And not even a remotely creative statement. 🙄

Last I checked they haven’t yet added user-facing controls to configure this yet. I don’t know where it is on the priority list.

https://tailscale.com/kb/1218/nextdns/

Easy to set up, mine is working great.

It’s accessing literally anything you self host from home, with minimal latency and without any port forwarding on your router or exposing your services to the Internet.

It’s primary benefit is how fast it is, how much easier it is to set up for even the most novice of users, and how ubiquitous all the clients are.

Plus it’s free for 100 endpoints, which is far more than most individuals will need for home labs. And even that you can get around by using subnet routing.

If you’ve ever wanted to run your own sort of Dropbox or Google docs (Syncthing/Next cloud) but didn’t want to deal with the security hassle of exposing it to the Internet, this removes that completely. No more struggling with open ports, fail2ban, or messing with reverse proxies.

This drives me nuts. I like Chrome. It’s simple, it’s fast, the extensions I want run on it (for now), and I love the Google Account Sync because I have an Android phone. This greatly pisses off people for whatever reason, despite the fact I’ve never had a bad opinion about Firefox and love what they’re doing too, and I never criticize anyone for choosing Firefox.

As with everything open source communities need nuance and understanding, otherwise they start to feel like cults.

This is why I unsubscribed from the Android community. I love Android, I use nothing but Linux at home and really appreciate open source software.

But the FOSS…enthusiasm is starting to border on zealotry. It’s getting really unpleasant.

Ludicrously simple setup, that’s all.

This is not remotely ghetto, this is really well done. Sure the fans are a bit wonky but that is one hell of a machine for the money.

Well done!

If you want to make money and kill clones make your distro free but charge for official support.

That model just does not work. For the engineering that goes into RedHat (and all the contributions back to the community they send), they just don’t make enough for that to happen. Everyone just wants to shrug this off as “Oh IBM has lots of money so that’s not a problem”. This “make it free and charge for support” model almost never works for FOSS yet so many people want to believe it does. On an enterprise level, it just doesn’t. People who want to use an enterprise distro of Linux for free also likely don’t want to pay for support either, instead wanting to support it themselves. Which is all well and good but that doesn’t account for the fact RHEL does all the engineering, all the building, all the testing, everything, and then puts that release up for use. All of that has to be covered somehow.

There was never any promise that you’d always be able to create a “bug compatible distro”. Ever. The GPL does not cover future releases or updates and never has, and even implying that it should sets a dangerous precedent of people being entitled to what you haven’t even created yet.

Rather than hearing the emotional takes from people that want to turn this into “RedHat vs the Linux Community”, I strongly suggest you listen to LinuxUnplugged: https://linuxunplugged.com/517?t=506.

RedHat is still contributing everything upstream, and CentOS Stream is not going anywhere. You have full access to the source of whatever you buy.

The only thing that has changed here is that the loophole that Alma and Rocky were using to create a RHEL clone and then offer support for it (Which is literally RedHat’s own business model) is gone. Those two are throwing a tantrum because they got to set up a nice easy business model where they literally did nothing more than clone RHEL and then offer support for it and that free lunch is over. That’s it. They don’t contribute back to RHEL, they don’t do anything to help development. They sold themselves as the “free” or “cheaper” alternative and now they’re getting burned for building their entire business of the work done by RHEL.

Everything else in this story is noise, drama, and unnecessary emotion.

Not remotely.

Maybe certain people should think twice about setting up an entire business model of support based on having the current company do all the engineering work, cloning it, and then taking the support contracts for it.

Both Fedora and CentOS Stream are still very much upstream. Just certain CentOS alternatives are throwing a hissy-fit/tantrum that their nice neat little “cloned distro + support” business model fell apart overnight because they built their entire business off of what’s basically (not entirely) a loophole.

You can actually take it one step further and directly integrate NextDNS into your Tailnet: https://tailscale.com/kb/1218/nextdns/

Private DNS. I use https://nextdns.io/, and then just change my phone’s private DNS address to match.

Works great, easy enough to toggle off if needed.

I stopped messing with port forwarding and reverse proxies and fail2ban and all the other stuff a long time ago.

Everything is accessible for login only locally, and then I add Tailscale (alternative would be ZeroTier) on top of it. Boom, done. Everything is seamless, I don’t have any random connection attempts clogging up my logging, and I’ve massively reduced my risk surface. Sure I’m not immune; if the app communicates on the internet, it must be regularly patched, and that I do my best to keep up with.

Just so I understand, you’re using your compose file to handle updating images? How does that work? I’m using some hacked together recursive shell function I found to update all my images at once.

Side note, I really feel for you with the duplicate comments, it happens to me constantly and I know it’s not our fault :(

Tailscale completely negated and desire I’ve ever had to run any kind of proxy or VPN. The setup tool all of 30 seconds to make an account, and then like 15-20 seconds per client. I set it up once several months ago and I completely forgot about it…it’s just quietly working in the background, completely transparent to me.

I use Obtanium to keep Liftoff and Thunder up to date, since the updates come faster than they do from the Play Store :) Very easy to set up…even if you originally installed from the Play Store, you can still use Obtanium to update going forward.