Hacker News new | past | comments | ask | show | jobs | submit login

>A common misconception IMO is that running and owning your own infrastructure is somehow more secure.

If done properly cve-s don't matter that much. You create a headscale install on a pi and the headscale port and your router's ssh (key only) are the only things visible from the outside. Take any other than a home router - aka something with support. And you are done.




> If done properly cve-s don't matter that much.

I think it depends on the CVEs and where they are. If it's a software vuln that requires root or some other complex prerequisites then w/e. But, if we're talking about low level problems in either the OS or network layer (e.g. firewalls, routers) then big clouds are most likely going to have that patched and rolled out more quickly IMO.


Or go with Wireguard. It uses UDP, it has a silent protocol, no one from the outside can see it. (unless they can MITM you)


headscale boils down to syntaxis sugar over wireguard.

To the headscale and tailscale teams members reading this - please don't kill me. You are making awesome things.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: