We use Tailscale quite heavily and the SSH feature. Along with many other features, it is great. However, the article doesn't mention pricing, which for me personally seems quite high at $18/month/user. [1]
It is quite clearly stated in both this announcement and the docs [1] that it is available for the personal (aka free) plan. Not sure why their pricing plan does not include any mention of it.
What is their incentive to offer such a service for free?
Following the adage "if it's for free, you are the product", what is going on behind the scenes? Are they providing their services as a giant honey-pot to sniff on traffic?
Their response in the past about their free tiers has been that it's low cost to offer and it results in larger sales (devs use it themselves, like it and bring it to places they work).
> TL;DR: Tailscale’s free plan is free because we keep our scaling costs low relative to typical SaaS companies. We care about privacy, so unlike some other freemium models, you and your data are not the product. Rather, increased word-of-mouth from free plans sells the more valuable corporate plans. I know, it sounds too good to be true. Let’s see some details.
So it's a weighed choice between "if something seems like it's too good to be true, it often is", and "the explanations they give make good sense, and it's a way of doing business that some ethical company could choose to take".
We probably won't know in the short-to-medium term, so we'll have to take their word for it..
But I must admit, their products look pretty impressive. I'll have to have a closer look at them.
For what it's worth the scaling costs for their service are quite low. Tailscale connections are almost entirely peer to peer after an initial NAT busting operation. They can afford to do a loss leader like this and the product is actually so good that I've recommended it to a number of places. It's literally the first VPN that I think is worth paying for. I wouldn't have known that if the free tier didn't exist. Using is believing in their case. It's not uncommon to be literally angry at how easy it is to set up/manage/deploy given how much of a trash fire most vpn software is.
> Tailscale connections are almost entirely peer to peer after an initial NAT busting operation.
Ah, interesting, thanks. That would indeed make it a lot less costly. I would need to dive into it to get a better understanding how their service works.
Would you happen to have some good resources you found useful?
Well, this addresses the sniffing concern. From the link:
Note that the private key never, ever leaves its node. This is important because the private key is the only thing that could potentially be used to impersonate that node when negotiating a WireGuard session. As a result, only that node can encrypt packets addressed from itself, or decrypt packets addressed to itself. It’s important to keep that in mind: Tailscale node connections are end-to-end encrypted (a concept called “zero trust networking”).
Which other vendors did you get quotes from? Genuinely curios. Ime they are very competitive on price compared to some others.
One of my former gigs used a competitor (also a startup) that was 2x the price and offered way less flexible setup but our “architect” rushed it bc of the way he was. Other more established competitors were even more expensive
I've been impressed with ZeroTier.
The free tier is pretty generous. Plus the desktop client allows you to access more than one network/account at the same time. IIRC, Tailscale requires you to switch between accounts.
Tailscale SSH is quite interesting because it'd require Tailscale authentication. So it would segment SSH access off, and makes SSH access also generally available to all clients utilizing Tailscale, regardless of host OS.
I checked, and it doesn't seem like Headscale supports SSH access.
I dont know about the pricing. Over the last couple of months i have been investigating different alternatives for better access control to our internal resources. And Tailscale seems to be on the cheaper end compared to other offerings.
While many people are likely more knowledgeable about this topic than I, I stumbled upon this Bloomberg video titled "This Is How Huawei Shocked America With a Smartphone" by chance a couple of weeks ago: https://www.youtube.com/watch?v=08myo1UdTZ8. It provided some helpful context for me, and I thought it might be valuable for others as well.
I think chungy is right: most people get their first experience with Makefiles by trying to debug some automake monstrosity. When they write their own, they assume they have to be just as complicated (or even worse, they'll copy/paste from an autogenerated Makefile or use it as a base).
If I thought every Makefile had to be like that I'd write ./build.sh too.
I wouldn't say I'm afraid of one, but I can't read one and tell you what it does, or write one that does anything useful. Unless I'm way off the mark, it's just a programming language, one that I will eventually learn when I need it badly enough. I even snuck a manual off the freebie table at work.
It's all fun and games while your commands basically look like
target:
invoke-some-tool
And then, in a bigger project, you start dealing with dependencies. Exclusions. Code generation. Config-dependent builds. Dev vs stage vs prod. Sub-projects. Invocation of tools depending on other tools. Pipelines. Toolchains.
Then Makefiles quickly devolve into an incomprehensible undebuggable nightmare with arcane syntax rules and behaviours. It doesn't help that there are next to none good resources on Makefiles.
I ask myself how many people are storing _potential_ sensitive information without application level encryption so that AWS decides to build such tool... slightly distressing.
> As far as I can tell you can’t step through tests in the debugger
Maybe I am missing something, but that is not correct. You can debug tests the same way as you debug any other code. Even works with the mentioned/used Go extension for VS Code.
I have no idea in VSCode, but with JetBrains Gogland, debugging tests is stupidly easy. Simply add the breakpoint where you want it, left click on the play button in the line of the test declaration, click debug in the contextual menu, and off you go.
In Go test files, there's now a codelens annotation above every Test function with "run test" and "debug test" commands. Just click "debug test" to launch a debugger against that test.
[1] https://tailscale.com/pricing