Rendered at 23:14:57 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
esperent 12 hours ago [-]
I wish there was somewhere I could earnestly and intelligently have discussions about EU related tech and tech policy, but HN isn't it. As you can see already in this thread, there's 14 comments besides mine and they are 100% negative, and about 95% low effort/reactionary.
Of course there's a lot to criticize and also to appreciate about the EU. But this is supposed to be a forum for intelligent, thoughtful discussion and yet as soon as the EU gets mentioned it basically turns into reddit.
Tharre 11 hours ago [-]
What points could we even discuss? It's all terribly vague and I imagine nobody here can even tell how that supposed 'strategy' is different from the one 5 years ago. And half of the things mentioned there, like the EUDI Wallet or age verification have been heavily criticised for good reasons.
If the headline was "EU invests 100B into open source to further independence from US", I imagine things would be different. But right now it's "we have intentions to have plans about tech and open source in the EU sometime in the future".
throwaway67678 6 hours ago [-]
A huge chunk of HN is 20-something kids who are way too online and parrot in earnest Polandball-style memes like "Germany doesn't have freedom of speech" or "France has too much regulation". They are fine to discuss tech with but I wouldn't take their opinions on politics or culture seriously
pi-err 11 hours ago [-]
True but it also reflects that the EU has indeed destroyed most goodwill towards it in the last decade regarding most things digital.
Most EU initiatives have damaged everyday UX on the web and in tech. Yes, some malicious compliance has played a role by over-reacting to well-intended regulations. But overall the EU has brought this upon itself.
This specific Open Source Strategy memo is typical. It's in fact not a strategy but a list of key goals and requirements, put together in technocratic jargon. It will have zero effect on the actual open source ecosystem.
blitzar 10 hours ago [-]
> True but it also reflects that the EU has indeed destroyed most goodwill towards it
Or you have been brainwashed by the billions spent annually to make you believe stories about bendy bananas and occult initiation ceremonies as a condition of being a member.
samrus 10 hours ago [-]
> True but it also reflects that the EU has indeed destroyed most goodwill towards it in the last decade regarding most things digital.
Not for me, my opinion of things like GDPR and forcing usbc on phones gives me the impression that the EU is holding corporations accountable and looking out for normal people.
Its been mentioned before but i feel like while alot of negative views might be organic, alot are also the result of tech companies' smear campaigns against the EU
iamacyborg 11 hours ago [-]
> Most EU initiatives have damaged everyday UX on the web and in tech.
Are you really trying to suggest that GDPR and PECR are bad pieces of legislation because businesses have decided that they’d prefer to give you a bad UX?
gib444 11 hours ago [-]
Right. It’s the loopholes that make them bad
iamacyborg 11 hours ago [-]
What loopholes?
tcfhgj 10 hours ago [-]
- digital services act mandates interoperability in chat, but apparently companies can put require obnoxious terms for interoperating parties such as sharing their users IP addresses - which service is going to agree to that if a very large portion of the alternatives target people not wanting to share data with Facebook?
- pay "ridiculous price" or accept ads & tracking instead of allowing to disable tracking
iamacyborg 9 hours ago [-]
NOYB have raised a complaint on the second one for a publisher in the Nordics.
Cool? So one down, how many to go? Why don't they get the same level of scrutiny as, say, Facebook?
em-bee 10 hours ago [-]
i haven't heard about the first one yet. i totally believe it, but do we have an actual example of facebooks demands? are they documented somewhere?
the second one i experience daily and it's driving me nuts. i am sure it is actually illegal, but i have yet to find an explanation on why it should be allowed or a convincing legal argument in why it actually violates the rules. something that i could send to violators.
red_admiral 10 hours ago [-]
The "legitimate purposes" pre-ticked hidden box on some cookie dialogs, for one.
iamacyborg 10 hours ago [-]
AFAIK, those are not legally compliant.
11 hours ago [-]
sam_lowry_ 11 hours ago [-]
I think you never tied to read the GDPR [1]. It's awfully vague and the reason businesses went on with the bad UX is because it required interpretation, and the little meaning there was in the beginning was completely lost in translation.
I read it in full years ago and found it quite clear. Which parts did you find to be vague?
dash2 6 hours ago [-]
Look if everyone agrees the outcome of the law has been incredibly annoying, then that is ultimately down to the law and/or its enforcement. The point of the law is to provide incentives to self-interested actors for good behaviour. I see a lot of complacency in these threads, combined with a lot of frankly absurd posturing, like if anybody is against the GDPR, they must’ve been brainwashed by Elon Musk. No! People dislike it because they dislike its practical effects, and frankly the EU should take responsibility for that and try to fix it.
iamacyborg 6 hours ago [-]
> People dislike it because they dislike its practical effects, and frankly the EU should take responsibility for that and try to fix it.
What’s to fix?
A business needs a legitimate reason to process personal data, people need to be sufficiently informed about how their data will be processed. These are not impossible obstacles. Anyone who claims otherwise is acting in bad faith because they know that people would not agree to what the business wants to do with their data.
burnerthrow008 1 hours ago [-]
> What’s to fix?
Is this not your own comment, from just a few hours ago, visible on the same viewport as this one?
Why is it that so many years later, so many companies are still not compliant? That seems like a major problem to fix.
You are replying to a comment complaining about the annoyance for users that the law has created. When will that be fixed?
Why is it that all of the enforcement effort been so unevenly directed specifically at non-European companies?
This subthread started with the statement "True but it also reflects that the EU has indeed destroyed most goodwill towards it in the last decade regarding most things digital."
I think maybe you don't understand that the level of goodwill destroyed really is on par with the level of goodwill towards American that Trump has destroyed. Yes, it is really that bad. Yes, it is something that needs to be fixed.
iamacyborg 57 minutes ago [-]
> Why is it that all of the enforcement effort been so unevenly directed specifically at non-European companies?
Do you have any evidence of that?
> You are replying to a comment complaining about the annoyance for users that the law has created. When will that be fixed?
The law isn’t about fixing an annoyance to users. If you’re annoyed by bad UX, tell your boss to cut that shit out because they’re probably part of the problem too.
What I struggle to understand is you’d rather have your privacy right absolutely derailed just so you have a couple things less to click. Wild.
snowpid 11 hours ago [-]
" True but it also reflects that the EU has indeed destroyed most goodwill towards it in the last decade regarding most things digital. "
And these criticism destroys any goodwill from me. These are non topics my among political diverse friends.
Most people criticise the EU internet regulations are American cry babys. Their arguments are shallow, their knowledge about EU is low.
dash2 11 hours ago [-]
If your friends have never said “man I hate these cookie popups”, they sound like a highly selected group.
whilenot-dev 11 hours ago [-]
Don't be silly, the legislation doesn't state that websites have to show cookie popups. It's rather where the term malicious compliance enters the picture, a compliance incentivized by the financial interests of the biggest advertising businesses the world has ever seen.
M95D 10 hours ago [-]
^ That, and lazy devs who prefer to add a one-line cookie banner js, than review if they need or even use tracking cookies.
enedil 10 hours ago [-]
To be fair, I don't remember people complaining about cookies. The question is fairly simple, etc. Meanwhile ads? They try to steal the attention. So yeah, lots of friends complain about internet ads, not so many about cookies. I'm EU based.
snowpid 3 hours ago [-]
My friends / co worker are computer and non computer people, hobbys, cultural background. Maybe your friend group is highly selected. Which country are you from?
mrdevlar 10 hours ago [-]
Honestly, as a European, I am okay with this.
I want the US tech community to continue thinking of us as some sort of technological backwater. Ridiculing and deriding us, so they never see as any place where they are welcome. Since given the last ten years, they pretty much aren't. There's basically little to nothing that US tech services have to offer Europe.
8 hours ago [-]
zoul 12 hours ago [-]
Mastodon works fairly well for that I think.
teroshan 11 hours ago [-]
Is there a specific instance that you believe would be most suited to discover like-minded individuals on this particular subject?
