I for one am happy we’re getting an alternative to the Chrome/Firefox duality we’re stuck with.
Anyone serious about that would be sending their money towards Servo, which resumed active development since the start of 2023, and is making good progress every month.
I would say nothing but “Good Luck” to other from-scratch efforts, but It’s hard not to see them as memes with small cultist followings living on hope and hype.
start a process within a specific veth
That sentence doesn’t make any sense.
Processes run in network namespaces (netns), and that’s exactly what ip netns exec does.
A newly created netns via ip netns add has no network connectivity at all. Even (private) localhost is down and you have to run ip link set lo up to bring it up.
You use veth pairs to connect a virtual device in a network namespace, with a virtual device in the default namespace (or another namespace with internet connectivity).
You route the VPN server address via the netns veth device and nothing else. Then you run wireguard/OpenVPN inside netns.
Avoid using systemd since it runs in the default netns by default, even if called from a process running in another netns.
The way I do it is:
ns_con AA
ip netns exec):ns_run AA <cmd>
export DISPLAY=:0 # for X11
export XDG_RUNTIME_DIR=/run/user/1000 # to connect to already running pipewire...
# double check this is running in AA ns
tmux -f -f <alternative_config_file_if_needed> -L NS_AA
I have this in my tmux config:
set-option -g status-left "[#{b:socket_path}:#I] "
So I always know which socket a tmux session is running on. You can include network info there if you’re still not confident in your setup.
Now, I can detach that tmux session. Reattaching with tmux -L NS_AA attach from anywhere will give me the session still running in AA.
You don’t even need full-fledged containers for that btw.
Learn how to script with ip netns and veth.
Why Aren’t We Embracing IPFS?
Because it’s an overhyped joke successfully utilized by crypto scammers.
Neither content addressing, nor distributed hash tables (or key-value stores, or whatever) were novel ideas.
The combination of the two is not a novel idea.
For p2p, torrents, work as another user already pointed out (initial realease 2001).
For a distributed filesystem, look at Tahoe-LAFS (initial release 2007).
For a full anonymous p2p distributed filesystem, check out (real) Freenet, called Hyphanet now (initial release 2000).
And no, if you need anonymity, an anonymous transport (e.g. using libp2p) is not enough. You need to consider anonymity at each step like Freenet does.
These are three real non-overhyped products one can draw inspiration from. IPFS? not so much.
You can look around for more examples. I always found this Wikipedia page about file sharing in Japan interesting, since it mentions networks not well known to the rest of the world: https://en.wikipedia.org/wiki/File_sharing_in_Japan
don’t do it during working hours (especially commits - if you’re paranoid, use tor)
I wanted to mention not using personal emails or committing from home IP addresses, but thought that was needless to say.
Meh, everyone scaring you into thinking you don’t own your own mind.
Assuming your boss is not the dangerous kind (beyond legal threats), and if the goal is to make it FOSS, then do it using an alias first. Do it differently. Use components/libs/algos from other people at first, even if they are not perfect. Make those parts easily pluggable/replaceable which would be good design anyway. The code then wouldn’t be wholly yours, not even your alias self.
You can join the project later with your real identity as an interested domain expert (maybe a bit after not working for the same boss). Start contributing. Become a maintainer. And maybe take over after a while. You can start replacing non-optimal components/libs/algos with better ones piecemeal.
Oh, and if Rust wasn’t the choice of implementation, use it this time.
There is a YouTube video in Servo’s homepage.
The first minutes of that video answer your question.