More

bomewish · 2025-12-25T12:36:49 1766666209

Article seems heavily written by Claude. Gets kinda annoying after a while.

saaaaaam · 2025-12-25T16:32:51 1766680371

Callie is a very over dramatic writer. I can’t take much that it writes seriously. And the “it’s not just X - it’s even worse Y” trope is very annoying.

saaaaaam · 2025-12-25T21:49:31 1766699371

Obviously this was meant to say Claude, but iPhone’s new autocorrect decided Callie was the right choice…

bomewish · 2025-12-16T13:34:21 1765892061

So could this safely be used on Tailscale then ? I’m very curious though also a bit paranoid.

messe · 2025-12-16T14:14:13 1765894453

> So could this safely be used on Tailscale then ? I’m very curious though also a bit paranoid.

You may as well just use tailscale ssh in that case. It already disables ssh encryption because your connection is encrypted with WireGuard anyway.

gear54rus · 2025-12-16T13:39:03 1765892343

It could safely be used on public internet, all this fearmongering has no basis under it.

Better question is 'does it have any actual improvements in day-to-day operations'? Because it seems like it mostly changes up some ciphering which is already very fast.

yjftsjthsd-h · 2025-12-16T15:20:26 1765898426

> It could safely be used on public internet, all this fearmongering has no basis under it.

On what basis are making that claim? Because AFAICT, concern about it being less secure is entirely reasonable and is one of the big caveats to it.

rapier1 · 2025-12-16T16:37:48 1765903068

Concern about it being less secure is fully justified. I'm the lead developer and have been for the past 20 years. I'm happy to answer any questions you might happen to have.

Zambyte · 2025-12-16T13:52:37 1765893157

I'm not fear mongering. I'm just saying

- IF you don't trust it

- AND you want to use it

=> run it on a private network

You don't have to trust it for security to use it. Putting services on secure networks when the public doesn't need access is standard practice.

joecool1029 · 2025-12-16T16:46:20 1765903580

I remember the last time I really cared to look into this was in the 2000’s, I had these wdtv embedded boxes that had a super anemic cpu that doing local copies with scp was slow as hell from the cipher overhead. I believe at the time it was possible to disable ciphers in scp but it was still slower than smbfs. NFS was to be avoided as wifi was shit then and losing connection meant risking system locking up. This of course was local LAN so I did not really care about encryption.

But I don’t miss having those limitations.

rapier1 · 2025-12-16T20:38:12 1765917492

It's still possible but we only suggest doing it on private known secure networks or when it's data you don't care about. Authentication is still fully encrypted - we just rekey post authentication with a null cipher.

bomewish · 2025-12-04T20:56:09 1764881769

Hey really recommend using a big long random string in that URL, because as you will have read above TAILNET NAMES ARE PUBLIC. You can find them here: https://crt.sh/?Identity=ts.net [warning, this will probably crash browser if you leave it open too long -- but you can see it's full of tailnet domains].

So anyway try it like:

tailscale funnel --set-path=/A8200B0F-6E0E-4FE2-9135-8A440DB9469D http://127.0.0.1:8001 or whatever

I use uuidgen and voila.

ftchd · 2025-12-06T20:04:48 1765051488

so what exactly does this do?

bomewish · 2025-12-10T08:09:32 1765354172

Gives you a randomised domain name for your service so it’s not exposed to the internet on the url that has already been publicly exposed.

bomewish · 2025-12-01T07:24:39 1764573879

Have been down this path and just realised: I get the same result and a lot less of a hassle by just using bash scripts and brewfile etc.

Making a change with home manager became a whole thing.

Now I’m back on the happy path and it’s great. The LLMs can also move things over very fast.

My remaining uses of nix are just devbox which is a very palatable wrapper and nicer to use than flakes.

bomewish · 2025-11-24T15:11:12 1763997072

This looks like a tidy little out of the box fts system. I’d use it as a tantivy interface basically. And I’d pay for it if it had good and simple document ingestion and metadata search semantics. Not the intended use case really but this doesn’t exist.

bomewish · 2025-11-20T20:13:56 1763669636

Wouldn’t it be trivial for serious criminals - like cartels etc - to just use different vehicles?

Finnucane · 2025-11-20T20:24:38 1763670278

Sure, but policies that just generally terrorize people aren't primarily about actually catching criminals.

bomewish · 2025-11-19T19:51:09 1763581869

If it’s important just use b2 or hetzner storage box. Use restic or rustic for backup and dedupe and encryption. I run this setup for home and work and we’re doing this on 10tb+.

Oxodao · 2025-11-20T09:48:28 1763632108

+1 on this, i'm running restic with resticprofile and backup to b2 it works flawlessly

bomewish · 2025-10-31T08:30:14 1761899414

you answered this after someone just posted the wayback. what gives?

samlambert · 2025-10-31T13:05:23 1761915923

read the timestamps, i did not post it after the wayback.

zenlot · 2025-10-31T10:42:03 1761907323

Seen previous responses? Also, do you think he doesn't know it?

bomewish · 2025-10-29T22:36:50 1761777410

Where does the 600mb SQLite file live though? GitHub won’t host that. Lfs server?

bomewish · 2025-10-10T11:42:33 1760096553

Yep this was super confusing. definitely change the name!