I wish there was somewhere I could earnestly and intelligently have discussions about EU related tech and tech policy, but HN isn't it. As you can see already in this thread, there's 14 comments besides mine and they are 100% negative, and about 95% low effort/reactionary.
Of course there's a lot to criticize and also to appreciate about the EU. But this is supposed to be a forum for intelligent, thoughtful discussion and yet as soon as the EU gets mentioned it basically turns into reddit.
It's not only HN. You can see big tech media hate against any effort europe does. Everybody is mocking europe for building 10 years old chip fabs or their measly small unusable clouds or bad startup scene.
It's interesting because not that long ago nobody cared about what europe did in tech. Or more like everybody was fine with the fact that europe imported computers and exported something else. It was like that forever. I am not sure where this is coming from. It almost seems like even these weak efforts might mess up with somebodys business.
It’s even more interesting because a big supply chain problem during Covid were related to old chips used in tons of mechanical engineering products, like cars. Given that experience you could argue that the old fabs are much better value for money for resiliency.
All great, but I would love EU and (national, local, ...) governments in the EU simply use the open source stuff already available.
Often there is an 'you must open source, unless you explain why not' and then there is some faff about why they really need to be buying more stuff from Microsoft (which is more and more cloud stuff and thus under the CLOUD act etc.)
Although I usually come up negative on my The Year of Linux Desktop comments, that would already be a starting point.
Unless EU citzens are able to easily walk into FNAC, Vobis, Cool Blue, MediaMarket, Carrefour, Publico,.... and come out with a laptop or desktop with e.g. SuSE Linux already set up, this will always be a niche thing from nerds assembling their own PCs, or finding their ways into Tuxedo and co.
And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
I do not think I want my public sector running GNU/Linux desktops. There is no distro that meets the security requirements.
I don't know if Windows is better, I have heard rumours that it's pretty bad.
I know MacOS is MUCH better from a security PoV but I definitely don't want my public sector shelling out to Apple and I don't think it meets the boring IT management requirements anyway (I think big tech has a lot of crazy workarounds to make their MacBook fleets workable).
So yeah overall no good options here. I would love to see the EU fund development of a better distro for this usecase, but doubt it's the highest ROI thing you can do in this space.
I think that SUSE and RH can definitely work well in a fairly secure setting as needed. I certainly don't think it's any less secure than your typical corporate windows setup.
I don’t get your comment. They can make a distro secure enough for government use. It’s not like it’s alien technology only the US have, that you need to buy Apple or Microsoft.
It would certainly be the highest ROI to have a local, open system built (by funding) local enterprises. Who knows, maybe a slice of the private sector might adopt it instead of sending money overseas.
Sounds like the Linux is still the least worst? There is at least possibility of having secure and quite independent machine. The question is not about distro, it's who does the support and how it's all put together. There are big vendors who sell linux to enterprises that for sure have to be highly secure.
If actors in the EU are serious (I have my doubts, as so far I see nothing more than riding recent anti-Trump sentiment in a hope to win popularity contest) they cannot rely on volunteer effort and gluing bunch of unrelated FOSS projects.
It is not enough to fund a new distro. EU needs its own OS (may be based on Linux, sure) and it needs to fully control it. Otherwise it will end up like most other FOSS projects, full of personal drama and technical bike-shedding.
> And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
This is the big thing.
Even as a massive nerd, I keep trying various distros and going "meh" and right back to MacOS.
There is definitely a lot of this happening, e.g. this is a 'collaboration suite for civil servants' that's basically a collection of existing open source projects
I'm guessing from my own use of NextCloud, Matrix etc that this will simply be deemed not good enough compared to Google Workspace or Microsoft WhateverItsCalledNow as these things are pretty rough around the edges in my experience, but this looks like a good step in the right direction to me
All laudable efforts, but I'd love for my Dutch govt to actually use these broadly. With the support behind it to file down those rough edges for the benefit of all.
It looks much more polished than a lot of the existing open source tooling, they've been building a lot of stuff in-house and really been paying attention to UX (which imo is the biggest problem with a lot of existing FOSS solutions).
I have high hopes this'll become a viable solution going forward, maybe even for non-gov users.
> When it describes how the groundwork might be laid for mandating encryption backdoors, the EU chooses to use euphemisms such as creating roadmaps for “lawful and effective access to data for law enforcement” and seeking “technological solutions for accessing encrypted data.”
I have so many mixed feelings about it. I mean there OSS software already, nobody prevents its use. It would have been better to just give OSS grants to SMEs who use OSS that originates in EU. But this is internet we are talking about, if I have an OSS repo and it contains contributions from Chinese or US citizens, is it still EU OSS? The core underlying issue is that nobody is incentivised to use EU “only”, if that changes the you will see the results. It does not even talk about devs like me who create such software.
