Does this thing involve a MAC address?
I know 98 and warp aren't technically ancient, but I had gotten the Xerox star 8010 emulator running well yesterday and went to work on pcem.
https://en.wikipedia.org/wiki/Yggdrasil
Just like many might pick cool and important names from Greek mythology for example, like Poseidon.
It’s hard enough to do that for centrally regulated systems. There are whole giant companies like Cloudflare that mostly exist to do that.
With a fully decentralized mesh if someone finds a working attack there is no good way to coordinate a response.
Small hobby and research nets can get away with that, but if anything like this ever got popular or even close to mainstream it would be destroyed. This is especially true if there were any way to make money by ruining it.
Right. You join the network by generating a random IPv6 address and telling someone about it. So anyone can generate vast numbers of dummy node addresses, which everybody has to track. Now you need spam filtering.
So in practice if you have doubts that your private key might have been compromised you must change your IP ASAP.
So I guess serious Yggdrasil users rely rather on a solid DNS system to manage identities and configure things. They actually need it more than the public internet !
This is the problem the blockchain & Ethereum people bumped into quickly: the 'key = identity' paradigm is elegant but in practice you need an abstraction on top to do anything serious.
I see they do have a DNS infrastructure in place [1] but most of the network services point to IP addresses, what really doesn't make sense to me.
- [0] https://yggdrasil-network.github.io/privacy.html#network-ide...
It seems to me that the main goal of the project is automatic routing that promises that in any peer graph any peer can reach any other at least somehow, which is fine for many use cases. Only in case of moving big data or very different cost of links you might want to check the node hierarchy and set manual peering from X to Y and Y to Z to make traffic flow the way you want.
Public network is a volunteer-run test ground for real life usage, and a way to connect systems that can't connect directly because of NAT. Internal speed test that is 8 hops away on the other side of the world gives me 30 Mbps, closer one, in 5 hops, reaches 90 Mbps (and the local interface is 100 Mbps), so it has some throughput for casual users.
As far as I can understand, current latency-based routing selection is just the most simple way chosen to optimise the network across the whole world, and prevent random 200 ms hops back and forth to intermediate nodes. If traffic from nodes in one half of the tree not having direct connections to the other half goes through the central nodes, it seems that at the moment it's enough for owners of central nodes to peer with each other, and have enough bandwidth. In the future they might need to take the proportions of available channels into account.
https://github.com/ripplebiz/MeshCore https://youtu.be/fNWf0Mh2fJw https://chatgpt.com/share/681c281f-0a24-8011-8ec9-6d58ce3db0...
- [0] https://reticulum.network/manual/interfaces.html#listeners
I think what they really need is cheap solar nodes that have external WiFi antennas, so they can mesh over point to point directional links.
LoRa meshing seems like it's eventually going to be a dead end in any kind of dense environments, WiFi just gets you so much more bandwidth, and the edge nodes only need ~2mA of power.
AFAIK only Reticulum and Meshtastic have software support for that ATM.
I have a proof of concept almost working using OpenDHT as a global routing backend for Meshtastic, but Meshtastic still has some security issues (No authentication on a lot of important stuff), and global routing is really only currently easy to do for unicast traffic.
But if they got rid of the channel hash thing, and instead they gave each channel a special receive address(like IPv6 multicast groups) with their own keypair, global routing would probably work fairly seamlessly.
I think ideally they'd change those node/channel IDs to rolling codes so you can't traffic analyze the global routing.
With MeshCore, it doesn't seem like there's documentation on what info the packets actually give you, so I'm not sure how that would work.
And then with Reticulum, there's no C++ implementation of LXML yet, no standalone devices, or anything like that, so I'm not sure if it can replace Meshtastic/MeshCore until that exists.
Meshtastic is also lacking some applications layer stuff, they have the same issue most IoT protocols have, tons of predefined packets for specific sensors, but no modbus-esque generic telemetry packets, no way to just say "Register 59 is 37.6, look up what that means in the register layout file with UUID Jfjeiuehbdhd"
I think Reticulum is closer to having that, with the "fields" thing.
I'm not sure how the global routing works on reticulum though, I get the impression every node needs to know about every other node with some kind of gossip protocol, but I could be completely wrong.
