On that VPS I’ve also installed pihole to act as DNS for the tailnet.

What’s the upstream server for pihole? Is it also Quad9, or are you doing full recursive DNS with unbound or something?

Needless to say, Quad9 is not located in my home country.

Quad9 uses an anycast IP that can route to one of over 200 locations in 90 different nations, usually this routes to your closest location.

You can use on.quad9.net to check if you are using Quad9.

It works with Crossover, just hope they can port their changes one day.

That limp mode is usually controlled by ‘BD PROCHOT’, it can be disabled, but check your sensors and make sure there isn’t something wrong before doing so.

Most of the setup guides I’ve seen, have a udev rule that runs nvidia-modprobe. Here’s one I just found.

Yeah it used to be broken for me too, I think only recently did it actually let me activate it. My university also uses Duo 2FA, and I activated it fine. But sometimes it doesn’t activate on the first try, you have to reopen office a few times.

Also it seems to only let you activate it, you can’t actually sign in with your account for online features yet.

I avoid O365 as much as possible, but when I need to, I do occasionally use it with Crossover and it seems to work. Activation was a little bit janky, but did work.

Crossover is a paid version of WINE, and the other apps I’ve seen mentioned run Windows in a VM and forward the apps through RDP. There are advantages to both approaches, but I prefer the efficiency of Crossover.

Intel gets around this by designing their cards with a DP to HDMI converter chip built in, perhaps that’s possible with external adaptors?

I’m not sure if this is the same issue, but one of my monitors had VRR supported on a NVIDIA card, but not on an Intel card. I ended up modifying the EDID to enable extd_timg and it’s been working fine since then. I wrote a blog post a while back here.

they are asking customers to shift to their WARP client instead.

I just use WARP, and just send plain text DNS over it to 1.1.1.1. I believe this is superior to DoT or DoH, because the client don’t have to do any sort of handshake for each request and everything still goes over UDP while still being encrypted. If it’s setup correctly, one.one.one.one/help will say you’re using DNS over WARP.

Actually I’ve got a weird setup where I’ve converted the WARP client to a wireguard profile and I run it on my router, but only route 1.1.1.2 and 1.0.0.2 through WARP. That way I can still traceroute 1.1.1.1 while debugging my network.

You can still have that script, but put it on the releases page. Git works best with actual source code and it doesn’t belong there. You should also add an extra script that generates one of those ‘compiled’ scripts to the git repo, so that people can do it themselves.

It’s easy enough to add your own secure boot keys, you can even remove the Microsoft keys so that only your OS will boot.

windows server edition which not possible to get if u are not business client and it cost 800$

It probably depends on your uni, but students can get Windows Server licenses for free on Azure Education.

You’re going to have a hard time trying to get that working over the WAN (if that’s even possible).

Wake on LAN is still encapsulated in an IP packet, so you can send it over the internet, and most WOL clients let you specify an IP. However your router will need to DNAT it to a broadcast address. Some routers have a check box for this (e.g. An ISP provided Technicolor router I have), some let you port forward to broadcast (e.g. Many routers, sometimes with workarounds), and some let you manually configure NAT (e.g. MikroTik routers).

So it is possible, but forwarding public internet traffic to a broadcast address seems like a bad idea, and I wouldn’t recommend it. Why I know this: I used to do this in middle school, and it does work quite well.

Depending on your BIOS and with fast boot, you might need to just hold one of the keys while booting instead of spamming it on boot.

If you just want an IPv6 prefix and don’t need the encryption a VPN provides, you can use an IPv6 broker. Hurricane Electric’s broker is a popular one.

Yeah thats fair enough. The ACS override patch should still have better isolation and speed than anything else you can do without native ACS, the security implications are just it’s theoretically possible to intercept another PCIe device’s traffic through the NIC; you can read more here.

SR-IOV works by presenting one device as many, which you can passthrough one of those to your VM. Meaning SR-IOV only works through PCIe passthrough, so you’d have to figure that out first. The GPU guides should get you most of the way there.

Some distros include an ACS patch into their kernel (e.g. Proxmox, and I think CachyOS), which lets you passthrough devices without hardware support (but lacking some security features).

I believe it might be possible to ‘passthrough’ the VF from the host without PCIe passthrough (I’ve only done this with containers though), but performance is often worse than just using a bridge.

To prove your point even more, WannaCrypt has a platinum rating on WineHQ.

The browser extension also lets you scan the page for QR codes for the TOTP key.

And I feel like it’s not a good idea to have a modem directly attached to the pc directly unless you’re using it as a router?

Yeah I feel like this is the issue. The modem/router would be firewalling between the networks hiding the PC behind it.

Also from the description, does OP have a router at all? Is their ISP somehow just allocating public IPs to everything? Do your IPs start with 192.168 or something else?