They may, but that doesn’t mean that the capacity disappears. It may require some assumptions about USG willingness to backstop an acquisition but it’s not a significant leap to think that the generation capacity remains in (more capable?) hands.
Speaking of capacity, what happened to all the "dark fiber" that was supposedly built for Internet 2 or whatever? The fiber doesn't go away just because a bubble burst, right?
I love tailscale's technology and their contributions to the security ecosystem, but I can't help but take a contrarian angle to many of the comments here...
This feels like a bad idea, and perhaps it signals defeat in the enterprise space (where the tech would provide the most value, imo). Tailscale raised $100M last year, surely based on a theory of growth upmarket. While this partnership surely provides value to personal consumers, it feels, at best, a distraction from the larger opportunity and, at worst, counterproductive to achieving it.
I'm skeptical of the obvious counterpoint that this assists a flywheel of greater b2c satisfaction leading to b2b success...
> I'm skeptical of the obvious counterpoint that this assists a flywheel of greater b2c satisfaction leading to b2b success...
Okay. But it does? Our stats continue to show that making nerds happy (we're also nerds) leads to more corporate sales. (https://tailscale.com/blog/free-plan/ etc)
So if we can make something that we want ourselves and our friends and fellow nerds also like, and that also then leads to more corporate sales... why not?
Anecdata: It directly lead us (Instacart) to try and then adopt Tailscale. Many of us had used it at home and were happy nerds. This gave it a huge initial leg up vs other "enterprisey" VPNs when we were in the evaluation stage.
Tailscale sold itself after that. The docs were excellent and it really is simple to use and run. I was able to do a full PoC in day and prove that I could join all of our environments and clouds into one VPN and have DNS resolving correctly everywhere.
I appreciate the response - great blog post. I don't doubt this works for certain companies and components of the ecosystem; it worked for Dropbox (at least for a long time).
Tailscale is clearly a superior product to it's competitors and I have regularly recommended colleagues and clients to evaluate whether it fits their needs. However, unfortunately, that is frequently not enough to "win" in the crowded and bureaucratic enterprise software space.
I would love to be proved wrong here and wish you the greatest success!
Say you were a county social services department. You wish to use Tailscale to microsegment federal tax data (subject to IRS 1075 safeguards requirements) relating to your child support unit from other traffic (say Medicaid enrollment) which does not have that requirement.
I’m pretty confident that you would draw an audit finding for that reason with a pure tailscale solution. (I also think that’s bullshit.)
1075 does not appear to require that access VPNs use FIPS cryptography. Arguably, it would if you were relying exclusively on WireGuard for data protection, but it's uncommon for people to do that (we're WireGuard true believers and we do in places depend on WireGuard authentication and encryption for our security model, but it's a weird enough thing to do that we notice it when we do it).
At the time we looked at it for a client, in an audit, certain aspects would be at the discretion of the auditor. They are typically pragmatic about this stuff.
That said my original statement was too broad. It’s not an “enterprise” issue, more use case dependent in regulated scenarios.
A lot of B2C VPNs position themselves as kinda sketchy and anti-corporate.
If the cops or the MPAA come calling, we'll tell them to go to hell. Netflix blocks our servers? We'll set up new ones. Accused of torrenting? We didn't see anything, and we don't know who you are either. We're incorporated in a jurisdiction that makes us almost impossible to sue. We've got 4 employees, and not a single clothes iron between us.
B2B VPN products often have the opposite market positioning - straight-laced, trustworthy stuff. Absolutely not claiming to be difficult to sue. We've got 50+ employees, all of them wear shirts and some even wear ties. And suppliers like cloudflare are more than happy to help you MITM all your employees' https traffic, in the name of "security".
These just seem like positions in the market that are very hard to reconcile.
Cloudflare is on a somewhat interesting position. They are known for negative about banning copyright violation or controversial contents (than competitors), but also provides enterprise solutions.
> They are known for negative about banning copyright violation or controversial contents (than competitors)
They're required to do the former (and Switter) by American laws, and for the latter: they banned the Daily Stormer, 8chan after a terrorist incident, and Kiwi Farms after their members called for open violence. It's not hard to see why these three got banned, inciting violence is not covered by "free speech".
A lot of the people making purchasing decisions to acquire products like Tailscale are in security departments and have a very low opinion of Mullvad (VPN of choice for all kinds of abusive/fraud/hacking traffic).
I have a high opinion of them, one of the few VPN services I would trust not to give in even to governmental pressure. I firmly believe they would shut down their service before the compromised user privacy. That is very commendable
Are you a CISO or otherwise have that purchasing power? I’ve found that CISO types hold opinions that are not usually met by ground floor or even middle management folks.
