And like all android updates, it's guaranteed to be worse than it was.

Everything's getting shittier.

I didn't really mention immich directly here.

This is a problem which is endemic to casual software development like many FOSS projects. It's a reality of how free software tends to be built in general vs commercial software.

The issue here is that these are solvable problems, release compat isn't a new problem. It's just a problem that takes dedicated effort to solve for, just like any other feature.

This is something FOSS apps tend to lack simply due to the nature of how contributions tend to work for free software. Which is an unfortunate reality, but a reality none the less.

You would, but if there's no reason for them to spend the money on it why?

This is what regulation is for, and it needs to have teeth.

People really underestimate the value of stability and predictability.

There are some amazing FOSS projects out there ran by folks who don't give a crap about stability or the art of user experience. It holds them back, and unfortunately helps drive a fragmented ecosystem where we get 2,3,5 major projects all trying to do the same thing.

LLMs cannot provide critique

They can simulate what critique might look like by way of glorified autocomplete. But it cannot actually provide critique, because they do not reason, they do not critically think. They match their outputs based upon the most statistically likely interpretation of the input in what you could think of as essentially a 3D word cloud.

Any critique that you get from an llm is going to be extremely limited and shallow (And there's for the critical critique you require). The longer your text the less likely the critique that you receive is going to be relevant to the depth in which it may be needed.

It's good for finding mistakes, it's good for paraphrasing, it's good for targeting. It cannot actually critique, which requires a level of consideration that is impossible for LLMs today. There's a reason why text written by llms tends to have distinguishing features, or lack of, that's a bland statistically generated amalgamation of human writing. It's literally a "common denominator" generator.

I like how many of the new top level comments on here are going the way of Reddit already.

One-liners trying to be funny or make puns instead of actually engaging in conversation, indistinguishable from bots. :(

• https://lemmy.world/comment/12504760
• https://lemmy.world/comment/12504656
• https://lemmy.world/comment/12504761
• https://lemmy.world/comment/12504503

Have you ever used something they made? Did it meet your standard of being “good work”?

I mean you're ignorance of the products that they build or work on doesn't precipitate their badness. Let's start with the entire developer ecosystem that they have their hands deep in, it's a pretty damn good ecosystem.

You probably need to check your bias because it's leaking, negatively affecting your decision making.

Any company of this size is going to have shit products great products and literally thousands and tens of thousands of projects in between. You seem to be familiar with one product line, of hundreds or even thousands.

Nfts were a scam from the start something that has no actual purpose utility or value being given value through hype.

Generative AI is very different. In my honest opinion you have to have your head in the sand if you don't believe that AI is only going to incrementally improve and expand in capabilities. Just like it has year over year for the last 5 to 10 years. And just like for the last decade it continues to solve more and more real-world problems in increasingly effective manners.

It isn't just constrained to llms either.

Because the majority of my traffic and services are internal with internal DNS? And I want valid HTTPS certs for them, without exposing my IP in the DNS for those A records.

If I don't care about leaking my IP in my a records then this is pretty easy. However I don't want to do this for various reasons. One of those being that I engage in security related activities and have no desire to put myself at risk by leaking.

Even services that I exposed to the internet I still don't want to have my local network traffic go to the internet and back when there is no need for that. SSL termination at my own internal proxy solves that problem.

I now have this working by using the cloudflare DNS ACME challenge. Those services which I exposed to the internet cloudflare is providing https termination for, cloudflare is then communicating with my proxy which also provides https termination. My internal communication with those services is terminated at my proxy.

I stated in the OP that this is off :/

I stated in the OP that cloudflair HTTPS is off :/

I'm not using cloudflare for the certificate. I also can't use the cloud for certificate anyways for internal services through a loopback.

Similarly you can have SSL termination at multiple layers. That's works I have services that proxy through multiple SSL terminations. The issue that I'm having is that the ACME challenge seems to be having issues, these issues are documented and explained in various GitHub threads, however the set of solutions are seemingly different and convoluted for different environments.

This is why I'm asking this question here after having done a reasonable amount of research and trial and error.

I am doing SSL termination at the handoff which is the caddy proxy. My internal servers have their SSL terminated at caddy, my traffic does not go to the internet.... It loops back from my router to my internal Network.

However DNS still needs to have subdomains in order to get those certificates, this cloudflair DNS. I do not want my IP to be associated with the subdomains, thus exposing it, therefore cloudflair proxy.

You're seeing the errors because the proxy backend is being told to speak HTTPS with Caddy, and it doesn't work like that.

You can have SSL termination at multiple points. Cloudflare can do SSL termination and Cloudflair can also connect to your proxy which also has SSL termination. This is allowed, this works, I have services that do this already. You can have SSL termination at every hop if you want, with different certificates.

That said, I have cloudflair SSL off, as stated in the OP. Cloudflare is not providing a cert, nor is it trying to communicate with my proxy via HTTPS.

Contrary to your statement about this not working that way, cloudflair has no issues proxying to my proxy where I already have valid certs. Or even self signed ones, or even no certs. The only thing that doesn't work is the ACME challenge...

Edit: I have now solved this by using Cloudflair DNS ACME challenge. Cloudflair SSL turned back on. Everything works as expected now, I can have external clients terminate SSL at cloudflair, cloudflair communicate with my proxy through HTTPS, and have internal clients terminate SSL at caddy.

A password is literally just:

secret data, typically a string of characters, usually used to confirm a user's identity

A secret key or passcode meets that definition 🤦 You're most definitely on poor standing here.

A very long password that no one can remember (ie. A key) is still a password. Also are you unaware of the existence of password managers and random password generation...?

"spreading misinformation" is a phrase mostly used by feds when they see something they consider to be "wrong think" or not "politically correct". They use this anti-misinformation campaign to support their censorship and mass surveillance system.

Immediately jumping to discredit and dismiss instead of engage by way of over generalization and accusation is not a good look my man.

Ultra pro move: Master the art of echo location

It's absolutely bonkers.

There's so many people here that fight against their own interests by letting perfect be the enemy of good.

Got to love ignorant hot tapes based on article headings.

That's.... Literally just a long password.

I assumed you were talking about a private key as in cryptographic private key, where your data is encrypted on the remote server and your private key is required for it to be decrypted and for you to use it.

If you just talking about something to get into an SSH key then all that is is a longer password.

It should be $0 because this was a credential stuffing attack (Using breached passwords people reused), and affected people who knowingly shared their data with other people.

23&me didn't leak data, they didn't have any database breaches, their infrastructure wasn't compromised due to negligence...etc The majority share of negligence is in the users here.

Yes, they should have MFA, but also no, most sites and services don't force you to use MFA to begin with, and that's not a regulatory requirement anyways.

This is, for the most part, the fault of the folks using terrible security practices such as refusing passwords and sharing their data with other users. And this is a shitty precedent to set where the technical reasons for this event are thrown out the window in favor of the politics of it.