I agree with parts about entitlement. The expectation of support and treatment of open source software as if it was proprietary is a real problem.

But, the authour makes a similar mistake - they conflate open source software with source-available (proprietary) software. As an example, I strongly disagree with this part:

When software is open-source, it is open-source, not necessarily free and open-source (FOSS), and even if it is FOSS, it might still have a restrictive licence. The code being available in and of itself does not give you a right to take it, modify it, or redistribute it.

If you replace it with this version, I am happy:

When software is source-available, it is source-available, not necessarily open source or free and open-source (FOSS). The code being distributed under a source available license does not give you a right to take it, modify it, or redistribute it.

I think it’s really important that we keep a clear delineation between free/open source software on one side, and source-available (proprietary software) on the other.

A lot of companies are trying to co-opt and blur the meaning of the term so they can say “seeing the source was always the point, none of the other freedoms mattered”, in order to sell you proprietary licenses.

Open source gives you the right to take, modify and redistribute it. Source available does not. And that’s ok, just please don’t blur the terms together.

even if it is FOSS, it might still have a restrictive license

Likewise, this is definitionally untrue. The whole purpose of FOSS is to give you the four freedoms.

For services only I depend on, I have production-only. Since I can only inflict damage on myself, and can often work around problems.

For the XMPP server my friends and family also depend on, I have a dedicated nonprod VPS. My services are driven by ansible playbooks, so I’ll tweak the playbook with whatever change I want to make works in nonprod, before running the same playbook against prod.

Whenever there’s a new Debian Stable release, I’ll rebuild the servers completely, to try and prevent “drift” between the nonprod and prod versions (not that I change things often enough for this to become a big problem). This is also the big test of my backups, which so far haven’t been needed in a “real” emergency 🤞

Distributions handle this for you. Installing your software through a distro, instead of getting it from each individual software authour, means that you trust one organisation instead of hundreds of individuals.

For instance, Debian has a strict set of guidelines for Debian developers (who have the right to upload packages). They will be familiar with the software they are packaging, are often independent from the upstream authours, and are expected to check the package for various issues, including licensing, security, version incompatibilities etc. In addition, every upload is signed, so you can see who is responsible for everything.

And when something slips through, as almost happened with xz, the analysis and recovery all happens completely in the open. There may not have been enough eyes on xz to prevent the vulnerability in the first place, but once it was discovered, there were at at least hundreds of people dealing with the aftermath, all in the open.

Compare this with proprietary software, where you’d be lucky if such a vulnerability was even disclosed, vs just silently patched.

Yep

I can highly recommend Mythic Beasts (UK).

There is no upsell or variable pricing and they make money by charging a flat rate on top of the cost from their supplier. See this blog post for more info

I would love for such a fund to invest very liberally in these companies, on the condition that anything it funds must be free and open source - public money, public code! The only way to take down these giant US companies is to work together, and the most effective way to work together is to release everything in the open in such a way that anyone can build on top of it.

If the money just gets funneled into these companies so they can build their own lock-in, the EU would be recreating the same dependency on a few small companies that happened in the US. It wouldn’t increase productivity in the long run, it would instead substitute dependency on a few US companies for a few EU companies.

But, if they invest in open source software, it could spur innovation not only in the companies that are directly funded, but also thousands of other companies throughout the EU that would now have common infrastructure that they can build on top of.

That’s good news, in my opinion. If they’re allowed to just completely disregard copyright when training, then I should be able to completely disregard any attempted copyright on the output too.