this post was submitted on 24 Jun 2024

98 points (93.8% liked)

Open Source

28881 readers

528 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 4 years ago

MODERATORS

[email protected]

Interesting OSS project: Holesail creates instant P2P tunnels between networks (like a VPN) (holesail.io)

submitted 4 days ago by [email protected] to c/[email protected]

37 comments fedilink hide all child comments

"Create P2P tunnels instantly that bypass any network, firewall, NAT restrictions and expose your local network to the internet securely, no Dynamic DNS required."

top 37 comments

sorted by: hot top controversial new old

[–] [email protected] 90 points 4 days ago (1 children)

Join our Discord Support Server

Right into the trash.

[+] [email protected] -39 points 4 days ago* (last edited 3 days ago) (3 children)

Discord is still a legitimate form of contact and support for a lot of people. Out of interest, where do you see that line? I can only see Discord mentioned alongside e-mail and some other (even less tasteful than Discord) contact methods for support.

To all those downvoting I'm not saying that Holesail is using Discord correctly, just saying that just having Discord (or any other chat platform) as an option shouldn't be an instant red flag and it depends on how the project actually utilises it.

[–] [email protected] 40 points 4 days ago (2 children)

Very first line of the GitHub readme. As a support tool it's mostly useless, endless similar or identical questions answered differently or not at all and none of it indexed by search engines for use on the web.

It's an awful data silo / black hole that increases volunteer load.

[–] peregus 12 points 4 days ago (1 children)

I've tried to use it to ask for help on a couple of other open source projects and I thought that I was using it in the wrong way, that I was missing something. So...I was not! I don't understand how people could use it for support. Guys talking over each other, questions mixed and lost between other people's chats, terrible!

[–] WhatAmLemmy 4 points 3 days ago

Every time I've joined a large group chat, I've always wished there were hundreds more people talking over the top of each other to make the whole communication thing more efficient!

[–] [email protected] 3 points 3 days ago* (last edited 3 days ago)

We use Discord rather extensively but we don't have this problem. I don't think the issue is Discord itself (or for that matter any chat, be it IRC or Matrix) but the way it is used. I think it unfair to just blacklist a project just because it uses it.

We use Discord for team chat and conversations, the instant nature of a chat app suits this purpose far more than an async platform like a forum for us. This is either commonly known or transient info, not something we are interested in preserving. Long form conversations (like the status of our OS packaging) that require input over a long period goes into a forum topic.

We also use it for support for short form questions and help - anything more than a quick answer or "active" help then we recommend filling in an issue form or using the forum.

If a question comes up more than a few times then we make sure that it is documented - either in an FAQ or in the main documentation as it is clear that information isn't readily available or easy to find.

I'm not necessarily defending their use of Discord as I don't know exactly what they are doing but it does seem they don't have any alternative community areas. In contrast, yes we have a Discord but we also have a Lemmy community, a Subreddit (I'm honestly against keeping that one going but we would rather not shut out users from support), Mastodon and forum.

So no, it doesn't increase volunteer load in all cases, it is a valuable tool for us. Not that I'm wedded to Discord in particular (I'd honestly prefer to migrate it all to Matrix) but the idea of a chat platform for projects is not a bad thing by itself, it is how the project uses it.

[–] [email protected] 29 points 4 days ago (3 children)

The problem is not that Discord is used as a contact method the problem is that Discord chats are not indexable so if someone has a problem and gets solved its gets lost on the chat logs and its not like a forum.

[–] [email protected] 10 points 3 days ago

There's a lot more problems than that lol

[–] [email protected] 2 points 3 days ago (1 children)

I think that is more of a comment on incorrect use of such a platform and it would be the same whether it was IRC or Matrix. I've put a more detailed response to another comment if you were interested - https://lemmy.ml/comment/11850496

[–] [email protected] 8 points 3 days ago (1 children)

Discord requires an account to even view a server, and the layout for forum support style questions is not there.

[–] [email protected] -1 points 3 days ago (2 children)

The same could be said of Matrix though, I don't think you can see a Matrix chat without an account either. Discord does have a forum layout... ish. It is pretty bad though and not something we use as a forum. It is used but really only as a way to separate topics in what would be a busy single chat area - more akin to something like Zulip. Even IRC channels tend to need you to connect with a nickname but unlike the others you can't see chat history without a bouncer set up and at that point you have basically made an account in all but name.

[–] [email protected] 5 points 3 days ago (1 children)

Why are you even mentioning matrix? We don't want a chat server corpo or not, we want a real functional forum with topics and history and indexed by search engines, not a single chat log that disappears into the void after 24 hours of use.

[–] [email protected] 0 points 3 days ago

I feel you haven't been reading what I've been saying if you are claiming a "single chat log". The whole point of what I'm saying is that there are various forms of communication that can be used in a project and the one I'm part of literally couldn't function with an async-only forum type setup. Chat is for temporary, transient communication. Forums (and by extension Lemmy/Reddit) are for longer form async discussions with defined topics. Both are valid as has been the case all the way back into the days of having both a mailing list and IRC channel for a project.

[–] [email protected] 3 points 3 days ago* (last edited 3 days ago) (1 children)

Yeah matrix is even worse than discord for usability and finding things.

Just use a normal publicly readable and indexed forum like has been common for the last 30+ years, I don't understand the obsession with chat clients for this purpose.

[–] [email protected] 0 points 3 days ago (1 children)

You know IRC has been used alongside mailing list for open source software communities and projects for literally decades right?

[–] [email protected] 3 points 3 days ago (1 children)

But not in place of, no one is trying to say no chat clients ever, we just don't want only chat clients.

[–] [email protected] 2 points 3 days ago

But... that is exactly what I've been saying since the start... If used correctly there is no need to instantly reject a project just because it uses Discord, or any other chat, as one of its options.

[–] [email protected] 2 points 3 days ago

I know some subreddits where people ask the same questions over and over, all day every day. They don't read the rules/sidebar, they don't read the stickied posts, they don't read the automod response and they don't search before posting. if you mention any of those they immediately turn defensive and abusive usually. it's incredibly frustrating.

[–] andrewth09 2 points 2 days ago

Welcome to Lemmy, a social media platform inhabited by Richard Stallman Redditor contrarians.

[–] [email protected] 30 points 4 days ago* (last edited 4 days ago) (3 children)

Static IP address and Dynamic DNS can expose your network to attackers on the internet. With Holesail, you expose only the port you choose.

Er, wut? If you're exposing a port, then your public IP is being used, as a port is a subset of an IP interface. So even Holesail uses the public IP in some way...thats how the internet works. Unless they're only making outbound connections, which isn't a new idea at all - Hamachi was doing it 20 years ago.

This sounds like FUD to me - of course your public IP is used, whether static or dynamic. How do they supposedly mitigate this risk?

There's nothing on the home page saying how it works, or how it's different than current solutions.

I'm intrigued to see a new tool in this space, but this one is starting off leaving a bad taste. Even Tailscale admits they use Wireguard, and even have a comparison between Wireguard and Tailscale that's pretty honest (though they focus on what Tailscale adds).

Being open and transparent is a minimum today - anything less and it's not worth the time for a second look.

[–] [email protected] 7 points 4 days ago* (last edited 4 days ago) (1 children)

My guess is that this works similar to a Tor hidden service, where you can't even access the open port without a key of some kind and then you can only access that specific port. It's not the same as having a port open on your IPv4 address since from the router's perspective it's only an outgoing connection. Somebody portscanning you wouldn't find that port open. Though I could be wrong.

[–] nightrunner 5 points 4 days ago (1 children)

This VPN protocol usually uses a private key (client) / public key (server) combo that is used to connect through a public IP address (the 2 nodes can’t communicate it without) using the specified TCP or UDP (more often lately) and port to create the VPN tunnel that’s gets established during the handshakes.

