I live in an old stone farmhouse with my office in a stone garage across a nice poured concrete driveway. There's wires from A to B under all that, but nobody except an unknown electrician from the 80s could tell you even where they come out at either end.

Powerline kinda worked, with crap download speed and just abysmal upload (0.1mbps max), and I limped along with it for years.

When we upgraded to Fibre, that left the old phone line spare, and as luck would have it went straight from the office to the router cabinet in the house. But 80s electrician guy didn't use Cat5, so my genius attempt to use it as ethernet cable ended up slower than the powerline.

My eventual solution was a crazy powerful point-to-point wifi beam blasting straight through the 3 foot thick stone wall to a receiver in the garage below the office. It sets birds on fire from time to time if they fly through it while Helldivers is downloading an update, but it gets the job done.

Still, I might look in to getting one of these things as an upgrade.

Thanks for the writeup!

You can do ethernet cables outdoors from your router in your house to your router in your office. Either thin cables that go under doors, or outdoor rated ones, both can work fine.

This same approach can work inside a house as an alternative to mesh networking or running cables through walls. The cables don't have to be invisible (underground or in walls) when you have tough constraints, unless you want them to be.

And then there are still those six feet of stone that needs drilling through to get the cable outside and back in.

Search for "cable protector ramps"

> And then there are still those six feet of stone that needs drilling through to get the cable outside and back in.

Thin cables designed to run under doors or windowsills are an option. Search for "flat ethernet cable"

It seems like you prefer your setup for good reasons, and these solutions above are both ugly, but I still wanted to note to others reading this that workarounds exist.

It's just that almost anything is better than wifi in concrete/stone houses. I can see point-to-point outside with an unobstructed view being reliable enough. But point-to-point through 3ft of concrete is [HN is a neglected Xennial hobby and doesn't support emojis]!

Certainly worth reconsidering wired when that P2P hardware goes EOL.

I've worked with DB people and running lines under driveways for telco and cableco is BIG business and they will not find your request to bury fiber or cat5 to be even remotely unusual.

The bad news about directional boring is they usually want "like a kilobuck" just to show up. Its a lot of heavy equipment and a lot of dudes to operate it all.

The good news is if they're already down the road they'll come by and bore for like $20/foot because its a small job (usually they only charge $10/foot for long runs)

Permitting depends a lot on where you live, some places treat it as a cash cow and they will brutally milk you, others don't require a permit at all. The equipment takes up a fair amount of space on each side, probably more than you'd expect. Scheduling is like dealing with an arborist. "OMG I need this partially collapsed tree removed immediately its an emergency I have homeowners insurance please arrive in the next hour" well thats multiple kilobucks "Meh please remove this tree sometime and I don't care when" well thats like $250, probably less if cash.

I've seen people spend thousands of dollars on DB or crazy laser/wireless comm gear to avoid spending hundreds of dollars on a stone mason. Try not to pay someone to DB under a stone wall, its usually cheaper to hire a stone mason twice and he will leave the wall in better condition than before you started. All masonry is temporary unless its maintained. Similar logic might apply to driveways, most concrete cracks so if you're hiring a guy to fix the crack you may want to bury a conduit before he fixes it. Replacing an entire driveway is expensive, replacing a sidewalk sized path is surprisingly cheap. If you want sidewalk poured (like for a walkway in your garden or around a swimming pool) its about $50/foot and a driveway would have to be thicker and better prepped, but the section could be narrower than a sidewalk. The point being don't accept a DB bid over $50/ft because its cheaper to replace the concrete at $50/ft.

The there are also smaller hydraulic ram tools designed for pushing a pipe under a driveway.

Incidentally, what does "DB" mean in the above?

20 years ago when they were putting fiber in all over the place here, they would bore around a whole cul-de-sac in one go. In several cases breaking every water service line on their way through.

https://en.wikipedia.org/wiki/Directional_boring

"Technical" isn't the issue. 200 year old stone houses are the issue. If you can't punch through it with wifi (and thus have this issue), I expect you're not going to be able to poke a cable through either.

For an example, to get from my house router to my office, you'd need to punch through a 3 foot cobble & mortar wall, trench across 30 feet of poured concrete (and tidy it up somehow), punch through another 3 foot thick stone wall, then "pull cable" up to the office. There's an old phone line from A to B that went in 30 years ago when the place was first renovated, but you can tug on it all you like and it's not going anywhere.

If I'd seen this article a few years ago, my life would have been a lot easier.

