Merely for a place to start, I will put 1,000,000 sats bounty on this. I will gladly put a lot more if I can speak with someone who wants to take the time to make the right implementation and really make it truly reliable. I have people who are doing the work from the other side on this already, so this would be usable *very* quickly. nostr:note1v9072gse3ztk73d80tw0sahzjat6fchs5gjt9cmd6xe023tm0luqyp9982
Discussion
Stupid question:
Shouldn’t IPv6 solve this?
Shouldn’t we start allocating all devices connected to the Internet static IPv6 addresses?
Unfortunately no. It doesn’t solve the clearnet hosting and port forwarding issues. The bigger problem isn’t simply about network segmentation, but in how to establish what devices can or cannot establish a connection and how firewalls are treated. This is why we end up leaning so heavily on the slow and frustrating Tor network for this stuff. It routes around the port forwarding problem.
Holesail (soon Liveport) does this without the latency and frustrations of Tor.
I’m sorry, but this poor, dumb engineer doesn’t understand your answer.
If everything is directly connected to the Internet, then port forwarding doesn’t even exist.
Security and firewalling is a big consideration, but we have more holistic solutions available to us these days.
We also have the problem of BGP IPv6 routing tables handling portable device routing.
But if we start again at 1969, with IPv6 technology, then all those layers of compromised network topology disappear and get replaced with clean models that get designed from scratch.
We can also build payment into the architecture, meaning least cost routing, really means that in actual cost.
if it was easier to get an IPv6 address on every device the routing problem is over
Except the for the size of the routing table, which would be bigger than the Bitcoin blockchain 😂
If you are talking about the routing and DHT behind Holesail then no, it is very efficient as the underlying tech is based on Kademliya algorithm:
Kademlia contacts only 𝑂 ( log 𝑛 ) nodes during the search out of a total of 𝑛 nodes in the system.
which is very little different from standard IP routing with subnets on interfaces of routers
routers only need to know the address spaces out each port, it's not source routing
this is why DHT can only do so much, at best a mechanism for matchmaking, the transport still needs ARP tables and whatnot
ipv4 or ipv6 the architecture is the same, there is backbones, then there is network zones and then subnets and then LANs at the edge
the biggest difference with ipv6 is the LANs have got enough addresses to not need NAT
traffic still travels the same way, you just pipe it out the interface that has the matching netmask
Thank you for sharing your views.
in terms of negotiating the problem of NAT what we need is services that give people IPv6 addresses on their devices, and anyone connected to this can be routed inbound via the hosting services
you can get a plain IPv4 inbound route with very little configuration on a VPS using wireguard as the client side outbound tunnel and all traffic for given IP/ports can then find the gateway and pop through the tununel
it's a little outside of my experience area but i know in theory it would be possible to make a routing service that lets you attach a number of IP addresses to a network with like 10gbit, 50tb traffic and make a profit on proiding users with 10 or more inbound routeable addresses, more, if you include reverse proxying as well as port forwarding
it just has to be charged on the basis of bandwidth mainly, to be economical, as the bigger your server/cluster capacity the more the bandwidth factors in the cost, and routing is the cheapest server hosting service for actual hardware requirements
https://www.rapidseedbox.com/ipv4-rental
one can get a single IPv6 address for $15/month
but for 6x more you can get 65536 addresses
all you need is a few VPS running to provide adequate uptime and you could rent them out at a profit for like $2/month, just need an easy to install package to attach the device to it
It is not easy to get IPv6 on every device, that is only a dream at the moment but Holesail is real and it works. It solves the issue of connectivity + firewalls.
Agreed, I am discussing an ideology, not current reality.
Even then that will posses similar issues to static IPv4 addresses we have at the moment.
People irresponsibly using it to expose private and important stuff online without knowledge that malicious third parties can see it.
P.s: I did some good research on this a while ago and have not posted about that yet, I will cover this ISSUE in depth in a separate post.
Yes, as I said security is a separate, but equally important consideration, but we do have better options available today than we used to and more hardware and software compute power to deal with it.
I was an IP architect in a former life 1989 - 2002, so much more knowledgable about this than security, but I have some fundamental understanding of security and the current state of the technology and the opportunities available within this arena.
I will steer away from discussing security in detail as I have less knowledge of this area.
Makes sense. Also, goal of holesail is to be easy to connect and to be secure by design with no extra configs, so that even the simplest user can use it without fearing that someone might "hack" them, or someone is watching the camera.
