[HN Gopher] Magic Wormhole: get things from one computer to anot...
___________________________________________________________________
Magic Wormhole: get things from one computer to another, safely
Author : tosh
Score : 315 points
Date : 2024-08-17 16:59 UTC (6 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| ku1ik wrote:
| wormhole is awesome, useful especially in ad-hoc scenarios. I use
| it often to copy files between systems when I can't use scp
| (because of no relevant entries in authorized_keys.
| samstave wrote:
| Can I use it with my buddy on the other end and connect his
| machine to mine easily? Like let him slurp a file from my home
| machine?
| TheRealPomax wrote:
| Just set up a VPN if that's what you want?
| lotharrr wrote:
| (author here)
|
| The protocol enumerates all the IPv4 addresses on each
| side, and attempts to connect to all of them, and the first
| successful handshake wins.
|
| So if your VPN arrangement enables a direct connection,
| `wormhole send` will use that, which will be faster than
| going through the relay (and cheaper for the relay
| operator).
|
| A basic VPN gets you safe connectivity between the two
| sides, but transferring a file still requires something
| extra, like a preconfigured ssh/scp account, or a webserver
| and the recipient running `curl`/`wget`. magic-wormhole is
| intended make that last part easy, at least for one-off
| transfers, just `wormhole send FILENAME` on one side, and
| `wormhole receive [CODE]` on the other.
| tptacek wrote:
| Yes.
| hoppyhoppy2 wrote:
| A similar project with some nice features that I use is croc:
| https://github.com/schollz/croc
| Lord_Zero wrote:
| I love croc
| fn0rd_ wrote:
| Maybe stay with wormhole
|
| https://redrocket.club/posts/croc/
| Twixes wrote:
| Got fixed pretty thoroughly though, it seems!
| https://schollz.com/tinker/croc9/
| Klathmon wrote:
| I've used https://file.pizza a bunch before, only because of
| the memorable name
| foresto wrote:
| It was useless for large files when I tried it, at least on
| Firefox. It seemed to be trying to pull the entire file into
| RAM.
| bootlegbilly wrote:
| As someone who's been working on a file upload service for
| a while, this is the only real way to download very large
| files on Firefox.
|
| The file system access API is a great way to write chunks
| of a file at a gime, but for now Firefox doesn't support it
|
| https://wicg.github.io/file-system-access/
| https://mozilla.github.io/standards-positions/#native-
| file-s...
| foresto wrote:
| That makes sense, and their reasoning looks sound. Here's
| hoping the file read/write parts gets broken apart from
| the rest.
|
| Thanks for the link.
| smusamashah wrote:
| There are a few others
|
| p2pcopy https://github.com/psantosl/p2pcopy
|
| pcp https://github.com/dennis-tra/pcp
|
| wormhole-william https://github.com/psanford/wormhole-william
| singularity2001 wrote:
| scp
| dgrove wrote:
| scp has the assumption that you have a login on the computers
| you're trying to share data from. wormhole allows for sharing
| with others without providing login access to the computer
| __MatrixMan__ wrote:
| Right. Also you may have to reconfigure some firewalls to
| use scp.
|
| Typically, a firewall allows outbound connections without
| needing an explicit entry for the protocol, and in the case
| of magic wormhole, both sides are an outbound connection.
| So it passes right through.
|
| If you've got security-minded folk managing that sort of
| thing for you, it's possible that magic wormhole will upset
| them for this reason. More for policy/compliance reasons
| than actual security ones.
| layer8 wrote:
| Both problems can be worked around by having a third,
| general-purpose host where both source/destination hosts
| can scp to/from. Not quite as straightforward because you
| have to copy twice and do it from both sides, but has the
| benefit of not having to install bespoke software.
| TacticalCoder wrote:
| > Both problems can be worked around by having a third,
| general-purpose host where both source/destination hosts
| can scp to/from.
|
| Yup it's what I do, that 3rd computer having a fixed IP.
| Conveniently that computer can also keep a copy of the
| file(s).
|
| Linux/BSDs/OS X (which is kinda a Un _x too) all come
| stock with_ scp* and I don't really use Windows, so I'm a
| happy camper.
| __MatrixMan__ wrote:
| I think you could use an ssh tunnel between the
| intermediary and the destination such that the scp
| connection from the source makes it all the way through
| in one go, rather than leaving files on the intermediary.
| You'd be forwarding to the ssh port via ssh, so it would
| be a confusing bit of sshception.
|
| If I tried to actually come up with the actual commands
| for this, I'm sure I'd burn a whole afternoon on fiddling
| with it.
| haunter wrote:
| And more
|
| https://github.com/mat-sz/filedrop
|
| https://github.com/saljam/webwormhole
|
| https://github.com/schollz/croc
|
| https://github.com/dutchcoders/transfer.sh
|
| https://github.com/timvisee/send
|
| https://github.com/schlagmichdoch/pairdrop
|
| https://github.com/SnapDrop/snapdrop
| sltkr wrote:
| 10 different tools? Ridiculous! We need to develop one
| universal tool that covers everyone's use cases.
| nobody9999 wrote:
| https://xkcd.com/927/
|
| ;)
| tptacek wrote:
| And then we'll have 11.
| apantel wrote:
| That would further increase the need for a single
| standard.
| PhilippGille wrote:
| Pretty sure that was the intended joke, as many people
| came across the XKCD [1] already.
|
| [1] https://xkcd.com/927/
| gfody wrote:
| not to mention https://xkcd.com/949 which inspired many
| and more of these
| smusamashah wrote:
| I have a list of now 22 browser based p2p sharing tools that
| i shared here a few times in similar threads https://gist.git
| hub.com/SMUsamaShah/fd6e275e44009b72f64d0570...
| pogue wrote:
| I find myself using Send Anywhere [1] all the time. I
| couldn't find documentation on how the files are
| transferred or if they're uploaded to their cloud, but it's
| very handy. They claim the files are encrypted in
| transmission, but don't give details & could just be
| talking about SSL.[2]
|
| When you choose the files you want to transfer, it gives
| you a 6 digit code or a QR code. Once you enter that, the
| files are transferred! It's available for most all major
| platforms, but isn't open source. [3]
|
| I haven't read their privacy policy. Frankly, I'd rather
| not know...
|
| [1] https://send-anywhere.com/
|
| [2] https://support.send-anywhere.com/hc/en-
| us/articles/11500385...
|
| [3] https://support.send-anywhere.com/hc/en-
| us/articles/11500388...
| tptacek wrote:
| wormhole-william is just a Go implementation of Magic Wormhole;
| those are the two you should use, Magic Wormhole and wormhole-
| william.
| dunk010 wrote:
| Tailscale has that Taildrop thing now, too:
| https://tailscale.com/kb/1106/taildrop
| tptacek wrote:
| Taildrop is neat, but Wormhole is much more flexible and much
| easier to use (if you're OK with a command line tool). We use
| Tailscale everywhere here and I still wormhole things all the
| time.
| netsec_burn wrote:
| I've used wormhole once to move a 70 GB file. Couldn't possibly
| do that before. And yes, I know I used the bandwidth of the relay
| server, I donated to Debian immediately afterwards (they run the
| relay for the version in the apt package).
| teruakohatu wrote:
| The wormhole transit protocol will attempt to arrange a direct
| connection and avoid transferring data through the relay.
| bredren wrote:
| Is there a switch to fail rather than fall back on relay?
| lotharrr wrote:
| Not really.. the closest approximation would be if both
| sides set their `--transit-helper` to an unusable port like
| `tcp:localhost:9`. That would effectively remove the relay
| helpers from the negotiation list, leaving just the direct
| connection hints.
|
| But you can't currently force that from one side: if you do
| that, but the other side doesn't override it too, then
| you'll both include their relay hint in the list.
|
| Note that using the relay doesn't affect the security of
| the transfer: there's nothing the relay can do to violate
| your confidentiality (learn what you're sending) or
| integrity (cause you to receive something other than what
| the sender intended). The worst the relay can do is to
| prevent your transfer from happening entirely, or make it
| go slowly.
| lotharrr wrote:
| (magic-wormhole author here)
|
| Thanks for making a donation!
|
| I run the relay server, but the Debian maintainer agreed to
| bake an alternate hostname into the packaged versions (a CNAME
| for the same address that the upstream git code uses), so we
| could change it easily if the cost ever got to be a burden. It
| hasn't been a problem so far, it moves 10-15 TB per month, but
| shares a bandwidth pool with other servers I'm renting anyways,
| so I've only ever had to pay an overage charge once. And TBH if
| someone made a donation to me, I'd just send it off to Debian
| anyways.
|
| Every once in a while, somebody moves half a terabyte through
| it, and then I think I should either move to a slower-but-flat-
| rate provider, or implement some better rate-limiting code, or
| finally implement the protocol extension where clients state up
| front how much data they're going to transfer, and the server
| can say no. But so far it's never climbed the priority ranking
| high enough to take action on.
|
| Thanks for using magic wormhole!
| pyrolistical wrote:
| Seems like the only way to ensure wormhole to scale is to
| only to use relay server to setup direct connections.
