I have not shared it with many people. But one of my most wanted feature is to completely share by photos with my partner. None of the services I tried (Plex, Synology Photos) had it. In Immich, it’s just a flip of a button.
Flip a switch and then what, are you getting a isolated public URL to share? Or you have your infrastructure exposed to the internet and the shared URL is pointing to your actual server where the data is hosted?
I will explain my use case. We use iPhones in our family. We have a 2TB iCloud plan, but we have around 8TB of media from our phones. So I started using boredazfcuk/docker-icloudpd to download iCloud photos daily and keep only the past 2 years of media on our phones for iCloud features.
I wanted a separate app to view these TBs of media on my phone, tried many services, and settled on Immich. Whenever my wife and I want to share photos, we usually have to create albums and send links or share media through messages. That is a very painful way to view each other's media. I wanted a service to just share all our photos with each other so that they would be in the same timeline. There was none available, and I had seen people complain about that on HN.
Immich has that feature, where you can select who to share the whole library with. Enabling that I can see all my photos and my wife's photos in the same timeline and same for my wife. Immich lets everyone log in with their own credentials, and it's hosted on Coolify with a Cloudflare Tunnel.
> you have your infrastructure exposed to the internet and the shared URL is pointing to your actual server where the data is hosted
I think the previous commenter misunderstood your question, this is the answer (you can also put it behind something like cloudflared tunnels).
Immich is a service like any other running on your server, if you want it exposed to the internet you need to do it yourself (get a domain, expose the service to the internet via your home ip or a tunnel like cloudflared, and link that to your domain).
After that, Immich allows you to share public folders (anyone with the link can see the album, no auth), or private folders (people have to auth with your immich server, you either create an account for them since you're the admin, or set up oauth with automatic account creation).
Ugreen has it. It has conditional albums in which one can setup rules like person, file type, location, anniversary and more and share a live album. Or leave all params empty and simply mirror the entire library.
You get a link and you can set read or write permissions on it.
Whoever gets that link can browse it in a web browser.
I've used this to share albums of photos with gatherings of folks; it works very well. It does assume you have your Immich installation publicly available, however. (Not open to the public, but on a publicly accessible web server)
How safe is that to set up for novice it people? I have a pi with pi-hole on it and am thinking about putting immich on it but the fact that it exposes itself outside my LAN frightens me.
I have it set up in a container that I keep updated. Then it's reverse proxied by another container which runs nginx proxy manager, which keeps the HTTPS encryption online. So far, the maintenance has only been checking whether a new version has been released and docker pulling the images, then restarting the containers.
OK. Then you concede your security, as I can't imagine any single person self-hosting can be better at keeping their public service more secure than engineers at Google can. Especially with limited time.
I dont need that. I use wireguard to connect to my LAN. I meant risk of getting your data stolen either through physical breakup or some security vulnerability
You definitely have a dull imagination. If the software itself is secure, containerized version of Immich behind a containerized version of nginx proxy manager is probably as secure as you can get. Also google security tends to be mainly leaning towards securing google and less towards securing google's (non paying) customers.
I mean, if you’re confident about security best practices, have a moderate amount of networking experience, and are a seasoned web developer, it’s not too scary at all. I realize that’s a lot of prerequisites though.
it’s not a fair comparison with Google because Google has a much bigger target on their back. There are millions of users of Google, so the value of hacking Google is very high. The value of hacking a random Immich instance is extremely low.
This behavior (as far as I can tell) has broken the Expensify iOS app for us at work. We have a conditional access policy that requires a “compliant” device to succeed the SSO login. However, only the iOS Edge browser can prove compliance and Expensify refuses to hand over that login process to the Edge browser preferring to use its own built-in browser. So login fail and as far as I can tell there is nothing we can do about it except for exempt that app from the conditional access policies.
The reason Expensify does that is because they want/need access to the cookies from the login flow. The in app browser provides the hosting application access to those, but they can't access Safari's cookiejar. The modern way of doing it is to put the login in Safari (or iOS's dedicated "in app browser for logins") and then redirect to something like expensify://login_complete?token=xxxxxx, which pops back over to the app. This is mostly tech debt on Expensify's part, but it might not solve the Edge vs. Safari issue.
> I wonder what iOS Edge does which iOS Safari doesn't do
Being a "Managed App" through MDM/Intune. Typically it's used when installing corporate apps in a BYOD scenario. The managed apps are isolated from information sharing with unmanaged apps, e.g. policies can be applied preventing copy/paste, access to Files.app, etc. It (and it's isolated storage) can also be remote wiped without nuking the whole device. Edge.app still uses the Safari rendering engine, etc. like is generally the case with 3rd party browsers on iOS.
