Top
Best
New

Posted by captain_dfx 4 days ago

Rayfish, Peer-to-peer mesh VPN with no server to trust(rayfish.xyz)
69 points | 46 comments
keepupnow 31 minutes ago|
It is wrong to describe these P2P products as server-less. In order to connect two peers over WAN it needs a form of coordination server. Since Rayfish appears to be a Claude coded wrapper over Iroh it should at-least give credit to use of Iroh's discovery and relay nodes.
loxodrome 3 minutes ago||
This is cool, I'd like to try it, but how can I use it to connect peers over the public internet?
whywhywhywhy 2 hours ago||
Having an install script that you paste into the terminal and all it does is download a binary and stick it in a folder is wild.

If your users are savvy enough to be running random scripts they shouldn't need a script to do this and if they're not savvy enough to understand how to do that then the last thing they should be doing on earth is running a random terminal command off a website.

atrettel 1 hour ago||
I still have no comprehension of how curl piped into a shell command has become the default installation method for many projects (looking at you, Rust...). It breaks my brain as to how potentially unsafe it is.
barnabee 1 hour ago|||
Everyone’s eventually going to run a binary they downloaded from the same place, if you’ve already decided to do that, why is a curled install script worse?
yubblegum 1 hour ago|||
Because it normalizes a practice that, while acceptable in context of a well known project with numerous dedicated eyeballs such as Rust language, is not a generally acceptable method of installing software.
EGreg 1 hour ago||
Exactly this.

The correct way is to have M of N signatures on specific package manager pinned versions. And you trust the auditors to look at each new version, of a well-known package.

We should start a project and get it funded, to do just that. The money can go to LLM tokens for audits, at least, and hosting the multisigs and the package managers.

Anyone want to partner on this? See my profile on HN and email me.

atrettel 1 hour ago|||
The issue does not have to do with whether the download is a binary or source code. It has to deal with verifying the integrity of the download before installation.

Curl piped into a shell command provides no means to verify that the download is uncorrupted and unmodified before running it. For example, whenever I download software manually I check the downloaded file against the verified checksums to ensure that I have an unmodified version. Ideally I check this with gpg --verify on the signed checksum file (against the source's public key). This is a standard procedure for many organizations [1]. If you just download something and immediately run it without this step, you could potentially run a hacked version of the installation script.

[1] https://www.debian.org/CD/verify

drdexebtjl 39 minutes ago|||
For a Debian image, yeah, that is the threat.

But this is new software from someone no one trusts yet. Verifying the binary was not maliciously replaced by someone else doesn’t matter.

What we need here is a reproducible build made and published by an independent third-party.

NAR8789 1 hour ago|||
Doesn't curl still validate ssl certificates? So long as I'm curling an https url from a trusted domain, don't I still have a chain of trust?
atrettel 52 minutes ago||
Curl does verify certificates [1]. That does confirm that your connection is to the right server, but it does not confirm that the files were unmodified.

SSL/TLS/HTTPS is more about encrypting the traffic and ensuring that there was no tampering with the file between you and the server. The steps that I describe are more about ensuring that there was no tampering between you and the original source. Those are two separate problems. If you just rely on HTTPS, somebody can replace the file on the server with a modified version, and you would not know.

[1] https://curl.se/docs/sslcerts.html

petcat 40 minutes ago||||
Every package manager does the same thing: run a script.

Would you feel safer if they offered a .deb? Do you unpack and inspect every .deb you install?

da-x 1 hour ago||||
It's all about lowest friction + domain-name trust.

Depending on third party packaging (distribution-validated install) is much higher friction.

thomastjeffery 1 hour ago|||
It's because people are too obsessed with providing complete instructions to incorporate any package manager into their instructions.

