oranki

I think the article is about the sw passkeys, stored in a password manager. Not hw keys like Yubikey.

But your point is still valid. With passkeys the owner of an account would need to log in and add the passkeys of the other family members so they can log in. At the moment there’s no way to share passkeys or even move them between password managers, I think.

But passkeys are still developing. I could imahine that in the future it would work like SSH keys. To allow someone to login to your account, you’d just add something like an SSH public key.

I find passkeys very convenient, but it’s going to take a long time until they’re supported widely enough for regular people to care.

Thanks. Last time I tried it was just after bookworm released, and on ARM, so it has probably got better

It’s a really solid combo, but if you’re not familiar with CoreOS I wouldn’t change both at once. Meaning migrate the services to Podman first, then switch the OS. I’ve meant to switch from Alma 9 to CoreOS a long time, but haven’t found the time.

I noticed you run Nextcloud AIO, just so you know, that’s one of those “mount the docker socket” monstrosities. I’d look into switching to the community NC image and separate containers managed yourself. AIO is easy, but if someone gets shell to the NC container, it’s basically giving root to your host.

Either way, you’re going to have trouble running AIO with Podman.

I’m very much biased towards Podman, but from what I understand rootless Docker is a bit of an afterthought, while Podman has been developed from the ground up with rootless in mind. That should be reason enough.

The very few things Docker can do that Podman struggles a bit with are stuff that usually involves mounting the Docker socket in the container or other stupid things. Since you care about security, you wouldn’t do that anyway. Not to mention there’s also rootful Podman, when you need that level of access.

I’d recommend an RPM-based distro with Podman, the few times I’ve tried Podman on a deb distro, there’s always been something wonky. It’s been a while, though.

I have to join the choir, what do you mean dying and doesn’t work? If proprietary apps don’t support it, it’s just because it’s one of the best ways to lock people in.