Top of HN and people are loving it, but there's got to be a better way of getting some $$ rewards for fun viral ideas like this than "Buy me a coffee". I'm betting he's got tens of thousands of sessions currently and nobody is tipping. https://ko-fi.com/magnushambleton
This will be an unpopular answer but one way that could have worked is just good ol' advertising, because it directly converts "virality" into income.
Any solution that requires the user to bust out a credit card and put down his billing address has way too much friction for the median user to get through.
I see 16 coffees received. Assuming no private donations for simplicity, that’s $48. As an ads noob, how many sessions would a banner ad need to beat that?
No? Advertising money is paid upfront. X number of impressions. You get paid a cut for hosting the ad. The ad might be a huge failure and lead to zero clickthrough or purchases. But the money has already been paid for the campaign.
Yes, nothing happens until you trade a dollar for something, but it does not have to be this site they spend money at.
Advertising isn't even about getting people to open their wallet, it's more about influencing their decision when they do go to spend money or make a purchase.
Yea, but most advertisers come only after something went viral, not when you are building something and you try to say to potential advertiser: "this will go viral trust me bro". And such small viral things are usually short lived, by the time the advertisers come it will probably starts to die down.
But yea, maybe he would have got a little more financial support than donations even if he puts up ads after it went viral.
Another way he could benefit from this is when people want his skills to build them similar things, so it's basically already an advertisement for his skills.
This is such a weird comment. Not all advertisement follows the influencer model. Banner ads have been funding small internet operations since before hacker news existed. Do we really don't have long term memories at all?
I saw it going viral before going to bed last night and spent 15min trying to enable payments but failed so made it block you after 2 gens using cookies and try guilt you into donating instead. Made me $160 in donations compared to the $500 in AI credits burned so not a huge success but at least slightly offset the loss.
If the demand continues after this blip I’ll try add ads or make real payments work.
There have been alternatives suggested. While better is a subjective term, most alternatives have either not been successful or have not yet meaningfully achieved a level of success to matter.
Flattr took one approach without much success. They represented the problem well though. When someone does something that is of a small but not insignificant benefit for a large number of people, how should they be rewarded? When the reward due, divided by the number of people paying for it, gets low enough it seems to not reach a threshold that it makes sense for any individual to pay.
You could charge a fee above the threshold, and many people do take this path. It is essentially requiring a small number of people to massively overpay to cover those who don't pay at all.
A Universal Income takes the approach that if everyone gets what they need there is no particular requirement to be monetarily rewarded. You essentially have been rewarded for whatever it is you do.
Advertising plays the small threshold thing both ways, They offer you a chance to sell a little corruption below your threshold for thinking it is damaging, and in return they accumulate the corruption and the money and send you the money and deliver the requested corruption to their customers.
Part of the fundamental difficulty is in determining the size of the reward due. How is that determined? There are plenty of people who will offer services to do that if it means they can take a cut. I don't see that path going well unless it is a mechanism governed by strict non-profit rules, and even then I would have doubts.
A purely rule based system would be intrinsically unfair and subject to gaming, but often times this turns out to be the least worst solution. By agreeing to a set of rules people can accept that while flawed, adhering to them by agreement can make a system that cannot be taken over by a malicious individual.
In short, right now, No I don't think there is a better way. There may be people with a financial interest that it remains that way.
How do we ensure that we don’t enter the failure mode of “not enough necessities get made”?
Like it seems like people are ideologically for or against UBI, but I’ve never seen anyone discuss how the mechanism would avoid this outcome. Like I’m not saying it’s 100% the outcome that would happen on whatever time frame, just that even e.g. a 10% chance of that happening would make it too risky to attempt at scale. And like I don’t accept “some people just love farming” or “a lot of stuff that isn’t needed gets made now”, I need an actual mechanism description.
> How do we ensure that we don’t enter the failure mode of “not enough necessities get made”?
Pay higher when someone does things. UBI + income. If you want to live better, try doing something that will bring you money, but if you fail, you can still live and try something other next time.
Current model: if you try something and fail, you are homeless and starving.
I could maybe support UBI if you completely shut down Social Security, Medicare, Medicaid, SNAP, school lunches, subsidized housing, and every other assistance program. It must replace all of that to achieve the so-called operational efficiency of just giving people cash. Give them enough to buy those things on the open market, and if they choose to spend it on something else, that's on them.
If you don't trust people enough to do that, then you don't trust them enough to do UBI.
I think most proponents of UBI want this and I think it's a good idea. UBI is meant as social security, just not dependent on what you do and doesn't disappear when you have cash. Just give minimum wage to everyone and remove minimum payment requirement from economy. If you use up your social security/UBI in wrong way, that's on you. But there should be probably some education. And if someone can't effectively use your allowance (mentally ill, non-functioning alcoholic), then maybe we should put such people in proper institutions, but they could be funded by UBI instead of specialised assistance program.
Failing -> homeless and starving is a failure mode at the level of the individual. That’s not good, but failure modes of the entire structure are higher priority and the two don’t really compare apples to apples. Capitalism (absent corruption) is actually sort of cleverly recursive there because financial destitution by definition cannot affect producers of vital goods, because the act of producing vital goods is precisely what is rewarded by the system. So at least what you mentioned cannot result in systemic failure from a mechanistic point of view, only an individual level failure (which isn’t to say that the individual is “to blame”, I am not talking moralistically, just that it affects individuals and not the entire structure).
On first paragraph, okay how does that scale though. Who does the actual work of producing things people need to live, and how do we make sure that enough people keep doing that specifically, even across plausible variable configurations such as “birth rate increases because people have more free time which means now you need more farming” etc.
We need to characterize these dynamics, wouldn’t you say? Have you thought about it, or are you satisfied by hand waving?
"Absent corruption" is doing a lot of heavy lifting in your statement. The idea that the system can't fail raises the question what do you consider failure, and what do you consider corruption"
If prices increase and wages don't keep up with them, an increasing number of people become squeezed by their environment. This is a slow event, sure, but enough drops can fill a bucket. The fallout from this pressure on the general populace will be the failure that you're saying can't happen. This seems inevitable without an intervening event to reset things.
With that said, I don't think your concerns are unreasonable, and I'm not sure UBI by itself could solve anything. At a minimum price controls or government administering of food and housing would be necessary to keep prices from rising in response to the influx of cash everyone would receive, but the problem of people not working does seem like a big potential issue.
I believe there have been studies to the contrary, but those studies necessarily miss the universal part of ubi, so they don't have the negative feedback loops that could spring up in a real implementation.
I don't think the "producers" argument is true, and even so it really does depend on the profession and on current trends.
What was vital yesterday may be obsolete tomorrow (see hospital secretaries vs ambient scribes for instance). I assume when you think of people taking a potentially "destitution-risky" decision, you think "entrepreneur without savings or backup income", not "hospital secretary". Yet here we are.
Also, in many professions, "production" is multi-level. Who is the producer in a hospital, the nurse, or the hospital manager? Yet I can assure you nurses, as vital as they are, get fixed term contracts or get fired all the time. Same with teachers and academics.
So, no, the system rewarding the hospital manager and the university deans for the "vital" work of their nurses and teachers isn't "cleverly recursive"; it's exactly the failure mode both you and OP speak of, except it's somehow both systemic and personal, depending in what angle you're looking at.
> financial destitution by definition cannot affect producers of vital goods,
Say that to farmers struggling to make meets end. We managed to make production of vital goods so efficient, that we don't need as many producers, so they are becoming not-producers-of-vital-goods en masse. So, now that they don't produce vital goods, they can safely go into destitution?
> only an individual level failure (which isn’t to say that the individual is “to blame”, I am not talking moralistically
Individual level failure means individual is to blame. But UBI is meant to give them safety net, so that when they fail, they don't go into destitution.
> So at least what you mentioned cannot result in systemic failure from a mechanistic point of view, only an individual level failure (which isn’t to say that the individual is “to blame”, I am not talking moralistically, just that it affects individuals and not the entire structure
Nice, but when you get rid of 20% of people and move them into "not usable, you won't eat now" category, each single one for personal reasons, then another 20% for other personal reason, you have to train them somehow. You could of course say that they should retrain on their own, but that's currently done typically after several years of giving them too low prices, so they used up their safety reserve.
> On first paragraph, okay how does that scale though. Who does the actual work of producing things people need to live
The people who feel they have the skills for this. Just like right now.
> and how do we make sure that enough people keep doing that specifically,
We have enough people to make food. We have to make artifical limits on how much food they produce or they would flood the market with food. We pay them to keep their fields unused for some time, kept in reserve. UBI would just be a guarantee that they won't go into destitution when they can't sell the food at good price.
> “birth rate increases because people have more free time which means now you need more farming”
I think birth rate might decrease even more. As people become more and more comfortable and stopped having to work as much as previously, they don't need children to secure their future.
> We need to characterize these dynamics, wouldn’t you say? Have you thought about it, or are you satisfied by hand waving?
I agree we should. Who would do it? Who would pay for such characterisation? Maybe you should try to do it? A lot of people think about it already.
Or, ya know, save money or get a job. Failure rarely leads to homeless and starvation. Most people are far more resilient than that, the current US homeless rate is ~1/500
If we need/want UBI to be a thing, educating people on the difference is going to part of the effort and debate
UBI discussion invariably is way off the mark. The only thing UBI solves is how to give out the money, which is a massive misdirection, the real problem is how to get the money. Do you gut the state and allow people who don't work to have enough money to barely survive as an underclass, or do you end billionaires and usher in a new renaissance where all needs are met and labour shall just be at our whim. These two vastly different visions are both UBI, but most discussion about UBI completely sidesteps that as it requires touching upon the more difficult issues.
Once you have control of the money to give out, literally every way of redistribution is as good as UBI. If you calculate how much money would be required for a reasonable UBI.. then imagine what could be done if that money was spent on communal, humane, services then it would be able to revolutionise the world every bit as much.
Necessities get made because there's someone to buy them. Only 5% of people are employed in agriculture and 15% in manufacturing. 80% of working people could do nothing and we'd still be fine when it comes to necessities. And we don't even have peak automation.
UBI does not mean you don't work, nor you can't earn a lot of money. It just means we don't let you starve if you don't work and we stop making you work out of fear of leaving you starve if you don't.
I'm a psychiatry resident and developper. I have never been paid for my dev work but have produced quite a lot on my free time (site: w.olicorne.org ). I would do psychiatry pretty much no matter how much I'm paid for it.
In my view the most productive people of every field are not incentivized by money and would do it anyway. UBI would free up time and cognitive load of the most productive people I believe. Following a 80/20 kinda rule.
Hence UBI here would mean that the dev would not *have to* monetize.
> In my view the most productive people of every field are not incentivized by money and would do it anyway.
The idea that money is not an effective incentive to drive behavior is wishful thinking. Even just among devs, even just among devs who truly love programming, most would be doing very different work, and working for different organizations (or none at all) if money weren't the driver.
> Hence UBI here would mean that the dev would not have to monetize.
Ok, but the dev might still want to monetize, and we're back to the original question.
> Even just among devs, even just among devs who truly love programming, most would be doing very different work, and working for different organizations (or none at all) if money weren't the driver.
Somehow I can imagine that a world where a the brightest minds of a generation didn't spend their prime optimizing ad clicking wouldn't necessarily be a complete disaster.
Optimizing ad clicking is profitable and the thing that would [partially] pay for UBI. That stops happening and money/value stop being created. The market is not 0 sum.
It's good to talk about UBI, but people taking it seriously have no idea how to fund it.
> Ok, but the dev might still want to monetize, and we're back to the original question.
It's alright. Those who would like to monetize can. There are others who wouldn't and UBI would utilize that surplus talent, which otherwise had to perform tasks they weren't skilled at to earn a living.
> most would be doing very different work, and working for different organizations (or none at all) if money weren't the driver.
With UBI I wouldn't be surprised if those would be even more productive doing something else they want. And others who couldn't do the CS curiculum even though they would have loved to because they had to find a job quickly would plausibly be at their place instead.
I really view UBI as something that puts oil in the society: people have less friction to be at the spot they're better at. People who want to do nothing will not slow us down anymore. And jobs that nobody wants to do would finally be paid by how much they suck instead of how much money your parents had to educate you.
> Ok, but the dev might still want to monetize, and we're back to the original question
I don't really see the issue. We're far from having shortage of ways to make people pay: ads, paywall, soft paywall, begging, rate limits. What's the issue with those? I certainly don't like them as a user and as a member of society but am fine with people doing that.
Especially with UBI in place: if the dev is putting a paywall, they have to compete with people that have plausibly much more freedom of time and mind to allocate to another free foss project. So in the end it becomes less profitable to be adversarial against end users.
> And others who couldn't do the CS curiculum even though they would have loved to because they had to find a job quickly would plausibly be at their place instead.
Unfortunately, also wishful thinking. A particular kind of wishful thinking endemic to naturally highly curious, academic achievers (not a dig, I am one). But -- and if you don't understand this, spending some time teaching at universities makes it abundantly clear -- most of the world is nothing like this. They aren't being held back from their natural passions and curiosities by the demands of living. They would not suddenly flourish under UBI.
> With UBI I wouldn't be surprised if those would be even more productive doing something else they want.
For the people that do naturally love creating and are good at it, they might "even more productive" in one sense -- creating more stuff that they, personally, value. And personally I'd love to do that, but it doesn't maximize value across society. That's one of the main things money is. It's a constraint forcing the production of consensus value. In a world of infinite resources that ceases to matter, but we're still very far from that.
> People who want to do nothing will not slow us down anymore.
Who do you think is supporting them? Until we have robots taking care of everyone for free, support is still a cost levied on other humans.
I am aware that most of the world isn't like this. But I am also aware that there are many people who more than anything want to share things they made, have a positive impact etc. In other words : there are 10x engineers and 10x altruists and some are even both. I am convinced that they collectively could make basically unlimited progress on things we all agree on: less sick people, more happy people, less waste, better environment, etc. I'm sure you've seen some random genius on youtube who built things in their backyards that are normally only buildable by conglomerate with advanced logistics. I just want them to not have to worry about an algorithm and sponsors and accomodate spaced for them to worl together on things.
> it doesn't maximize value across society
Well you'd have to define "value" here. I am sure GDP would plummet because bullshit jobs would plummet. The current society is doing maybe a decent job at producing but a terrible job at making it "across society". We still have millions of people dying every year of very preventable causes just because of the lack lf coordination. I think this would be better if we had less noise in our daily lives caused by the system so inefficient that we have bullshit jobs.
> The idea that money is not an effective incentive to drive behavior is wishful thinking
It is obviously an incentive. But I think it's not an effective one and has many morally bad side effects.
I highly recommend taking a look at the work of Daniel Pink related to money as an incentive. See The Puzzle Of Motivation (~20min) https://www.youtube.com/watch?v=rrkrvAUbU9Y
> It just means we don't let you starve if you don't work and we stop making you work out of fear of leaving you starve if you don't.
Seems inefficient to pay for everyone to have kitchens in their house and pay them cash to get ingredients to cook. Couldn't we just employ some of these people as cooks and have them make meals in a centralised kitchen in every neighbourhood? A bit like the British Restaurant idea: https://en.wikipedia.org/wiki/British_Restaurant
- and historically in france where I'm from, when we started having freezer technology it first appeared in shared houses for the whole village. People would go there once a day to fetch what they needed and would eat it. Can't find english sources but it seems very efficient. A least much more than every one having a fridge. https://france3-regions.franceinfo.fr/pays-de-la-loire/mayen...
That's why it works, lol. Those already driven by the bet paying off still have their incentives, and those who would love to try something ... can! Because they don't have overdue bills to pay with extra interest.
People already freak out about the sustainability of the welfare state supporting just the elderly with worker-dependent ratios of 3:1 or 2:1. Imagine if also all the working age population got welfare, it'd be completely unworkable.
I built a browser extension for a hackathon that enabled crypto payments direct to site owners. "registration" was just sticking a formatted payment address in a DNS TXT record, and if you were at a supported website, the extension would light up, and facilitated payment.
I still think it's a neat idea but I can't be bothered to build a real version
Ideally the model would be run locally in the browser, so the author isn't paying whatever they're paying. But the web standards to do complicated stuff locally aren't there yet and probably will never be.
That's not a practical answer but it's my two cents.
I wish I could give him two cents without having to try. HTTP status 402 with micropayments or something needs to become a thing. The platforms do it... (subs, tips, donations, rewards etc etc.) Why can't the web.
Maybe, but WASM still has its limitations and pains. If you compile with emscripten you're still using thousands lines of generated javascript to glue the wasm and javaecript together.
Especially in the age of AI tools, I also thought about this a few times. The current idea I have is something like a parking meter. Every expensive transaction (like calling a model) would subtract from the money pool, and every visitor could see how much is still left in the pool. In addition, a list of the top 5 donors with their amounts might improve the group dynamic (like on pay-what-you-want pages like humblebundle.com).
It would be more about covering the cost than about making someone rich, but I think that is what most of the people who build stuff care about. Sadly, I don't know a service yet that offers this model.
This won't work when the meter is at zero due to human psychology. New visitors will say: "no one subsidized my experience (indeed I don't even know what $thing does) but <creator> wants me to subsidize $thing for others".
The whole "subsidize for other visitors" concept is weaker than "pay <creator>".
If there’s one thing I learnt from HN it’s how many people can’t comprehend this. Is it a byproduct of growing up in a very transactional or selfish environment?
Yes. First being a YouTube creator became a business, then twitch, tiktok, twitter. GenZ basically grew up with everything being/becoming a business "opportunity". Making money is the goal for "creators", to the point where ads have become normalized and not having a sponsor is leaving money on the table.
I don't think donation approaches are necessarily bad, but yes it should not be as simple as putting a kofi link at the top of a page.
This person doesn't just do that though. Right after the part where you've uploaded your own examples, there's a reminder: if you had fun buy me a coffee.
Though this is slightly offset by the fact that they state you have 2 free trials and then you pay. It's a complete incentives mismatch if you ask for coffee for something you explicitly presented to them as a marketing offer. Though, I suppose leaving the donation option on doesn't hurt in this case either.
In my experience, donationware works best when the donation request is polite, personal, uncoercive, unintrusive, and comes at a moment of surprise right after you would have seen actual value from a product, and from a product that has not otherwise asked you for any money so far (including showing you ads).
KeepassXC Android is a good example: the guy asks for a beer during octoberfest :)
If one's visitors are gamers, perhaps one might use gaming payment providers to sell an "supporter badge"? But that's perhaps be pushing their envelope.
If one's visitors are from the "rapidly-developing world", with well-adopted candybar-scale micropayment systems - China, India, Indonesia, Brasil, Kenya, SK, Sweden... hmm. Direct access from elsewhere seems still very limited, but perhaps one might use a global payment gateway like Adyen? My impression is transaction cost is more than $0.10 but less than $1.
In the "less-rapidly-developing world", X.com has been working towards a similar superapp with Visa for the US. The Visa/MC duopoly seems to have shifted from its years of preventing US micropayments, to something like "maybe 2030-ish".
My view may be as realistic as these architectural drawings but I've long thought that some sort of micro payment system would address a lot of problems, many more significant than tipping software developers.
Youtube has this model with Preimum. If Chrome rolled out Chrome Premium, (and copied the Brave BAT model of paying sites you give attention to), I'd be happy to pay.
Thanks for the highlight. Doesn't seem like there's much activity on his Ko-Fi for being on the front page of HN. I sent him a tip, although privately.
Yeah - fine tune it a bit more (it’s a little too worst-case-scenario-in-the-dead-of-winter) and sell it to architectural firms and developers for a fee. This is simple to monetize and not up to us to figure out how to turn processor cycles into dollar bills.
Monetization: People can now use ChatGPT for this if they have the idea, so it’s a tight goal. Would people in urban planning pay to see this? If not, then this was just the “15 minutes of fame” experience”, and people who are not career influencers have difficulty monetizing that. Of course, thank you for your concept.
Just kidding. I bet you will do very well marketing it to estate agents and AirBnb renters. It's just the "prettification" of the world which gets to me. I hate Instagram for the same reason. Just grumpy me.
Totally get the concern, and I actually agree on the “Instagram-ification” problem.
What ProntoPic does is basically what a professional real estate photographer already does in Lightroom: fix lighting, white balance, perspective, and sharpness.
No adding pools, no changing furniture, no fake sunsets, no staging things that aren’t there. My girlfriend is an interior designer, so I see firsthand how much effort goes into making spaces look 100% accurate but well presented.
The goal isn’t to misrepresent reality, just to make photos look like they were taken properly.
In practice this mostly helps small hosts and agents who don’t have the budget or time for professional shoots. Right now they’re uploading dark, crooked, yellowish photos that actively hurt bookings (like the ones in the hp, real examples).
I guess I need to make it clearer in the site. Thank you for the feedback!
For an app like this, once I'm sold on the features of the app, I need to know and trust the credentials of the primary developer. I looked them up. Looks good.
Elon Musk attends the Donald Trump school of responsibility. Take no blame. Admit no fault. Blame everyone else. Unless it was a good thing, then take all credit and give none away.
I’d have agreed with you in 2024 but there’s enough of a difference in active support to be significant. Not many of those CEOs have direct personal involvement killing millions of people, for example, but DOGE appears to have managed that without really even understanding what they were cutting.
Exactly why I stopped supporting petroleum companies causing wars, terrorism and regional instability to keep up with world’s appetite for cheap crude oil.
There is an enormous difference between holding unpleasant views in private and actively, publicly, working to dismantle the country and take away the rights of its citizens and celebrating it.
Only one I can recall is Dave Packard, who served as assistant undersecretary of defense for a few years in the early 1970s.
I don't recall that he brought a mob of script kiddies with him to sack the government, threw any Nazi salutes at Nixon's inauguration, or slunk out of town with a literal black eye, though.
Not the CEOs of any significant companies, no. Most boards would not tolerate this; being a CEO is generally a full-time job, and the conflicts of interest don’t bear thinking about.
I used to ask the same questions, but then I've realized: this line of argument tries to justify non-action on known known because there are also known unknowns and maybe even unknown unknowns. Now what? Smoke a cigarette because we know that unknown carcinogens exist that are not included in cigarette smoke?
Yes, at least for the CEOs going out of their way to get into politics like Musk and Larry Ellison. The way Ellison is using Bari Weiss to censor 60 Minutes is evil.
I'm honestly baffled that this isn't completely obvious to everyone.
People act like "bad but hiding it" is no different from "bad and not hiding it," but the former is literally identical to being decent. The only scenarios in which it's not identical are those in which they failed to hide their badness!
I don't give a fuck how evil someone is in the dark little corners of their mind, so long as they show up as a decent person in all their interactions with the outside world.
I didn’t plan on examining Elon’s ideology. He shoved it in my face. If other CEOs want to to be coy with Nazi salutes and post the types of things he does on X then let me know. I’ll happily treat them the same way.
> I imagine many of their privately held beliefs are just as horrible but they’re not dumb enough to say them publicly.
Why would you support a company run by someone stupid enough to say their polarising beliefs publicly? It doesn't inspire confidence in their judgment. Even if you personally agree with their polarising beliefs, you have to question their decision making process in why they chose to deliberately make them public, damaging the company. If they're stupid like that, maybe they've made stupid decisions with their products (which in Elon's case, yes, he has, and not just at Tesla).
Same! And the best thing is that you can install Tailscale, so you can connect to your tailnet, and exit all traffic through one of your nodes (e.g., your home/office network).
It's incredibly useful, with the added bonus that you don't need to install tailscale client in any of your travel devices (phone, tablet, work computer, etc).
I’m seeing a lot of this same comment here, so I went to check out this tailscale thing, which clearly I must need.
Can anybody explain what Tailscale is, does, or why everybody seems to have it?
Looking at their website, it’s just a huge wall of business jargon. Really! Read it. It’s nothing but a list of enterprise terminology. There’s a “how it works “ page full of more (different) jargon, acronyms and buzzwords, but no simple explanation of why everybody on this thread seems to be paying money for this thing?
Any help? Should I just pay them my $6/month and hope I figure it out at some point?
It's a wrapper around Wireguard that lets you use common SSO providers (Apple ID, Google, etc) to manage access.
It also handles looking up the IP address of your "nodes" through their servers, so you don't need to host a domain/dns to find the WAN IP of your home network when you're external to it (this is assuming you don't pay for a fixed IP).
Most people put an instance of it on a home server or NAS, and then they can use the very well designed and easy to use iOS/mac/etc client to access their home network when away.
You can route all traffic through it, so basically your device operates as if you're on your home network.
You can accomplish all of this stuff (setting up a VPN to your home network, DNS lookup to your home network) without Tailscale, but it makes it so much easier.
TS makes it super easy to use a VPC I have in the US as my VPN exit while I live in other parts of the world. Apps that work on phones, computers, and my AppleTV are big pluses over Wireguard which I have also used.
I was still completely mystified until your last sentence. And now I'm just mostly mystified. I, too, keep hearing Tailscale Tailscale Tailscale from HN commenters but have no idea why I'd need it. For anything I need to access on (or from) my home network I just use a VPN I've hosted in my home for the last decade or so.
If you've already got a VPN solution your happy with, Tailscale probably adds very little value for you. It's just basically the easiest / most user friendly way to setup a VPN to your home network.
It can do way more than just being a VPN-to-home, but that's how most users use the free part.
It's still valuable. You can access your server with your own VPN set up, but what if you want to share a server to a friend or a family member (examples includes VaultWarden/Bitwarden, Plex, Jellyfin)?
If this is on Tailscale, you can just ask people to install tailscale client and login using one of the IdP, then ask them to accept the node you shared to them, and they can immediately access the server.
The alternative would be 1) sending VPN configs over and maybe also configure their VPN client for them, or 2) expose the service on the Internet protected by some OAuth proxy which really only works for web apps. Neither is easy/trivial.
I'd guess a plurality of people are only sharing Plex with family members, and nothing else. If you only care about sharing Plex, you don't need Tailscale to give a family member access, assuming you have Plex Pass, since Plex does a proxy as you describe.
Basic version is it's a sort of developer focused zero trust network service.
Encrypted overlay network based on wireguard tunnels, with network ACLs based around identity, and with lots of nice quality-of-life features, like DNS that just works and a bunch of other stuff.
(Other stuff = internet egress from your tailscale network ('tailnet') through any chosen node, or feeding inbound traffic from a public IP to a chosen node, SSH tied into the network authentication.
There is also https://github.com/juanfont/headscale - which is a open source implementation of some of tailscale's server side stuff, compatible with the normal tailscale clients.
(And there are clients for a very wide range of stuff).
I can’t tell if you’re trying to help, or just getting into the spirit of the website’s “how it works (using ten pages of terminology and acronyms we just made up)” page.
None of the terminology or acronyms that user used were made up or unique to this. I think you are blaming other people for your unfamiliarity with this kind of tech.
It is simply a managed service that lets you hook devices up to an overlay network, in which they can communicate easily with each other just as though they were on a LAN even if they are far apart.
For example, if you have a server you'd like to be able to SSH into on your home network, but you don't want to expose it to the internet, you can add both it and your laptop to a Tailscale network and then your laptop can connect directly to it over the Tailscale network no different than if you were at home.
Sorry if I appeared rude. That was very much tongue in cheek.
But notice how you just did a much better job of explaining what this thing does without using any jargon at all. The jargon helps if everyone already knows what you’re talking about. It hurts if anyone doesn’t.
That’s what I’m poking fun at. There’s a trait in lots of engineers I’ve worked with over the years to be almost afraid to talk about tech stuff in layman terms. Like they’re worried that someone will think less of them because they used words instead of an acronym. Like they won’t get credit for knowing what a zero trust network is if they describe the concept in a way that regular people might understand.
One of those guys was certainly in charge of this company’s website copy.
Perhaps if we were on Reddit, and also on a general subreddit, then people would speak in less technical terms.
Since this is HN, it’s almost expected the participants here would either know the terms, or at the very least be able to find out what they mean on their own and realize it’s not made up jargon but rather common industry terms.
Tailscale is not trying to sell to the average buyer, it’s trying to sell to a specific audience.
> Like they won’t get credit for knowing what a zero trust network is if they describe the concept in a way that regular people might understand.
I've been trying to get a definition of zero trust at $client from the security people who are pushing tools onto our platform, so we can have an honest conversation around threats and risks, and finding the best balance of tools, techniques and processes to achieve their desired outcomes.
Unfortunately, it seems like everybody just want "zero trust" because a vendor sold them on that idea and they gave money to the vendor, so now there's the need to justify that expense and "extract value" from the tool - even if it may in fact be worse than the controls that are already in place.
It’s worth pointing out that it can be both. The hub and spoke model, relays, is often used for cloud setups where the overhead of installing clients on nodes is not worth the tradeoff
I don't think you need to pay $6 a month to try it out.
Install it on all the machines you want. When you are running it on the machine, it is networked to the other machines that are running it. Now make an 'exit node' on one of those machines by selecting it in the UI, and all your gear can access the internet via that exit node. Your phone can run it. Your apple tv can run it. You can have multiple exit nodes. So you can have a worldwide network and not once did you have to open ports in firewalls etc.
How does it compare to Zerotier? The way I understand it it's kind of overlapping functionality but not necessarily everything.
What I want from Zerotier is basically what you described about Tailscale.
The two problems I have with zerotier are:
1) It's supposed to let a mobile device like an Android tablet route its traffic through zerotier (functioning as a VPN to my home site, in this case). However, I've never got that to work. It's running, but doesn't affect anything network-wise for the other applications (unlike running e.g. openvpn on it)
2) On a couple of computers with specific routing set up to various destinations, when Zerotier runs it simply blocks all of that and there's no way for me to continue accessing anything else than the Zerotier network. No fiddling with routing tables etc. changes any of that. On other computers, also some running OpenVPN, Zerotier does not interfere. I've never figured out what causes this.
So, in short, I'm pondering if I should ditch Zerotier and try Tailscale instead. If it does the same - I simply want a way to connect my devices, but I also don't want to lose total control over routing. For mobile devices I would want full VPN, for computers I don't. Edit: So, I'm both after connecting my multiple networks, as well as VPN'ing certain things or devices through another location.
Having tried both Zerotier and Tailscale, I found Tailscale to be a significant improvement. Tailscale uses Wireguard as the base encrypted protocol instead of a semi-homebrew protocol Zerotier came up with that notably lacks things like ephemeral keys/perfect forward secrecy. Tailscale also has a faster pace of improvement and is responsive to customer asks, regularly rolling out new features, improving performance, or fixing bugs. Zerotier by contrast seems to move slower, regularly promising improvements for years that never materialize (e.g. fixing the lack of PFS).
My last gripe is more niche, but I found Zerotier's single threaded performance to be abysmal, making it basically unusable for small single core VMs. My searching at the time suggested this was a known bug, but not one that was fixed before I switched to Tailscale. Not impossible to work around, but also the kind of issue that didn't endear the product to me or inspire confidence.
It's been a minute since I ran ZeroTier, so my memory is fuzzy.
Tailscale and ZT are not the same. ZT can do certain things that TS can't. One example is acting as a layer 2 bridge. Or a layer 3 bridge. TS can do neither. It can achieve mostly similar results though.
ZT can be a pain to setup. TS is a breeze. ZT's raw performance is quite poor. TS's is usually very good.
If I understood you correctly, you want both a way to access your home LAN when you're out - this is easy. Set up a node with NICs on the LAN subnets you want access to (I run it on my router), and configure the TS node to announce routes to those subnets. Install the TS client on your laptop and mobile and accept those routes. Job done.
If you also want to mask your egress - i.e. reach the Internet via your home network as if you were there - then you need a node (can be the same as above) configured to act as an Exit Node. When you want one of your devices to use this, just select the appropriate exit node. Job done.
So, somewhere on that website, there’s a free version that can be downloaded onto a desktop and run without signing up for their service?
I think I understand what it does now. So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?
The first plan on the left called 'Personal' is free.
It uses a central orchestrator which is what requires you to sign up. If you prefer to self host your orchestrator you can look into Headscale, an alternative that seeks to be compatible with the clients.
> So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?
That's one thing you can do with it, yes. You can also run custom DNS entries across it, ACLs, it is very flexible.
Ugh. On mobile, the first plan on the pricing page is “ starter” for $6. The plan to the right is partly visible, indicating that you can scroll that way. There’s nothing to indicate that you can scroll left.
A less hostile website design would have (again) saved me a question.
It seems like it defaults to Business, which is paid. If you tap "Personal" you'll see the free plan.
Sorry, but try a little harder. Tailscale isn't hostile, but it seems you are -- you claim to think you need it, but don't know what it does and can't put in the effort to determine and foist those inabilities on Tailscale?
I've been using Tailscale for many years now and they have a terrific product.
Tailscale is one of the simplest, most useful things I use. I only use the personal plan, but I keep toying with signing up for paid because it’s a damn good product.
The service is free up to certain amount of connected people and devices. You most likely don't need to pay for it. I am pretty heavy user and don't.
It is virtual private network orchestrator. It allows you to connect to other devices that you add to your network as long as they are connected to the internet. So your office computer, home server or NAS. If you have some home automation like home assistant you can connect to it from anywhere. That kind of stuff.
You can run it on a capable router or on a RPi, or on your NAS. It's especially useful if you want to self-host (e.g. Immich). You can use it to authenticate for ssh if you like, or simply give you an IP you can ssh to.
It's especially handy if you want a secondary way in, in case you have problems connecting using wireguard, since it supports using a relay if you're stuck in a hotel with a heavily restricted connection.
If you run DNS at home, you can even configure it to use your home DNS and route to your home subnet(s).
So basically wireguard, but you have to pay for it, and you have create an account through Google/Apple/Microsoft/whatever.
Wireguard is not that hard to set up manually. If you've added SSH keys to your Github account, it's pretty much the same thing. Find a youtube video or something, and you're good. You might not even need to install a wireguard server yourself, as some routers have that built in (like my Ubiquity EdgeRouter)
It's not really "basically wireguard" and you don't have to pay for it for personal use. Wireguard is indeed pretty easy to set up, but basic Wireguard doesn't get you the two most significant features of Tailscale, mesh connections and access controls.
Tailscale does use Wireguard, but it establishes connections between each of your devices, in many cases these will be direct connections even if the devices in question are behind NAT or firewalls. Not every use-case benefits from this over a more traditional hub and spoke VPN model, but for those that do, it would be much more complicated to roll your own version of this. The built-in access controls are also something you could roll your own version of on top of Wireguard, but certainly not as easily as Tailscale makes it.
There's also a third major "feature" that is really just an amalgamation of everything Tailscale builds in and how it's intended to be used, which is that your network works and looks the same even as devices move around if you fully set up your environment to be Tailscale based. Again not everyone needs this, but it can be useful for those that do, and it's not something you get from vanilla Wireguard without additional effort.
I guess I'm still not following. Is there an example thing that you can do with Tailscale that you can't do with Wireguard? "Establishes connections between each of your devices" is pretty vague. The Internet can already do that.
I install tailscale on my laptop. I then install tailscale on a desktop PC I have stashed in a closet at my parents. If they are both logged in to the same tailnet, I can access that desktop PC from my home without any addition network config (no port forwarding on my parents router, UPNP, etc. etc).
I like to think of it as a software defined LAN.
Wireguard is just the transport protocol but all the device management and clever firewall/NAT traversal stuff is the real special sauce.
You can run two nodes both behind restrictive full cone NATs and have them establish an encrypted connection between each other. You can configure your devices to act as exit nodes, allowing other devices on your "tailnet" to use them to reach the internet. You can set up ACLs and share access to specific devices and ports with other users. If you pay a bit more, you can also use any Mullvad VPN node as an exit point.
Tailscale is "just" managed Wireguard, with some very smart network people doing everything they can to make it go point-to-point even with bad NATs, and offering a free fallback trustless relay layer (called DERP) that will act as a transit provider of last resort.
Tailscale is free for pretty much everything you'd want to do as a home user.
It also doesn't constantly try and ram any paid offerings down your throat.
I was originally put off by how much Tailscale is evangelised here, but after trying it, I can see why it's so popular.
I have my Ubuntu server acting as a Tailscale exit node.
I can route any of my devices through it when I'm away from home (e.g. phone, tablet, laptop).
It works like a VPN in that regard.
Last year, I was on a plane and happened to sit next to an employee of Tailscale.
I told him that I thought his product was cool (and had used it throughout the flight to route my in-flight Wi-fi traffic back to the UK) but that I had no need to pay for it!
One of the things keeping me from adopting Tailscale is that I need to sign up with one service, but I can't add multiple services as login options in case one of those SSO providers lock me out, like what happened to Dr Paris Buttfield-Addison with Apple.
I checked, and Tailscale only allows a single Owner [1], so it would still be pretty disastrous if the Owner account was suspended by the single sign-on organisation.
Great, yet another opportunity for Big Tech to track people. I’ll stick to my Wireguard setup, I have a fixed IP and would rather have full control of what is happening by setting up the keys myself than trust a third party.
Not sure if anybody gives you the answer to "what is tailscale?". So, this is my answer (hopefully it's correct and simple enough to understand).
Tailscale allows devices that can access the Internet (no matter how they access the Internet) to see each other.
To do that, you create a tailscale network for yourself, then connect your devices to that network, then your devices can see each other. Other devices that are connecting to the Internet but not to our tailscale network won't see your devices.
AI might explain it better :-) Don't know why I wanted to explain it.
A multipoint VPN that punches through NAT and can be configured to do a lot of neat things besides.
Nothing that a network guru or even a sufficiently motivated hacker couldn’t do on their own, except that the maintenance is practically zero for the personal user and it’s actually easy enough for a very nontechnical person to use (not necessarily to set up, but to use), perhaps with a bit of coaching over the phone. Want to use a different exit point for your traffic? It’s a dropdown list. Share a file? Requires one config step on the client for macOS, once, and then it’s just in the share menu. Windows, Android, iOS are ready to go without that. Share whole directories? Going to require some command-line setup once per shared directory, but not after that.
There are features that are much more enterprise-focused and not as useful for personal stuff, but everything above is in the free version.
I’m not in tech at all, professionally, and never have been. I’m savvy for an end user - I can install Linux or a BSD, I can set up a network, I can install a VPN myself to get back to my home network - but I would never, ever call myself anything more than an interested layman. I probably could figure most of this out on my own, if I had to. Thing is, I don’t have to. It’s more than just Wireguard in a pretty wrapper.
Try it. It won’t take long to figure out why so many people here like it, even if you may not want to use it.
Tailscale can tunnel all your traffic through a chosen exit node so you browse the web and whatnot as if you were at home (or wherever the exit node is), so in this way it's a bit like a VPN from a VPN company, but it doesn't give you a list of countries to select from.
VPN companies aren't really in the business of selling VPNs. They sell proxies, especially proxies that let you appear to come from some country, and you typically connect to the proxy using the VPN functionality (particularly if you're using a consumer device instead of a laptop), but often you can use SOCKS5 instead.
Tailscale isn't in the business of selling proxies.
Which is nice, but still a beta feature. Tailscale itself is indeed a mesh VPN that lets you connect all your devices together.
> If I do not want to expose local services but only protect me and hide from untrusted WiFi, would I better use a traditional VPN or Tailscale?
It does NOT by default route all your internet traffic through one of its servers in order to hide it from your ISP, like the type of VPN you might be thinking of (Mullvad, ProtonVPN etc.).
Though you CAN make it route all the traffic from one of your devices through another, which they call an 'Exit Node'. They also have an integration with Mullvad, which allows you to use Mullvad servers as an exit node. Doing that would be identical to just using Mullvad though.
A system by wich you can expose things on your private network (e.g. your home lan) so you can selectively and securely make them accesible from other places (e.g. over the Internet). You can do all this without tailscale by just configuring secure encrypted tunnels (wireshark, traefic, ...) yourself, but services like tailscale provide you with easy gui configuration for that.
For me: it's a way to access services I host on my homelab LAN from 3000 miles away. Having a router that automatically logs into that and routes TS addresses properly allows you to use all your devices connected to that router to access TS services with no further configuration. I host Kiwix, Copyparty, Llama.cpp, FreshRSS, and a bunch of other services on my homelab, and being able to access all of those remotely is convenient.
It's a cryptographic key exchange system that allows nodes to open Wireguard tunnels between each other. They have a nice product, but I don't like how it spies on your “private” network by default: https://tailscale.com/kb/1011/log-mesh-traffic
You don't need to get too far down the page to see "VPN", which is what it is. But on top of that primitive, it's also a bunch of software and networking niceties.
We’re from the US but were recently in Germany. Sometimes we were completely exhausted after a long day and just wanted to rest in our room a little before going to sleep. Our motel had like 2 English speaking channels and both sucked. We watched a lot of German TV because it was interesting, even if we could barely understand what was going on. After some time doing that, it was a pleasure watching some Hulu, courtesy of connecting to WireGuard back at our house in California so that we had an American IP.
I did the same thing recently while visiting family in SE Asia. I wanted to watch my team's bowl game but American college football is unknown in that part of the world. A Wireguard connection back to my home router gave me the ESPN access I pay for in the US.
A few services didn't work because they required my mobile device's location services (which still showed my in Asia). I'm sure I could have found a workaround for that but wasn't properly motivated to put in the effort for a short visit.
In a similar vein, I was able to troubleshoot a problem with our NAS from a cellular connection on a boat near Bali a couple years ago. My son needed access to some files for his college homework but couldn't access it remotely. I was able to access it and reconfigure a setting that had changed during an update and restore his access.
For what it's worth, you get 100 devices total, regardless of number of user accounts. If you don't need the permissions granularity that individual accounts have, consider only having an "admin" and "untrusted" account... or a single account, and pinky promise your family not to play with it.
If Tailscale is installed on your router, then any client will also be able to connect to Tailscale networks.
Fo example, if you have a default route back to your home network on the router, any client will also connect through that tunnel back through your home. This assumes you are using your travel router to connect your laptop as opposed to say the hotel wifi. (In this scenario, your travel router is connected to both the hotel wifi as an uplink and Tailscale.)
You only need separate users if you want to restrict certain features (devices, apps, etc.) to only certain users (i.e., it's more of a business thing). My wife's machines all use my username because... she lives with me; if she wanted suddenly to learn networking and computers and hack all our stuff, she could do it anyway since she has physical access.
So pretty much anyone you would trust on your LAN can be trusted with your Tailscale user. You can just log yourself into Tailscale on the kids' devices and then use the admin console to make those devices' logins never expire. They can use all the features, but they don't know your authentication method and thus can't get admin access themselves. About the only situation in which the typical home user would need multiple accounts would be if someone was physically away from you and had a new device they needed to connect to your tailnet (their term for your collection of devices, services, etc.) but you didn't want to share your password with them. If they're physically near you, you just authenticate their device and hand it back to them.
These are neat in that you can jump on and extend existing wifi infra, but it'd be nice if they also included 5G. I want a product that does both.
It's cool to have your own network in a hotel. But it'd be nice to be able to do that on the road, away from public wifi, internationally, whenever - which hotspots do. But at the same time, it'd be nice to be able to do the WiFi thing too to cut back on data usage. I frequently blow through my hotspot data.
I'd rather this be in one device instead of two. Beggars can't be choosers, though, I suppose?
