Hacker News new | past | comments | ask | show | jobs | submit login

How does using Nebula instead of Tailscale protect against bugs of this variety?



Nebula doesn't really have a control server of this sort, it largely uses a CA to do the node authentication and a coordination server that helps nodes get introduced and NAT bust, more like the DERP server for tailscale.

The Nebula equivalent of this would be the Defined Networking folks, who do run a control server more akin to Tailscale. They say they are moving slow to focus on security, and I haven't heard of vulnerabilities like Tailscale, but also I think Defined Networks is much, much smaller in terms of users, so it may be a time will tell situation.

They both seem to have pretty smart folks.


Nice thanks! Time to check out Nebula/DN.


IMO it's more about agency. With SaaS people think "they had a bug and there's nothing I could have done to prevent it or expedite the fix" but with on-prem software they think "once I discover a bug I can whip my people to have it fixed within an hour". This is not true of course.


Agreed! Was wondering if I'd missed something. On-prem is useful, but building competency with a technology can be painful and takes time.


And then there is the realists take with running your own: OH F*K. Another bug I have to deal with.


Its so hard to set up that exploits are unlikely :)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: