Honestly I (and I suspect most here) wouldn't mind if the server was not easy to set up. The goal here would be transparency. It's true that, with lock, a user can run Tailscale without having to trust it. But it is still a good show of good faith and goodwill to have everything in your infrastructure be as transparent as possible, barring actual user data and service credentials.
Same concept applies to the proprietary GUI clients. What's the rationale for not, at least, making their source code publicly available for reproducible builds (or, if those are too complicated to implement, the same goodwill and transparency I talked about)? You wouldn't even need to actually support the source releases.
FWIW, you can run open source Tailscale on macOS and Windows without the GUI.
And you can already do reproducible builds of our Windows build: the `tailscaled.exe` service and `tailscale.exe` CLI are open source. Only the GUI systray client (tailscale-ipn.exe) is closed.
For macOS and iOS, our development environment is kinda hell. It's great when it's finally working, but hard to get it set up and keep it in a happy place ... you have to get users into the right Apple teams for the right Network Extension Entitlements/notarization/etc, disable SIP to work on certain types of builds, be sure to clean up Xcode temp folders in ~/Library/ so the system doesn't pick up the wrong builds, etc, etc. Then you think things are good and in a few months a random keychain cert expires and you have to repeat the dance. Which sometimes involves a few macOS reboots for some reason.
Yes, maybe we could say that the macOS/iOS/Windows GUI source releases are "not supported" but that will stop approximately nobody from asking questions anyway and consuming time.
Plus I always come back to the question: if you care about open source so much, why aren't you running Linux?
The common reply is: but trust! but security! but auditability! Know how many corporate/paying customers have asked for open source Windows/macOS/iOS GUIs? Zero that I've heard about. Their trust relationship is with other companies, not with codebases they don't have time to build or audit anyway. Or they trust us that all the interesting code (non-GUI wrappers) is open source anyway and read that.
So, yes, we _could_ open source our GUIs. But it's not worth the resulting pain. It'd save me writing comments like this one, but then I'd be answering Xcode/mac build questions instead, and I'd much prefer writing this.
> Plus I always come back to the question: if you care about open source so much, why aren't you running Linux?
Yes, exactly. I'm one of the biggest FOSS advocates around, but if someone is running Mac or Windows, I have a hard time accepting criticism from them about closed source software. They are obviously pretty comfortable with closed-source/proprietary blobs. If you're running closed systems, you're voting for closed software. It's pretty hypocritical to criticize others to go open when you don't.
With my FOSS projects I do try to support macs, and if it's relatively easy then windows, but I don't blame anyone for taking a "like for like" approach to their software. Open for people who vote open, closed for people who vote closed. Live by the sword, die by the sword, or something like that.
Seems quite fair to me. It's also arguably better for Linux/open source, because if more software vendors took this approach with their software, we'd see more people choosing Linux because it would give us another competitive advantage. That leads to more Linux users, and the more Linux users there are the better it is for the whole community. More software vendors will support Linux, for example.
You don't need to be vegan to care about animal rights.
I can consume closed-source software and care about FOSS at the same time, do not discard people who are on your side just because they aren't extreme enough for your tastes.
> You don't need to be vegan to care about animal rights.
Yes, but that's not really equivalent to this situation. This isn't just a "do you care about FOSS" question like the "do you care about animal rights" analogy that you raised.
In this situation, a person who pays for and uses closed source software (and not just one application, but the entire OS), is criticizing another company for making closed source software. It would be more equivalent to somebody who is a meat purchaser/eater criticizing a company for making meat.
As a paying customer, this is 100% true. Reputation helps a lot, the core of the product being opensource for a quick skim for some sanity helped. Support being there to help with questions about why X was done the way it was helped. We don't care or have the time to audit further. The company pays _others_ to help audit them, iirc Latacora.
> Plus I always come back to the question: if you care about open source so much, why aren't you running Linux?
Because it's not black and white.
I can easily see myself in a position where I have influence over the VPN we use, while not having control over the finance people using Windows (because of the Windows-only accounting software) and the designers using Macs (for all the usual reasons). As a more general point, "I have stricter openness requirements for my infrastructure than I do for client devices" seems like a reasonable position to hold.
I do appreciate that the armchair CIO crowd keeps raising auditably/trust/security as being much bigger issues than they are in practice, but I have had engagements in the past where the client demanded that any softare we wrote on their behalf had to be open-sourced. So such requirements are in practice unusual but by no means unheard of.
Have you considered the benefit of open source serving as an example of how to make a non-standard use case work? </sarcasm>
I think I just wanted to point out the similarity. You _have_ to maintain the dev environment, and you _have_ to have it documented in some form for new hires. If that was public, we could be reading a blog post 6 months from now from some company that ran into similar-shaped problems in their dev environment, and solved it using “the power of open source”
I don’t think that’s a compelling enough reason for someone trying to run a business, but I hope at least some people appreciate the irony here.
While I totally agree with you, the fact that nobody's both paying you and asking for more open source, could also be due the fact that they are no customers because it's not more open source.
Honestly I (and I suspect most here) wouldn't mind if the server was not easy to set up. The goal here would be transparency. It's true that, with lock, a user can run Tailscale without having to trust it. But it is still a good show of good faith and goodwill to have everything in your infrastructure be as transparent as possible, barring actual user data and service credentials.
Same concept applies to the proprietary GUI clients. What's the rationale for not, at least, making their source code publicly available for reproducible builds (or, if those are too complicated to implement, the same goodwill and transparency I talked about)? You wouldn't even need to actually support the source releases.