I wish there was somewhere I could earnestly and intelligently have discussions about EU related tech and tech policy, but HN isn't it. As you can see already in this thread, there's 14 comments besides mine and they are 100% negative, and about 95% low effort/reactionary.
Of course there's a lot to criticize and also to appreciate about the EU. But this is supposed to be a forum for intelligent, thoughtful discussion and yet as soon as the EU gets mentioned it basically turns into reddit.
I guess the hate is because the EU also invented the following monstrosities:
- CRA (cyber resiliency act): Manufacturers must handle and release security patches for vulnerabilities, and developers are required to report actively on exploited vulnerabilities and breaches.
- PLD (Product Liability Directive): A failure to provide critical security updates or the presence of exploitable vulnerabilities can now legally constitute a "defect" and if defective software causes physical harm or property damage, manufacturers are strictly liable and cannot contractually exclude or limit this liability.
And the kicker is this: Non-commercial open-source software is generally exempt from these commercial liability frameworks. However, if an open-source component is integrated into a commercial, for-profit product, the responsibility shifts to the corporate manufacturer.
So good luck making some money of your open source project where the risk outweighs any potential profit, or integrate an open source project into your commercial offering.
It's not only HN. You can see big tech media hate against any effort europe does. Everybody is mocking europe for building 10 years old chip fabs or their measly small unusable clouds or bad startup scene.
It's interesting because not that long ago nobody cared about what europe did in tech. Or more like everybody was fine with the fact that europe imported computers and exported something else. It was like that forever. I am not sure where this is coming from. It almost seems like even these weak efforts might mess up with somebodys business.
It’s even more interesting because a big supply chain problem during Covid were related to old chips used in tons of mechanical engineering products, like cars. Given that experience you could argue that the old fabs are much better value for money for resiliency.
The thing is that Europe needs to really decouple as much as possible from crazy dictatorships such as Russia or the USA. US companies are part of that toolbox of containment that the USA is presently doing against Europeans.
Sooner or later Europe will wake up. Right now we still have too many lobbyists but this will change - at the latest when key lobbyists are put in jail for many decades. Sadly this also means the current EU commission has to go to jail too.
> Of course there's a lot to criticize and also to appreciate about the EU. But this is supposed to be a forum for intelligent, thoughtful discussion and yet as soon as the EU gets mentioned it basically turns into reddit.
You dislike criticism? I find criticism an important part of discourse and discussion. HN is very clearly not anything like reddit - just the insane amount of censorship on reddit alone, is already one argument against that claim. Many more could be given. I have been using reddit in the past for many years, so I know how reddit changed. Not that everything is perfect on hackernews; I dislike the "you are posting too much" limitation, for instance. But we don't have over-eager censor-mods here whereas that was locking down numerous interesting discussions on reddit.
With regards to the EU situation: the EU is in a very strange situation. On the one hand it is doing good things; this then gets cancelled by the EU commission acting as a pure lobbyist group, as well as a huge army of bureaucrats who want more and more money and dream about assimilating more and more countries, which makes zero sense. Whether the EU will succeed with regards to their open source strategy or not, who knows. What I do know is that individual countries, such as France or the Netherlands, are quite intelligent when it comes to good decisions (Germany is absolutely undermined by lobbyists, so it is totally paralysed here); I am not convinced the EU is in a similar situation. It would have to be reformed, but people in Brussels don't want to see their job axxed away, so nothing will improve here.
My recommendation is that if you are unhappy, go and talk about it - but don't expect others to turn to your assumptions about how a discussion should happen when it comes to the EU, because they may not share your opinion here.
No, I love criticism, as long as it's balanced and thoughtful, and invites discussion rather than being knee-jerk reactionary. Please read my comment more carefully.
> No, I love criticism, as long as it's balanced and thoughtful, and invites discussion
You forgot to add "and it matches my worldview of things". Knee-jerk criticism is very fine, like "Microsoft sucks" anytime someone mentions Microsoft. You can just ignore it and move on.
