I don't understand this attitude. Some humans have to eat and put a roof over their heads sometimes, and extracting consulting fees from open-source work (i.e. the Redhat model) is not always a paying business model. A hybrid model is often the best way to compromise.

Disclaimer: I'm pursuing a similar solution on an app I'm working on. The CLI will be free and open-source (and will have feature parity with the GUI), but charging money for the GUI will also help support that development (and put my son through school etc.)

And by "feature parity", I really mean it- The GUI will be translated into 22 languages... and so will the CLI. ;) (Claude initially argued against this feature. I made my arguments for it. It: "You make a compelling argument. Let's do it." LOL)

The lowest level of it is already available and fully open-source: https://github.com/pmarreck/validate

I'm building something on top of that which will have a nice GUI, do some other data integrity stuff, and also have a CLI. And will be for sale in the Mac and Windows app stores.

I also have to eat and put a roof over my head. Tying that to a system that can change permanently at any time to something less helpful is dangerous.

Preferring open source is a risk mitigation strategy. The closed alternative may have better features to make them worth that risk though.

One feature is: it's a business and won't be abandoned due to OSS but out if it has a sustainable way to continue.

Healthy and not extremely niche Free Software projects don't disappear. My software stack I rely on daily mostly barely changed in 15 and more years.

The amount of businesses closed, sold and products abandoned or swapped for the more controlled/exploitable ones is numerous, on the other hand.

>Healthy and not extremely niche Free Software projects don't disappear.

This sounds a lot like a circular definition.

Not really? One is the cause (bad management/tech debt/problematic architecture/no public interest, etc.), the second is the effect.

It looks as though your definition of healthy is "survived"; i.e. projects that survived have survived.

The (almost) opposite is also a feature: it's OSS and will still be available if the business goes out of business

Companies need someone to blame who has skin in the game.

An "open source contributor" is not gonna wake up at 2AM on a Saturday because the business that someone else partially built on their free code suddenly went down.

This is ALSO, conveniently, why AI's will never completely replace human developers. You cannot blame, reward, or punish an entity that has no such sensitivities.

The bigger problem is that making software easy to use is stupidly expensive and hard and is usually the kind of work devs hate. So it’s usually not possible for free software to do it, hence free software usually makes no impact outside very technical circles.

Personally, I understand people need to make money but this tends to be a death spiral (enshittification). So I tend to go for solutions without those incentives at all. Or at least use the free self hosted option.

I wonder why you jumped into the mesh vpn market, it's so saturated. Theres literally hundreds of solutions out there (niche ones included for the mainstream ones it's probably 10 or so), many non profit options included. Is there really a niche you can offer that the others don't?

Edit: ah by doing the same thing you didn't necessarily mean a mesh vpn? I don't really understand what your thing does but not vpn.

I was just saying it because there's a new Show HN mesh VPN thing weekly now.

Another way to counteract enshittification is to pay for things, then stop paying when they enshittify.

just stop paying them, as though migrating to an alternative is free and easy

No it's not. Like moving from Instagram to something else, that's going to be very tough because nobody else is on there. Same with WhatsApp.

In this case it really is easy. It's just wireguard with some NAT negotiation sauce and convenient auth layer.

You're doing the Dropbox rsync comment.

To be fair, only the mesh part of the problem is quadratic. Reliable hole punching is not that easy either. As far as I know, there is a level of circumvention in case the unwrapped WG is blocked too.

The integrated service is very valuable and obviously genuinely popular.

That doesn't really help. It still happens. And you still need to move to something else. And they'll try to tie you in by making migration as tough as possible.

