I think most of the other answers are good. For enterprise software I think, non community contributed, security updates behind a paywall are reasonable too. I know all updates can be behind a paywall and still be FOSS but it really hurts the public good / community aspects that make FOSS great to me.
From a policy stand point I think stakeholders should sue when a major security breach tanks gets identities stolen, the stock or worse and CTO failed to buy down any risk with SLAs on key software.
I know all updates can be behind a paywall and still be FOSS but it really hurts the public good / community aspects that make FOSS great to me.
If companies abuse public good, how should the public protect itself and still stay great?
From a policy stand point I think stakeholders should sue when a major security breach tanks gets identities stolen, the stock or worse and CTO failed to buy down any risk with SLAs on key software.
The later is true for all software, but a lot of the "open source is unsustained"talks comes from the trillions of dollars and critical infrastructure built on it, but with little to no funding going back to actually paying for development or any contract in place saying that bugs will be fixed at all.
I think the "abuse" part is less of an issue outside if this. Like I don't mind that business benifit more than they put into public infrastructure, in fact I hope they do, but its a problem in which people that benifit the most aren't paying their proportional amount of the bill or worse no one is and we poise ourselves to lose it.
its a problem in which people that benifit the most aren’t paying their proportional amount of the bill or worse no one is and we poise ourselves to lose it
Exactly. A lot of this public infra is written in OSI respecting opensource, yet it is being taken advantage of with little to no kickback. Most people writing opensource cannot live on it and are never compensated for their work. Yet, when the proposition is made to introduce the equivalent of a tax within/for opensource projects, there's an outcry about it not respecting the OSI definition of opensource.
So, my question is, what's the realistic alternative? Because right now OSIsts are defending the equivalent of roads being built by people in their offtime and are vehemently against it being written that they should get compensated if the road is used for commercial purposes.
I mean we build projects that benifit ourselves and don't do the boring stuff we don't want to for free. If we are affected by organizations responsible to us (we are paying customers, investors part owners, voters, etc) that didn't do due dillegece to maintain their IT systems by getting meaningful SLAs or hiring proven capable devs to support upstream, they we sue them, demand refunds, vote out execs, etc, etc.
I don't think the free loading concept is very helpful way to frame though. If a bunch of people can make things or run services for next to no cost, that's great too. Not everything is critical, not every public project needs funding, just because we put in work to something does it mean we need to be paid for it. Somethings only became critical because a bunch of people, just for fun, ran stuff on it and choose it just because it was free.
Personally I use ksnip. Pretty sure it doesn't do video though. It does do assorted image capture, OCR (if you have Tesseract installed), and supports uploading to imgur, FTP, and anything you can manage to do with a script.
There isn't really a perfect replacement for ShareX that I know of.
Free and open source for selfhosting, paid when hosted by the company (e.g Nextcloud, gitea, cal.com)
Free and open source with basic features, paid for proprietary business addons (e.g Portmaster, Xpipe)
I think those approaches are fully compatible with the open source definition, but please correct me if I am wrong.
(The examples I mentioned are just some of which I personally know and use, but of course they are many others)
One recent example I can give you is XnView. It’s a program that is free for personal use as an alternative to some specific Photoshop suite as well as some other paid photo viewers like ACDSee. But if you’re going to use this for any sort of commercial use, you need to pay for licenses for all computers you use this on. Such was the case for us since we needed it where I work.
Admittedly it’s integrity based for most of these programs. They are hoping that you are going to be honest about your usage and pay when you use it for commercial use. There doesn’t appear to be telemetry that reports back your usage as this is usually just some guy releasing his personal project. In the case of XnView, I feel it was a guy who was fed up with more recent updates to ACDSee and made his own that mirrors the older versions and just works.
We bought the licenses but I never really felt they were necessary to activate. But we had the proof if we were ever audited that we paid for commercial usage.
I pirate some stuff in my personal life, but these little guys who do this are seriously awesome and I try my hardest to follow their rules since it’s so convenient and helpful in my search and their approach is not ever privacy intrusive.
Another example would be WinRAR, if I remember correctly. They expect businesses to pay to use it but the general public of users just using it at home get the free, infinite “trial”.
Both of those aren't opensource (at least I can't find their repos on their webpages), but I see the model your proposing. Maybe just providing an option to pay at all, and not make it a donation, could work. The only problem I see is a competitor swooping in with a bigger team (or a team in the first place), and building upon the existing project to kill it in order to end up selling its own product. With non-restrictive opensource licenses like MIT and Apache, I assume it would be trivial. GPLv3 would make that a little harder.
