An easy at home setup is Raspberry Pi running Batocera and Zaparoo with NFC cards. If you buy a three ring binder you can neatly organize the NFC cards.
Bonus: it is an arts and crafts project to put on the stickers for the cards.
Maybe I'm dumb, but I still don't quite understand the value-add of Tailscale over what Wireguard or some other VPN already provides. HN has tried to explain it to me but it just seems like sugar on top of a plain old VPN. Kind of like how "pi-hole" is just sugar on top of dnsmasq, and Plex is just sugar on top of file sharing.
I think you answered the question. Sugar. It's easier than managing your own Wireguard connections. Adding a device just means logging into the Tailscale client, no need to distribute information to or from other devices. Get a new phone while traveling because yours was stolen? You can set up Tailscale and be back on your private network in a couple minutes.
Why did people use Dropbox instead of setting up their own FTP servers? Because it was easier.
First and foremost they are humans, with a limited time on Earth.
Being a software engineer doesn't mean you want to spend you free time tinkering about your self-hosting setup and doing support for your users.
With Tailscale, not only you don't have to care about most things since _it just works_, but also on-boarding of casual users is straightforward.
Same goes for Plex.
I want to watch movies/shows, I don't want to spend time tinkering with my setup.
And Plex provides exactly that.
Ditto for my family/friends that can access my library with the same simple experience as Netflix or whatever.
Meanwhile, I have a coworker who want to own/manage everything.
So they don't want to use Tailscale and they dropped Plex when they forced to use the third-party login system.
Now they watch less than a third than they used to be, and they share their setup with nobody since it's too complicated to do.
To each their own, but my goal is to enjoy my setup and share it with others. Tailscale and Plex give me that.
There is a difference between "I choose not to" and "I cannot". The thread is full of people saying Tailscale "unlocked" self-hosting, implying capability, not time savings or time preference.
Choosing convenience is fine. But if basic port forwarding or WireGuard is beyond someone's skill set, "software engineer" is doing a lot of heavy lifting.
I am not saying they are, but if it really is the case, then yeah.
As for file sharing... I remember when non-SWEs knew how to torrent movies, used DC++ and so on. These days even SWEs have no idea how to do it. It is mind-boggling.
To me the "unlocked" is just another hyperbole used by some people, partly because they lack initial knowledge, partly because its click-bait.
The way I understand it is more like "without the ease of use provided by X, even though I could have done it, I wouldn't have done it because it would require time and energy that I'm not willing to put in".
Since we're talking about self-hosting, to me the main focus is not skill set but time and energy.
There's the same debate around NAS products like Synology that are sold with a high markup, meanwhile "every SWE should be able to make their own NAS using recycled hardware".
Sure.
And I did all of this:
- homemade NAS setup
- homemade network setup
- homemade mediaplayer setup
It was fun and I learned a lot.
But I moved to some more convenient tools so that I can just use them as reliable services, and focus on other experimentations/tinkering.
To be honest, the fact that you insist that Plex is just "file sharing" that can be replaced by torrents makes me think you either don't know what Plex actually is, or you are acting in bad faith.
Okay, maybe I misunderstood what you were saying then.
But still, I insist that it's important to understand that, even if we share some similarities based on our interests/skills/work, we come from different backgrounds and have different priorities.
And part of the issue here is probably how people are framing things when they write about their experience.
In tech, some of us are coming from a world of nerds where the norm is to be mater-of-factly, while some others are more extroverted and tend to put emphasis on random boring things.
Regarding this post in particular, I was more concerned about how the author was amazed by the fact that a 2025 computer could run 10 services in parallel... or that relying on a proprietary service (Claude) to manage all their setup was giving them "a strong feeling of independence".
Time savings and time preference are most definitely "unlocking." I have limited time, I have limited money, I have limited interest. Could I reinvent wheels instead of using existing software? Sure! But having that existing software definitely unlocks possibilities that would not be open to me if I were required to build, debug, test, and maintain everything I use day-to-day.
Software engineering is a broad spectrum where we can move up and down its abstraction ladder. Using off-the-shelf tools and even third-party providers is fine. I don't have to do everything from scratch - after all, I didn't write my own text editor. I'm also happy to download prepacked and preconfigured software on my Linux distro instead of compiling and adding them to PATH manually.
