they're not containerised, just plain old daemons.
*edited; I initially pointed to Funnel which would be used for sharing outside your tailnet.
Tailscale services will do that. You can do the proxying with tailscale serve, services gives you the MagicDNS name and virtual IP address bound to it.
The true moat of Tailscale is the core product. That can’t be easily replicated (still). Perhaps some product to simplify controlling what resources agents in the organization have access to and having 100% visibility + audatability for them will be way more useful.
frenchtoast8•1h ago
esseph•1h ago
Sounds like something your Account Manager or similar would need to work through. Development roadmaps are often driven by the largest, or loudest customers.
stopachka•1h ago
gneray•1h ago
There's a set of common needs across these gateways, and everyone is building their own proxies and reinventing the wheel, which just feels unnecessary.
~All of our customers at Oso (the launch partner in the article) have been asking us how to get a handle on this stuff...bc their CEO/board/whatever is asking them. So to us it was a no-brainer. (We're also Tailscale customers.)
hwpky•1h ago
Trying to be all things to all people will inevitably dilute focus, and it’s understandable that OP might be looking at this sub-product and wondering where the value is for their use cases.
They’re probably not the only ones questioning whether they’re still part of Tailscale’s core ICP (ideal customer profile), either.
Edit: expanded ICP for clarity.
micromacrofoot•39m ago
verdverm•1h ago
Tails ale is not a company I see being involved in my core AI ops. I don't need their visibility tools, I already have LGTM.
Tailscale should focus on their core competency, not chase the gilded Ai hype cycle. I have sufficient complaints about their core product that this effort is a red flag for me. To do this now, instead of years ago, shows how behind the times they are
wildzzz•1h ago
preisschild•1h ago
I like tailscale itself but a lot of basic stuff (such as dynamic routing) or ephemeral node auth are very lacking, wish they would concentrate more on their core product we all like and want to see improve
9rx•1h ago
Building software users like doesn't make for a good business model. Especially if that model has to satisfy VC.
dbushell•1h ago
tptacek•1h ago
Seems straightforward?
I think if you don't have friends working at e.g. big banks or whatever, you might not grok just how nutty it is to try to run simple agent workflows.
Bluecobra•54m ago
As someone who is on the other side of the fence on this and trying to keep the network secure and preventing data exfiltration there could be a good reason for this. More often than not we have folks doing all kinds of crazy things and ignore what’s in the handbook. For example we had someone who didn’t like MFA for remote access and would use Tailscale to have a remote permanent reverse proxy to their homelab to do whatever work they were doing. What’s funny is that we are not BOFH’s and would have helped them setup whatever they need had they just sent us an email or opened a ticket.
tptacek•48m ago
* Security/risk teams have coherent, sensible goals for managing access
* The technology stack they've landed on makes those goals performative; so complicated that they can't even express their most important goals, so annoying that users route around it
* What's needed is a radically simplified approach that centers end-user experience (particularly around onboarding).
I'm not saying banks are crazy to want to control LLM usage (I'm not bullish on it long-term either, but I see the issue), just that the systems I've talked to friends about them using today are batshit, ranging from "foundation lab shmoundation lab we'll just do our own models" to "OK you can operate in 2025 but only in a Citrix terminal".
notepad0x90•1h ago
_pdp_•59m ago
sauercrowd•29m ago
No idea how this is solved at the moment, so seems like a smart step
scottyah•7m ago