Porting Tailscale to Plan 9
98 comments
·April 2, 2025bradfitz
undersuit
I've never set up a Plan 9 system... does this allow the distributed systems communications to run through my Tailnet?
MisterTea
Yes, you could do something like keep a small root fs or pack everything into the kernels paqfs to boot into a Tailscale VPN and pull root from another 9 machine on the VPN. Then pull resources in from other machines including non 9 systems.
Either way it makes VPN easy between 9 and non 9 machines. Otherwise Plan 9 can do it's own VPN-like over tls or ssh tunnels and bind remote network stacks to a local namespace. But that makes seamless Unix and Windows comms difficult.
bradfitz
> Otherwise Plan 9 can do it's own VPN-like over tls or ssh tunnels and bind remote network stacks to a local namespace
Note that one of Tailscale's main party tricks is NAT traversal, when both machines are behind different NATs and can't otherwise get a connection open to each other. (And then Tailscale ultimately falls back to a relay server on the internet if it can't get a direct connection for IP packets)
bradfitz
I think so! Caveat is I've never really used Plan 9 outside of single-user VMs.
INTPenis
[flagged]
bradfitz
We actually have that nowadays... the config file support to tailscaled, as Irbe mentioned on the bug Jan 2024: https://github.com/tailscale/tailscale/issues/1412#issuecomm...
INTPenis
Yeah I did find that in my quest but nowhere is this config file defined. I have no idea what to put into it so it's useless to me.
Also while I have you here, the tailscale container image lacks iptables support, making it useless.
mfro
Russ Cox is an absolute legend for committing to this joke.
pbohun
Someone needs to convince Russ that it would be hilarious to have a full featured web browser in Plan 9.
MisterTea
On 9 front there's vmx which is hardware virtualization. You can boot a Linux kernel with an nfs root from the local machine and use headless vnc to run a browser in a vnc client window.
I'd also like to point out that most users of Plan 9 dislike web technology because it's a giant nightmare of code. No one human can even begin to comprehend the code base of Chrome, let alone Firefox - programs that are as big, if not bigger than the kernels they run on. That is an absurd state to be in - your runtime requires a billion dollar company to maintain. Even open source Firefox needs millions in funding.
Whereas a single human can grasp plan 9 code from the kernel to user space. That's the runtime I want, something I can understand. The process is the container on plan 9 so you have everything you need to build distributed apps without a web browser. It's human scale distributed computing. I'd like a future without the "modern" corporate scale web.
pbohun
Oh yes I absolutely agree. I would definitely like to completely replace the web. It's just that in order to (currently) do my banking, pay my bills, book airline tickets, order from Amazon, etc. I must use a browser. If I could escape all that I would run Plan 9 exclusively without another OS or hacks to access a browser from another OS/virtual machine.
facile3232
> You can boot a Linux kernel with an nfs root from the local machine and use headless vnc to run a browser in a vnc client window.
Not only is the VNC redirection unnecessary, so it is the entire filesystem. You could just render the vm directly to the window and boot a read only image. Plus then you don't have to deal with VNC.
naikrovek
> a single human can grasp plan 9 code from the kernel to user space.
Is that true? I cloned the 2015 release of plan 9 a week or so ago and it had around a million lines of C. Can a single person hold all of that? I sure as hell can’t.
fiddlerwoaroof
Doesn’t plan9 support frame buffers over 9p or something like that? You could probably write a wrapper that just forwards a Linux browser to a plan9 window
moody__
This has been done already: https://github.com/aiju/jsdrawterm
adriangrigore
There are solutions, like VNC to some UNIX-ish machine, but, yeah, a native browser would be cool! 9front has a hypervisor, you could run something in there. https://man.9front.org/1/vmx
numbsafari
Many years ago a roommate and I had an HPUX machine running IE on HPUX just so we could forward X session to our FreeBSD and Linux desktops and not have to use our Windows machine for anything other than PC games.
null
facile3232
[dead]
adriangrigore
Yeah, convince Russ and some investors! :D I would laugh my ass off for years at this joke! Yeah, please do this next year's April Fools'!
lunarlull
> I would laugh my ass off for years at this joke!
I don't really get the 'joke'? Porting a full web browser to Plan 9 would seem like a cool project - where's the humor?
facile3232
[dead]
packetlost
I unironically wish there was an enterprise version of Plan 9. I've been writing most of my scripts in `rc` (something my coworkers put up with because we use nix and I can pull it in automatically with dirnev) and it has been great.
yjftsjthsd-h
I would worry less about other people being able to run rc scripts and more about them being able to read/edit them.
packetlost
they're routinely very short, and the only non-obvious syntax for someone familiar with a C-like language is the ~ command and redirecting to stderr. They're pretty much always easier to read (and write) than bash scripts in general because of how little weird/surprising syntax there is. Not being a derivative of ALGOL has its perks.
Most scripts are write-once:read-never, especially if you actually implement -h/--help
eddythompson80
> Most scripts are write-once:read-never, especially if you actually implement -h/--help
I guess the answer is always “it depends”, but that generally has never been my experience with most things. Are you over-engineering the shit out of every script to the degree the script itself is a Turing complete machine and with enough —-help flags anything is possible? Most 40+ year old Unix tools with a thousand flags have their limits and you have to script around them to achieve things you want.