|
| I know this requires one of the ends to be able to open ports
| or whatever but that should be baked into the wormhole setup.
| fullspectrumdev wrote:
| Maybe hole punching or similar might be worth examining?
| password4321 wrote:
| > _move to a slower-but-flat-rate provider_
|
| As I'm sure you're aware:
| https://www.scaleway.com/en/stardust-instances/ "up to
| 100Mbps" for $4/month
| lysace wrote:
| 32.4 TB for $4, or approximately 700 times cheaper than
| AWS. Neat.
| seinecle wrote:
| Bare metal _love_
| t0mas88 wrote:
| Hetzner.de has 1 gbps unlimited or 10 gbps with a 20TB
| limit on their bare metal servers. And those can be bought
| very cheap if you don't need any special hardware.
| jancsika wrote:
| I remember at one point reading about webrtc and some kind of
| "introducer" server that would start the peer-to-peer
| connections between clients.
|
| Does wormhole try something like that before acting as a
| relay?
| lotharrr wrote:
| Not yet. The "Dilation" protocol (which is about 80%
| implemented) is intended to support WebRTC as a transport
| layer. IIRC it requires a public server to tell you about
| your external IP address, but magic-wormhole already has a
| server that could play that role. Once a side learns its
| own address, it can send it to the peer (via the encrypted
| tunnel, through the relay server), and then the WebRTC
| hole-punching protocol tries to make connections to the
| peer's public address. When both sides do the same thing at
| the same time, sometimes you can get a direct connection
| through the NAT boxes.
|
| We don't have that yet, but the two sides attempt direct
| connections first (to all the _private_ addresses they can
| find, which will include a public address if they aren 't
| behind NAT). They both wait a couple of seconds before
| trying the relay, and the first successful negotiation
| wins, so in most cases it will use a direct connection if
| at all possible.
| AtlasBarfed wrote:
| It took this far down in the comments to get to some inkling of
| the meat of this.
|
| It relys on some singular or small set of donated servers?
|
| NAT <-> NAT traversal is obviously the biggest motivator, since
| otherwise you just scp or rsync or sftp if you don't have the
| dual barrier.
|
| Is the relay server configurable? Seemed to be implied it is
| somewhat hardcoded.
| lotharrr wrote:
| Yes, it relies on two servers, both of which I run. All
| connections use the "mailbox server", to exchange short
| messages, which are used to do the cryptographic negotiation,
| and then trade instructions like "I want to send you a file,
| please tell me what IP addresses to try".
|
| Then, to send the bulk data, if the two sides can't establish
| a direct connection, they fall back to the "transit relay
| helper" server. You only need that one if both sides are
| behind NAT.
|
| The client has addresses for both servers baked in, so
| everything works out-of-the-box, but you can override either
| one with CLI args or environment variables.
|
| Both sides must use the same mailbox server. But they can use
| different transit relay helpers, since the helper's address
| just gets included in the "I want to send you a file"
| conversation. If I use `--transit-helper
| tcp:helperA.example.com:1234` and use use `--transit-helper
| tcp:helperB.example.com:1234`, then we'll both try all of:
|
| * my public IP addresses * your public IP addresses * helperA
| (after a short delay) * helperB (after a short delay)
|
| and the first one to negotiate successfully will get used.
|
| > since otherwise you just scp or rsync or sftp if you don't
| have the dual barrier
|
| True, but wormhole also means you don't have to set up pubkey
| ahead of time.
| samstave wrote:
| Can you turn the magic wormhole into an API for receiving a
| JSON payload directly into your magic wormhole ontop of
| whatever youre running in a fastAPI to route that incoming
| wormhole listener?
| lotharrr wrote:
| There's a `wormhole send --text BLOB`, which doesn't
| bother with a bulk-data "transit" connection, and just
| drops a chunk of text on the receiving side's stdout.
|
| You can also import the wormhole library directly and use
| its API to run whatever protocol you want. That mode uses
| the same kinds of codes as the file-sending tool, but
| with a different "application ID" so they aren't
| competing for the same short code numbers.
| https://github.com/magic-wormhole/magic-
| wormhole/blob/master... has details.
| alanbernstein wrote:
| I realize this is a dumb question, but what's a good way to do
| this between an iPhone and a MacBook? Airdrop is disabled (by
| policy), iCloud storage is full (because I'm lazy), and I use
| syncthing on every other device, but I haven't found a client I
| can use on my work iPhone.
| tamimio wrote:
| Mobius Sync. Works like a charm.
| keb_ wrote:
| Mobius Sync doesn't sync in the background; you must have the
| app in the foreground for it to function. So, not quite a
| proper substitute for Syncthing, but may work for OPs
| usecase.
