@mado Because you can't trust what a web server's sending in the background and will still be interpreted by your browser. James cover's it quite well in the video Solene linked to: www.youtube.com/watch?v=9Q3GCz….

The usual approach to web security it to try and patch all the holes, e.g. the need for NoScript, UBlockOrigin, uMatrix, cleaning out cookies and SuperCookies and so on. Have a look at coveryourtracks.eff.org/ to see how much stuff your browser is leaking about your computer.

#Gemini comes at it differently - obviate the need for those by only responding securely with a specifically requested document, and let the client handle the formatting according to the user's taste: either elegantly (ala Lagrange) or minimally as in the terminal-based clients.

While I really like some of the features HTML5/CSS3 (e.g. CSS flexboxes) and Javascript, the combined complexity of these pretty much precludes creating a new browser that isn't based on one of the very few existing engines. The #gemini markup is a little minimal for my taste but it has encouraged experimentation, both is what's essential for a hypertext system for primarily textual documents, and because the protocol is so simple, what's possible in creating new clients and servers. GemText is also easy to archive which can't be said of many websites that build their pages dynamically.
Follow

@gmoretti Yes, I recently tried to configure my nginx webserver, which serves a html clone of my Gemini pages, to do it's job in a safer way. I lostly use observatory.mozilla.org/ for this. And to get all lights green I had to do many things which I find not very useful for a static site. This is our todays world of web technics. On one hand side I like styling as expression apart from the textual content itself, on the other side it makes everything so complicated.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!