![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://lemmy.world/pictrs/image/8286e071-7449-4413-a084-1eb5242e2cf4.png)
Yes because immich is still not considered stable. Keep that in mind.
Yes because immich is still not considered stable. Keep that in mind.
Have found it by accident too. Just amazing.
Would love something like that for the Desktop. Basically a Cockpit+Serverbox+xpipe for my desktop clients.
Some (probably most) domain registrars allow to use different nameservers. So for example i use namecheap, since its cheap as domain registrar but cloudflare for DNS, since the API is free and widly supported.
They would not be able to really. In theory every contributor (or at least the vast majority) would have to agree to that license change.
Yes. But it allows to define a custom storage layout based on user date time filename typ and album.
I self host because i do not trust companies. I will not even consider giving tailscale the keys to my kingdom.
The company Tailscale is a giant target and has a much higher risk in getting compromised than my VPN or even accessible services.
Understand the technology that you use and assess your use case and threat model.
Why not file a bug report when it does not find all your photos?
Also may file a feature request to delete photos after set period from your device via immich?
guess a username and a password.
Security by obscurity is no security. Use something like fail2ban to prevent brute force. When you use a secure password and or key this also does not matter much.
disable root login
That does not do much in practice. When a user is compromised a simple alias put in the .bashrc can compromise the sudo password.
Explicitly limit the user accounts that can login so that accidentally no test or service account with temporary credentials can login via ssh is the better recommendation.
Imagine that the xz exploit actually made it into your server, so your sshd was vulnerable. Having it on another port does seem helpful then.
Nope. Your entire server can be scanned in less than a second for an open ssh port.
IPv6 does not change the fact since when your server is attacked the hist IP is already known.
Security by obscurity is no security.
Who the hell is pulling the docker-compise.yml automatically every release? I find myself already crazy by pulling the latest release but the compose file is just a disaster waiting to happen.
This answer here covers it quite nice imo.
Important is that you update your initramfs with the command after you edited the dropbear initramfs config and or you copied the key over.
For the client it is important to define 2 different known hosts files since the same host will have 2 different host keys, 1 when encrypted with dropbear, and 1 when operational with (usually) sshd.
Also you need to use root when you connect to your server to unlock it. No other user will work with the default setup.
How do you even encrypt a server so that it doesn’t require human intervention every time it goes down/restarts?
The only time my Server goes down, is when i manually reboot it. So waiting a minute or two, to ssh into it and entering the passphrase is no inconvenience.
I use full disk encryption for every server (and other computers).
Encrypting your data drives is a must for everyone imho. Encrypting the OS is a must for me🤷♂️
Password protect your phone?
When a private key gets compromised just delete the public one from the allow list?
https://en.m.wikipedia.org/wiki/Mechanical_calculator Yep it was a thing. Ever heard of “the bomb” https://en.m.wikipedia.org/wiki/Bombe.
That argument is not valid. Just because it has moving parts does not mean it has a higher power draw. Look at your CPU for example.
I recommend, reading the release changelogs actively. For most services you can just put the github release page in an RSS reader to get a notification when a new release hits, so you can quickly look for any breaking changes, also this will give you info about new features.
I have been using watchtower for a few years. No problems with auto updates so far, but keep your backup handy.