FLOSS Weekly 696 Transcripts

Please be advised this transcript is AI-generated and may not be word for word.
Time codes refer to the approximate times in the ad-supported version of the show.

Doc Searls (00:00:00):
This is FLOSS Weekly. I'm Doc Searls this week, Aaron Newcomb. And I talk with Avery Pennarun of Tailscale, picking up where we left off last January. In the meantime, his company got a 100 million investment and he's just as deep and thoughtful as ever and dealing with more problems than ever. And just a lot of great stuff on this show. And that is coming up. Next.

New Speaker (00:00:29):
Podcasts you love, From people you trust this is TWiT

Doc Searls (00:00:38):
This is FLOSS Weekly episode 696 recorded Wednesday, August 31st, 2022. Tailscale gets hot. This episode of FLOSS Weekly is brought to you by Kolide that's Kolide with a K Kolide is an end point security solution built around honest security. You can beat your security goals without compromising your values. Visit to learn more and activate a free 14 day trial today. No credit card required. And by I R L an original podcast from Mozilla, IR L is a show for people who build AI and people who develop tech policies hosted by Bridget Todd. This season of IRL looks at AI in real life search for IRL in your podcast player. Good morning. Good evening. Good. Whenever it is wherever you are and whoever you are, I'm Doc Searls. You're not, and that's fine with me today is, is, that's probably a good thing is is Aaron Newcomb. This is a, a repeat engagement with this guest. How are you doing Aaron?

Aaron Newcomb (00:01:46):
Good. Good. Yeah. Thanks for having me back. It'll be good to to talk to Avery again.

Doc Searls (00:01:52):
Yeah, yeah. So this is it was actually, I think it's a weird thing. We I was listening to Conon O'Brien being interviewed and he said, I hate to say it I've had 10,000 guests in my life. I don't remember most of the, I don't remember who was on and when, and, and in this case I think it was Dave tat. Who's been on recently who said, you've gotta have Avery on and we booked him again. And actually I forgot that we already had him on. And when I did remember though, when I re-listed to the show was what a good show it was. And then, and we always say to people, we have to have you back. So usually we, we wait a year or more, but we didn't wait that long this time. So do you remember much?

Aaron Newcomb (00:02:35):
I remember a few things. I remember, I remember talking about his, you know, he's got a long history and I re well, you know, I don't want to age him too much, but <laugh>, he's been doing this for a long time. Let's just say, and I remember talking about his pen name. Right. I forget what it is. Oh, right. But he had a long story about how that yeah. That's it. And he had a long story about how that came about. And and then we you know, we had just had a, like, I think a general talk about open source in general. Right. And we talked about a number of different projects, and then we talked about his project, which was Tailscale, tail

Doc Searls (00:03:10):
Scale. Yeah.

Aaron Newcomb (00:03:10):
Tailscale. Yeah. So I do remember it. I, I will admit that my memory is not as good as it used to be, so I don't remember everything we talked about, but I do remember a few things.

Doc Searls (00:03:19):
Well, the whole point was short term memory is that you remember the meaning, but not necessarily what anybody said. Exactly. So <laugh> I just took a whole bunch of notes, which I have over here. There's some things I want to want to get to. Yeah. So we just said Avery Pennarun is, has has a great history. He worked for Google fiber. Many other companies he's had a series of startups and his, his big project right now, his company, his Tailscale he uses wire guard with that. Has some amazing thoughts that we, he went over in the last time about how, how companies scale really interesting stuff. So I guess, so Avery, let's bring you on and maybe we could start there with there he is. Amen. Hello. So, so you're somewhere in Canada, I guess. Is that right?

Speaker 4 (00:04:13):
That is correct today. I'm in Montreal

Doc Searls (00:04:16):
In Montreal. So it's, it's funny by the way about Montreal of I love Montreal and I love Toronto and, but there am I wrong about this? I found that Toronto and Montreal have a relationship kind of like San Francisco in Los and Los Angeles, where everybody in San Francisco hates Los Angeles, but Los Angeles thinks San Francisco is a nice place to go. Is it similar that way with, with, with Toronto and Montreal? I kind of got that Montreal, like seems to hate Toronto, but Toronto's is Montreal school or,

Speaker 4 (00:04:50):
Yeah, there's definitely an element of competition between the two, two cities. I would say we tease Toronto quite a bit because the, you know, mainly because of their ability to handle snow in the winter, cause they don't get that much snow. So when they do get a snowfall, everything shuts down and Montreals is like, that's just a normal day. But they, they do, they are the center of the business world in Canada. So I guess we have to have to hand them that

Doc Searls (00:05:12):
<Laugh> that that's funny. Cause I, I remember that there's this thing about in Toronto where they say it actually does the snow here that much, you know, and maybe that's why they, they don't, they're not, they're not equipped for it. I found that like when I lived in North Carolina say, no, it never snows down here. And then when it does everything shuts down, nothing happens. Right. Actually. Exactly. It actually does snow there sometimes. Anyway, so, so what is the Delta between January when we talked and now is there is everything in the last show we talked about the transition from new to hot to big and what was involved in that. And, and I'm wondering if you've grown that much since then, or if you've changed your mind about anything since the last show started?

Speaker 4 (00:05:54):
Well, I personally am more or less the same size as before <laugh>

Doc Searls (00:05:57):

Speaker 4 (00:05:59):
I think, you know, the, the good news about, about us, not necessarily remembering everything we talked about is probably your audience. Doesn't remember everything we talked about either. So we can just talk about the same stuff and if it was good last time, it should be good again this time. But yeah, I think, I think I remember near the end of, of our hour last time, we're like, Hey, we didn't actually talk about Tailscale at all. <Laugh> in this whole conversation. That's so I guess, I guess we could maybe mention that let's start this time around. Yeah. <Laugh> but I'm happy to talk about whatever, you know, I've got lots of, well,

Doc Searls (00:06:29):
Please do. That's a good one.

Speaker 4 (00:06:31):
Sure. All right. Well let's see. I, I remember at the time Aaron was a big fan of Tailscale super short version of Tailscale. It's a mesh network based on wire guard. And it lets your, your computers talk to each other across the internet they're through time and space, no matter where they are. So you can have a laptop in one cafe somewhere and phone and another cafe somewhere else. And they managed to create a point to point connection between them that's end to end encrypted that doesn't go through any relays. And then you can, you know, browse a web server that's running on your laptop from inside your phone. So it's, it's pretty neat from a technology point of view cause it brings you back. And I remember we talked about I P V six and stuff a little bit.

Speaker 4 (00:07:10):
Last time, it brings you back to the way the internet was in the very, very, very early days when everybody had an IP address, nobody had any firewalls you could just run a service and then someone could connect to your service. So it has this sort of like, I don't know, little bit of a retro technology vibe to it where like, this is, you know, like the good old days, you were just joking about movies from 1990, right. Or, or from the 1990s. And like Tailscale is sort of like, well, networking was kind of good in the 1990s other than being slow and unreliable. So if we just like take modern, fast, reliable stuff, but make it good, that will be a pretty enjoyable experience.

Doc Searls (00:07:46):
You know this last week my wife, Joyce and I went to Dewe camp which the internet archive and friends put on in the redwoods in Northern California. And it's all about the distributed web. And it there's an awful lot of, kind of productive nostalgia for the world of the nineties. You know, when, like in my case I had, I had my own IP address or addresses. I had like 16 IP addresses. I had like three or four boxes under my desk. Th those were web there's a web server, there's a mail server. There was a kind of a relay box where I put in articles. I was writing for Linox journal to get pushed up. There'd be a crime job that ran overnight and pushed it up to some other server that, that that Linox journal maintained in Seattle.

