You could add crypto to gopher, but I think it's a hack

I received the following email today:

Secure gopher comment
Tue, 28 Sep 2021 16:21:10 -0400

I just read your post

About the difficultly of adding TLS to gopher. I don't think it's as bleak as you suggest. A client supporting secure gopher simply sends a TLS client hello packet when first connecting to the server. If it receives nothing or receives something that is not a valid server hello it drops the connection and switches to regular gopher for that server. To minimize the number of failed attempts the client can cache the type of server during a session or persist the status for a period of time before trying again.

As I wrote back, this is already being done by clients as can be seen from my gopher logs:

Sep 28 09:10:44 daemon info gopher remote=XXXXXX.1.36 status=false request="223120101…" bytes=82
Sep 28 09:10:44 daemon info gopher remote=XXXXXX.1.36 status=true request="Gopher:Src:port70/handlers/" bytes=505
Sep 28 16:44:41 daemon info gopher remote=XXXXXX.1.36 status=false request="223120101…" bytes=82
Sep 28 16:44:41 daemon info gopher remote=XXXXXX.1.36 status=true request="Phlog:2004" bytes=533
Sep 28 18:04:43 daemon info gopher remote=XXXXXX.1.36 status=false request="223120101…" bytes=82
Sep 28 18:04:43 daemon info gopher remote=XXXXXX.1.36 status=true request="Bible:" bytes=10647

There's also a trick that servers can do to “seamlessly” support TLS—peek at the initial packet for the start of a TLS connection, and if it doesn't match, then fall back to the normal TCP routine. There's also the posibility of a downgrade attack to prevent the client from successfully using TLS.

I'm not a fan of either of these approaches. On the client side, it makes (potentially annoying) extra requests that for the most part, will be a waste of time as not many gopher servers (to my knowledge) support TLS. And on the server side, it's a hack to peek the initial packet of data (it can be done on some systems, but I don't know if all TCP stacks support peeking at the data before reading the data).

I also mentioned that one of the major complaints about the Gemini protocol, a somewhat reimagining of gopher but with mandatory TLS, is its use of TLS. Go figure—there are people who want to add TLS to gopher, and people who want to remove TLS from Gemini.

Great, now I have to train my next manager, part II

It's time for another reorganization at The Corporation! Woot!

I've lost count of the number of reorganizations and for the most part, they rarely affect me, but this time it's different—I'm getting a new manager! It's only been eleven months since my last new manager.

This will be … um … carry the one … the eighth manager I've had at the Ft. Lauderdale Office of the Corporation since starting. And that works out to be … goes into … carry … subtract … 18 months per manager. Not quite to the level of the Defense Against The Dark Arts position, but close enough to leave me worried. I have to wonder if some malevolent force cursed my department's manager position.

Notes on an overheard conversation while leaving a doctor's office

“There! Your flu shot is over with. That wasn't so bad, was it?”

“What? You didn't hear my blood-curdling screams?”


“Hrm. They must have good sound-proofing in the stabity-stab room.”

“I bet it didn't hurt at all. I didn't feel it when I got my flu shot.”

“It was the pain of a thousand suns searing through my skin.”

“That was just the alcohol wipe.”

Science with explaination

I finally have closure.

Sixteen years ago [Sixteen years‽ Yikes!] I did some experiments with my car's keyless entry fob and found that yes, increased the effective distance of said fob out to about 90′ (30m for those who are Imperially challenged). At the time, I had no clue as to why, but this video (which was released yesterday) has a decent explanation for the phenomenon.