I wish there was somewhere I could earnestly and intelligently have discussions about EU related tech and tech policy, but HN isn't it. As you can see already in this thread, there's 14 comments besides mine and they are 100% negative, and about 95% low effort/reactionary.
Of course there's a lot to criticize and also to appreciate about the EU. But this is supposed to be a forum for intelligent, thoughtful discussion and yet as soon as the EU gets mentioned it basically turns into reddit.
We can discuss lots about EU. But does it make any sense here… EU is for regulations only. Which sometimes make sense (phone costs while traveling), but mostly not (CRA, planed prescription of electric vehicle quotas for business, planed yearly “old” car inspections, bottle caps attached to bottles, clothing waste regulation). EU has no military power and is obviously crippled defending the interests of member states. There is also commonly known secret, that many countries have tons of organizations to acquire EU money for useless programs and projects. There is no secret, that EU fantasies are steered by gazillion lobbying groups while the country representatives are not the brightest ones. Rather the ones seeking exorbitant untaxed EU salaries. I wouldn’t say that in current form EU is something special or especially useful.
So instead of adressing the article and provide the potential base for a intelligent debate, you decided to raise the bar by lamenting?
My impression in general is that there is rather a very EU friendly view here on HN in general, but HN is critical of everything.
So I also say, lot's of nice words, great that they at least start so late with that now, but more concrete steps would be more welcome.
"Making public administrations anchor users and contributors to open source, through procurement guidance, open-source friendly tendering, strengthening the Open Source Programme Office and its networks, reusable public digital assets and by embedding openness and sovereignty in digital investment decisions"
Because this for example sounds great. But is it very concrete? It sounds like it, but I don't see how it is.
True but it also reflects that the EU has indeed destroyed most goodwill towards it in the last decade regarding most things digital.
Most EU initiatives have damaged everyday UX on the web and in tech. Yes, some malicious compliance has played a role by over-reacting to well-intended regulations. But overall the EU has brought this upon itself.
This specific Open Source Strategy memo is typical. It's in fact not a strategy but a list of key goals and requirements, put together in technocratic jargon. It will have zero effect on the actual open source ecosystem.
> Most EU initiatives have damaged everyday UX on the web and in tech.
Are you really trying to suggest that GDPR and PECR are bad pieces of legislation because businesses have decided that they’d prefer to give you a bad UX?
" True but it also reflects that the EU has indeed destroyed most goodwill towards it in the last decade regarding most things digital. "
And these criticism destroys any goodwill from me. These are non topics my among political diverse friends.
Most people criticise the EU internet regulations are American cry babys. Their arguments are shallow, their knowledge about EU is low.
I guess the hate is because the EU also invented the following monstrosities:
- CRA (cyber resiliency act): Manufacturers must handle and release security patches for vulnerabilities, and developers are required to report actively on exploited vulnerabilities and breaches.
- PLD (Product Liability Directive): A failure to provide critical security updates or the presence of exploitable vulnerabilities can now legally constitute a "defect" and if defective software causes physical harm or property damage, manufacturers are strictly liable and cannot contractually exclude or limit this liability.
And the kicker is this: Non-commercial open-source software is generally exempt from these commercial liability frameworks. However, if an open-source component is integrated into a commercial, for-profit product, the responsibility shifts to the corporate manufacturer.
So good luck making some money of your open source project where the risk outweighs any potential profit, or integrate an open source project into your commercial offering.
IIRC Microsoft has a no liability clause in its licenses. How did they react to this?
All of this makes perfect sense
That's because American BigTech Bros are afraid of the below and will take every opportunity to diss on it.
"Support uptake of open source alternatives to proprietary solutions together with Member States and the Digital Commons EDIC — cloud, workplace tools, secure e-mail, decentralised social media."
It's not only HN. You can see big tech media hate against any effort europe does. Everybody is mocking europe for building 10 years old chip fabs or their measly small unusable clouds or bad startup scene.
It's interesting because not that long ago nobody cared about what europe did in tech. Or more like everybody was fine with the fact that europe imported computers and exported something else. It was like that forever. I am not sure where this is coming from. It almost seems like even these weak efforts might mess up with somebodys business.
It’s even more interesting because a big supply chain problem during Covid were related to old chips used in tons of mechanical engineering products, like cars. Given that experience you could argue that the old fabs are much better value for money for resiliency.
Don't forget to say Russia is behind it.
The thing is that Europe needs to really decouple as much as possible from crazy dictatorships such as Russia or the USA. US companies are part of that toolbox of containment that the USA is presently doing against Europeans.
Sooner or later Europe will wake up. Right now we still have too many lobbyists but this will change - at the latest when key lobbyists are put in jail for many decades. Sadly this also means the current EU commission has to go to jail too.
