Tbh I don't understand the need for games in web assembly. Is it really worth the effort developing an environment for games that runs in the Webbrowser when installing a game through steam or the play store is already very simple and quick

I agree. There should be a process in place for checking if changes are ready to be rolled out, and one of the checks should be a working prototype implementation, that is open source, that shows that running your systems can still be managed.

42

Yes, a move to static IPv6 addresses everywhere would help a lot.

Why is that smart? I signed up for a Microsoft Account with my email and I can use Microsoft Account to log in to Tail scale but I can't use the email directly? How does the middle man bring anything to the table?

Because then tailscale doesn’t store a username and password for you, so unless microsoft is hacked you won’t be- theoretically.

If I have to spin up a keycloak instance (you forgot to say on a public-facing data center that runs 24/7) to use a single service I would usually signup with an email and password, I might as well spin up my private vpn server.

yep!

Or use a login system you already have.

but at the same time, now Microsoft knows you are using Tailscale (and they use this data in their tracking + analytics). And all the other products. They get a very good insight of your online habbit, because they have a list of all other products and apps you use where you sign in with your microsoft account. And due to the way token refresh works, they even have a good idea how frequently you use each individual one.

And if you for whatever reason get locked out of your microsoft account (and I say this as someone who had this happen with a Google account) your are basically locked out of your online life.

I own my own domain for my email address (xxxx@mydomain.com). As long as I can set the MX record of that domain freely, I can always restore access to my email adress no matter what any email provider decides to do or block me for.

sure, then spin up a keycloak.

Its not hard.

If you don’t feel comfortable doing so: maybe that is telling.

What are you on about. For years logging in with email was possible even on the most amateurish projects. Now that's not possible for tailscale? Why

Because they don't want your password and as a security company, I applaud that.

Account issues, recovery, support that can be manipulated, a single breach or bad password that grants access to their admin interfaces, implementing their own 2FA.

And, serious people want SSO anyway, and most people have some kind of authentication they can lean on.

You can make a stodgy password login if you want, or you can run a keycloak yourself.

If you don't want to run an OIDC provider for yourself, why would you want them to?

Genuinely I applaud the idea that they're SSO first, and have as little information as possible to handle things. If you don't like it; well, run your own, run headscale - or, use wireguard another way.

Not every company needs their own login system. I fucking hate it.

Microsoft was hacked before and I don't trust them but I trust the email provider at the company I work for now what

Microsoft getting hacked proves my point more than you think, they're less likely to get hacked now because they have scar tissue. You're basically saying: "If you ever get hacked your reputation is burned forever, but I want these guys who have never done it before to handle logins for me even though they are saying that they are not comfortable with the extra responsibility". Get over yourself.

If you trust your email provider: Ask them to set up an OIDC provider then.

Email is insecure. I can't be the first person to tell you this.

Multiplying your logins is not more security, it's less in the majority of cases.

Thank God Microsoft never got hacked

> NAT/STUN world you were trying to avoid

The clean way to build this is with firewall configuration, opening ports, and static IPs. NAT/STUN and dynamic IPs are just a hack and I don't understand why people pretend this is an acceptable solution for professional networking. Working around an infrastructure that isn't a natural law but can be changed at our will seems like a big waste of time.

> I don't understand why people pretend this is an acceptable solution for professional networking

Because it IS acceptable for many cases.

Many businesses don't operate in such a way as to have centralised infrastructure solely for providing internal networking, nor would they want to add the additional administrative or unnecessary routing overhead.

Even locations that would traditionally be considered highly centralised often have some form of dynamic network fabric as an overlay. Pretty much the entirety of cloud infrastructure runs on such systems, and they seem to do OK.

Also DERP relays having QOS that isn't controlled by myself and I have to hope to get bandwidth through doesn't exactly make me confident about the solution

Sure, but your data is only getting relayed through DERP servers if it cant otherwise establish a direct p2p connection. This can usually be resolved at either side of the connection - if you know about it (which is what the parent was suggesting could be made more clear).

As for your bandwidth concerns in the case of needing to relay, you can even set up your own relay (https://tailscale.com/kb/1118/custom-derp-servers), which would satisfy your desire to be more centralised (i guess you could force all traffic through it, but cant think why you would want to) while still allowing the flexibility of the overlay that tailscale provides.

I never said I had a desire to be more centralised. I just said that static IPs and open ports remove the necessity for hole punching/STUN. You can have multiple sites without a central and all use static IPs and open ports.

I was replying to your comment about you wanting to control QoS for relaying.

Dynamic IP addresses typically also have a forced disconnect at a regular interval. Not really what I want to host services on.

That seems like even more reason to use an overlay - it abstracts all that instability away and gives you a consistent, secure network regardless of what the underlying IPs are doing. Obviously peers can have static IPs too if you think that makes them more stable to routing changes (it doesn't).

I didn't mention Tailscale. I said "overlay", and both SD-WAN and MPLS L2 VPN are overlay networks.

Idk what you mean with routing instability. Changes to routing as a result of failures are a feature not the problem.

You said "Dynamic IP addresses typically also have a forced disconnect at a regular interval.", which is false in pretty much every DHCP scenario I have ever seen.

A change in an IP lease should result in no downtime whatsoever, because addressing is not the same as routing. A routing change would have exactly the same effect on a static IP.

I then pointed out that an overlay network means you don't have to worry about that anyway.

I think you need to reread whatever comments you think you are responding to, as there is clearly something out of sync with your replies.

Who said you can't do both? NAT makes things easier and you can still properly configure your firewall to keep track of all the NAT traversal rules

If you use the same password on different sites despite password managers and now passkeys you are asking for it.

New pipe breaks regularly. It's almost like YouTube changes the API on purpose to hurt 3rd party clients that don't show ads.

Either that, or they just straight up don't care.

I think it's pretty likely that they just don't look at or test Newpipe when they change their APIs. If the change doesn't break any official clients, it goes through.

With how large Youtube is, I iimagine API changes are not infrequent.

Well, then a service like Integuru would be perfect for Newpipe! Maybe someone should suggest them to use this awesome service? (I am pretty sure Alphabet would be really happy about that one! :D)

Why would they not want what to be found?

TMV can not be infinity because human wants and needs are not infinite.

Infinity is obviously an exaggeration but the point being that it is so large it might as well be unlimited.

Cows also have wants and needs, but who cares? They aren't the smartest species on the planet, so they're reduced to slaves.