This is not correct. Wireguard establishes a tunnel between peer A and B, and its simplicity stops there. Tailscale does tons of complex networking, filtering, nat traversal, DNS, file sharing, etc. Wireguard is a small part of the codebase today, which has grown a lot.
It’s a bit like saying Dropbox is just a GUI on top of TLS.
I think the parent commenter used "understood" to mean "recognized."
That said, I don't really understand the supposed misunderstanding you point out. It seems that dang argues that "the exchange was pleasant and successful." I've never seen someone claim otherwise.
Rather, I've seen it used as an example of how technical users can fail to recognize the complexity inherent in their workflows, and therefore may also fail to see the real-world business value in creating (and selling) simpler interfaces. See also a SMOP: https://en.wikipedia.org/wiki/Small_matter_of_programming
No, it's not that simple. This is an instance of context collapse; people dunk on that exchange because they believe it's an HN person belittling Dropbox as a product, when in fact it was an HN person helpfully offering notes on a YC application.
a fun thought exercise - what would have to happen to HN for this to come true? basically all the old guard have to age out and not pass on the reference?
Most of this was successfully done 20 years ago by tinc, which is a project written by a couple of European guys in their free time. It even supports routing traffic through other peers and does peer discovery just like BitTorrent (but before BitTorrent even existed) — there is no need for a central server.
What tailscale has over it is hype, lots and lots of hype. Also a much more well thought out, and arguably more secure VPN protocol underneath, which is why GP's comment is on point.
If it's hype, it's not hype the way you're thinking. I've shown Tailscale to a lot of people (this is less salient now, when pretty much everybody uses Tailscale) and the most common reaction I've gotten is "holy shit". It is spooky simple to get working, and it's spooky simple to go from a working installation to a VPN configuration that would take many many hours to replicate with pre-existing tools.
There may be VPN nerds out there who think there's nothing special happening with Tailscale, but I submit those nerds haven't spent a lot of time dealing with the median, replacement-level VPN configuration prior to Tailscale. I'm a pentester, and so I have had that pleasure. Tailscale is revolutionary compared to what it replaced.
Because you're delegating the control plane to Tailscale. Somehow we went decades without this being a thing for security reasons, dealt with the management of VPN appliances, and now suddenly everyone is OK with Tailscale owning the control plane of their VPN for the sake of convenience.
For a company this is probably okay: companies rely on other companies all the time, and can enforce contracts. I would gladly use tailscale at my company.
For an individual, heck no. Fortunately, headscale exists for individuals to use.
My only technical complaint with Tailscale is that its hole punching doesn't seem to work with some common CGNATs/double NATs when both endpoints are using them, and then traffic ends up trickling through their public proxy servers, while running your own is kinda annoying and not recommended or documented.
Jason Donenfeld is listed as a Technical Advisor on https://tailscale.com/company. Most companies pay their advisors something, so I assume something monetary is going on here for him.
Tailscale is definitely more than "Wireguard with a GUI", but I don't think that diminishes your point that Tailscale, if they're not already, would be great stewards if they were contributing more than code back to the Wireguard project.
Tailscale did make a donation to WireGuard. They have regularly contributed to wireguard-go, including the complicated GRO/GSO bits.
"Tailscale made a donation during September 2022, as part of their business centered around WireGuard." https://www.wireguard.com/donations/ / https://archive.vn/MMAXO
> Tailscale is pretty much Wireguard with a GUI on top.
It’s a bit like saying Dropbox is just a GUI on top of TLS.