I personally would be hesitant to host Immich publicly until they’ve done a security audit. The risk of accidentally exposing my photos publicly is too big for me.

That’s why I recommend using Tailscale or Wireguard directly. Personally I’m using Wireguard for me and Tailscale for other people I want to easily access my services.

The global IPv6 address is usually not directly reachable from the internet for incoming traffic. There’s still the router with a firewall which blocks all incoming connections, so having an IP for each device doesn’t make a difference for security.
With IPv6 ports still have to be forwarded on consumer routers by default, the main difference is that it doesn’t have to be translated to a different IP.

This also means I can have multiple hosts on my home network listening on the same ports, because their public IP’s are different.

Immich has breaking changes too often, so I disabled auto updates for the server and phone app. Updating every few months with backup beforehand is a good tradeoff for something as important as images.

Reading patch notes is especially important with some Immich releases requiring minor admin intervention, e.g. running an extract metadata job.

I’ve enabled auto redirect from twitter to nitter and never bothered to disable the no longer working redirect. Hopefully people switch to some platform with open API access (or rather, a federated platform)

On Fedora you could do flatpak list --app to look whether Steam is installed as a flatpak. If not it’s installed through dnf, but that can be tested by running dnf list installed | grep -i steam. You could also open Fedora Software and I believe in the top right is a button to select where a package should come from. There’d be the option to choose between flatpak or rpm. Another way to test is to open a terminal and type in steam. If Steam opens, it’s a rpm, if the command is not available, it’s a flatpak (you’d need to use flatpak run com.valvesoftware.Steam, iirc).

Packaging software is usually not that difficult, especially if it’s already packaged in another packaging format. E.g. .deb and .rpm put the same files in similar places, the difference is mainly how It’s specified where a file goes. Because Snap and flatpak are providing a sandbox, complex software like Steam can behaves unexpectedly (fixed a few years ago for flatpak).

tl;dr

You’re right, it’s not worth the effort. Both rpm and flatpak should work flawlessly. If multiple games actually have issues running trying out a different package might help, but I didn’t have issues for many years, so you probably won’t either.

CS2’s VAC only works in the native Linux version. Running through proton disables online play on official servers iirc.

Counter-Strike 2 runs noticeably worse than Source games like CS:GO and Team Fortress 2. Sadly CS2s Source 2 Vulkan renderer isn’t so great compared to its DX11 renderer, which is only available on Windows. It might mean you’re stuck with worse performance, even I want to upgrade from my RX580 because fps drops feel really bad. When I tried to run CS2 on the Steam Deck fps where ok, but also not great, so sadly it’s not unexpected that it’s not playable on that laptop. Hopefully Valve improves their Vulkan renderer.

Whether a device is wired or on wifi matters on some routers, because some routers have wifi and wired devices on different subnets by default. It’s unlikely, so I wouldn’t worry, unless you notice accessing it only works wired.

@CalicoJack@lemmy.dbzer0.com

As a middle-ground, I think it’s enough to only sync the community name and user count and maybe the description. More isn’t shown in the search anyway and those 3 data points shouldn’t take too much storage.

Syncing name solves the problem of communities not showing up. The problem with only being shown posts in a community someone on the instance has already subscribed to is more difficult, as you wrote.

Iirc Plex supports transcoding for downloads, while Jellyfin only allows downloading the original file. But I’ve heard transcoding downloads is broken on Plex, so ymmv.

Intro skip is only available as a plugin on Jellyfin.

Also, Findroid has a better ui and supports downloads, while the official app has more features (ie. settings/admin panel).

Not really, usually Steam packages on distributions aren’t maintained by Valve. The only exception are .debs from their website. Even the Steam flatpak is community maintained.

I’ve had no issues with steam on nixos/nixpkgs. Flatpak also had it’s fair share of bugs and games not working because of flatpak and proton using bubblewrap for sandboxing. Snaps sandboxing might cause those issues too, so hopefully they’ll be fixed at some point (or even better, Ubuntu switches to flatpak for desktop apps).

With an increasing amount of update issues on Nobara Linux, I think it shouldn’t be recommend to people new to Linux. There’re other distros like PopOS that are better tested.

But I generally believe the long-standing popular distros should be recommend instead of the new projects with many changes to their base distro. E.g. Garuda, Nobara, Zorin, … Being opiniated and configured are great for people who know enough about what they’re getting into.

Or simply set up wireguard.

At least I suffered from terrible battery life with Tailscale, while 24/7 wireguard isn’t even showing on the battery stats.

Wireguard is awesome and doesn’t even show up on the battery usage statistics of my phone.

With such a small attack surface I don’t have to worry about zero days for vaultwarden and immich.

The DNS-01 challenge [1] allows for issuing SSL certificates without a publicly routable IP address. It needs API support from your DNS provider to automate it, but e.g. lego [2] supports many services.

I personally leave my Wireguard VPN always on, but as its only routing the local subnet with my services, it doesn’t even appear in my battery statistics.

[1] https://letsencrypt.org/docs/challenge-types/#dns-01-challenge

[2] https://github.com/go-acme/lego

It would be difficult to connect you to a Meta account to serve ads to because they only have your user name, profile pic, server IP, and server domain name. In most cases it’d be impossible. You’re pretty well protected because Mastodon servers treat all remote servers as untrustworthy and don’t give them any info.

Facebook already creates “shadow profiles” for people not on Facebook and stores data about them. This means Meta won’t directly monetize the fediverse, but use the data available for their ad business anyway. (Maybe even connect other accounts through posts, but I don’t know how well this works with the info and amount of a users posts.)

Nothing stopping them from doing it now, anyone posting to the fediverse has to accept that their posts can and probably will be used to train someone elses LLM. It’s public afterall.

[1] https://www.howtogeek.com/768652/what-are-facebook-shadow-profiles-and-should-you-be-worried/

I’d love it if Discord federated with Matrix. Then I wouldn’t have to try to convince my friends to use matrix. Which I don’t, which is why I seldomly use matrix.

Unless the container follows semver and only auto updates minor versions.

Edit : Which Immich isn’t.

Never used Plex, but if being open source is a feature Jellyfin is better than Plex.

Not requiring an external authentication server is the biggest drawback of Plex. I don’t want Plex to have my watch history and info about my media library.

With Findroid supporting the intro skip plugin I’m fine since I don’t need many platforms.

As long as it’s set to keep copies. Else it’s just a way to sync accidental file deletions.