Doc Searls (00:08:37):
I was in, I guess I was in the bay area at that time. And that's not even was not only not doable. It's barely thinkable now. And everybody wants to kind of get back. And I'm wondering whether like web three has actually come up as a, a topic also web five, like thank you, Jack Dorsey for giving us that as well. Both of those are kind of aspirational around redistributing power from the, from the big centers to new edges. And I'm wondering if that has any effect on your business or if you just have some thoughts about how that goes.

Speaker 4 (00:09:18):
Well, I think a lot of people are interested right now in redistributing power. I think that's a, we can have a huge economic discussion about what's going on with power and stuff lately, but it's, it's not good news. I think the internet of the nineties, I remember really clearly the optimism everybody had about how it's gonna solve the world's problems, right? Like world peace through better communications and like information wants to be free. And you know, the, the cost of duplicating things is gonna go to zero. And so all these amazing things are gonna be possible and we're not gonna have to, you know, duplicate effort and there's not gonna be bureaucracy, cuz we can cut through that with computers and so on. And it's, it's been really interesting, you know, in the time, since the nineties, I think as a society, we've gotten less optimistic about technology, right? A lot of bad stuff has started coming out. And people have started in particular manipulating the network to produce the bad things where if maybe everybody had been playing on the same side, we could have a much better internet today than we would've had. Does that make sense?

Doc Searls (00:10:20):
Yeah, there there's I, I used to have a series of laws that really weren't, but they were fun to write about. And one of them was progress is the, is how the miraculous becomes mundane. And with tech there's, there's always great optimism. I mean there would not be a wired magazine if there wasn't this great optimism about the future. And it's always gonna be kind of utopian. And that was the case for me. I mean I was labeled, I think correctly, a techno utopian that the book I wrote, the first book, I co-wrote the clue train manifesto was absolutely a, a tech utopian tone. And the opening line with it was we had 95 thesis cuz that worked for Martin Luther. We call it a manifesto cuz that worked for marks and the word clue train is still tweeted some number of times a day.

Doc Searls (00:11:14):
But the opening clue was instead of via one clue to get this year it's that we are not seats or eyeballs or end users or consumers, we are human beings, our reach exceeds your grasp deal with it. And it was addressed to the big companies of the world and that is still absolutely wrong. <Laugh> our reach not only fails to exceed their grasp, their grasp is around our throats and in our brains. And in so many, the other places all the time to the point where surveillance is so normalized that it's hard for people to imagine life without it. And, and we depend on it to some degree. I mean, you know, there's AI in everything and, and we kinda want that to some degree, but so I'm wondering if, but, but that's also tied up with the nostalgia, which is that we did, you know, those of us who were old enough to remember the nineties, we did experience kind of defaulted privacy, kind of like we have in the physical world, we actually were all running around naked, but we at least respected each other. <Laugh>, you know, we weren't busy spying at each other and ad was an ad. It was aimed at a, you know, it was aimed at populations. It wasn't aimed at me. I dunno if you have any thoughts about that or how that fits in with, with where things are going, but I'm sure you do. Yeah.

Speaker 4 (00:12:31):
Well, I mean, just so you know, the chain manifesto by the way is what got me into blogging in the first place. Cause I was at my first, first startup at the time and we didn't really know how to talk to like customers in the outside world and stuff. And I'm like, okay, well, one easy thing I can do is just write stuff and put it online. And to tie that all, all together. I actually, when I started publishing my blog, I actually pulled up all of the other stuff I had previously written and then added it as retroactive blog posts that go into the past. So if you push the back button enough times on my blog and you have to push it quite a lot of times, cause we're up to quite a few articles. Now you can go all the way back to 1995 and read some of my high school essays.

Speaker 4 (00:13:08):
And one of them was actually, I, I remember it pretty well. I read some article in 1995 about how there's in the future. You're gonna be able to just like watch video on the internet and it'll be like on demands. You can just click on a movie and it'll feed you the video right away. And I, my essay was about how, like I was just using dialup internet for the first time. Like that year is like, that sounds like such a depressing vision of the internet. Just the capability to communicate with anybody in the world in real time and what we're gonna use it for is watching movies. There's, there's gotta be more to it than that. And I think, you know, looking back at past me many, many years ago is like, I, I guess I, I had the right idea there that is depressing.

Speaker 4 (00:13:51):
And it happened anyway and that the nice thing is that all of that stuff is able to exist on the internet. Right. You know, I watch a lot of movies on the internet and it turns out to be pretty good. But I also communicate with a lot of people on the internet and that turns out to be pretty good. And I think one of the things you got right in the clue train manifesto was that companies were not talking to people in a productive way. They were treating customers as a one-way communication channel and the most successful companies today don't treat customers as a one way communication channel. They treat them as a, a two way communication channel that also spreads messages on its own, right? That the idea of like memes, not just the images, but memes like concepts spreading between across groups of people as a society who have a way better understanding of that.

Speaker 4 (00:14:35):
Now I think what maybe you missed is that once society learned this, they all decided to take advantage of it to go back into marketing stuff. Right? So a lot of these memes are manufactured by companies and, and stress tested to see which things will spread better. And then the things that spread better, they intentionally push them. And those things spread across the internet really fast. This was something that we had never really expected as a society that when you connect people together with so much throughput with so much ability to communicate with such low latency, with so much fairness where everybody, anybody can say anything that you'll create all of these problems instead of necessarily these good things. And there's this, there's this book by an author. Who's I can't remember the name of the book or the name of the author, which is really inconvenient right now.

Speaker 4 (00:15:22):
<Laugh> but it's a, it's a Canadian author and he wrote this series about it starts off where they're doing genetic modification. People are living under underwater, near one of the coral reefs and they have to do something down there and they had to like modify them and be able to survive at these depths or whatever. But the book just gets into, you know, or the series of books after you get outta that part gets into what society is like at the time. And he absolutely nailed what happened to the internet, you know, years after he wrote the book, right? This idea of like the internet is mostly garbage. Most of the effort that you're spending on the internet is sorting through garbage, trying to find the good parts. And that's not what it was like in the nineties, right. There was just, there was not enough people on the internet to reproducing enough garbage for us to have to sort through. There was actually, you could, it was easier to get the signal out of the noise.

Aaron Newcomb (00:16:11):
It was easier because there wasn't as much, there just wasn't as much mass that you had to weed through. But I don't know. There was a lot of garbage even back then. I remember.

Speaker 4 (00:16:22):
Yeah, there was definitely a lot of garbage, right. Wasn't intentionally created garbage that is like crying to crowd out the significant right.

Aaron Newcomb (00:16:28):

Speaker 4 (00:16:28):
Difference now is that there's, there's this sort of it hard to describe except mathematically, I guess, but like as things get bigger, the probability of something really bad evolving in that thing and then spreading really fast gets higher. So like a small network is less likely to evolve the huge predator that like wipes out the whole network, but a huge network is virtually guaranteed to evolve that kind of predator. Yes.

Aaron Newcomb (00:16:56):
Does that make sense much more a hundred percent does cuz the company I work for does security software. So this makes total sense. But yeah, things like crypto jacking or vulnerabilities, the number of vulnerabilities. If you have 10 servers, you know? Yeah. You may have a vulnerability on one of 'em, but if you have 10,000 servers, you may have a lot of vulnerabilities and a lot of servers leaving you much more exposed. 

