Tailscale is insanely easy, simple, and pleasant to setup/manage compared to AWS anything. The thought of using a cloud-specific solution is kind of disgusting in comparison.
If Tailscale-the-product ever goes rogue or evil, I can always self-host wg or a full on tailscale-equivalent mesh myself. I sleep well knowing this.
If you were looking for an open source, self-hosted implementation of the Tailscale control server (as far as I know, that is the only portion of tailscale that tailscale keeps proprietary, and this is the best open source implementation of it).
Edit: wow, this project has really grown from when I last saw it. It is able to configure the vast majority of tailscales base featureset such as ACLs, magic DNS, taildrop file sharing, and so much more. Incredible.
Thanks for pointing this out, going to give it a whirl! Does this solve the thing about having to login using one of Google, Microsoft or Github accounts?
Headscale seems to have experimental support for OpenID, so if you plonk it down next to a simple OpenID server for authentication you should be good. You should be okay with anything from SimpleID to Keycloak as long as it supports the right endpoints.
I have no idea how the official clients will deal with that, though, but I've never used tailscale myself.
> plonk it down next to a simple OpenID server for authentication
Could you please elaborate on this solution? I'm not sufficiently knowledgeable about OpenID to quite understand what you mean, but I'd like to avoid any of the mentioned SSO providers, as they're all blocked on my systems for personal use.
... so I assume you mean that I could install one of [0-2] along with Headscale [3] to get the similar effect of installing Tailscael, just without those annoying SSO providers? I will see if I can find the time for examining that solution. Anything that can keep MS and Goog away is most welcome
Yes, with your open OpenID server you basically become your own SSO. I've set up a Keycloak instance for my self hosted stuff and now I can add 2FA to almost any web self-hosted service without the service even needing to have support for it.
Keycloak is quite a complicated system to configure, though, there are easier alternatives out there. If you're just trying to get anything up and running, something simple like Authelia may be better for your use case (disclaimer: I've never tried it, but it seems light weight and other people online seem to recommend it).
There is a big “Sign in with Email button” after installing the app in iOS.
Edit: Oh no, indeed when you want to sign up you need an sso provider indeed! This is what they say:
Can I sign up with an email address?
We don’t support sign-up with email addresses. By design, Tailscale is not an identity provider: there are no Tailscale passwords.
Using an identity provider is not only more secure than email and password, but it allow us to automatically rotate connection encryption keys, follow security policies set by your team (e.g., 2FA), and more.
If you have to take a job you don't like to be able to afford the house, be aware that nothing changes once you own the house. Most likely you'll still need the job to afford the running costs of the house.
There's no "I'm free once I'm a home owner" thing.
> There's no "I'm free once I'm a home owner" thing.
I finally signed up to an account to HN to say emphatically that it's the opposite.
Owning a house is a huge responsibility that takes up the vast majority of my time, and it's a millstone around your neck if you ever think about moving somewhere else.
I was happy to sell my house and trade the loss of equity (and the last 10 years has been outrageously exceptional to the usual appreciation of property) for the freedom that living in an apartment gave me. Leaving for a month? Ask your neighbour to water the plants and walk away. 10-20 hours of maintenance and upkeep each week? Now it's 0. Constant accumulation of tools, devices, and products? Not needed.
I seem to be an exception, but I have no need to define who I am by my housing, nor do I need the security of owning my own house. I have also lived on three continents, so I appreciate the ability to pull up stakes and move with very little fuss.
> 10-20 hours of maintenance and upkeep each week?
What in the world? This doesn't even come remotely close to passing the sniff test. Is your idea of homeownership like, constant remodeling or something?
I do zero hours of maintenance/upkeep per week, just like you with your rental.
Is your landlord now doing 10-20 hours of maintenance/upkeep per week for every apartment? Of course the answer is no.
I've seen houses which just grow shrubs over the whole lawn (sidesteps lawn maintenance, I suppose you may have to trim shrubs but its not that bad, really, compared to grass which grows almost overnight).
The other side of keeping up with maintenance - if you don't have time nor want to, hire away. It will eat a significant chunk of change to hire all the professionals your landlord was hiring, the difference being you are hiring yourself versus being dependent on the landlord.
For the DIYer, tools acquisition is definitely a PITA. Hardware stores have a decent selection mostly of what you need, but it would be nice if there were preset of tool maintenance you could order, maybe even save you money over long term buying it all piecemeal.
I'd imagine the real time suck would be for planning/research for it all, if you are used to spending your time coding, playing games, or otherwise amusing yourself, yes for the first couple years you will not have any time for these things as you are acquiring your skillset(s).
But that could be said for going back to school, etc. I think it's pretty valuable to be able to maintain your own dwelling apparatus, personally. It means you'll never be without reasonable shelter, so long as you have some access to raw materials, tools.