| Tomte wrote:
| Of course it syncs in the background. It's just not
| instantaneous, because iOS severely limits what you can do
| in the background.
| 369548684892826 wrote:
| Right, it does the best it can given the limitations of
| iOS, but "not instantaneous" can mean hours before
| synchronisation happens. When the phone's charging, or
| when the app is open, then it does tend to work almost as
| well as on Android.
| tamimio wrote:
| Nope, it does sync in the background, just few minutes ago
| I had a notification that it synced.
| aaronbrethorst wrote:
| Dropbox
| elesiuta wrote:
| If they're on the same network, cross platform, open source
| airdrop alternative https://github.com/localsend/localsend
| tamimio wrote:
| I like LocalSend and Landrop. The latter performed better
| when I sent large files. However, neither of them does it
| automatically; you have to manually do it every time, which
| is okay since they don't claim to be sync software.
| lazyeye wrote:
| Use Signal. If you install the desktop client Signal has a
| special "Note to Self" address you can use to transfer message
| attachments between devices.
| Ylpertnodi wrote:
| Signal 'note to self' works. I have several nts's...medical,
| links only, shopping...if I think of something on one device
| (pc/ android for me), it's on the other within seconds.
| vlovich123 wrote:
| Doesn't signal have pretty restrictive size limitations or
| does this not apply to note to self?
| ducktective wrote:
| Connect both devices to the same WiFi network and use a http
| server like: python -m http.server
| password4321 wrote:
| When python is not installed already (Windows pretty much) or
| the computer is the destination, I prefer
| https://github.com/sigoden/dufs, a single binary supporting
| uploads, folder .zip download, and even webdav
| mixmastamyk wrote:
| I used this for years, then finally implemented uploads with
| flask. Can send photos from mobile quickly.
| DavideNL wrote:
| https://mobiussync.com/
| hinkley wrote:
| I tend to message myself a lot of things. Usually links not
| files, but it works and it doesn't take me out of the headspace
| I'm occupying. Either Apple messages or slack.
| etra0 wrote:
| I've been using sharedrop.io which also is open-source [1] and
| it works quite nice, I particularly like this one because I
| don't have to install any third-party app on any of the
| devices.
|
| I think on mac Safari usually doesn't work as well as in
| Chrome, but I've been able to transfer from Windows to iOS,
| Windows to macOS and macOS to iOS without installing a thing.
|
| [1] https://github.com/szimek/sharedrop
| aborsy wrote:
| Tailscale's killer feature TailDrop. Reliable file transfer
| between devices of all kinds!
| loloquwowndueo wrote:
| Pairdrop.net is my go-to in these cases. Easy to remember, just
| add a P to Airdrop :)
| toomim wrote:
| How does this relate to https://wormhole.app/ ?
| ddtaylor wrote:
| That is something I want to know too. Do these various
| "wormhole" apps use any common protocol between them or do they
| just all use the same words and branding for different things?
| tptacek wrote:
| Magic Wormhole is the first, and is its own thing. It's
| called "Magic" Wormhole for a reason: it tends to blow people
| away the first time they use it. So lots of people have
| copied the UX, and some of them have copied the name as well.
| What you should use is Magic Wormhole itself, or, if you want
| a non-Python runtime for some reason, wormhole-william.
| bdd wrote:
| > if you want a non-Python runtime for some reason [...]
|
| Magic Wormhole project has its own alternate implementation
| https://github.com/magic-wormhole/magic-wormhole.rs, which
| is also used by delightfully designed GNOME and Android
| apps; [Warp](https://apps.gnome.org/Warp/), and [Wormhole](
| https://play.google.com/store/apps/details?id=eu.heili.worm
| h...), respectively.
| ddtaylor wrote:
| Do they share any underlying protocol standard or
| something?
| tptacek wrote:
| It doesn't, and I would say that app has a borderline
| misleading name.
| Klonoar wrote:
| This was covered on HN back when it came out - after wormhole
| (OP's link).
|
| They're unrelated.
| ddtaylor wrote:
| I find `syncthing` pretty useful for this kind of stuff. It's
| been around a long time and has a lot of different options for
| configuration and clients for every platform you could imagine,
| both UI based and command line.
|
| On every *nix platform I would just install the `syncthing`
| package and use it quite easily. I've experimented with some
| wormhole stuff before and looked at this package some, but there
| would be a lot of extra steps involved right because of the
| packaging choices.
|
| The package was removed from Fedora in 37 with the "replacement"
| being use a Snap instead [1]. That doesn't make any sense because
| that platform is heavily invested in Flatpak and it's very
| "against the grain." There are some other "Wormhole" apps on
| Flathub that are verified, but none of them are the same as this.
