undefined | Better HN

0 pointsdijit1y ago0 comments

Because then tailscale doesn’t store a username and password for you, so unless microsoft is hacked you won’t be- theoretically.

0 comments

littlecranky671y ago

If I have to spin up a keycloak instance (you forgot to say on a public-facing data center that runs 24/7) to use a single service I would usually signup with an email and password, I might as well spin up my private vpn server.

dijitOP1y ago

yep!

Or use a login system you already have.

littlecranky671y ago

but at the same time, now Microsoft knows you are using Tailscale (and they use this data in their tracking + analytics). And all the other products. They get a very good insight of your online habbit, because they have a list of all other products and apps you use where you sign in with your microsoft account. And due to the way token refresh works, they even have a good idea how frequently you use each individual one.

And if you for whatever reason get locked out of your microsoft account (and I say this as someone who had this happen with a Google account) your are basically locked out of your online life.

I own my own domain for my email address (xxxx@mydomain.com). As long as I can set the MX record of that domain freely, I can always restore access to my email adress no matter what any email provider decides to do or block me for.

dijitOP1y ago

sure, then spin up a keycloak.

Its not hard.

If you don’t feel comfortable doing so: maybe that is telling.

lo0dot01y ago

What are you on about. For years logging in with email was possible even on the most amateurish projects. Now that's not possible for tailscale? Why

dijitOP1y ago

Because they don't want your password and as a security company, I applaud that.

Account issues, recovery, support that can be manipulated, a single breach or bad password that grants access to their admin interfaces, implementing their own 2FA.

And, serious people want SSO anyway, and most people have some kind of authentication they can lean on.

You can make a stodgy password login if you want, or you can run a keycloak yourself.

If you don't want to run an OIDC provider for yourself, why would you want them to?

Genuinely I applaud the idea that they're SSO first, and have as little information as possible to handle things. If you don't like it; well, run your own, run headscale - or, use wireguard another way.

Not every company needs their own login system. I fucking hate it.

1 more reply

lo0dot01y ago

Thank God Microsoft never got hacked

j / k navigate · click thread line to collapse

0 comments

littlecranky671y ago

dijitOP1y ago

yep!

Or use a login system you already have.

littlecranky671y ago

And if you for whatever reason get locked out of your microsoft account (and I say this as someone who had this happen with a Google account) your are basically locked out of your online life.

dijitOP1y ago

sure, then spin up a keycloak.

Its not hard.

If you don’t feel comfortable doing so: maybe that is telling.

lo0dot01y ago

What are you on about. For years logging in with email was possible even on the most amateurish projects. Now that's not possible for tailscale? Why

dijitOP1y ago

Because they don't want your password and as a security company, I applaud that.

Account issues, recovery, support that can be manipulated, a single breach or bad password that grants access to their admin interfaces, implementing their own 2FA.

And, serious people want SSO anyway, and most people have some kind of authentication they can lean on.

You can make a stodgy password login if you want, or you can run a keycloak yourself.

If you don't want to run an OIDC provider for yourself, why would you want them to?

Not every company needs their own login system. I fucking hate it.

1 more reply

lo0dot01y ago

Thank God Microsoft never got hacked

j / k navigate · click thread line to collapse