There is a well documented opensource alternative to Tailscale - Headscale. The tailscale client is already opensource, Headscale is opensource drop in replacement for the control server which isn't, and fully compatible with Tailscale clients:
If you can be bothered running the headscale container, you generally don't need to pay for tailscale. It's been pretty well supported and widely used for a number of years at this point. Tailscale even permit their own engineers to contribute to headscale, as the company sees it as complimentary to the commercial offering.
I've been really happy with headscale, but I wouldn't call it a complete drop in replacement as I would with vaultwarden. Some features (e.g. Mullvad integration, ACL tests, etc) are missing.
Upgrading also requires upgrading every minor version or you run into db migration issues, but that comes with the territory of running your own instance.
I would recommend folks look up if headscale suits their needs (like it did for me for many years) before switching over.
The headscale API is very different than the Tailscale API so if you're automating setting up clients it's not quite drop in. Once a client is up, though, from what I've heard it's seamless.
Ugh, I hadn't heard the news about the LocalStack licensing changes. I had some great results building AWS services for local dev as well as CI/CD and testing in GH actions with LocalStack in previous jobs.
I secretly always hoped Amazon would buy out LocalStack and make it the official free local development environment for AWS work, but I guess it probably would reduce revenues spent on AWS based dev and test environments. The compatibility with the AWS CLI was mostly excellent in my experiences.
Unclear what LocalStack's end game is tbh. My company has an active enterprise license atm so their recent changes won't affect me in the short term at least. As of writing I'm still a happy user of LocalStack. Disappointed with their overall direction, but I hold no ill will and I'm sure they had their reasons. I wish them luck.
Hopefully this change was not just an short term attempt to lock in current enterprise customers by shoring up existing income streams. That'll only work in the VERY short term.
It's not difficult to forsee the inevitable customer drain to free competitors or private one-shots easily produced by genai from publicly available AWS SDK code. Maybe they're already feeling that pressure and that's all this change is. I hope not.
AFAICT, they have no appreciable moat to retain customers long term. For example, I have absolutely no interest in their "Pods" or even their console UI, so thosr aren't keeping me around forever. For their sakes I hope they're still shopping themselves around and didn't take some VC poison pill with preconditions for killing the community edition. Really It's anyone's guess though.
> The compatibility with the AWS CLI was mostly excellent in my experiences.
Interesting, I've had the opposite experience. Every single AWS service I've ever tried to build tests around with LocalStack has run into compatibility issues. Usually something works in LocalStack but fails when it hits the real endpoint.
I guess the CLI itself has mostly worked, its more the LocalStack service not behaving the way the real service is documented/works.
Got any concrete examples? I've been happily using LocalStack for roughly a decade now and haven't run into a single compatibility issue, aside from the obvious missing of net new services for the first N months after AWS product launches. Things like AppConfig, etc, but those gaps got filled in time. They clearly prioritized the 95pct/most used features of each service first though. There's a long tail in some AWS services, as one might expect. I've never used any of the more esoteric AWS feature sets of any of their services. Those are the things that tend to end up deprecated. So requiring those long tail featur sets may be the simple answer to having very different experiences.
Ha out of curiosity I loaded that same consumer terms URL on both a USA and a UK VPN exit node - sure enough, the UK terms inject that extra clause you quoted banning commercial usage that is not present for USA users.
There's the usual expected legal boilerplate differences. However, the UK version injects the additional clause at line 134 that has no analog in the US version.
Wow, if you brought a paper contract to court that mutated itself depending which way you look at the paper, I wonder what a judge would think of that?
Personally I would crumple it up and pitch it out the window. I don't know why they can't simply be clear about what clauses apply to which geographies. An IP address should not be assumed as a reliable indicator of the jurisdiction in which an end-user resides. (Eg. In addition of VPNs's and unexpected routing, what happens if you travel?)
I once wrote a contract document in PostScript that changed the wording based on the date. Two parties could cryptographically sign an agreement in the document, which would change when printed on a later date.
One of the reasons we don’t use PostScript so much any more.
