← Back to context

Comment by lysace

5 days ago

How do you handle the do-before-thinking devs? Or the kinda low-to-mid performing devs? Most companies has one or a few of those, right? They help the company machine go around by doing the somewhat boring stuff over and over again.

Tailscale in a company/developer env seems awesome when you know what you are doing and (potentially) terrifying otherwise.

Does someone set up detailed ACLs for what's allowed? How well does that work?

4 comments

lysace

Reply
madeofpalk  5 days ago

> How do you handle the do-before-thinking devs?

Isn't that exactly what tailscale is built to accommodate - zero trust?

You set up ACLs and other permissions to not allow people to do more than the damage you can tolerate.

  • nickburns  5 days ago

    Zerconf ≠ zero trust. The difference could not be more material in this context.

    • tonyplee  5 days ago

      If both sides of your ssh tunnel (pub,private keys) are under your control, in theory, that's "zero trust".

      Unless one considers the meta data such as src/dest IP are visible to Tailscale sw.

      Right?

      1 reply →