Reticulum also used Kivy for their mobile app, which doesn't feel as polished as Meshtastic, and it's licensed under some non-commercial creative commons thing that causes issues including it in distro repos and such, or so I've heard.
Meshtastic doesn't exist as a convenient Arduino library or Pip installable package or anything like that, it's not exactly very elegantly embeddable in existing apps, and even if it was, it doesn't have the generic abstractions to actually do custom stuff in a way the app understands.
It almost seems like we either need a heavily redesigned Meshtastic 3.0, or something completely new.
They're all amazing projects, but they're all missing something.
Just imagine somebody generating 10000000000 addresses and flooding everybody with that information.
It looks like Yggdrasil doesn't address (ha) this vulnerability? It kinda side-steps it by requiring enrollment through an already trusted node?
the process would be run again and again during configuration generation until a key that fit this criteria was found. one could up the difficulty of this process considerably.. though not in a protocol backwards-compatible way.
you also needed to find a peer.
but yeah that's a gnarly hole.
It's just a 1 byte search, completely negligible from the performance standpoint. They look for a public key that has the SHA hash that starts with 0xFC, to indicate that it's not global IPv6 traffic.
I don't think it's possible to solve this, without either making a centralized addressing authority, or involving non-trivial amounts of real money via some blockchain.
The shortest path might be a 1Mbps link with high latency. The 'best' path might be several 100Mbps links with low latency chain together.
Most of the referenced public peers are in Russia, the US and Germany it seems [0]
Will update later, because the yggdrasil website leaves me more confused than answering anything.
I've seen it posted and cheered about over socials (lemmy, hnews, reddit); might be cool to test.
From the docs: > However, autoconfigure mode allows you to quickly start Yggdrasil using sane-ish default settings, with yggdrasil -autoconf. In this mode, Yggdrasil will automatically attempt to peer with other nodes on the same subnet but will not attempt to connect to public peers by default. It also generates a random set of keys each time it is started, and therefore a random IP address each time.
yggdrasil[3510010]: 2025/05/08 08:37:16 Starting up...
yggdrasil[3510010]: 2025/05/08 08:37:16 Startup complete
yggdrasil[3510010]: 2025/05/08 08:37:16 Starting multicast module
yggdrasil[3510010]: 2025/05/08 08:37:16 UNIX admin socket listening on /var/run/yggdrasil/yggdrasil.sock
yggdrasil[3510010]: 2025/05/08 08:37:16 An error occurred starting TUN/TAP: permission denied
2025/05/08 08:37:16 Your public key is fab6caf3ae8895f5001398763db27d8e2f72f8278f44b543ba58b6658c>
yggdrasil[3510010]: 2025/05/08 08:37:16 Your IPv6 address is 200:a92:6a18:a2ee:d415:ffd8:cf13:849b
yggdrasil[3510010]: 2025/05/08 08:37:16 Your IPv6 subnet is 300:a92:6a18:a2ee::/64
So, saw a comment here from https://news.ycombinator.com/item?id=30156551 :
> I started using yggdrasil yesterday. The ability to get a static IPv6 address on a meshnet, with encrypted traffic by default, and the option to only accept inbound connections from public keys I trust is incredibly cool. Just like that I can access any of my devices that run ygg from anywhere using standard tools like git or ssh (or git-annex). It makes it really easy to network my devices together without having to screw around with split tunneling a wireguard server and create a DIY set of services to, for example, remotely manage my devices or sync things from one to the other, and that's just for starters. Feels like the Unix philosophy actually being useful for once
It uses a logical world map for improved address space allocation and routing as well as source routing. Private non-routable addresses for better privacy are planned.
It will see more development over the next years, as I will be using it in an upcoming project.
Happy to answer any questions you have here.
I'm looking for encrypted coordination with unencrypted data transmission for performance reasons in IoT devices, because the data itself is already encrypted (e.g. only https going through the tunnel).
gnabgib•3d ago
5 months ago (324 points, 107 comments) https://news.ycombinator.com/item?id=42155780
2022 (216 points, 78 comments) https://news.ycombinator.com/item?id=30156551
2019 as a Show (120 points, 15 comments) https://news.ycombinator.com/item?id=18863554