A challenge they forgot to mention is EU‘s very own new Product Lianility Directive.
Although the Directive exempts free and open-source software (OSS) from strict product liability, it does so only if the software is developed or provided outside the course of a commercial activity.
As soon as a company integrates OSS into its own commercial product or uses it for economic purposes, the company becomes liable for any potential defects in the open-source component.
Looks Like fun for freelancers and companies who get Clients thanks to their Open Source projects, for example.
Empty words. Without changes to anti-circumvention laws, safe harbor commitments for security researchers and serious funding for foss projects nothing is going to change.
There is money but it's all vague and hard to get and usually with tax breaks instead of just money. I would opensource everything we built, but I have to eat something so it'll be when I die and/or the company is sold and/or we earned enough to make everyone eat during their life (with some reasonable amounts that assume hyper inflation won't happen) (it is contractually arranged). Many EU gov institutions use our software and would LOVE for us to open source it - they would immediately stop paying.
I think unless they have some alternative to Github (Codeberg yes) but with comparable number of repo's this strategy does not yet look very encouraging. Difference between number of open repos is huge, about 100 times
Always the same broken pattern of the EU: throwing shitload of money to the big actors of a field without really a coherent strategy or a real control of how the funds are used.
Like that, a few companies are specialized in sucking public funds and delivering nothing. Or just the minimum to say that they did something.
Again here, no money will be directed to the thousands of core and essential OSS projects that are maintained by individuals without a corporate backing. Or to the individual contributors that are the key to these stacks.
Instead, the only one that will be able to get money, legally per EU policy, will be consortium of suckers and eventually nice but useless researchers in University...
The pattern is not broken, it works as designed. This is mostly a money-pump from government(s) to private interests, mostly sitting in large IT houses.
> Like that, a few companies are specialized in sucking public funds and delivering nothing.
Not just public, private funds as well. Typical EU, I call that helicopter regulating: you see a problem, throw a regulation at it, then close you eyes.
GDPR pop-ups are the most obvious example, but there are so many more.
For instance, now apparently companies can opt to send payslips digitally instead of physically (paper). Of course, some smart ass nitpicked that employees could loose or change their mail address, so the company is now forced to store digitally delivered payslips in some kind of European-hosted vault for 10 years. And since no sane company want to be liable for that, we now have a wonderful ecosystem of trash "payslip digital vaults" startups, which companies use to proxy-send employee payslips.
So in essence, my company is now sending my payslips (with name, address, contact details, compensation breakdown, etc) to a stupid start-up with egregious ToS, just because "send it by mail and let the employee back it up" was too simple. Thanks !!!
To people confused or wondering why it's too little, too late, too incompetent, etc.:
The EU makes a lot more sense when you understand it's a neoliberal institution. Just giving people money to work on open source directly would violate state aid/market disruption rules, they aren't allowed to do that because that could negatively impact the profit of some shareholder somewhere. Member states that want to do that even have to ask permission from the commission if they want to give aid to companies [1].
Everything is like that with the EU, they aren't like China that can just put money whereever to develop or fix strategically, rather the EU can't do anything strategically, or fix anything. It's by design they aren't incompetent, that is what market liberalism is. It's core to what they mean when they say "European values".
State monopoly on violence not holding up their end of the bargain - protection from corporate warlords, mafia formations, parasitised infra / networks / orgs. If all legislatively captured or made client in initial conditions, counter strategies need to be parallelised, and quietly. Think Microsoft on bath salts, and fevered dreams of an annihilation and renewal, toward pillaging and killing, benevolently, in totalising systems of surveillance, God-like and as "natural" aristocracy, all curled flesh and bone and sinew, the monstrosities and cyborg-aberrations of declining empires, searching and seeking and grasping for the next.
I wish there was somewhere I could earnestly and intelligently have discussions about EU related tech and tech policy, but HN isn't it. As you can see already in this thread, there's 14 comments besides mine and they are 100% negative, and about 95% low effort/reactionary.
Of course there's a lot to criticize and also to appreciate about the EU. But this is supposed to be a forum for intelligent, thoughtful discussion and yet as soon as the EU gets mentioned it basically turns into reddit.
Mastodon works fairly well for that I think.
It's not only HN. You can see big tech media hate against any effort europe does. Everybody is mocking europe for building 10 years old chip fabs or their measly small unusable clouds or bad startup scene.
It's interesting because not that long ago nobody cared about what europe did in tech. Or more like everybody was fine with the fact that europe imported computers and exported something else. It was like that forever. I am not sure where this is coming from. It almost seems like even these weak efforts might mess up with somebodys business.
