I never could get Nix working but maybe someone will

  • tatterdemalion@programming.dev
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    7 hours ago

    Wireguard is p2p.

    EDIT: I guess the point is it’s doing peer discovery without static public IPs or DNS. Pretty cool!

    • corsicanguppy@lemmy.ca
      link
      fedilink
      English
      arrow-up
      2
      ·
      31 minutes ago

      Careful. The yaml cult will come after you in a long and formless column, and only self destruct when one of them is a step too far to the left.

    • infeeeee@lemm.ee
      link
      fedilink
      English
      arrow-up
      12
      ·
      edit-2
      5 hours ago
      what:
        is:
        your:
          - problem
          - with:
            YAML
      # At least you can have comments unlike in json. Who need comments in a config file anyway.
      
      • itslilith@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 hours ago

        Nothing too major about how it’s usually used, but the yaml spec does allow arbitrary code execution when parsing a file and relies on the parser to have that feature disabled: https://en.m.wikipedia.org/wiki/YAML#Security

        That’s why for python, yaml.save_load() is a thing. That’s fine for your local config files and may even be a feature for you, but it shouldn’t be used to exchange information between services.

        • infeeeee@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          2 hours ago

          My general view is similar, yaml is better if it should be written by humans, json is better if it should be written and read only by a machine. but hyprspace uses json for configuration, so I don’t really understand cellardoor’s comment

          • itslilith@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            2
            ·
            2 hours ago

            Yeah I agree. Although recently I’ve become partial to toml… In the end I’ll use what’s common in the ecosystem I’m developing in

  • infeeeee@lemm.ee
    link
    fedilink
    English
    arrow-up
    17
    ·
    16 hours ago

    Interesting, it’s on AUR, I will try it.

    So it doesn’t need any port forwarding, and works on CGNAT? How the “NAT hole punching” works? Both clients connect to something on IPFS?

    Afaik, for DHT with torrent, clients need to know at least one tracker, what is the “tracker” here? Something on IPFS? Who am I sending my IP addresses?

    How much overhead does this add to speed? I love with Wireguard, that it’s barely noticeable, really close to p2p speeds, OpenVPN was awful in this regard.

    • Possibly linux@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      14 hours ago

      First off great find. I didn’t think to check the AUR. I personally wouldn’t use it as that version is 3 years out of date but its existence means that it might be entirely possible to get a non Nix version. I’m not sure I fully understand why it needs Nix OS but what do I know.

      It is all libp2p magic

      There have been lots if talks on libp2p and Nat traversal. I suggest you check them out. How it actually works is pretty complex and requires someone more knowledgeable than me to explain. One way it works is that both devices start a TCP connection at the same time which gets the proper ports to open up.

      • infeeeee@lemm.ee
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        5 hours ago

        AUR packages ending with"-git" or “-svn” always pull the latest commit from source. The version number means that was the last time the packager had to change something on the PKGBUILD script, not the actual version which would be installed.

        Where should I look? Where were these talks? I’m interested.

        Edit: I found the whitepaper about hole punching: https://research.protocol.ai/publications/decentralized-hole-punching/

        It says it connects to a “Hole Punch Coordination (DCUtR - Direct Connection Upgrade through Relay)”. So for NAT traversal to work, you need a third party, this relay. As I expected. I guess you can self host this, but than you could just host a wireguard server. I guess if you are on a locked down network where you cannot connect to any relay (e.g. how the Chinese Great Firewall works technically they could block it) you can’t initiate a connection behind a NAT.

        Nonetheless it seems interesting, but no magic here. Maybe the big difference that the relay servers are distributed, so no central authority to block easily.

  • Matt@lemmy.ml
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    2
    ·
    edit-2
    5 hours ago

    What about Tailscale? I know it’s Proprietary software, but still.

    • drathvedro@lemm.ee
      link
      fedilink
      English
      arrow-up
      7
      ·
      8 hours ago

      Tailscale… is not that good. The underlying wireguard is robust, but tailscale control plane is completely proprietary, as well as their DERP servers that it too often uses completely needlessly. They can also block you off from downloading it, updating, or logging in, if you happen to be in a wrong country.

      I’m myself looking for an alternative to it, but having trouble finding something I could share with non tech savvy friends while not being as complex on my end as, say, open/strongswan ais. Any suggestions welcome.

    • Possibly linux@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      8
      ·
      9 hours ago

      Tailscale is actually a lot more open than you think. The agents are all foss and there is a self hostable version.

        • Obinice@lemmy.world
          link
          fedilink
          English
          arrow-up
          16
          ·
          14 hours ago

          Is IPFS something your family and friends check on regularly? I don’t even know what it is.

          Considering your reluctance to give any information about your assertion that such a project using it becomes useless, I’m not sure you know what it is either :P

          • 31337@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            11
            arrow-down
            1
            ·
            10 hours ago

            I haven’t checked it out in years. From my understanding, IPFS aims to be a distributed filesystem that kinda works like Bittorent. If you access a file, you then seed it. Last time I checked it out, the project was jumping on the crypto bandwagon… Just checked out their website now, and don’t know WTF it is.

    • Valmond@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      16 hours ago

      I sure wonder how this is supposed to function, any explanation anywhere, like a diagram or something?