Unfortunately, even figures such as the leaders of the United States or Russia — or their associates — won’t end up behind bars either.
Mastodon works fairly well for that I think.
Is there a specific instance that you believe would be most suited to discover like-minded individuals on this particular subject?
> Of course there's a lot to criticize and also to appreciate about the EU. But this is supposed to be a forum for intelligent, thoughtful discussion and yet as soon as the EU gets mentioned it basically turns into reddit.
You dislike criticism? I find criticism an important part of discourse and discussion. HN is very clearly not anything like reddit - just the insane amount of censorship on reddit alone, is already one argument against that claim. Many more could be given. I have been using reddit in the past for many years, so I know how reddit changed. Not that everything is perfect on hackernews; I dislike the "you are posting too much" limitation, for instance. But we don't have over-eager censor-mods here whereas that was locking down numerous interesting discussions on reddit.
With regards to the EU situation: the EU is in a very strange situation. On the one hand it is doing good things; this then gets cancelled by the EU commission acting as a pure lobbyist group, as well as a huge army of bureaucrats who want more and more money and dream about assimilating more and more countries, which makes zero sense. Whether the EU will succeed with regards to their open source strategy or not, who knows. What I do know is that individual countries, such as France or the Netherlands, are quite intelligent when it comes to good decisions (Germany is absolutely undermined by lobbyists, so it is totally paralysed here); I am not convinced the EU is in a similar situation. It would have to be reformed, but people in Brussels don't want to see their job axxed away, so nothing will improve here.
My recommendation is that if you are unhappy, go and talk about it - but don't expect others to turn to your assumptions about how a discussion should happen when it comes to the EU, because they may not share your opinion here.
> You dislike criticism
No, I love criticism, as long as it's balanced and thoughtful, and invites discussion rather than being knee-jerk reactionary. Please read my comment more carefully.
> No, I love criticism, as long as it's balanced and thoughtful, and invites discussion
You forgot to add "and it matches my worldview of things". Knee-jerk criticism is very fine, like "Microsoft sucks" anytime someone mentions Microsoft. You can just ignore it and move on.
[dead]
The only good thing EU ever did in the last 25 years was GDPR in 2016. It has been slowly eroding everything else.
The DMA is a great initiative for more market competition.
It is not. It is a law to help loser companies benefit from the R&D spend of others. Like message "interoperability" between platforms. Instead of letting the best product win by consumer choice, they're forcing every messaging product to become mediocre. And the list could go on.
Great, now I can install an app on iOS without having Apple's approval or cut, right? No, you cannot. You still report and pay fees to Apple. This is the general trend: EU regulates something it doesn't understand and the result is a mess that companies need to deal with.
All great, but I would love EU and (national, local, ...) governments in the EU simply use the open source stuff already available.
Often there is an 'you must open source, unless you explain why not' and then there is some faff about why they really need to be buying more stuff from Microsoft (which is more and more cloud stuff and thus under the CLOUD act etc.)
Time to get rid of the 'unless' bit.
Although I usually come up negative on my The Year of Linux Desktop comments, that would already be a starting point.
Unless EU citzens are able to easily walk into FNAC, Vobis, Cool Blue, MediaMarket, Carrefour, Publico,.... and come out with a laptop or desktop with e.g. SuSE Linux already set up, this will always be a niche thing from nerds assembling their own PCs, or finding their ways into Tuxedo and co.
And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
I do not think I want my public sector running GNU/Linux desktops. There is no distro that meets the security requirements.
I don't know if Windows is better, I have heard rumours that it's pretty bad.
I know MacOS is MUCH better from a security PoV but I definitely don't want my public sector shelling out to Apple and I don't think it meets the boring IT management requirements anyway (I think big tech has a lot of crazy workarounds to make their MacBook fleets workable).
So yeah overall no good options here. I would love to see the EU fund development of a better distro for this usecase, but doubt it's the highest ROI thing you can do in this space.
I don’t get your comment. They can make a distro secure enough for government use. It’s not like it’s alien technology only the US have, that you need to buy Apple or Microsoft.
It would certainly be the highest ROI to have a local, open system built (by funding) local enterprises. Who knows, maybe a slice of the private sector might adopt it instead of sending money overseas.
It's not alien tech but it's a basic fact that only the US has it right now.
Yes we could build a serious distro with a massive investment to get Flatpak, systemd, bootc, up to scratch, set up OSS endpoint management software, set up a safe package supply chain, etc. And yes I would love to see it. But I think in the short term the money would be better spent replacing crap like Outlook and OneDrive than Windows. Note this doesn't require building much software it's about figuring out how to run infrastructure in a way that's friendly to the bizarre world of public sector organisations.
Maybe Dunning-Kruger but the latter just seem like much easier problems to solve.
