Iroh 1.0 - Hacker News

Posted by chadfowler 8 hours ago

Iroh 1.0(www.iroh.computer)

795 points | 257 commentspage 4

genpfault 7 hours ago|

C binding: [0]

[0]: https://github.com/n0-computer/iroh-c-ffi

dignifiedquire 6 hours ago|

Which I just finished updating to 1.0. But it is currently lacking in breadth of API, so if you start using it let us know what you are missing. In the meantime https://github.com/n0-computer/iroh-ffi has the other language bindings with a more comprehensive API

dangoodmanUT 5 hours ago||

iroh is consistently one of the most delightful projects i've ever worked with. The people reflect that too.

Congrats iroh team!

infogulch 3 hours ago||

How does Iroh's performance compare to wireguard?

arianvanp 2 hours ago||

Are you able to do any form of highly available loadbalancing with this?

overgard 5 hours ago||

This sounds useful, but isn't this the problem that ipv6 is supposed to solve with 128bit addresses? (I'm not really familiar with why IPv6 never really seemed to take off -- does NAT block incoming IPv6 traffic? (I guess that's the other thing -- even though my devices all seem to have IPv6 addresses I can't recall ever using them))

rklaehn 4 hours ago||

IPV6 addresses are still addresses. They get assigned to your device, and change as you change networks.

Iroh addresses are (currently Ed25519) keys. They are not scarce, so you can create them on demand and keep them as you move from one network to another.

If IPv6 was everywhere I guess the hole punching feature of iroh would become less important, but the dial by key feature would remain just as important.

tancop 4 hours ago||

[dead]

w10-1 5 hours ago||

I definitely see the value! But I'm not confident I can tell whether there are e.g., security implications, and I couldn't find anything on point in the docs or on github (other than one discussion on authentication that mentions the information disclosed). Would love a whitepaper on that and any other issues adopters should consider.

rklaehn 4 hours ago|

We should definitely do a better job explaining this.

Regarding security, one thing to be aware of is that iroh connections are just standard QUIC connections secured using standard TLS with the (also standard) raw public keys in TLS extension.

We don't roll our own crypto. What little non-standard crypto we had previously was removed on the path to iroh 1.0.

So iroh connections are just as secure as the QUIC/TLS connections your browser makes to your banking app. Whenever there are some new concerns like for example post quantum security, we can benefit from industry standards.

E.g. we do already support optional post quantum key exchange to secure connections.

https://www.iroh.computer/blog/iroh-post-quantum-handshakes

dignifiedquire 7 hours ago||

hey, I helped make this :) will try to answer questions where I can

piskov 7 hours ago||

Does this solve the problem of internet segmentation due to politcs?

For example: dns control, tls certification bans (just this month both let’s encrypt and globalsign started revoking Russian certificates), once google starts really complaining about https it gets ugly.

Russia aside, anyone else is closely watching (europe, brics, what have you)

dignifiedquire 7 hours ago|||

While it doesn't solve all the issues that come up through the current segmentation, it is very much possible today to assemble components that let you forget about segmentation while you use it. And it is designed from the ground up, to use existing internet technologies, while avoiding the lock in and dependencies on browser vendors or other large players.

rklaehn 6 hours ago|||

I would say it is an excellent building block for application developers to route around the segmentation. There are several projects that work well in restricted enviroments that use iroh for some features. E.g. https://delta.chat/en/

E.g. you could write an excellent encrypted chat app using iroh, the Tor or Nym custom transport, and BLE or direct wifi for local connections.

You have to be careful though to make sure you configure the transports correctly in order not to expose data you don't want exposed. Iroh can be used in highly restricted environments, but the defaults favour performance over complete metadata privacy.

zelias 7 hours ago|||

how can i make it give me zen-inspired life advice?

Hugsbox 7 hours ago|||

I'd also like for it to prepare tea

projektfu 7 hours ago||||

Jasmine tea and a game of Pai Sho.

dignifiedquire 6 hours ago|||

the zen life advice will come if you use it long enough :)

tmzt 6 hours ago|||

I've been working on a mesh network for private AI models running remotely, controlled by mobile devices (smartphones, tablets, etc.). The mesh is constructed like a piconet, a few devices controlled by a single individual, layered on top of the internet.

How does it support semi-connected devices, intermittent connection failures, etc?

karissa 6 hours ago||

Hi, I also work on iroh.

Iroh is built for environments where connectivity is unreliable or intermittent, so it can be a good fit for use cases involving connection failures, offline periods, or semi-connected devices.

We provide a range of peer-to-peer protocols that don't require a central server, including key-value stores, blob transfer, collaborative documents, and streaming audio/video. These protocols are designed to synchronize devices back to a consistent state, even after long disconnections or network interruptions.

If you'd like to explore whether iroh could work for your use case, we're happy to chat. Feel free to email us at support@iroh.computer, and we can set up a call.

eikenberry 4 hours ago|||

Why a library and not a service/daemon? Or are you planning to write a server based on the library and just haven't got to that yet?

rklaehn 4 hours ago||

We think a library is more useful for widespread adoption. I can't get my mother to install a daemon, but I can get her to download an app that uses iroh under the hood.

Besides, as a lot of people have mentioned already, if you want a dedicated server there are a lot of existing options.

We did write a few small dedicated applications to show off iroh, sendme https://www.iroh.computer/sendme and dumbpipe https://www.dumbpipe.dev/ .

amatheus 7 hours ago||

This looks very interesting. I’m not sure I understand this, but it seems to me like it competes (or is in the same space as) both Tailscale and zeromq/nanomsg via the protocols? I think it would be nice to have a comparison page to make it easier to position it (I didn’t find one).

rklaehn 7 hours ago|||

A key distinguishing factor is that iroh is meant to be used as a library that you can embed into your desktop, mobile or embedded apps.

Up to now our users are mostly teams that have a rust or C/C++ core, such as https://delta.chat/ . But now that we have bindings teams who use other languages should be able to use iroh.

So you can write e.g. an android and ios app that uses iroh direct connections under the hood, and the app user does not have to know or care about this at all.

matheus23 7 hours ago|||

We keep thinking about ways to combine iroh + zeroMQ! I think these two could compose. (Not familiar with nanomsg myself)

About tailscale: It's similar, but iroh is not a VPN, so it doesn't add a TUN interface. Instead, you'd build iroh directly into your application. Using iroh you can build a VPN, and there are projects that do so (iroh-lan/iroh-vpn are some hobbyist projects). The upside of building it into your application is that it doesn't need special permissions and is easy to ship to the user.

born-jre 3 hours ago||

As a person which tried to love libp2p so much this look. Great will definitely take deeper look

mcdermott 3 hours ago|

"If the implementation is hard to explain, it's a bad idea." --Zen of Python

More comments...