I could, I just choose not to and direct my interests elsewhere. Those interests can change over time too. One day someone with Tailscale can decide to explore Wireguard. Similarly, someone who runs their own mail server might decide to move to a hosted solution and do something else. That's perfectly fine.
To me, this freedom of choice in software engineering is not disheartening. It's liberating and exciting.
That is a strawman though, and I am not sure why all replies assume extremes all the time.
Nobody said do everything from scratch. The point is: basic networking (port forwarding, WireGuard) should not be beyond someone's capability as a software engineer.
"I use apt instead of compiling" is a time tradeoff. "I can't configure a VPN" is a skill gap. These are not equivalent.
If you choose convenience for whatever reasons, that is completely fine.
"I can't configure a VPN" and "I don't want to configure a VPN" are 2 entirely different things. Mind you I have no idea how complex tailscale setup is in comparison.
I'm in the middle of setting up my own homeserver. Still deciding on what/if I want to expose to the internet and not just local network and while setting everything up and tinkering is part of the fun for me. I get some people just want results that they can rely on. Tailscale, while not a perfect option, is still an option and if they're fine with the risk profile I can understand sacrificing some security for it.
- SSH with key-only auth, exposed directly. This has worked for decades. Consider non-standard port to reduce log noise (not security, just quieter logs), fail2ban if you want
- Access internal services via SSH tunnels or just work on the box directly
- If exposing HTTP(S): reverse proxy (nginx/caddy) with TLS, rate limiting
- Databases, admin panels, monitoring - access via SSH, not public (ideally)
You do not need a VPN layer if you are comfortable with SSH. It has been battle-tested longer than most alternatives.
The fun part of tinkering is also learning what is actually necessary vs. cargo-culted advice. You will find most "security hardening" guides are overkill for a homeserver with sensible defaults.
WireGuard is ~10 lines of config and wg genkey. Calling that "network engineering" is a stretch.
The siloing of basic infrastructure knowledge into "not my discipline" is part of the problem. Software gets deployed somewhere: understanding ports, keys, and routing at a basic level is not specialized knowledge.
Honestly, if 10 lines of config is "network engineering", then the bar for software engineering has dropped considerably.
I am probably in the camp where I've found myself ovewhelmed with the amount of information about networks and I'm an alleged software engineer (without formal training in CS albeit).
The 10 loc is not a valid measure.
`sudo rm -rf /` is a 1 line of code. It's not the lines that are hard to wrap your brain around, it's the implication of the lines that really what we are talking about.
The rm -rf comparison is a bit dramatic. WireGuard's config is conceptually simple: your key, peer's key, endpoint, what IPs route through the tunnel. The "implications" are minimal. It is a point-to-point encrypted tunnel.
Being overwhelmed by networking basics is worth addressing regardless. It comes up constantly: debugging connectivity, deployments, understanding why your app cannot reach a database. 30 minutes with the WireGuard docs would demystify it. The concepts are genuinely simple and worth 30 minutes to understand as it applies far beyond VPNs.
I have become pragmatic too. I do not tinker for the sake of it anymore. But there is a difference between choosing convenience and lacking foundational knowledge. One is a time tradeoff, the other is a gap that will bite you eventually.
And with LLMs, learning the basics is easier than ever. You can ask questions, get explanations, work through examples interactively. There is less excuse now to outsource or postpone foundational knowledge, not more[1].
At some point it is just wanting the benefits without the investment. That is not pragmatism, it is hoping the gaps never matter. They usually do.
[1] You can ask an LLM to do all of that for you and make it help you understand under less than 10 minutes!
I do agree on that using LLMs to demistify, learn and explore is better alternative than handing it off to go rouge on, is a better advice. That's how I used it last weekend and I think that's what I would advocate the usage instead of just letting YourFavouriteAI be the sys admin.
My problem is not just networking knowledge. I genuinely faced issues with open source tools. Troubleshooting in the days of terrible search is also a major annoyance. Sometimes, it's just the case that some of the tools have evolved and the same commands don't work as did for someone in 2020 in some obscure forum. I remember those days of tinkering with linux and open source where you'd rely on a Samaritan (bless their soul) who said they'd go home and check up and update you.
