A lot of good stuff! I'm glad they're finally going fully decentralized. ZeroTier is a really underappreciated piece of software, especially considering that it's open source.
On the other hand, I am one of the apparently few people who actually have set up ZeroTier on "really tiny routers"... at least, routers with 128MB of RAM, which I guess falls under their definition of tiny since they would have a hard time tolerating a "20-30mb" increase in RAM usage. Luckily for me, I'm no longer using those routers, but I'd like to be able to set them back up in the future if I need them. So I hope ZeroTier does get around to making a "super-minimal reduced feature set C++-only client"...
Apparently ZeroTier is no longer under an open source license, as of a month ago. Another comment has the details. That’s a real shame… I think I will stop using it. :(
Note that ZeroTier recently switched to the Business Source License 1.1[1] that adds some restrictions. For example you are not allowed to re-sell ZeroTier as a service, and it restricts Government uses. It seems like a good thing, but also is good to know.
I wasn't familiar with this license, but after looking at it I think it's probably a good idea to note that although it isn't quite an open source license at the moment, it will apparently be automatically relicensed as Apache 2.0 as of January 1, 2023 which seems like a fairly reasonable compromise.
I am very excited about this update. ZeroTier is a great project that, at least as I use it, would be best described as "Hamachi for sysadmins". Just one command, zerotier-cli join <id>, connects your machine to a layer 2 VPN with automagical mesh routing and NAT punching. Add your laptop and all your random cloud servers, home machines, raspberry pis, whatever – now you can connect to any of them as long as there is some path in between.
The only real issue I had is that it wouldn't work unless every machine had access to the root servers. That seems like it's no longer the case in 2.0, which is great news.
ZeroTier is fantastic software. I'm often surprised I don't hear about it more. Its great to hear they are embracing Go; that might make it more accessible for me to hack on. SDN has come a long way...
We are embracing Go for the higher level service controls but the core is staying C++ for now. Still can't beat C/C++ when you want to sling packets very very fast.
Thanks for what you do. I’ve enjoyed using ZeroTier for my personal LAN to allow my homelab to serve small services (Plex, Minecraft server, dev dbs etc) as well as planning on rolling it out to my small team as a VPN alternative. The traditional VPN was expensive, awful slow, and it’s IP was frequently blocked on various sites, making some work impossible to complete without disabling the VPN. The network ZeroTier is allowing me to design is remarkably specific to our needs. As a cloud-only company traditional firewalls don’t really fit, but virtual networks give us that same level of control. The open source, self host-able code you provide is very confidence-inspiring for a security product. I’ve always been curious as to how much it costs to run your hosted free tier because the limits are quite generous. On a personal note, ZeroTier allowed me to work from my LAN remotely which gave me the ability to be with my father in person during the last few weeks of his life without missing work and getting in a financial pickle. So... thanks!
> The second downside may be a slight loss of ability to support very old targets. The most impactful of these will be 32-bit Windows since we are not sure if CGo (Go’s system that allows us to link to our C bits) will work properly on 32-bit Windows systems.
It should work fine - at least at $DAYJOB I ship a GOOS=windows GOARCH=386 CGO_ENABLED=1 binary, it passes all the test cases + no user complaints.
We have several C dependencies, mostly in two methods:
- Cygwin helps a lot by providing a GNU make that works with CC=mingw-w64 (i.e. no cygwin1.dll dependency) and we can simply link these extra .o by setting `-extldflags "-lxxxx"` on `go build` invocation; and/or
- Put .c files in a Go package and build with CGO as-is (e.g. github.com/datadog/zstd package and others). More convenient but some limitations on CFLAGS for security reasons post-1.10.
All works fine and was not particularly complex to set up. GC changes have caused us to need more explicit `runtime.KeepAlive` calls after CGO interop however.
You can just run any old DNS server with IPs that you can only access if you also happen to be on a particular ZeroTier network. Route 53 works.
The tricky part of ZT-only DNS would probably be making it work for more than one network at once. So you couldn't send all DNS to one place that serves *.myzt.example.com and recursively resolves anything else, because it wouldn't know about myzt-2.example.com.
Edit: a Route 53 map of your network may be easier to achieve if you use the terraform provider, which I have let languish for a while and should probably give to someone else to maintain (ZT people -- want to take it on? You've got Go expertise now!): https://github.com/cormacrelf/terraform-provider-zerotier
I can confirm I have an android TV with sideloaded zerotier (would be great with official Android TV support, BTW! Ed: Android TV has a separate app store - apps need to declare themselves compatible), a few Linux boxes - and mDNS/bonjour works fine.
