Yes. But it allows to define a custom storage layout based on user date time filename typ and album.
Yes. But it allows to define a custom storage layout based on user date time filename typ and album.
Absolutely yes. Even if it is not disguised executable.
It could contain an exploit which targets the video player you are opening it with.
I self host because i do not trust companies. I will not even consider giving tailscale the keys to my kingdom.
The company Tailscale is a giant target and has a much higher risk in getting compromised than my VPN or even accessible services.
Understand the technology that you use and assess your use case and threat model.
There are even reported cases where Microsoft support used that tool to activate Windows Licenses when there are problems with the License of a customer.
Why not file a bug report when it does not find all your photos?
Also may file a feature request to delete photos after set period from your device via immich?
deleted by creator
guess a username and a password.
Security by obscurity is no security. Use something like fail2ban to prevent brute force. When you use a secure password and or key this also does not matter much.
disable root login
That does not do much in practice. When a user is compromised a simple alias put in the .bashrc can compromise the sudo password.
Explicitly limit the user accounts that can login so that accidentally no test or service account with temporary credentials can login via ssh is the better recommendation.
Imagine that the xz exploit actually made it into your server, so your sshd was vulnerable. Having it on another port does seem helpful then.
Nope. Your entire server can be scanned in less than a second for an open ssh port.
IPv6 does not change the fact since when your server is attacked the hist IP is already known.
Security by obscurity is no security.
Who the hell is pulling the docker-compise.yml automatically every release? I find myself already crazy by pulling the latest release but the compose file is just a disaster waiting to happen.
This answer here covers it quite nice imo.
Important is that you update your initramfs with the command after you edited the dropbear initramfs config and or you copied the key over.
For the client it is important to define 2 different known hosts files since the same host will have 2 different host keys, 1 when encrypted with dropbear, and 1 when operational with (usually) sshd.
Also you need to use root when you connect to your server to unlock it. No other user will work with the default setup.
How do you even encrypt a server so that it doesn’t require human intervention every time it goes down/restarts?
The only time my Server goes down, is when i manually reboot it. So waiting a minute or two, to ssh into it and entering the passphrase is no inconvenience.
I use full disk encryption for every server (and other computers).
Encrypting your data drives is a must for everyone imho. Encrypting the OS is a must for me🤷♂️
It had its quirks back when i used it so you are probably doing everything right and are just encountering bugs.
Left one click hosters behind a long time ago. Not worth the effort. Sad to not get german dubs but it is how it is.
I recommend https://pyload.net/ over jdownloader, but have not used it in years.
Password protect your phone?
When a private key gets compromised just delete the public one from the allow list?
https://en.m.wikipedia.org/wiki/Mechanical_calculator Yep it was a thing. Ever heard of “the bomb” https://en.m.wikipedia.org/wiki/Bombe.
They would not be able to really. In theory every contributor (or at least the vast majority) would have to agree to that license change.