| Are they compatible protocol wise or just named similar things?
| That's assuming you want to enter the game of "is this app safe
| or made by the same entity?"
|
| I want to enjoy this project and others like it, but it's very
| confusing. The goal of these tools is to simplify transfer of
| files and to take most of the "pain" in doing that away. Yet, to
| actually use most of these tools in any meaningful way between
| two computers you would need to invest more time into getting
| this to run on those systems. My brain tells me to make this work
| you need a big button on the homepage for each well supported
| platform that just says "Download for Windows" along with a one-
| click solutions for various Linux platforms (one line command,
| Flatpak, AppImage, etc.)
|
| [1]: https://magic-
| wormhole.readthedocs.io/en/latest/welcome.html...
| tptacek wrote:
| syncthing and Magic Wormhole have different goals. Wormhole is
| very simple: it is a way (often the best way) to get a file
| from point A to point B, regardless of the connectivity (or
| lack thereof) between A and B, without accounts or
| configuration.
| ddtaylor wrote:
| Syncthing also does relaying like that, NAT traversal,
| bridges, etc. all automatically. If it can, it will use local
| IP connections and go blazing fast. If for some reason your
| network configuration(s) don't allow for any valid
| connections, it will use a relay or bridge - either a default
| or one you setup - and work relatively fast as well.
| rakoo wrote:
| "Connectivity" here needs to be taken at large: syncthing
| needs to have a folder already shared between two machines.
| There's some setup involved that is not automatic.
|
| The entire setup phase of magic wormhole is "copy those 3
| words" and boom you're done.
| lotharrr wrote:
| Yeah, syncthing is awesome for repeated interaction.. once
| you've configured the two sides to know about each other, it's
| really flexible for doing an initial transfer, pushing just the
| new changes, pushing to multiple destinations, etc.
|
| magic-wormhole doesn't need the initial configuration, but only
| lets you transfer one file (or one directory). So it's better
| for ad-hoc transfers, or for safely establishing the
| configuration data you need for a more long-term tool. The
| analogy might be that magic-wormhole is to synthing as scp is
| to rsync.
|
| The snap/flatpak thing is weird, and I share your discomfort
| with uncertain provenance of software delivered that way.
|
| I wrote the original version in Python, and took advantage of a
| number of useful dependencies (Twisted, to begin with), but a
| consequence is that installing it requires a dozen other
| packages, plus everything that Python itself wants. I've
| watched multiple people express dismay when they do a `brew
| install magic-wormhole` and the screen fills with dependencies
| being downloaded. If I knew Go, or if Rust had existed when I
| first wrote it, I might have managed to produce a single-file
| executable, which would be a lot better for
| deployment/distribution purposes, like wormhole-william
| provides today.
| Vinnl wrote:
| I use Warp from Flathub, which I believe uses Magic Wormhole.
| geerlingguy wrote:
| I've used this for years when passing large files between systems
| in weird network environments, it's almost always flawless.
|
| For some more exotic testing, I was able to run my own magic
| wormhole relay[1], which let me tweak some things for faster/more
| reliable huge file copies. I still hate how often Google Drive
| will fall over when you throw a 10s-of-GB file at it.
|
| [1] https://www.jeffgeerling.com/blog/2023/my-own-magic-
| wormhole...
| cl3misch wrote:
| > you need a machine that can handle whatever link speeds you
| need
|
| I would have expected the relay server only being used for
| initial handshake to punch through NAT, after which the
| transfer is P2P. Only in the case of some network restrictions
| the data really flows through the relay. How could they afford
| running the free relay otherwise?
| lotharrr wrote:
| There are two servers. The "mailbox server" helps with
| handshakes and metadata transfers, and is super-low
| bandwidth, a few hundred bytes per connection. The "transit
| relay helper" is the one that handles the bulk data transfer
| iff the two sides were unable to establish a direct
| connection.
|
| I've been meaning to find the time to add NAT-hole-punching
| for years, but haven't managed it yet. We'd use the mailbox
| server messages to help the two sides learn about the IP
| addresses to use. That would increase the percentage of
| transfers that avoid the relay, but the last I read,
| something like 20% of peer-pairs would still need the relay,
| because their NATs are too restrictive.
|
| The relay usage hasn't been expensive enough to worry about,
| but if it gets more popular, that might change.
| bscphil wrote:
| The folks on the wormhole-rs fork (who appear to share your
| Github organization? [1]) already have NAT punching working
| 95+% of the time in my testing, so maybe what they're doing
| could be ported over to the Python implementation.