It is the same when fiber is installed in an old house, you usually reuse tv antenna/phones entries/guides and exit holes.

Fortunately, (as I mentioned in another thread,) I got a powerful enough point-to-point wifi connection to blast through the stone walls and get decent results.

Phone: I know you probably opened your phone for a reason, but would you mind signing in to iCloud? [OK] [Maybe Later]

Me: Maybe Later.

Phone: Ok, but would you mind signing in to iCloud? [OK] [Maybe Later]

Me: Maybe Later.

Phone: Ok, but would you mind signing in to iCloud? [OK] [Maybe Later]

... repeat infintely until...

Me: Ok. [Then find the little arrow in the top left corner to get back to phoning].

Extra points for immediately locking my AppleID every time I finally break down and type my password in, forcing an email => browser "unlock your appleID" journey.

Some days I go through this whole experience four times in a row before it finally settles down. Then I make the classic blunder of opening one of my iPads and the whole thing starts again on both devices.

I assume it's just their form of blackmail to force me to upgrade to their 2FA thing so that they can finally lock me out of my old devices for good.

https://valtima4.com/

It's the Survival Crafting RPG you would have played on your Apple II back in the 80's.

You can think of it as Valheim's gameplay crammed into the tile-based ui of the old Ultima games.

It has a procedurally-generated open world with towns and NPCs to talk to, all the resource gathering, mining, crafting stuff you'd expect in a modern survival game, and some good old fashioned dungeon crawling to boot.

I've been working on it off and on for the last several months. Let me know what you think!

Just wanted to let you know that for me, on FF and Chrome, your blog is rendering rgba(235, 235, 235, 0.64) text on white BG, and I'd really like to be able to read it.

Edit: Also immediately reminds me a bit of UnReal World[1], in a good way

[1]: https://en.wikipedia.org/wiki/UnReal_World

And thanks for the rgba value. It looks like a vestigal remnant of a dark mode theme that got pulled along over the years. A fix is working its way out to the server now.

Automatic de-duplication of photos with the same name

I recently went through a year’s worth of photos from my wife’s phone, and found three distinct “img_0001.jpg”’s just in that single year. Apple’s naming convention is so short sighted that I’d be terrified letting a piece of software try to dedupe it “by name “

No, it is not. It came from DCF standard that predates smart phones.

https://en.wikipedia.org/wiki/Design_rule_for_Camera_File_sy...

I'm running this on my icloud photos now, and it seems to be dropping them nicely into folders by year and month:

D:\Pictures\icpd\2026\01\01

... so my wife will need to step up her game and start taking 10,000 photos a month before I run afoul of this.

There’s already a style attribute on every html element that does exactly that, and works fine in components.

“There must be something more…?” But it turns out there’s not. Just shorthand class names to save you having to type padding-left:4px

> on large screens

> in dark mode

> when hovering

> bg should be red-500

The above is an unrealistic example, but, you can't achieve that with the style attribute. You'd have to go into your stylesheet and put this inside the @media query for the right screen size + dark mode, with :hover, etc.

And you'd still need to have a class on the element (how else are you going to target that element)?

And then 6 months later you get a ticket to change it to blue instead. You open up the HTML, you look at the class of the element to remind yourself of what it's called, then you go to the CSS looking for that class, and then you make the change. Did you affect any other elements? Was that class unique? Do you know or do you just hope? Eh just add a new rule at the bottom of the file with !important and raise a PR, you've got other tickets to work on. I've seen that done countless times working in teams over the past 20 years - over a long enough timeline stylesheets all tend to end up a mess of overrides like that.

If you just work on your own, that's certainly a different discussion. I'd say Tailwind is still useful, but Tailwind's value really goes up the bigger the team you're working with. You do away with all those !important's and all those random class names and class naming style guide discussions.

I used to look at Tailwind and think "ew we were supposed to do CSS separate from HTML why are we just throwing styles back in the HTML". Then I was forced to use it, and I understood why people liked it. It just makes everything easier.

Front end development got taken over by the Enterprise Java camp at some point, so now there is no html and css. There’s 10,000 components, and thus nothing that can be styled in a cascading way.

All these arguments are just disconnects between that camp and the oldskool that still writes at least some html by hand.

When I get sucked into react land for a gig, it starts making sense to just tell this particular div tag to have 2px of padding because the piece of code I’m typing is the only thing that’s ever going to emit it.

Then I go back to my own stuff and lean on css to style my handful of reusable pieces.

The jerks get their free things for a while, then it goes away for everyone.

