| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by apenwarr 1827 days ago

The localapi is indeed an http server built into the tailscaled process, which is written in Go. Since we already had an http client in there, the net new code to add an http server is quite low. And it doesn’t take any battery unless it’s being queried. I think people underestimate how cheap http can be (once you’ve paid the up front cost, anyway).

You’ve correctly guessed that blog link [0] that explains the reason I don’t think we’d ever want to try making a distributed coordination service. Most importantly, corporate customers absolutely love having a single control and registration point for every corporate authorized device on their network (and thus, a way to instantly deauthorize stolen devices). What we’re going to do though is add private audit trails and tamper proofing, kind of like TLS certificate transparency, so that the central instructions can be validated in a decentralized way, if that makes sense. More on that later. :)

Re: peerapi, there are lots of ways to build app layer protocols once you have tailscale making the connection itself easier. We picked http since it was the fewest lines of code and it makes an easy example.

Re: live video, Jitsi already works fine on a tailscale network if you want to try that.

1 comments

ignoramous 1827 days ago

> And it doesn’t take any battery unless it’s being queried. I think people underestimate how cheap http can be...

Curious about the underlying design decision on why a separate peerapi layer if a golang http/2 server is listening already (or is peerapi running over http, too)?

> What we’re going to do though is add private audit trails and tamper proofing, kind of like TLS certificate transparency, so that the central instructions can be validated in a decentralized way.

Exciting. Reminds me of: https://blog.okturtles.org/2014/09/the-trouble-with-certific... and https://book.keybase.io/docs/teams/sigchain

> ...there are lots of ways to build app layer protocols once you have tailscale making the connection itself easier.

True. My previous employer built an internal service similar to tailscale but it worked over bluetooth, wifi-direct in addition to ICEing NATs out. It made device discovery, cross-app, cross-device, cross-service communication super easy.

Thanks again.