It's possible to use Tailscale with just a passkey [0], but it's a weird process because they don't let you create a tailnet and a passkey account at the same time. Instead, you need to create an account with a throwaway FAANG credential and send yourself an invite to that account's tailnet, and then use that invite to create a passkey-linked Tailscale account. This account can then create its own tailnet, at which point the original tailnet (and the throwaway FAANG account) can be discarded.
It's a weird process and not particularly user friendly (passkey accounts are tied to a specific passkey and can't have additional ones added, so you need to create a new account if you, say, migrate from one hardware key to another). Hopefully they improve the process before passkey support goes out of beta.
Since April 2023 they support custom OIDC providers[1], and as of April 2024 that was extended to the free plan as well[2], so you can bring your own auth.
Looks very interesting. I was hoping it would solve a problem I’ve had recently:
I want to ssh into a windows box that I only have a normal user account on. So I can’t (and don’t want to) change any admin settings or install anything as admin.
All the obvious approaches hit roadblocks.
Seems like this tool solves the opposite problem: sshing out from a minimally privledged environment.
This is why you don't let Claude handle versioning and the release process. From v0.1.0 to v1.0.0 to v2.0.0, and then suddenly 1.2.0? Semantic versioning isn't quantum mechanics. (Even then, I'll admit it's sometimes hard for me too to decide the right increment when tagging versions. :)
Using a 3-digit version like semver, while assigning different semantics, is a recipe for confusion if anyone except you ever refers to a package using this "rule of thumb".
I am scared that this is vibe coded and not audited in any way. tsnet is good software, but wrapping it in this way is a recipe for disaster. Please reconsider.
I looked at the code and the documentation and it's definitely vibe coded. Also the presence of CLAUDE.md is pretty telling. I have no issue with vibe coding in general, but I am skeptical of the usefulness of LLMs with security code.
Yes, I think projects that are coded wholly or in part by LLMs should be noted as such.
Seems so lol, every new opensource project i see some guys gotta comment "its probably just vibecoded nonsense, screw this project"
Sorry welcome to 2025, almost every app you see is going to have claude or some other AI assisting with it either fully or in part, its just a fact, coding is faster with AI assistance its just a fact.
People gotta stop bitching about AI in opensource and start pointing out what exactly they dislike or found wrong with the project
I don't really care if "AI assistance" was used as long a human is actually reviewing the output, which just doesn't seem to be the case here (and usually not the case when it comes to "vibe coding")
I feel fine if AI was used to add features to an established software. Let it loose on the linux kernel for what I care. It still somehow feels icky to use it to build something from scratch.
Somewhat off topic question but I ask this from time to time and maybe now is that time. Has AI started fixing everyone's software bugs and closing out all the CVE's yet?
No one is against using AI or coding with agents unless you don't understand what it's doing and you're incapable of reviewing the output. The problem isn't the tool, it's "coders" who unthinkingly trust it without verification.
As in, I cannot simply sign up with my own personal identifiers (email, phone, etc.) but need to participate in a google auth or FB auth mechanism ?
I found it hard to believe - is this, indeed, the case ?
It's a weird process and not particularly user friendly (passkey accounts are tied to a specific passkey and can't have additional ones added, so you need to create a new account if you, say, migrate from one hardware key to another). Hopefully they improve the process before passkey support goes out of beta.
[0] https://tailscale.com/kb/1269/passkeys
Google, Microsoft, Github, Apple or your own OIDC Provider.
They do not have their own account backend.
So you dont technically need a FAANG account if you have a Gitea, Gitlab, Authentik Account or something like that.
[1]: https://tailscale.com/kb/1240/sso-custom-oidc
[2]: https://tailscale.com/blog/sso-tax-cut
Anytime I've submitted with both url + body the body is posted as a comment.
I want to ssh into a windows box that I only have a normal user account on. So I can’t (and don’t want to) change any admin settings or install anything as admin.
All the obvious approaches hit roadblocks.
Seems like this tool solves the opposite problem: sshing out from a minimally privledged environment.
Or anything else without reviewing it.
lol @ the issue in the repo: "module declares its path as: github.com/yourusername/ts-ssh"
- 0.1.0 -> breaking changes
- 1.0.0 -> overhaul/refactor needed
I know not every case is easy but this is my rule of thumb. I've honestly never needed a major version change
- x.y.Z (patch) -> backward compatible bug fixes
- x.Y.z (minor) -> backward compatible new features
- X.y.z (major) -> breaking changes
But of course it's fine to use whatever versioning scheme you like, as long as you communicate it to your consumers.
https://semver.org/
Edit: updated the version strings for clarity.
Totally serious question: would you feel better about this piece of software, if you didn't know that it was vibe coded?
Do we need "build without AI" stickers on every piece of software created these days?
Yes, I think projects that are coded wholly or in part by LLMs should be noted as such.
Sorry welcome to 2025, almost every app you see is going to have claude or some other AI assisting with it either fully or in part, its just a fact, coding is faster with AI assistance its just a fact.
People gotta stop bitching about AI in opensource and start pointing out what exactly they dislike or found wrong with the project