And out of curiosity, aside from costing more for some people, what’s worse exactly? I’m not a heavy GitHub user, but I haven’t really noticed anything in the core functionality that would justify calling it enshittified.

Probably the worst thing MS did was kill GitHub’s nascent CI project and replace it with Azure DevOps. Though to be fair the fundamental flaws with that approach didn’t really become apparent for a few years. And GitHub’s feature development pace was far too slow compared to its competitors at the time. Of course GitHub used to be a lot more reliable…

Now they’re cramming in half baked AI stuff everywhere but that’s hardly a MS specific sin.

MS GitHub has been worse about DMCA and sanctioned country related takedowns than I remember pre acquisition GitHub being.

Did I miss anything?

As for how the site has become worse, plenty of others have already done a better job than I could there. Other people haven't noticed or don't care and that's ok too I guess.

Reading the Reddit for the game, filled with people complaining that the portal system is too restrictive and forces them to make upwards of three long boat trips over the course of the game is a bit sad. It’s as though they expect the fun to happen when they finish everything, but the fun all happens while you’re actually playing the game.

Can anybody explain what Tailscale is, does, or why everybody seems to have it?

Looking at their website, it’s just a huge wall of business jargon. Really! Read it. It’s nothing but a list of enterprise terminology. There’s a “how it works “ page full of more (different) jargon, acronyms and buzzwords, but no simple explanation of why everybody on this thread seems to be paying money for this thing?

Any help? Should I just pay them my $6/month and hope I figure it out at some point?

It also handles looking up the IP address of your "nodes" through their servers, so you don't need to host a domain/dns to find the WAN IP of your home network when you're external to it (this is assuming you don't pay for a fixed IP).

Most people put an instance of it on a home server or NAS, and then they can use the very well designed and easy to use iOS/mac/etc client to access their home network when away.

You can route all traffic through it, so basically your device operates as if you're on your home network.

You can accomplish all of this stuff (setting up a VPN to your home network, DNS lookup to your home network) without Tailscale, but it makes it so much easier.

It can do way more than just being a VPN-to-home, but that's how most users use the free part.

If this is on Tailscale, you can just ask people to install tailscale client and login using one of the IdP, then ask them to accept the node you shared to them, and they can immediately access the server.

The alternative would be 1) sending VPN configs over and maybe also configure their VPN client for them, or 2) expose the service on the Internet protected by some OAuth proxy which really only works for web apps. Neither is easy/trivial.

Encrypted overlay network based on wireguard tunnels, with network ACLs based around identity, and with lots of nice quality-of-life features, like DNS that just works and a bunch of other stuff.

(Other stuff = internet egress from your tailscale network ('tailnet') through any chosen node, or feeding inbound traffic from a public IP to a chosen node, SSH tied into the network authentication.

There is also https://github.com/juanfont/headscale - which is a open source implementation of some of tailscale's server side stuff, compatible with the normal tailscale clients.

(And there are clients for a very wide range of stuff).

It is simply a managed service that lets you hook devices up to an overlay network, in which they can communicate easily with each other just as though they were on a LAN even if they are far apart.

For example, if you have a server you'd like to be able to SSH into on your home network, but you don't want to expose it to the internet, you can add both it and your laptop to a Tailscale network and then your laptop can connect directly to it over the Tailscale network no different than if you were at home.

But notice how you just did a much better job of explaining what this thing does without using any jargon at all. The jargon helps if everyone already knows what you’re talking about. It hurts if anyone doesn’t.

That’s what I’m poking fun at. There’s a trait in lots of engineers I’ve worked with over the years to be almost afraid to talk about tech stuff in layman terms. Like they’re worried that someone will think less of them because they used words instead of an acronym. Like they won’t get credit for knowing what a zero trust network is if they describe the concept in a way that regular people might understand.

One of those guys was certainly in charge of this company’s website copy.

There was plenty of jargon and acronyms like LAN and SSH. You're just used to those ones.

Since this is HN, it’s almost expected the participants here would either know the terms, or at the very least be able to find out what they mean on their own and realize it’s not made up jargon but rather common industry terms.

Tailscale is not trying to sell to the average buyer, it’s trying to sell to a specific audience.

I've been trying to get a definition of zero trust at $client from the security people who are pushing tools onto our platform, so we can have an honest conversation around threats and risks, and finding the best balance of tools, techniques and processes to achieve their desired outcomes.

Unfortunately, it seems like everybody just want "zero trust" because a vendor sold them on that idea and they gave money to the vendor, so now there's the need to justify that expense and "extract value" from the tool - even if it may in fact be worse than the controls that are already in place.

