Show HN: X11 desktop widget that shows location of your network peers on a map

itomato 315 days ago |

This seems like it belonged on freshmeat ca. Y2K.

ducktective 315 days ago | |

For this application, current best practice is using Electron stack, or better, cloning VSCode and relying on GeoLeoMaximusDYP v3.2 LLM for geo-location.

gen2brain 315 days ago | | |

How can starting a browser be a best practice? This app is lightweight and does not even use a GUI toolkit. You would roughly use 20x more memory. How is that a best practice?

perching_aix 315 days ago | | |

Using sarcasm. Sarcasm that you missed.

gen2brain 315 days ago | | |

I stopped reading the rest. I just saw Electron is mentioned. Some people honestly think that is a good approach.

perching_aix 315 days ago | | |

Well, it is extremely portable. Just also all the other things you mentioned.

unixhero 315 days ago | | |

No, not rest API, electron.

MarcelOlsz 315 days ago | |

What's that? Webarchive/google don't return much of anything.

vidarh 315 days ago | | |

Way to make us feel old :)

Others have mentioned it was a directory, but it sent me off on a nostalgia trip, so here is an "obituary" of sorts, that is itself getting rather old:

https://jeffcovey.net/2014/06/19/freshmeat-net-1997-2014/

And here's the HN discussion from back then:

https://news.ycombinator.com/item?id=7925135

(including a couple of my own comments, which aren't all that intersting)

And the wikipedia entry:

https://en.wikipedia.org/wiki/Freecode

None of these really convey the cultural importance of Freshmeat to the opensource community at the time, though. For a while, Slashdot + Freshmeat were among the two first sites almost everyone I knew and worked with would open in the morning.

28304283409234 315 days ago | | |

http://freshmeat.net was a directory of open source software back in the 90's and noughts. It was one of the main ways to discover software.

But what is X11? Is that like Wayland? ;-)

pak9rabid 315 days ago | | |

Yep, my "package repo", if you will, for pretty much everything I installed on Slackware back in the day.

asveikau 315 days ago | | |

The thing that the responses are not capturing is that the stuff on freshmeat was often kind of frivolous desktop widgets or themes. People were excited about Linux desktops and lots of people were authoring small stuff to customize it.

Network monitoring/visualization widgets that sit on your WindowMaker dock or similar was a common theme.

So that is sort of the reference being made here

teddyh 315 days ago | | |

A modern equivalent is <https://freshcode.club/>

vidarh 315 days ago | | |

I was about to mention Aminet[1] too as a joke of sorts (it's Amiga focused, but still updated, though it stores the actual archives more than focus on the "news"), but scanned the front page on freshcode first and one of first things that stood out was an Amiga program[2]... If anything makes Freshcode a successor to Freshmeat, the only thing missing is an Enlightenment theme being posted too.

[1] https://aminet.net/

[2] https://freshcode.club/projects/apccomm

itomato 315 days ago | | |

Like product hunt but OSS.

Imagine if GitHub release authors publicized releases in a timeline view.

v.0.1 of this or v3.0 of that had the same exposure.

One site. Daily fix.

djabatt 315 days ago | |

must have at least once

hamburglar 315 days ago |

This is some old school style bare bones C. popen with a big old pipe chain is pretty quick n dirty. I’d have gone digging around in proc for the active connections. Cool stuff though. I like that it’s so straightforward to read.

quotemstr 315 days ago | |

> This is some old school style bare bones C.

Which has now become some kind of meta-ironic fashion statement. It's 2025's going to the coffee shop with a typewriter.

enriquto 315 days ago | | |

it's more like taking notes with pen and pencil, while other patrons of the coffee shop use an electron-based note-taking "app" on their macbooks that uploads each keypress to the cloud, helpfully adding a half-second lag

lloeki 315 days ago |

LittleSnitch has such a map feature

https://help.obdev.at/littlesnitch6/lsm-map

Main difference would be that LS being actively handling connections the list is always accurate whereas this appears to poll current connections using `ss` so it may miss some if they happen to be entirely between two refresh beats.

flux3125 314 days ago | |

Another main difference is that LittleSnitch costs 59€ per license and is only for MacOS

rootbear 315 days ago |

Forgive my ignorance, but I'm not sure what this is showing me. I'm running it on my home linux system, which is connected to the Internet via Verizon FIOS. The map shows three red dots, none of which are near me.

h2337 315 days ago | |

Those 3 dots are your peers, the other end of the TCP connection :)

So you basically have some apps running in the background (or foreground) that are making those connections.

afroturf 315 days ago | | |

I'm colorblind and had to change the dots color. Might be a nice config option.

edonhametsu 315 days ago | | |

There's a 'good first issue'-labeled issue for this from 2023: https://github.com/h2337/connmap/issues/14

positron26 315 days ago | | |

Maybe they were expecting first hops like from traceroute. Maybe traceroute is an interesting way to continue developing.

rootbear 315 days ago | | |

Okay, got it, thanks. I suppose it could also be the FIOS router itself making those connections, or any of the other systems on my local network.

h2337 315 days ago | | |

No, for normal network configurations they wouldn't show. It's most likely your system connmap is running on making those connections.

jdwithit 315 days ago | | |

It's only showing connections directly initiated by your computer. Not anything "upstream" of you like the FIOS router. It would also show any connections TO your computer, but being behind NAT on a normal home network, that would likely be nothing unless you've intentionally punched holes.

esseph 315 days ago | | |

You might be surprised how much traffic every device makes.