What we are really missing is an explicit progression from new software to maintained packages across distribution. As it is, each distro expects each package to have a maintainer, and very few people actually want to do that across several distros just to release their software. Generally, the expectation is to instead just wait around for people to make and maintain those packages by virtue of their own interest in your software, but it takes a while, and discoverability isn't automatic.

asdsd34sdfsdf 19 minutes ago|||
Look, you are going to run an executable. There is no way around it. At some point you are going to fork over inscrutable, opaque sets of bits to your CPU and loudly proclaim them to be executable. The CPU does not know, cannot know and does not care. At some point this will be done. No matter how many hashes, digests and public keys you verify, the bits will be interpreted as instructions and energy will be expended to explore a state space you were told is or leads to the promised land. If deception is involved in any step in this process, the end result will not be what you expect it to be. The peculiarities of the transport mechanism by which these bits were transported to your particular device of computation is very nearly the absolute least interesting thing to worry about in this whole shit-show.

It's completely insane our desktop OSes are holding highly private data like banking details with zero meaningful support for sand-boxing.

This whole problem would be a non-issue if we got proper auditing and management tools. If we could properly inspect our system's resources and see what sandbox has access to what and when and how and at what time, etc. I could draw a line around a "file" or "directory" and proclaim it to be off-limits to everything but "banking app" or whatever.

All the signature verification in the world won't protect my sensitive data from being raw-dogged by this Verified(TM) binary blob. I understand it solves a different problem, but to me all this "proper package management" is theater if the other side of the equation is not being handled with the same amount of attention.

keepupnow 15 minutes ago||
You can create secure inaccessible directories for files via Cryptomator or Veracrypt or similar. It should be encouraged more IMO.
jayd16 1 hour ago|||
What would be your preferred solution?
zuzululu 1 hour ago||
so how did you install npm or docker?
mcsniff 1 hour ago||
Using a package manager usually
blackqueeriroh 1 hour ago||
How did you install that package manager?
singpolyma3 53 minutes ago|||
It's part of the OS
RadiozRadioz 53 minutes ago|||
I didn't, it came with the system
jasonjayr 41 minutes ago||
tinc (https://tinc-vpn.org/), a OSS mesh vpn that has existed for a long, long time, is another great solution with no central server. You can manage the public key distribution yourself, or just keep them checked into a git repo (my preferred solution), and it's been solid for years.
rsyring 52 minutes ago||
Interesting project but can't find anything useful about the author's background on GitHub.

Commit history shows the project is a couple weeks old and the commit velocity only seems possible with heavy LLM involvement. Not unexpected but worth noting.

The repo's CLAUDE.md is huge which conflicts with published best practices around agent instructions and makes me wonder how much experience the author has using LLMs.

All that said, I'd like to use something like this for my personal devices since my personal and work Tailscale networks still can't run at the same time. But there aren't enough trust signals for me for this project yet.

Fabricio20 1 hour ago||
One thing I seem to struggle to understand is, a simple invite code system is showcased, but how does host Alice in one country know how to contact host Bob in another country with just the invite code? This seems to require a coordination server at least right, or does the invite embed some sort of information that'd allow Bob to directly reach Alice with just the invite code?
tom1337890 24 minutes ago||
Iroh or n0 seems to solve that. It's they're underlying network protocol. When you're behind some cgnat, iroh falls back to public iroh relays hosted by n0: https://docs.iroh.computer/concepts/relays#public-relays

However you could self host one of these on a public server you own. Then you're independent.

utilize1808 58 minutes ago||
I think for this kind of system to work, there has to be SOME kind of public/shared server to do the coordination. If the inviting node is behind a firewall then no amount of information can enable a guest node to connect to it without a node reachable by both.
kamranjon 2 hours ago||
This is very cool - I will likely see if I can use it in place of tailscale for my local LLM hosting. I feel like not having that required login would be great. Also the direct connect feature seems pretty cool, since that’s usually all I need for my use case.
ChocolateGod 1 hour ago||
So it's effectively a clone of Nebula minus the need for a lighthouse.
Yoofie 1 hour ago||
Looks like no support for Windows :(
someonebaggy 4 days ago|
I don't know why your post was autoflagged but what makes your product unique from the rest?
More comments...