I don't check my plumbing or drainage. And a lawn is a difference between a house and an apartment, you're right about that, for me it's about 2 hours a month (which I pay someone else to do) rather than uh, 40-80. However I believed we were discussing ownership vs not ownership, rather than apartment vs house.
Checking your plumbing and drainage? What do you mean? What would you do weekly that involves this?
Lawn maintenance is maybe one or two hours a week at most, and that is mainly because we like to keep it pretty tidy. Then again, we would have needed to do similar maintenance (in the UK) for a rental if we wanted to keep the same standard for the garden.
If I was living by myself or just with my wife I would stick with an apartment. The kids spend so much time in the backyard, and it is hard to find an affordable apartment that has enough space for all of us to live, let alone also WFH that my wife and I are both doing. Plus, how do you build projects without a garage and outside area to work on things?
You didn't do enough research into your house purchase, or you weren't able to afford a well built house.
Houses like anything else have lifetimes, You don't get to be a 200 year old house without having major maintenance done at least a couple times. Buying a poorly maintained, or constructed, old house is a nightmare, if it's bad enough you've discovered why some houses are condemned.
Modern construction often has a longer lifespan and more readily accessible materials, older houses are a mixed bag - some gems that may last hundreds (thousands?) of years, lots of houses that need major repair. Some in the middle too...
Home ownership is as much a comfort as it is a fantasy. There are true perks, eg, you're mostly in control of the regular costs (rent vs mortgage) but it also has downsides, like... basically any hazard and everything ___location-related.
PS: I feel weirdly kinda honored that you created your account and replied to my comment. Anyway, I'm just being me ;)
Out of curiosity, why are you assuming that not exactly what parent was thinking?
> nothing changes once you own the house
Why? What does this mean and is it actually true? The monthly/yearly cost of owning a house is typically much lower than the mortgage payments. If buying a house in cash, the maintenance usually is low enough to consider lower paying jobs. Needing a high salary might enable remodeling but basic taxes and upkeep are very very different from sale price or the payments to a 30 year loan. In my experience something absolutely changes once you fully own the house.
Recently replaced the roof on my house and the cost was equivalent to a year of mortgage payments. Prior to that, had to replace the AC for about 6 months of mortgage payments. Next big expense is windows, which I expect to fall somewhere between the two.
Totally agree there are some sizeable maintenance costs, I’ve had to do a roof, windows, remodeling, plumbing, all kinds of stuff. It’s still lots less than the purchase price. And I had to pay them on top of the mortgage, it’s not like maintenance waits to start until the mortgage is paid off, right? Paying off the mortgage simply eliminated one money drain for me but didn’t change the other, so my average monthly expenditure went down.
Rentals have exactly the same maintenance requirements as owned property. The fact that you pay for a lease doesn’t magically make the roof last forever.
As a renter, this overhead is baked into your lease. As a homeowner, I can simply tap into home equity to do a major repair at single-digit interest rates over a decade. Something you will never be able to do as a renter.
$15k to replace the sewer plumbing. $9k to replace the sewer line. $9k for a replacement roof....
I mean, yes, if you do things yourself it can be significantly less expensive, but most of the housing stock in the bay area is atrocious - good bones and awful everything else. They were thrown up as quickly as possible in the 50s-70s and so there's always something that needs fixing.
You should watch tiny home remodeling, its a tv channel (I think?) I was shocked that a couple in NYC bought essentially a cottage in a high-rise for 10 million, then did a half million dollar renovation on it...
In the country-side that kind of money gets you a 12 bedroom mansion with a pool and a view...
I do a lot of DIY but there are times when you just want it done and done quickly and professionally. We work for a living and don't really have time to deal with a lot of the DIY incremental aspects that happen until you get very good at any given skill. I just redid one of our bathrooms, but I wasn't going to redo the sewer lines solo let alone mid-week while living in the place.
The problem with HCOL is that even if you own you're burning cash due to the lack of time and very, very high cost of services.
That wasn’t the question, right? I think you’re completely agreeing with me and disagreeing with @xcambar if we’re talking about a 30Y loan and maintenance costs. Maintenance costs and taxes start on year 1 and continue forever. So when you finish paying off the mortgage, the substantial loan payments end and go away while the maintenance costs continue. This will be a big change in your expenditure, speaking from experience.
There is no paradox. Buying a house is more expensive than maintaining it, partly because maintenance is somewhat independent of purchase price.
I think you’re trying to say that an expensive house is more expensive to maintain than a cheap house. That’s true. But the salary required to buy any given house is higher than the salary required to maintain it, for the most part. I’m sure there are counter examples, but on the whole most people who pay off their mortgage experience a pay raise, effectively, which has been my own experience.
In general, I think it's kind of an interesting heuristic to think about every so often: right now, putting aside practicalities like my current job or where I live, what looks like a cool place to work, even if the specific role was just taking out the garbage.