In my experience, eventually a business need will arise that require you to change a script. Are your coworkers comfortable changing these scripts or are you in the mind set of “that’s a simple enough change, I’ll do it”
kristianp
One benefit of rc is this[1]:
> The most important principle in rc’s design is that it’s not a macro processor. Input is never scanned more than once by the lexical and syntactic analysis code
I worked at a unix shop that deleted most of a working drive because a shell script was modified while it was running. Luckily they kept daily backups on tape. This was about 17 years ago.
[1] https://www.scs.stanford.edu/nyu/04fa/sched/readings/rc.pdf
LukeShu
Scanning input just is unrelated to the "modified while running" problem. The "modified while running" problem is a read-buffering problem.
For example, consider the following change:
-echo $x; rm -rf /n/foobar/
+rm -rf /n/foobar/
^^^^^^^^^^^^^^^^
I am unfamiliar with the read-buffering done by either of the 2 main implementations of rc, and so am unable to comment on whether it does things to avoid this problem. But if it does do things to avoid it, those things are orthogonal to the "not a macro processor / input is never scanned more than once" thing.
moody__
Could you expand more on what you would like out of an "enterprise Plan 9"?
packetlost
the distributed computing model is pretty nice in theory (maybe not in practice) and the uniform system APIs are also nice. The userspace tools in particular are just plain better (structured regex commands are quite a bit better than ed-style and I find myself using them far more frequently in vis than I do in vim, they're far more composable and intuitive).
The biggest thing is the heavy reliance on union file systems (and file systems in general) and an extremely simple syscall API. It's a heterogeneous-networked-node OS so it handles realistic workloads natively with primitives designed for it instead of piling complexity on top of Unix-like APIs (ie. Linux). I dunno, I just think a lot of the modern "cloud native" stack is unnecessary if you had an OS actually built for the workloads we have.
moody__
There aren't really union filesystems per se, the plan 9 kernel provides unions through its namespace model. In my opinion part of the reason why the userspace tools can be as nice as they are, are due to the use of file system interfaces and the simplistic syscall API. Could you elaborate more on the issues you see with the use of these?
In regards to using it for a "cloud native" stack, the issue is that people want to run code that isn't designed for Plan 9. You could build whatever backplane type thing you want out of plan 9 but the end goal is still likely to be to run some web app or REST api server. Unless someone does a great deal of effort to port all of those environments that people want (nodejs, modern python, etc) you're going to be stuck using a VM and losing a lot of the benefit.
This feels similar to what Joyent did with lxzones in SmartOS, where the backplane was solaris based but the apps they were running for clients were using Linux. It's hard to make the plan 9 backplane better enough to warrant dealing with integrating the guest and host environment.
zozbot234
It could be used to replace k8s-based deployments (also Docker Swarms, etc.) since system interfaces on Plan 9 are namespaced and containerized "out-of-the-box" as part of its basic design (and this is one of the most prominent additions compared to *NIX). It's not a hacked-on feature as with Linux.
raggi
In case y'all missed it in the first post, and you just want to try this out, it's working in this v86 image:
https://copy.sh/v86/?profile=custom&m=768&vram=16&hda.url=ht...
You can start tailscaled and tailscale inside the VM. It may take a while to come online sometimes due to limited proxy availability.
Edit: alt gives you the third button. To start a terminal, hold alt and right click, select new, release alt, and right click drag to size the terminal window.
adriangrigore
Webinar in progress (Google Meet) https://ftp.plan9.ts.net/webinar
packetlost
It just wrapped up, for those who would have otherwise been interested.
0xbadcafebee
I like the premise of the joke, but then as the explanation ran on... I suddenly became depressed. So much broken stuff, so much complexity.... to, what, make a network tunnel? If all this extra work was the joke, that would be funny.
rsc
We had to do some Plan 9 work, which makes sense when doing something new, but the actual Tailscale implementation is far _less_ work than for other Unixes.
badc0ffee
It sounds like the Go compiler is better after this effort - fewer Plan 9 special cases in the code.
kanwisher
wholly cow was not expecting them to patch the plan9 kernel to make this work
nasretdinov
Why not though? Seems like relatively little amount of work was missing since clearly no one seriously done something like this before :)
renhanxue
> In 1999, Intel introduced the Pentium III processor with SSE instructions.
I kinda expected this paragraph to continue with
> This has made a lot of people very angry and been widely regarded as a bad move.
o11c
Better than MMX at least.
breckinloggins
God I love plan9. Making my own os using many of its principles is a retirement project life goal.
EDIt: I reserve the name “chaos10” for this project, since - like SerenityOS - there will be no plan.
fultonb
This is so cool to see. Plan9 was a wonderful part of my COVID isolation, and I miss playing with it. This might have inspired me to spin up a 9front VM this weekend.
bradfitz
Note that the 9front patches to run Tailscale are still in progress. I was just told they'll be ready in a couple weeks.
For now only 9legacy (with all the latest changes) works.
MisterTea
> This might have inspired me to spin up a 9front VM this weekend.
Please do! Just be careful with your sysupdate.
facile3232
Plan 9 gets tailscale before a browser! Somehow this makes sense
mcdow
Rob Pike is in shambles after this devastating betrayal
rsc
Not sure what the betrayal is? He contributed a quote for yesterday's post. https://tailscale.com/blog/tailscale-enterprise-plan-9-suppo...
Happy to answer any questions!
A bunch of us are currently in https://meet.google.com/qre-gydb-mkv chatting about this. (Edit: the hour is over; we all left)
The earlier Apr 1st blog post was https://tailscale.com/blog/tailscale-enterprise-plan-9-suppo...