Any instance will work I think, just start following someone like https://eupolicy.social/@bert_hubert and you should discover relevant people and hashtags soon enough.
throw-the-towel 7 hours ago [-]
Even on HN we're still human, and have the same human weaknesses and failure modes.
omnimus 12 hours ago [-]
It's not only HN. You can see big tech media hate against any effort europe does. Everybody is mocking europe for building 10 years old chip fabs or their measly small unusable clouds or bad startup scene.
It's interesting because not that long ago nobody cared about what europe did in tech. Or more like everybody was fine with the fact that europe imported computers and exported something else. It was like that forever. I am not sure where this is coming from. It almost seems like even these weak efforts might mess up with somebodys business.
earthnail 12 hours ago [-]
It’s even more interesting because a big supply chain problem during Covid were related to old chips used in tons of mechanical engineering products, like cars. Given that experience you could argue that the old fabs are much better value for money for resiliency.
sunshine-o 11 hours ago [-]
Asianometry just released a video about this:
The EU Chips Act is a Failure [0]
Definitely the most cynical video he ever released.
Is cynical? I see lot of mocking in the comments but the video is basically saying to focus on the uncool older stable stuff and use that for stability. The very not recommended path there is to jump on hype of AI chips and fund some random Mistral AI chips.
PurpleRamen 9 hours ago [-]
There is a type of videos, where people mock US-citizens for their ignorance about the rest of the world and how things are working there. Those mocking EU for their efforts, usually have that same smell.
nickslaughter02 11 hours ago [-]
Don't forget to say Russia is behind it.
esperent 10 hours ago [-]
I didn't say that because I don't think it. Honestly, I expect it's mostly Americans plus a couple of self deprecating Europeans making these comments.
shevy-java 12 hours ago [-]
The thing is that Europe needs to really decouple as much as possible from crazy dictatorships such as Russia or the USA. US companies are part of that toolbox of containment that the USA is presently doing against Europeans.
Sooner or later Europe will wake up. Right now we still have too many lobbyists but this will change - at the latest when key lobbyists are put in jail for many decades. Sadly this also means the current EU commission has to go to jail too.
scihuber 11 hours ago [-]
Unfortunately, even figures such as the leaders of the United States or Russia — or their associates — won’t end up behind bars either.
ExoticPearTree 11 hours ago [-]
I guess the hate is because the EU also invented the following monstrosities:
- CRA (cyber resiliency act): Manufacturers must handle and release security patches for vulnerabilities, and developers are required to report actively on exploited vulnerabilities and breaches.
- PLD (Product Liability Directive): A failure to provide critical security updates or the presence of exploitable vulnerabilities can now legally constitute a "defect" and if defective software causes physical harm or property damage, manufacturers are strictly liable and cannot contractually exclude or limit this liability.
And the kicker is this: Non-commercial open-source software is generally exempt from these commercial liability frameworks. However, if an open-source component is integrated into a commercial, for-profit product, the responsibility shifts to the corporate manufacturer.
So good luck making some money of your open source project where the risk outweighs any potential profit, or integrate an open source project into your commercial offering.
earthnail 11 hours ago [-]
Sounds like plausible clauses to me? Please explain why they are so toxic. What cases are there where these clauses present an unfair threat or disadvantage to a business?
In case it is unclear from my tone, I am genuinely curious.
Kinrany 11 hours ago [-]
All of this makes perfect sense
sam_lowry_ 11 hours ago [-]
There was so much more they could do... like 25 years before requiring detachable batteries, they should have required selling the OS separately.
mjanx123 11 hours ago [-]
IIRC Microsoft has a no liability clause in its licenses. How did they react to this?
snowpid 11 hours ago [-]
?
Usually the clauses arent valid from the contracts and you can sue Microsoft on court. What did you expect?
regexorcist 6 hours ago [-]
What is your point again? All of the above sounds perfectly fine to me.
PurpleRamen 9 hours ago [-]
HN is full of people which EU is fighting against, so of course is there little chance to find sane discussions here. You could try some european subreddits, or local tech-sites from Europe, there is usually a better chance to find people who benefit from EU-regulations and have a more rational view on them.
shevy-java 12 hours ago [-]
> Of course there's a lot to criticize and also to appreciate about the EU. But this is supposed to be a forum for intelligent, thoughtful discussion and yet as soon as the EU gets mentioned it basically turns into reddit.
You dislike criticism? I find criticism an important part of discourse and discussion. HN is very clearly not anything like reddit - just the insane amount of censorship on reddit alone, is already one argument against that claim. Many more could be given. I have been using reddit in the past for many years, so I know how reddit changed. Not that everything is perfect on hackernews; I dislike the "you are posting too much" limitation, for instance. But we don't have over-eager censor-mods here whereas that was locking down numerous interesting discussions on reddit.
With regards to the EU situation: the EU is in a very strange situation. On the one hand it is doing good things; this then gets cancelled by the EU commission acting as a pure lobbyist group, as well as a huge army of bureaucrats who want more and more money and dream about assimilating more and more countries, which makes zero sense. Whether the EU will succeed with regards to their open source strategy or not, who knows. What I do know is that individual countries, such as France or the Netherlands, are quite intelligent when it comes to good decisions (Germany is absolutely undermined by lobbyists, so it is totally paralysed here); I am not convinced the EU is in a similar situation. It would have to be reformed, but people in Brussels don't want to see their job axxed away, so nothing will improve here.
My recommendation is that if you are unhappy, go and talk about it - but don't expect others to turn to your assumptions about how a discussion should happen when it comes to the EU, because they may not share your opinion here.
esperent 12 hours ago [-]
> You dislike criticism
No, I love criticism, as long as it's balanced and thoughtful, and invites discussion rather than being knee-jerk reactionary. Please read my comment more carefully.
ExoticPearTree 11 hours ago [-]
> No, I love criticism, as long as it's balanced and thoughtful, and invites discussion
You forgot to add "and it matches my worldview of things". Knee-jerk criticism is very fine, like "Microsoft sucks" anytime someone mentions Microsoft. You can just ignore it and move on.
esperent 10 hours ago [-]
No, I intentionally didn't add that. Please challenge my worldview, engage and disagree me. Just put some effort in, please.
However, you're still missing the salient point of my comment - that is, overwhelmingly the comments on any post related to the EU here are low effort, negative, reactionary. Honestly, I feel like you're not willing to engage with the point. It's not even the negativity that's my main issue here, it's the overwhelming low-effort, thoughtless nature of it which prevents any attempt at genuine discussion (positive or negative). It's groupthink, reddit style, and while HN is far from perfect there's almost no other subject that brings out this kind of reaction. Except for React, maybe.
ExoticPearTree 10 hours ago [-]
You're wrong.
lenkite 11 hours ago [-]
That's because American BigTech Bros are afraid of the below and will take every opportunity to diss on it.
"Support uptake of open source alternatives to proprietary solutions together with Member States and the Digital Commons EDIC — cloud, workplace tools, secure e-mail, decentralised social media."
The only good thing EU ever did in the last 25 years was GDPR in 2016. It has been slowly eroding everything else.
FinnKuhn 11 hours ago [-]
The DMA is a great initiative for more market competition.
nickslaughter02 11 hours ago [-]
Great, now I can install an app on iOS without having Apple's approval or cut, right? No, you cannot. You still report and pay fees to Apple. This is the general trend: EU regulates something it doesn't understand and the result is a mess that companies need to deal with.
It is not. It is a law to help loser companies benefit from the R&D spend of others. Like message "interoperability" between platforms. Instead of letting the best product win by consumer choice, they're forcing every messaging product to become mediocre. And the list could go on.
earthnail 11 hours ago [-]
It is in the interest of our societies to make sure the markets work, and continue to work. That’s why we created market regulators. If a winner wins so much that they threaten to destroy the market, the importance of having a market trumps the winner’s right to win.
This is monopoly 101. That’s why the US broke up Standard Oil.
iamacyborg 11 hours ago [-]
> Instead of letting the best product win by consumer choice, they're forcing every messaging product to become mediocre.