There is a whole lot more going on with the process but that’s a high level view. But I have a WireGuard VPN service running on a raspberry pi that I put in a DMZ on my perimeter firewall.

But a port scanner would be able to see that port is open. Make sure you keep your software up to date. Hopefully the software devs of the VPN application is keeping their stuff up to date to avoid any vulnerabilities getting exposed in the code and a backdoor getting created because of it. As long as that doesn’t become an issue, no one will be able to get through without the private key. And those are usually uncrackable in a lifetime with the complexity and length of the key.

[–] [email protected] 2 points 3 days ago

Open UDP ports are pretty secure and rarely found by scanners. The basic issue with scanning for UDP is, that most services don't respond to random garbage you try to probe then with. Without getting a response back, the scanner has no way of knowing if there is something running on that port or not.
Wireguard in particular only responds if the correct key is given.
Also make sure your firewall DROPs (usually the default, but do check) disallowed connections instead of REJECT. This way any UDP probing, whether it's to an open port or closed one just times out with no way for the scanner to distinguish them.

[–] [email protected] 1 points 3 days ago

Because you’re only ‘exposing’ the port on the peer to peer network.

You “publish” a port to holesail, then clients have to create a local proxy via holesail before they can access it.

I agree, It’s a dumb pointless claim. But I don’t think it’s misleading.

It looks like holesail is just tailscale, but on a much smaller scale. It’s not networks, it’s just ports.

[–] [email protected] 4 points 4 days ago

I know ngrok is something different, but do you know if it uses a technology similar to Hamachi too? I'm asking because I discovered that ngrok works even without a public IP (when you use a mobile connection for example).

[–] [email protected] 12 points 3 days ago (1 children)

I don't understand, it says it's P2P, then it also says expose your local network to the internet securely. How can a P2P service expose anything to the internet without a gateway server somewhere?

Static IP address and Dynamic DNS can expose your network to attackers on the internet. With Holesail, you expose only the port you choose.

That's also how NAT works, you only expose the ports you choose.

[–] AustralianSimon 2 points 3 days ago

Looks like tail scale for ports.

[–] [email protected] 2 points 2 days ago

Is this similar to NetBird and Tailscale?

[–] [email protected] 8 points 4 days ago (1 children)

Trying to figure this out

Hyperswam dht is used as the hole punch intermediary... Which is running on the hole punch swarm...https://github.com/hyperswarm

I can't find a good overview document of how the entire architecture works, there's no Wikipedia page on this system.

At its core, if it's open source, I want to know what I need to run this independently on my own networks without touching any of their stuff.

[–] [email protected] 7 points 4 days ago* (last edited 4 days ago)

There's more information about the components of this system here:

https://docs.pears.com

There really isn't much to this Holesail project - it's a little convenience wrapper around Hyper DHT and that's a part of this Pear project it seems. That site has a list of the various components and links to each one's GitHub.

Pear looks like an interesting project but I haven't looked through the details of how it works.

[–] [email protected] 4 points 4 days ago (2 children)

@makeasnek So, another Hamachi?

[–] [email protected] 4 points 4 days ago (2 children)

Sure, I haven't heard of hamachi. It's ok to have multiple tools that do the same thing

[–] [email protected] 18 points 4 days ago (2 children)

@makeasnek @chris

I have a whole list in my bookmarks:
- everybody knows Tailscale (and Headscale)
- Slack Nebula
- NetBird
- NetMaker
- ZeroTier
- OpenZiti
- Wesher
- PineCone
- n2n
- weron
- innernet
- vpncloud
- tinc (the OG)

[–] [email protected] 3 points 3 days ago

Yggdrasil :)

[–] BrianTheeBiscuiteer 2 points 3 days ago* (last edited 3 days ago)

Ngrok

Twingate (what I use)

[–] [email protected] 5 points 4 days ago

@makeasnek Of corse ;)

[–] [email protected] 1 points 3 days ago

That brings back memories... trying to play co-op games back in the day wasn't so easy as it is now...