Joining Tailscale: Simplifying Networking, Authentication, and Authorization

&gt; I used to tolerate and expect complexity. Working on Go the past 10 years has changed my perspective, though.<p>Reminds me of the Redis manifesto that has provided helpful perspective over the years.<p><i>We&#x27;re against complexity. We believe designing systems is a fight against complexity.</i><p><a href="http:&#x2F;&#x2F;download.redis.io&#x2F;redis-stable&#x2F;MANIFESTO" rel="nofollow">http:&#x2F;&#x2F;download.redis.io&#x2F;redis-stable&#x2F;MANIFESTO</a>

For context, this is a post from bradfitz, the creator of LiveJournal, memcached, OpenID, been on the core Go team for last 10 years or so.<p>There was a recent thread on him leaving Google: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=22161383" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=22161383</a>

So I get that things were easier before all networks needed to be treated as zero trust. But should we really return to that? Just adding another layer of network abstraction with another malted milk-ball network security configuration? (gooey and unprotected on the inside)<p>Part of me thinks this is like when cars were super simple to work on and you had plenty of &quot;shadetree&quot; mechanics. As vehicle safety systems and emissions controls increased we built safer and cleaner vehicles. They are harder to work on at first because you have to learn the concepts of more systems. Brake systems evolved to ABS controllers then further on to Traction&#x2F;Stability Controllers. Understanding one system makes it easier to understand the others.<p>I guess I am saying improvement does make things more complex. The most basic engine is loud, pollutes but works just fine. That does not mean it better- it was fun to toy with but a tuned well engineered machine is just as much fun if you can learn to tinker with it and play.<p>There will always be someone who will tell you your fuel injected, closed loop, oxygen and maf sensor controlled combustion cycle is less fun than an ol&#x27; fashion v8 with a carb.<p>I actually enjoy the paranoid world where we are building inherent security into every layer of computing. I learn something new every day and get to make something better.

Interesting. Authentication via IP could definitely simplify a lot of things. But how do you handle authorization&#x2F;delegation for 3rd party access?

That&#x27;s the company of the guy blogging at apenwarr.ca (I always forget his name, although I really like his blog).

This seems like identity based authn all over again, with all the problems that go with it. Confused deputy, etc.

I like the idea but unfortunately there is not much documentation.<p>I got it up and running on my home “server” (a arm sbc) and on my iphone and ipad but none of them can contact the server on the provided ip. Probably something I am doing wrong but there is not really much on how to debug it.

Enterprise networks are becoming less LANish and now our home networks are supposed to move towards a VPN based architecture? Should we not drive security in the direction e2e and application level?

For a company that wants to be open, Tailscale.com is conspicuously missing any pricing info at all.

It looks like competition is heating up for ZeroTier, Gravitational, and Cloudflare Access.

It&#x27;s obvious that Tailscale founders are well connected and have very powerful friends, nobody can even tell what the product is yet they already popular on HN and Twitter. This Heptio-tier strategy already proved to be very profitable and successful. Probably the company will be sold to Google within 3 years at a huge number then merged and burned within a year later without nobody noticing what the hell what that was all about.