I am not understanding the issue you have with DNS?
Just have a script that updates the DNS entry to your current public IP.
If you do not like Cloudflare there are plenty of other services that offer a free API with their DNS service.
Lennart Poettering intends to replace "sudo" with #systemd's run0. Here's a quick PoC to demonstrate root permission hijacking by exploiting the fact "systemd-run" (the basis of uid0/run0, the sudo replacer) creates a user owned pty for communication with the new "root" process.
To my understanding that actually solves issues. A lot of ppl already prefer other tools like doas since sudo is basically "too big" for what it does.
More code means more potential bugs. run0 has to my knowledge significantly less code. And the benefit of not relying on SUID.
In the end, you do you. The big distros will adopt what is good for them and good to maintain. You do not have to use it.
Just subscribe to the release channel. That varies from OS to OS or Software, but is worth it.
Use tools that are universal. For example, I have not used TrueNAS Scale because they did not support native docker at the time. OS specific solutions are more likely to break then universal once (truecharts vs docker)
To get up and running again after a complete failure i can just download the latest config and data from my backup and set up any distro that supports docker and my system is running again.
I do OS upgrades when they are available, usually within 1 or 2 days and containers are updated with watchtower daily.
The main difference i would say is the development and licensing model.
Photo prism is forcing ppl who want to commit to sign a CLA to.give away their rights. Also the community is not really active it is mainly one dev that can change the code license on any given time.
Immich does not have such an agreement and has a huge active contributor community around it. Also Immich is backed by Futo which has its pros and cons.
Imho the biggest pain in self hosting is when a foss product turns evil towards its community and start to practice anti consumer/free selfhosters business practices.
Immich is far less likely to turn evil.
Edit: I think it is the biggest pain cause you have to migrate every device and person to the new service.
So I'd like to split my passwords file into multiple "files", where the unimportant logins are permanently unlocked for convenience, while the more sensitive login credentials remain encrypted until I actually need them.
And how should that protect you against an attack that has compromised your system? If the system is compromised, then an additional lock does not hinder the attacker to wait until you open it.
The tweet he commented on was indeed a nice idea, but a CEO should have more foresight that the things Trump stated in it would not be true.
When you look at it now, it looks like it was more or less a threat that led to a closer relationship between "tech bros" and the current administration instead of the "take down" of them.
Immich requires to be run on a server to function, but a lot of (or even all) of its functions are things that could reasonably done entirely on-device. Aves combined with some automatic backup solution such as Nextcloud gets (from what I can tell) most of the functionality Immich offers.
How would you backup Immich on device?
And if you backup to Nextcloud than you already have a served?
So you are arguing that having a file server is enough?
And processing is done on client side?
That would be in this case very inefficient.
You would need to have all the data on the Client or transfer all the data to the client once you load it.
You device has to do all the processing which would lead to lower battery life.
How do you handle multiple Users? Giving partially access to the Filesystem?
I could come up with other points but this should give you an idea. Yes, for some use cases a server-client approach does not make sense but for a dedicated photo backup and indexer it absolutely does.
I am fully backing up my Mail Server with some exclusions like /tmp etc. with restic now for over a year, including updated binaries and docker images etc. and have about 16GB of data with hourly backups for over a year.
If you use any kind of deduplication and or compression, the system files do not amount to any meaningful size (assuming there is no additional encryption on the VM disks). Especially when you consider the size of OPs data, 1,5TB, then the couple of GB of system binaries etc. do not really matter.
Seagate has been very hit n miss with me. I've had one of their drives last near a decade only for a newer model of the same drive to fail within 6 months.
This is called anecdotal evidence and does not serve any purpose.
What's generally considered more reliable brands for around the same price? preferably ones easy to grab in the UK.
Get the best price/performance/capacity/warrenty drive from any of the 3 major brands and you are good.
Look up the backblaze drive analysis to get an idea.
Depends on the root setting. And depends on your goal. What is the purpose of the proxy? I doubt that it is easy to bypass, but you still could run a Proxy or VPN as user, this would not bypass the proxy but any filtering/blocking would not be possible. Etc
TL;DR - Quantum computing is great, if you're the bad guy. For the rest of us, there's a cost/value tradeoff in defending against quantum computing threats. People will tell us it's too much hassle to upgrade our encryption, but it can be done with reasonable effort.
And a big point is, it is a technology that we have to develop anyway, since big targets like governments, military or big financial or economic companies would want to defend against anyway.
To my knowledge there exists exactly one reactor in china, and this is a test project. We know very little about it. I have seen many many talks in the last 10ish years but for such a "break trough idea" very very little actual physical proof for any of the big claims.
I am not understanding the issue you have with DNS?
Just have a script that updates the DNS entry to your current public IP. If you do not like Cloudflare there are plenty of other services that offer a free API with their DNS service.
I think you are misunderstanding something here.