As much as we’re delighted to present you this new version, we are also sad to announce that our friend and prolific FreeCAD developer bgbsww has passed away a few weeks before this release came out. He was one of the main architects of the topological naming fixing effort, wrote a lot of additional code and tests, and became FreeCAD’s TNP specialist. He also helped virtually all other developers out to adapt to the new algorithm. This release is dedicated to him.

😥

Pop 22.04 with Nvidia 3070 and it “just worked”.

You haven’t described in what way it is not working for you.

That’s all proxmox does too, just provides a gui and management tools.

Theme for what?

Do you often recommend people running single-developer maintained software that has existed for about a fortnight for “security purposes”?

It’s some rando’s project that has existed for “nearly a month”, has no community, is unlikely to have any rapid response to any issues, and probably won’t be supported for more than a year.

But sure - go ahead and run it for “security purposes”.

You can “reduce surface area” by simply putting in place nginx or apache (real supported software) and blacklisting the endpoints you don’t like.

Kinda - It’s the only reason I bothered to reply to anyone. :-)

Why so angry?

Stupid question. I’m not. I forgot about this entirely until I logged in later and saw replies, which are just… Wow.

I don’t see the point in getting so worked up over someones project they made and decided to share, it’s not like you’re being forced to use it.

The stupid continues. Go ahead - run some rando’s “proxy” application to make yourself more secure and add to the number of things you need to maintain and update. I’m sure it’ll be fine. It’s worth it to “reduce attack surface area”. I’m sure they’ll support it for a long time too.

And don’t think about why it’s risky to “expose immich to the internet” (oh noes!) but for some reason it’s okay to “expose” this rando’s project to the internet.

And it adds its own “attack surface”.

Sorry - it’s a pointless application. I won’t sugar coat it. If anyone things it’s “more safe” to run this soon-to-be-abandonware in front of a properly supported project then they deserve what’s coming to them.

Proxies are not used for security by anyone but morons. Firewalls, WAFs, etc. all provide some sort of benefit. What is this application doing that is of use? Just “not exposing your server directly”? Well, it is being exposed directly now - so it’s a very secure application written by a security professional then? Or should I put it behind another proxy just to be sure? Maybe 7 proxies are enough?

OP is well meaning - but this was a waste of time for anyone else to use. It’s a solution in search of a problem.

general considered a dick move.

Sometimes that’s the point. This project is so stupid it simply deserves derision. I couldn’t care less if anyone here is swayed. It’s lemmy - if I’m not echoing what everyone else is saying I’ll be voted down anyway.

Like by reducing the attack surface on internal APIs?

This is my other favorite term the community has picked up and uses like it’s a mic drop without understanding it.

It’s a proxy my friend. It forwards requests to the other server. And you’ve added an untested personal project in front of it.

But wait! You don’t want to just expose your immich proxy to the internet do you? I’ll write DavesAwesomeProxy that you can put in front of that proxy! Will it be secure? Maybe. Will I support it? What’s with all the questions!

Put it on a different server then. It prevents your Immich server from ever needing to be exposed publicly. That’s the entire point.

This is stupid.

Repeat after me - proxies are not used for security.

This is a cargo-cult believe in this community. There’s a weird sense that it’s “dirty” to have a server exposed “directly” to the internet. But if I put it behind something else that forwards traffic to the server then that’s somehow safe!

Security is something you do not something you have. The false sense of security with proxy bullshit like this crappy project is not giving you anything. You’re taking a well supported community project (immich) and installing another app in front of it which appears to be some dude’s personal project and telling me that is more secure. As though that project is better written?

Install immich. Forward ports to it (or proxy it with nginx if needed for hostname routing (but don’t expect this to be more secure)), and keep it up to date and use good passwords.

Then what’s the fucking point? I’m “exposing” my own server either way! And now I’m adding a new system to the mix which can have vulnerabilities of its own.

This is stupid.

You seem to understand neither security nor privacy.

I get to give you access to all my photos so that you can just proxy calls to my server?

Just share your own damn server people, this “I’m behind 7 proxies” bs is getting tiring.

God, this old argument… Careful, it’s an antique.

The idea is to minimize memory management and have people who are experts on it deal with it.

I did - it says he’s supporting rust in the kernel.

Why the swipe at Linus? He’s been supportive of rust in the Linux kernel.

The main use of wsl is often for things like docker, not as a “Linux desktop”. Microsoft has been getting killed by Linux in server environments. This lets developers stay on windows and build containers.