The problem is and always has been, “what do we have the resources to implement and who is going to implement it?” Maybe there are easier solutions and stuff already built, but I don’t know them, and I’m going to be putting a lot of my personal resources to solving this problem and nostr:npub1h5t3asu90f2x48rxtcqkjvwhza7m6kngs7vjyanx8xqyswc6es2s4645z5 has been doing the same to build Holesail on top of the same protocol stack that I’ve been working with. And despite years of claims of a problem being “solved” by tons of other software supposedly, I still have these problems, in a big way actually.
So it’s not really about what’s best, it’s about what gets done first. Maybe someone else is doing the same thing and they will finish first, but we are very, very close to this just being extremely easy and fast to both implement & connect to. With no setup, networking issues, and with reliable security from the start. I would be happy to hear that someone else has solved these better, but for now we are just pushing ahead to what we want to build for ourselves.
… and if nobody takes the bounty I’ll just redirect my devs on it, but for anyone capable, you are passing up a good amount of sats.
Understood and agreed.
Ok for simplicity, let’s just set aside port forwarding and just look at the degree of complication here:
Let’s say it’s actually an issue of switching to IPv6 and then connections are native and require no setup (I’m not seeing how that’s the case, but for the sake of exploring it). That still means we need to update millions or even billions of devices before this is workable. We need to adjust it on all clients, hardware, routers etc. maybe many are “ready,” but how and when do we activate to know it’s not an issue? It’s like trying to coordinate a hard fork on #Bitcoin.
The huge benefit of something like Holesail is it requires no updates or actions from literally anyone else. We can implement it on just two different devices and viola, it works. It’s like finding a way to do the same thing as the hard fork except it works within a single transaction without any other changes to anything.
Without a doubt IPv6 would make this all much easier, though from my understanding it will still not solve some of the important pieces. However even if it did, it’s far and away the vastly more difficult path that requires coordination and dependence upon tons of other people, devices, and software for it to truly work. Holesail works right now. I use it daily. Until there is a better solution, it seems to be the best by far, at least in my experience.
OK. For the most part, we have consensus 👍
I use Tailscale/Headscsle, but I am interested in checking this out. Thanks for the heads up.
I use SirTunnel. Just a few lines of python and caddy. It lets you tunnel out from your laptop or phone. Always intended to add sats and stuff.
I’m in the camp of “what can be done in a very standardized and simple way that’s extremely easy to replicate and will be useful for the greatest number of tools in the future. Right now I think that’s very possibly going to be the pear stack. I’ve been able to do some amazing things with it, and I hope the application we are building will be really successful.
I’ve spent way too long trying to reinvent the wheel over and over again or waiting for someone else to find the perfect solution, and have felt that the networking and connection side isn’t even our problem anymore, it’s about nothing being fully implemented or standardized. Everyone just wants to fix it “their way.” So I’m simply going all in on the pear stack for the simple reason that it works in all the ways I need it to and can be very easily made highly secure and robust as well. That seems good enough for what we need. More than happy to see people build other things and create applications, maybe we can even use them, but right now the above is all I’m looking for.
This is very reasonable.
Ultimately any choice you make is a kind of gamble.
I like pair but they seem to be over promising. It seems quite hyped.
From my experience P2P is tempting but always comes back to bite you, either through lack of scaling, or edge cases, or just doing strange things to your network and router. So if you are brave then you can try it, but long-term reliablity may be an issue.
I’ve not had any problems yet. We will see. The good thing is my application doesn’t necessitate it. We are already thinking about how to do a “just in case” connection method. Although we aren’t sure how necessary it will be. The Pear stack has been incredibly reliable for us though. Certainly far more so than the plethora of other connection methods that seem to be touted as “solutions” have been in my experience.
Not sure what overpromising you are referring to unless you just mean Keet specifically. That app has some work still needed despite the fact that I love it, but what we need for project isnt Keet related. Just needs Pear to work and so far so good. Fingers crossed.
Damnit I tried to zap this but my Zeus connected through LNC gave me an error… how unbelievably ironic considering this is the problem we are discussing 😒
Well, I went down another rabbit hole and read this thread... Do I "get" it all? Nope, but it sounds like a fascinating, worthy project, so I'm boosting it.
I may even find some personal use for holesail if it's what I think it is...😜😆💖
Is this the same underlying concept as holepunch used by Keet?