[lysace]

How do you handle the do-before-thinking devs? Or the kinda low-to-mid performing devs? Most companies has one or a few of those, right? They help the company machine go around by doing the somewhat boring stuff over and over again.

Tailscale in a company/developer env seems awesome when you know what you are doing and (potentially) terrifying otherwise.

Does someone set up detailed ACLs for what's allowed? How well does that work?

[madeofpalk]

> How do you handle the do-before-thinking devs?

Isn't that exactly what tailscale is built to accommodate - zero trust?

You set up ACLs and other permissions to not allow people to do more than the damage you can tolerate.

[nickburns]

Zerconf ≠ zero trust. The difference could not be more material in this context.

[tonyplee]

If both sides of your ssh tunnel (pub,private keys) are under your control, in theory, that's "zero trust".

Unless one considers the meta data such as src/dest IP are visible to Tailscale sw.

Right?

[nickburns]

'Zero trust' has a technical definition that's not really relevant here. See: https://en.wikipedia.org/wiki/Zero_trust.

The concept is separate from 'zero config' (https://en.wikipedia.org/wiki/Zero-configuration_networking), which Tailscale's low technical barrier to entry evokes.