[npiit]

I understand. But given the product features compared to the rest of the industry, Tailscale brings no real value compared to Zero-tier hen it comes to meshes, it's not zerotrust like Cloudflare, Twingate, and many others, it claims to be open source while only the client is and it cannot be used without their closed source control plane where most of the feature are behind paywall, it's way more expensive than reputable offerings like Citrix, Cloudflare and others. Their security is very dubious to me (they can in fact inject their own public keys to connect to clients machines and there is no way but to trust their word that they won't). I mean, what's the innovation compared to the industry in order to get that systemically excessive coverage here?

[lima]

It's more zerotrust-y than Cloudflare et al since it's entirely P2P, with only the control plane running in the cloud.

Compared to ZeroTier, the Tailscale client has a permissive license, the mesh is fully routed (vs. a L2 network with unencrypted broadcasts), is written in a memory-safe programming language, integrates with company SSO, and uses the Wireguard protocol (i.e. sane, audited crypto instead of a DIY protocol).

[npiit]

zerotrust has nothing to do with p2p, zero-trust is about making sure that this user is authorized to access that application at the resource level not using some decades old segmentation/network level policies. Zerotier also claims to be zerotrust but it's technically not. Cloudflare, Citrix, PulseSecure have zerotrust offerings, but many others sadly just claim to be either by ignorance or dishonesty.

[lima]

Yes, and implementing that is exactly the point of Tailscale, with the added advantage of not relying on a centralized proxy.

[npiit]

You seem to be confused between zerotrust and encryption. Zerotrust is about auhtentication/authorization at the application level. Also tailscale is as centralized as Cloudflare et al. What happens when tailscale servers go down? Can 2 peers behind NAT still be able to connect to each other? can they synchronize each other's public endpoint and public key?

[enneff]

> Tailscale brings no real value compared to Zero-tier

This article has nothing to do with Tailscale the product and everything to do with the team's unconventional approach to engineering. That's what HN is interested in and why the post is being upvoted.

[npiit]

There is nothing unconventional in moving from SQL to key-value distributed database. And if it was any other company that submitted this very same post here we wouldn't be talking here right now as it would have never gotten a single upvote. The posts of this company almost always come with their upvotes right after submission (by others) and the founders were surprisingly replying minutes after submission. This is systematic behavior.

[enneff]

> moving from SQL to key-value distributed database

You didn't read the article, clearly.

> The posts of this company almost always come with their upvotes right after submission

This has already been explained to you in other comments, so I just assume you're being disingenuous now.

Find a new hobby.