Tangential, but the pure black background and thin white text creates rendering issues in Firefox in Ubuntu and make it a pain to read. Vertical lines in "will" glows in lavender and "m" glows in blue. https://ibb.co/VYDMMhs
Thanks, might adjust the fonts then. We (ZeroTier) all have high contrast big monitors and all the people who mess with the web generally use Macs that render the text quite nicely.
That's for our SaaS hosting, and that pricing is going to change soon anyway. You can also host your own network controllers. There are no intrinsic limits.
The one liner on website does give idea of what it's supposed to do but how? Do I host my own instance at home or do I have to have a VM in cloud? Is it dependent on ZeroTier or I can use it without any dependency? Thanks in advance.
It's a screwdriver vs toolbox situation. WG is a great simple screwdriver which provides encrypted tunnel between endpoints.
ZeroTier gives you fully configurable SDN with intelligent local/public routing, online interface, full nat workaround, custom addressing, global register requiring only a token to authenticate a node, and many other things.
I wished on more than 1 occasion that I could just use one of my ZeroTier nodes in other locations as an exit node and tunnel traffic through it though.
I think that might already be possible but it'd be nice if the configuration was abstracted away behind some simple interface.
That'd allow it to replace Wireguard and Mullvad for me as I mostly use it as a means to bypass georestrictions.
It's a "virtual lan" project like hamachi or (some configurations of) openvpn.
Sometimes you want two computers to be able to talk to one another, even
if they're behind a NAT or there's otherwise infrastructure between them that makes this difficult.
Zerotier makes that easier by
* Checking to see if the other device is directly reachable, if you're both already on the same LAN.
* Employing NAT hole punching to try to establish a path anyway
* Finally proxying the connection over a server reachable by both
In my experience it's the easiest way to make sure all my computers are reachable, even if one of those computers is a phone and another one is behind a NAT.
Weirdest toolchain in the world, at least among popular ones. Custom calling convention, custom (AWFUL) assembler, insistence on using syscalls directly on systems where the libc is the only officially public API (FreeBSD), bad portability as a result (I tried to add FreeBSD/aarch64, it was an awful experience, thankfully others have continued the work). Don't tell me about gccgo, it mostly copies the standard library from the main implementation, so it also uses syscalls directly.
Oh and I don't like the language itself either. The anti-intellectual attitude of the designers sucks. "Screw anything discovered by PL research in the last 30 years, we just want everything like in the good old days with C but with GC and concurrency" is just silly. The "developers are too stupid to use smart features like generics" attitude is quite offensive. (I guess they are responding to the overwhelming demand for generics now, but it's not like they had a big change of heart, it's just caving to external pressure, not personally embracing the concepts)
> The anti-intellectual attitude of the designers sucks. "Screw anything discovered by PL research in the last 30 years, we just want everything like in the good old days with C but with GC and concurrency" is just silly. The "developers are too stupid to use smart features like generics" attitude is quite offensive.
It's not anti-intellectual. It's just reasoning from a different set of premises.
Go is remarkably productive. I've written extremely complex software in it and found that I rarely miss that stuff. I do agree that it needs some limited/minimal generics support for data structures and algorithms, but that's about all I would add.
I think it shows that a lot of the stuff that's been explored in the last 30 years in languages just isn't necessary. Go is not a language for showing off how smart you are with esoteric language constructs. It's a language for getting things done with minimal cognitive load across the problem domain.
Go is for people who have made it to at least apprentice hacker in that progression and realized that complexity is evil. Complexity should only be added when one is dragged kicking and screaming into it by the inherent complexity of the problem domain, and even then only after exploring ways of avoiding it.
I applaud Go's designers for doing that at the language level. They're being dragged into generics after exploring all possible ways of avoiding generics, which is the right approach. They also bailed on an idea to add unnecessary syntactic sugar to error handling in Go because it isn't necessary. It saves a small amount of typing in exchange for increased cognitive load, and cognitive load is more expensive than keystrokes.
On the other hand, I am one of the apparently few people who actually have set up ZeroTier on "really tiny routers"... at least, routers with 128MB of RAM, which I guess falls under their definition of tiny since they would have a hard time tolerating a "20-30mb" increase in RAM usage. Luckily for me, I'm no longer using those routers, but I'd like to be able to set them back up in the future if I need them. So I hope ZeroTier does get around to making a "super-minimal reduced feature set C++-only client"...