> In theory, there is no path for a malicious Tailscale control plane to remotely execute code on your machine, unless you happen to run network services that are designed to allow it, like an SSH server with Tailscale-backed authentication.
Now I feel less crazy for not using Tailscale SSH for similar reasons.
I'd like to see a security evaluation of Tailscale, on a per feature basis.
I'd like to see tailscaled run with far fewer privileges.
Is there a Tailscale alternative that just does Wireguard + NAT traversal and doesn't try to do key management?
This makes testing changes easier in other ways too: when I make experimental changes, I'm reluctant to commit them until I know they're working, since I like being able to checkout an old commit and know it boots. In practice this means I end up with a dirty checkout, and uncertainty on which changes have been tested.
In theory I could manage this with git rebasing and/or tagging, but in practice I lose confidence in whether I've accurately tracked.
With specialisations, I'd comfortably commit an experimental change to my canary track, even though it might break, safe in the knowledge that the stable track continues to boot.
I plan to use this for testing changes to my boot units.
In theory, plain old generations allow you to safely test changes to boot units, by allowing you to jump to the previous generation. In practice, this involves remembering which generations have known-good boots.
Specialisations will allow me to run a stable and candy track, on per generation.
As a keen Sourcehut subscriber that's disappointing. I don't care much for cryptocurrency, but prefer my service providers to be far less selective than this.
Sourcehut is open first, so all is not lost: those excluded could host their own.
On balance, I'm looking at alternatives, but might stay.
I don't think it offers authn/authz, but that's fine: neither does my ISP. I just want SSH reachability.