Just your normal everyday casual software dev. Nothing to see here.

People can share differing opinions without immediately being on the reverse side. Avoid looking at things as black and white. You can like both waffles and pancakes, just like you can hate both waffles and pancakes.

been trying to lower my social presence on services as of late, may go inactive randomly as a result.

  • 0 Posts
  • 927 Comments
Joined 3 years ago
cake
Cake day: August 15th, 2023

help-circle




  • this right here. If you have immich setup behind a reverse proxy, just route any requests that use the /share/ and /s/ (the custom link version) on the proxy manager to route to the immich instance, and have it 403 on anything else when the request is not via the vpn

    Just be aware that immich uses links like share-* as well so be sure to have that trailing / to make it so only shared links and albums can be.

    edit: Actually looking into this route further, it looks like immich as a whole needs more than just the /share/ and the /s/ endpoints exposed to function correctly. I will update this in a little when i figured out more on what is actually needed

    update: So it seems immich will not support this style setup without quite a bit of hands on. You need to give at minimum /share/, /s/, /_app/ and /api/ in order to actually go this route. and at that point since you’ve given /api/ you’ve essentially publicly opened the instance anyway. While you can go through and individually do each endpoint. It requires access to /api/albums /api/assets and a few other endpoints, these endpoints do seem to need auth or some form of verification tho

    for anyone wanting to still go through with it. You can reverse proxy it by allowing the endpoints

    • _app/ a bunch of immich internal files for serving content
    • api/
      • server/
        • config: shows basic infomation about the server
        • media-types: shows what media types the server supports
        • features: discloses what features the server supports
      • shared-links/me: 401, 403’s or shows what links the user account can sign into
      • albums/: 403’s on any album endpoint that doesn’t also include the album’s public slug in the URL
      • timeline/
        • buckets: displays timeline buckets. 401 or 403’s on no auth
        • bucket/: displays timeline info on the requested resource. 401 or 403’s on info unless info is provided about what its trying to access
      • assets/: 401 or 403’s on any request that doesn’t contain a public slug in the url

    The nginx location regex I used for my testing(although not very read friendly) was

    location ~ /(api/(server/(config|media-types|features)|shared-links/me|albums/|timeline/(bucket|buckets)|assets/)|(share|s)|_app/){
      proxy_pass *immich instance*;
    }
    

    note: this was found just by basic testing using NPM on my environment, I may have missed some more specific calls especially regarding videos as I don’t really do any video photography to allow for testing.

    Additional note: You may end up confusing your users with the UI though, as since lets you click on the immich banner to get to login, but everything would be blocked. You may just want to use the immich public project that was linked later in this discussion…



  • I agree he will try, but I don’t agree he will succeed. Even the big guys want cheaper hardware. Look at CXMT for example. Apple is currently in the process of trying to remove restrictions against the chinese chip producer because it currently is restricted import due to military concerns.

    additional content: it doesn’t need to be a non-US company either. They could do the same in the US. All it takes is the capital funding to get the ball rolling. to bring back to example of EV’s, they are getting around that import ban by selling to canada and then having canada sell to the US, as well as working on making factories in the US itself which wouldn’t be effected by an import ban.

    It isn’t easy to say the least but, I don’t think a straight won’t happen is valid here.


  • Sure it will. As soon as a different company other than the US centric megalords decides to join the market you’ll see prices plummet faster than you can blink. Look at the Chinese EV market for example. They sell them so low that the US is actively banning them for import.

    They are already working on chip production, and they have been experimenting with the computer hardware market for years now. Prices remaining stupid high only works in their favor as there is a direct relation to companies users are willing to buy from, and the products price. Eventually you will hit the point where the user is ok with a lesser known company or product if it means saving almost 400$

    I’m not saying anyone should buy said products but, realistically you can’t keep prices artificially high forever, eventually someone will take advantage and undercut you. You aren’t going to buy an Xbox at 1k when you can buy something similarly performed for 600, thats why the steam machine seems to be DOA. it’s 2-300$ over current DIY price, and there are consoles for roughly 300-400 less than it so it missed both markets.

    edit: changed it away from being country specific, as technically this change could be from any country.



  • This article I think shares my thoughts on it, Arguably I don’t know if the devs even got faster… Like its a nice resource but, there’s so much trial and error involved now, and every prompt now requires essentially relearning a new codebank.

    Like sure immediate result got faster… but you lose all that with the extended time taken learning how it works and why it works.


  • If it’s running as root anyway, then I change my statement. No I don’t see any security risk with it. Patchmon is running as root anyway, so no matter what your permissions are on the links or the original sock, as long as it’s smart enough to follow the link it should be fine. Generally symlinks follow the same permission as their target, with the exception of changing its owner with chown or removing it. I.E they are going to almost always just be whatever the permission of the target is. So your /var/run/docker.sock is going to be whatever permissions your /run/user/{userid}/docker.sock is normally and since patchmon is running as the root user, it’s not going to care what permissions are present as root overrides all restrictions/permissions anyway.