Speaker 4 (00:17:19):
Like the very first

Aaron Newcomb (00:17:20):
With the way things are automated

Speaker 4 (00:17:21):
Today, there was something like, sorry.

Aaron Newcomb (00:17:24):
No, no, go ahead.

Speaker 4 (00:17:25):
I was gonna say the very first Morris worm that came out when I think there were like 40,000 people total on the internet. Right. And, and nobody expected like, oh, you could write a program that can just spread itself between computers using a vulnerability. Right. And now we all kind of know that, but like the bigger the internet gets, the bigger these attack or the, the more common these attacks get because one person discovers a problem. And then there's millions of people who have the ability to take this problem and, you know, scalably spread it to as many computers as possible. And this is leading to all of these problems on the internet where we have to lock down our own privacy and, and security and even freedoms in order to protect ourselves against these, these wild predators wander ground that just didn't exist before.

Aaron Newcomb (00:18:09):
Right. Exactly. Yeah. I mean we found in I don't wanna make this too much of a plug, but I, I work on a, a report every year security and container usage report. And one thing we found last year was that 76% of container images are running is root which is a big no-no obviously right, because you're basically exposing yourself. So yeah, you're absolutely right that this has as the internet has grown the exposure level and the ease of which things can spread has also changed cuz everything's automated now, right with containers and, and Kubernetes and things like that. You know, these, we were, we're putting more updates out more often and that is also another vector for, for things to go wrong. So I've got a lot of other questions. One thing I wanted to get to, and then maybe we can talk a little bit delve into some of, one of these topics. One thing I wanted to get into though, was Tailscale and the connection that besides yourself, of course the connection that it has with open source. Can you cuz I know Tailscale's a commercial company, you know, I think you guys just had a really big funding round right earlier this spring, you got our summary that might

Speaker 4 (00:19:18):
Have happened right after I talked to you guys. I can't remember.

Aaron Newcomb (00:19:21):
Yeah. Its like a hundred million dollars, right.

Speaker 4 (00:19:24):
We raised a hundred

Aaron Newcomb (00:19:24):
Million. Yep. That's awesome, dude. That's awesome. <Laugh> but what's the, so what's the connection between this big commercial company and open source?

Speaker 4 (00:19:36):
Well I'm a, I'm a huge open source person I've been doing open source since since I first discovered Linux in 1994. And it's, it is very important. One of the, one of the things I like most about open source is no matter how much I screw up a company that I built along the way at least the open source that I made while I was at that company can survive. So there's like projects from my first startup in the early two thousands that are like still in use today by some by people. One of the weirdly most common ones, this program called WV dial or weave dial, which is a mode dialer for dialup internet, which you'd think by now would certainly have died out. But it hasn't because it turns out people still use it for like dialing on LTE modems that are connected over USB ports that's that are still to this day simulating like ATDT blah, blah, blah mode behavior.

Speaker 4 (00:20:26):
So it's, it's neat that open source lives through the ages like that. And I think Tailscale, we went in and we're like, okay, well first of all, we're a bunch of open source people. We just like open source. We wanna make sure we're doing open source things. But we want to do this open source in a way that's gonna be sustainable. Because there's way too many projects that start off as open source and then get crushed when somebody shows up with a proprietary solution that is better in some ways worse in several ways, usually worse in security and privacy. But they've got the virality thing going and they have money behind it and they're going to push it through regardless. Right. the, one of the things I say to to people at Tailscale is like, look, we, we are good people.

Speaker 4 (00:21:08):
We want to be good people, but sooner or later, the Facebook of networking is going to appear. And our job is to stop the Facebook of networking from taking over this time. I guess I don't like to be, I shouldn't be too hard on Facebook, but I, but I am hard on Facebook. I think there's a lot of evil that comes out of Facebook on purpose. Right? There's, there's a difference between like, oops, I accidentally stepped on something and destroyed it cuz I'm huge versus like I just don't care. I, I think I want to eliminate this thing and destroy it. Right. And, and yeah, but the network effect that drove Facebook to this huge success is, is unstoppable when it's done well. Right? So you don't want to be the lose losing side in a battle of network effects or all of the work that you do is wasted, right?

Speaker 4 (00:21:56):
So Tailscale is this in this really interesting spot where we want to make, make an open source system, that's going to improve the state of networking. And that does tie back to the stuff I was talking about where big networks are less secure Tailscale. The joke behind the name is it's it's the opposite of internet scale. <Laugh> if you make small networks, the small networks won't evolve, the kinds of threats that big networks will have. So what we really want is a whole bunch of small networks that you can interconnect in Safeways, right? But by doing that, we have to be really careful about the virality and the way things spread to make sure that we, the people who are trying to build something good, don't get trampled on by people who don't care about that stuff. And so it's a really interesting line that we end up drawing almost all of Tailscale is open source.

Speaker 4 (00:22:42):
The exception is some of the proprietary, some of the like front ends for proprietary operating systems like windows, for example the front end is not open source, but you can install the, the Tailscale code from the open source repository and rented on windows and it works fine. And then there's the control service that like coordinates all of your nodes together and keep that part proprietary just as a way of having a central focal point of being able to push updates and stuff like that. And that's, that's important because a completely open standard would be too slow to evolve and that would create fertile ground for somebody with fewer ethics than us to come in and create something that's more centrally controlled and more viral. Now that said there is an open source Tailscale control server called head scale. It wasn't created by us, but we sort of support the developers of head scale. And so you can run a fully open source Tailscale environment using head scale if you want. But naturally, you know, our, our job is to focus on the Tailscale server. Does that make sense? That was a long story. <Laugh> I,

Doc Searls (00:23:42):
I, I like the head, the head and tail bookends for that. It's a, this is a really rich and important thread, but I have to interrupt it and let people know that this episode of Flo week is brought to you by Kolide, that's Kolide with a K it admins often feel like they have to choose between their commitment to cyber security and their duty to protect employee's privacy. Naturally you need to safeguard company data against hack and breaches, but you don't want to turn your workplace into 1984. Traditional MDMs, give the it team complete access and control over company devices. But since employees are inevitably going to use their work laptops for personal activities these tools could saddle you with surveillance capabilities. You never wanted like access to photos and browser history. And before you know it, your end users are complaining about all security agents showing up in their laptops.

Doc Searls (00:24:37):
Developers are frustrated by the lack of autonomy. People start secretly working on their personal devices to get things done. It's easy to fall into the trap of top down security, but that's not the only option. Kolide is an end point security solution built around honest security. Their philosophy is that employees aren't your biggest security risk, their, your biggest allies and your relationship with them should be based on transparency and informed consent Kolide works by notifying your employees of security issues via slack, educating them on why they're important and giving them step by step instructions on how to resolve them themselves for it. And security teams Kolide provides the right level of visibility for Mac windows and Linux devices, and it addresses high risk issues that can't be solved through brute force or automation. What's more, your end users can see exactly why and how every piece of data is being collected via Kolides user privacy center and their open source code base. You can beat your security goals without compromising your values, visit to find out how, if you follow that link, they'll hook you up with a goody bag just for activating a free trial. That's K O L I D

Doc Searls (00:26:02):
Okay, so, so, so this is, there's sort of two topics going on here. Every one is how open source the company is. And and also this transition from new to hot to big that we talked about last time. So so we don't get too far down that it might be a rat hole, but it's, but you've, you've obviously crossed the chasm here. You just got a big funding. You're gonna be big. You wanna be big, I assume, or big enough? I don't know what I mean, big is relative. But also in your last blog post, which by the way was last year and you haven't blogged yet this year. So that's interesting to be as well. Yeah. I mean, I've, I'm blocking much less frequently than I used to as well. I, you made this wonderful distinction between free software as a, as a, as a gift and open source as something else. And some G really great quotes on that. I, I advise people to go looking at, at the at, at his blog for, for this stuff. I, I, if you remember it <laugh> remember when you wrote there, do you wanna revisit that for us? Because I think it's an, I it's important a distinction in part, because most people don't understand free software. They kind of understand open source cuz it's simple, you know, it doesn't have right. The gift property, but the gift property of, of free software is pretty important. I think.

