I loved Tailscale for about a year but am moving away from it because having multiple exit nodes with each redirecting traffic via commercial VPNs with DNS-based ad blocking and App Connectors grew way too complex.
I’m not saying you’re doing all this but if you do get to a point where you’re directing traffic to multiple countries Tailscale turns into nightmare to manage.
“S-Q-L ‘aight” for SQLite?
Yeah that’s a whole other can of worms. I see this a lot at work where people are asking for direct database credentials and cringe every time.
Is it though? I haven’t used a framework since probably 2007 that doesn’t do this. There are the smaller, more DIY frameworks out there but I’ve never used them professionally.
Lately I’ve been dealing with tons of invalid byte sequences in MySQL dumps and it makes me question what the hell they’re allowing in there.
Unless you’re coding from scratch it’s hard to not do this with any modern framework.
I’ve been doing web development for something like 20 years now and I just can’t imagine how shitty your backend is if this is an issue.
This is why I take a late lunch every day. Every standup I’m like “I’ll wrap up this small issue from yesterday, then move on to something bigger…”
Usually the “small issue” is finally done around 4 PM.
How do you complete the captcha? For me it just loops; it’s to the point where not having the original link to an article is actually more annoying.
Eh, out of all my own traffic I’ve MITM’d it’s mostly been third-party SDKs in apps doing creepy shit.
Down to hate on Gulf of America but when it comes to privacy it’s debatable.
Irrelevant: Scared me for a sec, thought I had an IP leak as I VPN to Switzerland but remembered I explicitly allowed Maps to be routed through a US VPN.
I wrote that “Gulf of America” is only used by an authoritarian regime and “not widely used.”
Running a side business it’s like:
Client: Why doesn’t this work?
Me: The same reason I told you I didn’t want to implement it in the first place.
Client: surprised Pikachu face Well just do <some other hack that’s equally bad>
optimisation is back on the menu boys
Now let’s fix GitHub’s glitchy-ass JavaScript on pull requests!
There are dozens all over GitHub. My “core” block list is HaGeZi Ultimate but there are several that block only Meta if that’s more your speed.
I’ve seen some of the nicest vehicles on the planet waste everyone’s time doing this stupid maneuver and I’d gamble they all had rear cameras too.
…and block all their domains! Just because you’re not on Facebook doesn’t mean Meta isn’t tracking you. See Pixel Hunt from The Markdown.
I’m on this level about it: https://matthewdicks.com/2016-8-1-backing-into-a-parking-spot/
I thought my entrance test was far too easy, I only had to create a blog in my web framework and show doing the basics like validations, secure parameters, etc.
I learned later on that most couldn’t pass because they came from other languages and thought they could get by without knowing anything.
I’m just using WireGuard on a VPS with multiple interfaces. I’m still doing heavy ad/tracking blocking via DNS too.
As for App Connectors I’m working on a script (compiled program hopefully down the road) that can query a specific hostname using a specific interface (say, a US-only website using DNS over a US-based VPN) then create a virtual IP address that directs to that same IP using the correct tunnel.
My reasoning for the virtual IP address is that I don’t want to redirect every website on the host to the other tunnel—lots of servers have an array of websites on them.
What I found disappointing about Tailscale is I had to do a lot of “hacks” to make things work—DNS on each exit node had to match perfectly (despite using different exit tunnels)—then the shit would only work like 20% of the time. One day traffic for the US tunnel worked, the next day it was going out of the exit node. I also never got it working correctly in Docker so I was running multiple VPS servers.
If I remember correctly with App Connectors your client would query the App Connector for the domain, then it would return an IP address. The IP address would be set up to always go through the defined exit node. So if your DNS was off or you were accessing another website on the same server you were screwed. On top of that, it just didn’t work.