It is not. It is a law to help loser companies benefit from the R&D spend of others. Like message "interoperability" between platforms. Instead of letting the best product win by consumer choice, they're forcing every messaging product to become mediocre. And the list could go on.
Great, now I can install an app on iOS without having Apple's approval or cut, right? No, you cannot. You still report and pay fees to Apple. This is the general trend: EU regulates something it doesn't understand and the result is a mess that companies need to deal with.
All great, but I would love EU and (national, local, ...) governments in the EU simply use the open source stuff already available.
Often there is an 'you must open source, unless you explain why not' and then there is some faff about why they really need to be buying more stuff from Microsoft (which is more and more cloud stuff and thus under the CLOUD act etc.)
Although I usually come up negative on my The Year of Linux Desktop comments, that would already be a starting point.
Unless EU citzens are able to easily walk into FNAC, Vobis, Cool Blue, MediaMarket, Carrefour, Publico,.... and come out with a laptop or desktop with e.g. SuSE Linux already set up, this will always be a niche thing from nerds assembling their own PCs, or finding their ways into Tuxedo and co.
And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
I do not think I want my public sector running GNU/Linux desktops. There is no distro that meets the security requirements.
I don't know if Windows is better, I have heard rumours that it's pretty bad.
I know MacOS is MUCH better from a security PoV but I definitely don't want my public sector shelling out to Apple and I don't think it meets the boring IT management requirements anyway (I think big tech has a lot of crazy workarounds to make their MacBook fleets workable).
So yeah overall no good options here. I would love to see the EU fund development of a better distro for this usecase, but doubt it's the highest ROI thing you can do in this space.
I don’t get your comment. They can make a distro secure enough for government use. It’s not like it’s alien technology only the US have, that you need to buy Apple or Microsoft.
It would certainly be the highest ROI to have a local, open system built (by funding) local enterprises. Who knows, maybe a slice of the private sector might adopt it instead of sending money overseas.
It's not alien tech but it's a basic fact that only the US has it right now.
Yes we could build a serious distro with a massive investment to get Flatpak, systemd, bootc, up to scratch, set up OSS endpoint management software, set up a safe package supply chain, etc. And yes I would love to see it. But I think in the short term the money would be better spent replacing crap like Outlook and OneDrive than Windows. Note this doesn't require building much software it's about figuring out how to run infrastructure in a way that's friendly to the bizarre world of public sector organisations.
Maybe Dunning-Kruger but the latter just seem like much easier problems to solve.
Also totally pointless until we have an OSS web browser that the whole sector can adopt (maybe we already do, but any funding gaps for Firefox should still be addressed before we build our own EuroOS). No point in having a wonderful sovereign OS that just serves as a bootloader for Chrome.
Sounds like the Linux is still the least worst? There is at least possibility of having secure and quite independent machine. The question is not about distro, it's who does the support and how it's all put together. There are big vendors who sell linux to enterprises that for sure have to be highly secure.
I think that SUSE and RH can definitely work well in a fairly secure setting as needed. I certainly don't think it's any less secure than your typical corporate windows setup.
If actors in the EU are serious (I have my doubts, as so far I see nothing more than riding recent anti-Trump sentiment in a hope to win popularity contest) they cannot rely on volunteer effort and gluing bunch of unrelated FOSS projects.
It is not enough to fund a new distro. EU needs its own OS (may be based on Linux, sure) and it needs to fully control it. Otherwise it will end up like most other FOSS projects, full of personal drama and technical bike-shedding.
> And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
This is the big thing.
Even as a massive nerd, I keep trying various distros and going "meh" and right back to MacOS.
Me too, which is why I mostly use Windows as main OS laptop OS since Windows 7[0], however with current geopolitics, eventually we might have to really chose something else, even if the ergonomics aren't there.