Also totally pointless until we have an OSS web browser that the whole sector can adopt (maybe we already do, but any funding gaps for Firefox should still be addressed before we build our own EuroOS). No point in having a wonderful sovereign OS that just serves as a bootloader for Chrome.
In what aspect does GNU/Linux not meet EU sovereignty security requirement, but two American companies do?
Other than the elephant in the room that most FOSS projects are anyway sponsored by US companies, that is.
Sovereignty yes it's obviously better.
I am just talking about the pure tech fact that GNU/Linux desktops do not have any meaningful intra-host security boundaries.
Is this a worthwhile tradeoff against being tied to US tech? Yeah maybe, like I said there are no good options here, and Linux might be the least bad.
Sounds like the Linux is still the least worst? There is at least possibility of having secure and quite independent machine. The question is not about distro, it's who does the support and how it's all put together. There are big vendors who sell linux to enterprises that for sure have to be highly secure.
[dead]
I think that SUSE and RH can definitely work well in a fairly secure setting as needed. I certainly don't think it's any less secure than your typical corporate windows setup.
> I do not think I want my public sector running GNU/Linux desktops. There is no distro that meets the security requirements.
Windows being a buggy spyware wouldn't
If actors in the EU are serious (I have my doubts, as so far I see nothing more than riding recent anti-Trump sentiment in a hope to win popularity contest) they cannot rely on volunteer effort and gluing bunch of unrelated FOSS projects.
It is not enough to fund a new distro. EU needs its own OS (may be based on Linux, sure) and it needs to fully control it. Otherwise it will end up like most other FOSS projects, full of personal drama and technical bike-shedding.
> And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
This is the big thing.
Even as a massive nerd, I keep trying various distros and going "meh" and right back to MacOS.
You do realize there is basically zero demand for a Linux desktop by "normal"/"average" users, right?
This is a conversation that has been going on for 20+ years and the OSS community hasn't managed to get that in their heads
I have simply given up
Me too, which is why I mostly use Windows as main OS laptop OS since Windows 7[0], however with current geopolitics, eventually we might have to really chose something else, even if the ergonomics aren't there.
[0] - You will find emails from me with M$ like signatures during the 1990s, in whatever archives
There is definitely a lot of this happening, e.g. this is a 'collaboration suite for civil servants' that's basically a collection of existing open source projects
I'm guessing from my own use of NextCloud, Matrix etc that this will simply be deemed not good enough compared to Google Workspace or Microsoft WhateverItsCalledNow as these things are pretty rough around the edges in my experience, but this looks like a good step in the right direction to me
All laudable efforts, but I'd love for my Dutch govt to actually use these broadly. With the support behind it to file down those rough edges for the benefit of all.
It looks much more polished than a lot of the existing open source tooling, they've been building a lot of stuff in-house and really been paying attention to UX (which imo is the biggest problem with a lot of existing FOSS solutions).
I have high hopes this'll become a viable solution going forward, maybe even for non-gov users.
A challenge they forgot to mention is EU‘s very own new Product Lianility Directive.
Although the Directive exempts free and open-source software (OSS) from strict product liability, it does so only if the software is developed or provided outside the course of a commercial activity.
As soon as a company integrates OSS into its own commercial product or uses it for economic purposes, the company becomes liable for any potential defects in the open-source component.
Looks Like fun for freelancers and companies who get Clients thanks to their Open Source projects, for example.
Company sells product for profit - they are liable for the product and all its subcomponents - there is nothing unfair about this - it doesn't matter if you found the components in a hole in the ground or on github - if you are selling a product based off it, you are liable.
For freelancers / oss companies - you can still sell services such as consulting or support - without selling your oss project - then its a service - not a product.
Does this mean that you think a company should not be held liable for defects caused in a product they ship, if the defect is caused by an open source component?
Why not?
Because it puts them to massive disadvantage compared to the rest of the world. It will exclude massive amount of potential competition and leave only big players. The official estimates for compliance per product from their own impact assessment report was €500k per product. I have read that stuff and belive it's accurate estimate.
Market is unhealthy as it is. This is making it far worse.
Empty words. Without changes to anti-circumvention laws, safe harbor commitments for security researchers and serious funding for foss projects nothing is going to change.
> serious funding for foss projects
this is a sure way for grifters to make a boatload of money by lobbying for various projects to be funded.
I have so many mixed feelings about it. I mean there OSS software already, nobody prevents its use. It would have been better to just give OSS grants to SMEs who use OSS that originates in EU. But this is internet we are talking about, if I have an OSS repo and it contains contributions from Chinese or US citizens, is it still EU OSS? The core underlying issue is that nobody is incentivised to use EU “only”, if that changes the you will see the results. It does not even talk about devs like me who create such software.
