If you are talking about the routing and DHT behind Holesail then no, it is very efficient as the underlying tech is based on Kademliya algorithm:
Kademlia contacts only 𝑂 ( log 𝑛 ) nodes during the search out of a total of 𝑛 nodes in the system.
It is not easy to get IPv6 on every device, that is only a dream at the moment but Holesail is real and it works. It solves the issue of connectivity + firewalls.
Do not hesitate to reach out to support if you have any issue or confusion with holesail.
👀
nostr:note1kkzcdtq9lhcqvz4axwtxtjjmzdskle2qvc6pz49kgr5myddtr0zq7wwuza
Cache: 172 MB
Data: 560 KB
Looking forward to it mate, no hard feelings I am just worried about the security issues with this system.
Actually no, it is inspired from hypertele but is a separate package with a lot more features.
To expose SSH just do: sudo holesail --live 22
Even if it is a demo, it uses a relay which is a proxy. Proxies can change content, or the host itself
curl -s -x socks5h://relay.8333.space:8882 https://nprofile1qqs8a8nk09fhrxylcd42haz8ev4cprhnk5egntvs0whafvaaxpk8plgpzemhxue69uhhyetvv9ujuwpnxvejuumsv93k2g6k9kr/v1/info --insecure
This command makes a request to relay.8333.space:8882 with a profile key; it is up to the server to decide if they actually want to serve the real content; they can just swap it out for something they run themselves (pretty much how pi-hole works by swapping DNS of ad agencies to trash), and the certs are self-signed.
You would never know if what you see is actually coming from your own host or has been altered.
There is a proxy in between, from your example: socks5h://relay.8333.space:8882
That transfers all the control to this proxy alone, they get to choose what and how they want to display 👀
If it is someone with malicious intent, they will do whatever they want.
Check out Cloudflare Zaraz; it injects the website with whatever content you like because they have the domain with them. (The NS)
Similarly, Ad and tracking agencies dynamically insert ads into the website without ever touching their main code.
It is https, but the certificate is not yours, and neither the origin server, they can insert whatever they like.
Not currently at the moment but Holepunch plans to make a whole Operating system for peer to peer, so in the long run yes.
I am aware, that is why I am against both port forwarding and dynamic dns
The URLs , whoever control the relay domain / url , they control the web service.
Instead of using central servers to expose your self-hosted stuff, you can use Holesail to do the same, and it all connects peer to peer; there is no third party in between.
+ There is no public URL like a domain, so hackers can not find you. Only the person you choose to share the connection with can find you and connect to you.
https://primal.net/e/note1hm3gszzm4kd2qp5wz3003drg3qmawa9flv6m27qa4ctp8mrrwqkq0jllw3
This should explain it
Huge milestone: First demo of Nostr Web Services (NWS) bringing TCP to Nostr. With NWS, you can host any existing web application on Nostr without having to use DNS or even announce your public IP to the world, simply by sharing your service's npub (or nprofile).
Try it out the demo yourself. Here is a Cashu test mint running with NWS. Let's use curl to retrieve the mint's information. The request travels from your computer to the public NWS entry relay, then through nostr to the service's NWS exit relay. At the other end is a Cashu mint with HTTPS encryption.
```
curl -s -x socks5h://relay.8333.space:8882 https://nprofile1qqs8a8nk09fhrxylcd42haz8ev4cprhnk5egntvs0whafvaaxpk8plgpzemhxue69uhhyetvv9ujuwpnxvejuumsv93k2g6k9kr/v1/info --insecure | jq
```
I can't stress this enough: THE MINT RUNS BEHIND HTTPS!
The NWS entry relay can't read your traffic. It's encrypted. We can host public entry relays that can be used by anyone.
This means we can plug the entire internet to it 🌐.
Let's plug it into Cashu for now. Nutshell wallet supports socks5 proxies (that's how it uses Tor). By setting the public entry relay as the proxy, the wallet can now connect to a mint's npub/nprofile and communicate with it via NWS.
This is going to be so freaking cool. And it's going to be a lot more useful than just for Cashu. There are still bugs and issues that need to be ironed out but the code is coming out soon. Watch this space.
Unpopular opinion: Absolutely terrible idea
Nostr-web-services is just ngrok / cloudflared with extra steps and more concerns about safety.
1. The things you expose are public; hackers can find you and see whatever you are hosting.
2. You DO NOT OWN your web service if the name servers are not under your control.
Whoever owns the name server is the prime authority, and they can inject whatever they want into your website.
Imagine out of 10 relays, even one of them injects your website with a code to steal passwords and you happen to use that relay (YOU ARE COMPROMISED!!)
It is as dangerous as port forwarding / dynamic DNS with extra concerns about integrity.
When I say "as dangerous as port forwarding", I think I am explaining it casually, but in reality, this is far more dangerous and concerning.
Just two days ago when I was looking into issues with port forwarding / dynamic DNS / Nostr-web-services, I discovered:
1. THREE THOUSAND (3k!!!!) Tesla with open information about their home coordinates, their kid's school, drop location, their workplace, their exact address, if their Tesla is active or not.
2. 6K + Camera with a full recording of the whole month, installed in people's personal—-BEDROOM--, baby monitor.
There is no excuse for self-hosting irresponsibly; it should be done to increase your privacy and security, not to increase the risk.
Holesail provides a way to achieve this peak self-privacy and security. You expose only what you 🫵 choose, and only the person you want can access it, with no chances of a man-in-the-middle attack from a random relay and their DNS hosting.
I like how enthusiastic people are about Nostr and Nostr-based services, but we should NOT overlook the security and risks some of these ideas might bring!
nostr:npub1h8nk2346qezka5cpm8jjh3yl5j88pf4ly2ptu7s6uu55wcfqy0wq36rpev
nostr:note12vy8lmphxyfd7np7t503k8fzs3em2h6szfwad0fkgr6prjkjuhxsddyprj