<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hacker News: jvink</title><link>https://news.ycombinator.com/user?id=jvink</link><description>Hacker News RSS</description><docs>https://hnrss.org/</docs><generator>hnrss v2.1.1</generator><lastBuildDate>Fri, 03 Jul 2026 10:03:14 +0000</lastBuildDate><atom:link href="https://hnrss.org/user?id=jvink" rel="self" type="application/rss+xml"></atom:link><item><title><![CDATA[New comment by jvink in "Ask HN: What Are You Working On? (March 2026)"]]></title><description><![CDATA[
<p>Picked up hacking on sanctum again after a break - <a href="https://sanctorum.se/" rel="nofollow">https://sanctorum.se/</a></p>
]]></description><pubDate>Mon, 09 Mar 2026 18:41:49 +0000</pubDate><link>https://news.ycombinator.com/item?id=47313456</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=47313456</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=47313456</guid></item><item><title><![CDATA[New comment by jvink in "Ask HN: What are you working on? (January 2026)"]]></title><description><![CDATA[
<p>I've just released sanctum 1.0.0 and am taking 2-3 weeks off from hacking on it while I work on a little dumb game to be creative in a different way.</p>
]]></description><pubDate>Sun, 11 Jan 2026 20:22:14 +0000</pubDate><link>https://news.ycombinator.com/item?id=46579603</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=46579603</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46579603</guid></item><item><title><![CDATA[Sanctum 1.0.0 Released]]></title><description><![CDATA[
<p>Article URL: <a href="https://chants.conclave.se/260106-sanctum-1_0_0/">https://chants.conclave.se/260106-sanctum-1_0_0/</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=46518761">https://news.ycombinator.com/item?id=46518761</a></p>
<p>Points: 10</p>
<p># Comments: 1</p>
]]></description><pubDate>Tue, 06 Jan 2026 21:07:42 +0000</pubDate><link>https://chants.conclave.se/260106-sanctum-1_0_0/</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=46518761</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46518761</guid></item><item><title><![CDATA[New comment by jvink in "Ask HN: What Are You Working On? (December 2025)"]]></title><description><![CDATA[
<p>Mostly been working on tier6 [0], which is "like" zerotier but over the sanctum protocol and fully open source (ISC licensed).<p>Getting ready to release a 1.0.0 of sanctum [1], after almost a year of internal testing, dogfooding and talking about it at security conferences.<p>We've also setup conclave [2] as an official release site for the projects tied to sanctum such as tier6, or the library implementation of the protocol etc.<p>[0] <a href="https://github.com/jorisvink/tier6" rel="nofollow">https://github.com/jorisvink/tier6</a><p>[1] <a href="https://sanctorum.se" rel="nofollow">https://sanctorum.se</a><p>[2] <a href="https://conclave.se" rel="nofollow">https://conclave.se</a></p>
]]></description><pubDate>Mon, 15 Dec 2025 08:11:58 +0000</pubDate><link>https://news.ycombinator.com/item?id=46271678</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=46271678</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46271678</guid></item><item><title><![CDATA[Tier6 - Build global Ethernet networks using the sanctum protocol]]></title><description><![CDATA[
<p>Article URL: <a href="https://github.com/jorisvink/tier6">https://github.com/jorisvink/tier6</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=46191550">https://news.ycombinator.com/item?id=46191550</a></p>
<p>Points: 2</p>
<p># Comments: 0</p>
]]></description><pubDate>Mon, 08 Dec 2025 12:38:56 +0000</pubDate><link>https://github.com/jorisvink/tier6</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=46191550</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=46191550</guid></item><item><title><![CDATA[New comment by jvink in "Ask HN: What Are You Working On? (Nov 2025)"]]></title><description><![CDATA[
<p>Working on cross-flock discovery in sanctum [1] so I can cut a 1.0 release hopefully before Christmas.<p>I am always looking for more people to test and play with it or even review the code. We've got a nice little user community going.<p>Usually this comments drowns in the crowd of the massive amount of awesome stuff people are building, but if you find sanctum useful, hit me up. Good things are happening.<p>Stay happy<p>[1] <a href="https://sanctorum.se" rel="nofollow">https://sanctorum.se</a></p>