[flagged]
is any money going into it, or are they just "supporting"?
There is money but it's all vague and hard to get and usually with tax breaks instead of just money. I would opensource everything we built, but I have to eat something so it'll be when I die and/or the company is sold and/or we earned enough to make everyone eat during their life (with some reasonable amounts that assume hyper inflation won't happen) (it is contractually arranged). Many EU gov institutions use our software and would LOVE for us to open source it - they would immediately stop paying.
[deleted]
[flagged]
[flagged]
Virtue signaling
As far as I know EU is a full slave of Big Tech and does not have the intent to actually break free (it is going to hurt, the more you get into Big Tech, the more it will hurt to break free).
First thing first, restore web sites in a solid security network infrastructure. Namely, noscript/basic HTML.
I think unless they have some alternative to Github (Codeberg yes) but with comparable number of repo's this strategy does not yet look very encouraging. Difference between number of open repos is huge, about 100 times
Just a reminder that "Made in America" Truth Social is an EU funded Open Source project.
Is it?
Its built on Mastodon, but truth social itself is not funded by the EU
Always the same broken pattern of the EU: throwing shitload of money to the big actors of a field without really a coherent strategy or a real control of how the funds are used.
Like that, a few companies are specialized in sucking public funds and delivering nothing. Or just the minimum to say that they did something.
Again here, no money will be directed to the thousands of core and essential OSS projects that are maintained by individuals without a corporate backing. Or to the individual contributors that are the key to these stacks.
Instead, the only one that will be able to get money, legally per EU policy, will be consortium of suckers and eventually nice but useless researchers in University...
> Like that, a few companies are specialized in sucking public funds and delivering nothing. Or just the minimum to say that they did something.
Agreed. Fraunhofer institute in Germany is a prime example.
The pattern is not broken, it works as designed. This is mostly a money-pump from government(s) to private interests, mostly sitting in large IT houses.
> Like that, a few companies are specialized in sucking public funds and delivering nothing.
Not just public, private funds as well. Typical EU, I call that helicopter regulating: you see a problem, throw a regulation at it, then close you eyes.
GDPR pop-ups are the most obvious example, but there are so many more.
For instance, now apparently companies can opt to send payslips digitally instead of physically (paper). Of course, some smart ass nitpicked that employees could loose or change their mail address, so the company is now forced to store digitally delivered payslips in some kind of European-hosted vault for 10 years. And since no sane company want to be liable for that, we now have a wonderful ecosystem of trash "payslip digital vaults" startups, which companies use to proxy-send employee payslips.
So in essence, my company is now sending my payslips (with name, address, contact details, compensation breakdown, etc) to a stupid start-up with egregious ToS, just because "send it by mail and let the employee back it up" was too simple. Thanks !!!
They didn't even bother removing the typical AI slop from the text, lol
To people confused or wondering why it's too little, too late, too incompetent, etc.:
The EU makes a lot more sense when you understand it's a neoliberal institution. Just giving people money to work on open source directly would violate state aid/market disruption rules, they aren't allowed to do that because that could negatively impact the profit of some shareholder somewhere. Member states that want to do that even have to ask permission from the commission if they want to give aid to companies [1].
Everything is like that with the EU, they aren't like China that can just put money whereever to develop or fix strategically, rather the EU can't do anything strategically, or fix anything. It's by design they aren't incompetent, that is what market liberalism is. It's core to what they mean when they say "European values".
EU politicians are bought or compromised as they keep buying American BigTech. You can't be THAT stupid, sorry.
State monopoly on violence not holding up their end of the bargain - protection from corporate warlords, mafia formations, parasitised infra / networks / orgs. If all legislatively captured or made client in initial conditions, counter strategies need to be parallelised, and quietly. Think Microsoft on bath salts, and fevered dreams of an annihilation and renewal, toward pillaging and killing, benevolently, in totalising systems of surveillance, God-like and as "natural" aristocracy, all curled flesh and bone and sinew, the monstrosities and cyborg-aberrations of declining empires, searching and seeking and grasping for the next.
Will EU mandated backdoors be open source too?
> When it describes how the groundwork might be laid for mandating encryption backdoors, the EU chooses to use euphemisms such as creating roadmaps for “lawful and effective access to data for law enforcement” and seeking “technological solutions for accessing encrypted data.”
I wish there was somewhere I could earnestly and intelligently have discussions about EU related tech and tech policy, but HN isn't it. As you can see already in this thread, there's 14 comments besides mine and they are 100% negative, and about 95% low effort/reactionary.
Of course there's a lot to criticize and also to appreciate about the EU. But this is supposed to be a forum for intelligent, thoughtful discussion and yet as soon as the EU gets mentioned it basically turns into reddit.