Do you really believe products win because they’re the best? I’d strongly argue that monopolistic power and loss-leading VC investment is what drives success.
ExoticPearTree 10 hours ago [-]
Yes. This is why, for example Whatsapp is the most used messaging app in the world: it is lightweight and super simple. It could have been any number of apps, but they won fair and square.
This was the first example that comes to mind. And hardware wise I would argue the iPhone is the best phone because so many people buy it compared to other alternatives. And I don't believe for a second people buy because iMessage.
3form 11 hours ago [-]
R&D spend? In messaging product?
Sorry, but these companies spend much more effort on making sure their product is walled off and incompatible with everything than giving it any actual quality.
ExoticPearTree 10 hours ago [-]
> R&D spend? In messaging product?
You think Whatsapp for example is this lightweight and easy to use on basically any phone because no one spent a dime on some R&D on how to make it the way it is?
3form 9 hours ago [-]
I am not well versed in Android or iPhone software development, but yes, I don't believe that making a non-bloated mobile app is pushing the frontier of software engineering.
There could be some arguments made somewhere as to where R&D money could go, perhaps somewhere in the backbone that billions could use, but the UI is not it.
All that said, I don't know how it furthers your initial argument exactly, as the DMA "beneficiaries" benefit from this lightweightness in zero percent. If anything, it's a negative, because one could assume they have to do better than that with what they're offering.
vrganj 6 hours ago [-]
Interoperability is what enables consumer choice and the best product winning in the first place.
Theres no choice if all your friends are on a network that's not interoperable.
coredev_ 2 hours ago [-]
CRA is pretty damn cool
Tooster 11 hours ago [-]
Every day, I pass by numerous signs and plaques reading "funded by EU funds." Most of the time, they are attached to public transport or road infrastructure. For anyone genuinely trying to understand the EU's impact — rather than just defaulting to blind hatred — there are plenty of public resources available. You can find maps and project lists detailing descriptions, funding amounts, and progress statuses.
Granted, this data is usually "boring" by today’s dopamine-driven attention standards, so it's no wonder people rarely talk about it. But if you actually stop and take an interest in what has been accomplished, you start noticing the impact everywhere—it just takes a little effort. After all, how hyped can you really get over a repaved road in some remote village you've never even heard of? You can't. But the people living there certainly feel the impact, even if they don't always notice where the money came from.
You might disagree with certain aspects of the EU, but leaving a rage-baited, hateful comment is the easy way out. Looking at actual accomplishments—despite your frustrations—takes real effort.
For stuff which actually can matter and had impact on daily lives (beside aforementioned public transport impact):
- USB-C as a standard power connector
- hassle-free travel between countries
- GDPR you mentioned
- recent "stop killing games" public initiative which shows that common people can stand a chance against multimillion dollar companies
- abolition of roaming charges and access to a free internet up to certain limits — huge PITA solved for people going on vacations
- universal healthcare between countries on vacations
- strong 14 day guarantee for online purchases, free return policies and minimum 2 year warranty
- food safety regulations (but if you don't care you won't be impressed by it)
- certain regulations regarding flights and passenger rights (cancellation compensation, recent regulations regarding baggage, to fight with scammy practices of flight operators)
- right to repair
- even the commonly memed bottle caps is nice UX — you (or more commonly a kid) won't be able to drop a cap on sand rendering :) And thanks to that there is noticeably less "small trash" on beaches and in parks (left to solve are beer caps ;)
The intend of this comment is just to show that it's not "nothing" if you bother to look, the stupid/bad/ugly is beside the point here.
_the_inflator 9 hours ago [-]
With the European Chips Act I already a total disaster, please help me with your intelligence, thoughtful discussion to explain the feasibility of miracles to me in rational terms, since the EU is obviously oblivious to the fact, that they are delusional and hubris might be a better term to explain, what "the EU" wants to achieve - and maintain.
BTW, the EU also plans for a energy transformation, being a military powerhouse, surveillance state - what else could be wish into reality?
kyboren 7 hours ago [-]
Sovereign manufacturing supply chains? A competitive EV company? A competitive space launcher?
How about a healthy native birth rate and relatively low levels of immigration?
But to create that many strategies, you're gonna need a huge EU bureaucracy. So better create a strategy to reduce the growth of EU bureaucracy, too.
lukan 11 hours ago [-]
So instead of adressing the article and provide the potential base for a intelligent debate, you decided to raise the bar by lamenting?
My impression in general is that there is rather a very EU friendly view here on HN in general, but HN is critical of everything.
So I also say, lot's of nice words, great that they at least start so late with that now, but more concrete steps would be more welcome.
"Making public administrations anchor users and contributors to open source, through procurement guidance, open-source friendly tendering, strengthening the Open Source Programme Office and its networks, reusable public digital assets and by embedding openness and sovereignty in digital investment decisions"
Because this for example sounds great. But is it very concrete? It sounds like it, but I don't see how it is.
lnsru 11 hours ago [-]
We can discuss lots about EU. But does it make any sense here… EU is for regulations only. Which sometimes make sense (phone costs while traveling), but mostly not (CRA, planed prescription of electric vehicle quotas for business, planed yearly “old” car inspections, bottle caps attached to bottles, clothing waste regulation). EU has no military power and is obviously crippled defending the interests of member states. There is also commonly known secret, that many countries have tons of organizations to acquire EU money for useless programs and projects. There is no secret, that EU fantasies are steered by gazillion lobbying groups while the country representatives are not the brightest ones. Rather the ones seeking exorbitant untaxed EU salaries. I wouldn’t say that in current form EU is something special or especially useful.
ragebol 13 hours ago [-]
All great, but I would love EU and (national, local, ...) governments in the EU simply use the open source stuff already available.
Often there is an 'you must open source, unless you explain why not' and then there is some faff about why they really need to be buying more stuff from Microsoft (which is more and more cloud stuff and thus under the CLOUD act etc.)
Time to get rid of the 'unless' bit.
pjmlp 13 hours ago [-]
Although I usually come up negative on my The Year of Linux Desktop comments, that would already be a starting point.
Unless EU citzens are able to easily walk into FNAC, Vobis, Cool Blue, MediaMarket, Carrefour, Publico,.... and come out with a laptop or desktop with e.g. SuSE Linux already set up, this will always be a niche thing from nerds assembling their own PCs, or finding their ways into Tuxedo and co.
And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
ben_w 12 hours ago [-]
> And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
This is the big thing.
Even as a massive nerd, I keep trying various distros and going "meh" and right back to MacOS.
red_admiral 10 hours ago [-]
So maybe BSD + nice GUI is the solution :)
raverbashing 11 hours ago [-]
This is a conversation that has been going on for 20+ years and the OSS community hasn't managed to get that in their heads
I have simply given up
pjmlp 11 hours ago [-]
Me too, which is why I mostly use Windows as main OS laptop OS since Windows 7[0], however with current geopolitics, eventually we might have to really chose something else, even if the ergonomics aren't there.
[0] - You will find emails from me with M$ like signatures during the 1990s, in whatever archives
martinald 11 hours ago [-]
Well you can do that right now with Chrom(ium)OS.
pjmlp 10 hours ago [-]
Nah, that is a joke OS, where Crostini to this day has hardware support issues depending on the OEM brand, and the RAM/SSD sizes are ridiculous.
ExoticPearTree 11 hours ago [-]
You do realize there is basically zero demand for a Linux desktop by "normal"/"average" users, right?
pjmlp 10 hours ago [-]
Yes, hence why that must come from European powers if sovereignty matters to the point not to depend on US powers for our daily computing needs.
bjackman 12 hours ago [-]
I do not think I want my public sector running GNU/Linux desktops. There is no distro that meets the security requirements.
I don't know if Windows is better, I have heard rumours that it's pretty bad.
I know MacOS is MUCH better from a security PoV but I definitely don't want my public sector shelling out to Apple and I don't think it meets the boring IT management requirements anyway (I think big tech has a lot of crazy workarounds to make their MacBook fleets workable).