]]></description><pubDate>Tue, 11 Nov 2025 06:34:41 +0000</pubDate><link>https://news.ycombinator.com/item?id=45884683</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=45884683</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=45884683</guid></item><item><title><![CDATA[New comment by jvink in "Ask HN: What are you working on? (July 2025)"]]></title><description><![CDATA[
<p>Working on sanctum [0] and reliquary [1].<p>Soon approaching a 1.0 release for sanctum once I get my brain out of vacation mode and into hacking mode again. A lot has happened this year and I am excited.<p>I will be talking about how sanctum and its cathedrals work at sec-t 2025 [2] so in full swing working on the demos and presentation.<p>[0] <a href="https://github.com/jorisvink/sanctum">https://github.com/jorisvink/sanctum</a><p>[1] <a href="https://reliquary.se" rel="nofollow">https://reliquary.se</a><p>[2] <a href="https://sec-t.org" rel="nofollow">https://sec-t.org</a></p>
]]></description><pubDate>Sun, 27 Jul 2025 20:16:53 +0000</pubDate><link>https://news.ycombinator.com/item?id=44704326</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=44704326</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44704326</guid></item><item><title><![CDATA[New comment by jvink in "Show HN: Octelium – FOSS Alternative to Teleport, Cloudflare, Tailscale, Ngrok"]]></title><description><![CDATA[
<p>Look into sanctum [1] it's cathedral mode. You can self-host those entirely and they're only discovery nodes. Once the tunnel is up the cathedral isn't involved unless for black key distribution or if your peers are behind restrictive NAT.<p>There's reliquary [2] which I host and run for me and my hacker friends based on sanctum.<p>[1] <a href="https://github.com/jorisvink/sanctum">https://github.com/jorisvink/sanctum</a><p>[2] <a href="https://reliquary.se" rel="nofollow">https://reliquary.se</a></p>
]]></description><pubDate>Sun, 29 Jun 2025 20:24:10 +0000</pubDate><link>https://news.ycombinator.com/item?id=44416114</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=44416114</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=44416114</guid></item><item><title><![CDATA[Sanctum || A pq-safe and sandboxed VPN daemon]]></title><description><![CDATA[
<p>Article URL: <a href="https://github.com/jorisvink/sanctum">https://github.com/jorisvink/sanctum</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=43868890">https://news.ycombinator.com/item?id=43868890</a></p>
<p>Points: 28</p>
<p># Comments: 4</p>
]]></description><pubDate>Fri, 02 May 2025 12:31:14 +0000</pubDate><link>https://github.com/jorisvink/sanctum</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=43868890</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43868890</guid></item><item><title><![CDATA[New comment by jvink in "Ask HN: What are you working on? (March 2025)"]]></title><description><![CDATA[
<p>I am continuing work on <a href="https://reliquary.se" rel="nofollow">https://reliquary.se</a> - a VPN for the hackers - based on my fully privilege separated and sandboxed VPN sanctum (<a href="https://sanctum.se" rel="nofollow">https://sanctum.se</a>).<p>It is shaping up nicely towards an actual 1.0 release in the near future, with a little less keccak based AEADs this time around. It was a fun experiment but in the end I have yet to do any cryptanalysis on it or provide security proofs for it - neither which I have time for at this point - so the swap to AES was expected on my end.<p>For fun I also added a fully e2e p2p voice chat client on top of this as the sanctum protocol is now available as a library (<a href="https://github.com/jorisvink/libkyrka" rel="nofollow">https://github.com/jorisvink/libkyrka</a>) - this voice chat works with one or multiple peers and can is available at <a href="https://github.com/jorisvink/confessions" rel="nofollow">https://github.com/jorisvink/confessions</a>.<p>Either way, I guess you can say I'm having a little bit too much fun with this.</p>
]]></description><pubDate>Mon, 31 Mar 2025 07:14:49 +0000</pubDate><link>https://news.ycombinator.com/item?id=43532094</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=43532094</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=43532094</guid></item><item><title><![CDATA[Show HN: End-to-end encrypted, peer-to-peer VPN tunnels for hackers]]></title><description><![CDATA[
