Iroh 1.0 - Hacker News

Posted by chadfowler 13 hours ago

Iroh 1.0(www.iroh.computer)

982 points | 292 commentspage 7

arianvanp 8 hours ago|

Are you able to do any form of highly available loadbalancing with this?

saberience 12 hours ago||

This page is basically useless in explaining what Iroh is or does and why I should care.

bel8 12 hours ago||

As I see, it tries to explain.

But as someone who's not a network specialist, I fail to see how this is not a glorified P2P DNS.

Maybe this example helps:

https://github.com/n0-computer/iroh#rust-library

    const ALPN: &[u8] = b"iroh-example/echo/0";

    let endpoint = Endpoint::bind().await?;

    // Open a connection to the accepting endpoint
    let conn = endpoint.connect(addr, ALPN).await?;

    // Open a bidirectional QUIC stream
    let (mut send, mut recv) = conn.open_bi().await?;

    // Send some data to be echoed
    send.write_all(b"Hello, world!").await?;
    send.finish()?;

    // Receive the echo
    let response = recv.read_to_end(1000).await?;
    assert_eq!(&response, b"Hello, world!");

    // As the side receiving the last application data - say goodbye
    conn.close(0u32.into(), b"bye!");

    // Close the endpoint and all its connections
    endpoint.close().await;

dignifiedquire 11 hours ago||

I would love to see that P2P DNS you are talking about

bel8 9 hours ago||

Perhaps it doesn't exist because there's no real need.

embedding-shape 12 hours ago|||

Such is life when you choose to be introduced to something by a version update blogpost, instead of clicking in the top-left corner and reading the landing page.

SubiculumCode 12 hours ago||

Did we choose, or was that the link we were given that introduced us to it.

embedding-shape 12 hours ago||

The whole experience is fully interactive and you get to chose your own adventure! If you get lost, top-left corner is a safe bet to go to the initial page. Welcome to the internet and enjoy :)

pseudalopex 12 hours ago||

This is true. But you could click the name in the top left. Or Docs.

IP addresses break, dial keys instead

Modular networking stack for direct, peer-to-peer connections between devices

iroh establishes direct connections whenever possible, falling back to relay servers if necessary. Get fast, efficient, reliable connections that are authenticated and encrypted end-to-end using QUIC.

28304283409234 12 hours ago||

I love it. I think. But I find it hard to parse tech videos with music in the background.

nicebyte 11 hours ago||

I am confused why this is needed.

> IP addresses can break, without warning, and it's outside of your device's control.

We have DNS?

> Keys, however, are created & controlled by you. They stay the same as your device moves, and are yours to throw away, or not.

So are domain names? This page does not do a good job of helping me find what it is that I'm missing.

ben-schaaf 10 hours ago||

Your phone and laptop don't have stable IPs, let alone DNS entries pointing to them.

kkapelon 10 hours ago|||

They do if you use tailscale and friends

ben-schaaf 10 hours ago||

Everyone I'd like to connect to isn't on my tailscale, nor do I want them to be.

nicebyte 7 hours ago|||

but dynamic DNS is a thing. I've had setups for it since god knows how long, though admittedly not on my phone.

guywithahat 9 hours ago||

What you're missing is that they can't charge you for IP's, and someone else already charges you for DNS/domains. They would like to replace your IP's with keys they lookup. It's a cool idea and I would expect that they'll find a market, but I'm not sure this would be a breakthrough product for me

nicebyte 7 hours ago||

that just sounds like DNS but more centralized and not super human-friendly...

suwapat 12 hours ago||

Missing a native go version

rklaehn 11 hours ago||

Iroh is just a clever combination of existing standards such as QUIC with some draft RFCs and a tiny bit of clever custom logic added via TLS extensions.

So in theory a go implementation is possible using a go QUIC implementation that supports the multipath extension.

Our focus is the rust implementation, since it is very easy to use from compiled languages such as rust, C and C++ and to embed into languages such as js and python.

But there are some other projects that attempt to provide a native go implementation: https://github.com/tmc/go-iroh

Edit: since iroh is just a library, it is also possible to link iroh into a go program. Linking a go program from other native languages is a bit of a pain, but linking a C or rust library into a go program is relatively straightforward and high performance.

karissa 11 hours ago||

Would you use it if there was a go version?

gnarlouse 10 hours ago||

Is the intent to replace the IP protocol ever?

rklaehn 10 hours ago|

No. IP isn't going anywhere. The intent is to provide additional capabilities on top of IP.

That being said, if IP ever gets replaced, your iroh based app will continue to work pretty much unchanged. Iroh will just get you the best possible connection (IP or whatever) under the hood.

superkuh 5 hours ago||

I am happy to see that Iroh says they'll support the 1.0 protocol for the entire life of the project even if they make a new version. If they can stay true to this it'll be a useful alternative domain system. But using QUIC means it's CA TLS only. As we've seen with the US government pressure on Lets Encrypt recently this CA TLS requirement allows the US (or other nation's) feds to shut down your 'key' no matter where you are. If they allowed self signed or even plain text this would not be a serious issue. But QUIC libs generally can't do this or at best offer a 'scary' build flag for self-signed that is never enabled on any dev's machine during compiling for distribution.

rklaehn 1 hour ago|

We are using QUIC, but using a QUIC/TLS extension called raw public keys in TLS. The DNS is not involved in any way, and there is no way anybody can shut down your usage of iroh.

https://datatracker.ietf.org/doc/html/rfc7250

In the beginning of the project we did use self-signed certs, but due to raw public keys that is no longer necessary. And in any case scary build flags aren't an issue since we control our own rust QUIC implementation, noq.

sunshine-o 5 hours ago||

I am looking at the awesome page [0] and was surprise not to see a syncthing equivalent.

Wouldn't that an obvious use case? or am I missing a technical limitation?

- [0] https://github.com/n0-computer/awesome-iroh#file-sharing

Seattle3503 12 hours ago||

What are people building with Iroh?

Arqu 12 hours ago||

By far not a complete list but a starting point https://github.com/n0-computer/awesome-iroh/

Also you can join our discord and there's #showcase https://iroh.computer/discord

mnutt 9 hours ago|||

I have been playing around with building an Iroh Tunnel Sandstorm app that can connect two Sandstorm instances, and share some capabilities exposed from one Sandstorm instance to the other, as if the capabilities were local. Iroh has been very reliable throughout the process.

karissa 11 hours ago||

See https://www.iroh.computer and "use cases" at the top of the page

r0l1 11 hours ago|

Netbird offers the same. Just based on wireguard and everything is open source.

More comments...