|
| [1] https://github.com/magic-wormhole
| from-nibly wrote:
| You cant make a p2p connection over a NAT without exposing a
| port on the public side of the NAT.
| t0mas88 wrote:
| You can:
| https://en.wikipedia.org/wiki/Hole_punching_(networking)
| kccqzy wrote:
| Go check out STUN and ICE.
|
| The best article I've found about NAT traversal is this
| article from Tailscale: https://tailscale.com/blog/how-nat-
| traversal-works
| voxic11 wrote:
| You aren't guaranteed to be able to do that but in practice
| most times you can.
| dangoodmanUT wrote:
| I just read this out in your voice
| bscphil wrote:
| > For some more exotic testing, I was able to run my own magic
| wormhole relay[1], which let me tweak some things for
| faster/more reliable huge file copies.
|
| The lack of improvement in these tools is pretty devastating.
| There was a flurry of activity around PAKEs like 6 years ago
| now, but we're still missing:
|
| * reliable hole punching so you don't need a slow relay server
|
| * multiple simultaneous TCP streams (or a carefully designed
| UDP protocol) to get large amounts of data through long fat
| pipes quickly
|
| Last time I tried using a Wormhole to transmit a large amount
| of data, I was limited to 20 MB/sec thanks to the bandwidth-
| delay product. I ended up using plain old http, with aria2c and
| multiple streams I maxed out a 1 Gbps line.
|
| IMO there's no reason why PAKE tools shouldn't have completely
| displaced over-complicated stuff like Globus (proprietary) for
| long distance transfer of huge data, but here we are stuck in
| the past.
| themoonisachees wrote:
| I overall agree, but "reliable holpunching" is an oxymoron.
| Hole punching is by definition an exploit of undefined
| behavior, and I don't see the specs getting updated to
| support it. UPnP IGD was supposed to be that, but well...
| bsharper wrote:
| I end up using a combination of scp, LocalSend, magic wormhole
| and sharedrop.io. Occasionally `python -m http.server` in a
| pinch for local downloads. It's unfortunate that this xkcd
| comic is still as relevant as it was in 2011:
| https://xkcd.com/949/
| zkader wrote:
| An alternative that tends to be faster (note: I'm one of the
| authors) https://github.com/SpatiumPortae/portal
| MattJ100 wrote:
| Can you share why exactly it may be faster?
| lotharrr wrote:
| author here.. happy to answer any questions!
| nickpsecurity wrote:
| I just wanted to thank you for making it. I wanted it just to
| bootstrap VM's on new machines. I ended up using it all the
| time for many things. Great project!
| twp wrote:
| Seconded, magic-wormhole is fantastic and has "just worked" for
| me several times. Thank you for all your work in creating this
| brilliant software!
| matricaria wrote:
| Why is this better than rsycn or scp?
| lotharrr wrote:
| scp/rsync are great tools, but they require pre-coordination
| of keys. One side is the client, the other is the server. The
| client needs an account on the server machine (so the human
| on the client machine must provide an ssh pubkey to the human
| on the server machine, who must be root, and create a new
| account with `adduser`, and populate the
| ~/.ssh/authorized_keys file). And the client needs to know
| the server's correct hostkey to avoid server-impersonation
| attacks (so the human on the server machine must provide an
| ssh host pubkey to the human on the client machine, who puts
| it in their ~/.ssh/known_hosts file).
|
| Once that's established, and assuming that the two machines
| can reach each other (the server isn't behind a NAT box),
| then the client can `scp` and `rsync` all they want.
|
| Magic-wormhole doesn't require that coordination phase. The
| human sending the file runs `wormhole send FILENAME` and the
| tool prints a code. The human receiving the file runs
| `wormhole rx CODE`. The two programs handle the rest. You
| don't need a new account on the receiving machine. The CODE
| is much much shorter than the two pubkeys that an SSH
| client/server pair require, short enough that you can yell it
| across the room, just a number and two words, like "4-purple-
| sausages". And you only need to send the code in one
| direction, not both.
|
| Currently, the wormhole programs don't remember anything
| about the connection they just established: it's one-shot,
| ephemeral. So if you want to send a second file later, you
| have to repeat the tell-your-friend-a-code dance (with a new
| code). We have plans to leverage the first connection into
| making subsequent ones easier to establish, but no code yet.
|
| Incidentally, `wormhole ssh` is a subcommand to set up the
| ~/.ssh/authorized_keys file from a wormhole code, which might
| help get the best of both worlds, at least for repeated
| transfers.
| InfiniteRand wrote:
| But if you already have ssh set up for the target machine,
| is there any advantage such as speed or recoverability vs
| scp?