Free and open source for selfhosting, paid when hosted by the company (e.g Nextcloud, gitea, cal.com)
Do you believe anything should be done if a large competitor takes over the business of hosting for other companies and hosting is the major revenue stream of the opensource project?
Free and open source with basic features, paid for proprietary business addons (e.g Portmaster, Xpipe)
That sounds like Open Core and I am for this, but there seems to be a dissatisfaction within the loud part of the opensource community regarding it. They don't consider it "open-source". Do you still count it as opensource?
Your proposals concern services or applications. Do you have any thoughts on opensource that isn't that e.g libraries, frameworks, protocols, and so on?
if any one of my Windows or Android units got stolen and somehow cracked into or something.
This shouldn't be a concern if you're using disk encryption and secure passwords, which is generally the default behaviour on most systems these days.
On Android, you don't need to worry about anything as long as you've got a pin/password configured, as disk encryption has been enabled by default for like a decade now.
On Windows, if you're on the Pro/Enterprise edition, you can use Bitlocker, but if you're on Home, you can use "device encryption" (which is like a lightweight Bitlocker) - but that requires a TPM chip and your Windows user account linked to a Microsoft account. If that is not an option, you could use VeraCrypt instead, which is an opensource disk encryption tool. Another option, if you're on a laptop, could be Opal encryption (aka TCG Opal SED), assuming your drive/BIOS supports it.
TL;DR: Encrypt yo' shit, and you don't need to worry about your data if your device gets stolen.
What matters is that the backups are done at the appropriate intervals and verified to be readable.
You can figure out what interval is appropriate. Some people have to make sure every picture is saved, some people are fine losing a month of stuff.
Verifying the backup is valid equally important. You don’t wanna find out it was misconfigured and didn’t get your user directories when you try to restore. Just open one up and look to see every once in a while.
At least fifteen years ago you could set up windows backups through the control panel > backup or something menu. Now on 10 it’s settings > updates and security > backups.
You can click add drive from there and designate a usb or something as your backup drive.
Then set an alarm to make sure you remember to do it at the designated interval.
With android the easiest thing is to sync it to a computer that gets backed up.
You can use cloud services instead of a hard drive too, but often simple and easy to understand is the best place to start.
Do you know why it’s important to have backups before using full disc encryption?
The lockout I see most often isn’t from people forgetting a password or key, but from motherboard failure with a key stored in the motherboards tpm or cpu.
I selfhost Vikunja on a small 1GB RAM VM. It has views for list, table, Gantt and Kanban (I assume that's what you mean by not manually reordering?) You can setup reminders for your tasks like any project management tool as well.
You can access its web interface via port 3456, so no syncing or external app is needed, it's all browser based. Of course, you can setup a wireguard VPN to access it anywhere.
The best solution for a lot of problems. Imagine how awesome OSS could be if any dev could work on it at least part-time while still being able to eat and pay rent/mortgage.
I think the route of giving it all away for free and either offering hosting if the project needs it or (business) support is the most successful way of doing this.
I have no problems whatsoever with donation buttons / banners (like Krita does) but I'm afraid random donations is not really a sustainable model for most projects. I try to remember to donate to projects I use a lot (especially if it's for work) but it is another thing on my todo list and not one with high priority, so I don't do it as often as I'd like ... 😓
That's possibly fine for services, but what happens when a large, well-known competitor decides to offer the service at a lower price (possibly on their own infrastructure), takes away the customers, but doesn't contribute back?
Also, how should libraries (aka stuff that can't be hosted or doesn't have an interface) be handled?
Yeah, very good points. A while ago there was talk about some kind of foundation where maintainers could bill their hours and people and big tech companies could donate. Not sure if / how that would work ...
During the xz incident I also talked about this on Mastodon and someone suggested that big tech could just employ maintainers without them having to do anything for the company directly, just work on the project / library the company uses. Again not everybody would want to do that ...
I'm afraid there's no easy one-fits-all solution here.
Jabref is so great, but do read the documentation when you start. Its easy to use without reading any of it, but there's so much functionality beyond the basics that I just found out recently, and makes it so much easier to use!
Open Source
Active
This magazine is not receiving updates (last activity 51 day(s) ago).