Andrei and team are awesome. We were customers of a Fogbender ancestor (a chat app that became SameRoom) and are excited to be customers for Fogbender!
For a growing customer success org, being able to generate tickets from these chats is super useful.
I mean, even if you limited yourself to just the Peace prize (arguably the most controversial), you'd still have to reconcile your statement with the fact that people like Malala Yousafzai have won.
I love Tailscale, but it’s not really designed for public tunnels. You can do it, but you typically need to provision some kind of proxy with a static IP (most likely cloud based) to handle your public stuff.
Tailscale must be properly configured on your client machine to access machines/ports on their respective private Tailscale network(s), setup of which typically requires administrative intervention. Without bridging to a public network, services exposed to the Tailscale network are not accessible publicly.
Tailscale does offer user-mode clients so it can be used similarly to SSH by those allowed to connect (I don't know how difficult user-mode Tailscale is without admin setup on various operating systems).
not sure where you're getting the idea you need admin intervention for tailscale. I've never needed to do anything beyond authenticate the machine with my account. tailscale has NAT traversal built into it.
If your network firewall is preventing the tunneling process, then that's on you. and if its not on you and its a company decision then its VERY unlikely they'd be okay with cloudflare's publicly exposed ports.
the tailscale devices you see are only accessible by other devices on the same tailscale network.
S/he's talking about accessing those machines from OUTSIDE that network. That's what would require admin intervention. So for example if I have a webserver on my home LAN that has Tailscale installed and authenticated, then sure, I can access that webserver from any of my other Tailscale devices from anywhere. But if I want a friend to be able to access that webserver without first being authenticated to the Tailscale network... Do you see the problem, yet?
I clearly understand that problem. but I'm just going to assert its not what you actually want. nor is it related to accessing ssh where you most definitely don't want to expose the port.
for starters, what you're describing is a load balancer. those already exist and are trivial to setup.
I'm talking about the one-time initial setup of the Tailscale client software.
Can you download and run Tailscale on a Windows client without Administrative access to install the software (setup the virtual NIC)? An SSH client is just a user-space app.
I have explained why I stated that 'setup of [Tailscale] typically requires administrative intervention'.
I appreciate that your approach is the more secure standard practice, yet want to make others aware of the edge cases here on a site called Hacker News rather than something like StackOverflow, where 'this is the way' reigns supreme.
I mean if I wanted to host a public blog on my private infrastructure, Tailscale alone isn’t going to cut it. I would have to make a instance on a cloud provider to allow public ingress, and I have to setup and configure Tailscale on it to allow it to punch a hole into my walled garden. If I just want plain VPN access to my instances from wherever, then that’s when Tailscale really shines.
A core offering of Cloudflare Tunnel is the ability to host web servers through tunnels. Tailscale requires you to run your own reverse proxy on a publicly-accessible node in order to accomplish this.
This is not my experience having recently set up web servers in a cloud virtual network with no inbound ports open. I can tailscale in and connect to web servers behind traefik configured to use the dns-01 challenge. The only way to access these webaps is through tailscale.
Sorry I meant specifically public web servers, ie hosting a website or sharing a Jellyfin server with your family without requiring them to have Tailscale accounts.
Don't do this. I learned the hard way because I ended up pushing earwax into the canal, eventually forming a blockage. I couldn't hear out of my ear and had to go to an ENT, where he use vacuum suction to take some of it out (the deepest he could go without risking damage to the ear drum), and then I had to do two weeks of hyrogen peroxide drops (Debrox) to help liquify the earwax. Not being able to hear out of one ear is miserable, even if temporary.
Your ears are self-cleaning. They automatically push earwax (slowly) to the outside. A Q-tip is only meant for the outer rim of your ear. There's a saying ENTs use I found while researching my problem: "nothing smaller than your elbow should enter your ear". My ENT told me to stop using the Q-tips. If you find your ears produce a lot of wax, you can just use a tissue on the outside. Or if you're willing to heed the warnings, carefully use a Q-tip, but don't insert it into your ear canal.
(Throwaway because I don't like mixing personal medical info with my regular account)
Vaguely related: I’ve been using NextDNS for a while now, and it’s wonderful. I subscribed to a paid plan just to support the company. Recommended, if you haven’t already checked them out.
And some tech details: https://sketch.dev/blog/jagged-git-repo
(not mine, I just think it's cool)