On that VPS I’ve also installed pihole to act as DNS for the tailnet.

What’s the upstream server for pihole? Is it also Quad9, or are you doing full recursive DNS with unbound or something?

Needless to say, Quad9 is not located in my home country.

Quad9 uses an anycast IP that can route to one of over 200 locations in 90 different nations, usually this routes to your closest location.

You can use on.quad9.net to check if you are using Quad9.

Most of the setup guides I’ve seen, have a udev rule that runs nvidia-modprobe. Here’s one I just found.

I avoid O365 as much as possible, but when I need to, I do occasionally use it with Crossover and it seems to work. Activation was a little bit janky, but did work.

Crossover is a paid version of WINE, and the other apps I’ve seen mentioned run Windows in a VM and forward the apps through RDP. There are advantages to both approaches, but I prefer the efficiency of Crossover.

Intel gets around this by designing their cards with a DP to HDMI converter chip built in, perhaps that’s possible with external adaptors?

I’m not sure if this is the same issue, but one of my monitors had VRR supported on a NVIDIA card, but not on an Intel card. I ended up modifying the EDID to enable extd_timg and it’s been working fine since then. I wrote a blog post a while back here.

they are asking customers to shift to their WARP client instead.

I just use WARP, and just send plain text DNS over it to 1.1.1.1. I believe this is superior to DoT or DoH, because the client don’t have to do any sort of handshake for each request and everything still goes over UDP while still being encrypted. If it’s setup correctly, one.one.one.one/help will say you’re using DNS over WARP.

Actually I’ve got a weird setup where I’ve converted the WARP client to a wireguard profile and I run it on my router, but only route 1.1.1.2 and 1.0.0.2 through WARP. That way I can still traceroute 1.1.1.1 while debugging my network.

You can still have that script, but put it on the releases page. Git works best with actual source code and it doesn’t belong there. You should also add an extra script that generates one of those ‘compiled’ scripts to the git repo, so that people can do it themselves.

Maybe it was used as some sort of privilege escalation? E.g. NP++ downloads an XML file to %TEMP%, some already present malware modifies it, then GUP downloads a payload and executes it with administrator permissions.

If you just want an IPv6 prefix and don’t need the encryption a VPN provides, you can use an IPv6 broker. Hurricane Electric’s broker is a popular one.

Yeah thats fair enough. The ACS override patch should still have better isolation and speed than anything else you can do without native ACS, the security implications are just it’s theoretically possible to intercept another PCIe device’s traffic through the NIC; you can read more here.

SR-IOV works by presenting one device as many, which you can passthrough one of those to your VM. Meaning SR-IOV only works through PCIe passthrough, so you’d have to figure that out first. The GPU guides should get you most of the way there.

Some distros include an ACS patch into their kernel (e.g. Proxmox, and I think CachyOS), which lets you passthrough devices without hardware support (but lacking some security features).

I believe it might be possible to ‘passthrough’ the VF from the host without PCIe passthrough (I’ve only done this with containers though), but performance is often worse than just using a bridge.

The browser extension also lets you scan the page for QR codes for the TOTP key.

Someone has also just done 100 modems over a T3 line using Cisco gear: https://youtu.be/rOdGK6GVIVU

https://archive.md/mVUfw

The EMC2101 is a slightly modified clone of the LM63, so if you connect it to your board’s I2C bus and instantiate the lm63 driver to the right address, it should show up in lm-sensors like a normal PC fan. Or there’s userspace python drivers, if you don’t need a kernel hwmon interface or can’t get it to work.