Rowan Thorpe

Anyone who knows enough about Wireguard, iproute2 tools, iptables/nftables, etc (firewall-marking certain packets based on criteria, then directing them through alternate route-tables based on that) can hand-roll split-tunneling, internal point-to-point tunnels/meshes, etc. For (most) people who want to achieve this in a less painful/fragile way, from what I’ve understood it seems Tailscale just does exactly this under the hood in a less arduous and more intuitive way for users, while also providing a static internet-facing ingress point when needed. Headscale exists for those wanting that but with their own static ingress (self-hosted at their own IP) instead of Tailscale’s.

Just a heads-up to anyone who - like me - thought this was about Radicle and got confused about mentions of caldav/cardav/LDAP… Radicale != Radicle

Although I agree with the implied sentiment that “the Perfect is the enemy of the Good Enough” (especially for low-profile personal web-presence) and that naval-gazing about protocols can become a counterproductive rabbit-hole, sometimes it can also be risky to oversimplify in the other direction without at least parenthesizing the caveats too. For example this “HTTP/1.1 must die” site points out how desync attacks make HTTP/1.1 robustness a bit of a game of Whack-a-Mole. For certain sites (even some personal sites) this can occasionally matter.