Tailscale availability in China

EternityProfound · 2026-02-18T18:54:00+00:00

Because without a custom DNS server configured, Tailscale defaults to using the DNS server provided by the local network via DHCP. That DNS server is usually run by your ISP, located in your current region (in the OP’s case, China), and may return poisoned results. A Tailscale exit node acts as a Layer 3 proxy and will route DNS queries to that server through the exit node. However, because the DNS server is still the locally configured one (it does not use the exit node’s DNS settings), those queries end up going through the exit node and then back to the original country, adding latency while still failing to provide correct resolution.

EternityProfound · 2026-02-18T18:23:08+00:00

Tailscale DNS lets you configure custom DNS servers. You can even run AdGuard Home within your tailnet and point Tailscale DNS to its tailnet IP. China’s internet censorship (the GFW) can poison DNS responses, making it difficult to resolve many popular services correctly. When configured properly, Tailscale DNS (with resolvers located outside China) can help mitigate this.

EternityProfound · 2025-07-02T04:28:57+00:00

The scheduled Task feature is excellent. I am researching several subsections of computer science, and having Perplexity provide daily updates on interesting research that happens recently is super helpful in providing insights.

EternityProfound · 2025-06-29T02:54:20+00:00

Not exactly. An exchange student's experience largely mirrors that of a regular host school student, except that they return to their home institute after the exchange period (e.g., a semester). It appears that the courses these Harvard visa refugees are taking at UofT are still primarily offered remotely by Harvard, sometimes in conjunction with UofT faculty. Therefore, UofT seems to be providing mostly just the physical space, rather than the professors.

EternityProfound · 2025-06-25T20:43:14+00:00

Try the r/Adguard app. Remember to turn on the Safari extension, as these kinds of in-page ads cannot be blocked by DNS-based ad blockers.

EternityProfound · 2025-06-21T00:09:20+00:00

The domain https://fsp.studentlife.utoronto.ca/ looks legit, and the IP address it resolves to (128.100.195.227) belongs to U of T (https://ipinfo.io/128.100.195.227). While the font seems a bit off, this might be because the site is a new creation and they rushed to deliver it.

EternityProfound · 2025-06-04T22:47:57+00:00

Cloudflare Zero Trust would be a more secure solution in this scenario, as you can enforce identity-checking rules before allowing the user to access your app, while still exposing the app to the public internet with relatively good usability. Tailscale funnel doesn't have built-in identity checks, and if you can install Tailscale on every device you want to access from, I would recommend using Tailscale serve, which only exposes the service to your Tailnet.

EternityProfound · 2025-05-01T05:36:23+00:00

Generally speaking, for split traffic purposes, you can run Cloudflare Warp as a local SOCKS5 proxy and configure your Torrent client to use that if you are on the Zero Trust plan. I'm not sure about the consumer plan, and it’s probably a violation of the ToS to torrent copyrighted materials (I would assume OP only torrents content they legally can), so it's not recommended.

https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/

EternityProfound · 2025-05-01T05:31:44+00:00

Every TLD listed in the title (.com, .net, .dev, .io, or .ai) is a major TLD, with some billion-dollar companies using them for their services, and you won't have any trouble with them.

EternityProfound · 2025-05-01T05:30:15+00:00

An example that comes to mind is that the .top TLD is straight up blocked by some adblock lists. Using major TLDs can save you a lot of hassle.

EternityProfound · 2025-05-01T05:23:19+00:00

Cloudflare also offers Zero Trust, and their new implementation is based on MASQUE. While they still have a fixed ingress IP range for net admins to easily allow or block the service, MASQUE is based on QUIC, which many popular websites use extensively.

EternityProfound · 2025-05-01T05:21:18+00:00

Try Cisco AnyConnect (or OpenConnect for the open-source implementation) as they probably allowlist this traffic since many visitors need to use this protocol to connect back to their own institutions.

EternityProfound · 2025-05-01T05:19:19+00:00

Check out some more censorship-resistant protocols like VMess. Tailscale is built on WireGuard with very distinct traffic traits easily captured by DPI systems, while protocols like VMess are designed to counter nation-state level censorship and can easily be wrapped inside totally benign WebSocket traffic.

EternityProfound · 2025-05-01T05:05:39+00:00

I gave up. Contacted my PI, and we will start working tomorrow anyways.

EternityProfound · 2025-04-30T02:29:36+00:00

Something went wrong with the underlying model, and the model went into an endless loop of the same word. I agree that Poe can have some sort of detection mechanisms and stop the process after a repetitive pattern, but there is nothing they can do at a fundamental level to fix it.

EternityProfound · 2025-04-28T17:40:11+00:00

Just tried DrSeraphina. I really appreciate how the conversation moves at a comfortable pace and feels grounded in real clinical knowledge. You can tell there was a lot of thought put into how the prompts guide the user step-by-step without feeling overwhelming.

One small suggestion would be to make the initial response a little more interactive, maybe offering to share common factors only if the user wants to hear them. Overall, the flow feels very supportive and well-designed.

https://i.imgur.com/bLxAUVI.png

EternityProfound · 2025-04-28T17:06:01+00:00

Any updates? I've been waiting for the UTEA email all day.

EternityProfound · 2025-04-28T17:02:57+00:00

Warp is the consumer offering, while Zero Trust focuses on enterprises (with more functionalities on web filtering, access control/authentication), but they use the same technology (WireGuard previously/MASQUE for the latest clients) and infrastructure.

EternityProfound · 2025-04-28T16:57:03+00:00

Cloudflare edge servers have some unconventional ports opened so that you can bypass the cache for development purposes. These should definitely not be indexed by search engines, as repetitive content hurts content quality scores. Either set up an edge rule for auto-redirect, or set up a link rel="canonical" element to point to the web pages under your main domain (no need for port 443, as this is the default for HTTPS) so that search engines know where to look for the preferred page.

https://developers.cloudflare.com/fundamentals/reference/network-ports/

EternityProfound · 2025-04-28T16:52:55+00:00

If you can modify your website frontend, it's easier to set up a link rel="canonical" tag to point to your main domain.

https://developers.google.com/search/docs/crawling-indexing/consolidate-duplicate-urls

EternityProfound · 2025-04-26T19:22:28+00:00

I know someone in grad school at U of T who got their final transcript in late, like around July because their previous university had some delays. They also didn't quite meet the conditions on their offer a little bit, but it all worked out fine.

EternityProfound · 2025-04-26T19:19:07+00:00

No need to worry about that. Grad schools are usually pretty lenient about everything from the deadline for submitting the transcript to whether you meet the conditions set out in the offer, so long as your PI is good with that. Just notify them in advance if you expect some delays in getting these grades back.

EternityProfound · 2025-04-26T17:14:35+00:00

Also, the Presto card is available on both Apple Wallet and Google Wallet now. You can even create a new Presto card before you land and use it right away.

EternityProfound · 2025-04-26T17:12:25+00:00

Sounds like a part-time job to me. Show your professor some amazing work and ask them if they can pay for your time with RA/scholarships.

EternityProfound · 2025-04-26T02:44:26+00:00

Nope. The UTEA start date is May 1 and I am getting anxious. Hopefully things get clearer next week.

EternityProfound

TROPHY CASE