[0] - You will find emails from me with M$ like signatures during the 1990s, in whatever archives
There is definitely a lot of this happening, e.g. this is a 'collaboration suite for civil servants' that's basically a collection of existing open source projects
I'm guessing from my own use of NextCloud, Matrix etc that this will simply be deemed not good enough compared to Google Workspace or Microsoft WhateverItsCalledNow as these things are pretty rough around the edges in my experience, but this looks like a good step in the right direction to me
All laudable efforts, but I'd love for my Dutch govt to actually use these broadly. With the support behind it to file down those rough edges for the benefit of all.
It looks much more polished than a lot of the existing open source tooling, they've been building a lot of stuff in-house and really been paying attention to UX (which imo is the biggest problem with a lot of existing FOSS solutions).
I have high hopes this'll become a viable solution going forward, maybe even for non-gov users.
A challenge they forgot to mention is EU‘s very own new Product Lianility Directive.
Although the Directive exempts free and open-source software (OSS) from strict product liability, it does so only if the software is developed or provided outside the course of a commercial activity.
As soon as a company integrates OSS into its own commercial product or uses it for economic purposes, the company becomes liable for any potential defects in the open-source component.
Looks Like fun for freelancers and companies who get Clients thanks to their Open Source projects, for example.
Does this mean that you think a company should not be held liable for defects caused in a product they ship, if the defect is caused by an open source component?
Empty words. Without changes to anti-circumvention laws, safe harbor commitments for security researchers and serious funding for foss projects nothing is going to change.
I have so many mixed feelings about it. I mean there OSS software already, nobody prevents its use. It would have been better to just give OSS grants to SMEs who use OSS that originates in EU. But this is internet we are talking about, if I have an OSS repo and it contains contributions from Chinese or US citizens, is it still EU OSS? The core underlying issue is that nobody is incentivised to use EU “only”, if that changes the you will see the results. It does not even talk about devs like me who create such software.
There is money but it's all vague and hard to get and usually with tax breaks instead of just money. I would opensource everything we built, but I have to eat something so it'll be when I die and/or the company is sold and/or we earned enough to make everyone eat during their life (with some reasonable amounts that assume hyper inflation won't happen) (it is contractually arranged). Many EU gov institutions use our software and would LOVE for us to open source it - they would immediately stop paying.
As far as I know EU is a full slave of Big Tech and does not have the intent to actually break free (it is going to hurt, the more you get into Big Tech, the more it will hurt to break free).
First thing first, restore web sites in a solid security network infrastructure. Namely, noscript/basic HTML.
I think unless they have some alternative to Github (Codeberg yes) but with comparable number of repo's this strategy does not yet look very encouraging. Difference between number of open repos is huge, about 100 times
Always the same broken pattern of the EU: throwing shitload of money to the big actors of a field without really a coherent strategy or a real control of how the funds are used.
Like that, a few companies are specialized in sucking public funds and delivering nothing. Or just the minimum to say that they did something.
Again here, no money will be directed to the thousands of core and essential OSS projects that are maintained by individuals without a corporate backing. Or to the individual contributors that are the key to these stacks.
Instead, the only one that will be able to get money, legally per EU policy, will be consortium of suckers and eventually nice but useless researchers in University...
The pattern is not broken, it works as designed. This is mostly a money-pump from government(s) to private interests, mostly sitting in large IT houses.
> Like that, a few companies are specialized in sucking public funds and delivering nothing.
Not just public, private funds as well. Typical EU, I call that helicopter regulating: you see a problem, throw a regulation at it, then close you eyes.
GDPR pop-ups are the most obvious example, but there are so many more.
For instance, now apparently companies can opt to send payslips digitally instead of physically (paper). Of course, some smart ass nitpicked that employees could loose or change their mail address, so the company is now forced to store digitally delivered payslips in some kind of European-hosted vault for 10 years. And since no sane company want to be liable for that, we now have a wonderful ecosystem of trash "payslip digital vaults" startups, which companies use to proxy-send employee payslips.
