← Back to context

Comment by farfatched

1 day ago

Nice post. exe.dev is a cool service that I enjoyed.

I agree there is opportunity in making LLM development flows smooth, paired with the flexibility of root-on-a-Linux-machine.

> Time and again I have said “this is the one” only to be betrayed by some half-assed, half-implemented, or half-thought-through abstraction. No thank you.

The irony is that this is my experience of Tailscale.

Finally, networking made easy. Oh god, why is my battery doing so poorly. Oh god, it's modified my firewall rules in a way that's incompatible with some other tool, and the bug tracker is silent. Now I have to understand their implementation, oh dear.

No thank you.

7 comments

farfatched

Reply
farfatched  1 day ago

> No thank you.

I hope this wasn't interpreted towards exe.dev. That really is a cool service!

LoganDark  1 day ago

I find it difficult to configure Tailscale for my use case because they seem to completely not support making ACL rules based on the identity of the device rather than a part of the address space. I'm not configuring a router here, I'm configuring a peer-to-peer networking layer... or at least I'm supposed to be...

  • spockz  1 day ago

    I remember from the docs you can use node names. At the very least you can use tags for sure. Assign tags to nodes and define the ACL based on those.

    • LoganDark  1 day ago

      Last I read the docs while troubleshooting this very problem, you cannot specify node names as the source or destination of a grant. You can specify direct IP address ranges, node groups (including autogenerated ones) or tags, but not names.

      Tags permanently erase the user identity from a device, and disable things like Taildrop. When I tried to assign a tag for ACLs, I found that I then could not remove it and had to endure a very laborous process to re-register a Tailscale device that I added to Tailscale for the express purpose of remotely accessing

      2 replies →

  • codethief  1 day ago

    > because they seem to completely not support making ACL rules based on the identity of the device rather than a part of the address space

    Could you rephrase that / elaborate on that? Isn't Tailscale's selling point precisely that they do identity-based networking?

    EDIT: Never mind, now I see the sibling comment to which you also responded – I should have reloaded the page. Let's continue there!