It's so fulfilling to see WebTorrent still popping up on Hacker News after all these years. I started the project in 2013 and devoted most of my 20s to working on it, ultimately becoming a full-time open source maintainer. I started WebTorrent with the goal of extending the BitTorrent protocol to become more web-friendly, allowing any browser to become a peer in the torrent network. Within less than a year of starting the project, I got WebTorrent fully working (see https://news.ycombinator.com/item?id=8317441). And it worked _well_, beating many native torrent apps in terms of raw download speed and the ability to stream videos within seconds of adding a torrent.
WebTorrent never got as much attention as the cryptocurrency projects selling tokens throughout the mid-2010s, even though WebTorrent _actually worked_, and it had more users than almost all of them :) I was never tempted to add a cryptotoken to WebTorrent, despite many well-meaning friends telling me to do it and cash in. Nonetheless, WebTorrent served as an accessible on-ramp to the world of decentralized tech, along with other projects like Dat (https://dat-ecosystem.org/) and Secure Scuttlebutt (https://scuttlebutt.nz/), playing a role in getting people excited about decentralization.
But WebTorrent is more than a protocol extension to BitTorrent. We also built a popular desktop torrent client, WebTorrent Desktop (https://webtorrent.io/desktop/), which supports powerful features like instant video streaming.
We also built a `webtorrent` JavaScript package (https://socket.dev/npm/package/webtorrent) which implements the full BitTorrent/WebTorrent protocol in JavaScript. This implementation uses TCP, UDP, and/or WebRTC for peer-to-peer transport in any environment – whether Node.js (TCP/UDP), Electron (TCP/UDP/WebRTC), or the web browser (WebRTC). In the browser, the `webtorrent` package uses WebRTC which doesn’t require a browser plugin, extension, or any kind of installation to work. If you’re building a website and want to fetch files from a torrent, you can use `webtorrent` to do that directly client-side, in a decentralized manner. The WebTorrent Workshop (https://webtorrent.github.io/workshop/) is helpful for getting started and teaches you how to download and stream a torrent into an HTML page in just 10 lines of code.
Now that WebTorrent is fully supported in nearly all the most popular torrent clients, including uTorrent, dare I say that we succeeded?
It's been a long and winding journey, but I'm glad to have played a role in making WebTorrent happen. Huge shoutouts to all the open source contributors to WebTorrent over the years, but especially Diego R Baquero and Alex Morais who were critical to WebTorrent's success.
If you're curious what I'm up to now... I'm building Socket (https://socket.dev) with an awesome team of open source folks. And there's actually a WebTorrent connection, too! Before Socket, we built an end-to-end encrypted file transfer app, Wormhole (https://wormhole.app), using WebTorrent under-the-hood (Show HN thread: https://news.ycombinator.com/item?id=26666142). Like Firefox Send before it, security was a primary goal of Wormhole (see security details here: https://wormhole.app/security). But one area where we felt we could improve the security of Wormhole was in how we audited our open source dependencies.
Like most teams building apps with JavaScript, we had a large `node_modules` folder filled with lots of constantly-updating third-party code. The risk of a software supply chain attack was huge, especially with 30% of Wormhole visitors coming from China. As most teams do, we enforced code review for our first-party code; but as most teams do, we pulled in third-party dependencies and dependency updates from npm without even glancing at the code. It's too much work to read every line of code of all dependencies. But the status quo would leave our users open to supply chain attack and we wanted to do better for our users. We looked around for a solution to detect signs of attack and to analyze the risk of various open source packages, but none existed.
So we built Socket to help developers ship faster and spend less time on security busywork by helping them safely find, audit, and manage OSS. By analyzing the full picture – from maintainers and how they behave, to open-source codebases and how they evolve – we help developers and security teams to identify risk from malware, hidden code, typo-squatting, misleading packages, and more.
Housing in the US has gotten to where it is due to horrible laws effectively allowing total tax avoidance for landlords.
Take some investment property. You buy it at some basis price, let's say 500k. You rent it out for 15k a year. Each year you can offset your rental income against deprecation of the property and property taxes - meaning, you pay no income tax on your rental income.
~30 years later, you've deprecated it down to an effective value of $0, so you hypothetically would have to start paying taxes on your rental income(of course, you can still deduct property taxes against that). What do you do? Well, there's something called a 1031 exchange - this lets you sell an investment property, and as long as the funds go directly into another investment property, you pay no capital gains taxes. So guess what? You can buy a brand new investment property with a new(albeit adjusted) cost basis, and you can start the entire cycle of depreciation and deduction all over again on your new, more expensive, property.
So, you've now held this property your entire life, and you die and pass it to your kids - well, great news, unless your estate is over 12 million dollars(and double that for a married couple), you pay no estate taxes. And even more fun - when you inherit property, the cost basis is "reset" to the present day value of the property at time of inheritance - So your children can now rent the property out, deprecate it, and pay no income tax on the rental income either, and continue the cycle.
