Preface

I got excited and didn’t properly read your post before I wrote out a huge reply. I thought your problem was the per-user mapping to different locations on your NAS or to different shares, but its specifically file ownership.
whoops.

Leaving this here anyways, in case someone finds it helpful.
I kinda address file ownership at the end, but I don’t think its really what you were looking for because it depends on every user having their own share.

Prerequisites

1. you need to be using Storage Templates.
2. you’re willing to change the storage labels for all existing users
   • if not, then change the storage labels for all users to something temporary and run the migration job before you begin. You’ll change it back later.
3. you’re willing to switch to NFS instead of samba, where each user gets their own share.
   • might not actually be necessary, but its what I use, so YMMV

Configuration

Volumes

In docker, you’ll need to set up an external NFS volume for every user. I use portainer to manage my docker stacks, and its pretty easy to set up NFS volumes. I’m not sure how to do it with raw docker, but I dont think its complicated.

Compose

in your docker compose files, include something like this

services:
  immich-server:
    # ...
    volumes:
      - ${UPLOAD_LOCATION}:/data
      - /etc/localtime:/etc/localtime:ro
     - type: volume
        source: user1-share
        target: /data/library/user1-intended-storage-label
        volume:
          subpath: path/to/photos/in/user1/share
    - type: volume
        source: user2-share
        target: /data/library/user2-intended-storage-label
        volume:
          subpath: path/to/photos/in/user2/share
    # and so on for every user
  # ...

volumes:
  model-cache:
  user1-share:
    external: true
  user2-share:
    external: true
  # and so on for every user

There are 3 things about this setup:

1. it does not scale automatically. this is fine as long as you don’t intend to be adding/removing users often.
2. it is only saving the photos and videos. all thumbnails and transcoded videos, etc, get saved to ${UPLOAD_LOCATION}. For me this is fine, I dont want to pollute my NAS with a bunch of transient data, but if you want that info then for every user, in addition to the target: /data/library/user1 target you’ll also need a target: /data/thumbs/user1, target: /data/encoded-video/user1, etc.
3. If there is already data at the target, when you mount this volume it will mask that data. This is why it is important that no users exist with that storage label prior to this change, else that data will get hidden.

You may also want to add similar volumes for external libraries (I gave every user an external “archive” library for their old photos) like this:

    - type: volume
        source: user1-share
        target: /unique/path/to/this/users/archive
        volume:
          subpath: path/to/photo/archive/on/share

and then you’ll need to go and add that target as an external library in the admin setup.
and once immich allows sharing external libraries (or turning external libraries into sharable albums) I’ll also include a volume for a shared archive.

Migrate

redeploy, change your user storage labels to match the targets, and run the migration job (or create the users with matching storage labels).

File ownership

I honestly don’t think its important, as long as your user has full access to the files, its fine. But if you insist then you have a separate share for every user and set up the NFS server for that share to squash all to that share’s user. Its a little less secure, but you’ll only be allowing requests from that single IP, and there will only be a request from a single user from that server anyways.
Synology unfortunately doesn’t support this, they only allow squashing to admin or guest (or disable squashing).

Hmmmm that’s a good point.

I still wouldn’t count that as every day life because you’re not physically interacting with the satellite or submarine internet cables, even if you’re interacting with the effects of their existence.

But now I have to justify why my stance of “being physically near but still unable to see or touch directly” (as an internal mechanism of something) is any more “everyday life”. It feels like an internal mechanism counts as just as every-day as the thing its a part of, but is it really?

I don’t have a solid justification. It just feels different to me.

I think that “with some mass” wasn’t meant literally but figuratively, specifically to exclude things like shooting subatomic particles.

I think OP means the kinda of things humans interact with and are able to perceive in their every day life.

I feel like that’s even less like “everyday life” than OPs example of bullets lol

I had to read it a few times, I initially made the same mistake as you. It’s all there but I’m not used to carefully reading all the text on a silly post lol

It’s illegal to hire people or refuse to hire people based on political beliefs or affiliation, so you’re not gonna have companies that only employ Trump supporters or employ no Trump supporters. Politics is considered a protected group wrt employment law in the USA and many countries.

