How Tailscale's infra team stays small

I love that they point out the massive added benefit of using your own products.<p>Dealing with software you kind of always see if the software is actually used by developers.<p>Too many times I&#x27;m pained with request that take for ever, asset management tools that just don&#x27;t click or just mondboggling APIs that need 3 other APIs to function properly.<p>I think using your own products and iteration over internal feedback early and often is the way to a brilliant product and such cost efficiencies are a nice byproduct.

&gt; Establishing AWS identity outside of AWS is a headache, and often comes with a chicken-and-egg problem of needing to possess a secret to show you are allowed to get a secret.<p>&gt; For most stuff here, we can rely on the fact that every connection over Tailscale is encrypted and authenticated to an identity<p>Mm, okay, but you still have the chicken and egg problem of distributing the creds to join your tailnet.<p>Isn’t it not that different than distributing aws creds to access secrets manager?

yeah, I wonder if there&#x27;s room for a different networking abstraction that could address most of complex orgs networking issues, I, for sure, don&#x27;t think that we should still think about cidr range limitations when making networks, for ex.<p>that said, I&#x27;m not sure the tailscale approach scales well in typical modern corporate environments, where you&#x27;ve got a small army of junior devops often overlooking security or cost implications (don&#x27;t forget about egress costs!).<p>the traditional, meticulous approach of segmenting networks into VPCs, subnets, etc., with careful planning of auth, firewall rules and routes, helps limit the blast radius of mistakes.<p>tailscale&#x27;s networking &amp; security model feels simple and flat, which is great for usability, but it lacks the comforting &quot;defense in depth&quot; that will be asked in most big corps.