The net result is that rental properties generate a ton of income for the owners, who pay almost nothing in taxes. Even if they do pay property tax, property tax rates are generally much lower than income tax rates.
BTW for anyone reading, https://wormhole.app/ is awesome and serves a very similar purpose, but uses entirely different technology (no PAKE) and has a different security model.
In my (https://magic-wormhole.io) world, we've kicked around ways to make a good browser-based client (and I've tried to prepare the protocols to work well there), but I haven't had time to pursue any of them. The tasks include 1: port everything to JS (or take the core of the Rust port and compile it to WASM, then write an IO layer in JS), 2: glue it to the browser's file/blob upload/download APIs, 3: settle on a trusted-application security model.
To make it work in a vanilla browser with no setup phase, you're pretty much limited to relying upon the webserver from which you get the page, which is the model wormhole.app provides. Other options include using an addon (which shifts the reliance set slightly), or running some sort of Electron thing (making it not really a browser app) that you get from some distribution channel (debian, homebrew, etc) which shifts the reliance set in a better direction.. at least you're probably getting the same application as everybody else using that distribution, vs a webserver that could conceivably serve up a different version each time.
The big problem in todays age is we can no longer assume the government is accountable to us, or even get straight answers from the right people there.
Why can't I ask someone at the government directly exactly what their policy is on blocking websites, which sites are blocked, and what the legal basis for blocking is? And get a real, detailed, authoritative answer? And contest that answer if it does not meet legal standards?
The current standard is far, far removed from that. They can block a site or surveil you without any realistic accountability. The legal system is technically a recourse, but that works only in horribly egregious cases like NSA spying revealed by Snowden, and after years of delay after the case has faded from public consciousness. Even that didn't change anything about how the government acts today. And we would not have known about it if it hadn't been for "illegal" whistleblowing.
When the average person can't even get straight answers from the government about how they govern, let alone influence that policy, that is a failure of democracy. We are trying to solve problems in the democratic functioning of government using technology, but that will only ever be a cat and mouse game. These f decided on their own that mass surveillance & censorship is okay, and we are left trying to use technology to hide when we should be able to demand a national conversation about what kinds of surveillance is okay.
Back in late medieval europa most postal services had a back room, called cabinet noir where letters where carefully opened, read and resealed to check them for signs of treason against the crown or cross. These were often abused for what we today would call economic espionage. For these reasons many rich people employed private couriers who traveled to their business partners in person to hand over messages.
Those who could not afford such luxury had to rely on codes. The prevalence of such codes however increased the chance of being misunderstood by those who searched for treason. When the emerging middle class started to demand political power in the renaissance it was answered with violence and repression. Those who wrote the constitutions of all modern western nations understood that democracy can only exist when the state has no business reading the correspondence of its citizens.
Today many argue the state has a need to access such correspondence to prevent crime, but such a need is like the need of an addict: nothing good can come from it and the people should not enable these institutions to satisfy an ever growing demand for insight into their private lives. One must remember that democracy is founded on the believe that thoughts and words are not crimes and everyone must be free to express them-self in public, but even more so in private correspondence. A society that mistrusts its own citizens to a point where all those that whisper to each other are called criminals, dealers, traitors or terrorists is rotten at its core.
And yet some still say: but if the state can read all private correspondence it would be so much easier to catch criminals. And yes, it is true that these totalitarian methods ar efficient in fighting street level crime. However for society as a whole, such methods enable a terror of the state that is a crime against humanity itself. They say "but the state will never abuse its power" and i say: it did countless times before. Do not stray away from liberty and freedom for promises of safety made by those that profit from oppression.
You are conflating two forms of free speech: The right to freedom of speech enshrined in the constitution and the norm of free speech that we all tend to grant each other. Of course YouTube is a private company and can ban and delete whatever they want. But they are breaking a norm and the consequences of that may be worse than the consequences of letting us watch videos of crazy people.
I've said it before and I'll keep on saying it: The original formulations of freedom of speech weren't about protecting the rights of the speaker or writer. They were about protecting the rights of those who wanted to listen or read. Every time you ban a document or silence a speaker, you are also preventing people from reading what they want to read or hearing what they want to hear. That harm is far greater than whatever happens to the author.
Again, YouTube is a private company and they can do whatever they want when it comes to curating the information they store. I would be against any law that compelled them to host information that they didn't want to host. But in the long run, I think their current policy is extremely counterproductive. Imagine if YouTube existed 30 years ago. Would they have banned atheist views? Would they have banned videos critical of Bill Clinton during the Monica Lewinsky scandal? What about videos endorsing transgender ideas? Many views that were considered crazy at that time are now acceptable today. Suppressing heterodox views means that fewer are exposed to them and moral progress is impeded. Yes, most fringe ideas are bullshit, but every once in a while we stumble onto a diamond: Slavery is wrong. Men and women should have the same rights. Homosexuals should have the same rights as heterosexuals. Etc. These were all extremely controversial ideas when they first came into the public sphere. Earlier versions of our society suppressed them as dangerous misinformation.
