First and foremost they are humans, with a limited time on Earth.

Being a software engineer doesn't mean you want to spend you free time tinkering about your self-hosting setup and doing support for your users.

With Tailscale, not only you don't have to care about most things since _it just works_, but also on-boarding of casual users is straightforward.

Same goes for Plex. I want to watch movies/shows, I don't want to spend time tinkering with my setup. And Plex provides exactly that. Ditto for my family/friends that can access my library with the same simple experience as Netflix or whatever.

Meanwhile, I have a coworker who want to own/manage everything. So they don't want to use Tailscale and they dropped Plex when they forced to use the third-party login system. Now they watch less than a third than they used to be, and they share their setup with nobody since it's too complicated to do.

To each their own, but my goal is to enjoy my setup and share it with others. Tailscale and Plex give me that.

There is a difference between "I choose not to" and "I cannot". The thread is full of people saying Tailscale "unlocked" self-hosting, implying capability, not time savings or time preference.

Choosing convenience is fine. But if basic port forwarding or WireGuard is beyond someone's skill set, "software engineer" is doing a lot of heavy lifting.

I am not saying they are, but if it really is the case, then yeah.

As for file sharing... I remember when non-SWEs knew how to torrent movies, used DC++ and so on. These days even SWEs have no idea how to do it. It is mind-boggling.

To me the "unlocked" is just another hyperbole used by some people, partly because they lack initial knowledge, partly because its click-bait.

The way I understand it is more like "without the ease of use provided by X, even though I could have done it, I wouldn't have done it because it would require time and energy that I'm not willing to put in".

Since we're talking about self-hosting, to me the main focus is not skill set but time and energy.

There's the same debate around NAS products like Synology that are sold with a high markup, meanwhile "every SWE should be able to make their own NAS using recycled hardware".

Sure. And I did all of this: - homemade NAS setup - homemade network setup - homemade mediaplayer setup

It was fun and I learned a lot.

But I moved to some more convenient tools so that I can just use them as reliable services, and focus on other experimentations/tinkering.

To be honest, the fact that you insist that Plex is just "file sharing" that can be replaced by torrents makes me think you either don't know what Plex actually is, or you are acting in bad faith.

I did not say Plex is "just file sharing that can be replaced by torrents". Those were two separate points:

1. The "unlocked" framing implies capability, not time preference

2. General technical literacy has declined: non-SWEs used to torrent, use DC++ extensively, etc.

I was not comparing Plex to torrenting. I was observing that basic file-sharing knowledge used to be common and now is not (see Netflix et al).

> time and energy being the focus

Sure, that is fair. But that is a different claim than "Tailscale unlocked self-hosting for me" which is how it is often framed.

Okay, maybe I misunderstood what you were saying then.

But still, I insist that it's important to understand that, even if we share some similarities based on our interests/skills/work, we come from different backgrounds and have different priorities.

And part of the issue here is probably how people are framing things when they write about their experience. In tech, some of us are coming from a world of nerds where the norm is to be mater-of-factly, while some others are more extroverted and tend to put emphasis on random boring things.

Regarding this post in particular, I was more concerned about how the author was amazed by the fact that a 2025 computer could run 10 services in parallel... or that relying on a proprietary service (Claude) to manage all their setup was giving them "a strong feeling of independence".

Time savings and time preference are most definitely "unlocking." I have limited time, I have limited money, I have limited interest. Could I reinvent wheels instead of using existing software? Sure! But having that existing software definitely unlocks possibilities that would not be open to me if I were required to build, debug, test, and maintain everything I use day-to-day.

Software engineering is a broad spectrum where we can move up and down its abstraction ladder. Using off-the-shelf tools and even third-party providers is fine. I don't have to do everything from scratch - after all, I didn't write my own text editor. I'm also happy to download prepacked and preconfigured software on my Linux distro instead of compiling and adding them to PATH manually.

I could, I just choose not to and direct my interests elsewhere. Those interests can change over time too. One day someone with Tailscale can decide to explore Wireguard. Similarly, someone who runs their own mail server might decide to move to a hosted solution and do something else. That's perfectly fine.

To me, this freedom of choice in software engineering is not disheartening. It's liberating and exciting.

That is a strawman though, and I am not sure why all replies assume extremes all the time.

Nobody said do everything from scratch. The point is: basic networking (port forwarding, WireGuard) should not be beyond someone's capability as a software engineer.

"I use apt instead of compiling" is a time tradeoff. "I can't configure a VPN" is a skill gap. These are not equivalent.

If you choose convenience for whatever reasons, that is completely fine.

"I can't configure a VPN" and "I don't want to configure a VPN" are 2 entirely different things. Mind you I have no idea how complex tailscale setup is in comparison.

