Mordikan

No, installing Tailscale on all machines is not actually required. You can setup a funnel that exposes a service to the internet for all to see. This also removes the requirement for them to access via Wireguard if desired. https://tailscale.com/kb/1223/funnel

I think the idea of an IP address (IPv6 or not) providing anyone a semblance of privacy is wishful thinking in this age. Google ad revenue in the EU is estimated to be lower because the power in GPDR areas isn't in PII obfuscation, its in the consent model. Positive opt-in to Legitimate Vendor Interest makes tracking difficult, not whether your IP is generic. You have to remember companies like Google are still able to monetize off of users in mobile CG-NAT environments in the US/EU. Given the roughly 150 other metrics Google (or any publisher/SSP would have access to), removing one doesn't really stem the tide.

What's also interesting is how IPs become anonymized. For IPv4, the industry standard I kid you not is to take the 4th octet and mark it zero. That's it. It just assumes carriers use /24 CIDRs like someone's home network might. The funny part is what if that was 50.50.0.0/22? A publisher could in practice replace one user's IP with another user's IP which means that they still would be passing PII unanonymized which could violate GDPR.

IPv6 uses the same basic system. 2001:db8:85a3:8d3:1319:8a2e:370:7348 becomes 2001:db8:85a3::. You just truncate at the 64th bit. Rolling through available host bits doesn't really matter then. IPv6/IPv4 really aren't ever used for Google user syncing.

I've mentioned this elsewhere, but to fair, even without you providing Google an IPv6 address, they still know exactly which computer contacted them from inside your LAN. Even in GDPR territory they can do that.

Yes, that is correct. As I said, there is probably already a docker image out there for the provider you go with.

I think its easier and shorter to say what is the same between the two than different, but some things that are different:

1. Filesystem (ex. Linux treats everything as a file, more flexibility in organization, more compatibility for differing systems, etc)
2. Security Model (NTFS vs UNIX, selinux, ACLs, etc)
3. File Execution (File extensions don't really matter in Linux - based on file permission not extension, ELF vs PE, etc)
4. Kernel (Monolithic vs Hybrid kernel systems - Windows hands off to HAL vs the Linux kernel doing core functions)
5. System Calls (Windows use Win32/NT APIs, Linux uses POSIX-compliant)

Performance is dependent on use case, but in general:

1. Linux uses fewer system resources
2. Linux has faster boot time
3. Linux has better CPU/disk throughput
4. Windows has better gaming driver support
5. Linux has higher stability/control (hence why its the defacto server OS)

If we stripped all ms's junk out and made windows open source, would we still prefer linux?

In what context? For gaming maybe, but that's one single use. There is more to computers than video games, at least for the majority of Linux users. I wouldn't trust Windows on any server I run.

Pretty sure that is just a discrepancy between when a site has last checked client announcements from the tracker and when what the tracker currently shows. As of 2025, TPB for example links to 3.2 million torrents. Assuming client announcements were set to an average 1hr interval, that would require TPB to make 76.8 million checks every day for announcement updates.

So, I could see sites not maintaining accurate seeder/leecher data.

The only real constraint here is VPN port forwarding. You would need a VPN provider that supports that in order to hit DHT swarms. So, just make sure the provider has that.

As for kill switching, run the VPN and torrent client through docker. There is probably already a docker image out there that does that depending on what provider you go with. Essentially what you'd be doing is sandboxing your torrent client and then only passing in the VPN interface via docker network to that client. If the VPN tunnel goes down there is no other egress point off the network segment and zero chance for traffic using a different interface.

One correction to this:

The Arch package manager is Pacman, not AUR. AUR is the Arch User Repository and is definitely not stable :)

I would only expose a port to the Internet if users other than myself would be needing access to it. Otherwise, I just keep everything inside a tailscale network so I can access remotely. Usually I believe people put a reverse proxy in front of the Jellyfin server and configure your certificates from there. So Jellyfin to proxy is insecure and then proxy to internet is secure. Lets Encrypt is an easy way to do that. And if you are going to expose a port you definitely want fail2ban monitoring that port.

If using tailscale funnels, you can technically skip the certificate part as that's done for you, but that would take away from the learning experience of setting up a proxy.

Some ISPs block that site via DNS. If you switch your DNS server to something like 1.1.1.1 it may work.

So, the questions really are can your hardware support Windows 11 and if not can you easily flip to Linux.

1. The Asus Z170 motherboard looks like it supports TPM 2.0, but it doesn't look like the i7-6700K does as that is a 6th gen Skylake CPU and Win11 starts at 8th gen. You might double check that with the TDM tool Microsoft offers though.

2. Cakewalk and Ableton appear to work in Linux, but not without some tweaking.

My suggestion would be to do nothing. If you can't update without a rebuild and you can't migrate without a lot work, just do nothing. Your Windows 10 installation will still work. You won't receive any additional updates for it, but if that is the best solution for you at this time, then that's what you should go with.

For the kiddo: Get a body wrap. It lets you because hold the baby to you securely while you do other things. I worked on-call shifts handling downed MPLS circuits for a carrier back in the day with my daughter strapped to me. A couple years later she would get to visit me at work. She was the only 2 year old who technically had PBX configuration experience (I didn't know the keyboard was still connected).

I don't trust them, but based on some assumptions. They are statically less likely to be taken down. That cannot be argued, but because of strictly enforced rules, most (at least the ones I've seen) do not allow VPN IP addresses to be registered. The issue there is the user has a forced increase in reliance on the site operator to maintain pseudo-anonymity.

The fact you were able to buy in without any proof of who you are or that I've encountered people just giving away invites to strangers, would suggest at least some of these trackers are not trustworthy. What protects those communities is their insular nature. Once that's circumvented, its essentially just the same as a public tracker.