I just got an email about this and here’s what they say:
> Your plan is unaffected and you can continue to use the Personal Pro plan as you normally do. However, Tailscale's new Free plan includes nearly everything that Tailscale has to offer for up to 3 users on a custom domain and 100 devices. This plan may be more aligned with how you use Tailscale. Go to the Billing page in the admin console to review your options.
So I’ve been paying them for a while now but now they’re telling me I could just get the same functionality with the free plan. I really like what this company is doing! Thank you Tailscale, I’ll just keep paying to show my appreciation!
Amazing. Was just discussing this with a friend yesterday as a way to build loyalty. I have so many subscriptions I pay for but rarely if ever use (often forgotten). How refreshing it would be to receive an email to the effect "hey we notice your paying but not using product X. Here's some ideas of how you could use it, otherwise consider downgrading to free plan". May be at odds with short term revenue, but I'd then be a brand advocate.
This is what github did a while ago, no? I was paying for some enterprise-y features that they added to the free plan and then stopped billing me. I know there's lots of MS hate here, but this was pretty unique IME
Love tailscale, but here's a company on the up, bouyed by the renewed impetus all around for zero trust, with its do no evil, free lunch for all, growth mindset. Comparing it with companies that have switched to rent-seeking is ironic, because if history is any indicator, most Day 1 companies of today will Day 2 out, eventually (not to say that being a Day 1 company is in anyway easy).
I think the point of free plans is that no money changes hands so there's no support or SLA, while base paid plan gets now more expensive.
So if you didn't need those, you save money now, but if you do, you have to pay up to get the same features (going from $50/year up to $200+/year if you are just using it alone). So it's not all pure altruism.
But I'm not a Tailscale user, this is just from what I see looking from outside.
I just got the opposite treatment from another service a couple of days ago. The API endpoints failed silently without an error, and when I logged in on the dashboard it said that my current plan was replaced. They didn't even sent an email.
They said he should reconsider if the free plan covers his usage, not that he'd get the same features. Which could be true if e.g you were only paying so you could get more than one user.
> MacStealer being an unsigned DMG file is also a barrier for anyone, especially beginners, attempting to run the program on a modern mac, said Malwarebytes' Reed. "Its attempt at phishing for login passwords is not very convincing and would probably only fool a novice user. But such a user is exactly the type who would have trouble opening it."
Given the above and the default macOS security configuration, you really have to work your way to get this malware running.
I was a heavy pinboard user but recently made the switch to a paid plan on https://raindrop.io/. I tested a few self-hosted OSS solutions but none of them felt right for me. Still too early to say anything meaningful about raindrop but I’ve already found it useful a number of times.
Recent father of twins here. To reiterate points 3-5: if it is within your means, I cannot highly recommend a night doula/nanny enough. We have a night doula who comes five nights a week (work nights, Sunday - Thursday) for the first three months (currently in week 7). After fending for ourselves every Friday and Saturday, I can't imagine how drained I would constantly be without one.
In a similar vein, I would suggest preparing by exercising. Being a parent of young kids is more physical than you think, or at least I thought. Carrying them while carrying other things, carrying gear, lots of bending, general physical awkwardness, etc.
It would be so interesting to get more details about the initial compromise. What was the engineer trying to do that ended up with downloading PTX-Player.dmg and (probably) the PTX.app installed in /Applications? Was it targeted directly at CircleCI or is this some generic info stealer? What AV / endpoint security solution were they using? Did it pass the built-in macOS protections (gatekeeper, xprotect, etc)? Public VirusTotal seems to know nothing about that hash.
2) In the Android app, do you know if there's a way to use the fingerprint feature without storing your master password or an encrypted derivative of it to non-volatile memory?
For those scratching their heads at #2, it's motivated by my lukewarm trust of vendor-implemented components of Android Keystore. Some competing apps address it by making you authenticate with the full password the first time after boot (or after the app is closed by the user / memory management system / configurable timeout) and just tie your fingerprint to an "unlock" pin of sorts that only works when the database is "hot".
Which apps handle this better? I'm not supremely concerned about my password being pulled from memory, from an attack surface perspective, but I am curious which apps address this best and how.
Not saying it's the best out there (and the UI is a little clunky as it often flashes a pin input screen that gets skipped over when using your fingerprint), but I like how Keypass2Android can be configured to do it. When you select "Enable Biometric Unlock for Quick Unlock" (and don't disable the PIN feature) you can use your fingerprint as long as the app is still in memory, without it storing your master password.
I know the Android Lastpass client would often prompt for a Master Password if it hadn't been used in a while, then let Fingerprints unlock it. I assumed it did something similar but haven't deep-dived the implementation.
