It's almost as if these people are offended someone would not use tailscale. Do you also find stories about people hiking and comment "I just look up scenic locations on google"? Why would you think your +1 to the easy, commercial route is at all interesting to a forum literally having Hacker in the name?
It is quite different here as the OP stated headscale which is own hosted and I understand they use just the tailscale clients. That is mine setup too after using tailscale first and then wanted something own hosted without my traffic going through someone else's network infrastructure (internet excluded of course)
In my opinion Tailscale is the realistic option for most people. The author is familiar with Tailscale having worked with it previously, but my interpretation is that he wanted to get more familiar with the underlying Wireguard technology.
“Each Tailscale agent in your distributed network streams its logs to a central log server (at log.tailscale.com). This includes real-time events for open and close events for every inter-machine connection (TCP or UDP) on your network.”
That reminds me of a complaint that I had with a visualization library that kept pushing the open source project to be tied into their hosting racket. I brought up how lots of security organizations at the time wouldn't understand how much of a massive problem it was for the end user to decide to make the data immediately available to the entire Internet. It feels wrong that such implications could be missed from a set of environment variables just being missing. Usually you want things to fail safely ...
Agreed it's a bit annoying how non-discoverable this is. Wish it was in some sort of onboarding prompt. But I can see Tailscale's argument for making it the way it is.
Tailscale is really targeting the business market, especially since their product is basically free for personal use. In a corporate environment, I imagine that the client logs are actually hugely valuable to the corporate customers themselves. It lets them see who is accessing what and is super critical when doing a post-mortem after a hack. (also no actual traffic content is logged)
But I still keep client logging disabled for my personal use.
Without fail, in every post on HN mentioning Wireguard:
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
It's almost as if these people are offended someone would not use tailscale. Do you also find stories about people hiking and comment "I just look up scenic locations on google"? Why would you think your +1 to the easy, commercial route is at all interesting to a forum literally having Hacker in the name?
It is quite different here as the OP stated headscale which is own hosted and I understand they use just the tailscale clients. That is mine setup too after using tailscale first and then wanted something own hosted without my traffic going through someone else's network infrastructure (internet excluded of course)
Don’t gatekeep. Headscale is interesting, non commercial and absolutely relevant to the discussion.
In my opinion Tailscale is the realistic option for most people. The author is familiar with Tailscale having worked with it previously, but my interpretation is that he wanted to get more familiar with the underlying Wireguard technology.
Important to know the security tradeoffs of the Tailscale commercial product. At the very least people will learn about all the pieces.
The privacy tradeoffs are much worse :/ https://tailscale.com/kb/1011/log-mesh-traffic
“Each Tailscale agent in your distributed network streams its logs to a central log server (at log.tailscale.com). This includes real-time events for open and close events for every inter-machine connection (TCP or UDP) on your network.”
RE: https://kieranhealy.org/blog/archives/2013/06/09/using-metad...
I believe setting the "TS_NO_LOGS_NO_SUPPORT=1" env disables this logging.
That reminds me of a complaint that I had with a visualization library that kept pushing the open source project to be tied into their hosting racket. I brought up how lots of security organizations at the time wouldn't understand how much of a massive problem it was for the end user to decide to make the data immediately available to the entire Internet. It feels wrong that such implications could be missed from a set of environment variables just being missing. Usually you want things to fail safely ...
Agreed it's a bit annoying how non-discoverable this is. Wish it was in some sort of onboarding prompt. But I can see Tailscale's argument for making it the way it is.
Tailscale is really targeting the business market, especially since their product is basically free for personal use. In a corporate environment, I imagine that the client logs are actually hugely valuable to the corporate customers themselves. It lets them see who is accessing what and is super critical when doing a post-mortem after a hack. (also no actual traffic content is logged)
But I still keep client logging disabled for my personal use.
Yep, despite the extremely FUD-y variable name, though there's still no way to opt out on iOS or Android: https://github.com/tailscale/tailscale/issues/13174
There's an unmerged PR for the Android client: https://github.com/tailscale/tailscale-android/pull/695
Headscale isn't commercial