1. 20
  1. 3

    Tailscalar here. I didn’t tick “I’m the author” because I’m not actually the author of this doc. But I am from Tailscale. I’m not certain what the correct etiquette for this is, but I do believe this is a genuinely interesting piece of technology so I thought I’d try sharing it.

    1. 1

      webdesign feedback: the ToC on the right is longer than a screen height for me, but not independently scrollable - I need to scroll the entire page towards the end for the ToC to scroll too and reveal the last few entries.

      1. 1

        I am not sure if this is the right place to bring this up, it’s certainly not related to the posted link, but has there been any work into improving the energy efficiency of tailscale? Tailscale significantly affects my macOS/iOS devices’ battery life. I know that part of the problem is with Go itself, the Go runtime is not optimized for mobile devices, but still…

      2. 3

        In “Enabling tailnet lock”, I was surprised that there wasn’t a step that said “The control plane holds the AUMs until the adminstrator approves the change through the UI.” This adds an explicit check-in point where you know the control plane cooperated with you.

        Recovering from compromise… obviously, advanced tooling here is a nice to have, but for now you can just bail people out by talking to Support to walk through the forking process.

        Thinking about the TOFU thing… have you considered adding something like $ tailscale metrics that would dump the node’s status in Prometheus format? Add the lock status and latest AUM to the metrics, bring your own collector, and then apply existing solutions to alert on split brain.

        $ tailscale metrics
        ts_tailnet_lock_enabled 1
        ts_tailnet_lock_last_aum[hash="A4D24..."] 1
        1. 1

          minor nit: CBOR is the encoding format, CBOR2 is a python implementation. Great read.