We can discuss lots about EU. But does it make any sense here… EU is for regulations only. Which sometimes make sense (phone costs while traveling), but mostly not (CRA, planed prescription of electric vehicle quotas for business, planed yearly “old” car inspections, bottle caps attached to bottles, clothing waste regulation). EU has no military power and is obviously crippled defending the interests of member states. There is also commonly known secret, that many countries have tons of organizations to acquire EU money for useless programs and projects. There is no secret, that EU fantasies are steered by gazillion lobbying groups while the country representatives are not the brightest ones. Rather the ones seeking exorbitant untaxed EU salaries. I wouldn’t say that in current form EU is something special or especially useful.
So instead of adressing the article and provide the potential base for a intelligent debate, you decided to raise the bar by lamenting?
My impression in general is that there is rather a very EU friendly view here on HN in general, but HN is critical of everything.
So I also say, lot's of nice words, great that they at least start so late with that now, but more concrete steps would be more welcome.
"Making public administrations anchor users and contributors to open source, through procurement guidance, open-source friendly tendering, strengthening the Open Source Programme Office and its networks, reusable public digital assets and by embedding openness and sovereignty in digital investment decisions"
Because this for example sounds great. But is it very concrete? It sounds like it, but I don't see how it is.
True but it also reflects that the EU has indeed destroyed most goodwill towards it in the last decade regarding most things digital.
Most EU initiatives have damaged everyday UX on the web and in tech. Yes, some malicious compliance has played a role by over-reacting to well-intended regulations. But overall the EU has brought this upon itself.
This specific Open Source Strategy memo is typical. It's in fact not a strategy but a list of key goals and requirements, put together in technocratic jargon. It will have zero effect on the actual open source ecosystem.
> Most EU initiatives have damaged everyday UX on the web and in tech.
Are you really trying to suggest that GDPR and PECR are bad pieces of legislation because businesses have decided that they’d prefer to give you a bad UX?
" True but it also reflects that the EU has indeed destroyed most goodwill towards it in the last decade regarding most things digital. " And these criticism destroys any goodwill from me. These are non topics my among political diverse friends. Most people criticise the EU internet regulations are American cry babys. Their arguments are shallow, their knowledge about EU is low.
I guess the hate is because the EU also invented the following monstrosities:
- CRA (cyber resiliency act): Manufacturers must handle and release security patches for vulnerabilities, and developers are required to report actively on exploited vulnerabilities and breaches.
- PLD (Product Liability Directive): A failure to provide critical security updates or the presence of exploitable vulnerabilities can now legally constitute a "defect" and if defective software causes physical harm or property damage, manufacturers are strictly liable and cannot contractually exclude or limit this liability.
And the kicker is this: Non-commercial open-source software is generally exempt from these commercial liability frameworks. However, if an open-source component is integrated into a commercial, for-profit product, the responsibility shifts to the corporate manufacturer.
So good luck making some money of your open source project where the risk outweighs any potential profit, or integrate an open source project into your commercial offering.
IIRC Microsoft has a no liability clause in its licenses. How did they react to this?
All of this makes perfect sense
That's because American BigTech Bros are afraid of the below and will take every opportunity to diss on it.
"Support uptake of open source alternatives to proprietary solutions together with Member States and the Digital Commons EDIC — cloud, workplace tools, secure e-mail, decentralised social media."
It's not only HN. You can see big tech media hate against any effort europe does. Everybody is mocking europe for building 10 years old chip fabs or their measly small unusable clouds or bad startup scene.
It's interesting because not that long ago nobody cared about what europe did in tech. Or more like everybody was fine with the fact that europe imported computers and exported something else. It was like that forever. I am not sure where this is coming from. It almost seems like even these weak efforts might mess up with somebodys business.
It’s even more interesting because a big supply chain problem during Covid were related to old chips used in tons of mechanical engineering products, like cars. Given that experience you could argue that the old fabs are much better value for money for resiliency.
Don't forget to say Russia is behind it.
The thing is that Europe needs to really decouple as much as possible from crazy dictatorships such as Russia or the USA. US companies are part of that toolbox of containment that the USA is presently doing against Europeans.
Sooner or later Europe will wake up. Right now we still have too many lobbyists but this will change - at the latest when key lobbyists are put in jail for many decades. Sadly this also means the current EU commission has to go to jail too.
Unfortunately, even figures such as the leaders of the United States or Russia — or their associates — won’t end up behind bars either.
Mastodon works fairly well for that I think.
Is there a specific instance that you believe would be most suited to discover like-minded individuals on this particular subject?
https://fosstodon.org seems like a good fit but is invite-only
> Of course there's a lot to criticize and also to appreciate about the EU. But this is supposed to be a forum for intelligent, thoughtful discussion and yet as soon as the EU gets mentioned it basically turns into reddit.
