I first sat down at an serial terminal connected to a Unix system in … either the spring or fall semester of 1986. The system was a VAX 11-780 running BSD Unix. I spent some quality time with Netware in the years after that but I gave Microsoft the finger in 1997 and I’ve never looked back.

Thirty eight years is a long time. I am an OLD Unix user and I love change … when I get to inflict it on others ;-) Tonight, however, I got a bit of my own medicine and I am quickly warming up to this Tailscale stuff.

So this came up an hour or two ago in chat, one of the other AI tinkerers has something running she wants to show, but she’s all about how AI works against large volumes of language data. This whole hosting business is foreign to her, so I took notice, and agreed to assist.

Cloudflare is an old friend, of course, and this task is simple, just a CNAME for a domain aimed at some Tailscale infrastructure. I have only JUST started looking at this, but I think an apt description of this service might be that it’s … a corporate oriented take on the Tor darknet. I am loathe to trust anything centralized, but … this is big, stable, and it has in which Tor is utterly lacking - it’s FAST. So maybe this is about like Gmail - not a perfect secure solution for skulking, but if you’re not doing things like that, it’s probably going to be fairly safe.

Of course, I gotta go read, see who’s managed to break it, and I’m going to compartmentalize it in a VM. But it looks interesting.

Another big prize in this adventure is Caddy, which competes in the reverse proxy role where I currently use nginx. And it automates the creation of SSL certs using Let’s Encrypt or ZeroSSL(!)

I think my first encounter with SSL administration duties was in … 1998. So the creation of a signing cert, getting a root CA to validate, this is all stuff I’ve done a couple of times a year ever since. I got an advanced class in this when I was using Search Guard to protect my Elasticsearch cluster, since every little thing needed a SSL cert of its own.

And Caddy … just does it, when you’re doing something that needs it, and automates it all the way through. That is very attractive to me and I believe it’s a game changer for people like my AI tinkerer friend, who’ve never had to do that sort of thing and don’t really need to learn in order to accomplish their goals.

Conclusion:

I remain suspicious of new things, and I think rightly so. Stuff that has survived the tests of time … did so by surviving. So I’m going to have to find the sources of news on these tools, go look at whatever CVEs there are, maybe see if there’s any CISA KEV activity for them.

Earlier I got the least capable machine in my Proxmox cluster running again. The blown boot drive was replaced and I slipped a cheap PCIe NVMe carrier into it. I find that using this admittedly not so good card makes a cached ZFS spindle as fast as the Seagate Nytro SSDs I’ve been using for boot/cache. If my local testing numbers hold up, when that cheap PCIe card gives way to an HP Z Turbo G2 with an IronWolf or Western Digital RED NVMe in it, that should roughly double the disk subsystem performance.

That machine has no duties, as it’s just returned to the herd after an extended vacation, so it’s going to be the perfect place to Tailnet all the things.

There’s a far horizon to this … where things that would be problematic if hosted in the U.S. can just hide behind Cloudflare, with a VPS in some uncooperative jurisdiction as the endpoint, and all the actual data is … *waves arms wildly*.

Clearly, I gotta do some thinkin’ on this one …