So yeah overall no good options here. I would love to see the EU fund development of a better distro for this usecase, but doubt it's the highest ROI thing you can do in this space.
sph 12 hours ago [-]
I don’t get your comment. They can make a distro secure enough for government use. It’s not like it’s alien technology only the US have, that you need to buy Apple or Microsoft.
It would certainly be the highest ROI to have a local, open system built (by funding) local enterprises. Who knows, maybe a slice of the private sector might adopt it instead of sending money overseas.
bjackman 11 hours ago [-]
It's not alien tech but it's a basic fact that only the US has it right now.
Yes we could build a serious distro with a massive investment to get Flatpak, systemd, bootc, up to scratch, set up OSS endpoint management software, set up a safe package supply chain, etc. And yes I would love to see it. But I think in the short term the money would be better spent replacing crap like Outlook and OneDrive than Windows. Note this doesn't require building much software it's about figuring out how to run infrastructure in a way that's friendly to the bizarre world of public sector organisations.
Maybe Dunning-Kruger but the latter just seem like much easier problems to solve.
Also totally pointless until we have an OSS web browser that the whole sector can adopt (maybe we already do, but any funding gaps for Firefox should still be addressed before we build our own EuroOS). No point in having a wonderful sovereign OS that just serves as a bootloader for Chrome.
pjmlp 12 hours ago [-]
In what aspect does GNU/Linux not meet EU sovereignty security requirement, but two American companies do?
Other than the elephant in the room that most FOSS projects are anyway sponsored by US companies, that is.
bjackman 11 hours ago [-]
Sovereignty yes it's obviously better.
I am just talking about the pure tech fact that GNU/Linux desktops do not have any meaningful intra-host security boundaries.
Is this a worthwhile tradeoff against being tied to US tech? Yeah maybe, like I said there are no good options here, and Linux might be the least bad.
palata 11 hours ago [-]
Genuinely interested: does it bring something to say "everything is crap anyway, but given that we must choose between one of them, we may as well choose the least bad" instead of "the best solution we currently have is X"?
Secondly, are you sure that it is impossible to secure a system for a whole department? I have seen relatively big companies having an IT team managing their own Linux flavour. That is, whitelisting the packages that can be installed by the users. Given that most computer users in the administration use a handful of programs, it doesn't seem super hard to audit them?
bjackman 6 hours ago [-]
> Genuinely interested: does it bring something to say "everything is crap anyway, but given that we must choose between one of them, we may as well choose the least bad" instead of "the best solution we currently have is X"
Well I dunno if that's true, that's why I didn't say it. Linux _may_ be the best solution overall I am not sure. It is definitely not the best solution from a security perspective.
> Secondly, are you sure that it is impossible to secure a system for a whole department? I have seen relatively big companies having an IT team managing their own Linux flavour. That is, whitelisting the packages that can be installed by the users.
Just whitelisting packages isn't enough. ChromeOS effectively does this and their whitelist is extremely small, yet they are still only ok with that because they backed it up with the rest of the pieces needed to make a secure Linux desktop, including a fully vertically integrated stack.
Chu4eeno 11 hours ago [-]
You know what happened at Google after Operation Aurora and they went full bore on security (BeyondCorp and all that)? They started phasing out Windows laptops for employees immediately.
I'm honestly having trouble taking you seriously, Windows has always been at the butt of security jokes, I guess you maybe didn't grow up with winnuke etc?
But maybe you could elaborate a bit more concretely about what kind of intra-host security boundaries are missing, and why they would be required on single-user computers in this scenario?
bjackman 6 hours ago [-]
I worked at Google on post-Aurora endpoints security. Windows laptops are alive and well at Google. Linux laptops have had one foot in the grave for a while now (it's a bummer). Google historically made gLinux work only with enormous investments in customised distros and D&R.
> But maybe you could elaborate a bit more concretely about what kind of intra-host security boundaries are missing
- no boundaries between applications, everything runs as $USER which can read your browser creds
- no boundary between user and root, everything can trivially escalate privs (maybe we will fix this post Glasswing, let's see)
- no boundary between boots, root can trivially persist a compromise (probably non-root too)
The tech exists to solve all these problems on Linux, but there isn't a distro that strings it all together. (Unless you count ChromeOS/Android which are not really OSS).
palata 2 hours ago [-]
> Unless you count ChromeOS/Android which are not really OSS
Wouldn't ChromiumOS and AOSP count? Though I read a lot of people generally complaining about secure boot on desktop (for reasons I honestly don't understand: secure boot seems to be part of the Android security model, and it seems valuable to me).
noodlesUK 12 hours ago [-]
I think that SUSE and RH can definitely work well in a fairly secure setting as needed. I certainly don't think it's any less secure than your typical corporate windows setup.
omnimus 12 hours ago [-]
Sounds like the Linux is still the least worst? There is at least possibility of having secure and quite independent machine. The question is not about distro, it's who does the support and how it's all put together. There are big vendors who sell linux to enterprises that for sure have to be highly secure.
bjackman 11 hours ago [-]
[dead]
regexorcist 6 hours ago [-]
So the NSA baseline of Linux + SELinux (that they helped develop) does not meet your needs but MacOS does? Please educate me.
bjackman 6 hours ago [-]
SELinux is a framework not a solution. Main places that gap is closed are Android and ChromeOS, not normal distros.
MacOS has:
- Serious integrity story
- Actual kernel hardening
- No reams and reams of garbage in their kernel (wouldn't have equivalents to the recent AF_ALG vulns coz they don't have dumb stuff like AF_ALG).
- Filesystem security boundaries retrofitted onto the Unix model (interesting user data, browser creds etc are gated by special permissions that are tied to the application build, backed by the integrity story - a `curl | bash` command cannot dump your ~/Documents)
When people escalate privileges on MacOS it's news, when they do it on Linux it's Tuesday (you might think the recent spate of privesc vulns on Linux was unusual but that is totally normal).
I say this as someone who works on Linux security every day (I am a kernel developer) and uses Linux on every computer I have, both at work and at home, BTW. I am not a Linux hater or Apple fanboy by any means.
These are all solvable problems at EU scale too. Just, I think they should solve other problems first in the priority list of delivering sovereign IT.
Tangurena2 9 hours ago [-]
> There is no distro that meets the security requirements.
The CLOUD Act, in conjunction with Trump's behavior and the Snowden disclosures, shows that the US cannot possibly a trusted partner. That every operating system is controlled by Washington. Who can turn things off if they want.
I work for a stage agency. Our current state constitution was adopted in 1891. Does a digital file format exist that will work for 135+ years? We've adopted PDF/A because supposedly that's open-sourcey enough to last, but I'm not sure that it is safe enough from legal disputes to stand the test of time. Our state legislature has banned certain state stuff from being hosted in the cloud.
Zardoz84 12 hours ago [-]
> I do not think I want my public sector running GNU/Linux desktops. There is no distro that meets the security requirements.
Windows being a buggy spyware wouldn't
wolvesechoes 12 hours ago [-]
If actors in the EU are serious (I have my doubts, as so far I see nothing more than riding recent anti-Trump sentiment in a hope to win popularity contest) they cannot rely on volunteer effort and gluing bunch of unrelated FOSS projects.
It is not enough to fund a new distro. EU needs its own OS (may be based on Linux, sure) and it needs to fully control it. Otherwise it will end up like most other FOSS projects, full of personal drama and technical bike-shedding.
sixhobbits 13 hours ago [-]
There is definitely a lot of this happening, e.g. this is a 'collaboration suite for civil servants' that's basically a collection of existing open source projects
I'm guessing from my own use of NextCloud, Matrix etc that this will simply be deemed not good enough compared to Google Workspace or Microsoft WhateverItsCalledNow as these things are pretty rough around the edges in my experience, but this looks like a good step in the right direction to me
ragebol 12 hours ago [-]
All laudable efforts, but I'd love for my Dutch govt to actually use these broadly. With the support behind it to file down those rough edges for the benefit of all.
