Worthwhile exploration on the impact of CopyFail in the context of Podman. The baseline security posture seems better and you can even improve things using older techniques. Definitely worth switching.

Don't think this piece really needed to talk about AI but oh well... I guess it's the obsession of the moment. That said, it's interesting to see how far the microVM ecosystem matured so far. The pieces are falling in place and that opens the door to interesting architectures.

Kind of obvious I think, but this likely bears repeating. Containers are not a magical recipe for security. There are many attack vectors to keep in mind and evaluate.

OK, this is definitely a very cool hack. It can definitely help to debug locally.

Indeed, we might want to use dev containers more widely in the profession. If you're developing something for the desktop you're out of luck though.

I keep being surprised at how common this kind of mistakes are. I probably shouldn't, it's actually kind of easy to fall into such traps.

Podman is really a nice option for deploying containers nowadays.

I didn't know about this project. This sounds interesting, smart use of mkosi to make an Incus tailored system.

Mind your typos... It seems clear a bad actor is hiding behind that one.

Nice docker recipe indeed for small and secure containers when you just want to ship a statically linked binary.

Little known docker feature but definitely useful for remote execution.

A bit of a rant, but since it looks like people are still trying to consider all those technologies are equivalent... I think it's good to have an explanation on what makes containers different.

Looks like a nice way to orchestrate rootless podman containers.