frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

GotaTun -- Mullvad's WireGuard Implementation in Rust

https://mullvad.net/en/blog/announcing-gotatun-the-future-of-wireguard-at-mullvad-vpn
162•km•2h ago•35 comments

Amazon will allow ePub and PDF downloads for DRM-free eBooks

https://www.kdpcommunity.com/s/article/New-eBook-Download-Options-for-Readers-Coming-in-2026?lang...
146•captn3m0•3h ago•68 comments

Beginning January 2026, all ACM publications will be made open access

https://dl.acm.org/openaccess
1814•Kerrick•21h ago•223 comments

Getting bitten by Intel's poor naming schemes

https://lorendb.dev/posts/getting-bitten-by-poor-naming-schemes/
176•LorenDB•7h ago•94 comments

Texas is suing all of the big TV makers for spying on what you watch

https://www.theverge.com/news/845400/texas-tv-makers-lawsuit-samsung-sony-lg-hisense-tcl-spying
925•tortilla•2d ago•462 comments

We pwned X, Vercel, Cursor, and Discord through a supply-chain attack

https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28
947•hackermondev•18h ago•353 comments

1.5 TB of VRAM on Mac Studio – RDMA over Thunderbolt 5

https://www.jeffgeerling.com/blog/2025/15-tb-vram-on-mac-studio-rdma-over-thunderbolt-5
464•rbanffy•15h ago•147 comments

Show HN: Stepped Actions – distributed workflow orchestration for Rails

https://github.com/envirobly/stepped
8•klevo•5d ago•2 comments

History LLMs: Models trained exclusively on pre-1913 texts

https://github.com/DGoettlich/history-llms
570•iamwil•14h ago•255 comments

How to think about durable execution

https://hatchet.run/blog/durable-execution
15•abelanger•6d ago•1 comments

From Zero to QED: An informal introduction to formality with Lean 4

https://sdiehl.github.io/zero-to-qed/01_introduction.html
86•rwosync•5d ago•11 comments

Show HN: I implemented generics in my programming language

https://axe-docs.pages.dev/features/generics/
16•death_eternal•4d ago•4 comments

Noclip.website – A digital museum of video game levels

https://noclip.website/
271•ivmoreau•11h ago•32 comments

YouTube Is Degraded

https://downdetector.co.uk/status/youtube/
12•alphawong•13m ago•7 comments

Pingfs: Stores your data in ICMP ping packets

https://github.com/yarrick/pingfs
40•linkdd•5d ago•10 comments

GPT-5.2-Codex

https://openai.com/index/introducing-gpt-5-2-codex/
513•meetpateltech•19h ago•270 comments

Show HN: I open-sourced my Go and Next B2B SaaS Starter (deploy anywhere, MIT)

https://github.com/moasq/production-saas-starter
40•moh_quz•2h ago•20 comments

Prompt caching for cheaper LLM tokens

https://ngrok.com/blog/prompt-caching/
171•samwho•2d ago•39 comments

How China built its ‘Manhattan Project’ to rival the West in AI chips

https://www.japantimes.co.jp/business/2025/12/18/tech/china-west-ai-chips/
372•artninja1988•18h ago•428 comments

Show HN: CommerceTXT – An open standard for AI shopping context (like llms.txt)

https://commercetxt.org/
8•tsazan•2d ago•7 comments

Reconstructed Commander Keen 1-3 Source Code

https://pckf.com/viewtopic.php?t=18248
99•deevus•10h ago•15 comments

Designing a Passive Lidar Detector Device

https://www.atredis.com/blog/2025/11/20/designing-a-passive-lidar-detection-sensor
19•speckx•3d ago•0 comments

Making Google Sans Flex

https://design.google/library/google-sans-flex-font
74•meetpateltech•7h ago•52 comments

Show HN: Picknplace.js, an alternative to drag-and-drop

https://jgthms.com/picknplace.js/
342•bbx•2d ago•126 comments

Property-Based Testing Caught a Security Bug I Never Would Have Found

https://kiro.dev/blog/property-based-testing-fixed-security-bug/
38•nslog•13h ago•12 comments

Show HN: Stop AI scrapers from hammering your self-hosted blog (using porn)

https://github.com/vivienhenz24/fuzzy-canary
281•misterchocolat•2d ago•200 comments

Skills for organizations, partners, the ecosystem

https://claude.com/blog/organization-skills-and-directory
272•adocomplete•20h ago•151 comments

SMB Direct – SMB3 over RDMA

https://docs.kernel.org/filesystems/smb/smbdirect.html
37•tambourine_man•11h ago•11 comments

Great ideas in theoretical computer science

https://www.cs251.com/
136•sebg•14h ago•30 comments

Firefox will have an option to disable all AI features

https://mastodon.social/@firefoxwebdevs/115740500373677782
472•twapi•19h ago•435 comments
Open in hackernews

GotaTun -- Mullvad's WireGuard Implementation in Rust

https://mullvad.net/en/blog/announcing-gotatun-the-future-of-wireguard-at-mullvad-vpn
162•km•2h ago

Comments

nevi-me•1h ago
If anyone working on the implementation is here, was it not possible to upstream your changes to BoringTun? The blog mentions some changes but doesn't go into detail on that aspect.
embedding-shape•1h ago
I'm guessing because BoringTun has been in a state of "currently undergoing a restructuring" for something like 3 years by now, I'm guessing Mullvad wasn't too keen to maybe/maybe not be able to contribute, and much more prefer being in 100% control of their own implementation.

As someone who wants to see Wireguard succeed and in even wider use, this move makes sense from that perspective too. The more implementations we have available, the more we can trust that the protocol is secure and stable enough. Personally I also have about 100x more trust in Mullvad than Cloudflare both in terms of security but more importantly privacy, but that's just the cherry on top.

ur-whale•1h ago
One meta thing I've always wondered ... Are multiple implementations of the same protocol good or bad for security?