You dislike criticism? I find criticism an important part of discourse and discussion. HN is very clearly not anything like reddit - just the insane amount of censorship on reddit alone, is already one argument against that claim. Many more could be given. I have been using reddit in the past for many years, so I know how reddit changed. Not that everything is perfect on hackernews; I dislike the "you are posting too much" limitation, for instance. But we don't have over-eager censor-mods here whereas that was locking down numerous interesting discussions on reddit.
With regards to the EU situation: the EU is in a very strange situation. On the one hand it is doing good things; this then gets cancelled by the EU commission acting as a pure lobbyist group, as well as a huge army of bureaucrats who want more and more money and dream about assimilating more and more countries, which makes zero sense. Whether the EU will succeed with regards to their open source strategy or not, who knows. What I do know is that individual countries, such as France or the Netherlands, are quite intelligent when it comes to good decisions (Germany is absolutely undermined by lobbyists, so it is totally paralysed here); I am not convinced the EU is in a similar situation. It would have to be reformed, but people in Brussels don't want to see their job axxed away, so nothing will improve here.
My recommendation is that if you are unhappy, go and talk about it - but don't expect others to turn to your assumptions about how a discussion should happen when it comes to the EU, because they may not share your opinion here.
> You dislike criticism
No, I love criticism, as long as it's balanced and thoughtful, and invites discussion rather than being knee-jerk reactionary. Please read my comment more carefully.
> No, I love criticism, as long as it's balanced and thoughtful, and invites discussion
You forgot to add "and it matches my worldview of things". Knee-jerk criticism is very fine, like "Microsoft sucks" anytime someone mentions Microsoft. You can just ignore it and move on.
[dead]
The only good thing EU ever did in the last 25 years was GDPR in 2016. It has been slowly eroding everything else.
The DMA is a great initiative for more market competition.
It is not. It is a law to help loser companies benefit from the R&D spend of others. Like message "interoperability" between platforms. Instead of letting the best product win by consumer choice, they're forcing every messaging product to become mediocre. And the list could go on.
Great, now I can install an app on iOS without having Apple's approval or cut, right? No, you cannot. You still report and pay fees to Apple. This is the general trend: EU regulates something it doesn't understand and the result is a mess that companies need to deal with.
https://www.macrumors.com/2025/06/26/app-store-eu-rule-chang...
All great, but I would love EU and (national, local, ...) governments in the EU simply use the open source stuff already available.
Often there is an 'you must open source, unless you explain why not' and then there is some faff about why they really need to be buying more stuff from Microsoft (which is more and more cloud stuff and thus under the CLOUD act etc.)
Time to get rid of the 'unless' bit.
Although I usually come up negative on my The Year of Linux Desktop comments, that would already be a starting point.
Unless EU citzens are able to easily walk into FNAC, Vobis, Cool Blue, MediaMarket, Carrefour, Publico,.... and come out with a laptop or desktop with e.g. SuSE Linux already set up, this will always be a niche thing from nerds assembling their own PCs, or finding their ways into Tuxedo and co.
And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
I do not think I want my public sector running GNU/Linux desktops. There is no distro that meets the security requirements.
I don't know if Windows is better, I have heard rumours that it's pretty bad.
I know MacOS is MUCH better from a security PoV but I definitely don't want my public sector shelling out to Apple and I don't think it meets the boring IT management requirements anyway (I think big tech has a lot of crazy workarounds to make their MacBook fleets workable).
So yeah overall no good options here. I would love to see the EU fund development of a better distro for this usecase, but doubt it's the highest ROI thing you can do in this space.
I don’t get your comment. They can make a distro secure enough for government use. It’s not like it’s alien technology only the US have, that you need to buy Apple or Microsoft.
It would certainly be the highest ROI to have a local, open system built (by funding) local enterprises. Who knows, maybe a slice of the private sector might adopt it instead of sending money overseas.
It's not alien tech but it's a basic fact that only the US has it right now.
Yes we could build a serious distro with a massive investment to get Flatpak, systemd, bootc, up to scratch, set up OSS endpoint management software, set up a safe package supply chain, etc. And yes I would love to see it. But I think in the short term the money would be better spent replacing crap like Outlook and OneDrive than Windows. Note this doesn't require building much software it's about figuring out how to run infrastructure in a way that's friendly to the bizarre world of public sector organisations.
Maybe Dunning-Kruger but the latter just seem like much easier problems to solve.
Also totally pointless until we have an OSS web browser that the whole sector can adopt (maybe we already do, but any funding gaps for Firefox should still be addressed before we build our own EuroOS). No point in having a wonderful sovereign OS that just serves as a bootloader for Chrome.
In what aspect does GNU/Linux not meet EU sovereignty security requirement, but two American companies do?
