←back to thread

Tailscale raises $100M

(tailscale.com)
854 points gmemstr | 2 comments | 04 May 22 13:17 UTC | HN request time: 0.629s | source
Show context
pilif ◴[04 May 22 13:42 UTC] No.31260250[source]
With such a huge investment comes the obligation to eventually pay it back. Is this another one of my favourite tools going the way of Dropbox, 1Password and all other companies that were formed around what should be a platform feature, which took on way too large investment sums and were eventually forced to become the everything, losing sight of their core values?

I sincerely hope not, but there's so much bad precedent.

replies(6): >>31260318 #>>31260351 #>>31260537 #>>31260737 #>>31261295 #>>31264059 #
YPPH ◴[04 May 22 14:01 UTC] No.31260537[source]
How has 1Password lost sight of its core values?

Perhaps you refer to loss of local vaults? If so, they were never really a viable option for me - I needed the app syncing across multiple devices, including mobile, and doing so with a third party sync solution wasn't suitable.

replies(2): >>31261102 #>>31261681 #
criddell ◴[04 May 22 14:39 UTC] No.31261102[source]
For me, it was their switch to an Electron app. "High security" and "built from dozens of third party libraries and running on a browser" don't belong together.
replies(2): >>31261528 #>>31264784 #
YPPH ◴[04 May 22 15:06 UTC] No.31261528[source]
The choice of tech stack for a desktop application seems like an interesting basis to claim a company has lost touch with its core values.
replies(2): >>31261866 #>>31262119 #
1. skoskie ◴[04 May 22 15:47 UTC] No.31262119[source]
I’m fully in the camp who believes critical, top-level security should not co-exist with npm pulling dozens of 3rd party libraries which each pull even more 4th party code.

Is there anyone here with a counter argument? Has a security review been performed on each dependency? Any reason to think my fear is unfounded?

replies(1): >>31263976 #
2. dcow ◴[04 May 22 18:17 UTC] No.31263976[source]
And what should replace it? Rust? Cargo? Oops. (I believe 1Password uses Rust for security-sensitive parts too, btw.) I'd genuinely like to know what the correct tech stack for a password manager is today because using the right one is important to my current endeavor.

Regardless at Uno we're working on a password manager with a native app and rust core. It's geared more towards everyday consumers than power HN users, but you might find it interesting. The rust core including api server is open source right now because that's one point where we diverge from 1P. Whatever tech stack you choose, it needs to be openly auditable so that the community can collectively ensure it remains secure. https://github.com/withuno/identity