You can't do this with Safari.app unless the whole device is managed, which doesn't work well for BYOD.
We have this policy at work and it’s infuriating. I had to install edge once to access some work resource and immediately uninstalled it. I can’t even access our GitHub without it, even through the official app.
Maybe what breaks that process is what Edge does not do and Safari does. There is more to a browser than the rendering engine. Furthermore, does Safari still uses an optimized JS engine that the other browsers cannot use?
> I wonder what iOS Edge does which iOS Safari doesn't do
I don’t know whether that’s right, but I read “We have a conditional access policy that requires a “compliant” device to succeed the SSO login. However, only the iOS Edge browser can prove compliance” as “our access policy does not allow logging in from Safari”. If that’s true, it’s not something Edge or Safari does or doesn’t do.
I’m right there with you. I have 35 years of Windows experience — 20 as an IT professional — and I just gave up on Windows in my personal life a few days ago and installed Linux. I’ve dabbled in the past with old machines running Linux or dual-booting (and never actually using it), but this time I went all in and installed it as my only option.
I can’t leave it behind professionally, so I’ll be riding along for this train wreck, but I will have some peace at home at least.
Which distro did you choose? What about the interface, did you have any special things to mention about the migration, was it all the same for you? I find it curious to have someone new with that much of Windows experience.
We’ve been looking for something like this for our conference room. A PC presenting on a large TV, but mirrored/AirPlayed on iPads for anyone that wanted a version closer to their face.
If it works for you, happy the help you setup a private instance or something. And for in-office use, maybe optimize for quality rather than minimal updates it is now.
I’m autofilling usernames and passwords from 1Password’s browser extension probably 100+ times per workday. Are you manually copying and pasting anywhere near that amount? I think I would be miserable with that setup for anything beyond very light use.
I think they meant "not unlike" as - we didn't think asbestos was bad, then we thought it could be bad, then yes, after studies, this is really awful. Similarly, we might find that ingested plastics cause more damage than we realize now.
The first is that that is actually crazy late to me. Asbestos has been in use since antiquity. I am genuinely surprised that something so toxic wasn’t noticed earlier. Then again, in times where tuberculosis was common I suppose it wouldn’t have looked that odd.
The second is that you’re viewing it through a modern lens, where of course literally everyone should believe and know that it’s bad the very first time someone notices it. The reality is that it would be much more murky. I would not be at all surprised if microplastics are viewed the same way in 100 years; how could they not have immediately known it was bad? Because we need to quantify how bad, and we can’t just force feed it to people so we have to wait until we naturally get case studies.
I’m not saying you’re making the wrong move, but if you’re willing to go with a carrier like ATT, you can get $1000 trade-in value for that iPhone 13 Pro towards a new iPhone 16 Pro. You can even just buy an unlocked iPhone 12 off of eBay (for about $250) and get the same $1000 trade-in credit for you son. There are some caveats. For example, the credits are paid out evenly over 24 months, but if you plan to keep it for 2 years, you basically get a $250 iPhone 16 Pro.
Again, it might not be the right decision for you, but I thought you might like to be aware of the option.
I've tended to buy iPhones that are 2 or 3 generations old from eBay and Swappa for my family and use Mint or Tello for cheap cellular service. Our costs might be $350 for a phone and $100 - $150 per year for service.
We do get them a nice new phone when they graduate high school.
I just came from chicagotribune.com where they tried to entice me with a Flash Sale of one year’s access for a total of $1. Sounds great, but I took advantage of it a year or so back and regretted it due to how annoying they were with advertisements, newsletters, etc…. It’s pretty amazing that the tactics can be so annoying that they can make me regret a $1 purchase.
I believed for years that my good friend’s dad’s name was Aba and even called him that once before I realized later that it’s the Hebrew word for father.
I had been having complex thoughts for years at that point so it was a bit embarrassing.
Technically 'daddy' is a name.
A name is fundamentally just a label that we use to identify other people and objects. Post Malone, your first and last name are part of the universal naming system like the Kilometer, and 'daddy' is a personal system relative to the conscious experience of the user.
"daddy" is a kinship term, or familial title. It's a noun, and a mode of address, but it isn't a name, technically or otherwise. There are a few posts in this very thread about children realizing that "daddy" isn't just their father, but anyone's.
Much like when you refer to a doctor as "doc", or a professor as "professor".
To prove the point, there are people who have more than one person in their lives whom they call "Dad" or whatever variation. Raised by a gay couple, or close enough to a stepfather to think of him in those terms. Most of us only have one "Dad", but this isn't universal, and we all know that everyone has one, whether they refer to him that way, or even know him at all.