But how would it actually work?
It’s not like it’s difficult to gauge employee sentiment about ICE. If your employees are strongly against it, then you simply don’t enter the competition for ICE contracts, or you choose to not renew the contracts when they expire.

They only have to make an example of a few to discourage the rest.

The only real safety is with the instances hosted and run in locations difficult for American companies to pursue legal action

Yeah, but at the same time it’s kinda good for people to be able to see the kind of shit they’re posting for themselves.

It is propaganda, but it’s not good propaganda, and that’s what the community fact checking thing is meant to counter, imo.

Even if that was true, which it isn’t, a company should reflect the beliefs of its employees and community.

I haven’t watched it, but I’ve heard Mobile Suit Gundam 0080: War in the Pocket is a pretty brutal anti-war piece by the end.

If it’s an official govt agency I think it makes sense for them to be allowed on communications platforms and to be verified, so that people can see what they’re saying and know that it’s an official statement.

Then people can see the post and make their own judgements about it, knowing it’s an official agency statement.
Having twitter style factcheck for blatant misinformation is also important for this, though.

I think that tech companies taking a stand on what their employees and/or users believe in is a reasonable thing.

Idk what the employees of bluesky believe, but I’m fairly familiar with the bay area tech scene and I think that there is a decent chance that the employees would like to take a stand by not providing services to ICE.

That being said, idk if simply allowing them to have an account is providing services. I think it’s probably better to have govt agencies have verified accounts so people know when things are official statements, even if you disagree with the agency.

What you’re looking for is probably something like certificate authentication, or mTLS. It exists, but it’s kind of a pain to set up on client devices so it’s not very common.

What’s more common and easier to set up and is nearly the same thing, is passkey authentication. Same in-flight security characteristics, but you typically need to pass a simple challenge for your device to unlock it.

There are a bunch of self-hosted auth options for both

I wanna try matrix, but it’s crazy to me that no clients, even the official clients, support all the features. It really makes me hesitate lol

Im not sure how these stats are collected, I assume that they query each server for its to make the chart, rather than query every server every day and copy the results.

If they’re really copying the results, then you’re absolutely correct that temporary instances outrages would cause those correlated downward blips, but I’m surprised to hear you wouldn’t just be able to query servers to get this data on demand.
But then again if a server went permanently offline you’d lose that data forever. Hmmm

A statistician explain to me why these graphs seem correlated beyond general trend? They both seem to have localized events on the same day, but given their different timescales that doesn’t seem like it should be possible.

I raised the same concern on the other post too, but idk enough about statistics to for sure say something seems fishy.

But they should be offset. Monthly MAU departures shouldn’t reflect in half-year until 5 months later. And half-year departures shouldn’t influence the MAU at all.

The fact that they line up to they day strikes me as very suspicious.
But I’m not a statistician

Right, that’s why I suggest providing both an opinionated option and an opinionated option. Like a “recommended” section and a “full list” section.

Let people without contest and who don’t care to learn the context in advance use an opinionated picker, but don’t withhold from people who want to dig in.

But it turns out I misunderstood the example that was given - those instances aren’t shown because they simply aren’t piefed instances.

Ah I misunderstood your example, I thought you were saying instances were intentionally excluded from the picker rather than “instances that don’t support this platform don’t appear”.

I’m not going to opine on what constitutes a “real” leftist apart from saying that left/right dichotomy really doesn’t describe reality well.

https://join-lemmy.org/instances will send you to places like hexbear.net and lemmy.ml, whereas https://piefed.social/auth/instance_chooser literally never will.

Honestly I think this is a problem. I don’t think the instance picker should be so opinionated that it blocks (legal) instances. I want extremist to be directed away from the normie and moderate instances. I prefer to clearly characterize instances and let people pick their own, while also providing opinion for people who don’t care or lack understanding.

Although this is clearly a point of preference, and I can see why some people would prefer the opposite to possibly prevent the radicalization of a moderate.