Probably naively, I'm thinking:

    - diversity: good
    - doubling the attack surface: real bad
What do the security folks out there think of the topic?
stevefan1999•1h ago
That's really good because it means it will be able to have more exposure, more exposure means more improvement, more improvement eventually dig out bad bugs and reduces the attack surface in the long run
embedding-shape•1h ago
I think the general consensus is that it improves security of the protocol, but obviously that won't matter much if the implementation gets something wrong or has worse security by itself.

Issues in the protocol itself would need all implementations to change, but issues in the implementation would obviously be isolated to one implementation. For something like Wireguard, I'd wager a guess that issues in the implementations are more common than issues in the protocol, at least at this stage.

mwalser•1h ago
I wouldn't say that multiple implementations are duplicating the attack surface since most users will not end up running them in parallel.
ur-whale•1h ago
I meant at a global level (think as if you're attacking all wireguard users, not a single one)
swiftcoder•48m ago
The increased attack surface mostly only affects that one particular implementation though. So, yes, twice as many implementations that may contain exploitable bugs, but each new implementation could only be used to exploit a fraction of the total user base
rlpb•45m ago
> could only be used to exploit a fraction

If anything this is a even a good thing, since it means that each individual vulnerability an attacker finds is less valuable to them.

turblety•1h ago
Nice, I love WireGuard. I ended up building WrapGuard [1] to run applications without root access to the host and choose Go to write it in. I don't really know Rust, but does it make more sense for firmware/networking type software? Is there even a difference?

1. https://github.com/puzed/wrapguard

skylurk•1h ago
Pick the devil you know, as they say.
unrealhoang•1h ago
from TFA, the main advantage would be for embedded (as a library) use case, FFI with Go is harder.
maxmcd•45m ago
I believe you are making use of gVisor’s userspace TCP implementation. I’m not sure if there is something similar in Rust that would be so easy to set up like this.
gwehrli•3m ago
There isn't something as mature as gVisor afaik. https://github.com/smoltcp-rs/smoltcp implements many of the same abstractions as gVisor.
chjj•14m ago
Very cool project. Is it always an LD_PRELOAD or can it function as a standalone SOCKS proxy similar to wireproxy?
imcritic•1h ago
I wish they would improve wireguard-the-protocol as well: wireguard doesn't stand a chance against gov/isp blocks.
razighter777•1h ago
That's more of a job for an encapsulating protocol. (shadowsocks or similar) Wireguard isn't designed to be obfuscating alone. It's just a simple l3 udp tunnel with a minimal attack surface.
Hendrikto•33m ago
> It's just a simple l3 udp tunnel

Wait, isn’t UDP L4? Am I missing something?

eurg•15m ago
Yes, but it tunnels arbitrary IP packets encapsulated in UDP.
gwehrli•12m ago
Wireguard is a L3 VPN that uses UDP (L4) for tunneling. Thats probably what was meant.
tvshtr•1h ago
There are forks of wg because of this. Like amnezia-wg
DANmode•13m ago
This is a neat project!

https://docs.amnezia.org/documentation/amnezia-wg/

tetris11•1h ago
Anywhere I can read more about this?
DANmode•34m ago
Known Limitations

WireGuard is a protocol that, like all protocols, makes necessary trade-offs. This page summarizes known limitations due to these trade-offs.

Deep Packet Inspection

WireGuard does not focus on obfuscation. Obfuscation, rather, should happen at a layer above WireGuard, with WireGuard focused on providing solid crypto with a simple implementation. It is quite possible to plug in various forms of obfuscation, however.

tl;dr Read the docs.

Hakkin•1h ago
I definitely noticed the performance boost on my Pixel 8, for some reason it seems to really not like wireguard-go, it struggled to pull even 100mbps, maybe something unoptimized on Google's custom hardware. With the new GotaTun version I can pull 500mbps+, though unfortunately it also seems to have introduced a bug that randomly prevents the phone from entering a deep sleep state, so occasionally my battery will randomly start draining at 10x normal speed if I have it enabled until I reboot.
Hasnep•30m ago
Oh, this is the reason the Mullvad app on my Pixel 6a was suddenly able to connect in less than a second where before it would take 5-10 seconds, nice!
vjerancrnjak•13m ago
Same behavior on raspberry pi 5. Might be just lack of arm optimizations.
intsunny•1h ago
Its funny, this is another of the billions of reasons why Mullvad should be the VPN of choice. But so many fucking people can't ever get over that their favorite social media influencer/Youtuber is offering a code for 200% off of NordShark VPN, now with extra AI.
tumdum_•39m ago
You do know that NordSec maintains its own rust fork of BoringTun: https://github.com/NordSecurity/NepTUN ? :)
gwehrli•9m ago
There is also https://github.com/firezone/boringtun which is a fork by https://www.firezone.dev/
eatbitseveryday•36m ago
It became less of a choice for many after they sadly had to disable port forwarding.
jorvi•18m ago
Yeah, their reasoning is solid (easy to abuse) but it is still a very useful feature.

AFAIK, at the moment your choices are AirVPN and ProtonVPN. AirVPN has static port forwarding and Proton has UPNP port forwarding.

swexbe•7m ago
I wish I could use Mullvad. But their IPs are banned from many streaming services and they don't change them often enough so I am stuck with Nord.
alias_neo•44m ago
Is there any way to switch to this implementation for generic WireGuard users?

I tried downloading their Android app, but it's not generally usable for people who host our own WireGuard, which is fair enough.

wasmitnetzen•30m ago
The github repo is linked in the post which has build instructions: https://github.com/mullvad/gotatun