    I have my concerns that patchmon might try to change docker files while as the root user, which could create files that docker couldn’t read but since it seems to be using the docker sock anyway, I expect it’s just going to operate over the sock which means it would be using dockers built in system which would be using its docker user.




  • This is me, but with my grandfather instead of grandma. He can barely hear anything, so he cranks his TV up too. I think it’s almost 60 now. up from like mid 30’s from 3 years ago.

    And yeah, YouTube is a hostile offender of that. He watches everything on a Gemini device, because that device is the only way you can lock in your price for two years. Otherwise, they hold the right to jack you up to almost $50 more a month after 2 months of having service, so I can’t just throw an ad-blocker style thing on it because it’s directly controlled by DirecTV.

    And you can always tell when it hits an ad break, because you can literally feel the ad vibrating the floor.

    I feel bad for my gram because she doesn’t remember/know how to reduce the volume on her own, and every damn time I turn it down he turns it back up again the next time he enters the room.



  • I’m not fully understanding here, are you saying that the symlink is root because root is required to access /var/run or that its root because its required by patchmon.

    If its root because the rest of the /var/run is root, is it not on the table to just chown the /var/run/docker.sock symlink to be the userid? since I would assume that patchmon would be running as the docker user anyway since you are running in a rootless environment? I might be misunderstanding.

    As long as your permissions to the symlink are in line with the permissions on the original sock, I wouldn’t expect there would be too much risk there. Of course a malicious vector /could/ see that a /var/run/docker.sock exists and try to manipulate it, but, since docker itself isn’t root which means that user executing the symlink isn’t root, I don’t think it would allow for escalation.



  • I’m making the argument that gaming is not a cheap hobby.

    It can’t be cheap regardless of what is stated.

    The cost of your steam deck alone has already ate up half to two thirds of what I have spent fishing in the past ten or so years and that’s with a rod, a few ice fishing rigs and buying a yearly fishing license.

    Gaming is not a cheap hobby. There are ways that you can make it cheaper, but I would never agree that it is one of the lesser expensive hobbies.

    I think I would have to agree with your metric of 400 being the starting point., because the Steam Deck is probably the cheapest option you can have for a gaming system at this point but that’s not going to provide you with any games. You are going to have to find some way of doing so, and for someone who just spent $400 on a gaming unit, that probably means you’re going to be spending money on the Steam store. Because it’s not like Epic Game Studios allows you to retroactively redeem every freebie they offer. (by the way, unrelated, but Rollercoaster Tycoon 3 has been put as a freebie again on Epic Store this week, and if you didn’t grab it the first time, it is a good game.). You would be locked down to buying, waiting or finding one of the various gatchas that Steam has on the platform and then hoping that it runs without having to install a custom proton like dw or something

    I spent $150 on my rod, another $100 on my ice fishing rig, and I have spent 30 a year for my fishing license. You can also include the boat, if you like, which would be $50 that I spent 15 years ago(second hand), but I generally fish off the shore.

    Now, I will agree with you that if you’re doing deep sea fishing, that’s where the $$$ is. My parents do that. I couldn’t do it. Because that’s like $1,500 for the boat trip, or buying a boat that can handle the ocean. on top of the at minimum $300 deep-sea fishing poles because everything needs to be stronger and weighted

    But I definitely don’t agree that fishing as a whole is a more expensive hobby than gaming, that concept is absolutely ludicrous to me. an entry or minimalistic fisher vs entry minimalistic gamer; the fisher is going to spend less.

    I put gaming a little bit under golfing in terms of expensive hobbies. Because with golf you have a metric buttload of different clubs that you need for it. So it’s a really, really high upfront price, and then a relatively low upkeep.

    That’s how I see gaming, a high upfront cost, and a moderate upkeep.


  • I have my doubts that it’s one of the cheaper hobbies. In my eyes it’s one of the most expensive ones you can have. It has a high entry level cost(if you are a PC gamer likely 1k+), plus a moderate to high upkeep cost(new games @ ~30-70$ depending on quality) to keep in the hobby. It’s also one of the few hobbies where you are expected to upgrade at least every few years in order to stay relevant. Not to mention the cost of any subscriptions you have as part of the hobby such as gamepass, your ISP, humble choice, etc

    Most hobbies are a cost to enter, then a relatively small upkeep style cost. For example engineering, fishing, scrapbooking, puzzles, hunting, even crocheting or knitting are all you buy the tool for it, and then maybe spend a yearly cost for new supplies or a license to do the hobby.

    Gaming the cost never goes down. You are either buying a new game cause the old one was completed, or upgrading your parts.