The logic of putting roof over the head is a point that is too broadly used is not at all valid for things like tailscale as... eventually most businesses at that level (tailscale revenue in 2025 was $45.2M) are crushing the customers. Either entshittification or lock-in. There is a loss of trust. The trust on SV/software is as much as bankers (during Lehmann bros crisis). Some people in HN think oh, we are growing small farmers/engineers from grassroots etc Yes, maybe - but their thinking is to exploit customers sooner or later. These smaller ones (as compared to FAANG etc) think that common man thinks that FAANG are the exploitative ones. But no. The public is getting aware that every damn calendar app or pdf viewer or router is increasing prices or wants subscription or planned obsolescence.

A roof over the head is OK but the price increases are usually to put private Yachts. The income earned by majority of these founders is already good to have lots of roofs.

Maybe my local corner coffee shop is one fellow I would not mind having subscription with...

Out of all the businesses to rant against for overcharging you are really going to focus on Tailscale?

Am I supposed to care about the yachts?

> should the world not have yachts?

Maybe? Things like super yachts are just offensive.

Then ask all the billionares or people like you to give jobs/salaries/allowances/holidays at SV level to everyone in the world. Lets all build yachts. I am happy to get that level of pay.

So the perverse "logic" here is basically that since very successful products sometimes get enshittified, there is no point to seeking ANY success?

Do you realize how out-of-touch with reality this sounds? For every $45M Tailscale there's a hundred companies you likely never heard of making respectable but not-very-excessive money in niches here and there. For example, I have a high school friend who owns one: https://speedify.com Thing is, you can't have one without the other. Hell, that's the kind of success (as in "moderate") I'm actually targeting with my work. Which is why comments like this irritate me.

Go make something that other people want and then try to live off it. Offering all of it for free won't cut it, because we don't live in a communist dictatorship (not that any of them might approve you spending your time on your pie-in-the-sky "contributory idea" in the first place).

By the way, in working on the thing I want to sell, I've made a number of offshoot projects open source as a side effect. Check my github, it's never been more active.

They don't have access to the same information as us. There's another comment that replied to you who brought up enshittification. I guarantee you he has not read the blog post by apenwarr. Or even knows who apenwarr is.

(Tailscalar here) To be clear: it's only the GUIs that are closed source on selected platforms.

Thats actually a good way to split a project up into closed/open imho. Open the functional part so people can see you're not sending data to hq behind their backs and make the boring time consuming ui closed. I like it. Then make money out of a service rather than the software. As we all know, tech people will see a piece if challenging software and go out of their way to replicate it and release it for free, for whatever reasons. So open sourcing that part takes the challenge away.

I stand corrected.

Although, the problem is not so single-layered. Do I understand the situation correctly, in case of iOS, to not be subject to additional limitations of the platform that restricts the distribution of your products to the extents that the laws of the countries where your business is registered require, all the user has to do is to fork the main repo (which is, thankfully, BSD), build a minimally acceptable GUI, pass Apple certification, publish the app in the app store, and Bob's your uncle?

Essentially, yeah, but of course you wouldn't want to use any Tailscale trademarks.

Tailscale is engineered under the assumption that any client connected to our control plane could potentially differ from our canonical OSS codebase.

That's good to know. Can you point me to the peer relay code? I'd like to look at what and how it works. thanks!

can you say more about this. I've been considering adding tailscale to some products but if my (nerd) perspective is to survive corporate realism I need more than a 1-liner to justify. seriously curious. Also how would I pitch it to a EU based crowd that wants increasingly less to do with US based tech?

For one, Tailscale is a Canadian company :)

Essentially this: OSS operating systems get OSS GUIs.

Does that include android?

Nice, thanks.

Heh, that's my PR. Initially I thought it would be a trivial change, but then I realized I hadn't considered how it should interact with MDM / device posture functionality - these aren't features I'm personally using with the Android client, but are understandably important to enterprises.

I still hope to get back to that and try to get it to a state where it can be merged, but I need to figure out how to test the MDM parts of it properly, and ideally get a bit of guidance from the tailscale team on how it should work/is my implementation on the right track (think I had some open questions around the UI as well)

Let's stop moving the goalposts. Open source has a specific definition, and "they merge whatever code I want them to" isn't part of it. Just fork the client, compile it, and run it yourself.

