The OOM killer is particularly bad with ZFS since the kernel doesn’t by default (at least on Ubuntu 22.04 and Debian 12 where I use it) see the ZFS as cache and so thinks its out of memory when really ZFS just needs to free up some of its cache, which happens after the OOM killer has already killed my most important VM. So I’m left running swap to avoid the OOM killer going around causing chaos.

I have a pretty new AMD system I use for gaming. The vast majority of games run in a Windows VM in Proxmox with GPU passthrough with exception to Fortnite which runs directly on hardware on a different boot drive specifically because Easy Anticheat blocks VMs. That dedicated install becomes less and less attractive by the day.

The problem is if anti-cheat does not have full access but the cheat does, the cheat can just hide itself. Same for anti-virus vs viruses. It’s particularly nasty on free-to-play games where ban evading really just means you have to get a new e-mail. It’s the same reason why some anti-cheats block running games in VMs. Is it fool proof? Hell no! Does it deter anybody not willing to buy hardware to evade VM detection or run the cheat on completely separate hardware? Yes.

Personally, I’d prefer having a stake/reputation system where one can argue that they can be trusted with weaker anti-cheat because if you do detect cheating then I lose multiplayer/trading/cosmetics on the account I’ve spent $80 USD or more on. Effectively making the cost of cheating $80 minimum for each failed attempt. Haven’t spent $80 yet? Then use the aggressive anti-cheat.

If your domain will NEVER send e-mail out, you only really need and SPF record to tell other servers to drop e-mail FROM your domain. Even that’s somewhat optional. If you ever plan on sending ANY outbound (you should at very least for the occasional ticket) then do DKIM, DMARC and SPF. The more of these you do, the less likely e-mails FROM your domain are to be flagged as spam.