Speaker 4 (00:27:34):
Yeah, I wrote, so I wrote this. Yeah. I wrote this article in response to, it was several months ago now, but the whole log for J curfuffle and I didn't mention log for J by name in the blog post, cuz I don't think log for J deserves to be dragged through the bud necessarily. But they, I was, I was sort of getting grumpy about the online discourse about how log for J how did this bug even happen? How do we get rid of this problem? Like what's wrong with the developers? How come they're not fixing it? And it's like, well, look, these are people who are donating their time to work on this library that last week you all thought was great. And now they found a bug and actually they they've issued a release or a fix for this bug like two days or something after the, the announcement came out.

Speaker 4 (00:28:16):
But there's millions of different applications cuz it's Java and everybody like embedded the library and these apps. And so this, this bug is, is super widespread. And so people are like, well, you know, we can solve this problem by paying more money to open source developers or turning them into real companies or starting foundations or all this stuff. And then, you know, my, my response to that is like, actually, those things are not, not very fun, right? When you, when you're being paid to work on something, it feels completely different than when you are working on something for fun and then giving it away. And I think people, especially the recipients of those, those software, the, the resulting software don't necessarily understand the different motivations that people have. So going back to Tailscale, we're a company we're making open source, we're doing it on purpose because we have a mission that we want to accomplish.

Speaker 4 (00:29:06):
We do have quite a bit of money behind Tailscale. Now we can afford to ha to pay people, to read your emails and answer your questions. And we do pay people to read your emails and answer your questions. That's very different from a pure what I would call free software project, where they're doing it as a gift to the community, right? They're they're giving you something that they thought was cool, but that doesn't create any responsibility to necessarily do what you want them to. Right? And so the people who show up in GitHub, bug trackers and, and start complaining about free software developers, not implementing their pet feature fast enough for them. Those people are not being reasonable and they're, they they're making it less fun to give the gift that is free software. Whereas when people show up in Tailscales, GitHub repository and complain that we're like our we're doing the wrong thing or our, our ideas are wrong or nobody's gonna buy a Tailscale.

Speaker 4 (00:30:00):
If it's missing this feature in this feature, that's actually a, that's different because we have people whose job it is to read that stuff sort through it try not to get too emotional about it and then set a project roadmap and so on. So I was trying to draw the distinction in there that like, look, there's, there's a difference between what I would call the gift economy that free software started and the interchange of sort of like the market economy that open source and startups are part of. But when you open up a project on GitHub, you can't necessarily tell which kind of project you've landed on. And the ideal way for you to interact with the developers is different depending on which, which kind of project you landed on. Does that make sense?

Doc Searls (00:30:43):
I, I think so. It's it, it's actually, there's almost like two different moral systems involved and, and a point you made is that when you gifts are up to the giver, it just really not up to the receiver. And there's a when you start paying for it, it becomes a transaction. It ceases to be the kind of relationship you get with a gift. 

Speaker 4 (00:31:08):
Yeah. The analogy analogy I used in the article was if someone gives you a gift, you say, thank you, right? Cause if you say like, okay, that was, that was not great. Next time you get me a gift, here's a hundred dollars and just get me a gift. That's a hundred dollars more valuable. Then the one you would normally have gotten me, that's like an incredible social fo PA, right? Like if you did that, people are gonna be incredibly insulted. But this is kind of what people were suggesting is the solution to the log for J problem's like, well, we should just give them more money. And then all of my problems will go away. It's like, well, they didn't do this for money. When you give them money, it completely changes the motivation. And we, we know this like many, many times as it come up in, in social studies and even in companies, when you reward people with money for doing the right thing, it often results in people doing less of the right thing.

Speaker 4 (00:31:57):
Cuz they'll try to, they'll start, you know, your, your mind is just wired like this, you'll start gaming the system to try to maximize the dollars. And most of the time, the good stuff that comes out of these, these gifts is things that you would not have gotten just by spending money. Another example I gave is like, look, some, someone can give you a gift of something you never would've bought for yourself. Right? That's what makes it different from a market economy. If they just gave you money and you went and spent that money, you would've never gotten the thing, but this thing might actually be perfect for you because it's coming from somebody else's perspective and they maybe UN understand a need that you have better than you understand it yourself. And so the value of this free software of people producing what they want to produce and you benefiting from it, it is a value that you can't get any other way. It's not something that comes out of a marketplace.

Aaron Newcomb (00:32:45):
Yeah. I think it's a really good explanation and one that's needed. I mean, I remember back, you know, in the early days when, when I was a bit more of a zealot around open source, you know, it was, I only wanna run open source. I don't wanna work with a company. You know, I, I, I, I'm gonna, I'm gonna create this, this wall where no companies are gonna come in and I'm only gonna use open source. And then you realize, oh yeah, I've gotta hire a ton of people to be able to manage this. Because like you said, you're not gonna be able to nobody's on the hook necessarily to support your particular pet project or pet feature that you wanna get implemented. And so I think it's shifted at least I hope I'd love to get your, your opinion on this, but I think that the sentiment has shifted somewhat towards it's okay if you're not entirely open source, but if you're a company that supports open source, if that's part of your ethos, if that's part of your, if a priorities for your company, then I wanna do business with you because it's a win-win for me.

Aaron Newcomb (00:33:42):
I wanna use your product and get support for it. Right. But at the same time, I wanna know that the money that I'm paying you for that project, some of it at least is going towards supporting some sort of open source project at the same time. Does that, do you find that as well?

Speaker 4 (00:33:57):
I've definitely. I've definitely lived through a shift like that. It's interesting cuz I'm not sure individuals have shifted down this ethos versus more people just showing up. I think if you, if you go to the Linux kernel mailing list today you'll find a lot of the same kind of people that you found in like 1994 that are just as grumpy about anything proprietary as they were back in 1994, it's just that the world has become flooded with, with what I would call startup mentality, which is different from open source or free software mentality. And those two open source and free software were already slightly different points on the curve, right? Yeah. I think, I mean, I personally, I really appreciate what startups do for the world. I think it's a lot better than what we had in the old days. Back back when we got the flu train manifesto, right?

Speaker 4 (00:34:48):
When it was mostly mega corporations trying to talk to us, startups have a much better incentive to listen to us, at least find the right group of people to listen, to and build exactly what that group of people want. Whereas mega corporations have an incentive just sort of make more or less genericized products that will appeal to millions and millions and millions of people sort of like the Marvel studios of the movie world, right? Where startups can, you know, like the indie developers of the movie world where there's many of them. And as long as you can find the startup, that's right for you, they ha have a huge incentive to make stuff that's good for people like you. And I think that's valuable. There are a lot of downsides to the way things have gone in the startup world. I think they do suck energy from the open source free software world.

Speaker 4 (00:35:33):
And in some cases the, the open source version would've been better. One of the worst things about startups is if in many cases they don't open source all their work. So when, or, or they don't create an open development methodology, even if they did open source their work, right? Like a develop, an open source development team, won't just appear out of nowhere just because you open source your project, right? So you get pro companies like quos, for example that was doing some amazing stuff, but they rented a money. They got acquired somebody shut it down. And now even though the quos code is sitting out there, anybody could grab it and pick it up and maintain it. Nobody does because that's just not where the energy is. Does that makes sense

Aaron Newcomb (00:36:16):
If it makes total sense? So what's the, I mean, what's the solution. Is there a solution? How do we, how do we work this out?

Speaker 4 (00:36:23):
I think, I think we're gonna keep evolving. I think, you know, what I, what I said at the end of that essay that we're linking to is basically like, I don't have all the answers. And I think society itself does not have all the answers. I'm really excited that each iteration seems to be making things better overall, but each iteration has advantages and disadvantages compared to the previous iteration and the iteration we're on right now, which is like, everything is a startup. If I go to a, I remember doing this a few years ago, I went to a, some little conference where I did a lightning talk about one of my open source projects and somebody in the question and answer part is like, well, how are you gonna monetize this? I'm like, well, I didn't intend to <laugh> I'm just giving you this free thing.

Speaker 4 (00:37:05):
It, doesn't not everything in the world needs to be monetized. Right. and, and I think that is still true. I think we're right now in sort of the fad of like monetizing everything. We need to get a little bit back to like, you know, sometimes it's okay just to do things because that's something nice that you can do for somebody. Right? You could argue that a lot of the problems with culture and society and politics right, right now is because we've sort of forgotten this super simple fact that if you just keep doing a little nice thing for somebody every single day, the accumulation of all those nice things is gonna make your world a nice, a nicer place to live. And it, you don't have to get paid every time that happens. And it's kind, it's funny saying that as the CEO of a company that just raised a hundred million dollars, right?

Speaker 4 (00:37:48):
Because obviously we have, we have a profit motive, we are capitalists. We wanna make money and we're going to spend this money to do good things, but it's really important to us to try to find this balance where like we are doing things to make the world a better place. Money is a tool that makes it possible for not only for you to do good things that make the world a better place, but for you to do it in a way that's sustainable. So you can keep doing that for years and years and years,

Doc Searls (00:38:20):
We're having a little debate in our, that a debate on our back on our little back channel here, we have, we have people in the in a, in a, in a IRC chat. And and and I have questioned I've I we're backed up on questions is what basically what we're saying. And Aaron is there. Cause I haven't been looking at the back channel.

Aaron Newcomb (00:38:39):
I I've got, there's a few questions from the chat room, right. So there's one from anonymous user who is asking about how to connect home router. So this is about Tailscale itself, the technology. Sure. And they're actually, and

Speaker 4 (00:38:53):
Maybe we should talk about how we keep forgetting.

Aaron Newcomb (00:38:55):
Yeah. A little bit. I know, but we're so excited about open source here. But they're asking like basically how to connect home, routers behind ISV firewalls. And I guess I kind had the same question, like when you have by default automatic levels of either VPN or what have you how does Tailscale actually operate in those environments?

Speaker 4 (00:39:15):
So yeah, so that is, that is the neatest deepest part of Tailscale is we, we play some really interesting tricks that are called as a group is called natal. That lets you allow an incoming connection to your device that is behind possibly multiple levels of firewalls. And you can create that incoming connection from another device that is also behind possibly multiple levels of firewalls. And that is not supposed to be possible. Right? That's the point of a firewall is to stop the incoming connections. But the, there is this, I guess, loophole, we think about connections as being one way or another. Like you make an outgoing connection from behind your firewall out to a server and we call that an outgoing connection. But the truth is it was only initiated in the outgoing direction, right? Once you've made that connection, the server needs to send stuff back to you, right.

Speaker 4 (00:40:07):
That's just sort of, that's how the internet works. I go to a web server, I say, give me this and it's it sends you some stuff back. Because that always has to be possible. It is possible to trick your firewall into letting stuff back in that looks like an incoming connection. So what you do is you create an outgoing connection to basically nowhere land on the internet. Like you send a packet out to the middle of nowhere and it doesn't land anywhere. It just, it disappears into the, the ether, but you've now created a note in your firewall's not layer. The firewall says, okay, well, if anything comes back for that, I have to let it back in. Cuz connections are always too directional. And so the other end that you want to create a point to point connection to does something similar. And if they have a side channel that they can use to coordinate with each other, then it's possible for them to both send a packet out to the same place in the middle cross ways.

Speaker 4 (00:41:05):
And then the packets from each one you eventually can get through the hole that was punched by your first packet that you send out in the first place. So that's a little complicated, you can find, you can find an article on called how natal works. If you just Google for the, the exact term, how natal works Google will find your article. I think it's the top link. And it is very complicated and there are lots and lots of super weird edge cases to make all of this stuff work and all kinds of tricks. And there's U PMP and there's Nat PMP there's CG nets, all of this stuff. But the super short version is like Tailscale does that. Right? And, and once you've done that, that is basically what our product is. Yeah, you found it Dave Anderson.

Speaker 4 (00:41:51):
Once you've succeeded at punching those holes and making those connections happen, then you can layer some really fun, magical stuff on top of that because you can make the internet work the way, any way you want, even though modern internet has firewalls and nets everywhere. And it's just a matter of what we call like double opt in. You can't connect to anything on, on the internet. You can only connect to the things that let you connect by both of you opting into that connection at the same time. It's a really interesting, you know, we talked a little bit already about, you know, society and you know, the huge internet creating a possibility for attacks the attackers on the internet, can't attack you if you don't opt in to accepting their attack, right? That's the neat thing about this method. So you don't exist really, unless you're talking to someone who you've agreed mutually, that you're both going to exist at the same time.

Speaker 4 (00:42:46):
And so it's, it's psychologically it's or, or sociologically. It is a fix for this problem of the internet being too big. And that, again goes back to the name Tailscale. Like we are creating small networks, we're dealing with the fact that not everybody has a public IP address anymore. Cause there aren't enough public IP addresses and I P V six, didn't roll out sufficiently to fix that problem. You don't need a public IP address anymore because we can make you exist through this, this kind of magical system. Is that answering the original question? Cause I feel like, ah, it might have been too deep.

Doc Searls (00:43:17):
It, it does. And, and there there's more questions piling up there. I have, I have one as well, but first I have to let everybody know that this episode of FLOSS Weekly is brought to you by I R L an original podcast from Mozilla. I roll is a show for people who build AI and people who develop tech policies. It's hosted by Bridget Todd. And this season of IRL looks at AI in real life. The show features fascinating conversations with people who are working to build more trustworthy AI. There's an episode about how our world is mapped with AI. The data that's missing from those maps tells you as much of a story as the maps themselves. You'll hear all about people who are working to fill those gaps and take control of the data. There's another episode about gig workers who depend on apps for their livelihood.

Doc Searls (00:44:06):
It looks at how they're pushing back against algorithms that control how much they get paid and seeking new ways to gain power over data to create better working conditions for political junkies. There are episodes about the role that AI plays when it comes to the spread of misinformation and hate speech around elections, a huge concern for democracies around the world. On, on, in the case, we never get political on this show, but that particular episode is really relevant because there's a gigantic AI is basically has an enormous influence over, over how we get our information and, and how, how that all works. So I highly recommend that. So search for I L in your podcast player will also include a link in the show notes, my thanks to IRL for their support. There's an interesting thing for those of you who did not hear the ad, <laugh> it, it brings up a, a, a topic of motivation.

Doc Searls (00:45:04):
And I, I want to visit this because there's a, at this thing I went to, there was one programmer, I guess we call it all developers now, but anyway, a, a true, a kind of known 10 X quality programmer who, who got, who managed to bid up the nonprofit he wanted to work for on free software to like a salary of $87,000 by telling them that he actually had a standing offer for $300,000 from from a major company. And it was gift in there. I mean, what he wanted was to give in a way, and though there was a transactional side to it, <laugh> in the way that he pitched that. So I don't know if you wanna talk on that particular topic, but I, but I'm also thinking about employees cuz in the last two years you know, nobody wants to go to the office anymore.

Doc Searls (00:46:07):
You know, my son works in a for recruiting company, another startup. And, but a lot of 'em are willing, you know, I mean, there's so many variables thrown into here that weren't there before the pandemic, you went to a rectangular building and you sat in a cubicle or in your own office or in your own rectangle. And even if they gave you free food and stuff like that, well, you've got free food at home too. You've got your own fridge, you know, whatever it is. So I'm wondering how that, how that factors for you, especially as you're growing and you're recruiting people.

Speaker 4 (00:46:41):
So I think most important thing to know about compensation. And there's been many studies that say this, but you can, you can put it in, in one sentence. Money and compensation are primarily a DET, not a motivator. And what we mean by that is if you're not getting paid enough, then you might be angry. You might not be able to afford to do the thing that you want to do, right? Like there's a, there's a certain amount of money that you simply need in order to be able to get stuff done or to feel that you're being treated fairly or to feel like, you know, you're not just getting ripped off by your employer or, or whatever. If you, if we pay you too little, it's easy to imagine that your productivity can drop nearly to zero. If we pay you twice as much, it's unlikely that your productivity is going to double, right?

Speaker 4 (00:47:28):
There's, there's a threshold beyond which more money is that is hugely diminishing returns. And that, that is not, you know, an excuse for companies to just like pay people less money. But it's important to understand that when someone is, for example, talking to a non-profit that they wanna work for doing open source and they're comparing that job offer versus getting paid four times as much to work at a big corporation doing proprietary software. It's not that shocking that they might still choose to get paid $87,000 working at open source, right. As long as that $87,000 allows them to meet their life obligations and feel like they're not being ripped off then they can be fully motivated and do a great job, right. But if the difference between $87,000 and $60,000 is, you know, not being able to send your kid to childcare, then it is going to impact your, your life quality.

Speaker 4 (00:48:25):
Right. And so I don't think there's anything unethical about bargaining up your, your salary, even at a non-profit to work on open source stuff. It's, it's just about what makes you take, right. And the people who are hiring, you have to have to understand how that works. I think it would be, it would be a strange world if non-profits working at open source, ended up paying as much as big companies working on proprietary stuff, right? Because most big companies working on proprietary stuff, you know, the employees are doing it mostly because the people are telling you to, right. Whereas people are doing it out of, you know, love and contribution and open source. Right. but it's also, I want to draw a distinction between that and working on open source for $0, nobody really actually works on open source for $0 because people have life things they have to pay for.

Speaker 4 (00:49:19):
Right. When I do open source for $0, I'm actually doing open source on the side of getting paid for something else that I did. And that I think it's unfair when we criticize people who want to get paid for open source, just because somebody else like Avery can do open source for $0. It's not really $0. Right. And, and because my open source, you know, actually Tailscale, I do get paid to work on open source cuz I've started the company and pay myself. But in that like purified version, I work on open source projects that, that are not part of Tailscale. Oh, I lost my train of thought

Doc Searls (00:49:58):

Speaker 4 (00:49:59):
This was really important. I forgot.

Doc Searls (00:50:02):
I know. Yeah. We were also type it's back here.

Speaker 4 (00:50:06):
Yeah. When I, when I'm getting paid for one thing and I use that money to then go off and do another thing that can be okay, but it does create mixed incentives. And it means that the thing I'm getting paid for can sometimes steal me away from working on the thing that I might do for free. And to go back to your question of like, Hey, how come Ari hasn't written any blog posts lately? A super simple version of that is I've been really busy at work since we raised this a hundred million dollars. And I don't have time to go write blog posts. <Laugh> but that's, that's actually, I mean, totally reasonable, but you can see that there's a, a split incentive there, right. Because I'm getting paid for work. And also a whole bunch of people rely on me daily. I can't go off and do this thing that I might've enjoyed doing that would've benefited society that I don't get paid for that isn't tied to the company. Right. So someone who negotiates the salary up so they can work full time on an open source project might be doing the best thing for society.

Speaker 4 (00:51:01):
Does that make sense? I don't know if that was necessarily what

Aaron Newcomb (00:51:03):
You were going for. It totally makes sense. No, it totally makes sense. And, and Doc , jump in if you wanna follow up on that, but I think I do wanna get back and I know we're kind of jumping back and forth a little, but I wanna bring in a couple more comments, which I think are interesting from the chat room. And one is, we may have already inter answered this with your last question, essentially. But reverb Mike who's a regular, I would say for, I don't know how long forever in the chat room wanted to, was asking about the mesh network. Like, is, is this basically a mesh network and how do you keep that mesh network safe for all the nodes? Is, did you kind of answer that with the last one? I'll let you decide if that needs more explanation.

Speaker 4 (00:51:44):
So that's, that's basically the other half of the expedition of what tails kill is. Luckily we have a blog post for that too. It's called how Tailscale works which can also Google for and it has lots of nice diagrams. I actually wrote that one in the pretty early days of Tailscale. And at the time some of that was aspirational. We had not implemented all the stuff and how Tailscale works at the time we published how Tailscale works, but now all the stuff in there is actually done. So the super short version is there is a, we split the concept of a data plane in a controlled plane and anybody who's built data centers, especially with software defined networking is probably familiar with this kind of stuff. Anybody who has set up ubiquity, wifi routers, for example, they understand the idea of like there's a control thingy.

Speaker 4 (00:52:25):
And then there's a bunch of devices that are controlled by the thingy that actually wrote the traffic, right? That's the data plane, the control thingy is the control plane. So Tailscale's control plane is centralized all of the instructions for how to connect up, who gets, which keys and so on come from this controlled server. And then the actual devices do the process of connecting to each other and sending, routing the data back and forth. And they do that by trying to create these point to point connections between each other. So the data plane is extremely efficient and very important to our business model. Doesn't send the data through Tailscale, which means we don't have to pay for it. It's also a benefit for your privacy. And it's also end end encrypted. So these devices are generating private keys for themselves, and they share the public keys with the control plane, which then redistributes those public keys out to the other devices on your Tailscale network.

Speaker 4 (00:53:16):
But the, so the total amount of traffic on the control plane is quite small, which keeps our costs slow. Almost all of, of your data. Traffic goes just directly point to point in this me network. So you don't need to set up a single like VPN concentrator, which is the normal way of VPN works, where you basically have everybody connect to the same VPN server. And then the VPN server is like the exchange point. So you send something in and it bounces it back to you. One of the other nodes you're trying to talk to your traffic actually goes directly from one node to another. Even if they're on the same network, they can actually create a connection directly on that network without going to the internet and back. But it's still an encrypted connection between those two devices. Does that make sense?