<p>Hello HN,<p>I would like to announce the soft availability of The Reliquary [0]:
    A "VPN" service for hackers.<p>Note that VPN is in air quotes here because it is not a traditional consumer
VPN your strange uncle uses to watch questionable online content.<p>With Reliquary you can setup end-to-end encrypted, peer-to-peer tunnels
between your devices no matter where they are located.<p>The Reliquary was started after I built sanctum [1] to make it a bit
easier to setup networks and tunnels between me and my hacker friends.<p>I ended up building a simple management API around sanctum and its
cathedral mode that allows you to define networks and join devices into
these networks, all the while keeping the shared secrets sanctum builds its
security on completely in your hands while still providing meaningful
ways of doing key rotations.<p>On your client devices you use some shell scripts reliquary provides to
manage sanctum configurations, there's zero magic.<p>A cathedral in sanctum acts as a discovery point (think STUN) for your
devices and can relay (but not read/alter) encrypted traffic when needed.
They also facilitate key rollover by acting as a distribution point
for your shared secrets (which are wrapped with per-device KEKs).<p>If your devices are behind reasonable NAT, they will move towards
a peer-to-peer connection, leaving the cathedral behind.<p>Keep in mind that The Reliquary is directly aimed at the hacker crowd as
one should be familiar with certain topics to be able to feel comfortable
with it (you need to handle your own key management, network setup, etc).<p>A starting guide can be found at [2] for those who are interested.<p>I built this to be useful to me and my hacker friends, I hope some of
you might find it equally useful - I am happy to answer some
questions but I dislike writing on public forums (digital agoraphobia?)<p>You can get in touch with me via joris@sanctorum.se<p>Take care,<p>[0] <a href="https://reliquary.se" rel="nofollow">https://reliquary.se</a>
[1] <a href="https://sanctorum.se/sanctum/" rel="nofollow">https://sanctorum.se/sanctum/</a>
[2] <a href="https://reliquary.se/guide.html" rel="nofollow">https://reliquary.se/guide.html</a></p>
<hr>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=42621476">https://news.ycombinator.com/item?id=42621476</a></p>
<p>Points: 3</p>
<p># Comments: 0</p>
]]></description><pubDate>Tue, 07 Jan 2025 11:47:17 +0000</pubDate><link>https://reliquary.se</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=42621476</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=42621476</guid></item><item><title><![CDATA[Show HN: Sanctum – a privilege separated VPN daemon]]></title><description><![CDATA[
<p>Article URL: <a href="https://sanctorum.se/sanctum/">https://sanctorum.se/sanctum/</a></p>
<p>Comments URL: <a href="https://news.ycombinator.com/item?id=40197632">https://news.ycombinator.com/item?id=40197632</a></p>
<p>Points: 3</p>
<p># Comments: 0</p>
]]></description><pubDate>Mon, 29 Apr 2024 12:51:05 +0000</pubDate><link>https://sanctorum.se/sanctum/</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=40197632</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=40197632</guid></item><item><title><![CDATA[New comment by jvink in "Call for testing: OpenSSH 8.0"]]></title><description><![CDATA[
<p>> (also working on OpenCVS)<p>Not actively. It has been in hybernation for a long time.<p>Not counting the recently-ish fixes I committed not much is happening with it.</p>
]]></description><pubDate>Fri, 29 Mar 2019 12:21:40 +0000</pubDate><link>https://news.ycombinator.com/item?id=19520970</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=19520970</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=19520970</guid></item><item><title><![CDATA[New comment by jvink in "Balde: a microframework to develop web applications in C"]]></title><description><![CDATA[