I’m using a GLinet GL-XE3000 for that and it’s great. Initial setup of the 5G eSIM on a physical SIM took a little searching but it’s been rock solid and having consistent access on the road and hotels has been great for family travel. It has a built-in battery, but I’ve never really tested the duration (I suspect it’s 3-6 hours) as I put it on its AC adapter in the hotel and the n a cigarette lighter adapter in the car, so the battery gets used 15-45 minutes at a time to bridge between those two places.
I like it enough that I might buy a second, more compact unit for when space is more a premium, but I’ve been really happy with this one.
I bought that specific model to provide connectivity for our robotics team’s pit computers. For this need, good antenna performance is key, since different venues differ wildly in WiFi and cell coverage and when we setup the evening before comps, I want the best chance of getting a solid connection and offering it to the pit LAN.
But now that I have it, the device is handy for family travel as well. Put an unlimited data eSIM in the device and everyone has “unlimited” data n the road and when we arrive at a hotel or AirBnB, one person signs it on to wifi and everyone is connected, including tailscale connections to home.
If I was doing personal and work travel only, I’d look for a smaller unit, but still with a decent battery.
I do want to point out that dumping all of your traffic through a home/office network is not always a good idea. YMMV, but if you are in, say, LA, and pushed your 0.0.0.0 traffic through your home in NY, you just added quite a bit of latency.
This is great for keeping things in a LAN, but make sure you use your network rules correctly and don’t dump everything to your home network unless you need to.
(I too have a gli slate, but I use UI at home so will consider this when it comes out)
I disagree. DNS is generally unencrypted and leaking that over whatever open wifi you're on is generally worse from a privacy perspective than the latency you add bouncing through your home where you probably have encrypted DNS setup.
Even if you don't visit any http sites, you never know what might phone home over http, so an OS level VPN provides foolproof privacy at the cost of a tiny bit of latency.
Using encrypted DNS doesn't necessitate routing all your traffic through your home network. You can still encrypt all your traffic by using an encrypted DNS service or, if you really want to, a VPN service. But moving everything through your home network is not necessary, especially if you have any kind of usage caps.
And to further reinforce this point, one of the basic config variables for wireguard is your dns servers. You could literally send no traffic but your dns queries to the wg tunnel.
Is this any better than just doing Hotspot with wifi bridge? I just have my hotspot on my pixel for my devices to connect to. Pixel itself is connected to whatever
"public wifi" is there.
Your hotspot just makes the untrusted hotel wifi available via your phone wifi. The networks between your computer and your target services can still inspect and alter your data. Tailscale, or more specifically the Wireshark underneat, sets up an encrypted tunnel so those "untrusted" intermediate networks can't do that.
Yes, but it wont work for sharing mobile internet because VPN doee not apply to tethering unless you have root. On Android there is also WiFi direct, but it's not very reliable and require proxy / not work for everything.
Unfortunately, iPhone can't bridge wifi networks, which makes travel routers particularly useful if you have an iphone, and a laptop, and are staying at a hotel with wifi.
It's my understanding that personal hotspot can only utilize the cellular connection for the internet side since the wifi connection is being used to connect clientside. If one is hoping to use hotel wifi rather than their cellular plan data, Apple's solution won't work.
Yes, it has actually worked starting with the Pixel 3.
It's called Dual-Band Simultaneous or "STA+AP" (Station + Access Point) concurrency that can bridge an existing wifi connection to an access point to other devices via a hotspot.
In my experience hotels throttle wifi connection per device (IP/Mac address or whatever) and so you'd be better off using something that can use the wired connection in your room (which is usually unthrottled or has higher bandwidth) and be an AP for your personal devices.
If you don't have a wired connection then this wouldn't be any better, except for any connectivity features it might offer (probably some vpn capability).
I have a gl-inet device and it does pretty much all I need whenever I travel.
Hotels in Las Vegas typically charge around $15/day per connected device. Want to download a new book on your Kobo and play Diablo for a few minutes? That’ll be $30, please!
Heartily seconded! A friend recommended I get one and now I push all my other technical friends to buy one, too.
My wife and I traveled a bit this year and it was great having all our gadgets connecting to a single AP under our control. It’s easily paid for itself by avoiding ludicrous per-device daily charges.
I think most travel APs can generally do this, but the feature that makes GL.iNet products popular is: extensibility. I'm not sure why this is so hard to understand for manufacturers, but making products useful via extensibility is a sure fire way to open your target market directly up to prosumers. And those are the buyers that will find you.
I own two of their products, one of them I bought in 2019 and can still run what I need to on it.
My wife’s work WiFi is handled by a gl.inet 150 (https://www.gl-inet.com/products/gl-ar150/) which is tucked behind her desk since at least 2019. Vanilla openwrt on it, provides WiFi from an Ethernet slot in the wall.
Uptime is in years, it’s invisible and chugs along without visible power draw. All her devices connect to it, including her Cisco voip phone. It autossh to my ovh server with remote port forward for remote admin. Cost me 15€ in 2016.
>> I'm not sure why this is so hard to understand for manufacturers
> My wife’s work WiFi is handled by a gl.inet 150 (...) since at least 2019. All her devices connect to it (...) Cost me 15€ in 2016.
I think this answers GP's question as (yet another) solid reason why manufacturers "can't understand" prosumer needs - it's because targeting prosumers, or generally making products that "just works", is very bad for sales down the line.
Hehe. Bought TP LINK TL-WR1043ND (one of the first models of affordable home routers with integrated gigabit switch) in 2012 for $40 (maybe $50, but not more), flashed OpenWrt and still using to this day.
Some companies aren't very big, and neither are their budgets. And of course, it might be said that there is no solution more permanent than a temporary one.
We've got a large-ish color laser printer (IIRC, an HP 4600) at one of our locations. It's not a big place; it has only had as many as 3 people working there regularly and has been normally staffed by exactly 1 person for the last several years.
When we moved into that building, a missing link was noticed: The printer did not feature wifi, and there was no way to get a clean ethernet drop to it without visible external conduit. The boss man didn't like the idea of conduit.
To get it working for now, I went over to Wal-Mart and bought whatever the current rev of Linksys WRT54G was. I put some iteration of Tomato on it so it could operate in station mode and graft the printer into the wifi network.
I plugged that blue Linksys box in back in 2007; it turned 18 years old this year.
It's pretty little slow by modern wifi standards, and the 2.4GHz band is much more congested than it used to be, but: It still works, and nobody seems motivated to spend money to implement a better solution... so it remains.
Readers of HN will value flexibility and extensibility, but the other 99% of the folks there are fine with totally locked-down devices because it’s the only thing they know of. The lack of extensibility likely doesn’t affect sales/profit in any significant proportion.
You have roaming but sometimes it’s less data than at home. And you can’t use it for months on end. I have multiple sims from various EU countries. When I visit I top up.
UK is not included, but most UK mobile networks have chosen to pretend the UK hasn't to their customers, and offer similar amounts of voice and data in the EEA, so it still mostly works "one way".
I'm not using it for travel, but I got a GL-BE3600 recently and it's surprisingly decent as a home router for my very specific needs.
I wired the desktop PCs in the house, so the only Wi-Fi users are mobiles, a smart TV, and a laptop. Everything else is already hanging off 2.5G wired switches. Pretty light duty, and I just wanted something that would provide robust routing and placeholder Wi-Fi. This does exactly that, and since it's OpenWRT based, it's probably marginally less terrible than whatever TP-Link was offering in the same price range.