Install it on all the machines you want. When you are running it on the machine, it is networked to the other machines that are running it. Now make an 'exit node' on one of those machines by selecting it in the UI, and all your gear can access the internet via that exit node. Your phone can run it. Your apple tv can run it. You can have multiple exit nodes. So you can have a worldwide network and not once did you have to open ports in firewalls etc.

The two problems I have with zerotier are:

1) It's supposed to let a mobile device like an Android tablet route its traffic through zerotier (functioning as a VPN to my home site, in this case). However, I've never got that to work. It's running, but doesn't affect anything network-wise for the other applications (unlike running e.g. openvpn on it)

2) On a couple of computers with specific routing set up to various destinations, when Zerotier runs it simply blocks all of that and there's no way for me to continue accessing anything else than the Zerotier network. No fiddling with routing tables etc. changes any of that. On other computers, also some running OpenVPN, Zerotier does not interfere. I've never figured out what causes this.

So, in short, I'm pondering if I should ditch Zerotier and try Tailscale instead. If it does the same - I simply want a way to connect my devices, but I also don't want to lose total control over routing. For mobile devices I would want full VPN, for computers I don't. Edit: So, I'm both after connecting my multiple networks, as well as VPN'ing certain things or devices through another location.

Thanks for any input on this.

My last gripe is more niche, but I found Zerotier's single threaded performance to be abysmal, making it basically unusable for small single core VMs. My searching at the time suggested this was a known bug, but not one that was fixed before I switched to Tailscale. Not impossible to work around, but also the kind of issue that didn't endear the product to me or inspire confidence.

Tailscale and ZT are not the same. ZT can do certain things that TS can't. One example is acting as a layer 2 bridge. Or a layer 3 bridge. TS can do neither. It can achieve mostly similar results though.

ZT can be a pain to setup. TS is a breeze. ZT's raw performance is quite poor. TS's is usually very good.

If I understood you correctly, you want both a way to access your home LAN when you're out - this is easy. Set up a node with NICs on the LAN subnets you want access to (I run it on my router), and configure the TS node to announce routes to those subnets. Install the TS client on your laptop and mobile and accept those routes. Job done.

If you also want to mask your egress - i.e. reach the Internet via your home network as if you were there - then you need a node (can be the same as above) configured to act as an Exit Node. When you want one of your devices to use this, just select the appropriate exit node. Job done.

I think I understand what it does now. So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?

If you go to https://tailscale.com/pricing?plan=personal

The first plan on the left called 'Personal' is free.

It uses a central orchestrator which is what requires you to sign up. If you prefer to self host your orchestrator you can look into Headscale, an alternative that seeks to be compatible with the clients.

> So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?

That's one thing you can do with it, yes. You can also run custom DNS entries across it, ACLs, it is very flexible.

A less hostile website design would have (again) saved me a question.

Sorry, but try a little harder. Tailscale isn't hostile, but it seems you are -- you claim to think you need it, but don't know what it does and can't put in the effort to determine and foist those inabilities on Tailscale?

I've been using Tailscale for many years now and they have a terrific product.

It's especially handy if you want a secondary way in, in case you have problems connecting using wireguard, since it supports using a relay if you're stuck in a hotel with a heavily restricted connection.

If you run DNS at home, you can even configure it to use your home DNS and route to your home subnet(s).

Install the tailscale client on each of your devices.

Each device will get an IP address from Tailscale. Think about that like a new LAN address.

When you're away from home, you can access your home devices using the Tailscale IP addresses.

Wireguard is not that hard to set up manually. If you've added SSH keys to your Github account, it's pretty much the same thing. Find a youtube video or something, and you're good. You might not even need to install a wireguard server yourself, as some routers have that built in (like my Ubiquity EdgeRouter)

Tailscale does use Wireguard, but it establishes connections between each of your devices, in many cases these will be direct connections even if the devices in question are behind NAT or firewalls. Not every use-case benefits from this over a more traditional hub and spoke VPN model, but for those that do, it would be much more complicated to roll your own version of this. The built-in access controls are also something you could roll your own version of on top of Wireguard, but certainly not as easily as Tailscale makes it.

There's also a third major "feature" that is really just an amalgamation of everything Tailscale builds in and how it's intended to be used, which is that your network works and looks the same even as devices move around if you fully set up your environment to be Tailscale based. Again not everyone needs this, but it can be useful for those that do, and it's not something you get from vanilla Wireguard without additional effort.