I'm in the middle of setting up my own homeserver. Still deciding on what/if I want to expose to the internet and not just local network and while setting everything up and tinkering is part of the fun for me. I get some people just want results that they can rely on. Tailscale, while not a perfect option, is still an option and if they're fine with the risk profile I can understand sacrificing some security for it.

It seems like we do agree. :)

For a homeserver:

- SSH with key-only auth, exposed directly. This has worked for decades. Consider non-standard port to reduce log noise (not security, just quieter logs), fail2ban if you want

- Access internal services via SSH tunnels or just work on the box directly

- If exposing HTTP(S): reverse proxy (nginx/caddy) with TLS, rate limiting

- Databases, admin panels, monitoring - access via SSH, not public (ideally)

You do not need a VPN layer if you are comfortable with SSH. It has been battle-tested longer than most alternatives.

The fun part of tinkering is also learning what is actually necessary vs. cargo-culted advice. You will find most "security hardening" guides are overkill for a homeserver with sensible defaults.

I'd argue that no, managing your own VPN is not a basic skill - certainly not in the realms of software engineering (more like network engineering).

WireGuard is ~10 lines of config and wg genkey. Calling that "network engineering" is a stretch.

The siloing of basic infrastructure knowledge into "not my discipline" is part of the problem. Software gets deployed somewhere: understanding ports, keys, and routing at a basic level is not specialized knowledge.

Honestly, if 10 lines of config is "network engineering", then the bar for software engineering has dropped considerably.

I am probably in the camp where I've found myself ovewhelmed with the amount of information about networks and I'm an alleged software engineer (without formal training in CS albeit).

The 10 loc is not a valid measure.

`sudo rm -rf /` is a 1 line of code. It's not the lines that are hard to wrap your brain around, it's the implication of the lines that really what we are talking about.

The rm -rf comparison is a bit dramatic. WireGuard's config is conceptually simple: your key, peer's key, endpoint, what IPs route through the tunnel. The "implications" are minimal. It is a point-to-point encrypted tunnel.

Being overwhelmed by networking basics is worth addressing regardless. It comes up constantly: debugging connectivity, deployments, understanding why your app cannot reach a database. 30 minutes with the WireGuard docs would demystify it. The concepts are genuinely simple and worth 30 minutes to understand as it applies far beyond VPNs.

I have become pragmatic too. I do not tinker for the sake of it anymore. But there is a difference between choosing convenience and lacking foundational knowledge. One is a time tradeoff, the other is a gap that will bite you eventually.

And with LLMs, learning the basics is easier than ever. You can ask questions, get explanations, work through examples interactively. There is less excuse now to outsource or postpone foundational knowledge, not more[1].

At some point it is just wanting the benefits without the investment. That is not pragmatism, it is hoping the gaps never matter. They usually do.

[1] You can ask an LLM to do all of that for you and make it help you understand under less than 10 minutes!

I do agree on that using LLMs to demistify, learn and explore is better alternative than handing it off to go rouge on, is a better advice. That's how I used it last weekend and I think that's what I would advocate the usage instead of just letting YourFavouriteAI be the sys admin.

My problem is not just networking knowledge. I genuinely faced issues with open source tools. Troubleshooting in the days of terrible search is also a major annoyance. Sometimes, it's just the case that some of the tools have evolved and the same commands don't work as did for someone in 2020 in some obscure forum. I remember those days of tinkering with linux and open source where you'd rely on a Samaritan (bless their soul) who said they'd go home and check up and update you.

Claude suggested me Tailscale too, but I'm glad we're having this conversation (thanks for the tips btw), so that we don't follow hallucinations or bad advice by similarly trained agents. I'm cautiously positive, but I think there's still a case to go self hosted with AI assistance. I found myself looking at possibilities rather than fearing dead ends and time black holes.

Thank you for your reply!

I am glad that it is useful to you! The "terrible search + outdated forum posts" problem is real for sure. LLMs genuinely help there by synthesizing across versions and explaining what changed.

I would say that self-hosting with AI assistance is the right approach. Use it to understand, not to blindly execute. Trust me, it is not much of a deal and you will be happy to have gone with this route afterwards!

Good luck with the setup. If you have any questions, let me know, I am always happy to help.

(I have very briefly mentioned some stuff here: https://news.ycombinator.com/item?id=46586406 but I can expand and be a bit more detailed as needed.)

Can you talk a computer illiterate relative over the phone to install Wireguard on their device (laptop, tablet, phone) so that they can connect to your network?

I have done that with Tailscale, most of the time was spent waiting for it to download.

Oh boy... If you've been an Infra Engineer you would know pretty quickly that the average software engineer can be great at writing code but not so good about managing a complex environment Reliably.

Full stack is for start ups and small projects.