SoylentNews is people
SoylentNews
from the I-didn't-see-what-you-did-there dept.
Nebula VPN routes between hosts privately, flexibly, and efficiently
Last month, the engineering department at Slack—an instant messaging platform commonly used for community and small business organization—released a new distributed VPN mesh tool called Nebula. Nebula is free and open source software, available under the MIT license.
It's difficult to coherently explain Nebula in a nutshell. According to the people on Slack's engineering team, they asked themselves "what is the easiest way to securely connect tens of thousands of computers, hosted at multiple cloud service providers in dozens of locations around the globe?" And (developing) Nebula was the best answer they had. It's a portable, scalable overlay networking tool that runs on most major platforms, including Linux, MacOS, and Windows, with some mobile device support planned for the near future.
Nebula-transmitted data is fully encrypted using the Noise protocol framework, which is also used in modern, highly security-focused projects such as Signal and WireGuard. Unlike more traditional VPN technologies—including WireGuard—Nebula automatically and dynamically discovers available routes between nodes and sends traffic down the most efficient path between any two nodes rather than forcing everything through a central distribution point.
(Score: 3, Informative) by Unixnut on Sunday December 15 2019, @02:13PM (4 children)
How is this conceptually different to I2P (https://geti2p.net/en/)?
It is hard enough to get people to make use of one encrypted network overlay, without creating more (non interoperable) variations on the same thing.
My current employer makes use of slack, and I can say is I hope this new project of theirs is less buggy and better designed. Being open source at least it should be able to be improved by the community.
(Score: 0) by Anonymous Coward on Sunday December 15 2019, @04:18PM
So long as you grok Go (which I don't), tried building it from source on two different linux distros (one 32 bit, the other 64)...no fucking joy.
I think I'll be sticking to zerotier..which also works on *BSDs and Android.
(Score: 3, Interesting) by legont on Sunday December 15 2019, @04:33PM (2 children)
Yeah, Slack is badly designed; especially compared to Telegram.
As per their mesh, does it mean that child porn will go through user's computers? I guess... Furthermore, if a bug is discovered, should an innocent expect a swat team in the middle of the night?
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 0) by Anonymous Coward on Sunday December 15 2019, @10:03PM
As much as it 'go through' the ISP's computers/devices, but they are light on the mesh details though, at least reading through the linked blog.
Not where I live. Maybe you should re-evaluate where you live or at work to change that kind of "feature" in your society, it is just sad you have to filter your life based on a potential of that situation. My hear felt condolences - truly.
(Score: 0) by Anonymous Coward on Monday December 16 2019, @01:32AM
This is tinc with presumably better performance-- a *private* overlay mesh network-- no matter where they are, all your participating machines are available, as if on a private local network-- even when behind NAT. If *you* copy child porn between machines in *your private mesh*, then yeah, child porn will traverse *your* overlay network.
If this really does have decent perf, I'm looking forward to trying it out. Tinc is awesome, but slower than molasses.