Yes. But it allows to define a custom storage layout based on user date time filename typ and album.
Yes. But it allows to define a custom storage layout based on user date time filename typ and album.
I self host because i do not trust companies. I will not even consider giving tailscale the keys to my kingdom.
The company Tailscale is a giant target and has a much higher risk in getting compromised than my VPN or even accessible services.
Understand the technology that you use and assess your use case and threat model.
Why not file a bug report when it does not find all your photos?
Also may file a feature request to delete photos after set period from your device via immich?
guess a username and a password.
Security by obscurity is no security. Use something like fail2ban to prevent brute force. When you use a secure password and or key this also does not matter much.
disable root login
That does not do much in practice. When a user is compromised a simple alias put in the .bashrc can compromise the sudo password.
Explicitly limit the user accounts that can login so that accidentally no test or service account with temporary credentials can login via ssh is the better recommendation.
Imagine that the xz exploit actually made it into your server, so your sshd was vulnerable. Having it on another port does seem helpful then.
Nope. Your entire server can be scanned in less than a second for an open ssh port.
IPv6 does not change the fact since when your server is attacked the hist IP is already known.
Security by obscurity is no security.
Who the hell is pulling the docker-compise.yml automatically every release? I find myself already crazy by pulling the latest release but the compose file is just a disaster waiting to happen.
This answer here covers it quite nice imo.
Important is that you update your initramfs with the command after you edited the dropbear initramfs config and or you copied the key over.
For the client it is important to define 2 different known hosts files since the same host will have 2 different host keys, 1 when encrypted with dropbear, and 1 when operational with (usually) sshd.
Also you need to use root when you connect to your server to unlock it. No other user will work with the default setup.
How do you even encrypt a server so that it doesn’t require human intervention every time it goes down/restarts?
The only time my Server goes down, is when i manually reboot it. So waiting a minute or two, to ssh into it and entering the passphrase is no inconvenience.
I use full disk encryption for every server (and other computers).
Encrypting your data drives is a must for everyone imho. Encrypting the OS is a must for me🤷♂️
Password protect your phone?
When a private key gets compromised just delete the public one from the allow list?
https://en.m.wikipedia.org/wiki/Mechanical_calculator Yep it was a thing. Ever heard of “the bomb” https://en.m.wikipedia.org/wiki/Bombe.
That argument is not valid. Just because it has moving parts does not mean it has a higher power draw. Look at your CPU for example.
We talk about software that is considered stable. That has verification checks for the backup. Used by thousands of ppl. It is unrealistic.
Until they hit a hard bug or don’t support newer transport formats or scenarios. Also the community dries up eventually
That is why you test your backuo. It is unrealiatic, that in a stable software release there is suddenly, after you tested your backup a hard bug which prevents recovery.
Yes unmaintained software will not support new featueres.
I think you misunderstood me. You should not use unmaintained software as your backup tool, but IMO it is no problem when it suddenly goes unmaintained, your backup will most likely still work. Same with any other software, that goes unmaintained, look for an alternative.
One of the main reasons why I avoid softwares such as Kopia or Borg or Restic or whatever is in fashion:
- they go unmantained
- they are not simple: so many of my frienda struggled restoring backups because you are not dealing with files anymore, but encrypted or compressed blobs
- rsync has an easy mental model and has extremely good defaults
Going unmaintained is a non issue, since you can still restore from your backup. It is not like a subscription or proprietary software which is no longer usable when you stop to pay for it or the company owning goes down.
The design of restic is quite simple and easy to understand. The original dev gave multiple talks about it, quite interesting.
Imho the additional features of dedup, encryption and versioning outweigh the points you mentioned by far.
Mindfactory is a good store for middle Europe. But not sure where they ship to.
With the right timing/deals you get them even cheaper. Mindfactory had 20 TB Seagate exo drives on a deal for 219€ (~11€/TB) The 18 TB Seagate exos were often on 239€. (13.2€/TB)
They would not be able to really. In theory every contributor (or at least the vast majority) would have to agree to that license change.