Other than the elephant in the room that most FOSS projects are anyway sponsored by US companies, that is.
Sovereignty yes it's obviously better.
I am just talking about the pure tech fact that GNU/Linux desktops do not have any meaningful intra-host security boundaries.
Is this a worthwhile tradeoff against being tied to US tech? Yeah maybe, like I said there are no good options here, and Linux might be the least bad.
Sounds like the Linux is still the least worst? There is at least possibility of having secure and quite independent machine. The question is not about distro, it's who does the support and how it's all put together. There are big vendors who sell linux to enterprises that for sure have to be highly secure.
[dead]
I think that SUSE and RH can definitely work well in a fairly secure setting as needed. I certainly don't think it's any less secure than your typical corporate windows setup.
> I do not think I want my public sector running GNU/Linux desktops. There is no distro that meets the security requirements.
Windows being a buggy spyware wouldn't
If actors in the EU are serious (I have my doubts, as so far I see nothing more than riding recent anti-Trump sentiment in a hope to win popularity contest) they cannot rely on volunteer effort and gluing bunch of unrelated FOSS projects.
It is not enough to fund a new distro. EU needs its own OS (may be based on Linux, sure) and it needs to fully control it. Otherwise it will end up like most other FOSS projects, full of personal drama and technical bike-shedding.
> And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
This is the big thing.
Even as a massive nerd, I keep trying various distros and going "meh" and right back to MacOS.
You do realize there is basically zero demand for a Linux desktop by "normal"/"average" users, right?
This is a conversation that has been going on for 20+ years and the OSS community hasn't managed to get that in their heads
I have simply given up
Me too, which is why I mostly use Windows as main OS laptop OS since Windows 7[0], however with current geopolitics, eventually we might have to really chose something else, even if the ergonomics aren't there.
[0] - You will find emails from me with M$ like signatures during the 1990s, in whatever archives
There is definitely a lot of this happening, e.g. this is a 'collaboration suite for civil servants' that's basically a collection of existing open source projects
https://github.com/MinBZK/mijn-bureau-infra/
They show all the components they use here https://minbzk.github.io/mijn-bureau-infra/docs/category/com... and have set up guides for departments to operate it all on Kubernetes
I'm guessing from my own use of NextCloud, Matrix etc that this will simply be deemed not good enough compared to Google Workspace or Microsoft WhateverItsCalledNow as these things are pretty rough around the edges in my experience, but this looks like a good step in the right direction to me
All laudable efforts, but I'd love for my Dutch govt to actually use these broadly. With the support behind it to file down those rough edges for the benefit of all.
I like the thing the French have been cooking up, La Suite Numerique: https://github.com/suitenumerique#%E2%84%B9%EF%B8%8F-about-l...
It looks much more polished than a lot of the existing open source tooling, they've been building a lot of stuff in-house and really been paying attention to UX (which imo is the biggest problem with a lot of existing FOSS solutions).
I have high hopes this'll become a viable solution going forward, maybe even for non-gov users.
A challenge they forgot to mention is EU‘s very own new Product Lianility Directive.
Although the Directive exempts free and open-source software (OSS) from strict product liability, it does so only if the software is developed or provided outside the course of a commercial activity.
As soon as a company integrates OSS into its own commercial product or uses it for economic purposes, the company becomes liable for any potential defects in the open-source component.
Looks Like fun for freelancers and companies who get Clients thanks to their Open Source projects, for example.
Company sells product for profit - they are liable for the product and all its subcomponents - there is nothing unfair about this - it doesn't matter if you found the components in a hole in the ground or on github - if you are selling a product based off it, you are liable.
For freelancers / oss companies - you can still sell services such as consulting or support - without selling your oss project - then its a service - not a product.
Does this mean that you think a company should not be held liable for defects caused in a product they ship, if the defect is caused by an open source component?
Why not?
Because it puts them to massive disadvantage compared to the rest of the world. It will exclude massive amount of potential competition and leave only big players. The official estimates for compliance per product from their own impact assessment report was €500k per product. I have read that stuff and belive it's accurate estimate.
Market is unhealthy as it is. This is making it far worse.
Empty words. Without changes to anti-circumvention laws, safe harbor commitments for security researchers and serious funding for foss projects nothing is going to change.
> serious funding for foss projects
this is a sure way for grifters to make a boatload of money by lobbying for various projects to be funded.
I have so many mixed feelings about it. I mean there OSS software already, nobody prevents its use. It would have been better to just give OSS grants to SMEs who use OSS that originates in EU. But this is internet we are talking about, if I have an OSS repo and it contains contributions from Chinese or US citizens, is it still EU OSS? The core underlying issue is that nobody is incentivised to use EU “only”, if that changes the you will see the results. It does not even talk about devs like me who create such software.
