What is your worry about non authentic clients?

Lol. I should start using that in arguments!

What’s the mysterious purple line? Red Hat?

Because you asked.

The push to Microsoft accounts? More people, I expect, than I’d care to admit.

Is this serious? Grandsons’ photographs are not the only thing non-tech-savvy people keep on their laptops. Microsoft’s policies are not targeting this grandma specifically.

Can you imagine a distro made in Nepal, using as its logo a symbol of health, commonly seen patterned into gates and doors, displayed in windows, drawn on streets…

That’s fair.

(Though, small point, I think you can get the encryption keys to save even without a Microsoft account? Digging in regedit or something?)

Hah is there a rash of nursing home break ins that I’m unaware of?

I mean, not Windows user lives in a nursing home. I wish! But some lose laptops on the train, and some even throw their computers away!

Sure, most of the risk is remote through emails etc. Maybe you’re right. Maybe the balance is better the other way round: let all Windows Home users’ computers stay unencryptedv at rest, and keep encryption for Pro users. I grew up with a high focus on security; maybe I’m paranoid.

But phones are all encrypted these days. Obviously they’re more mobile and at more risk, but that suggests to me that laptops are subject to similar, if smaller, risks.

So, your grandma doesn’t need encryption. She might not need a seatbelt either. But it’s not only state secrets that are worth protecting. Does she have internet banking, with cookies stored in her browser? But many people do, and it’s either encryption for everyone, or for (almost) no one.

That still happens without bitlocker. Computers are dropped. Facebook passwords are forgotten.

I acknowledge automatic encryption is going to make some more cases of lost data, but, with respect, I think the benefit of making fewer cases of stolen data is worth it. I agree with the other commenter that users should be made aware of it more clearly.

Also, as much as I hate the push to Microsoft accounts, I have to admit it helps mitigate this problem: if all ordinary users have an account looking after their master keys, then they can turn to that when they forget their login password etc. but the opportunistic thief on the train can’t (as easily). Not every grandma has a Millennial relative at hand to boot Linux to rescue files off her HDD. And for those who don’t like to trust their master keys to Microsoft/Apple/Google? There’s Linux. And external backups. And saving your password somewhere safe.

Fair point.

You know, this is actually one Windows decision I agree with. Encryption should be default, especially on portable devices like laptops. For an OS aimed at people who want to use their computers, rather than understand them, you have to choose an encryption that works by default for most of your non-tech-savvy users.

If they want their data truly in their own hands, or full control, use Linux.

If they want to use Windows, but not rely on a Microsoft account for recovery, get the bitlocker recovery key and write it down (which you can do).

But I think this looks like a sane default.

(Full disclosure, I don’t use Windows for anything I care about!)

I’m pretty sure you can get your recovery key and write that down elsewhere.

I assumed you were also meaning about getting to your nice steak some days later and getting a whiff of memory of the burning-to-death person, and being put off by the trauma from that.

The answers I’ve seen here (really good ones! Thank you guys!) don’t seem to address that directly, but it sounds from them like mostly if you work in that job you learn to push away the horror one way or another and get on with life, and steak-vs-man turns out not so different - even with, as you say, smell being particularly evocative of memories.

I see dog and coffee; sounds like a net positive to get on with writing more dissertation.

And lost fingers.

The door creaks! It’s 2am! Quick! Wake the property manager up, he must know now!

Poor OP, you told him so bluntly. I was going to let him down gently. Maybe he’s not ready for this knowledge.

It worked! Thank you so much.

My quadlet files are now cobbled together from various sources, cross-referencing yours with the official docker compose and a couple of podman examples I found. But I now have a functioning Immich running in rootless podman, accessed through a VPS reverse proxy!

I’ll edit my first comment in the chain with some tips in case someone else comes across this looking for help.