| lotharrr wrote:
| Mostly no. ssh/rsync is compiled C code, so might be
| slightly faster than a Python-based `wormhole`, if you
| have a really fast connection to take advantage of. And
| rsync provides that lovely continue-from-interrupted-
| transfer feature that magic-wormhole currently lacks.
|
| But wormhole has turned out to be more usable in some
| cases. I've had days where I'm sshed into a bastion host,
| then sshed from there into a server, then cd'd into a
| deep directory with lots of spaces and quotes and shell
| metacharacters in the path, and then found a file that I
| wanted to copy out. To do that with ssh, I have to first
| configure ProxyJump to let me reach the internal machine
| with a single ssh command, and then figure out how to
| escape the pathname correctly (which somehow never works
| for me). With `wormhole send` I get to skip all of that,
| at the cost of having to do it once per file.
| Bayes7 wrote:
| great project!
| happosai wrote:
| Nice project. Is there iptables connection tracking module that
| can handle the protocol?
| lotharrr wrote:
| None that I know of. It just uses a TCP connection to the
| mailbox server (with keepalives), and then TCP connections
| for the bulk-transfer transit phase, so I can't think of
| anything special that iptables would need to handle it well.
|
| The encrypted connection is used to exchange IP addresses..
| maybe you're thinking of the module that e.g. can modify FTP
| messages to replace the IP addresses with NAT-translated
| ones? Our encryption layer would prevent that, but we'd
| probably get more benefit from implementing WebRTC or a more
| general hole-punching scheme, than by having the kernel be
| able to fiddle with the addresses.
| psanford wrote:
| Hey Brian! Just wanted to say that I really appreciate all the
| work that you put into Magic Wormhole.
| peterhadlaw wrote:
| Thank you, I use this software so much and it's really a
| wonderful solution
| panarky wrote:
| I use wormhole a lot, but I've been too lazy to figure out if
| it's as secure as ssh/scp, so I always gpg the file I'm
| transferring before putting it into wormhole.
|
| Is that paranoid behavior?
| DavideNL wrote:
| Just noticed by coincidence there's also:
|
| _" Rust implementation of Magic Wormhole, with new features and
| enhancements"_: https://github.com/magic-wormhole/magic-
| wormhole.rs
| Klonoar wrote:
| This lacks a few of the features of the other implementations
| (e.g, sending a zip and having it unpack correctly).
| hypertexthero wrote:
| Excellent, thank you!
|
| Setting this up on a PC and Mac to transfer files back and forth.
|
| There's an XKCD for this, too: https://xkcd.com/949/
| onetimeuser1235 wrote:
| I've been using this for years. Also, GPU host Runpod uses it in
| their CLI tools to easily transfer large files to host.
| tarruda wrote:
| I wonder if magic-wormhole could be implemented as a layer on top
| of Syncthing:
|
| - Generate a short code
|
| - Use the code as the seed to deterministically generate a
| Syncthing device key + config
|
| Since the Syncthing device key could be generated
| deterministically, sharing the code with both sides would be
| enough to complete a dir/file transfer and then discard the keys.
| jmakov wrote:
| Can it also generate a link so the client can just ckick on it
| instead of having to install things?
| lotharrr wrote:
| Alas no. It's a one-shot file-transfer tool, and we don't store
| a copy of the encrypted data or anything. So the sender must
| stay running until the receiver has finished downloading. If
| you're comfortable with relying on servers for your security,
| then I believe wormhole.app offers the clickable zero-install
| link that you described.
|
| Magic-wormhole can't use that approach, because our security
| model rules out reliance on servers for confidentiality or
| integrity. We could safely store ciphertext without violating
| the model, but you need an interactive protocol with the sender
| to get the decryption key (otherwise the wormhole code would be
| a lot larger), so it wouldn't improve the experience very much,
| and would cost a lot more to operate. The wormhole servers have
| trivial storage requirements, so the only real costs are
| bandwidth for the transit relay helper, for when the two sides
| can't make a direct connection.
| Arubis wrote:
| Magic wormhole is a lifesaver for getting config files onto
| locked-down corporate machines.
| dang wrote:
| Related:
|
| _Magic Wormhole: Get things from one computer to another,
| safely_ - https://news.ycombinator.com/item?id=27262193 - May
| 2021 (178 comments)
| aftergibson wrote:
| This is one of those amazing single feature utilities that does
| one thing incredibly well and goes completely unnoticed as it's
| so good but also unremarkable. I should try to be more grateful
| for these brilliant creations.
| j1elo wrote:
| I'm reading so many good comments that I will be trying Magic
| Wormhole soon.
|
| How about Warpinator [1]?
