Friendly reminder that Tailscale is VC-funded and driving towards IPO
-
Ah, I see where I got confused. Yeah, CGNAT isn't very common around here. I don't think I've ever run into an ISP that uses it. I can see how that complicates things.
It's more common with mobile-based connections like satellite connections or mobile-LTE data based connections, I believe.
-
Just use normal wireguard, why do you need tails or heads at all?
Or be like me stuck in the 2000s using OpenVPN still in 2025 lol
-
What you want to look at is the size of the hate and the material reasons for it. And that's fairly difficult to measure if you're not paying close attention. Plex hate has been growing dramatically over the last few years because they materially changed their service. They began collecting data some time ago and now they are selling it unless you go and opt out. So the hate is much larger and louder for that reason. For me those last changes were the straw that made it clear we're just one small push for profit away from my sailing habits getting sold to the American copyright lobby. So I'm currently trialling Jellyfin.
In addition as some have highlighted Jellyfin is markedly different from Plex or Emby in that it's open source and if something happens to it, forking is the way out, which already happened since Jellyfin is a fork of Emby. Migrating from one open source project to its fork is usually trivial compared to migrating from a proprietary service to another one. And there's no reasonable chance of my data ending up in the RIAA/MPAA's hands. So the Plex -> Jellyfin switch everyone is doing is not merely switching to another horse. It's more like switching to completely different vehicle that you can maintain indefinitely.
E: This process we currently call "enshittification" (not a new process) has now been experienced by wide swaths of people where previously only a small minority understood it. I think that drives faster and wider reaction to these patterns as they're now very familiar. I think that's a good thing. I used to give corporations more benefit of the doubt and think in balance but then I did not understand why they do what they do. Now I do and the benefit of the doubt is gone unless there's something material to support it. Like having open source clients.
there’s no reasonable chance of my data ending up in the RIAA/MPAA’s hands
Well, I have had dealings with the RIAA back in the pre-Napster era when audio on the internet had not really come into it's own and most people associated audio on the internet with GeoCities midis....pretty crappy stuff. I ran a fairly successful, fully liscensed, internet radio station with a company called the IM Radio Networks. They along with Phillips created one of the world's first bookshelf stereos that could 'tune in' internet radio as well as AM/FM. Even went to Washington with others to plead our case before a hearing that included Senator Leahy. Yeah, the RIAA are a bunch of reactive assholes and have never been proactive since AM radio first crackled into people's homes.
I used to give corporations more benefit of the doubt and think in balance
I've always figured that if it was offered for free on the internet, there were always going to be strings and at some point I'd have to do something different to achieve the same results I was looking for.
-
Well yes I know, but there is a difference between using a domain bound to me as a person and a random string of numbers that changes every 5 minutes
Chances are you've had the same public IP for a long time. Mine hasn't changed in 2 years.
-
Yea, but in iOS?
I mean is anything iOS really open source?
-
Chances are you've had the same public IP for a long time. Mine hasn't changed in 2 years.
@chronicledmonocle @Vinstaal0 I used to work for a dial-up ISP. Every IP is registered to an account, if you're going through your ISP (as opposed to, say, coffee shop or hotel wifi). Though the people who have the information are different (ICANN/registrar vs your internet provider), there's no anonymity in your home IP address even with CGNAT.
As far as your domain, you should have privacy protection enabled so people can't find your personal info via whois.
-
I'm unsure if it has been mentioned, but a similar tool which is open source (you can run the backend unlike tailscale), netbird
We've implemented netbird at my company, we're pretty happy with it overall.
The main drawback is that it has no way of handling multiple different accounts on the same machine, and they don't seem to have any plans for ever really solving that. As long as you can live with that, it's a good solution.
Support is a mixed bag. Mostly just a slack server, kind of lacking in what I'd call enterprise level support. But development seems to be moving at a rapid pace, and they're definitely in that "Small but eager" stage where everything happens quickly. I've reported bugs and had them fixed the same day.
Everything is open source. Backend, clients, the whole bag. So if they ever try to enshittify, you can just take your ball and leave.
Also, the security tools are really cool. Instead of writing out firewall rules by hand like Tailscale, they have a really nice, really simple GUI for setting up all your ACLs. I found it very intuitive.