It looks much more polished than a lot of the existing open source tooling, they've been building a lot of stuff in-house and really been paying attention to UX (which imo is the biggest problem with a lot of existing FOSS solutions).
I have high hopes this'll become a viable solution going forward, maybe even for non-gov users.
RyJones 9 hours ago [-]
Help us spread the word? We have good engagement but we need more from governments.
A challenge they forgot to mention is EU‘s very own new Product Lianility Directive.
Although the Directive exempts free and open-source software (OSS) from strict product liability, it does so only if the software is developed or provided outside the course of a commercial activity.
As soon as a company integrates OSS into its own commercial product or uses it for economic purposes, the company becomes liable for any potential defects in the open-source component.
Looks Like fun for freelancers and companies who get Clients thanks to their Open Source projects, for example.
pploug 11 hours ago [-]
Company sells product for profit - they are liable for the product and all its subcomponents - there is nothing unfair about this - it doesn't matter if you found the components in a hole in the ground or on github - if you are selling a product based off it, you are liable.
For freelancers / oss companies - you can still sell services such as consulting or support - without selling your oss project - then its a service - not a product.
adamtulinius 11 hours ago [-]
Does this mean that you think a company should not be held liable for defects caused in a product they ship, if the defect is caused by an open source component?
Why not?
11 hours ago [-]
codingjoe 12 hours ago [-]
Empty words. Without changes to anti-circumvention laws, safe harbor commitments for security researchers and serious funding for foss projects nothing is going to change.
codingjoe 11 hours ago [-]
... and I'd still be very happy for them. Some money, is better than none.
Besides, supply chain payments are already a thing and help maintainers like myself already while providing security benefits for corporations.
ExoticPearTree 11 hours ago [-]
> serious funding for foss projects
this is a sure way for grifters to make a boatload of money by lobbying for various projects to be funded.
tsoukase 6 hours ago [-]
There is the light headed assumption that any time propr software can be replaced by open source. By regulation, by being fed up with closed source, by saying so etc. It cannot, it's very hard.
In this realm, software is like a car. Would you buy an open source car? You might know any aspect of it but where would be the professional support, the strict safety regulations, the security feeling that you are under the wing of a company? I am full OSS, but I am not sure for the average Joe and Mary or better for the Oliver, Lucas, Matteo and Sofia.
sublimefire 13 hours ago [-]
I have so many mixed feelings about it. I mean there OSS software already, nobody prevents its use. It would have been better to just give OSS grants to SMEs who use OSS that originates in EU. But this is internet we are talking about, if I have an OSS repo and it contains contributions from Chinese or US citizens, is it still EU OSS? The core underlying issue is that nobody is incentivised to use EU “only”, if that changes the you will see the results. It does not even talk about devs like me who create such software.
nryoo 13 hours ago [-]
[flagged]
nickslaughter02 12 hours ago [-]
Will EU mandated backdoors be open source too?
> When it describes how the groundwork might be laid for mandating encryption backdoors, the EU chooses to use euphemisms such as creating roadmaps for “lawful and effective access to data for law enforcement” and seeking “technological solutions for accessing encrypted data.”
is any money going into it, or are they just "supporting"?
anonzzzies 13 hours ago [-]
There is money but it's all vague and hard to get and usually with tax breaks instead of just money. I would opensource everything we built, but I have to eat something so it'll be when I die and/or the company is sold and/or we earned enough to make everyone eat during their life (with some reasonable amounts that assume hyper inflation won't happen) (it is contractually arranged). Many EU gov institutions use our software and would LOVE for us to open source it - they would immediately stop paying.
13 hours ago [-]
throw-the-towel 6 hours ago [-]
Duuude, wanting to earn money is so US-pilled. (If you're a worker, that is.)
tralalalalala 13 hours ago [-]
[flagged]
trilogic 13 hours ago [-]
[flagged]
nxm 12 hours ago [-]
Virtue signaling
greatgib 13 hours ago [-]
Always the same broken pattern of the EU: throwing shitload of money to the big actors of a field without really a coherent strategy or a real control of how the funds are used.
Like that, a few companies are specialized in sucking public funds and delivering nothing. Or just the minimum to say that they did something.
Again here, no money will be directed to the thousands of core and essential OSS projects that are maintained by individuals without a corporate backing. Or to the individual contributors that are the key to these stacks.
Instead, the only one that will be able to get money, legally per EU policy, will be consortium of suckers and eventually nice but useless researchers in University...
I mean we all agree of how good are the values posted on these page, but what are we paying for?
Oh I see:
https://nextgraph.org/roadmap/
This is the new roadmap for 2025, established thanks to the new grant received from NLnet Foundation and the NGI Zero Commons Fund.
The main goal is to finish the Core protocol, improve the Wallet and App, and bring about the Framework/SDK so that developers can create standalone or embedded apps based on NextGraph. Those apps can make capability-based access requests on the user's data, define smart-contracts and implement any business logic within cross-document transactions.
No LOL, this is where your money is going...
At the same time, the maintainers of the openssl, sqllite, openssh, ... or for example NGINX that now belongs to big american company...
olejorgenb 6 hours ago [-]
> throwing shitload of money to the big actors of a field
My reply was directed at this part. Based on my memory seeing ironcalc specifically getting funding. Unless they hide it well they are not a big actor. And the project looks interesting and worthy to me. (I see I should have omitted the nextgraph link
as I'm not familiar at all with that project)
Some projects funded by NLnet: Organic Maps, KDE Connect, KDE Plasma Wayland, Bottles (Builds on Wine IIRC), Briar, mitmproxy, Nextcloud, Wireguard
Note: NLnet is an independent organization, but it seems to get quite some support from EU. Maybe you would argue NLnet itself is a big actor?
I think funding already established, respected donor organizations is a decent strategy.
beernet 12 hours ago [-]
> Like that, a few companies are specialized in sucking public funds and delivering nothing. Or just the minimum to say that they did something.
Agreed. Fraunhofer institute in Germany is a prime example.
vrganj 8 hours ago [-]
You mean the guys that invented MP3s and were major contributors to h264?
beernet 8 hours ago [-]
Yes, I mean exactly these guys, who did effectively nothing since these "glory" days (which are not really so glory if you Look at the entire story).
This insitution could not exist a minute without tax payer money and provides very, very little in return. Mediocre (at best) employees with the work ethic of public officials, and we know what this means when talking Germany...
greatgib 8 hours ago [-]
In all cases, it is not 100% of the money that is wasted uselessly. There is still a few percents that are directly to useful use.
Like there some companies or big companies that contribute in some cases in significant open source projects that are used by everyone. But that is more the exception than the norm.
DocTomoe 12 hours ago [-]
The pattern is not broken, it works as designed. This is mostly a money-pump from government(s) to private interests, mostly sitting in large IT houses.
Galanwe 13 hours ago [-]
> Like that, a few companies are specialized in sucking public funds and delivering nothing.
Not just public, private funds as well. Typical EU, I call that helicopter regulating: you see a problem, throw a regulation at it, then close you eyes.
GDPR pop-ups are the most obvious example, but there are so many more.
For instance, now apparently companies can opt to send payslips digitally instead of physically (paper). Of course, some smart ass nitpicked that employees could loose or change their mail address, so the company is now forced to store digitally delivered payslips in some kind of European-hosted vault for 10 years. And since no sane company want to be liable for that, we now have a wonderful ecosystem of trash "payslip digital vaults" startups, which companies use to proxy-send employee payslips.
So in essence, my company is now sending my payslips (with name, address, contact details, compensation breakdown, etc) to a stupid start-up with egregious ToS, just because "send it by mail and let the employee back it up" was too simple. Thanks !!!
As far as I know EU is a full slave of Big Tech and does not have the intent to actually break free (it is going to hurt, the more you get into Big Tech, the more it will hurt to break free).
First thing first, restore web sites in a solid security network infrastructure. Namely, noscript/basic HTML.