So far, we haven't figured out a way to separate good ideas from bad ones besides exposing people to them and seeing which memes reproduce in the population. In other words: If you ban people like Alex Jones, you also ban people who are activists for causes that society will adopt in the future. And we all end up worse off.
There are certainly views that we hold today that future generations will condemn us for. Better that we discover them sooner rather than later.
It's so fulfilling to see WebTorrent still popping up on Hacker News after all these years. I started the project in 2013 and devoted most of my 20s to working on it, ultimately becoming a full-time open source maintainer. I started WebTorrent with the goal of extending the BitTorrent protocol to become more web-friendly, allowing any browser to become a peer in the torrent network. Within less than a year of starting the project, I got WebTorrent fully working (see https://news.ycombinator.com/item?id=8317441). And it worked _well_, beating many native torrent apps in terms of raw download speed and the ability to stream videos within seconds of adding a torrent.
WebTorrent never got as much attention as the cryptocurrency projects selling tokens throughout the mid-2010s, even though WebTorrent _actually worked_, and it had more users than almost all of them :) I was never tempted to add a cryptotoken to WebTorrent, despite many well-meaning friends telling me to do it and cash in. Nonetheless, WebTorrent served as an accessible on-ramp to the world of decentralized tech, along with other projects like Dat (https://dat-ecosystem.org/) and Secure Scuttlebutt (https://scuttlebutt.nz/), playing a role in getting people excited about decentralization.
But WebTorrent is more than a protocol extension to BitTorrent. We also built a popular desktop torrent client, WebTorrent Desktop (https://webtorrent.io/desktop/), which supports powerful features like instant video streaming.
We also built a `webtorrent` JavaScript package (https://socket.dev/npm/package/webtorrent) which implements the full BitTorrent/WebTorrent protocol in JavaScript. This implementation uses TCP, UDP, and/or WebRTC for peer-to-peer transport in any environment – whether Node.js (TCP/UDP), Electron (TCP/UDP/WebRTC), or the web browser (WebRTC). In the browser, the `webtorrent` package uses WebRTC which doesn’t require a browser plugin, extension, or any kind of installation to work. If you’re building a website and want to fetch files from a torrent, you can use `webtorrent` to do that directly client-side, in a decentralized manner. The WebTorrent Workshop (https://webtorrent.github.io/workshop/) is helpful for getting started and teaches you how to download and stream a torrent into an HTML page in just 10 lines of code.
Now that WebTorrent is fully supported in nearly all the most popular torrent clients, including uTorrent, dare I say that we succeeded?
Not only that, but we helped the JavaScript ecosystem a ton by writing hundreds of npm packages including buffer (https://github.com/feross/buffer), simple-peer (https://github.com/feross/simple-peer), and StandardJS (https://standardjs.com/).
It's been a long and winding journey, but I'm glad to have played a role in making WebTorrent happen. Huge shoutouts to all the open source contributors to WebTorrent over the years, but especially Diego R Baquero and Alex Morais who were critical to WebTorrent's success.
If you're curious what I'm up to now... I'm building Socket (https://socket.dev) with an awesome team of open source folks. And there's actually a WebTorrent connection, too! Before Socket, we built an end-to-end encrypted file transfer app, Wormhole (https://wormhole.app), using WebTorrent under-the-hood (Show HN thread: https://news.ycombinator.com/item?id=26666142). Like Firefox Send before it, security was a primary goal of Wormhole (see security details here: https://wormhole.app/security). But one area where we felt we could improve the security of Wormhole was in how we audited our open source dependencies.
Like most teams building apps with JavaScript, we had a large `node_modules` folder filled with lots of constantly-updating third-party code. The risk of a software supply chain attack was huge, especially with 30% of Wormhole visitors coming from China. As most teams do, we enforced code review for our first-party code; but as most teams do, we pulled in third-party dependencies and dependency updates from npm without even glancing at the code. It's too much work to read every line of code of all dependencies. But the status quo would leave our users open to supply chain attack and we wanted to do better for our users. We looked around for a solution to detect signs of attack and to analyze the risk of various open source packages, but none existed.
So we built Socket to help developers ship faster and spend less time on security busywork by helping them safely find, audit, and manage OSS. By analyzing the full picture – from maintainers and how they behave, to open-source codebases and how they evolve – we help developers and security teams to identify risk from malware, hidden code, typo-squatting, misleading packages, and more.