-
Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth
Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).
“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”
Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.
I didn't really get the allure of it TBH. For most home-based nerds a simple Wireguard host (or OpnSense, OpenWRT etc running such) should be fine, and there are better options for commercial from better-known vendors in the network security space
-
And here I am, still using OpenVPN in 2025 lol
Used to run OpenVPN. Tried Wireguard and the performance was much better, although lacking some of the features some might need/want fit credential-based logins etc
-
Used to run OpenVPN. Tried Wireguard and the performance was much better, although lacking some of the features some might need/want fit credential-based logins etc
Yeah, OpenVPN definitely doesn't have light spec requirements
thankfully hardware is unfathomably powerful these days. -
We've implemented netbird at my company, we're pretty happy with it overall.
The main drawback is that it has no way of handling multiple different accounts on the same machine, and they don't seem to have any plans for ever really solving that. As long as you can live with that, it's a good solution.
Support is a mixed bag. Mostly just a slack server, kind of lacking in what I'd call enterprise level support. But development seems to be moving at a rapid pace, and they're definitely in that "Small but eager" stage where everything happens quickly. I've reported bugs and had them fixed the same day.
Everything is open source. Backend, clients, the whole bag. So if they ever try to enshittify, you can just take your ball and leave.
Also, the security tools are really cool. Instead of writing out firewall rules by hand like Tailscale, they have a really nice, really simple GUI for setting up all your ACLs. I found it very intuitive.
Thank you for your insight, I'm assuming the only public part is the UI and coturn (the bit that enables two clients between firewalls to hole-punch)?
-
I decided to experiment a bit with Headscale when the wg-easy v15 update broke my chained VPN setup. Got it all set up with Headplane for a UI, worked amazingly, until I learned I was supposed to set it all up on a VPS instead and couldn't actually access it if I wasn't initially on my home network, oops.
I might play around with it again down the road with a cheap VPS, didn't take long to get it going, but realistically my setup's access is 95% me and 5% my wife so Wireguard works fine (reverted back to wg-easy v14 until v15 allows disabling ipv6 though, since that seemed to be what was causing the issues I've been seeing).
Why does it need to be on a VPS? It seems to work on a home network when I played around with it.
-
Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth
Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).
“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”
Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.
I never really understood the point of using Tailscale over plain ol' WireGuard. I mean I guess if youve got a dozen+ nodes but I feel like most laymens topologies won't be complex beyond a regular old wireguard config
-
Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth
Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).
“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”
Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.
is this some kind of furry porn CDN
-
Can you segregate connections between different nodes on the tailnet, like say node G and H can only talk to each other and no other nodes?
Not sure, not tried that as that's outside my use case. But I would assume its possible with ACLs!
-
I never really understood the point of using Tailscale over plain ol' WireGuard. I mean I guess if youve got a dozen+ nodes but I feel like most laymens topologies won't be complex beyond a regular old wireguard config
Simplicity?
-
Simplicity?
I mean sure, but I don't think it's simpler than setting up a wireguard config IMO.
For tailscale you gotta make an account, register devices, connect them. Feel like wireguard is about the same except you don't have to make an account. -
I never really understood the point of using Tailscale over plain ol' WireGuard. I mean I guess if youve got a dozen+ nodes but I feel like most laymens topologies won't be complex beyond a regular old wireguard config
wrote last edited by [email protected]Wireguard doesn't do NAT/Firewall traversal nor does it have SSO
Tailscale manages the underlying Wireguard for you. I would be great if Wireguard had native NAT traversal but that isn't the case.
-
I didn't really get the allure of it TBH. For most home-based nerds a simple Wireguard host (or OpnSense, OpenWRT etc running such) should be fine, and there are better options for commercial from better-known vendors in the network security space
The "well known vendors" tend to be crap especially on a security level
-
I can't. I tried it first and installed it on my phone from f-droid. After opening it up, it connected to an already existing network with other people's old machines from years ago on it. I was horrified.
So then I tried to delete my whole account and couldn't due to an error. I sent them an email about it and they took like two weeks to respond.
Netbird isn't on F-droid
Are we talking about the same thing?
