Take the following with a grain of salt, it depends on your specific setup, environment and preference, but might help you:

Regarding system backups, and depending whether you need to run fedora, check out nixos, which takes a declarative file and builds your system based on that. Declarative immutable system, no moving parts, no breakage. If your system breaks, revert to a prior version and keep using what you’ve had before before retrying. Your backup is a git repo or whatever is keeping your handful of config files. Has been an absolute game changer for me, and the community and ecosystem around it is far beyond the point of quirky esoteric immutable distro.

VSCode has a powerful feature that I’ve yet to see in another editor/IDE - remote development, and it works really, really well. Spin up a VM however you like (I’d recommend checking out Vagrant), and depending on how much you need to do in windows either use the windows box as a remote run target (just running your built artifact in windows), or as a remote development box (running everything in windows and using your Linux VSCode as a “Frontend” for everything else happening in windows). Both methods can be made to work seamlessly in vsc.

Excel - again depending on your usage, you can try wine, you can use a VM, dual boot, M365 in browser, or a remote VM.

You probably just should let an AI generate that.

It’s not about being dumb and expecting stuff for free but a general anger towards subscription based models. Fair models exist and are possible, but are a collateral of the general hate.

Then, free alternatives exist, and believe it or not, some people do not have a tiny monthly fee they could spare or do not want to pay for something that a free alternative exists.

Threema tried exactly that, and failed comically.

Just as AI will replace developers, and then we have Devin. Also don’t forget the artists that will be replaced, that’ll happen just when it learns that humans have 5 fingers per hand.

It’s all marketing for AI, by the afaik currently biggest supplier of AI hardware.

The whole hype will implode when AI itself implodes, not as the AGI singularity, but when the resource costs spiral out of control, and its keeps getting its own generated glop spoonfed

No, but the more people block them, the less up votes and visibility they will receive for their posts.

Why are we giving this person their stage again? How probable is it that the instance admins of the like 15 instances they have accounts on will all collectively ban him? It’s just your average nazi spammer on the internet. You’ve read that “bio” this person has. Even if they get banned, they’ll come back just on principle. Just block him like any sane person would do, leave him shadow banned like that with his nazi friends, and call it a day.

So, you mean using a proprietary vendor to operate something binds you to that vendor? Congratulations, you’ve just discovered vendor lock-in.

“Obfuscating the environment” is also an absolutely unhinged claim, what even is that supposed to mean?

And again, Automattic is NOT in the right. What Automattic did was break license terms, attempt to extort, steal code, and light their whole brand, company, ecosystem and community on fire. Matt spit in the faces of his open source community (and open source in general), and every single person dependent on WordPress losing their job because of the shift he’s causing will be blood on his hands personally. Even if WP Engine was questionably morally or ethically, they did play by the laws and the license terms. Matt went on a mental breakdown and additionally to his unethical behavior broke several laws on that journey, which is exactly why he is losing the lawsuit. Matt and Automattic are NOT in the right.

To be fair, Matt is providing meltdowns regularly and totally free of charge. 😂

I’d laugh my ass off if WP Engine would lead a hard fork called WP Core. If any WP Engine folks read this, feel free to use the name, I won’t sue, I promise.

It really depends what you’re doing. If it’s really “only” blogging I’ve seen a lot of blogs using Ghost. Hugo is more of a “simpler” static site generator.

That whole blog post is so full of salt, that it really hurts to read.

Still going on about the “imbalance of the contributions”, well that’s open source for you - you don’t get to control who contributes how much, all you can do is ask nicely, and provide a good experience for contributors. Acting like a lunatic does not do that.

legal attacks started by WP Engine

Of course they did after the witch-hunt and the absolutely illegal, unethical and plain ridiculous behavior of Automattic. The counter they did, the whole ACF takeover and the slandering are a lawsuit handed on a plate.

The way “community” is quoted in that article for those who dared to disagree.

This legal action diverts significant time and energy that could otherwise be directed toward supporting WordPress’s growth and health.

Yeah, as a developer I also hate when lawsuits are stopping me from working. He had no problem letting go of nearly 10% of his staff with their “alignment offer” to get rid of people who again dared to disagree, but the legal action is diverting resources now.

But the whole “Focused on the Future” paragraph is going full mask off:

Before, they said that resources will be reallocated to “for-profit projects within Automattic”, and

We will redirect our energy toward projects that can fortify WordPress for the long term

It’s only a matter of time another hostile takeover will take place, and Matt will attempt to go full for-profit on WordPress itself.

We’re excited to return to active contributions to WordPress core, Gutenberg, Playground, Openverse, and WordPress.org when the legal attacks have stopped.

Full on extortion. Stop the lawsuit or we won’t contribute.

Honestly, if I’d be dependent on WordPress for my work, I’d not sleep well and start going into something else right fucking now. How are people that stupid, childish and entitled getting into such positions.

Matt never ceases to amaze with his smoothbrain decisions.

The amount of effort this moron puts into his weird personal vendetta against WP engine, even after the court told him that he has nothing, which was actually his last chance to end this kinda gracefully, could’ve been used for so much better things.

And he’s not only successfully kicking himself in the balls, he’s willing to throw so many years of community and project time and effort under the bus for it.

Go on Matt, keep telling how much you’re only doing this for WordPress.

Bethesda brought HD texture packs for Skyrim and Fallout, yes. But they are free DLCs and came out several years after release. Bethesda did a paid modding shop.

But this is a feature that other games just have, that’s paid, on a preorder full price AAA game that’s already more expensive than other games.

Stop trying to compare, this is a whole new precedent of greed and mtx.

NPM allows for code to be executed while you install the package which is different from maven or nuget and allows for easy exploitation paths

This is the winner. Combine that with a vastly bigger group of inexperienced developers (and I’m willing to die on that hill), and you have a lot of people running node / npm as an admin / root user, who have close to zero idea what they are doing, hitting their project with third party dependencies left and right for no particular reason (left-pad, is-number, ansi console and similar useless crap), and then your dependency management allows for code execution. Also, from my personal feeling, it seems that npm simply cannot properly audit the packages due to the sheer mass. From a technical standpoint it’s close to trivial to put your malware onto npm, and then you just need to get someone to install your package, which is way simpler than in other package managers

Kinda expected the SSH key argument. The difference is the average user group.

The average dude with a SSH key that’s used for more than their RPi knows a bit about security, encryption and opsec. They would have a passphrase and/or hardening mechanisms for their system and network in place. They know their risks and potential attack vectors.

The average dude who downloads a desktop app for a messenger that advertises to be secure and E2EE encrypted probably won’t assume that any process might just wire tap their whole “encrypted” communications.

Let’s not forget that the threat model has changed by a lot in the last years, and a lot of effort went into providing additional security measures and best practices. Using a secure credential store, additional encryption and not storing plaintext secrets are a few simple ones of those. And sure, on Linux the SSH key is still a plaintext file. But it’s a deliberate decision of you to keep it as plaintext. You can at least encrypt with a passphrase. You can use the actual working file permission model of Linux and SSH will refuse to use your key with loose permissions. You would do the same on Windows and Mac and use a credential store and an agent to securely store and use your keys.

Just because your SSH key is a plaintext file and the presumption of a secure home dir, you still wouldn’t do a ~/passwords.txt.

How in the fuck are people actually defending signal for this, and with stupid arguments such as windows is compromised out of the box?

You. Don’t. Store. Secrets. In. Plaintext.

There is no circumstance where an app should store its secrets in plaintext, and there is no secret which should be stored in plaintext. Especially since this is not some random dudes random project, but a messenger claiming to be secure.

Edit: “If you got malware then this is a problem anyway and not only for signal” - no, because if secure means to store secrets are used, than they are encrypted or not easily accessible to the malware, and require way more resources to obtain. In this case, someone would only need to start a process on your machine. No further exploits, no malicious signatures, no privilege escalations.

“you need device access to exploit this” - There is no exploiting, just reading a file.