I like to think of it as a software defined LAN.

Wireguard is just the transport protocol but all the device management and clever firewall/NAT traversal stuff is the real special sauce.

That’s such an elegant way of putting it that they should use it in their marketing.

Tailscale is "just" managed Wireguard, with some very smart network people doing everything they can to make it go point-to-point even with bad NATs, and offering a free fallback trustless relay layer (called DERP) that will act as a transit provider of last resort.

1) download Tailscale 2) install 3) log in with Google account

done. It doesn't matter if they're on Windows or MacOS.

It also doesn't constantly try and ram any paid offerings down your throat.

I was originally put off by how much Tailscale is evangelised here, but after trying it, I can see why it's so popular.

I have my Ubuntu server acting as a Tailscale exit node.

I can route any of my devices through it when I'm away from home (e.g. phone, tablet, laptop).

It works like a VPN in that regard.

Last year, I was on a plane and happened to sit next to an employee of Tailscale.

I told him that I thought his product was cool (and had used it throughout the flight to route my in-flight Wi-fi traffic back to the UK) but that I had no need to pay for it!

What am I missing?

I checked, and Tailscale only allows a single Owner [1], so it would still be pretty disastrous if the Owner account was suspended by the single sign-on organisation.

[1] https://tailscale.com/kb/1138/user-roles#owner

So almost like SSO being the paywall for some enterprise apps.

So much for resilience.

Tailscale allows devices that can access the Internet (no matter how they access the Internet) to see each other.

To do that, you create a tailscale network for yourself, then connect your devices to that network, then your devices can see each other. Other devices that are connecting to the Internet but not to our tailscale network won't see your devices.

AI might explain it better :-) Don't know why I wanted to explain it.

Nothing that a network guru or even a sufficiently motivated hacker couldn’t do on their own, except that the maintenance is practically zero for the personal user and it’s actually easy enough for a very nontechnical person to use (not necessarily to set up, but to use), perhaps with a bit of coaching over the phone. Want to use a different exit point for your traffic? It’s a dropdown list. Share a file? Requires one config step on the client for macOS, once, and then it’s just in the share menu. Windows, Android, iOS are ready to go without that. Share whole directories? Going to require some command-line setup once per shared directory, but not after that.

There are features that are much more enterprise-focused and not as useful for personal stuff, but everything above is in the free version.

I’m not in tech at all, professionally, and never have been. I’m savvy for an end user - I can install Linux or a BSD, I can set up a network, I can install a VPN myself to get back to my home network - but I would never, ever call myself anything more than an interested layman. I probably could figure most of this out on my own, if I had to. Thing is, I don’t have to. It’s more than just Wireguard in a pretty wrapper.

Try it. It won’t take long to figure out why so many people here like it, even if you may not want to use it.

In my mind Tailscale was primarily to expose local services but answers here sound a bit as if people used it as a VpN replacement.

If I do not want to expose local services but only protect me and hide from untrusted WiFi, would I better use a traditional VPN or Tailscale?

My thinking is that Tailscale could be the better VPN because they have a clean business model while pure VPN companies are all shady.

VPN companies aren't really in the business of selling VPNs. They sell proxies, especially proxies that let you appear to come from some country, and you typically connect to the proxy using the VPN functionality (particularly if you're using a consumer device instead of a laptop), but often you can use SOCKS5 instead.

Tailscale isn't in the business of selling proxies.

You might be thinking of tailscale funnel:

https://tailscale.com/kb/1223/funnel

Which is nice, but still a beta feature. Tailscale itself is indeed a mesh VPN that lets you connect all your devices together.

> If I do not want to expose local services but only protect me and hide from untrusted WiFi, would I better use a traditional VPN or Tailscale?

It does NOT by default route all your internet traffic through one of its servers in order to hide it from your ISP, like the type of VPN you might be thinking of (Mullvad, ProtonVPN etc.).

Though you CAN make it route all the traffic from one of your devices through another, which they call an 'Exit Node'. They also have an integration with Mullvad, which allows you to use Mullvad servers as an exit node. Doing that would be identical to just using Mullvad though.

I run a tailscale exit node on an anonymous vps provider to give me a similar experience to a consumer vpn.

I personally use Pangolin, which is similar https://github.com/fosrl/pangolin

If you want to self-host, use NetBird instead.

They even manage to squeeze some FUD into the opt-out toggle's name.

[0] https://youtu.be/sPdvyR7bLqI?si=2kIpHtNuJ52jEdmm

Their personal free plan is more than enough.