FpUser 12 hours ago [-]
I think unless they have some alternative to Github (Codeberg yes) but with comparable number of repo's this strategy does not yet look very encouraging. Difference between number of open repos is huge, about 100 times
vool 12 hours ago [-]
Just a reminder that "Made in America" Truth Social is an EU funded Open Source project.
cromka 12 hours ago [-]
Is it?
preisschild 12 hours ago [-]
Its built on Mastodon, but truth social itself is not funded by the EU
cromka 9 hours ago [-]
I assumed that's what they were actually talking about, but boy, what a way to manipulate... I seriously cannot understand why people chose to be like that.
lyu07282 12 hours ago [-]
To people confused or wondering why it's too little, too late, too incompetent, etc.:
The EU makes a lot more sense when you understand it's a neoliberal institution. Just giving people money to work on open source directly would violate state aid/market disruption rules, they aren't allowed to do that because that could negatively impact the profit of some shareholder somewhere. Member states that want to do that even have to ask permission from the commission if they want to give aid to companies [1].
Everything is like that with the EU, they aren't like China that can just put money whereever to develop or fix strategically, rather the EU can't do anything strategically, or fix anything. It's by design they aren't incompetent, that is what market liberalism is. It's core to what they mean when they say "European values".
> The EU makes a lot more sense when you understand it's a neoliberal institution
I think that's a perfect summary.
As an aside, regarding what I would like EU to do in opensource - when American government writes some code, it must be put in the public domain (no copyright). EU doesn't have a similar rule.
throw-the-towel 7 hours ago [-]
BTW, this doesn't just apply to code -- everything the US govt releases publicly is in the public domain. This is why, for example, you can find US Foreign Service Institute language textbooks floating around the net.
lyu07282 9 hours ago [-]
That's true, it's an interesting case where the EU is even more ideologically committed than the US, like licenses on photographs taken by ESA vs. NASA for example, but it's everything.
With universities it's similar, publicly funded research gets patented (including software!) and exploited by private enterprise, but even worse private industry dictates the areas of research so it's impossible for there to ever be a coherent research strategy in the EU.
fleroviumna 12 hours ago [-]
[dead]
beernet 12 hours ago [-]
They didn't even bother removing the typical AI slop from the text, lol
trolleski 13 hours ago [-]
EU politicians are bought or compromised as they keep buying American BigTech. You can't be THAT stupid, sorry.
madduci 10 hours ago [-]
See the EUDI Wallet running on (surprise surprise) only Android and iOS for mobile..
acidhousemcnab 12 hours ago [-]
State monopoly on violence not holding up their end of the bargain - protection from corporate warlords, mafia formations, parasitised infra / networks / orgs. If all legislatively captured or made client in initial conditions, counter strategies need to be parallelised, and quietly. Think Microsoft on bath salts, and fevered dreams of an annihilation and renewal, toward pillaging and killing, benevolently, in totalising systems of surveillance, God-like and as "natural" aristocracy, all curled flesh and bone and sinew, the monstrosities and cyborg-aberrations of declining empires, searching and seeking and grasping for the next.
Of course there's a lot to criticize and also to appreciate about the EU. But this is supposed to be a forum for intelligent, thoughtful discussion and yet as soon as the EU gets mentioned it basically turns into reddit.
If the headline was "EU invests 100B into open source to further independence from US", I imagine things would be different. But right now it's "we have intentions to have plans about tech and open source in the EU sometime in the future".
Most EU initiatives have damaged everyday UX on the web and in tech. Yes, some malicious compliance has played a role by over-reacting to well-intended regulations. But overall the EU has brought this upon itself.
This specific Open Source Strategy memo is typical. It's in fact not a strategy but a list of key goals and requirements, put together in technocratic jargon. It will have zero effect on the actual open source ecosystem.
Or you have been brainwashed by the billions spent annually to make you believe stories about bendy bananas and occult initiation ceremonies as a condition of being a member.
Not for me, my opinion of things like GDPR and forcing usbc on phones gives me the impression that the EU is holding corporations accountable and looking out for normal people.
Its been mentioned before but i feel like while alot of negative views might be organic, alot are also the result of tech companies' smear campaigns against the EU
Are you really trying to suggest that GDPR and PECR are bad pieces of legislation because businesses have decided that they’d prefer to give you a bad UX?
- pay "ridiculous price" or accept ads & tracking instead of allowing to disable tracking
https://noyb.eu/en/nordic-media-giant-schibsted-switches-pay...
the second one i experience daily and it's driving me nuts. i am sure it is actually illegal, but i have yet to find an explanation on why it should be allowed or a convincing legal argument in why it actually violates the rules. something that i could send to violators.
So yes, it's all the fault of the EU.
[1] https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng
What’s to fix?
A business needs a legitimate reason to process personal data, people need to be sufficiently informed about how their data will be processed. These are not impossible obstacles. Anyone who claims otherwise is acting in bad faith because they know that people would not agree to what the business wants to do with their data.
Is this not your own comment, from just a few hours ago, visible on the same viewport as this one?
https://news.ycombinator.com/item?id=48445299
Why is it that so many years later, so many companies are still not compliant? That seems like a major problem to fix.
You are replying to a comment complaining about the annoyance for users that the law has created. When will that be fixed?
Why is it that all of the enforcement effort been so unevenly directed specifically at non-European companies?
This subthread started with the statement "True but it also reflects that the EU has indeed destroyed most goodwill towards it in the last decade regarding most things digital."
I think maybe you don't understand that the level of goodwill destroyed really is on par with the level of goodwill towards American that Trump has destroyed. Yes, it is really that bad. Yes, it is something that needs to be fixed.
Do you have any evidence of that?
> You are replying to a comment complaining about the annoyance for users that the law has created. When will that be fixed?
The law isn’t about fixing an annoyance to users. If you’re annoyed by bad UX, tell your boss to cut that shit out because they’re probably part of the problem too.
What I struggle to understand is you’d rather have your privacy right absolutely derailed just so you have a couple things less to click. Wild.
I want the US tech community to continue thinking of us as some sort of technological backwater. Ridiculing and deriding us, so they never see as any place where they are welcome. Since given the last ten years, they pretty much aren't. There's basically little to nothing that US tech services have to offer Europe.
https://fosstodon.org seems like a good fit but is invite-only
It's interesting because not that long ago nobody cared about what europe did in tech. Or more like everybody was fine with the fact that europe imported computers and exported something else. It was like that forever. I am not sure where this is coming from. It almost seems like even these weak efforts might mess up with somebodys business.
Definitely the most cynical video he ever released.
- [0] https://www.youtube.com/watch?v=eqoX9OIR-DI
Sooner or later Europe will wake up. Right now we still have too many lobbyists but this will change - at the latest when key lobbyists are put in jail for many decades. Sadly this also means the current EU commission has to go to jail too.
- CRA (cyber resiliency act): Manufacturers must handle and release security patches for vulnerabilities, and developers are required to report actively on exploited vulnerabilities and breaches.
- PLD (Product Liability Directive): A failure to provide critical security updates or the presence of exploitable vulnerabilities can now legally constitute a "defect" and if defective software causes physical harm or property damage, manufacturers are strictly liable and cannot contractually exclude or limit this liability.
And the kicker is this: Non-commercial open-source software is generally exempt from these commercial liability frameworks. However, if an open-source component is integrated into a commercial, for-profit product, the responsibility shifts to the corporate manufacturer.
So good luck making some money of your open source project where the risk outweighs any potential profit, or integrate an open source project into your commercial offering.
In case it is unclear from my tone, I am genuinely curious.
You dislike criticism? I find criticism an important part of discourse and discussion. HN is very clearly not anything like reddit - just the insane amount of censorship on reddit alone, is already one argument against that claim. Many more could be given. I have been using reddit in the past for many years, so I know how reddit changed. Not that everything is perfect on hackernews; I dislike the "you are posting too much" limitation, for instance. But we don't have over-eager censor-mods here whereas that was locking down numerous interesting discussions on reddit.
With regards to the EU situation: the EU is in a very strange situation. On the one hand it is doing good things; this then gets cancelled by the EU commission acting as a pure lobbyist group, as well as a huge army of bureaucrats who want more and more money and dream about assimilating more and more countries, which makes zero sense. Whether the EU will succeed with regards to their open source strategy or not, who knows. What I do know is that individual countries, such as France or the Netherlands, are quite intelligent when it comes to good decisions (Germany is absolutely undermined by lobbyists, so it is totally paralysed here); I am not convinced the EU is in a similar situation. It would have to be reformed, but people in Brussels don't want to see their job axxed away, so nothing will improve here.
My recommendation is that if you are unhappy, go and talk about it - but don't expect others to turn to your assumptions about how a discussion should happen when it comes to the EU, because they may not share your opinion here.
No, I love criticism, as long as it's balanced and thoughtful, and invites discussion rather than being knee-jerk reactionary. Please read my comment more carefully.
You forgot to add "and it matches my worldview of things". Knee-jerk criticism is very fine, like "Microsoft sucks" anytime someone mentions Microsoft. You can just ignore it and move on.
However, you're still missing the salient point of my comment - that is, overwhelmingly the comments on any post related to the EU here are low effort, negative, reactionary. Honestly, I feel like you're not willing to engage with the point. It's not even the negativity that's my main issue here, it's the overwhelming low-effort, thoughtless nature of it which prevents any attempt at genuine discussion (positive or negative). It's groupthink, reddit style, and while HN is far from perfect there's almost no other subject that brings out this kind of reaction. Except for React, maybe.
"Support uptake of open source alternatives to proprietary solutions together with Member States and the Digital Commons EDIC — cloud, workplace tools, secure e-mail, decentralised social media."
Free to copy this code base https://github.com/lobsters/lobsters
https://www.macrumors.com/2025/06/26/app-store-eu-rule-chang...
This is monopoly 101. That’s why the US broke up Standard Oil.
Do you really believe products win because they’re the best? I’d strongly argue that monopolistic power and loss-leading VC investment is what drives success.
This was the first example that comes to mind. And hardware wise I would argue the iPhone is the best phone because so many people buy it compared to other alternatives. And I don't believe for a second people buy because iMessage.
Sorry, but these companies spend much more effort on making sure their product is walled off and incompatible with everything than giving it any actual quality.
You think Whatsapp for example is this lightweight and easy to use on basically any phone because no one spent a dime on some R&D on how to make it the way it is?
There could be some arguments made somewhere as to where R&D money could go, perhaps somewhere in the backbone that billions could use, but the UI is not it.
All that said, I don't know how it furthers your initial argument exactly, as the DMA "beneficiaries" benefit from this lightweightness in zero percent. If anything, it's a negative, because one could assume they have to do better than that with what they're offering.
Theres no choice if all your friends are on a network that's not interoperable.
Granted, this data is usually "boring" by today’s dopamine-driven attention standards, so it's no wonder people rarely talk about it. But if you actually stop and take an interest in what has been accomplished, you start noticing the impact everywhere—it just takes a little effort. After all, how hyped can you really get over a repaved road in some remote village you've never even heard of? You can't. But the people living there certainly feel the impact, even if they don't always notice where the money came from.
Go search for maps provided by EU or your government sites, for instance https://mapadotacji.gov.pl/?lang=en
You might disagree with certain aspects of the EU, but leaving a rage-baited, hateful comment is the easy way out. Looking at actual accomplishments—despite your frustrations—takes real effort.
For stuff which actually can matter and had impact on daily lives (beside aforementioned public transport impact):
The intend of this comment is just to show that it's not "nothing" if you bother to look, the stupid/bad/ugly is beside the point here.BTW, the EU also plans for a energy transformation, being a military powerhouse, surveillance state - what else could be wish into reality?
How about a healthy native birth rate and relatively low levels of immigration?
But to create that many strategies, you're gonna need a huge EU bureaucracy. So better create a strategy to reduce the growth of EU bureaucracy, too.
My impression in general is that there is rather a very EU friendly view here on HN in general, but HN is critical of everything.
So I also say, lot's of nice words, great that they at least start so late with that now, but more concrete steps would be more welcome.
"Making public administrations anchor users and contributors to open source, through procurement guidance, open-source friendly tendering, strengthening the Open Source Programme Office and its networks, reusable public digital assets and by embedding openness and sovereignty in digital investment decisions"
Because this for example sounds great. But is it very concrete? It sounds like it, but I don't see how it is.
Often there is an 'you must open source, unless you explain why not' and then there is some faff about why they really need to be buying more stuff from Microsoft (which is more and more cloud stuff and thus under the CLOUD act etc.)
Time to get rid of the 'unless' bit.
Unless EU citzens are able to easily walk into FNAC, Vobis, Cool Blue, MediaMarket, Carrefour, Publico,.... and come out with a laptop or desktop with e.g. SuSE Linux already set up, this will always be a niche thing from nerds assembling their own PCs, or finding their ways into Tuxedo and co.
And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
This is the big thing.
Even as a massive nerd, I keep trying various distros and going "meh" and right back to MacOS.
I have simply given up
[0] - You will find emails from me with M$ like signatures during the 1990s, in whatever archives
I don't know if Windows is better, I have heard rumours that it's pretty bad.
I know MacOS is MUCH better from a security PoV but I definitely don't want my public sector shelling out to Apple and I don't think it meets the boring IT management requirements anyway (I think big tech has a lot of crazy workarounds to make their MacBook fleets workable).
So yeah overall no good options here. I would love to see the EU fund development of a better distro for this usecase, but doubt it's the highest ROI thing you can do in this space.
It would certainly be the highest ROI to have a local, open system built (by funding) local enterprises. Who knows, maybe a slice of the private sector might adopt it instead of sending money overseas.
Yes we could build a serious distro with a massive investment to get Flatpak, systemd, bootc, up to scratch, set up OSS endpoint management software, set up a safe package supply chain, etc. And yes I would love to see it. But I think in the short term the money would be better spent replacing crap like Outlook and OneDrive than Windows. Note this doesn't require building much software it's about figuring out how to run infrastructure in a way that's friendly to the bizarre world of public sector organisations.
Maybe Dunning-Kruger but the latter just seem like much easier problems to solve.
Also totally pointless until we have an OSS web browser that the whole sector can adopt (maybe we already do, but any funding gaps for Firefox should still be addressed before we build our own EuroOS). No point in having a wonderful sovereign OS that just serves as a bootloader for Chrome.
Other than the elephant in the room that most FOSS projects are anyway sponsored by US companies, that is.
I am just talking about the pure tech fact that GNU/Linux desktops do not have any meaningful intra-host security boundaries.
Is this a worthwhile tradeoff against being tied to US tech? Yeah maybe, like I said there are no good options here, and Linux might be the least bad.
Secondly, are you sure that it is impossible to secure a system for a whole department? I have seen relatively big companies having an IT team managing their own Linux flavour. That is, whitelisting the packages that can be installed by the users. Given that most computer users in the administration use a handful of programs, it doesn't seem super hard to audit them?
Well I dunno if that's true, that's why I didn't say it. Linux _may_ be the best solution overall I am not sure. It is definitely not the best solution from a security perspective.
> Secondly, are you sure that it is impossible to secure a system for a whole department? I have seen relatively big companies having an IT team managing their own Linux flavour. That is, whitelisting the packages that can be installed by the users.
Just whitelisting packages isn't enough. ChromeOS effectively does this and their whitelist is extremely small, yet they are still only ok with that because they backed it up with the rest of the pieces needed to make a secure Linux desktop, including a fully vertically integrated stack.
I'm honestly having trouble taking you seriously, Windows has always been at the butt of security jokes, I guess you maybe didn't grow up with winnuke etc? But maybe you could elaborate a bit more concretely about what kind of intra-host security boundaries are missing, and why they would be required on single-user computers in this scenario?
