How do you handle the do-before-thinking devs? Or the kinda low-to-mid performing devs? Most companies has one or a few of those, right? They help the company machine go around by doing the somewhat boring stuff over and over again.

Tailscale in a company/developer env seems awesome when you know what you are doing and (potentially) terrifying otherwise.

Does someone set up detailed ACLs for what's allowed? How well does that work?

▲

madeofpalk 5 hours ago | parent [-]

> How do you handle the do-before-thinking devs?

Isn't that exactly what tailscale is built to accommodate - zero trust?

You set up ACLs and other permissions to not allow people to do more than the damage you can tolerate.

▲

nickburns 4 hours ago | parent [-]

Zerconf ≠ zero trust. The difference could not be more material in this context.

▲

tonyplee 3 hours ago | parent [-]

If both sides of your ssh tunnel (pub,private keys) are under your control, in theory, that's "zero trust".

Unless one considers the meta data such as src/dest IP are visible to Tailscale sw.

Right?

	▲	nickburns 3 hours ago \| parent [-]
		'Zero trust' has a technical definition that's not really relevant here. See: https://en.wikipedia.org/wiki/Zero_trust. The concept is separate from 'zero config' (https://en.wikipedia.org/wiki/Zero-configuration_networking), which Tailscale's low technical barrier to entry evokes.