It's perfectly normal for contracts in different jurisdictions to use different wording and include different clauses.
Even within the US, employment contracts with the same organisation may contain different wording depending on the state in which the employment is occurring.
> It's perfectly normal for contracts in different jurisdictions to use different wording and include different clauses.
Before signing, yes, but once signed the contract stays constant. Mutating terms of service are weird - I would expect them to be locked to a canonical URL at least, like "https://.../tos?region=eu" or ideally something that locks the version too, like "https://.../tos?version=eu-002".
Let me pose a question from a different angle - these are legal contracts we are talking about, and the version they present to the user apparently changes based only on the client IP address. So if the terms in the EU ToS are better than in the US ToS, what would prevent me from signing up with an EU IP Address the first time? I would expect to be bound to the contract I actually agree to, not just the one they "intended" to show me.
My issue isn't with them having different verbiage for different jurisdictions. It's with the way they sneakily change the verbiage in a manner nobody would expect.
The correct way to do this is to clearly distinguish them e.g. two different contracts, one titled "US Terms of Service" and another "European Terms of Service". Both with static content. Preferably PDF's or some other fixed format which you can download to redline changes when they inevitably tweak it every couple years, and properly print in the event you need to embark on litigation.
Not some "Global Terms of Service that silently change depending on quasi-pseudorandom network stack effects"
How the hell are you supposed to have confidence you're even looking at the right document? Contracts are meant to be clear and unambiguous, this dark pattern works against consensus ad idem.
In the Uk there seem to be separate commercial and consumer terms.
In the UK the consumer terms say its subject to English law and the courts of the UK jurisdiction you live in.
The commercial terms say that in the UK, Switzerland and the EEA there will be binding arbitration by an arbitrator in Ireland appointed by the President of the Law Society of Ireland.
The UK commercial terms explicitly do not apply to individual user plans. The US also has a separate terms sheet for commercial plans.
We are comparing like for like - an individual user using a Claude Pro subscription. A US user can use it for commercial use and be in compliance with the terms, the UK user cannot.
> A US user can use it for commercial use and be in compliance with the terms, the UK user cannot.
But why? My guess is the liability exposure is what they’re trying to control. So you probably can if you’re ok with no liability. It’s still noncompliant to how they wrote it but I would guess it’s the motivation. Unless they really just want to force the UK to pay for all commercial uses, which I suppose is possible.
I think its because the law in the UK limits exclusions of liabilities in consumer contracts far more than in business contracts (in general consumer law has a LOT of protections that do not apply to business contracts). If you look at the clauses excluding liabilities they are very different. I think the same applies to many other countries so they will also have separate consumer contracts.
The law in Australia also has teeth, but visiting the link above just gets me (what seems to be) the US version of the terms without anything around commercial use.
It wasn't just Apple, in the late 90s/early 2000s there was a not insignificant number of folks in business/academia who thought Java would take over the world. Windows XP also shipped with an embedded JVM for running Java apps out of the box at one stage too, just before Microsoft doubled down on c#/.NET.
Along with MacOS X, Apple's Xcode IDE even had native java project support briefly in this era as well.
Yup, this brings back my academia years in 1998, sitting with KDE 1.0 and Java 1.1. It was mostly Java, then Perl as this fabulous scripting/glue language, teeny bit of C and MIPS Assembler for the low level courses.
We didn't touch a fairly esoteric language called Python much. Because we saw the future. Java and IPv6 was about to change everything.
Are you talking about minecraft? Minecraft was known for working only because it is so simple graphically compared to other games. It was said to allocate and deallocate hundreds of megabyte of memory every frame.
Minecraft still runs, and it may look graphically simple but it's actually pretty complex (as it has millions of blocks in memory at any time and has to cull which to not render, etc).
Minecraft does do some horrible things to the JVM, but it's strong and can take it.
Because it is graphically simple. That's not even a CPU issue.
millions of blocks in memory at any time and has to cull which to not render, etc).
128x128x128 is already 2 million voxels. Minecraft and any other game like that can use an octree or some variation to not individually deal with blocks. When things are in the distance or occluded or empty space you cull a courser level of the octree.
