Easily doable in docker using the network_mode: "service:VPN_CONTAINER" configuration (assuming your VPN is running as a container)

This is a 2 and a half (almost) year old article. I figured Tim’s thoughts on this were common knowledge at this point?

Yes. On older generation/cheaper ANC this is perceived as increased “pressure”. It doesn’t seem louder but the physical sensation of loudness is there.

The sound produced by ANC is the exact 180 degree inverse (or as near as possible) of the incoming bad noise.

It’s produced in realtime by dedicated signal processors and requires mic arrays feeding in the sound. The quicker your processing pipeline the better the match is and the more powerful the effect is.

There’s no prerecorded sound that would work.

Aside from everyone who’s using flutter?

Let’s be honest, this is only their outlook until the courts make their decision. They’ll sell if that doesn’t go in their favour.

If only k/mbin federated better - I’d be all over it :(

Apple has pretty robust parental controls on their devices.

Source: am technical enough to have set them up.

Main page of dashboard

If you long press on a tile (this is kitchen)

We use them quite extensively. They work great.

I mean, the linked article does a pretty good explanation?

Didn’t even think 4k80 was generally available yet?

You’ve not factored in egress costs. Which on Amazon can add up quite quickly.

There’s a couple of caveats with it, but I think neither are worse than your proposed flow.

1. After putting things in an album you’ll need to manually run the migration job to have immich reorganise into album folders.
2. Images in multiple albums will only be migrated to the path of the newest album.

Immich does support folders?

https://immich.app/docs/administration/storage-template/

With this you can store your photos in whatever structure you want.

I watched something very similar to this hit at least 40mph (~65kph) down my 30mph (~50kph) limit road the other day. The guy did not have a helmet on and was in a light jacket and jeans with trainers.

It was as you said, a motorcycle with pedals - only ridden by more of an idiot than the people who ride around during summer on 600cc bikes wearing shorts and t-shirts (cause at least they have a crash helmet on)

There are some justifyable reasons for kicking though. It’s abuse of that process that is causing issues.

I do like the idea of grouping people with high incidents of kick actions though. It wouldn’t be an instant fix but over time the two camps should separate out fairly nicely.

Yes.

Docker will have only exposed container ports if you told it to.

If you used -p 8080:80 (cli) or - 8080:80 (docker-compose) then docker will have dutifully NAT’d those ports through your firewall. You can either not do either of those if it’s a port you don’t want exposed or as @moonpiedumplings@programming.dev says below you can ensure it’s only mapped to localhost (or an otherwise non-public) IP.

Documentation people don’t read

Too bad people don’t read that advice

Sure, I get it, this stuff should be accessible for all. Easy to use with sane defaults and all that. But at the end of the day anyone wanting to using this stuff is exposing potential/actual vulnerabilites to the internet (via the OS, the software stack, the configuration, … ad nauseum), and the management and ultimate responsibility for that falls on their shoulders.

If they’re not doing the absolute minimum of R’ingTFM for something as complex as Docker then what else has been missed?

People expect, that, like most other services, docker binds to ports/addresses behind the firewall

Unless you tell it otherwise that’s exactly what it does. If you don’t bind ports good luck accessing your NAT’d 172.17.0.x:3001 service from the internet. Podman has the exact same functionality.