The main difference i would say is the development and licensing model. Photo prism is forcing ppl who want to commit to sign a CLA to.give away their rights. Also the community is not really active it is mainly one dev that can change the code license on any given time.

Immich does not have such an agreement and has a huge active contributor community around it. Also Immich is backed by Futo which has its pros and cons.

Imho the biggest pain in self hosting is when a foss product turns evil towards its community and start to practice anti consumer/free selfhosters business practices.

Immich is far less likely to turn evil.

Edit: I think it is the biggest pain cause you have to migrate every device and person to the new service.

Then swap you nameservers to a DNS provider that allows that?

Immich requires to be run on a server to function, but a lot of (or even all) of its functions are things that could reasonably done entirely on-device. Aves combined with some automatic backup solution such as Nextcloud gets (from what I can tell) most of the functionality Immich offers.

How would you backup Immich on device?

And if you backup to Nextcloud than you already have a served?

So you are arguing that having a file server is enough? And processing is done on client side?

That would be in this case very inefficient.

1. You would need to have all the data on the Client or transfer all the data to the client once you load it.
2. You device has to do all the processing which would lead to lower battery life.
3. How do you handle multiple Users? Giving partially access to the Filesystem?

I could come up with other points but this should give you an idea. Yes, for some use cases a server-client approach does not make sense but for a dedicated photo backup and indexer it absolutely does.

If you use any kind of deduplication and or compression, the system files do not amount to any meaningful size (assuming there is no additional encryption on the VM disks). Especially when you consider the size of OPs data, 1,5TB, then the couple of GB of system binaries etc. do not really matter.

You can simply just download a binary and run it.

I’m also of the opinion that if a bad actor capable of navigating the linux file system and getting my information from it has physical access to my disk, it’s game over anyway.

I am sorry but that is BS. Encryption is not easy to break like in some Movies.

If you are referring to that a bad actor breaks in and modifies your hardware with for example a keylogger/sniffer or something then that is something disk encryption does not really defend against.

With initramfs and dropbear you can make the password prompt accessible over ssh, so you can enter the password from anywhere.

Edit: For debian it is something like

• install dropbear
• configure dropbear for initramfs
• generate key pair
• generate initramfs
• You are done.

Full disk encryption on everything. My Servers, PCs etc. Gives me peace of mind that my data is safe even when the device is no longer in my control.

I use dd.

And as backblaze says themselves every time, this data is not.the complete truth either, they have large sample size but this sample size is still too small to large claims about reliability. Especially about brand reliability.

And it is heavily opinionated, without pointing out other solutions like for example the use of openvpn without mentioning wireguard even once.

TLDR, the developers of pfSense are not the nicest people sometimes. If this bothers you, consider checking out OPNsense.

So first the author is arguing around on the router section that you should not buy a cheap router but then goes for pfsense instead of opnsense, i understand that when you are used to pfsense that you may not want to switch but recommending it for new ppl is just stupid. They have shown their hostality against their OS community in the past see https://news.ycombinator.com/item?id=13615896

2. Guess what, all IP addresses are known. There is no secret behind them. And you can scan all IPv4 addreses for ports in a few seconds at most.
3. So some countries are more dangerous than others? Secure your network and service and keep them up to date, then you do not have to rely on nonsense geoblocking.
4. Known bots are also no issue most of the time. They are just bots. They usually target a decade old Vulnerabilities and try out default passwords. If you follow my advice on 3. this is a non issue

It is based on completely different hardware. A Raspberry Pi CPU is much more expensive than the CPU that is used here.