Most active commenters

    ←back to thread

    Tailscale raises $100M

    (tailscale.com)
    854 points gmemstr | 12 comments | 04 May 22 13:17 UTC | HN request time: 0.616s | source | bottom
    Show context
    nickysielicki ◴[04 May 22 14:29 UTC] No.31260955[source]
    Tailscale has a fantastic product, I’ve been extremely happy from day one. If you’re waiting for a weekend to have a few hours to try out Tailscale, don’t, it takes 15 minutes to get every device you own up and running and talking. This is the lowest friction personal VPN to ever exist, and once you see how easy it is for your own devices, you’ll wish you had it at work.

    The biggest risk that this company has is that Cloudflare (in all reality) should just buy them or reimplement it. It’s the type of product cloudflare would make, that’s for sure. Being based on open source wireguard, and being just a STUN/TURN server at its core… I’m sure that Tailscale will be the first but maybe not the best.

    I’ve been dreaming lately of a tor-like network that’s based loosely on the idea of tailnets. Rather than blockchain bullshit, you’d have a direct ring of trust with friends, and then you could set up access policies to forward packets for people you don’t trust, but who know someone you do trust.

    Web3 happens when people can host stuff on their phones, and Tailscale is something that lets you host things on your phone.

    replies(16): >>31261040 #>>31261078 #>>31261130 #>>31261312 #>>31261392 #>>31261800 #>>31261878 #>>31264974 #>>31265274 #>>31265636 #>>31265787 #>>31267524 #>>31267632 #>>31267917 #>>31267947 #>>31272295 #
    1. lazzlazzlazz ◴[04 May 22 14:58 UTC] No.31261392[source]
    > a direct ring of trust with friends

    The vision you outlined is great, except it doesn't work. The trust assumptions are too high, and even a great product like Tailscale seems to rely completely on centralized identity providers (you have to choose Google, Microsoft, or Github on sign-in).

    Ultimately, if you want to maintain full control of your online identity and network, you'll probably need some of the decentralized (but economically aware) resources you seem to have issues with — or at the very least a means of transitioning authentication to private key methods with DIDs.

    replies(4): >>31261964 #>>31262573 #>>31262748 #>>31267311 #
    2. nickysielicki ◴[04 May 22 15:36 UTC] No.31261964[source]
    I feel like people are so concerned about infinite scaling that nobody ever tries to scale to 5 anymore.

    I have a big collection of movies, and I’d like my mom-technical blue collar friends to be able to watch them. I trust them, and I have trusted communication channels with them. We exchange keys somehow.

    With the sort of routing I’m describing, they could watch my movies and I wouldn’t have to have a public IP address. And I wouldn’t mind if their friends (that aren’t my friends) watch my movies, either, by forwarding through my friends. What’s the catch? This could work for that. How could I do this today?

    I don’t have any ideological or moral problem with blockchains, I just think they suck at solving problems where the requirements for trust are low or met elsewhere.

    edit: mom-technical was a typo of non-technical but I’m leaving it because it’s more accurate.

    replies(2): >>31262480 #>>31265104 #
    3. depingus ◴[04 May 22 16:14 UTC] No.31262480[source]
    > And I wouldn’t mind if their friends (that aren’t my friends) watch my movies, either, by forwarding through my friends.

    This is the part that doesn't scale. Hell, this is extremely risky even at a small scale. You don't know who your friends' friends are, you will have friends that abuse this, and you will end up with a much larger network than you anticipated.

    How many of your friends and family are "friends" with bots on Facebook?

    4. zanny ◴[04 May 22 16:21 UTC] No.31262573[source]
    I self host headscale as my control node of my tailscale vpn so no sign ins required, I just give keys out to anyone I want in my vpn.

    My problem is the client doesn't support multiple servers, so I can't have a work vpn and a home vpn, not even with an easy toggle - you have to run tailscale with different conf options for both. Changing namespaces also isn't easy, so having friends and family segregated even on one server is also a pain point.

    replies(2): >>31264189 #>>31270198 #
    5. cma ◴[04 May 22 16:33 UTC] No.31262748[source]
    What are DIDs: Device IDs?
    replies(1): >>31264106 #
    6. lazzlazzlazz ◴[04 May 22 18:27 UTC] No.31264106[source]
    Decentralized Identifiers: https://www.w3.org/TR/did-core/
    replies(1): >>31267720 #
    7. GekkePrutser ◴[04 May 22 18:36 UTC] No.31264189[source]
    Thanks the main objection I have with tailscale is that you can't self-host (and you need external identity providers). I had no idea there was a self host option. I'll investigate. I assume it's an unsupported community option?
    replies(1): >>31265304 #
    8. anderspitman ◴[04 May 22 20:02 UTC] No.31265104[source]
    Definitely stealing mom-technical. Though I do disagree somewhat with the conflation with blue-collar. I would almost argue white-collar folks are less likely to understand computers.
    9. seedie ◴[04 May 22 20:18 UTC] No.31265304{3}[source]
    op is talking about headscale [0] "An open source, self-hosted implementation of the Tailscale control server"

    [0] https://github.com/juanfont/headscale

    10. Serow225 ◴[04 May 22 23:37 UTC] No.31267311[source]
    fwiw, those on the Enterprise plan can bring their own IdP :) https://tailscale.com/kb/1119/sso-saml-oidc/
    11. aaaaaaaaata ◴[05 May 22 00:19 UTC] No.31267720{3}[source]
    Very cool. Microsoft doing newish work on this, too! https://www.microsoft.com/en-us/security/business/identity-a...
    12. Handytinge ◴[05 May 22 06:23 UTC] No.31270198[source]
    I'd love to try headscale, but a bit of research shows that the tailscale macOS client requires a CLI param to connect to a custom server, registry keys for Windows, Android client requires custom compile, and there's no iOS client at all.

    Unfortunately if I need to bring anyone into my mesh network who is non technical, this is now a non starter.