It’s even more interesting because a big supply chain problem during Covid were related to old chips used in tons of mechanical engineering products, like cars. Given that experience you could argue that the old fabs are much better value for money for resiliency.
All great, but I would love EU and (national, local, ...) governments in the EU simply use the open source stuff already available.
Often there is an 'you must open source, unless you explain why not' and then there is some faff about why they really need to be buying more stuff from Microsoft (which is more and more cloud stuff and thus under the CLOUD act etc.)
Time to get rid of the 'unless' bit.
Although I usually come up negative on my The Year of Linux Desktop comments, that would already be a starting point.
Unless EU citzens are able to easily walk into FNAC, Vobis, Cool Blue, MediaMarket, Carrefour, Publico,.... and come out with a laptop or desktop with e.g. SuSE Linux already set up, this will always be a niche thing from nerds assembling their own PCs, or finding their ways into Tuxedo and co.
And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
I do not think I want my public sector running GNU/Linux desktops. There is no distro that meets the security requirements.
I don't know if Windows is better, I have heard rumours that it's pretty bad.
I know MacOS is MUCH better from a security PoV but I definitely don't want my public sector shelling out to Apple and I don't think it meets the boring IT management requirements anyway (I think big tech has a lot of crazy workarounds to make their MacBook fleets workable).
So yeah overall no good options here. I would love to see the EU fund development of a better distro for this usecase, but doubt it's the highest ROI thing you can do in this space.
I think that SUSE and RH can definitely work well in a fairly secure setting as needed. I certainly don't think it's any less secure than your typical corporate windows setup.
I don’t get your comment. They can make a distro secure enough for government use. It’s not like it’s alien technology only the US have, that you need to buy Apple or Microsoft.
It would certainly be the highest ROI to have a local, open system built (by funding) local enterprises. Who knows, maybe a slice of the private sector might adopt it instead of sending money overseas.
In what aspect does GNU/Linux not meet EU sovereignty security requirement, but two American companies do?
Other than the elephant in the room that most FOSS projects are anyway sponsored by US companies, that is.
Sounds like the Linux is still the least worst? There is at least possibility of having secure and quite independent machine. The question is not about distro, it's who does the support and how it's all put together. There are big vendors who sell linux to enterprises that for sure have to be highly secure.
> I do not think I want my public sector running GNU/Linux desktops. There is no distro that meets the security requirements.
Windows being a buggy spyware wouldn't
If actors in the EU are serious (I have my doubts, as so far I see nothing more than riding recent anti-Trump sentiment in a hope to win popularity contest) they cannot rely on volunteer effort and gluing bunch of unrelated FOSS projects.
It is not enough to fund a new distro. EU needs its own OS (may be based on Linux, sure) and it needs to fully control it. Otherwise it will end up like most other FOSS projects, full of personal drama and technical bike-shedding.
> And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
This is the big thing.
Even as a massive nerd, I keep trying various distros and going "meh" and right back to MacOS.
There is definitely a lot of this happening, e.g. this is a 'collaboration suite for civil servants' that's basically a collection of existing open source projects
https://github.com/MinBZK/mijn-bureau-infra/
They show all the components they use here https://minbzk.github.io/mijn-bureau-infra/docs/category/com... and have set up guides for departments to operate it all on Kubernetes
I'm guessing from my own use of NextCloud, Matrix etc that this will simply be deemed not good enough compared to Google Workspace or Microsoft WhateverItsCalledNow as these things are pretty rough around the edges in my experience, but this looks like a good step in the right direction to me
All laudable efforts, but I'd love for my Dutch govt to actually use these broadly. With the support behind it to file down those rough edges for the benefit of all.
I like the thing the French have been cooking up, La Suite Numerique: https://github.com/suitenumerique#%E2%84%B9%EF%B8%8F-about-l...
It looks much more polished than a lot of the existing open source tooling, they've been building a lot of stuff in-house and really been paying attention to UX (which imo is the biggest problem with a lot of existing FOSS solutions).
I have high hopes this'll become a viable solution going forward, maybe even for non-gov users.
Will EU mandated backdoors be open source too?
> When it describes how the groundwork might be laid for mandating encryption backdoors, the EU chooses to use euphemisms such as creating roadmaps for “lawful and effective access to data for law enforcement” and seeking “technological solutions for accessing encrypted data.”
https://reclaimthenet.org/eu-protecteu-strategy-encryption-b...
> European Commission pushes for encryption ‘backdoors’
https://brusselssignal.eu/2025/04/european-commission-pushes...