Right now the answer is "tailscale" and "oxide" for me.
You don't have to live in any particular place to work for Fly.io; we're all remote, and we hire all over the world, at the same west coast comp rates everywhere.
Treating it as an "investment" and not a "cost" is not really helpful.
The way I usually treat it is: Can I pay off this mortgage in the event I don't want to sell the property?
Negative equity is a thing, sure, but if you were always happy to pay the price then the thing you're buying is worth the price, right?
Sometimes people think of things as having value only if they're relative to something else. But value is value, and value is the price that you're willing to pay.
If your sole use case for wireguard is "I need ssh access to a fleet of EC2 machines" then System Manager is definitely cheaper and easier to setup. Even more so if one is using IaC.
I really like ZeroTier, but the nail in the coffin for me has been that there is no ability to self host a controller, while also using the management web GUI.
Their sales team, when I asked about self-hosing a controller, said it's not necessary because they've never had all the hosted controllers go down, but when I asked about a tweet they sent in May 2020 about their controllers being down, I never got a reply. [1]
My plan was to put ZeroTier on all of our machines and use it as an overlay network that all traffic goes over. But I don't want to open the availability of our network to depending on an external service.
I've all but decided on Nebula, just need to get the deployment worked out. I'm playing with Tailscale right now, and am very impressed. It does have the ability to require MFA on logins that we would like for user VPNs, while still being able to have servers self-authenticate (we respin half of our dev/stg environment every night).
Can't speak for the parent commentator, but I gave zerotier a try and ended up dumping it mostly because it was unusably slow on single core Linux VMs, making it not a viable option for connecting lower tier cloud VM options. I believe this is on the list of things they're fixing with their next major version, but that version has been very slow in coming out.
i can't say about that specific thing but i've been using this daily 24x7 for the last 2 years now. it connects my 20+ pcs and laptops which are geographically apart but because of zerotier, they are in a local lan.
it does not have SSO, relying on the admin accepting/rejecting connected devices by a single checkbox.
this is in comparison to tailscale which uses Oath, meaning you have to create and maintain those accounts as well.
You know what that is? It’s what it looks like when a great team have product market fit.
The execution of Tailscale is second to none. It’s pretty much a masterclass in making complex things seem simple. They’ve nailed onboarding, design, great documentation and just generally presenting an image of a company you want to do business with.
I realise this possibly isn't going to make me look any better than everyone else here to you, but have you actually tried Tailscale?
It does seem to be a near perfect solution for a few very specific problems, with almost no downsides and a user interface easy enough that you could do it without any knowledge of the underlying technologies
its not really that hard to setup amazon system manager. like maybe 2-3 hours of overhead.
the idea that you'd pay a subscription fee greater than aws just to avoid a few hours of learning how to set something up is kinda disgusting in comparison.
I wrote a ruby script that does tag lookup for me with an interactive prompt. Took about an hour. Sent it to my team so we all use it. Can't imagine subscribing to a service for something that is a minor devops task.
This was my comment re. AWS SSM and Tailscale just a few days ago.
'Installing the agent client side is no more or less tedious than installing the Tailscale client, IMO anyway.
I made two scripts, one in .Net with a GUI for non-devs to grep a server hostname or tag:name in AWS that resolves to an instance ID for SSH or RDP. And another python script doing the same but without the GUI for the dev team. Works a treat.
But you've already explained why it's a little tedious and now I've documented and understood why. Tailscale MagicDNS does all this nonsense for you. Yeah ok thanks for rubber ducking me I see your point now. :)'
I didn’t downvote you but the issue is definitely your phrasing (“disgusting”).
It took me all of 3 seconds to fall in love with Tailscale, but I think I agree with your point. This is a place of knowledge and curiosity, so digging into stuff and setting it up yourself is definitely to be commended.
For me, I just want a solution that works and I simply don’t have the cycles to spend on this specific problem. Happy to outsource, nothing disgusting about that.
The commenter wrote that Tailscale is easier to use than AWS anything, but it can't even stand near in terms of scope. It's like saying that my calculator is easier to use than Apple anything; useless astroturfing that adds nothing to the discussion.
They do support DNS, to answer your original question. But to this point, it's not useless because someone suggested they use an AWS service to accomplish what the article says was done with tailscale. So, saying tailscale is infinitely easier to set up is a very useful comment. Also true.
Yes, you're right that "it can't even stand near in terms of scope", but the original comment did not argue that, the original comment gave an opinion about the usability (actually "to setup/manage", so more like the administrative efforts) of Tailscale, which is not the same thing as the scope of its abilities. Calling the comment misleading because the service has a smaller scope is then at best misunderstanding the original comment, at worst purposefully trying to derail the discussion.
If Tailscale-the-product ever goes rogue or evil, I can always self-host wg or a full on tailscale-equivalent mesh myself. I sleep well knowing this.