[flagged]
is any money going into it, or are they just "supporting"?
There is money but it's all vague and hard to get and usually with tax breaks instead of just money. I would opensource everything we built, but I have to eat something so it'll be when I die and/or the company is sold and/or we earned enough to make everyone eat during their life (with some reasonable amounts that assume hyper inflation won't happen) (it is contractually arranged). Many EU gov institutions use our software and would LOVE for us to open source it - they would immediately stop paying.
[flagged]
[flagged]
Virtue signaling
As far as I know EU is a full slave of Big Tech and does not have the intent to actually break free (it is going to hurt, the more you get into Big Tech, the more it will hurt to break free).
First thing first, restore web sites in a solid security network infrastructure. Namely, noscript/basic HTML.
I think unless they have some alternative to Github (Codeberg yes) but with comparable number of repo's this strategy does not yet look very encouraging. Difference between number of open repos is huge, about 100 times
Just a reminder that "Made in America" Truth Social is an EU funded Open Source project.
Is it?
Its built on Mastodon, but truth social itself is not funded by the EU
Always the same broken pattern of the EU: throwing shitload of money to the big actors of a field without really a coherent strategy or a real control of how the funds are used.
Like that, a few companies are specialized in sucking public funds and delivering nothing. Or just the minimum to say that they did something.
Again here, no money will be directed to the thousands of core and essential OSS projects that are maintained by individuals without a corporate backing. Or to the individual contributors that are the key to these stacks.
Instead, the only one that will be able to get money, legally per EU policy, will be consortium of suckers and eventually nice but useless researchers in University...
One counter example: https://nextgraph.org/elfa-consortium-encrypted-local-first-... (eg.. https://www.ironcalc.com/)
> Like that, a few companies are specialized in sucking public funds and delivering nothing. Or just the minimum to say that they did something.
Agreed. Fraunhofer institute in Germany is a prime example.
The pattern is not broken, it works as designed. This is mostly a money-pump from government(s) to private interests, mostly sitting in large IT houses.
> Like that, a few companies are specialized in sucking public funds and delivering nothing.
Not just public, private funds as well. Typical EU, I call that helicopter regulating: you see a problem, throw a regulation at it, then close you eyes.
GDPR pop-ups are the most obvious example, but there are so many more.
For instance, now apparently companies can opt to send payslips digitally instead of physically (paper). Of course, some smart ass nitpicked that employees could loose or change their mail address, so the company is now forced to store digitally delivered payslips in some kind of European-hosted vault for 10 years. And since no sane company want to be liable for that, we now have a wonderful ecosystem of trash "payslip digital vaults" startups, which companies use to proxy-send employee payslips.
So in essence, my company is now sending my payslips (with name, address, contact details, compensation breakdown, etc) to a stupid start-up with egregious ToS, just because "send it by mail and let the employee back it up" was too simple. Thanks !!!
They didn't even bother removing the typical AI slop from the text, lol
To people confused or wondering why it's too little, too late, too incompetent, etc.:
The EU makes a lot more sense when you understand it's a neoliberal institution. Just giving people money to work on open source directly would violate state aid/market disruption rules, they aren't allowed to do that because that could negatively impact the profit of some shareholder somewhere. Member states that want to do that even have to ask permission from the commission if they want to give aid to companies [1].
Everything is like that with the EU, they aren't like China that can just put money whereever to develop or fix strategically, rather the EU can't do anything strategically, or fix anything. It's by design they aren't incompetent, that is what market liberalism is. It's core to what they mean when they say "European values".
[1] https://competition-policy.ec.europa.eu/state-aid/overview_e...
[dead]
EU politicians are bought or compromised as they keep buying American BigTech. You can't be THAT stupid, sorry.
State monopoly on violence not holding up their end of the bargain - protection from corporate warlords, mafia formations, parasitised infra / networks / orgs. If all legislatively captured or made client in initial conditions, counter strategies need to be parallelised, and quietly. Think Microsoft on bath salts, and fevered dreams of an annihilation and renewal, toward pillaging and killing, benevolently, in totalising systems of surveillance, God-like and as "natural" aristocracy, all curled flesh and bone and sinew, the monstrosities and cyborg-aberrations of declining empires, searching and seeking and grasping for the next.
Will EU mandated backdoors be open source too?
> When it describes how the groundwork might be laid for mandating encryption backdoors, the EU chooses to use euphemisms such as creating roadmaps for “lawful and effective access to data for law enforcement” and seeking “technological solutions for accessing encrypted data.”
https://reclaimthenet.org/eu-protecteu-strategy-encryption-b...
> European Commission pushes for encryption ‘backdoors’
https://brusselssignal.eu/2025/04/european-commission-pushes...