Why would this affect the security of someone adopting Tailscale? It's not like partnering with Mullvad makes it easier for hackers/fraudsters/etc to attack a Tailscale user. Maybe I'm an idiot, but I would assume that 'hackers/fraudsters trust it' probably means that they do a decent job of respecting privacy?
What is the VPN service you think people (people on HN, say, not YouTube) have a high opinion of?
Mozilla is rebadged Mullvad. Proton might be ok. Everything else (Nord, Avast, Express, ...) is YouTube sponsor trash, Mullvad's the gold standard afaik.
Cloudflare Warp, WindScribe, and iVPN are decent. But given the ubiquity of DoH and the roll out of HTTP3/QUIC + Encrypted Client Hello, no VPN might serve just fine, too.
>(VPN of choice for all kinds of abusive/fraud/hacking traffic).
This is a pretty bad take. With your logic anything pro-privacy like Signal/Matrix etc would also be "x of choice for abuse/fraud/hacking etc" and thus shouldn't be used.
tailscale has many employees, adding a small patch to wireguard client programming and strapping in mullvad account provisioning seems like a very small amount of effort for a pretty cool feature that also earns some recurring money from the hitherto freeloading nerd customers.
Point well taken. My comment was primarily based on two other factors:
a) the strategic signal it sends re developer resource allocation and
b) the market signal it sends, selling a security solution while partnering with a company (not a knock - I've been a mullvad customer!) that provides solutions which are frequently used to bypass compliance/regulatory controls.
I think Tailscale going after 3 wildly different market segments (hobbyists, smb/teams, enterprises) [0] is why we're likely to see more such features, not less.
It doesn't sound like that's a big distraction for Mullvad as it seems most of the actual changes are done on the Tailscale side, enabling users to use Mullvad proxied through their setup.
Partnering with similarly aligned organizations like Tailscale and Tor seems like a good way of increasing the userbase without engaging in sketchy business models like the rest of the VPN competition.
> I'm skeptical of the obvious counterpoint that this assists a flywheel of greater b2c satisfaction leading to b2b success...
This past summer I quit my job as Engr #3 of a startup. While there, I desperately tried to convince 1+2 that we should use tailscale instead of rolling our own VPN with wire guard and EC2. Couldn’t do it. The product was too magical and everyone was suspicious. I use it at home and tried very hard to make the case.
This feels more like a long term investment in breaking the “mesh” basis for their product. IMO it’s part of the magic and partially a problem. I couldn’t explain the security model for the mesh (as an outsider), and according to some comments it seems like it causes battery issues on mobile devices.
They've been, over the past year, putting a significant amount of work into fixing the battery life issues. It is largely resolved for me, and it seems according to a recent article the vast majority of their users.
This also has to be a nightmare for speed. Making two separate tunnels, then browsing the internet through them? Streaming or using virtually anything other than static HTML pages would be a pain.
Mullvad servers are fast enough. On some occasions, I can only connect to Mullvad through 3 hops. Me -> Chinese VPS -> DigitalOcean VPS -> Mullvad. I can still stream YouTube just fine (1MiB/s)
Context: during government meetings in a particular region, their network policies would become more restrictive so that it’s only possible to connect to Chinese IPs. Chinese VPSs are exempt but cannot connect to Mullvad directly due to a Fortinet rule. Connections are done with a mix of Trojan-gfw, xray, and WireGuard
I think they announced their IP plans yesterday [1], which is probably the worst timing one can have (if there even is a good timing for a datacenter burning down, probably there isn't).
If they have a good insurance I'm confident this will have little impact on their operations, I really hope they do. I host a few components on OVH/SoYouStart dedicated servers, luckily not mission critical, but still had rather good experience with them, especially in terms of price to performance.
> The publicity damage alone will be on par with (if not bigger) their replacement costs. I wouldn’t be surprised if they had to rebrand.
Honest question: which publicity damage?
A fire in a datacenter is very much part of the things you should expect to see happen when you operate a large number of datacenters and will obviously cause some disruption to your customers hosting physical servers there.
Provided the disruption doesn't significantly extend to their cloud customers and doesn't affect people paying for guaranteed availability (which it shouldn't - OVH operates datacenters throughout the world), this seems to me to be an unfortunate incident but not a business threatening one.
Most people I feel would expect fire suppression to kick in and prevent the whole data center (and the adjacent ones) from catching on fire. The fact that it didn't is concerning regarding their operations since they build their own custom data centers. The fire isn't the issue, how much damage it did is the issue. So one can ask if there was there a systematic set of planning mistakes of which this is just the first to surface?
I think the key to these situations is remembering that others are just as likely to forget your name as you are to forget theirs. Thus, when seeing someone whose name I've forgotten, I always lead off the conversation by reintroducing myself (without asking for their name).
This often prompts a reintroduction by the other party and will soothe their anxiety if they've forgotten your name as well.