It does run annoyingly hot, but I should just buy a little USB desk fan and point it at the router :P
I've had very impressive success running upstream OpenWRT on TP-Link hardware: I have Archer C7 access points running with literally years of uptime.
That being said, for any new application, I suggest using at least an 802.11ax AP, because cheap 2.4GHz devices that support 802.11ax are becoming common and using an 802.11ac router means that your 2.4GHz devices will be stuck with 802.11n, which is quite a bit less efficient. Even if you don't need any appreciable speed, it's preferable to use a more efficient protocol that uses less airtime.
Ditto, the TP-Link's Archer A7 firmware is a security nightmare [1] but with DD-WRT installed it is very stable and reliable.
[1] Daughter invited ~10 classmates to prepare for a science competition, and one of them had a virus (I assume) that hacked TP-Link's firmware to draft it into a botnet. WAN connection would drop every hour for a few minutes, plus unexplained internet traffic while nobody was using it. Resetting firmware did not help, installing DD-WRT fixed it once and for all.
I think I actually retired an Archer C7 for this. The goal was something 2.5G ready because the city has systematically rolled out fibre to every neghbourhood around here and I'm just waiting for the knock.
Honestly if you're not invested in maybe Ruckus or Aruba, I don't think there's much better than OpenWRT on a decently supported AP. I had a bunch of the C7s with OpenWRT and they've been totally bulletproof. I only upgraded to R650s recently and it's not clear beyond maybe the antenna setup and the fact that it's ax now that it's much better.
This rarely works. The TV network is usually access controlled, so you either won't get an IP or you simply won't have internet access.
Some hotel rooms (particularly older business hotels) will have an ethernet port for the guest. These work maybe 50% of the time these days. Sometimes you can find a Ruckus AP in your room at outlet level, and these usually have several ethernet ports on the bottom. These also have a working port around 30% of the time.
So, TL;DR: various ethernet ports in hotel rooms work less than half the time these days.
How’s that access control handled? Very easy to spoof the MAC of the TV or setup some SNI spoofing proxy server, NGFWs with TLS Active Probing are probably harder to deal with but do hotels really have that?
I could never figure out which gl-inet to get, since some of the newer products seemed less powerful than older ones depending on the product family or something...
> some of the newer products seemed less powerful than older ones
Cynic in me thinks it's because they don't want you to buy one product and be set for a decade, like HN-er here: https://news.ycombinator.com/item?id=46373387. Older products might've been too good.
While on a scuba diving trip in Thailand a couple months ago we could position the router slightly outside our hotel room to be able to be able to strongly connect to the very dodgy hotel wifi so my girlfriend could do her work calls.
It would also automatically log into the captive wifi which seemed to require a login every hour or so.
Another time we Ethernet into it using the cable in another hotel to bypass some ridiculous speed limitations on their access point.
I'm considering getting their model which can take SIM cards, so that we can also failover to mobile networks wherever we are.
I was thinking of using that in combination with Beelink ME Mini N150 with proxmox installed on it and host different net tools, git, etc that’s available on the go. I might be overthinking the setup
Run one wireguard server in your home and one client instance on this router and now all of your devices can share the same residential VPN connection. No fraud blocks or extra verifications from your banking apps, no million suspicious login detected from all your social accounts, use your home netflix account, etc. All without your individual devices running a VPN app.
> Run one wireguard server in your home and one client instance on this router and now all of your devices can share the same residential VPN connection.
You don't need a "travel router" for this. My phone is permanently connected to my server via Wireguard (so that I can access my files from anywhere). Adding another device just requires adding a peer in the server's config file and can be accomplished very quickly. It's not clear what problem the travel router solves, unless perhaps you travel with dozens of devices.
> no million suspicious login detected from all your social accounts,
Why do you need to config wireguard on each device? Connect your phone to your vpn and share the wifi. Works on my android. Struggling to see the value proposition for this device.
Do you have a pixel? On Samsung you cannot share WiFi, Hotspot only works with mobile connections. I learners above that this is possible with pixel phones, makes me want to get one...
Yes, Pixels can definitely do that (I use Graphene). It’s incredible that iPhones are so expensive and yet so limited (can’t share WiFi, terrible file browser…)
Your comment explains why we want a travel router. I have a wire guard setup for my servers.
I'm entirely comfortable with setting that up.
But I value my time enough that I don't want the hassle of that for the various devices my family uses when I can just preconfigure and plug in a tiny device and not have them depend on me being in the same location all the time.
> Adding another device just requires adding a peer in the server's config file and can be accomplished very quickly
Do you need a client to be running on each device?
Even regardless "I just need to edit a config file real quick" is... Way more work than I want to do. Works for someone on hn but I'm imagining trying to show my dad how to do that.
They're suggesting just running off your data plan which works for domestic travel (at least to urban areas with good cell service) and can work for international if you go through getting a data eSim.
chromecast - godsend on long hotel stays. need to dial in through my home (wireguard) so no license issues with streamers and once I connect my GL.iNet GL-MT300N-V2 to hotel wifi instant bubble of safe wifi for all my devices! weighs nothing, been using for 8 years rock solid.
Usually you connect your laptop/phone to the portable router network, which then just pulls up the captive portal. Once you auth from one device, any device behind the router is authed with the portal. This is because the hotel network just sees your router's IP/MAC.
Connect on your phone or other device. Connect to travel router. Clone the mac address of your device. Connect router to wifi. Adjust device to not auto login. Good to go.
GL.iNet routers don't even need this. It has an option to pass through captive portals. So you connect to your GL.iNet AP, then you set it up for the hotel WiFi, tick the option for passing through (it essentially disables VPN, AdGuard Home and other things if enabled), it will then link you to the captive portal where you can log in as you would otherwise.
Once the internet is active, the GL.iNet router will then re-enable things like VPN and AdGuard Home.
Since these devices are OpenWrt underneath with a pretier ui, I presume this is all possible on any OpenWrt device.
The Beryl AX is going for cheaper ($70) on Amazon right now vs the UniFi Travel Router ($80). Better bang for the buck on both hardware and software without needing specific Ubiquiti anything.
The UniFi router depends on you already having a UniFi environment. If you do, it's a good option, but the GL would work with any heterogeneous network
When you are some place with a captive network and want to use devices that don’t have a browser. You connect the router to the WiFi network that has internet access and you connect the other WiFi network to a device with a browser like your phone. Every device looks like one device to the captive network and you can use them all.
Second use case, I now live in a place with a shared internet access that is shared between all of the units. Anyone can broadcast to and control our Roku device and there is no way to block it from the Roku.
One is actually usable wifi at hotels with ethernet cables available. I don't use that device, but a DIY version that also acts as a portable media server while traveling. We can tunnel back to our home network, but often stay places with very bad reception and or internet access. Also helps keep the kids entertained on longer road trips. They can connect their devices to the router as we travel and have full access to the cached media.
I always travel with my GL.iNet GL-MT3000 (Beryl AX) and this is what I use it for:
- My wife and I travel with multiple devices (laptops, phones, Chromecast...) and when we get to a hotel/Airbnb, I simply connect my Beryl AX to their network (it deals with captive portals btw) and all of our devices automatically connect.
- I changed the `/etc/hosts` directly in the router, meaning I can test my local servers under custom domains easily on my other devices like phones/tablets without apps like SquidMan.
- I route specific domains through specific VPNs. Government websites, streaming websites, AWS services, etc.
- I can plug in a 4G USB modem into it and it can automatically fallback to it if the main connection drops.
reply