Speaker 4 (00:53:56):
So it, it really is like a true mesh network. It's what we call a mesh overlay network, which is a little bit different from say a wifi mesh or a, a like what do I call it? Metropolitan area network, one of those free mesh providers because the wifi mesh same concept, but it's at the physical layer. And it's actually really difficult to build meshes at the physical layer as anybody who's tried to do it would know. So Tailscale just builds this mesh on top of the existing internet. So all of the difficult stuff of the physical layer has been solved by somebody else. Tailscale just solves the virtual layer of creating what looks like a land from all of these devices that are scattered physically everywhere.

Aaron Newcomb (00:54:34):
Right. Makes sense. But doesn't that, and I don't wanna take up too much time here cuz I know we're kind of getting towards the end of our time, but doesn't that affect performance though, when you do it that way, how does that not affect performance?

Speaker 4 (00:54:46):
Well, it affects performance in that it makes performance really good. <Laugh> so the nice, the nice thing about these peer to peer direct connections, first of all, the encryption at, at the data plane is done by wire guard, which we barely mentioned, I guess so far, but wire guard is this sort of new futuristic VPN protocol invented by Jason, Don and Feld. It's now part of the Linux kernel. Although in Tailscale we use the wire guard go user space implementation. It is, is kind of like IP sec, except if you can believe it, the amount of code in wire guard is something like less than one 10th as much code as IP sec, while still being faster and more secure. And you can trace its history you know, or the, the, the lineage of wire guard back many, many layers, but the, the first layer back is called the noise protocol, which is what signal uses the encrypted instant messenger and signal is, is really like if you read the papers about how the signal instant messenger works, it is, it is leading edge in terms of actually protecting privacy and security in this really interesting way that is hard to screw up.

Speaker 4 (00:55:50):
There's also a, a, a really great blog post by Moxi Marlin spike about why signal is designed the way it is with a central control plane, not being in a completely open source federated system. Which matches a lot of why Tailscale is not a completely open source federated system, even though in both cases, most of the code is open source.

Aaron Newcomb (00:56:12):

Speaker 4 (00:56:12):
Does that make sense? The performance is really good because you're not routing through a center point. It's just like your device is talking directly to each other over this like space, age, new protocol. That's really fast.

Aaron Newcomb (00:56:21):
Right. You're eliminating the number of hops and a lot of the noise at the same time. Right, exactly. So yeah, really cool. One more question from the chat room. Well, it's actually a comment that I thought, and we may have even talked about this last time, but because I'm into retro computers and fixing vintage computers and history of computers, I found it really interesting. But Gumby basically said this was kind of the feel of computer science and the internet such as it was in the eighties. So we talked about the nineties when the internet was first starting, people were throwing up all kinds of, you know, really bad looking websites and things. Right. but just before that, in the sixties, seventies and early eighties you had, you know, ARPANET and things like that. And it sounds like that's actually more akin to what you're talking about, cuz basically, you know, the ARPANET, you couldn't just get on the ARPANET, right? You, somebody had to like say yes, you can get on and oh, by the way, it takes this expensive hardware. So you have to be a university or something. That's a different story. But it sounds like it's kind of the same thing. You're kind of limiting the number of nodes and, and what you can have on your particular network. And it really is kinda like a lot of little ARPANET set up everywhere.

Speaker 4 (00:57:30):
Yeah, I guess that, that is a good way of thinking of it. Obviously the hardware is a lot less expensive than in the ARPANET days cuz you didn't need any special hardware to do it. And that's one thing that's great, but yeah, you're building your own little, I probably the eighties is a better analogy than the nineties cuz by the time the nineties came around, we were already seeing like ad supported websites and stuff. And I guess, you know, your Tailscale network is not ad supported. You connect up to it and it's just like, you know, real freedom now there's there's buttons where you can then invite your friends to share some of the devices on your Tailscale network. If you're a company, of course you can connect multiple peoples, the Tailscale network and there's access controls and stuff like that.

Speaker 4 (00:58:03):
But it's all kind of optional. So they like basic version where you're just connecting some phones and some raspberry pies and some laptops and some desktops and some cloud machines together is really, really simple. You just install the package, you log in through your favorite identity provider and that's it like you just basically click log in with Google, then you log in with Google and like all the devices that you logged in with the same Google account now can talk to each other. Right? So it's kind of this, this super beautiful, like there's, you don't have to think about it, but a huge amount of machinery has gone on behind the scenes to make it just magically work. And we have DNS. So you can like, as soon as you do this, you can ping host name of one of your devices and it just, it finds the red IP address and you can ping it, right?

Speaker 4 (00:58:46):
We have this new thing that we just launched about a month or so ago called Tailscale SSH where we automatically distribute SSH keys for you. So you can then just like SSH into your Linux machine and you didn't have to get your public key for SSH distributed to the right place by hand, which makes it a lot easier using an iPad or something, which is notoriously hard to get SSH keys onto there's an app called blink shell for iPad. If you have that and you use Tailscale SSH, then you simply go into blink shell. You SSH to your Linux machine and it just magically works without you thinking about anything. Right. And so it really feels like, like the olden days of the internet where you were allowed to have a three letter password and just like telling that to machine and it would work.

Aaron Newcomb (00:59:26):
So is this something and this will be my last question. I swear, I, cuz I could go on for a couple hours. But is this something I could use for like to secure all of my T stuff, that stuff that has those default passwords that like, you know, are, are expose you so much to things coming in and perhaps hacking into your little devices that you're not even seeing. I mean, is this something I could create my own little network, put all my IOT stuff on there in my house and then I don't have to worry so much about exposing it.

Speaker 4 (00:59:58):
So IOT stuff is slightly tricky because it tends to be proprietary software running on this IOT stuff. So you can't really install tax

Aaron Newcomb (01:00:05):
Well, not my IOT stuff.

Speaker 4 (01:00:07):
IOT device. Oh, well if you're running, I mean, so is this I don't know if you're familiar with home assistant. I imagine you're probably a hundred percent

Speaker 4 (01:00:13):
Yeah, so home there's, there's a home assistant like in the home assistant app store or whatever it is, you can download Tailscale and it just like instantly makes it, so now you can connect all your IOT stuff over Tailscale from any of your devices, even when you're not at home. And it's, it's super slick. Cool. I can't fix the problem where your proprie, where proprietary IOT devices will grow out to the internet and download viruses or whatever. I, I would like to be able to do that. You need a little more control over the, usually the wifi router. I look forward to a day when wifi routes automatically sort of isolate these devices so they can't hurt themselves. And then you could sort of UN isolate them by using a Tailscale network on top that only allows things that should be able to connect to them, to connect to them. But we need assistance from a wifi router to be able to lock these devices down in the first place. Does that make sense? Cause there just total sense, just like, you know, head, head slapping, like terrible code that should not be allowed to talk to the regular internet, but disconnecting them from the regular internet is a, is a job that Tailscale itself cannot do. It can reconnect you to your private network once you've saved them from the, the dangers of the internet. Right?

Aaron Newcomb (01:01:22):
Yep. Yep. Makes sense. And I think Doc is trying to talk he's but he's muted or something.

Doc Searls (01:01:30):
I yeah, cause my other mic, I actually have, I have a physical cough button, like they used to have in radio, if you remember what that was. Yeah. And, and so now I have to hit it's all software. What I was saying is we're out of time <laugh> so Hey

Aaron Newcomb (01:01:49):
Doc, you can't cut us off if you're on mute. So

Doc Searls (01:01:51):
I know, I know it's like gotta go like this, what what's gonna happen.

Aaron Newcomb (01:01:56):

Doc Searls (01:01:57):
Nothing. So just to I'm just going to, oh no, I can't ask that. Cuz it's gonna get us into a thread. We we're gonna have to have you back in another fewer months next time because you're moving fast, dude. So this, this is cool. <Laugh> so let, let's just go to, you know, a question we asked last time probably people have forgotten. What's your favorite text editor in scripting language?