> But maybe you could elaborate a bit more concretely about what kind of intra-host security boundaries are missing
- no boundaries between applications, everything runs as $USER which can read your browser creds
- no boundary between user and root, everything can trivially escalate privs (maybe we will fix this post Glasswing, let's see)
- no boundary between boots, root can trivially persist a compromise (probably non-root too)
The tech exists to solve all these problems on Linux, but there isn't a distro that strings it all together. (Unless you count ChromeOS/Android which are not really OSS).
Wouldn't ChromiumOS and AOSP count? Though I read a lot of people generally complaining about secure boot on desktop (for reasons I honestly don't understand: secure boot seems to be part of the Android security model, and it seems valuable to me).
MacOS has:
- Serious integrity story
- Actual kernel hardening
- No reams and reams of garbage in their kernel (wouldn't have equivalents to the recent AF_ALG vulns coz they don't have dumb stuff like AF_ALG).
- Filesystem security boundaries retrofitted onto the Unix model (interesting user data, browser creds etc are gated by special permissions that are tied to the application build, backed by the integrity story - a `curl | bash` command cannot dump your ~/Documents)
When people escalate privileges on MacOS it's news, when they do it on Linux it's Tuesday (you might think the recent spate of privesc vulns on Linux was unusual but that is totally normal).
I say this as someone who works on Linux security every day (I am a kernel developer) and uses Linux on every computer I have, both at work and at home, BTW. I am not a Linux hater or Apple fanboy by any means.
These are all solvable problems at EU scale too. Just, I think they should solve other problems first in the priority list of delivering sovereign IT.
The CLOUD Act, in conjunction with Trump's behavior and the Snowden disclosures, shows that the US cannot possibly a trusted partner. That every operating system is controlled by Washington. Who can turn things off if they want.
I work for a stage agency. Our current state constitution was adopted in 1891. Does a digital file format exist that will work for 135+ years? We've adopted PDF/A because supposedly that's open-sourcey enough to last, but I'm not sure that it is safe enough from legal disputes to stand the test of time. Our state legislature has banned certain state stuff from being hosted in the cloud.
Windows being a buggy spyware wouldn't
It is not enough to fund a new distro. EU needs its own OS (may be based on Linux, sure) and it needs to fully control it. Otherwise it will end up like most other FOSS projects, full of personal drama and technical bike-shedding.
https://github.com/MinBZK/mijn-bureau-infra/
They show all the components they use here https://minbzk.github.io/mijn-bureau-infra/docs/category/com... and have set up guides for departments to operate it all on Kubernetes
I'm guessing from my own use of NextCloud, Matrix etc that this will simply be deemed not good enough compared to Google Workspace or Microsoft WhateverItsCalledNow as these things are pretty rough around the edges in my experience, but this looks like a good step in the right direction to me
It looks much more polished than a lot of the existing open source tooling, they've been building a lot of stuff in-house and really been paying attention to UX (which imo is the biggest problem with a lot of existing FOSS solutions).
I have high hopes this'll become a viable solution going forward, maybe even for non-gov users.
https://openwallet.foundation/
Although the Directive exempts free and open-source software (OSS) from strict product liability, it does so only if the software is developed or provided outside the course of a commercial activity.
As soon as a company integrates OSS into its own commercial product or uses it for economic purposes, the company becomes liable for any potential defects in the open-source component.
Looks Like fun for freelancers and companies who get Clients thanks to their Open Source projects, for example.
For freelancers / oss companies - you can still sell services such as consulting or support - without selling your oss project - then its a service - not a product.
Why not?
Besides, supply chain payments are already a thing and help maintainers like myself already while providing security benefits for corporations.
this is a sure way for grifters to make a boatload of money by lobbying for various projects to be funded.
In this realm, software is like a car. Would you buy an open source car? You might know any aspect of it but where would be the professional support, the strict safety regulations, the security feeling that you are under the wing of a company? I am full OSS, but I am not sure for the average Joe and Mary or better for the Oliver, Lucas, Matteo and Sofia.
> When it describes how the groundwork might be laid for mandating encryption backdoors, the EU chooses to use euphemisms such as creating roadmaps for “lawful and effective access to data for law enforcement” and seeking “technological solutions for accessing encrypted data.”
https://reclaimthenet.org/eu-protecteu-strategy-encryption-b...
> European Commission pushes for encryption ‘backdoors’
https://brusselssignal.eu/2025/04/european-commission-pushes...
Like that, a few companies are specialized in sucking public funds and delivering nothing. Or just the minimum to say that they did something.
Again here, no money will be directed to the thousands of core and essential OSS projects that are maintained by individuals without a corporate backing. Or to the individual contributors that are the key to these stacks.
Instead, the only one that will be able to get money, legally per EU policy, will be consortium of suckers and eventually nice but useless researchers in University...
"Gathering 12 partners for at least 3 years, towards a suite composed of 16 apps!"
Read the About page and tell me what is it exactly that you will be paying for? https://nextgraph.org/introduction/
I mean we all agree of how good are the values posted on these page, but what are we paying for? Oh I see: https://nextgraph.org/roadmap/
No LOL, this is where your money is going... At the same time, the maintainers of the openssl, sqllite, openssh, ... or for example NGINX that now belongs to big american company...My reply was directed at this part. Based on my memory seeing ironcalc specifically getting funding. Unless they hide it well they are not a big actor. And the project looks interesting and worthy to me. (I see I should have omitted the nextgraph link as I'm not familiar at all with that project)
Few of the projects listed here seems to be big actors: https://nlnet.nl/project/index.html
Some projects funded by NLnet: Organic Maps, KDE Connect, KDE Plasma Wayland, Bottles (Builds on Wine IIRC), Briar, mitmproxy, Nextcloud, Wireguard
Note: NLnet is an independent organization, but it seems to get quite some support from EU. Maybe you would argue NLnet itself is a big actor?
I think funding already established, respected donor organizations is a decent strategy.
Agreed. Fraunhofer institute in Germany is a prime example.
This insitution could not exist a minute without tax payer money and provides very, very little in return. Mediocre (at best) employees with the work ethic of public officials, and we know what this means when talking Germany...
Not just public, private funds as well. Typical EU, I call that helicopter regulating: you see a problem, throw a regulation at it, then close you eyes.
GDPR pop-ups are the most obvious example, but there are so many more.
For instance, now apparently companies can opt to send payslips digitally instead of physically (paper). Of course, some smart ass nitpicked that employees could loose or change their mail address, so the company is now forced to store digitally delivered payslips in some kind of European-hosted vault for 10 years. And since no sane company want to be liable for that, we now have a wonderful ecosystem of trash "payslip digital vaults" startups, which companies use to proxy-send employee payslips.
So in essence, my company is now sending my payslips (with name, address, contact details, compensation breakdown, etc) to a stupid start-up with egregious ToS, just because "send it by mail and let the employee back it up" was too simple. Thanks !!!
First thing first, restore web sites in a solid security network infrastructure. Namely, noscript/basic HTML.
The EU makes a lot more sense when you understand it's a neoliberal institution. Just giving people money to work on open source directly would violate state aid/market disruption rules, they aren't allowed to do that because that could negatively impact the profit of some shareholder somewhere. Member states that want to do that even have to ask permission from the commission if they want to give aid to companies [1].
Everything is like that with the EU, they aren't like China that can just put money whereever to develop or fix strategically, rather the EU can't do anything strategically, or fix anything. It's by design they aren't incompetent, that is what market liberalism is. It's core to what they mean when they say "European values".
[1] https://competition-policy.ec.europa.eu/state-aid/overview_e...
I think that's a perfect summary.
As an aside, regarding what I would like EU to do in opensource - when American government writes some code, it must be put in the public domain (no copyright). EU doesn't have a similar rule.
With universities it's similar, publicly funded research gets patented (including software!) and exploited by private enterprise, but even worse private industry dictates the areas of research so it's impossible for there to ever be a coherent research strategy in the EU.