53 comments

[ 2.7 ms ] story [ 63.8 ms ] thread
I wonder how much reimplementation there is between this and Tailscale, as it seems like there are many needs in common. One would think that there are already low level libraries out there to handle going through NATs, etc. (but maybe this is just the first of said libraries!)
The marketing is brilliant. The name of the company (number0) is mad hackerish man, right up my alley in the words of Charlie Murphy. I'm going to try this in my GCE on bare metal "unvirtualizer" today (number0 is what a Linux kernel would call the first tuntap with number as its prefix if you had such a patch).

These are my kind of people!

Does this require a 3rd party host, or is it peer-to-peer?
I wonder how much different it is from Wireguard + netcat. Both run encrypted channels over UDP, but somehow differently. What does QUIC offer that Wireguard does not?
I've always found this path to be more compelling:

https://github.com/samyk/pwnat

It has more edges and doesn't handle all cases, but it also avoids the need for any kind of intermediary.

iroh is awesome, and this is such a good demo of how stupid simple it is to use
Oh they use Iroh notice!
"Dumb pipe" sounds like they forgot about security.
You can do this with ssh (and socat or mkfifo):

  # receiver
  socat UNIX-RECV:/tmp/foobar - | my-command

  # sender
  my-command | ssh host socat - UNIX-SENDTO:/tmp/foobar
You can relay through any other SSH server if your target is behind a firewall or subject to NAT (for example the public service ssh-j.com). This is end-to-end encrypted (SSH inside SSH):

  # receiver
  ssh top-secret@ssh-j.com -N -R ssh:22:localhost:22
  socat UNIX-RECV:/tmp/foobar - | my command

  # sender
  my-command | ssh -J top-secret@ssh-j.com ssh socat - UNIX-SENDTO:/tmp/foobar
(originally posted on the thread for "beam": https://news.ycombinator.com/item?id=42593135)
The approach you describe requires host to have an open ssh port you can access. quic + nat hole punching works around this.
Very handy. We've developed an industrialized variant of this in RelayKit designed for fleets of fielded devices at scale with Anycast, mTLS, multiplexing of services through a single tunnel, Bring Your Own PKI and some other fleet management features that together become a somewhat smarter pipe: https://farlight.io
The surface being http is super nice to have. It's a streams-over-http general utility, quic powered.

I'm struggling to remember what but there's a simple http service called like patchbay or some such that's a store and forward pattern. This idea of very simple very generic http powered services has a high appeal to me.

Looking forward to a future version that can do WebTransport

This is really good marketing presentation for a command line tool
I remember doing something like this with Skype many years ago (at least 15, I guess).

The old Skype, the one that was a real p2p app and before it got bought by Microsoft, was very good slicing through firewalls and NATs and it offered a plugin api, so it was easy to implement a TCP tunnel with it.

Kinda related to this, but is there something that runs a daemon on your local machine, where if a "file request document" is uploaded to mega or Google drive or something similar the (,polling) daemon recognizes the request and pushed the document/file to the file store service?
Is there a way I can use this to run remote commands on another host? Something similar to what ssh does?