Java can be fast compared to scripting languages but I don't know why minecraft would be an example. It is a simple game that was poorly written and had to be re-written in C++ for other platforms. It got by on being simple and but running on full PCs at the same time.
Whats the verdict on sizing a general purpose CPU to become the basis of a software router?
I've no deep knowledge of the field, but my understanding is a lot of router/switch hardware uses dedicated hardware designs to ensure they deliver the bandwidth and ultra-low latency even if the device is absolutely slammed with traffic.
I've read before routing/switching in software like pfsense or similar can potentially struggle under some workloads dedicated hardware does not, but I've never seen a good analysis of the trade offs with actual benchmarks.
I'm sure most recent modern CPUs can probably handle a lot, but people often repurpose old SBCs they have like Raspberry Pis etc for projects like this.
I'd never heard of "edge sorting" prior to this comment, but reading the Wikipedia entry for it, it strikes me that the technique relies entirely on the cooperation of the croupier/dealer coupled with inconsistent printing/cutting of the pattern on the rear of the card?
I've not spent a lot of time in casinos, but I am surprised that given the technique is apparently widely known, dealers are not more reluctant to accede to player's requests to rotate a card for "luck" or "superstition", or whatever other rhetorical device is used to convince.
It also seems like simply taking care in the production of the cards and their backing design would afford a significant degree of preventative protection too. Sure it might drive the cost of a pack of cards up given the extra precision needed when printing and cutting the cards, but this does not seem beyond the resources of a casino.
I'd love to see footage of how Ivey manipulating the dealer into rotating cards unfolded.
>>> relies entirely on the cooperation of the croupier/dealer coupled with inconsistent printing/cutting of the pattern on the rear of the card?
AFAIK there wasn't overt cooperation with the dealer. Ivy gave the casino a set of rules he would play by if the casino hosted him. He brought a woman who was an expert in reading the miscut edges of the cards. The "cooperation" was that Ivy demanding the same set of cards (the ones his expert was able to read) were not allowed to be removed from play - that was one of his specific demands, the dealer was merely doing what he was told to do by the casino.
This is what gave him an edge and allowed him to retain it. By not letting the dealer/casino switch decks to one his expert couldn't read, the casino made the case he cheated. Even though, they took his action on the basis of the demands he made - so had Ivy lost a few million, the casino would be trumpeting that they beat one of the greatest card players. When they got took for a ton of money? Then, and only THEN it seems they refused to pay him and the court case ensued.
It always amazed me that even with this weakness, casino card games always use rear art that goes to the edge. While consumer cards often have a white border that would solve the issue entirely.
It’s been going on for a while. Search YouTube or the web for 48gb 4090 (this is one of the most popular modded Nvidia cards), Nvidia of course never officially made a 4090 with this much memory.
There are some on sale via eBay right now. The memory controllers on some Nvidia gpus support well beyond the 16-24gb they shipped with as standard, and enterprising folks in China desolder the original memory chips and fit higher capacity ones.
This is also the approach I would have used - I was surprised the author didn't end up here. I used a separate VLAN to achieve same thing as author to shutdown internet access on the VLAN my kids devices use at bedtime, as well as another VLAN with no internet access at all for IoT devices, security cameras etc.
Blocking all UDP traffic by default is something I would never have even attempted for a domestic setup either. As the author discovers with Discord and Roblox, a great many common applications and games rely upon it. A UDP block on my kid's VLAN would last about 5 seconds before they attacked me for breaking their online Minecraft games.
The jewel case does have the advantage of being easily replaceable too though - you can transfer album art/booklets and in most cases the result looks the same as the original.
With vinyl, album artwork and the case are the same thing and damaging or destroying the case also damages or destroys the album art - you can’t really replace the case without repurchasing the record if the art matters to you.
https://github.com/juanfont/headscale
If you can be bothered running the headscale container, you generally don't need to pay for tailscale. It's been pretty well supported and widely used for a number of years at this point. Tailscale even permit their own engineers to contribute to headscale, as the company sees it as complimentary to the commercial offering.
reply