An option to disable telemetry is important.

It's not "whartever code".

You're welcome to fork it

No, thanks. I'll just use the competitors without telemetry.

"Support free alternatives if you can, even if they underperform by some measure."

I value _control_ more than I do performance

Better performance is, IMHO, not a reason to sacrifice _control_, but that's just me

If users have control, i.e., can compile from source, then in theory performance improvement is possible through DIY or work of others. However performance is not always the only important issue. Today's commercial software tends to be rushed, lower quality, bloated. Releasing work-in-progress software that requires constant remotely-installed "updates" in place of a thoroughly-tested final product is a norm

Without control, if performance, _or anything else about the software_, is unsatisfactory, then there is nothing users can do

Basically a lot of current software teams operate like many modern video game companies. Ship the broken thing, (maybe) repair/improve it as people suffer through the experience.

Turns out people see value in imperfect experiences.

There’s a difference between tolerating something and seeing its value. I tolerate lines at restaurants, I don’t see value in them for me.

You’re also operating under the assumption that people always have a choice.

But you clearly see value in the restaurant experience, even with the shortcoming of a line. Or else you wouldn’t go.

You’re missing the point. The restaurant experience would be better without a line. I tolerate lines if the restaurant experience is good enough.

If it is not, I go somewhere else. “Going somewhere else” is not always an option when it comes to computers/software.

Which is exactly what the OP was saying. You see a value in a imperfect restaurant experience.

I don’t value the imperfections. I value the experience despite the imperfections.

I value a great video game or piece of software often despite its bugs and issues. If they had fewer bugs and issues I’d value it more. It would be better.

We should not conflate tolerance and appreciation. Just because people tolerate it doesn’t mean they value it.

The CLI version of the Tailscale client on macOS can be compiled from source and installed without the app store:

   go install tailscale.com/cmd/tailscale{,d}@latest

https://github.com/tailscale/tailscale/wiki/Tailscaled-on-ma...

So fully available in situations with limited connectivity. The GUI version of the client is closed source though, and it's available as a package or from the app store.

Seems like an odd thing to be concerned about. Most of the apps on my Mac are closed source, that little Tailscale menu bar item is really insignificant. You can always control it through the command line if you're really bothered by it. I'm pretty sure tailscale is on brew.

That justification honestly doesn't sound that ridiculous to me, especially if the closed-source stuff is mostly just platform-specific GUI and integration code. Is there even a practical mechanism to open source an iOS app and then letting users verify that the version they're downloading from the App Store is exactly the same version that is open sourced?

I've been relatively happy with Headscale, but now that I have MacOS/iOS users I'm in the process of testing alternatives like Netbird. I was also surprised that the Tailscale Kubernetes operator is not compatible with Headscale.

As a developer who have been built some tailscale-based clients, I think this maybe acceptable because they running a business with money from the VCs.

And I am also very grateful that tailscale implement some workaround for systems such as apple-based OS with core APIs built into the open source code, thus if you really need you can just look the open source code and doing accordingly, though it really need some research work.

For the long term if they really do not want to open source the core client code (which I do not believe at the moment), I think support a fully open source coordinator and open source client based on the fork will still be doable.

Went with ZeroTier and Netbird, they're not too bad.

I keep hoping to switch to Netbird, but run into the same issue every time for the last couple of years I've been trying it - peers randomly drop of the network. There's a longish standing open issue on their GitHub.

Don't they both have even more restrictions on the server side vs the paid service?

Netbird is very good for my use case. Simple to set up, and just works.

Zerotier is a lot harder to self-host than tailscale

The entire idea is that they make money. Limited licenses are ignored incredibly often.

where were the alternatives before tailscale? we could only read bout BeyondCore with envy before tailscale. i'm going to keep supporting them unless they do something naughty.

I switched to Netbird because of this.