compromised, it may give the attacker lateral access to more juicy targets. I don't think the chances of someone being on the receiving end of a targeted attack on Gemini to be very high, at least not at this stage. Furthermore, as brought up on IRC recently, directory traversal attacks are a very real exploit that could lead to your private keys being exfiltrated, so it's not a problem that can just be ignored.
As with any security related topic, it is not black and white. We first have to consider our threat model. Anecdotally, Gemini users love self-hosting, especially from resident networks, and the Gemini servers and clients that are most used do not see security as a priority. Self-hosting from a home network is potentially dangerous as it means that if you are compromised, the rest of your home network is potentially vulnerable. The simplicity of Gemini software may give users a false sense of security (simplicity means less bugs in theory) and since it is rather simple to spin a Gemini server up, one may not be inclined to take any hardening steps.
There are some low hanging fruit steps you can take to decrease the chances of being compromised. In my opinion, a lot of the advice for hardening web servers applies to Gemini servers as well. For example: run your server under a dedicated, non-privileged user, add some sandboxing (systemd units allow this, bwrap, whatever *BSD has), use ACLs on content directories (SELinux, apparmor, or just setfacl) and so on. Store your private keys in a safe, standard location like /etc/ssl/certs
or /etc/pki/tls/private
and appropriately permissioned. On a high level, this means even if you were to be hacked, the attacker would have less room to work with and may not even be able to actually do any damage. SELinux historically for example has put privilege exploits dead in the water.
Regardless of what approach is taken, I think that as the Gemini community grows, this is an issue that should be looked at and explored more.
Spelunking
Royal Wedding Crasher
by ew0k
You are as desperate as only a fool in love can be. The love of your life, the person who will inherit the kingdom, is getting married to someone else! You are certain that this is a grave mistake and something their parents set them up to. You are equally certain that they would rather marry you, if you only had the courage and confidence to just tell them how you feel. And now it's almost too late.
Luckily you've already managed to enter the castle. Only one problem: the king and queen know what you're up to and have sent guards to stop you. That, and you're a little chicken shit. But you can do it! You can get there in time! And tell them! Maybe...
How to Play
You need a pen, paper and a six-sided die. Keep track of your courage, which starts at 0. Each time you enter a room you'll make a choice and roll on the tables that follow it, if any. When encountering guards you may add courage points to your roll. However: you have to decide how many points to spend before you roll on the table, and those points are lost regardless of the result. When (if) you reach the wedding ceremony to proclaim your love any courage points remaining will be added to your final roll.
The guards are always on your tail, which means you can never turn back. There will always be a way forward, thankfully.
=> royalwedding/rooms/1.gmi You start in the library, where you broke in.
P.S.
You can also find this adventure on ew0k's capsule here.
=> gemini://warmedal.se/~bjorn/royal-wedding-crasher/ Royal Wedding Crasher
Word Search
by Jone
Source Material: Skewed Jaw
=> gemini://procession.flounder.online/cutups.gmi
```word search letter grid
i m f a h r v r s r u s h c o t p
g t o l p a o x q d l g e o q a r
s f j w h i s p e r i n g n b k s
c l l n o s e c a i p j b v r u k
l a n x w e q t n p s x a e q d e
i p l l r d v k c p v q p r j a w
c o m p e l l e d i d u t s k h e
l r p e v e j h a n d s u a b q d
d v z r e a r e x g m o u t h w r
s k i n a h r h a f o d p i x z j
z d c m l w m i r r o r a o a p d
x t a y d m y x p s r z u n x i k
```
compelled
conversation
dripping
flap
hands
jaw
lips
mirror
mouth
nose
raised
rear
reveal
skewed
skin
whispering
=> ./wordsearch-solution-issue-14.gmi Word Search Solution
Community Contributions & Discussion
Please consider taking part in making this zine better and more diverse by contributing your thoughts and finds. If you are interested in contributing a short article or capsule picks email me at: smolzine (at) cyberbot.space.
If you have any feedback or just want to discuss anything related to gemini or smolZINE hit me up at the above email or ping me on the fediverse at kelbot@retro.social and/or use the #smolZINE tag.
Thanks
Thank you to the following geminauts for their contributions to this issue of smolZINE.
- ew0k
- Jone
- remyabel