<p>I understand.<p>You're not forced to use the CLI create/build/run commands for anything. They just make it easier, but you are in no way tied to this.<p>Building the module itself can be done on your own for example, as it is just a normal dynamic library you can use whatever build system you want.<p>I've considered time and time again to turn kore into a "library" that you can link against and include into your own applications but every time I decided against it as it didn't give me any real benefits. It would make certain things considerable harder, who takes care of the worker processes? Who takes care of the logging and the internal message relaying? Having this abstracted away in a library is probably possible but adds tons of expectations on your own application.<p>Having Kore as the platform your code runs under makes this easier.<p>Thanks for explaining however, very insightful!</p>
]]></description><pubDate>Mon, 23 May 2016 11:34:24 +0000</pubDate><link>https://news.ycombinator.com/item?id=11753163</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=11753163</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=11753163</guid></item><item><title><![CDATA[New comment by jvink in "Balde: a microframework to develop web applications in C"]]></title><description><![CDATA[
<p>Author of Kore here.<p>What fears? Care to elaborate? I'd love to hear!</p>
]]></description><pubDate>Mon, 23 May 2016 09:11:40 +0000</pubDate><link>https://news.ycombinator.com/item?id=11752692</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=11752692</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=11752692</guid></item><item><title><![CDATA[New comment by jvink in "Kore: a fast web server for writing web apps in C"]]></title><description><![CDATA[
<p>For sanity sake, this build option is now NOTLS.</p>
]]></description><pubDate>Mon, 25 May 2015 14:45:41 +0000</pubDate><link>https://news.ycombinator.com/item?id=9600213</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=9600213</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=9600213</guid></item><item><title><![CDATA[New comment by jvink in "Kore: a fast web server for writing web apps in C"]]></title><description><![CDATA[
<p>That's fair. Parenthesising return is a matter of readability and flavour to me. It tickles my spidey sense if it is missing.<p>I strongly dislike declaring variables anywhere else but the function root, but I agree with you on the example you provided that those kind of variables could be constified to be sane.</p>
]]></description><pubDate>Mon, 18 May 2015 11:19:11 +0000</pubDate><link>https://news.ycombinator.com/item?id=9563759</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=9563759</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=9563759</guid></item><item><title><![CDATA[New comment by jvink in "Kore: a fast web server for writing web apps in C"]]></title><description><![CDATA[
<p>Author here.<p>I see you picked out the few things that I consistently hear on the coding style I adopted which is based on my time hacking on openbsd. I have no real points to argue against those as it is based on preference in my opinion.<p>I am curious why you arrived on it not being sufficiently constified however. I'll gladly make sensible changes.<p>As for the multiple fprintf() calls ... to me it just reads better and the place it occurs in is as you stated pretty obvious non performance critical.</p>
]]></description><pubDate>Mon, 18 May 2015 10:13:45 +0000</pubDate><link>https://news.ycombinator.com/item?id=9563576</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=9563576</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=9563576</guid></item><item><title><![CDATA[New comment by jvink in "Kore: a fast web server for writing web apps in C"]]></title><description><![CDATA[
<p>Thanks.<p>I agree the BENCHMARK build option is a bit confusing. I might end up renaming it altogether.</p>
]]></description><pubDate>Sun, 17 May 2015 18:55:19 +0000</pubDate><link>https://news.ycombinator.com/item?id=9561222</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=9561222</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=9561222</guid></item><item><title><![CDATA[New comment by jvink in "Kore: a fast web server for writing web apps in C"]]></title><description><![CDATA[
<p>That is great, thanks for sharing.</p>
]]></description><pubDate>Sun, 17 May 2015 16:29:49 +0000</pubDate><link>https://news.ycombinator.com/item?id=9560620</link><dc:creator>jvink</dc:creator><comments>https://news.ycombinator.com/item?id=9560620</comments><guid isPermaLink="false">https://news.ycombinator.com/item?id=9560620</guid></item></channel></rss>