Hacker News new | past | comments | ask | show | jobs | submit login
GNU name system (gnunet.org)
265 points by ashitlerferad on May 6, 2016 | hide | past | web | favorite | 58 comments



Please, do not make me spend the whole afternoon just to get one gnu domain up. One little quickstart page should show just two commands, e.g.

  docker run gnunet/ngs
  gns-register mydomain.gnu
Thanks!


Before you keep downvoting my previous comment, the comment was a way to say that you are being too demanding with the author. So I was being picky with you. I think this is advance work, and it's provided for free.

Fundamentally I'm agree with you, I also would like simpler instructions. But I personally would ask for them nicely, first acknowledging the effort behind this work. My apologies for not explaining it properly in first comment, maybe not the best way to get my point across.


Looks like Christian needs help packaging GNUnet better. I'll see how much I can do.


What about having every command run in ducker container as a service? Like, say, `ls` would be a client to a `ls-server` ducker container (based on Ubuntu)? I think there are many benefits to it.


That looks like one command to me, not two.


> A petname is a name that can be freely chosen by the user. This results in non-unique name-value mappings as www.bob.gnu to one user might be www.friend.gnu for someone else.

If names aren't fixed, how do you (for example) link from one website to another? Or share a name with another user?

One of the advantages of the public DNS system, with unique, canonical names, is that the same name should mean the same thing to everyone.


GNUnet has canonical names as well: Files can be located by their content hash (e.g. gnunet://fs/chk/...) or by the signature of the peer offering the data (gnunet://fs/loc/...)[1]

One of the disadvantages of the "public" DNS system, is there are companies[2] and governments[3] (sometimes having a history of oppression[4]) that can interfere with it. GNUnet on the other hand, is actually public.

[1]: https://www.gnunet.org/fs-urisyntax

[2]: http://arstechnica.com/security/2014/06/millions-of-dymanic-...

[3]: https://www.wired.com/2012/03/feds-seize-foreign-sites/

[4]: http://www.sfgate.com/news/article/Black-Friday-birth-of-U-S...


the top linked page is the worst introduction to GNS ever. Those are much better.


Yeah, gnunet.org wins the single highest coolness factor to website quality ratio in my opinion (they have other projects besides GNS that are even less well documented), although there is stiff competition. Here is a short paper on GNS: https://gnunet.org/sites/default/files/paper_cans2014_camera...

The thing I don't like about it is the distributed hash table aspect, making it a "publish by default" system (with some obfuscation, but still). All that is really needed is a way to communicate your petnames with people you want to have access to them. I'd rather that be done more privately. Besides that, I think the system is a great way to do distributed names to values (send keys with names is much better than PKI).


A public DNS with unique canonical names would be nice, but we don't have one of those. The DNS we actually have is inconsistent for several reasons: replication lag, ownership disputes, legal and political disputes (governments disagree what content is ok), VPNs with custom entries, firewalls, host files, etc, etc.

URIs are incredibly important and deserve a more solid foundation to build upon. To make them truly unique, we should use some form of GUIDs. Pet names are a usability layer on top of GUIDs for us humans , but we should communicate the GUID instead of or alongside the pet name.


Universal unique canonical names are not a good thing because the problem of name squatting exists.

It's why relative names and forkable registry is a good solution.

But in some cultural context where a registry is mainstream, names are almost unique.

Here are some explanations :

- http://seenthis.net/messages/358071

- https://gnunet.org/sites/default/files/paper_cans2014_camera...

> 3.3 Relative Names for Transitivity of Delegations

> Users can delegate control over a subdomain to another user’s zone by indicating this in a new record


> Universal unique canonical names are not a good thing because the problem of name squatting exists.

They're not a good idea when they are user-friendly, because of domain squatting.

But `ebbfed3a54f82da274b51df5c5f1fcd8644edc0b5beb86643a0e177f1cb4ad60` is a perfectly good universal, unique, canonical name, and `(ebbfed3a54f82da274b51df5c5f1fcd8644edc0b5beb86643a0e177f1cb4ad60 foo)` is a good relative name, rooted in a universally-unique name.


I agree.


Take this idea one step further, and you have IPFS, which is a very promising approach:

https://ipfs.io/


I tried to setup ipfs on El Capitan yesterday. I stalked the OS X Homebrew FUSE package, mounted ipfs and it immediately fails complaining too many file descriptors are being used.

ipfs is awesome, but I want to first be able to mount it as the file system :-)


I haven't tried using IPFS, but the default ulimit setting on OS X is tragically low. You might want to try bumping it up.


I tried - increased it to unlimited and it still had the same error :-(

I have zero knowledge of Go, so not even sure how to start troubleshooting.


IPFS is certainly not this idea taken one step further. It is a totally different thing.


If we're talking about linking names to resources, ipfs/ipns is not a different thing https://github.com/ipfs/examples/tree/master/examples/ipns


A public DNS with unique canonical names would be nice, but we don't have one of those.

Even IP addresses aren't strictly "unique". Very recently HN users were complaining about the same Sci-hub donation page showing different Bitcoin addresses in different regions: https://news.ycombinator.com/item?id=11636331


That's why I said "should" and not "does".

If everything goes right in DNS, you and I can both type "https://news.ycombinator.com/" into our browsers and end up reading Hacker News.

The workflow to get to the same end result (viewing HN) doesn't seem immediately clear to me with GNS/GNUnet. I'm assuming I'd either have to track down YC's public key (where?) to add them as a petname, or transitively reach them via some other user that I trust.


