I was once in South Africa and needed to look up my prescriptions in the CVS app. I had lost my pills and needed to show a local pharmacist what I needed. CVS geoblocked me. Luckily I had a TailScale exit node running at home, which solved the problem.
I was on a cruise ship a few weeks ago and realized that, instead of being throttled, a lot of sites were completely blocked. Very irritating. They also do DPI on the cruise ship network so that VPN clients like OpenVPN are blocked regardless of port.
Without a laptop handy, I had to use my iPhone to set up a droplet running Ubuntu, then install vray onto it and configure it to run on port 443. vray uses "standard" SSL to tunnel connections, so to DPI it just looks like normal HTTPS traffic and I was able to pass traffic through the firewall when I needed to access something that was blocked. It makes me wonder if TailScale would also bypass their analysis, or if it would be blocked as well.
(I didn't abuse this to the detriment of the network, and I did pay for the "streaming package" on sea days when I had a lot of traffic to run)
I've run a SSH server on port 443 to bypass blocking before. Probably wouldn't work if they are _actually_ doing DPI, but a surprising number of networks don't - just have blocklists and only support port 80 and 443 access.
Wireguard is easy to block. Some VPN providers do implement an obfuscation layer for it, but Tailscale uses plain WG, so if WG is blocked, you will get no connection. Control plane would still work, though.
Intriguingly, my work network (both guest and employee networks) blocks OpenVPN, commercial VPN (Proton I use, plus a couple of others I tried just as an experiment), and Tailscale authentication, but if the device is already authenticated to the tailnet, it will continue to work. Turns out that work uses the same ISP my home does, so perhaps that's part of it, but I have another TS exit node running at my in-laws' house (so I can remotely maintain their network, and so I can get out to the Internet via TS even if my home is down), and they're in another state with a different ISP.
I haven't actually tried this when my home service is down, because it's basically never down, but I can easily switch exit nodes when they are both running without hitting the authentication servers again.
It's easy to block the control plane because Tailscale has endpoints listing all current control and DERP servers. On Linux you can use a SOCKS proxy for control plane traffic, if connections still work. Some firewalls are really restrictive.
I can understand the work network policy, someone could use Tailscale to leak data, but a residential ISP should not block it. I would rather bother their support for an incomplete service.
My residential ISP does not block it. My issue with work isn’t that they block it on employee WiFi, it’s that they block it on the guest network too. Our nanny software is rather extreme - blocks, for example, alcohol-related sites. Which in a sense is fine, because I don’t need to read up on whiskey at work, but it also often blocks restaurant sites.
I'm pretty sure it would work. From my testing, Tailscale works where Shadowsocks, plain Wireguard and any other VPN don't. And it also works to pierce through the great F*W, which was actually really surprising. I suppose Tailscale has DERP and other nodes in Cn too?
Another data point: I was at Doha airport recently and logged into their public WiFi. Unfortunately, they seemed to be MitM'ing certain connections, mostly to well-known domains. To work around this, I tried setting up Mullvad (which I had used occasionally in the past) but they downgraded Mullvad.net to HTTP, too. Thankfully, I had Tailscale already set up and I could easily book their Mullvad package and add Mullvad as an exit node to my Tailnet. Problem solved.
Well, it is a demand, but not a supply and demand balance of housing supply, but a supply and demand balance of speculation. In other words, there’s a high demand for speculation (profit) in the housing market.
That doesn't refute the original point, though. Apple Podcasts and Google Podcasts are products that embrace the open podcasting model. Spotify and Youtube Music do not, and these are the products that the original comment is referring to, where you are not able to add a subscription using an RSS feed.
Back in 2006, our expectations were set when An Inconveient Truth contemplated what would happen if sea levels rose by six meters (in our lifetime). 3.6mm a year seems a bit meh in that context.
Something I see a lot is people looking at worst case predictions as if they were presented as the most likely predictions. A lot of the IPCC reports say things like “if we continue to increase emissions, this will happen” (a worst case scenario) and also “if we make moderate improvements, this will happen” (a slightly better scenario). Then people who don’t want to talk about climate change mitigation will highlight the worst case scenario and say “see they were wrong and hysterical!” even when the moderate prediction, which they will ignore, ended up being essentially totally accurate.
that's not a problem in the decade timeline but it is problematic over a century or two. it's especially problematic since it's accelerating and has a couple decades of inertia. the CO2 we release today will raise sea levels for the next 50 years or so.
>that's not a problem in the decade timeline but it is problematic over a century or two.
So after roughly 100 years, we can look forward to the terrible catastrophe of sea levels (in some places only, not in others) rising by.. just over a foot. A problem for many really flat coastal areas, sure, but hardly the picture of global coastal flooding much of the alarmism has put forward. And if that one-foot rise happens across a full century, there will be many measures that can be taken to counter it even if the rise itself is unstoppable.
I'm not arguing against human-caused climate change, but some of the hyperbole i've seen said with deep certainty goes well beyond the scope of known evidence, realized events or even many scientific assessments.
With such things, it's not hard to see why some people find good reasons for being skeptical of yet another worst-case prediction.
Well, the old-timers (such as me) don't really like what Spotify are doing either. A "podcast", in our view, conforms to a de-facto standard, the RSS feed. This is what ensures its openness. You have choices about where to host it. Your listeners have choices of where to consume it.