Speaker 4 (01:02:24):
Ah, well say redundant. We did talk about that last time. My favorite text editor is one called Joe Jo zone editor. Yeah. It came with slack wear back in 1994 when I first installed Linux and I I've sort of just got used to, it has word star key bindings. I'd never used word star before. I'm quite that old. But I know the word star key bindings in case I ever read into a retro computer with word star on it and scripting language. I'm a big Python person, but I've been sort of basically all my coworkers are go people. So I've been shoved pretty, pretty heavily to go lately, which is arguably not a scripting language, but it's replacing a lot of scripting languages.

Doc Searls (01:03:01):
That is great. That is great. Do you use Joe? Aaron?

Aaron Newcomb (01:03:05):
I did. I remember. I remember it fondly. I don't use it anymore, but yeah, I do. Joe

Speaker 4 (01:03:10):
Is still maintaining it.

Aaron Newcomb (01:03:12):
Oh, that's awesome.

Speaker 4 (01:03:13):
There's there is, there is an, a free software gift for you. This guy just keeps on going.

Aaron Newcomb (01:03:18):
I had no had no idea by

Speaker 4 (01:03:20):
Himself maintaining this text

Aaron Newcomb (01:03:21):
Editor. It brings back a lot of nostalgia for the the mid nineties and trying out Linux for the first time. So yeah,

Doc Searls (01:03:30):
It makes for me of like stumbling over word star way the hell back when, so

Aaron Newcomb (01:03:35):
I could go grab my T RS 80 model three, which has I've got the word SAR dis for if you want. And I break my back, but I can, I

Speaker 4 (01:03:43):
Added heres maybe cocoa cocoa one was what I got started on computing and then the cocoa three was my app. Me

Aaron Newcomb (01:03:49):

Speaker 4 (01:03:49):
Big upgrade. Wow.

Aaron Newcomb (01:03:51):

Speaker 4 (01:03:53):
Assembly language in OS nine. That was the, I couldn't afford the se compiler or the hard drive.

Doc Searls (01:03:58):
Oh yeah. That,

Aaron Newcomb (01:04:00):
Those were the days you,

Doc Searls (01:04:01):
You can now. So thanks so much, Aaron. And, and, and, and <laugh> and Avery two A's and I'm going left to right in my visual here <laugh> for coming back, even, it was a little bit of an error to give you back so soon and you got a hundred million bucks of me time. So it's like this there's, there's, there's a lot, there's a lot going on there and this is just fantastic. We will have to have your back soon. So thanks a lot. Right.

Speaker 4 (01:04:30):
But not so soon.

Doc Searls (01:04:32):
<Laugh> well, maybe we'll see. We'll see.

Speaker 4 (01:04:35):
Anytime you want, I'm happy to talk about whatever. Yeah.

Doc Searls (01:04:38):
Thanks man. So Aaron, that was good. <Laugh>

Aaron Newcomb (01:04:44):
Yeah. You know, we, we had the same last time we talked, we had the same feeling. Right. Which is just, it's nice to talk Tory. He's got a lot of ideas. He thinks about this stuff all the time. He writes really good thoughtful blog posts without any ads. I know I brought that up last time, but I love his blog because it's kind of ad free

Doc Searls (01:05:03):

Aaron Newcomb (01:05:03):
And there's no, no, no distractions. Right. It's it's a focus reading.

Doc Searls (01:05:07):
Doesn't no knock on WordPress, but it doesn't look like WordPress as well.

Aaron Newcomb (01:05:11):

Doc Searls (01:05:11):
Yeah. Probably know maybe it is, but probably not. Yeah,

Aaron Newcomb (01:05:15):
Probably not. But yeah. So, so it's just nice to talk, talk to Avery, you know, and obviously, you know, Tailscale seems to be doing really well as a startup. So that's good to see. It's not easy running a start having, you know, working at a startup myself. I can say it's this is not easy stuff. And it complicates things even further when you're trying to balance open source, you know, priorities as part of your business. And so the reason I say that is because it really does say something about startups and companies like this that decide to make the commitment to open source, whether they grew up out of open source or not. And so, you know, I think we should all kind of applaud companies, especially startups when they're so busy, you know, trying to build their company and, and respond to their investors and things to say, no, look, we're gonna make this a priority and we're gonna stick with it. It really says something about the integrity of the, the people that work there and the founders. So I just really appreciate that he has that ethos.

Doc Searls (01:06:09):
Yeah. And I, I, I advise people to look at his that last blog post because it's, it's the first time I've seen something I would want to show to the guy I know who is from a big company who said about the GPL. I don't know what to do with that, you know, and it's, it doesn't, it doesn't necessarily give the answer, but it gives you a framework to think about it. And and to appreciate where that comes from, that it's not just like a kind of pain in the butt. It's actually really meaningful in, in a different way than open sources. And you have to kind of work with both those concepts. So, so Aaron, what do you, what do you wanna plug and then I'll plug next week?

Aaron Newcomb (01:06:56):
Well, first of all, I need to thank my employer CIG for giving me time today to take time out of my busy schedule to be here. So that's really nice that they're able to do that and that they it's natural for them. Like I said, we're a big open source supporters ourselves. So yeah, it's I wanna thank them and you should check them out if you're interested in Kubernetes security and that kinda stuff. And then also I've got a lot of fun projects coming up on the YouTube channel, retro hack shack. I've got one that I'm working on right now where restoring a IBM 51 70 which was the third IBM PC that came out. They had the PC, they had the PC XT or the 51 60. And then this is a 51 70, which is the PC a T.

Aaron Newcomb (01:07:42):
So it was the first time the, the at standard was used to my knowledge in a, in a computer. So yeah, I go through and fix that. And the fun part is I get to hose off it thing was so dirty. It came out of a shed and it had all kinds of leaves and animal droppings. And believe it or not, it basically worked. I had to do a little bit of work, but there was nothing, no major repairs I had to do, but I did have to take it out in the driveway and get the hose out on the motherboard and the, the case and everything. Just to get it clean again, cuz it was, it was pretty nasty. So anyway, that's a sneak peek that episode's coming up on Saturday. So check it out.

Doc Searls (01:08:17):
I wanted an at so bad back in the decade. Oh my gosh. The one I didn't buy might be the one that you're <laugh> you had to hose off. So next week we have a real treat. Brian Bell Endorf who is now in his second gig with the Linux foundation, but is possibly best known as the primary or a primary author of Apache, which all of us use and hugely thoughtful dude. Big thing about this next weekend. Remember this for the live Watchers were coming on an hour early because other things are going on during the day. And so we're early next week is gonna be Brian Bell. Endorf he's always really interesting. Another deep dude and that is coming up next week. So until then I'm Doc Searls. This is Flo week. We'll see you then,

Speaker 5 (01:09:08):
Hey, we should talk Lenox. See the operating system that runs the internet, but your game console, cell phones, and maybe even the machine on your desk, but you already knew all that. What you may not know is that twit now is a show dedicated to it. The untitled Linux show, whether you're a Lennox pro a burgeoning CSED man, or just curious what the big deal is, you should join us on the club, twit discord every Saturday afternoon for news analysis and tips to sharpen your Lenox skills and then make sure you subscribe to the club. Twitexclusive untitled Linux show. Wait, you're not a club TWiTmember yet. We'll go to and sign up. Hope to see you there.

All Transcripts posts