GranPC 315 days ago |

Pretty cool! Reminds me of the game Uplink.

apollo-zero 315 days ago | |

Uplink! I loved that game. I should find it again.

raldi 315 days ago |

What's a network peer?

jdwithit 315 days ago | |

Yeah from an extremely quick read of the code, I agree with atworkc. It's showing any IP address you have an established network connection to.

  void refreshConnections() {
    ssOutput =
        popen("ss -atun4 | grep ESTAB | awk '{print $6}' | cut -f1 -d\":\"", "r");

    if (ssOutput == NULL) {
      printf("Failed to run ss command\n");
      exit(1);
    }
  }

edit: ssOutput is a global variable which is read elsewhere.

atworkc 315 days ago | |

Servers / Computers your device is currently communicating with, e.g. github servers when you load the link (well probably a cdn edge one)

freeone3000 315 days ago |

make sure interNIC is your first hop! LogDeleter is not optional <3

heikkilevanto 315 days ago |

Nice. My only gripe is that the map is not very easy to read, especially on the smaller sizes. There are too many coast lines and borders, so it can be hard to locate countries, especially in the Mediterranean. Would it be possible to draw land masses in solid (white?), and leave borders in dark (background color?). Other than that, works fine on Debian Linux and KDE. The map shows up on all desktops, which I like (but others might not)

Another idea. Would it be possible to make the dots fade out, a little like in https://www.lightningmaps.org, so I could see some of the older traffic points as well?

h2337 315 days ago | |

Thanks for feedback! Will make it much more configurable as soon as I have time.

kleiba 315 days ago |

One step closer to those futuristic screen interfaces you see in Hollywood blockbusters!

generalizations 315 days ago |

Of course this was made by an i3wm user. Nicely done!

wslh 315 days ago |

No basically secure:

char mapFilename[256]; strcat(strcpy(mapFilename, getenv("HOME")), RESOURCES); strcat(mapFilename, mapName);

josephcsible 315 days ago | |

While that's indeed a bug, for it to be a security vulnerability, wouldn't there also have to be a security boundary involved? Specifically, mapName is always either "w1000b.png" or "w1000.png", so the only way to trigger the buffer overflow would be through the HOME environment variable. But if an attacker can run commands as you with arbitrary environment variables, aren't you already pwned? What would anyone gain by running your program and exploiting it to do something, rather than just doing the thing directly? https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31...

im3w1l 315 days ago | | |

While exploitation is unlikely I think such things are still best avoided because multiple such things can sometimes be chained together.

sedatk 313 days ago | | |

> But if an attacker can run commands as you with arbitrary environment variables, aren't you already pwned?

Not unless they have another path for privilege escalation.

h2337 315 days ago | |

What's insecure? Can you explain what's the vulnerability here and how and by whom can it be exploited?

floating-io 315 days ago | | |

Assuming that code is actually present in your app, env vars can hold more than 255 characters. Easy buffer overflow to trigger. Use length-bounded copies and concats...

That's just off the top of my head; I've not written in C in a while.

h2337 315 days ago | | |

Why would you want to trigger a buffer overflow in user application if you can already control HOME envvar?

floating-io 315 days ago | | |

Yeah, that is not a helpful attitude to take when it comes to this sort of thing. If nothing else, a super-long home path can crash your app and leave your user scratching their head. In other words, this is a bug (as is the fact that paths are not necessarily limited to 255 characters in the first place; see the PATH_MAX constant, I think it is?).

As to what could be accomplished with an overflow? I don't know; I'm not in security, and I don't sit around thinking of possible uses for various bugs when it comes to compromising systems.

Perhaps the most important thing to realize, though, is that you're distributing software publicly. Your security situation may not be the same as your user's security situation. Assumptions should not be made.

Something to keep in mind.

h2337 315 days ago | | |

Thanks for the discussion. Fix is already committed.

DonHopkins 315 days ago | | |

Using strcat to a fixed size buffer is like using a gun to kill flies in a crowded flophouse while on crystal meth.

sedatk 315 days ago | | |

Basically, any path longer than 256 characters for `mapFilename` would cause a buffer overrun.

An unprivileged app could run your app (say, with more privileges), with a very long `HOME` environment path, causing a buffer overflow, and potentially exploit it to use your app's privileges to do more stuff than it was supposed to.

Basically, you should never use strcpy and strcat and but use the secure alternatives like strcpy_s and strcat_s, even when you know the source buffer would never exceed the destination size.

h2337 315 days ago | | |

> (say, with more privileges)

Isn't it a moot point if unprivileged app can already run anything with more privileges? In normal operation, connmap requires no special privileges.

sedatk 315 days ago | | |

Sure, but since there's no enforced standard for how privileges are configured on a system, there's always the possibility that your app to be the only escape ticket.

