Take the following with a grain of salt, it depends on your specific setup, environment and preference, but might help you:

Regarding system backups, and depending whether you need to run fedora, check out nixos, which takes a declarative file and builds your system based on that. Declarative immutable system, no moving parts, no breakage. If your system breaks, revert to a prior version and keep using what you’ve had before before retrying. Your backup is a git repo or whatever is keeping your handful of config files. Has been an absolute game changer for me, and the community and ecosystem around it is far beyond the point of quirky esoteric immutable distro.

VSCode has a powerful feature that I’ve yet to see in another editor/IDE - remote development, and it works really, really well. Spin up a VM however you like (I’d recommend checking out Vagrant), and depending on how much you need to do in windows either use the windows box as a remote run target (just running your built artifact in windows), or as a remote development box (running everything in windows and using your Linux VSCode as a “Frontend” for everything else happening in windows). Both methods can be made to work seamlessly in vsc.

Excel - again depending on your usage, you can try wine, you can use a VM, dual boot, M365 in browser, or a remote VM.

No, but the more people block them, the less up votes and visibility they will receive for their posts.

Why are we giving this person their stage again? How probable is it that the instance admins of the like 15 instances they have accounts on will all collectively ban him? It’s just your average nazi spammer on the internet. You’ve read that “bio” this person has. Even if they get banned, they’ll come back just on principle. Just block him like any sane person would do, leave him shadow banned like that with his nazi friends, and call it a day.

Isn’t Ubuntu Pro basically just an extended support for a set of universe packages for their LTS versions and free for private use?

How is making enterprises pay for extended LTS because of corporate no-update-just-insert-coin mentalities even remotely close to ransomware?

Like I get everyone who doesn’t like Ubuntu for various reasons, but this sounds completely dumb to me.

NPM allows for code to be executed while you install the package which is different from maven or nuget and allows for easy exploitation paths

This is the winner. Combine that with a vastly bigger group of inexperienced developers (and I’m willing to die on that hill), and you have a lot of people running node / npm as an admin / root user, who have close to zero idea what they are doing, hitting their project with third party dependencies left and right for no particular reason (left-pad, is-number, ansi console and similar useless crap), and then your dependency management allows for code execution. Also, from my personal feeling, it seems that npm simply cannot properly audit the packages due to the sheer mass. From a technical standpoint it’s close to trivial to put your malware onto npm, and then you just need to get someone to install your package, which is way simpler than in other package managers

The smallest footprint for an actual scripting probably will be posix sh - since you already have it ready.

A slightly bigger footprint would be Python or Lua.

If you can drop your requirement for actual scripting and are willing to add a compile step, Go and it’s ecosystem is pretty dang powerful and it’s really easy to learn for small automation tasks.

Personally, with the requirement of not adding too much space for runtimes, I’d write it in go. You don’t need a runtime, you can compile it to a really small zero dependency lib and you have clean and readable code that you can extend, test and maintain easily.

I’m very interested to hear what went wrong.

We’ll probably never know. Given the impact of this fuck up, the most that crowdstrike will probably publish is a lawyer-corpo-talk how they did an oopsie doopsie, how complicated, unforseen, and absolutely unavoidable this issue has been, and how they are absolutely not responsible for it, but because they are such a great company and such good guys, they will implement measures that this absolutely, never ever again will happen.

If they admit any smallest wrongdoing whatsoever they will be piledrived by more lawyers than even they’d be able to handle. That’s a lot of CEO yachts in compensations if they will be held responsible.

Or you can just use vscodium.

Again, you may quote the FSF, but there are too many users of open source, as well as developers, who got into it for the reasons I stated. I can assure you that they are not doing it so that corporations can profit off their software without giving back.

If you are developing open source, you are not necessarily developing FOSS. If you are developing FOSS, you are also developing open source.

FOSS is well defined by the FSF, and it has been for ages, and to be frank, therefore no one cares for anyone’s personal definition of it.

What I am against is having the cake and eating it, as it’s being proposed with this licensing. Either you do FOSS, or you don’t. Either you do open source, or you don’t. Either you do proprietary software, or you don’t. It’s really that simple, because depending on your project, you take the terms that you see fitting and live with the consequences. The whole goal of this proposal was to be taken more serious as open source developers and projects, and to ensure funding for further development. Cherry picking the best parts of every model, and making irrational demands does not achieve that.

As I said, I’m absolutely on board that open source licensing and open source development being taken for profit by corpos absolutely sucks, and the usual licensing models have not aged well with the much wider adoption and usage of open source, and there is a need for change - as it’s being done e.g. by elastic, redis and others with their dual licensing.

It doesn’t matter how hard you want to call it FOSS, but with this licensing terms you describe it is not FOSS, period. And to be honest, you calling out various people for not getting what FOSS is, while you fully ignore the agreed on definition by people who are actually doing FOSS is you discrediting yourself.

You haven’t found a license like this, because your model is flawed: A licensing like this will disqualify you from any kind of usage in an actual FOSS licensed environment. Personal users, which will not be providing revenue, will not be really affected by this, and are irrelevant for your point. Corporate users, which you will mostly target by this new license probably won’t be able to use your funky new license because they will need to check with legal, and your software will need to have a lot of USPs for someone to bother with that. A 1% corpo-richness-tax will not be approved by any kind of bigger company, because it’s a ridiculous amount from the perspective of your potential customers.

You’re taking yourself way to important. Open source software is not replaceable as a whole, but individual projects are. If you want to earn money with your project, that’s good on you, license it accordingly, but do not try to upsell it as FOSS.

And I fully get your point, and I’m currently working on the same problem in my in-development project, and I’m not sure yet whether to dual-license it, for similar reasons you stated, and live with the consequences of providing OSS, but non-FOSS software, or do FOSS and provide it for actually free.

Edit: Also, the xz backdoor has nothing to do with funding. Any long time maintainer (as in not just a random person contributing pull requests) going rogue can happen in funded scenarios as well.

And who’s gonna maintain the fork? Even less developers from a split community? You have absolutely no idea what you’re talking about.