I have so many mixed feelings about it. I mean there OSS software already, nobody prevents its use. It would have been better to just give OSS grants to SMEs who use OSS that originates in EU. But this is internet we are talking about, if I have an OSS repo and it contains contributions from Chinese or US citizens, is it still EU OSS? The core underlying issue is that nobody is incentivised to use EU “only”, if that changes the you will see the results. It does not even talk about devs like me who create such software.
A challenge they forgot to mention is EU‘s very own new Product Lianility Directive.
Although the Directive exempts free and open-source software (OSS) from strict product liability, it does so only if the software is developed or provided outside the course of a commercial activity.
As soon as a company integrates OSS into its own commercial product or uses it for economic purposes, the company becomes liable for any potential defects in the open-source component.
Looks Like fun for freelancers and companies who get Clients thanks to their Open Source projects, for example.
Empty words. Without changes to anti-circumvention laws, safe harbor commitments for security researchers and serious funding for foss projects nothing is going to change.
is any money going into it, or are they just "supporting"?
There is money but it's all vague and hard to get and usually with tax breaks instead of just money. I would opensource everything we built, but I have to eat something so it'll be when I die and/or the company is sold and/or we earned enough to make everyone eat during their life (with some reasonable amounts that assume hyper inflation won't happen) (it is contractually arranged). Many EU gov institutions use our software and would LOVE for us to open source it - they would immediately stop paying.
Virtue signaling
EU politicians are bought or compromised as they keep buying American BigTech. You can't be THAT stupid, sorry.
I think unless they have some alternative to Github (Codeberg yes) but with comparable number of repo's this strategy does not yet look very encouraging. Difference between number of open repos is huge, about 100 times
Just a reminder that "Made in America" Truth Social is an EU funded Open Source project.
Is it?
Its built on Mastodon
Always the same broken pattern of the EU: throwing shitload of money to the big actors of a field without really a coherent strategy or a real control of how the funds are used.
Like that, a few companies are specialized in sucking public funds and delivering nothing. Or just the minimum to say that they did something.
Again here, no money will be directed to the thousands of core and essential OSS projects that are maintained by individuals without a corporate backing. Or to the individual contributors that are the key to these stacks.
Instead, the only one that will be able to get money, legally per EU policy, will be consortium of suckers and eventually nice but useless researchers in University...
> Like that, a few companies are specialized in sucking public funds and delivering nothing. Or just the minimum to say that they did something.
Agreed. Fraunhofer institute in Germany is a prime example.
The pattern is not broken, it works as designed. This is mostly a money-pump from government(s) to private interests, mostly sitting in large IT houses.
> Like that, a few companies are specialized in sucking public funds and delivering nothing.
Not just public, private funds as well. Typical EU, I call that helicopter regulating: you see a problem, throw a regulation at it, then close you eyes.
GDPR pop-ups are the most obvious example, but there are so many more.
For instance, now apparently companies can opt to send payslips digitally instead of physically (paper). Of course, some smart ass nitpicked that employees could loose or change their mail address, so the company is now forced to store digitally delivered payslips in some kind of European-hosted vault for 10 years. And since no sane company want to be liable for that, we now have a wonderful ecosystem of trash "payslip digital vaults" startups, which companies use to proxy-send employee payslips.
So in essence, my company is now sending my payslips (with name, address, contact details, compensation breakdown, etc) to a stupid start-up with egregious ToS, just because "send it by mail and let the employee back it up" was too simple. Thanks !!!
They didn't even bother removing the typical AI slop from the text, lol
To people confused or wondering why it's too little, too late, too incompetent, etc.:
The EU makes a lot more sense when you understand it's a neoliberal institution. Just giving people money to work on open source directly would violate state aid/market disruption rules, they aren't allowed to do that because that could negatively impact the profit of some shareholder somewhere. Member states that want to do that even have to ask permission from the commission if they want to give aid to companies [1].
Everything is like that with the EU, they aren't like China that can just put money whereever to develop or fix strategically, rather the EU can't do anything strategically, or fix anything. It's by design they aren't incompetent, that is what market liberalism is. It's core to what they mean when they say "European values".
[1] https://competition-policy.ec.europa.eu/state-aid/overview_e...
State monopoly on violence not holding up their end of the bargain - protection from corporate warlords, mafia formations, parasitised infra / networks / orgs. If all legislatively captured or made client in initial conditions, counter strategies need to be parallelised, and quietly. Think Microsoft on bath salts, and fevered dreams of an annihilation and renewal, toward pillaging and killing, benevolently, in totalising systems of surveillance, God-like and as "natural" aristocracy, all curled flesh and bone and sinew, the monstrosities and cyborg-aberrations of declining empires, searching and seeking and grasping for the next.