Claude suggested me Tailscale too, but I'm glad we're having this conversation (thanks for the tips btw), so that we don't follow hallucinations or bad advice by similarly trained agents. I'm cautiously positive, but I think there's still a case to go self hosted with AI assistance. I found myself looking at possibilities rather than fearing dead ends and time black holes.
I am glad that it is useful to you! The "terrible search + outdated forum posts" problem is real for sure. LLMs genuinely help there by synthesizing across versions and explaining what changed.
I would say that self-hosting with AI assistance is the right approach. Use it to understand, not to blindly execute. Trust me, it is not much of a deal and you will be happy to have gone with this route afterwards!
Good luck with the setup. If you have any questions, let me know, I am always happy to help.
Can you talk a computer illiterate relative over the phone to install Wireguard on their device (laptop, tablet, phone) so that they can connect to your network?
I have done that with Tailscale, most of the time was spent waiting for it to download.
Oh boy... If you've been an Infra Engineer you would know pretty quickly that the average software engineer can be great at writing code but not so good about managing a complex environment Reliably.
If you're confident that you know how to securely configure and use Wireguard across multiple devices then great, you probably don't need Tailscale for a home lab.
Tailscale gives me an app I can install on my iPhone and my Mac and a service I can install on pretty much any Linux device imaginable. I sign into each of those apps once and I'm done.
The first time I set it up that took less than five minutes from idea to now-my-devices-are-securely-networked.
Tailscale is Wireguard but it automatically sets everything up for you, handles DDNS, can punch through NAT and CGNAT, etc. It's also running a Wireguard server on every device so rather than having a hub server in the LAN, it directly connects to every device. Particularly helpful if it's not just one LAN you are trying to connect to, but you have lots of devices in different areas.
> Kind of like how "pi-hole" is just sugar on top of dnsmasq, and Plex is just sugar on top of file sharing.
Speaking of that, I have always preferred a plain Unbound instance and a Samba server over fancier alternatives. I guess I like my setups extremely barebone.
Yea, my philosophy for self-hosting is "use the smallest amount of software you can in order to do what you really need." So for me, sugar X on top of fundamental functionality Y is always rejected in favor of just configuring Y."
Managing the wg.conf is a colossal PITA, especially if I'm trying to like provision a new client and don't have access to my main laptop. It's crying out for a CRUD app on top of it, and I think tailscale is basically that plus a little. The value add seems obvious.
Also plex is way more than sugar on top of file sharing; it's like filesharing, media management, and a CDN rolled into one product. Soulseek isn't going to handle transcoding for you.
Which seems very compelling to me too. If it has apps that allow various devices connect to the VPN it might be worth it to me to trial using it instead of Tailscale...
If Plex is "just file sharing" then I guarantee you'd find Tailscale "just WireGuard".
I enjoy that relative "normies" can depend on it/integrate it without me having to go through annoying bits. I like that it "just works" without requiring loads of annoying networking.
For example, my aging mother just got a replacement computer and I am able to make it easy to access and remotely administer by just putting Tailscale on it, and have that work seamlessly with my other devices and connections. If one day I want to fully self-host, then I can run Headscale.
I always assumed it was because a lot of ISPs use CGNAT and using tailscale servers for hole punching is (slightly) easier than renting and configuring a VPS.
And some people may not value that but a lot of people do. It’s part of why Plex has become so popular and fewer people know about Jellyfin. One is turnkey, the other isn’t.
I could send a one page bullet point list of instructions to people with very modest computer literacy and they would be up and running in under an hour on all of their devices with Plex in and outside of their network. From that point forward it’s basically like having your own Netflix.
I have been using (and contributing to) on an open source project called Zaparoo[1] that lets my kids (5-8) play retro games, watch videos, and listen to music using NFC cards. The whole thing runs on a Raspberry Pi running Batocera[2]. I program the cards using the mobile app and my kids like cutting and pasting the cover art on the cards.
All the media is local to my house- I am the librarian who curates the selection of media based on my kids interests, maturity, and my comfort. It feels like the only way forward.
This is excellent UX for feed discovery. I always found the feed subscription thing distracting- usually I am reading blogs to solve a problem or research and not collect/socialize. That is something I am in the mood for later.
I love the OPDS feature to serve ebooks to my families ereader devices. Many of the other OPDS servers are rather complex by comparison and as a bonus I can use it from a web browser for my devices that don’t speak OPDS.
