It is opinion.
I do not claim it is wrong.
I am not denigrating the author.
It is, however, just an opinion published on someone's blog. Hence the disclaimer (if you read all the way to the bottom.)
Slashdot is supposed to publish news for nerds, and this is not that.
A lot of software developers are doing what RMS says a lot of time. It's just that almost noone does it all the time.
It's clearly evident from the amount of GNU and GPL software out there that wasn't written by RMS that people are following his ideas. And that those ideas have succeeded, simply by the success of that same software in the marketplace.
It's not a failure of the ideal when developers of open source also write proprietary software to pay the bills.
I bought a Lenovo X131e Chromebook second hand for exactly that purpose. Went online for the instructions to boot it into developer mode so I could change the OS
I now have a device that runs ChromeOS and nothing else. So it's going to get sold on to the next victim. Make sure if you do buy one for this purpose that you really are able to change the OS.
The Open Web Application Security Project website is a great place to start browsing from, to investigate both pen testing and secure development.
I would also recommend getting some familiarity with the PCI DSS standard. It is aimed at companies involved in online payments (and a bitch if you have to prove compliance.) However when used as a descriptive framework rather than a prescriptive one, it's great foundation for planning a company's IT security aspect.
I'm sure there's a bunch of other security standards for other industries that could be used in much the same way. A good security consultant should at least be able to name check them.
Who else remembers, back in the day, when whistleblowers used to escape from Russia and seek political asylum in the USA?
I feel old.
Center meeting at 4pm in 2C-543.