frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Dumb Pipe

https://www.dumbpipe.dev/
167•udev4096•2h ago

Comments

Liftyee•1h ago
I wonder how much reimplementation there is between this and Tailscale, as it seems like there are many needs in common. One would think that there are already low level libraries out there to handle going through NATs, etc. (but maybe this is just the first of said libraries!)
mpalmer•1h ago
This is made using iroh, which aims to be a low level framework for distributed software. Involves networking but also various data structures that enable replication and consistency between networked nodes.
max-privatevoid•1h ago
iroh is meant to be this library, but there is also libp2p, which existed before iroh.
binary132•57m ago
Part of the problem with libp2p is that the canonical implementations are in Go which isn’t really well-suited to use from C++, JS, or Rust. The diversity of implementations in other languages makes for varying levels of quality and features. They really should have just picked one implementation that would be well-suited to use via C FFI and provided ergonomic wrappers for it.
cr125rider•1h ago
Isn’t tailscale a wrapper around WireGuard? With some other hole-punch sprinkles?
nine_k•1h ago
...and DNS, and host provisioning, and SSO, and RBAC, and other stuff you need to sell to enterprises.
odo1242•52m ago
Well, WireGuard and WebRTC, but yes.

The real feature of Tailscale is being able to connect to devices without worrying about where they are.

bradfitz•29m ago
There's no WebRTC in Tailscale.
homebrewer•18m ago
You might be confusing it with netbird, which is the 601st implementation of a mesh network that does use both WebRTC and WireGuard.
benreesman•1h ago
Theres overlap but i can see complementary uses as well. It uses some of the same STUN-family of tecniques. I have no plans to stop using TailScale (or socat) but i think i use this every day now too.
TechDebtDevin•1h ago
Connecting phones on mobile/cignat with Tailscale is really one of the few software "Aha" moments I've had.
homebrewer•21m ago
Who cares at this point, Tailscale itself is the 600th reimplementation of the same idea, with predecessors like nebula and tinc. They came at the right time, with WireGuard being on the rise, and poured millions into advertisements that their community "competitors" didn't have since most of them isn't riding on VC money.
api•12m ago
I've met a lot of people who think Tailscale invented what it does.

Prior to Tailscale there were companies -- ZeroTier and before it Hamachi -- and as you say many FOSS projects and academic efforts. Overlay networks aren't new. VPNs aren't new. Automated P2P with relay fallback isn't new. They just put a good UX in front of it, somewhat easier to onboard than their competitors, and as you say had a really big marketing budget due to raising a lot when money was cheap.

Very few things are totally new. In the past ten years LLMs are the only actually new thing I've seen.

Shill disclosure: I'm the founder of ZeroTier, and we've pivoted a bit more into the industrial space, but we still exist as a free thing you can use to build overlays. Still growing too. Don't have any ill will toward Tailscale. As I said nobody "owns" P2P and they're doing something a bit different from us in terms of UX and target market.

These "dumb pipe" tools -- CLI tooling for P2P pipes -- are cool and useful and IMHO aren't exactly the same thing as ZT or TS etc. They're for a different set of use cases.

The worst thing about the Internet is that it evolved into a client-server architecture. I remain very cautiously optimistic that we might fix this eventually, or at least enable the other paradigm to a much greater extent.

qudat•1h ago
At pico.sh we built something similar but using SSH: https://pipe.pico.sh
benreesman•1h ago
The marketing is brilliant. The name of the company (number0) is mad hackerish man, right up my alley in the words of Charlie Murphy. I'm going to try this in my GCE on bare metal "unvirtualizer" today (number0 is what a Linux kernel would call the first tuntap with number as its prefix if you had such a patch).

These are my kind of people!

binarymax•1h ago
Does this require a 3rd party host, or is it peer-to-peer?
nine_k•1h ago
Peer to peer, unless both ends are behind NAT, then you need to run a relay.
justusthane•40m ago
They provide a default relay. It’s not clear to me whether you can manually specify a different relay.
chrisallick•1h ago
About once or twice a year a solution comes out that does this. Here is a great one for orchestrating connections: https://docs.spacebrew.cc/
latchkey•1h ago
"In 2023 it's..."
x2tyfi•50m ago
While that may be true, the branding of this particular project seems unbeatable. A literal dumb pipe man with wacky arms. It just works.
alt227•36m ago
I feel it was the same for IFTTT over a decade ago. People always move on to the next shiny thing.
nine_k•1h ago
I wonder how much different it is from Wireguard + netcat. Both run encrypted channels over UDP, but somehow differently. What does QUIC offer that Wireguard does not?
TheDong•38m ago
QUIC includes a standard for peer address discovery: https://www.ietf.org/archive/id/draft-ietf-quic-address-disc...

Wireguard doesn't, which is why tailscale took off so much, since it offers basically that at its core (with a bunch of auxiliary features on top).

Show me some wireguard discovery/relay servers if I'm wrong.

Also, QUIC is more language-agnostic. The canonical user-space implementation of wireguard is in Go, which can't really do C FFI bindings, and the abstractions are about dealing with "wireguard devices", not "a single dump pipe", so wireguards userspace library also makes it surprisingly difficult to implement this simple thing without also bringing a ton of baggage (like tun devices, gateways, ip address management, etc) along for the ride.

If you already have a robust wireguard setup, then of course you don't need this and can just use socat or whatever.

bastawhiz•32m ago
Wireguard is a tunneling protocol. Netcat lets you write things over a socket. But netcat doesn't implement mechanisms for guaranteeing that all your packets arrive over UDP mode, so you're forced to tunnel TCP over UDP for reliability.

QUIC is all UDP, handling the encryption, resending lost packets, and reordering packets if they arrive out of order. The whole point of QUIC is to make it so you can get files transferred quickly.

WireGuard doesn't know the data you're sending, and netcat+TCP is stuck with the limitations of every packet needing to be sent and acknowledged sequentially.

kevindamm•26m ago
Wireguard is opaque about the independent streams in its connection. So, while they both can encapsulate multiple concurrent streams in one connection, QUIC can do things like mitigate Head-of-Line Blocking and manage encryption at the transport layer. It also uses a connection ID on these substreams which helps make transitioning across network changes seamless.
bob1029•1h ago
I've always found this path to be more compelling:

https://github.com/samyk/pwnat

It has more edges and doesn't handle all cases, but it also avoids the need for any kind of intermediary.

rsyring•49m ago
Older solution that seems to have issues with some modern routers:

https://github.com/samyk/pwnat/issues/18

csteubs•39m ago
Just a head's up, I'm getting a 404 on the link to the relay docs (https://www.iroh.computer/docs/layers/connections) when attempting to click through.
mcstafford•32m ago
https://www.iroh.computer/docs works
dangoodmanUT•36m ago
iroh is awesome, and this is such a good demo of how stupid simple it is to use
ilovefood•23m ago
iroh is fantastic tech.

I attended Rüdiger's (N0) workshop 2 weeks ago at the web3 summit in Berlin and was left super inspired. The code for building something like this is available here https://github.com/rklaehn/iroh-workshop-web3summit2025 and I highly recommend checking out the slides too :)

scirob•6m ago
Oh they use Iroh notice!