So I am pretty sure that error is happening because certbot can’t retrieve the certificate which is coming from that API no matter what type of challenge you are using (this is what ACME is).

Now when you say you are blocking inbound traffic, have you made an exception for established outbound session return traffic? If not then you your inbound rule will block all traffic because without that exception the explicit deny will typically override any session/stateful based rules your firewall might have by default (this applies to most firewall vendors I have run into).

That said, I’m not sure what your goal is but blocking outbound traffic to those ASN might be more effective for you anyway because your firewall should already be dropping any inbound traffic that isn’t otherwise allowed so I’m not sure blocking inbound traffic really gains you anything but I’m just guessing. Hope that all makes sense!

Oh I have a very specific one for you buckle up haha. So one thing in macOS that gets progressively better and worse over time is actual multi-monitor support. It’s fine but I swear either no one at Apple uses multiple monitors or everyone actually has only cinema displays arranged in a horizontal line haha. I have used OSX/macOS for a long time and it was much worse for a long time but had gotten pretty workable then BAM around Tahoe or so arrangement is buried in some menu now and I’m not sure the function of the row of displays actually is now? Anyway, it’s mostly great, this is the one thing that apparently turns into a rant haha! Okay two things, bring back eGPUs on Apple Silicon :D

I think your bigger problem with that board is going to be that PCIe slot is a PCIe 2.0 x1 slot so it will be slow but you can just use an adapter like this:

https://www.newegg.com/startech-com-model-pex1to162-pci-express-to-pci-card/p/N82E16815158223

Flexible versions exist too! I’m also not sure you would get a lot of benefit out of a GT730 really so YMMV.

I am in the same boat, long time infrastructure automation engineer as well. Sometimes it’s faster to explain how terraform or whatever needs to act and then fix the issues rather than having to sift through the docs for every provider.

I also do a similar thing to you with code, I also have to read a lot of other people’s code in languages I don’t know to help troubleshoot things and while I can usually follow the logic it is such a time saver to have AI to read the docs for the libraries and languages for me to at least find the part of the docs I need to read faster than searching myself.

Overall, I also agree with the sentiment on AI most of the time and all of its criticisms are definitely valid but I think too many people try to use AI to do their work for them instead of using it more like a rubber duck you can program with normal language.

Something to consider, there is also a third category of “Combination” which is some of both. Also, hyperactive is not necessarily the classic “running around” and can be things like “interrupts people because the idea comes flying out” or “silent rooms sometimes make my brain fuzzy” (both of which describe me sometimes). It’s less about which one you “qualify for” as I thought for a long time and more about how many of them impact your life to the point that it is a problem for you and it has always changed over time for me at least!

Lots of good suggestions here already but what is your upstream DNS provider and is it your ISP DNS from DHCP?

Yeah I’m curious too because I have played Cyberpunk without any issue on both the steam deck and bazzite for a long time, cyberpunk even has a graphics preset for the deck so I’m not sure what’s happening either.

EDIT: Even using both AMD and NVIDIA graphics cards (before the latest nvidia driver version debacle though)

Lots of good alternatives advice already here but I have a couple comets and they work pretty well! They don’t require cloud access except for updates if you want them, I think it has Tailscale built in as well. Their newest one has an HDMI pass through as well which is handy in some situations. I have the PoE version of the other one and it works the same way, the power control kits work too! I also have a jet KVM and it’s fine, I like the comet better I think! They have also open sourced their cloud thing so you can centrally manage them all, it’s pretty neat!

If you find one you really like and want heavier you could have it printed in metal with like shapeways or PCBway or something I bet! Or even metal-fill filament depending on your printer!

I am not sure I could pick a favorite but here is my desk’s current fidget toy box hah! If I had to it’s probably the fidget cube or whatever is in my pocket. Also, I’m going to need to know more about this floppy chain most importantly where do I get one 😄

Oh this absolutely happens to me to the point that I just tell people when I meet them that it might happen but I do try because I have a lot of names rattling around in my head hah! I also use how someone answer ls as a sort of read on who they are as a person haha. That said, I have never had someone call me selfish but if they did I would probably respond by telling them that it’s selfish to think everyone should remember their name and to remember they are not the main character in anyone’s life but their own. I try not to be mean about it but I am definitely snarky about it.

Yeah I thought so too! I am not sure why it’s not appreciated more either, it was a great read!

This was a great episode, this is one of my favorite podcasts so I was able sign up for a forkiverse account in time hah! It actually went pretty well and it was cool to watch it get more active!

Here is the episode page: https://www.searchengine.show/the-fediverse-experiment/

Their episodes are always interesting! Definitely worth a listen! If you like that type of podcast definitely check out Hyperfixed and Heavyweight.

Okay lots of good info here but just to make sure it was clear that you are kinda solving two different but related problems. Connectivity with WireGuard or other VPN and split-horizon or multi-horizon DNS (Wikipedia) which also called a view sometimes (like BIND) and can also be done with two different DNS servers. You can sorta do it with AdGuard but it is tedious to maintain. If you are using a wildcard rewrite it works alright but that isn’t necessarily the same as a CNAME or subzone delegation.

The next pice I’m not sure I saw mentioned is that WireGuard is not like other VPNs in that if two nodes are on the same network they will generally communicate directly peer to peer even over WireGuard addresses so you don’t really need to worry about traffic hairpin like you described unless you configure it to do so (which is more like traditional VPN would act). Tailscale is similar in concept but it uses different terms and technologies.

Anyway not sure if that helped or made it more confusing but there are may ways to solve it so good luck! FWIW, my home network is currently set up with a public zone on a commercial provider. It has a wildcard CNAME to something like proxy.domain and that is an A record containing the WireGuard addresses. Then my local DNS overrides the one A record for the proxy internally which I only get when WG is off. I would rate this solution adequately functional but medium level of janky, 8/10 would use again :D

Yeah! It had a bunch of “wait not everyone does that?” moments for me haha.

My two favorite books to recommend, and both are good audio books, are “Faster Than Normal” and “ADHD 2.0” when people ask because they are very positive I think, the latter being more science oriented and interesting to know more of the why, both are great though. FTN has a lot of good stories that describe things well, it’s often the one I tell NT people to read to understand how my brain works as well! Another good one I enjoyed was Order From Chaos, lots of good “real life” stories in that one like having a doom room of stuff haha.

Okay I saw your previous post but I’m curious now. What happens if you curl your IP address on port 80? Does it send back a 30X redirect for SSL to your newly configured subdomain as the new default location for r do you get back your IP but using SSL?

The best way I would describe how they help me it is that they give me the ability to choose what to do or think on much more intentionally, even if that ends up being nothing because I am not motivated. So from my experience (aderall and vyvanse) they won’t give you motivation but they will let you be more in control of your mind which is always good.

Hah I am glad it was helpful! Glad to share, I always felt like half the point of learning is to share what you learned. That is one of my favorite “hidden gems” for lack of a better term that can be a real time saver.

Bonus just for more fun: you can use cd - to switch back to the directory you were last in after changing directories, it toggles the top two paths in the stack. It is similar to how pushd/popd work if you have you used those. I use that one a ton, there are fancier tools now but that one works everywhere.

Oh also, anyone on a Mac needs to know about pbcopy, Linux has xclip and I don’t remember what the Wayland analog is.

To add to this one, it also supports more than just the previous command (which is what !! means), you can do like sudo !453 to run command 453 from your history, also supports relative like !-5. You can also use without sudo if you want which is handy to do things like !ls for the last ls command etc. Okay one more, you can add :p to the end to print the command before running it just in case like !systemctl:p which can be handy!