ilmagico

The group was private and they created fake profiles ... did I miss something?

Exactly this: highly paid engineers are usually PHDs or otherwise researchers focusing on difficult problems. Their output can't be measures in ~~lines of code~~ commits on github. Nevermind time spent mentoring younger engineers, reviewing pull requests, advising management, etc. Ask me how I know.

That said ... at my previous job for a while near the end they were paying me to do very little indeed. I was not happy. Eventually the company ran into trouble, laid a bunch of people off (including me) and now I'm a lot busier at my new job... also happier.

I had a forum account from long ago that I barely use and even I was able to vote ... so if you had an account there, give it a try and vote!

Was this with podman or rootless docker?

I also would like to switch to rootless, I have some experience with podman and, while I generally like it, it's not 100% compatible with (rootful) docker, and can have performance issues if you're not careful, especiallt with certain file systems like btrfs. I wonder if rootless docker is now better than podman, or preferred for some other reason.

It's the video games makers really, not video games as a whole. There are ways to make video games without getting kids to spend their parents' money.

I think the big deal is if they support wayland, which I think was supposed to come in 4.20

I could be wrong, but I think Qualcomm designs its own chips and only licenses the "API", so it would be no difference for them.

I was finally able to find some technical detail on passkeys on FIDO website, and yeah, it actually looks like it's a real improvement over passwords: it's simple, uses proven technology (public/private keys), and should be much more secure than passwords.

Also, nothing in the "specs" says I need to entrust my private key with the OS or a third party, which is good.

That said, it seems some OS support is required nonetheless, to show the pin / biometrics prompt (or is it?), and on android at least, I'd need to buy a new device with Android 14 to use a non-Google passkey provider...

I use KeePassXC on desktop and Keepass2Android on, well, android, and sync via nextcloud. They all seem to handle syncing correctly, merging changes made on one side, or showing a notification about a conflict, and KeePassXC can definitely merge the two "conflicted copies" together reliably with a couple of clicks (yes, a no-click solution would be better, I know, but it's not "manual"). Keepass2Android integrates directly with nextcloud and seems to handle it fine.

The situation can definitely be improved but it's not so bad for me. Also, two different people should probably use two different database files and not share passwords ;)

Not sure how syncthing handles conflicts, it's been many years since I tried it.

I use KeePassXC's browser integration daily and it works pretty well with Firefox (linux), well enough that I'm not complaining, but I cannot compare it with Bitwarden cause I never used it. On Android I use Keepass2Android and works well with autofill, but again, I can't really compare it.

Something tells me Bitwarden works better, just by virtue of being a commercially supported product, but I have no complaints with KeePassXC & Keepass2Android (KeePassDX works well on android too). Original KeePass desktop client was never great though.

I see, that makes sense and should be more secure, in theory. Thanks for the explanation.

The issue I have is, whether I need to trust a third party with my private key, e.g. Google with Android, Microsoft with Windows, etc. (yes on linux it's different, but that's not my only OS).

Also if the private key does get compromised (e.g. local malware steals it), hopefully there's an easy way to revoke it.

Ok, from a quick search, it seems passkeys rely on some trusted entity (your browser, OS, ...) to authenticate you, so, yeah, I'm not sure if I like that. The FIDO alliance website is all about how easy, convenient and secure passkeys are, and nothing about how they actually work under the hood, which is another red flag for me.

I'll stick to old-fashioned, long, secure, randomly generated passwords, thanks.