I put koreader on my families various devices. I have Inkpalm 5, Kindle 11th Gen, and an older Kindle. My favorite is the Inkpalm 5 but they stopped making it. :(
Why is this the best business model we can collectively execute on? Whether it is AI, home cameras, or fridges it seems to just come back to, welp, lets slap an ad on it.
Unlike conventional businesses where a good or "binary" service (it works or not) is sold, advertising is a much more nebulous good whose efficiency can't be accurately measured. This means there are tons of inefficiencies where middlemen can skim something off the top:
* a product manager decides to include ads in some digital product. Their analytics show plenty of "engagement". The engagement is actually people accidentally clicking on the ad while hunting for the tiny "close" button, but even if the PM suspects it, they have no reason to volunteer that information. They keep getting their salary paid and even earn a promotion based on the engagement numbers.
* the developers are tasked with implementing the advertising infrastructure - they get paid while padding their resume about how they're building "scalable" systems.
* the "scalable" system runs on a cloud provider and earns them a ton of money. Cloud provider is happy.
* some marketing agency is given a budget to go and spend on ads. The person there maybe even knows that advertising in the aforementioned product is a bad idea because most of their clicks are fake... but if their client is tasking them with burning money, why would they refuse?
* a marketing person at a big company that doesn't actually need any more advertising to succeed is given a budget and spreads it across a few marketing agencies including the aforementioned one. They get paid, why should they refuse?
At every layer (and I haven't even listed them all), people get paid by skimming something off the top. It doesn't matter whether the advertising works, because nobody in the chain has any incentive to admit it while the status quo is so lucrative, so the rational thing to do for everyone is to not rock the boat.
Customers are generally low-information shoppers. They go to a hardware store and ask the salesperson for a fridge that fits their requirements. The rep will show them a few options, and then the customer gets to try them out. This is where the animal brain takes over: Samsung designs for the animal brain. It's sleek. It's futuristic. There's so many doors. It has a beverage drawer. A condiment drawer. You can customize the panels. The animal knows the Samsung fridge is better, and customers likely won't know any better if the salesperson doesn't tell them (and would they? They make a better commission on the more expensive fridge)
What the outcome actually happening is indicative of however is that consumers are very very very bad at their job (consuming the best products) and do not have enough rights.
If a customer was entitled to a working product without this kind of deficiency, and we had courts that actually applied punishments to large corporations (instead of unilaterally and without justification, significantly reducing fines to nothing) we wouldn't have this problem. It wouldn't be possible to profit off of this kind of advertising because you would be too busy signing court documents about how you suck at building stuff.
There's only so many human beings who can buy your fridge. There's only so cheap you can build your fridge. There's only so much you can charge for your fridge. But line must go up.
This is simply what it looks like when the people with money and resources decide that a stable and reliable profit is a Failed business.
I think it's mostly about squeezing consumers for more money, even after they already paid a premium, because they simply can and nobody will do anything about it.
Why do you address us as if we collectively went down to the town center and three dozen times in a row and decided on the same thing by consensus? For most of us this was shoved down our throats by sheer force of violence. And why always this oh shucks apologia about the “business model” that they are supposedly forced to adapt? No, this fridge already costs a lot of money. The ads don’t have to be recouping losses. They could just be for more profit.
Because it's a dual revenue stream. The retail customer pays you, and then the advertising customer pays you. Why make only $1 when you can make $2, $3, $4 over time?
If your next question is "why do they need to keep making more money?", the answer is capitalism.
When you get downvoted for making the obvious statement that you have to maximize profits as a capitalist entity, well, you know you’re in a venture capital forum.
It's an inexpensive revenue stream; the secondary effects and risk to customers are considered relevant insofar as they can negatively impact the company's future profitability (if then).
There's no way that this was ever /not/ going to happen under current laws (US).
Internal incentives not overall profitability drive such behavior.
An executive can point to a profit stream and suggest that’s beneficial to the company while ignoring externalities that cost the company 5x as much. Nobody inside has complete knowledge if someone was a good idea or not so the appearance of benefit often replaces the search for actual benefit.
Bonus: it is an arts and crafts project to put on the stickers for the cards.
https://batocera.org
https://zaparoo.org/docs/platforms/batocera/
reply