> The workflow to get to the same end result (viewing HN) doesn't seem immediately clear to me with GNS/GNUnet. I'm assuming I'd either have to track down YC's public key (where?) to add them as a petname, or transitively reach them via some other user that I trust.

Presumably you'd type something like `news.ycombinator.com.network-solutions.gnu`, since right now you are (ultimately) trusting Network Solutions to Do the Right Thing.


Distinct, not unique.


If names aren't fixed, how do you (for example) link from one website to another?

If you have a website running under a server with a name in your GNS domain and you want to link to a server with the name 'www' in a different GNS domain, you'd add a PKEY record for that GNS domain to your GNS domain (eg. called 'foo'). You can then link to https://www.foo.+/ and it will DTRT - someone browsing your site under the name www.jonathonw.gnu will resolve the link destination as www.foo.jonathonw.gnu.

Or share a name with another user?

If you want to share a link with someone I guess you'd share the .zkey version.


I'm presuming that means I'd need a GNUnet-aware browser? AFAIK, a normal browser doesn't send enough context when resolving names for the resolver to figure out that someone means www.foo.jonathonw.gnu if they pass it www.foo.+ and have been browsing www.jonathonw.gnu.


Yes, or I believe the GNSProxy ( https://gnunet.org/book/export/html/1769 ) is an alternative.

A greasemonkey type script might also be able to apply the right fixups.


Name registries still exist in GNS and they are still usefull but anyone can be a registry for anybody. So in a cultural context where a registry is mainstream, names are almost unique. But registries became contestable, you can avoid them and we have to require them to be libre, open source, and forkable.

Look this chapter in this document :

> 3.3 Relative Names for Transitivity of Delegations

> Users can delegate control over a subdomain to another user’s zone by indicating this in a new record

https://gnunet.org/sites/default/files/paper_cans2014_camera...


Read the thing to the bottom before criticizing. If you wanna share something for the long-run future you can use the canonical name.


Isn't GNUnet dead though? I'm been trying to set it up on a Mac for years and after spending hours without success, I've given up every single time. Even in Homebrew GNUnet is in the boneyard.


I just tried installing it on Debian. I couldn't figure out how it works within 10 seconds, and it made my CPU spike all the time that it was installed, so I just removed it. So, maybe it has usability problems. Its vital signs aren't great either. It seems to be the work of a single person, Christian Grothoff, although that person is still active handling bugs in Mantis.

Lots of svn commits, and I'm still cloning them into hg to get a sense for how development is progressing. There are 39k commits total. Takes a long time to grab them from svn. From an actual svn checkout without converting, I can see that there are many commits, several per day, but there hasn't been a release in two years. Maybe they need help with a release manager?

My overall feeling is that this is a very good idea that just needs better packaging.


its like hurd I'm guessing, nearly no one using it, so no reason to stop experimenting and having fun


They recently got taken under the wing of Inria and have several people working on it full time.


GNUnet is pretty alive and has even a port that runs in the browser: https://github.com/amatus/gnunet-web (it actually works)


https://gnunet.io/ looks down from here, maybe due to the HN traffic.


I can't get it to work so it must not work. That's Mythbuster logic there.


I read it more as "I can't get it to work so it's not worth my time." Which seems reasonable in this case.


I made thousand other projects work successfully for me. Sometimes one should stop hitting their head against the wall!


It's funny how much value can be created out of nothing by setting artificial rules. Like a domain name, that is designed to be unique.


Bitcoin....


It's not just domain names. CA and IP have the same problem.


If you're curious about the 'petnames' mentioned on that page, http://www.erights.org/elib/capability/pnml.html was where the term came from, in the early 2000s. (At least I assume it's the same idea; I clicked around the GNS documentation very briefly without finding their explanation.) There's also https://en.wikipedia.org/wiki/Petname


This is much better than IPNS. If you're using IPFS, maybe you should use GNS for tracking your stuff.


What are the advantages?


Good point.

In the IPFS docs, I get the impression that IPNS is a placeholder for a capable naming system. They needed something but it wasn't a core technology.


Christian Grothoff is an excellent academic. In fact, he is one of the most knowledgeable in the field worldwide.

Unfortunately, that's why ,IMHO, GNUnet didn't succeed. To build a successful product/network, you need to be practical, and you need to make useful features/services available as early as possible (without compromising security of course). Designing with pluggability and forward-compatibility in mind helps in this regard.

Academic perfectionism, however, can delay your product/network launch indefinitely. And that's what seems to have happened with GNUnet.


Does this hook into the resolver?

Sounds like something a variety of sites might like to use. Say for instance Wikileaks. Or, more obviously, SciHub.


The last of the summary bullets: > Compatibility with DNS


Curious though how this is done... Ill read further :-)


Is .gnu hosted in the root servers? If so, it isn't still possible to take it down?


No, the resolver recognises it (and .zkey) and knows to look up the name using GNS, not DNS.


Thinking about GNS and the Sci-Hub issues got me wondering. Isn't there an interesting application for blockchain technology as a DNS "ledger"?

Is this a feasible application? Do there already exist projects that do this?


Blockchain is not a good or secure technology to replace DNS. Gnu Name system is a good one.

Here you can find a criticism of NameCoin and blockchain :

http://seenthis.net/messages/358071


In addition to Namecoin there's also Onename, which used to use Namecoin and has now migrated to Bitcoin. Details on why and how it works are on their blog:

http://blog.onename.com/



There's namecoin, but I'm not sure if it is widely used: https://namecoin.info/



Namecoin is one


I found this on namecoin: https://bit.namecoin.info/

Looks interesting.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: