(david.coffee)

311 points eustoria | 4 comments | 16 Nov 25 17:39 UTC | HN request time: 0.001s | source

Show context

plantinthebok ◴[16 Nov 25 19:52 UTC] No.45947870[source]▶

What's the actual win here? Avoiding relay latency in the rare cases Tailscale can't punch through NAT? If that's it, a $3 VPS running Headscale seems simpler. The complexity feels like you're optimizing for the 5% case while adding permanent vendor lock in. What am I missing?

replies(6): >>45947999 #>>45948012 #>>45948016 #>>45948087 #>>45948806 #>>45952600 #

1. josteink ◴[16 Nov 25 20:11 UTC] No.45948012[source]▶

>>45947870 #

Maybe I’m misunderstanding something…

But are you accusing someone of promoting vendor lock-in (cloudflare) while at the same time promoting vendor lock-in (tailscale)?

If you’re ok with vendor lock-in, shouldn’t you in theory be ok with any vendor?

replies(2): >>45948054 #>>45948103 #

2. bingo-bongo ◴[16 Nov 25 20:17 UTC] No.45948054[source]▶

>>45948012 (TP) #

Headscale is the not-vendor-login version of Tailscale.

replies(1): >>45951560 #

3. fragmede ◴[16 Nov 25 20:25 UTC] No.45948103[source]▶

>>45948012 (TP) #

No. Not all vendors are equal. We can treat ProtonMail differently then Gmail, for example. Looking at what's gone down with VMware, definitely don't get in bed with Broadcom.

4. uneekname ◴[17 Nov 25 07:32 UTC] No.45951560[source]▶

>>45948054 #

Sort of. Many tailscale clients you would use with headscale are closed source.

↑

I finally understand Cloudflare Zero Trust tunnels