Show HN: Malai – securely share local TCP services (database/SSH) with others

Kulfi is a network (peer to peer) which support http/https even tcp can be sent over kulfi.

Kulfi App is a web browser that talks kulfi protocol natively, so you can open kulfi://<id52> natively. malai is the server side part of this story, and can expose existing HTTP/TCP services over kulfi:// network.

For DNS, here is my initial deign/thought: https://github.com/kulfi-project/kulfi/discussions/55

For access control, we are working on a "what-to-do" service, which is an bunch HTTP/JSON APIs, that will be called by the malai (which runs on your server, or even as part of Django/Node/Golang once we wrap malai as a cffi library, and write corresponding Python/Node etc packages). You will be able to write the what-to-do in any framework you like, and we will maintain a general purpose open source what-to-do service.

So let's see, I am Amit Upadhyay, I am the (solo) founder and CEO of FifthTry, which is YC W21 company (we also have some other seed investment). We started with a documentation tool, the Notion like you mentioned, caveat: it was not WYSWYG, it was always based on a "language". The language was initially called ftd (FifthTry Document), and eventually fastn.com. fastn started as markdown++, but became a full stack web development language. We moved from being just a documentation tool to general purpose website building tool. FifthTry.com is now a hosting solution for fastn powered websites and webapps.

fastn is done in Rust, and has relatively small foot print. It is language, compiler, package manager, web server, wasm runner, all in one, and technically can run on say a mobile device, on a "Amazon Fire Stick" like mini TV module, you webcam and so on. fastn is probably the only web server you can run on those devices (not yet tested, but it should be).

The issue is those web servers do not have public IPs (nor should they, as that can expose them to security risks), so we are building a peer to peer network, an identity based network, so you do not have to have accessible IP/port to access the web service.

The network we are calling Kulfi net, and malai is a network toolkit for kulfi net, it exposes various services (TCP/HTTP) over kulfi net.

Kulfi itself is going to be a browser, that can talk kulfi protocol natively (as currently we need a "http bridge", eg kulfi.site that we are running, or you can install malai and run on your server).

Kulfi "browser", will also come with fastn built in, so you can run a web server on your phone and someone else can access that web server from another phone, talking http over kulfi protocol, and we can get near ideal networking solution (no intermediary, no need for public IP, etc).

Does this make sense?

malai: cream that forms on top of milk when it cools down, its a flavor of kulfi. kulfi: a milk based ice cream / desert. Nothing to do with networking etc, just a desert I enjoyed since childhood :-)

Looks like you got sucked into the fastn world. It's an open source full stack web development programming language we have created: fastn.com. We are building some fastn powered full stack, reusable apps, that you can plug in any fastn powered website at https://github.com/fifthtry-community.

The website, kulfi.app and malai.sh, and fastn.com itself, and FifthTry.com as well are all built using fastn.

It's open source. Or not depending on any company[1]. The overall malai/kulfi project is quite different than these projects, malai itself can be compared with these two maybe.

[1]: we are built on top of https://www.iroh.computer so their caveats apply, and while we do run a http-over-kulfi over http-over-tcp bridge, you do not have to use it, you can run your own, and soon when kulfi browser is ready, you will not need the bridge. Checkout this work in progress kulfi browser: https://www.youtube.com/watch?v=qw_GmbtxCHw

You are on the right track, this is bastion like setup, but without needing another ssh host. This is one layer on top of SSH, so all SSH security applies for ssh over kulfi, but you get extra benefits like not having to expose SSH port to public, or not having guessable identifier (the IP address).

Kulfi is the official name of the project, and the name of the "peer to peer internet" "id52/identity based internet", so kulfi net.

Kulfi App is going to be a browser like Google Chrome, available on various app stores, and it will speak both http over tcp and http over kulfi. Kulfi app acts like client (but is also a server, so on your iPhone tomorrow you can install Kulfi, which will let you access any http over kulfi site, and also will run a web server which is exposed over kulfi net for others to access, so my Android phone's Kulfi browser can connect with the your iPhones Kulfi's web server, with no intermediary [1]).

malai is ready now, and it is a Swiss army knife toolkit for working with kulfi net. Currently malai can expose a HTTP or TCP service over kulfi net.

Malai also has a "http bridge" feature, which bridges any malai exposed http over kulfi service with the http over tcp, so people can use regular browsers to access malai exposed HTTP services.

[1]: we are using https://www.iroh.computer/blog/iroh-dns, so their caveats apply.

  $ echo -n c1b2d4463e503765b7422e126ea7ff5633ba5903f97b700ac818 | wc -c
    52

We are using iroh, so you can start with https://www.iroh.computer/blog/iroh-dns, and checkout their docs to understand how iroh itself works.

The malai stuff is relative not very interesting (we write some HTTP/TCP services/proxies that forward their calls over iroh connection, and write the other side to bridge back to HTTP/tcp). Code should help, or come to our discord: https://malai.sh/discord/ (currently it will say fastn, we are in the process of changing it to FifthTry server or something, we do not want to maintain multiple discord servers, and thinking of putting all FifthTry open source stuff on a single discord server).

It's magic man-in-the-middle and we're the magicians here

We are using iroh[1] internally, so the question is does iroh support these things? The quickest way to answer this would be to test it. Can you help me with what kind of setup would be needed for me to test this?

[1]: https://www.iroh.computer

A few more:

No explanation of how it works

Comments in this thread reveal a bunch of obscure components that also don't have much details.

Vibe coding tools need a post step to fix all the templating issues like wrong links, wrong names, etc.

fastn is an ingredient to kulfi project. fastn.com is a full stack programming language we (FifthTry, Inc, the company behind these) have built, and it is the web server that is going to be part of Kulfi app.

The comparison posts, TODO, copyright etc we will do/fix when we get around to it. It's all open source, you can send PRs as well.

To be fair, assigning copyright to the reader is a good first step to build trust :)

Completely agree, unfortunately the cool stuff is done by iroh team, so right now you can browse their docs: https://www.iroh.computer/blog/iroh-dns.

Or ngrok, or Cloudflare Tunnel or https://github.com/anderspitman/awesome-tunneling

Unlike tailscale/ngrok, malai is completely open source, does not rely on any company provided infrastructure (we have a http bridge to bridge http/tcp with http/kulfi at *.kulfi.site, but you can run your own http bridge), and once Kulfi app is ready, you will not need the bridge at all and Kulfi app (which is also basically a browser that speaks http(s) over kulfi along with http(s) over tcp) can talk kulfi protocol directly.

Among other clear differences, it looks like tailscale requires you to sign in with some cloud provider and Malai does not.

I use and like tailscale for similar purposes, but I can see why some people might prefer to skip that aspect, especially.

Indeed.

https://tailscale.com/kb/1312/serve