thank you gemini for continuing to inspire me to think smol
i might take the plunge and rebuild my server this weekend
looking at history for context on how the UN handles apartheid: https://www.sahistory.org.za/article/united-nations-and-apartheid-timeline-1946-1994 which seems to imply that we have a difficult fight ahead without the support of the security council…
There is a pressing need to hold Israel accountable, not only for its longstanding violations of international law, but specifically for its longstanding refusal to abide by its Charter obligations. In the face of this recalcitrance, the UN must move towards expelling Israel from the organization, not only because the UN exists to uphold international law, but also to maintain the UN’s integrity as an organization. The persistent, open violations by Israel of binding UNSC resolutions cannot go unpunished. The current situation, where Israel openly accuses the UN of bias, refuses to cooperate with the organization on multitude levels, defies binding orders of the ICJ, physically attacks UN premises and staff, and even moves towards designating a UN agency as a terrorist organization, is a clear threat to the authority of the UN – an issue which the UNSC raised explicitly in the case of South Africa. To allow the situation to continue would show that international legal norms, and rules of the UN binding member states, are applied on the basis of double standards: specifically, that states allied to powerful Western countries are afforded impunity. https://opiniojuris.org/2024/10/09/israel-must-be-expelled-from-the-united-nations/
similar to data packets in NDN, each message has multiple names. a true name, which is an encoded cryptographic hash of the file itself. we call this kind of information self-certifying. given a true name, you can find a file and verify its integrity. additionally, agents can associate a self-certifying name with a pet name or subjective label of their choosing and share it with their friends/peers. zoko’s triangle can suck it. gemini://sunshinegardens.org/~xjix/wiki/cryptogen–specification/
#Israel is quickly cutting off all of south #Lebanon from land, air and sea. Now comes the starvation of civilians to force Hezbollah to surrender. This is not new: Israel has already made routine use of starvation as a weapon of war in #Gaza.
It’s a scorched Earth policy. It’s Assad in Aleppo, Putin in Grozny. Israel’s genocidal impulse is now coming for Lebanon and it can get apocalyptic very fast unless Israel is stopped by its allies immediately.
once the minibase work is done and i have my testnet up, i can start to consider the question of brokerless pub/sub. i found state vector sync pub sub in the name-data research and i wonder what a toy version of that would look like. i started work on a demo of gemini pub/sub as a soft fork of molly-brown we we’ll see where that takes me!
minibase has a network security architecture with a number of overlapping layers of protection. first, routers and discovery endpoints either require a password or an authorized public key to accept traffic. this setup restricts who can reach the endpoints to an extent, but peering with enough third parties with less restrictive policies will practically allow global routing. since this is a possible policy choice, minibase also requires internal traffic to be authenticated. overlay traffic is automatically encrypted by yggdrasil, but applications should still treat the traffic like its clearnet and use tls. currently i’m requiring a dns acme challenge to generate wildcard certs, but eventually it might make sense to scope the certificates to the specific service its associated with. we don’t have much config generation in the nix modules yet, but something like this should be possible eventually. i’m working on configurations for ory oathkeeper, hydra, and kratos to provide a federated auth framework that your network services and minibase configs can integrate with.
so i learned that my vpn provider uses nftables to tag traffic for split tunnelling. so it looks like i’ll be converting my iptables rules. there’s some implication for docker containers that i’ll have to reckon with, but i’m already nesting them inside a nixos container so i don’t really need docker to touch the network at all. after that i’ll be able to define some rules to allow traffic meant for the yggdrasil network to reach the tunnel. this will be important later.
freebsd makes a lovely server os, nixing it would be fucking excellent. i wonder if they ported systemd? shit’s making me curious
i don’t normally reach for go when starting a project, but this pubsub gemini thing seems like a great addition to ~solderpunk/molly-brown and i was already intended on adding titan support so i might as well get familiar with the codebase.
nixbsd is taking a long time to build, but that’s expected. i guess a fast machine can do it in just 8h. might be about time to get my binary cache setup. my machine can only handle max-jobs=2 :(
gemini calls the request-response cycle a transaction in the spec. since trasactions are not cached, we have this problem where we can’t tell if anything was updated without fetching it and we can’t indicate how often a client should expect the content to be valid. the most common solution right now to just to keep requesting the resource until it changes or stops existing, which isn’t ideal. this sort of update notification model is interesting because it re-frames your thinking into something more like event sourcing. you end up needing to add an event queue and dispatch to the server, which is a bit more complex on the server side than plain static files, but the client stays the same. i’m curious to see what kind of systems could be built on this gemini message queue concept.
zmq seems like an interesting tool for building task queues and other types of messaging apps. the other option i’m looking at is rabbitmq which has some interesting features like mqtt bridges and federation, but as a result involves a broker. i would like to eventually have all of the ships systems (or at least on the inter-system boundary) communicate over a brokerless messaging protocol. off the shelf env devices and trackers all communicate over an mqtt bridge so some brokering is probably unavoidable without getting into fully custom tech, but that’ll blow the budget.
that’s a neat solution to the dead old feeds problem. pull-once-once-on-notify seems to fit the gemini tx model better than scraping pages on a cron timer. i don’t have a mechanism in my setup to produce that event yet other than the cron that rebuilds the capsule periodically, but that’s just a stand-in for not having any CI rn and especially not a CI that works with fossil.
time to give nixbsd a spin
End the apartheid, End the war. #FreePalestine