|
| It's the application that I use simply because it came by default
| with my choice of Linux distro, and it works fine. Main use case
| for me is sending recently taken photos from my phone to the
| computer.
|
| [1]: https://github.com/linuxmint/warpinator
| justmarc wrote:
| I wasn't yet planning for it, but what the heck.
|
| https://zynk.it is a new project I've been working on together
| with a small team aimed at delivering a truly easy, fast,
| efficient, unlimited, privacy-respecting and pain free file-
| sharing experience. It's peer-to-peer, E2EE and avoids
| centralized storage, aligning with the ethos of control and
| transparency we often discuss here. It allows users to send and
| receive any file(s) or folder(s) without any limits whatsoever
| between any device/OS and any device/OS, send and forget, Zynk
| takes care of all the heavy lifting.
|
| What I hope sets Zynk apart is that it is built to literally be
| used by anyone, be it a power user, or my mom.
|
| One of my main goals with this project is to remove any pains
| associated with data transfer once and for all, for any use case.
|
| I'm curious if this resonates with you--would you use it? What
| would make it indispensable for your workflows?
|
| I'd be happy to discuss it more if anyone is interested. Feel
| free to sign up for early access on the site.
| smusamashah wrote:
| It's login/email walled. If you do want people to try it, the
| try button shouldn't immediately greet you with a popup to
| provide your full name and email address. I stopped at that
| point.
| samstave wrote:
| hrmph...
|
| Form no work on FF.
|
| Form only Works on chrome - but just gives me signup:
| https://i.imgur.com/ePcBVBE.png
|
| Page has zero meat to the info...
|
| No screenshots, all cartoons. No talk of
| price/model/package/install/ etc...
|
| No confirmation email with info...
|
| Nice blurb - but needs work.
| bredren wrote:
| Is there a wrapper for wormhole that shares the phrase with a
| counterparty and their client auto requests it?
|
| I have a pal where we want this kind of auto accept style
| behavior.
| TZubiri wrote:
| Obligatory xkcd
|
| https://xkcd.com/949/
| zzo38computer wrote:
| To send a file from one computer to the other by internet
| (although often internet should not be needed for this), I think
| netcat should do. Use tar or something else like that if you want
| to send multiple files. Use programs to calculate the hash if you
| want to verify the hash of the file. For large files, it does
| help to make resumable transfer; fortunately, that can be done
| easily, too (you can see what the file size is and use the "tail"
| program to skip some).
|
| You should not need HTTP, FTP, etc. You should be able to use
| something which can work on any computers, such as just TCP/IP.
| Unfortunately, some systems (especially some Windows systems)
| will make that difficult. Using the more complicated such as
| Magic Wormhole and other programs means you will need two
| computers that support such a thing. I did once try to transfer a
| file from Windows to Linux, and had to install ncat to do so but
| Windows deletes it by default if you try to do that, but I was
| able to make it to not to do that.
| loloquwowndueo wrote:
| How do you transfer between computers behind NAT or firewalls
| without an intermediary?
|
| If you have to install software anyway why not install wormhole
| directly?
|
| Netcat works in some circumstances and it's fine to use it in
| those. But wormhole covers different scenarios and your netcat
| proposal doesn't cover or have advantages in some of them.
| zzo38computer wrote:
| It is unfortunate that you would have to install netcat on
| Windows (I don't know why they don't include functions such
| as that built-in, perhaps it could be included as a function
| in PowerShell); but on some other systems it is likely to
| already be installed, and such a thing really ought to be
| included by default if the computer has TCP/IP included by
| default. This does not necessarily need to be netcat; it can
| be any program that does the same thing, and it is simple
| enough to include with TCP/IP based systems that other kinds
| of operating systems could potentially have their own
| variant, if they have the ability to connect to the internet.
|
| However, it is true about considering NAT. Then you will need
| to set up the intermediary (which further affects
| compatibility), if you cannot connect the computers directly
| (which also ought to be possible with a null modem cable, but
| that also is often not available).
|
| It also does not consider multiple files at once; how that
| should need to be handled will be different on different
| computers anyways though, since the files are different on a
| different computers.
|
| Due to such things, other programs such as Magic Wormhole
| might help, although even then it will not necessarily work
| with all computers anyways, because then you will need a
| computer that is compatible with Magic Wormhole.
|
| Another alternative, that might sometimes be suitable, would
| be LAN connections. This is not always suitable, but if they
| are, then you can use the LAN addressing directly, too.
| Obscurity4340 wrote:
| What do all the brilliant folk here think of Resilio Sync?
___________________________________________________________________
(page generated 2024-08-17 23:00 UTC)