I think the application layer is the wrong layer for encryption for immich anyways, I just encrypt the whole disk on my server. When _self_ hosting, there's no need to prevent access to files from the operator.
> I don't have any other marketable skills. My coding skills were barely marketable to begin with.
Hot take: moving is more about interview skills than coding skills. Whether you leave or not, start interviewing now. You might end up finding a better place sooner than you hoped.
Very happy to have mostly de-Googled, I don't miss the AI-forward product decisions. I only use Google now for occasional searches and interacting with other Google users (e.g. Docs).
I've been thinking of making an event platform like Partiful, but only for personal use because it's also the perfect platform for spam (send emails and texts to people with attacker-controller content).
Even though it's a meaningless comparison, I'd be interested to see how performance compares (max requests per second?) for this compared to fully-featured web servers.
> This does nothing since the drive is still unencrypted.
Even though the data is unencrypted in memory, an attacker would still need either a local privilege escalation (from the login window?), or some sort of side-channel attack if they're still not able to get the password.
> Meaningful contribution is easy: these groups always benefit from more participants.
Same for probably all small dance communities! While it seems like a different kind of 'contribution' than the OP is looking for, it's very meaningful personally to share music and creativity with people. (Personally, I dance lots of Balboa -- a swing dance with a local scene of probably less than 100 active participants.)
I believe the author's idea is to do dev work from a Github account that only has access to the fork, but not to the main repo. Then, as a contributor, you'd open PRs from your fork to the main repo. I think this would only work if your Github account doesn't have write access to the main repo, though. I know you can use 'deployment keys' to give read-access to a single repo using an SSH key, but not sure if you can otherwise restrict access to a single repo with write access. Essentially, though, you'd want to find a way to give the remote host the most limited possible privileges to your Github account.
When I had a similar issue on FreeBSD, I wrote some automatic pre- and post-suspend scripts (audio interface could cause full system crash going into suspend unless correctly managed beforehand). I’m sure you could do something similar on Linux.
> I've seen arguments about kids going to school in the darkness being thrown around a lot
I’m sure there’s some correlation with the time zone, but it feels like a “think of the children!” argument that ignores much more significant factors (e.g. traffic speed and volume).