You can dismiss that possibility of course. But, as a general habit, it's best to use secure alternatives instead of mulling over probabilities every other line.

As a positive side-effect, the change would make your app not crash on systems with long HOME env paths.:)

jfyi 315 days ago | | |

I see you already addressed it but here let me give a scenario.

Say the program was installed and set so the user didn't have privs to modify the executable (so an attacker couldn't just change it to do what they want).

A buffer overflow could allow an attacker to gain control flow of the program and feed bogus data to the user allowing them to scrub their presence from the map.

Also, awesome project!

h2337 315 days ago | |

Thanks for noticing! Fix pushed.

Aldipower 315 days ago |

Works also great with WindowMaker. I've added it to ~/GNUstep/Library/WindowMaker/autostart

wing-_-nuts 315 days ago | |

Using windowmaker in 2025 is certainly an ...interesting choice, though I admit the app probably looks like it fits right in with that aesthetic

Aldipower 315 days ago | | |

There is even a beautiful Debian-based Window Maker distribution, called Window Maker Live. I am using this in a professional music studio as mixing workstation. https://wmlive.sourceforge.net/

AlecSchueler 315 days ago | | |

Are you using any old school audio software in your setup? How about outboard gear?

superkuh 315 days ago |

connmap wouldn't run on my retrocomputer with ancient Xorg 1.7.6 so I vibe coded a janky perl gtk2 version and it works.

http://superkuh.com/connmap-perl-gtk2.pl.txt + http://tuvixdiedforoursins.org/w1000-old.png (baked black background map)

It looks pretty similar: http://tuvixdiedforoursins.org/connmap-perl-gtk2-screenshot.... vs http://tuvixdiedforoursins.org/connmap-original-screenshot.j...

superkuh 314 days ago | |

And gtk3 for those running newer distros that kneecap themselves by not having gtk2 distributables, http://superkuh.com/connmap-perl-gtk3.pl.txt

anthk 315 days ago |

OpenBSD devs did the same with either XPlanet or Xearth, can't rememeber. Now they use a GeoJson format.

Then you can import it under geo/viking port:

     doas pkg_add viking

Open Viking and just load the geo.json file from

        /usr/local/share/markers/OpenBSD.geojson

DyslexicAtheist 315 days ago |

very cool. works like a charm also on Sway

in ~/.config/sway/config:

   for_window [class="connmap"] fullscreen enable

cat ~/.config/connmap/connmaprc

   location_x 20
   location_y 500
   map_width 1920
   black false
   update_interval 1

bonus: connect it to a right-click event either on the vpn or the network module in waybar

     "custom/wg":{
         "format": "wg {icon} {text}",
         "exec": "~/.config/waybar/modules/wg",
         "return-type": "json",
         "interval": 5,
         "format-icons": ["",""],
        "on-click-right": "~/bin/connmap"
     },

ben0x539 315 days ago |

That's a really neat idea, damn.

lxgr 315 days ago |

Neat! This runs fully offline (i.e. without calls to a GeoIP database), right?

serbuvlad 315 days ago | |

From what I was able to tell looking at the code, yes.

The database is embedded in the program. Specifically, it is this file:

https://github.com/h2337/connmap/blob/master/connmap/resourc...

Presumably generated by the author with this Python script

https://github.com/h2337/connmap/blob/master/tools/get-ip-da...

lxgr 315 days ago | | |

Ah, cool, this should incorporate location data at least as good as what the networks self-report! (I suspect that these databases, on top of ingesting all geofeed data, do something similar to Wi-Fi positioning, i.e. correlate the IP address of various GPS-enabled devices with their physical location to try and deduce undocumented/non-public allocation patterns.)

DonHopkins 315 days ago | |

Of course it works fully offline, since then you don't have any network peers to draw on the map.

lxgr 315 days ago | | |

Localhost has to be somewhere too :)

h2337 315 days ago | |

Correct! GeoIP database is local.

lxgr 315 days ago | | |

Nice! Where is it from, and do you know if it incorporates geofeed [1] data for networks that publish it?

[1] https://ipregistry.co/blog/geofeeds

globalnode 315 days ago |

This doesnt pick up short lived connections or sneaky udp connections right?

mhd 315 days ago |

Someone should make a windowmaker dockapp out of this.

Tom1380 315 days ago |

I thought of doing something similar, it looks pretty cool. What about showing lines going through the various traceroute hops?

h2337 315 days ago | |

Might add that soon as configurable option, thanks for suggestion!

rxwxx 315 days ago |

In the fonction IpRangeVector_resize() in ip.c, you have a bug, that's not how realloc are supposed to be used.

h2337 315 days ago | |

Thanks for reporting. Will look into it soon.

heikkilevanto 314 days ago |

Impressive that the thing is less than 500 lines of pretty readable C

waerhert 315 days ago |

Very cool! I made something similar 12 years ago. https://github.com/waerhert/ikna/blob/master/screenshot.png

bit1993 315 days ago |

Dam! Great tool. Very clean. Thank you.