So in essence, my company is now sending my payslips (with name, address, contact details, compensation breakdown, etc) to a stupid start-up with egregious ToS, just because "send it by mail and let the employee back it up" was too simple. Thanks !!!
To people confused or wondering why it's too little, too late, too incompetent, etc.:
The EU makes a lot more sense when you understand it's a neoliberal institution. Just giving people money to work on open source directly would violate state aid/market disruption rules, they aren't allowed to do that because that could negatively impact the profit of some shareholder somewhere. Member states that want to do that even have to ask permission from the commission if they want to give aid to companies [1].
Everything is like that with the EU, they aren't like China that can just put money whereever to develop or fix strategically, rather the EU can't do anything strategically, or fix anything. It's by design they aren't incompetent, that is what market liberalism is. It's core to what they mean when they say "European values".
State monopoly on violence not holding up their end of the bargain - protection from corporate warlords, mafia formations, parasitised infra / networks / orgs. If all legislatively captured or made client in initial conditions, counter strategies need to be parallelised, and quietly. Think Microsoft on bath salts, and fevered dreams of an annihilation and renewal, toward pillaging and killing, benevolently, in totalising systems of surveillance, God-like and as "natural" aristocracy, all curled flesh and bone and sinew, the monstrosities and cyborg-aberrations of declining empires, searching and seeking and grasping for the next.
> When it describes how the groundwork might be laid for mandating encryption backdoors, the EU chooses to use euphemisms such as creating roadmaps for “lawful and effective access to data for law enforcement” and seeking “technological solutions for accessing encrypted data.”
Of course there's a lot to criticize and also to appreciate about the EU. But this is supposed to be a forum for intelligent, thoughtful discussion and yet as soon as the EU gets mentioned it basically turns into reddit.
- CRA (cyber resiliency act): Manufacturers must handle and release security patches for vulnerabilities, and developers are required to report actively on exploited vulnerabilities and breaches.
- PLD (Product Liability Directive): A failure to provide critical security updates or the presence of exploitable vulnerabilities can now legally constitute a "defect" and if defective software causes physical harm or property damage, manufacturers are strictly liable and cannot contractually exclude or limit this liability.
And the kicker is this: Non-commercial open-source software is generally exempt from these commercial liability frameworks. However, if an open-source component is integrated into a commercial, for-profit product, the responsibility shifts to the corporate manufacturer.
So good luck making some money of your open source project where the risk outweighs any potential profit, or integrate an open source project into your commercial offering.
https://fosstodon.org seems like a good fit but is invite-only
It's interesting because not that long ago nobody cared about what europe did in tech. Or more like everybody was fine with the fact that europe imported computers and exported something else. It was like that forever. I am not sure where this is coming from. It almost seems like even these weak efforts might mess up with somebodys business.
Sooner or later Europe will wake up. Right now we still have too many lobbyists but this will change - at the latest when key lobbyists are put in jail for many decades. Sadly this also means the current EU commission has to go to jail too.
You dislike criticism? I find criticism an important part of discourse and discussion. HN is very clearly not anything like reddit - just the insane amount of censorship on reddit alone, is already one argument against that claim. Many more could be given. I have been using reddit in the past for many years, so I know how reddit changed. Not that everything is perfect on hackernews; I dislike the "you are posting too much" limitation, for instance. But we don't have over-eager censor-mods here whereas that was locking down numerous interesting discussions on reddit.
With regards to the EU situation: the EU is in a very strange situation. On the one hand it is doing good things; this then gets cancelled by the EU commission acting as a pure lobbyist group, as well as a huge army of bureaucrats who want more and more money and dream about assimilating more and more countries, which makes zero sense. Whether the EU will succeed with regards to their open source strategy or not, who knows. What I do know is that individual countries, such as France or the Netherlands, are quite intelligent when it comes to good decisions (Germany is absolutely undermined by lobbyists, so it is totally paralysed here); I am not convinced the EU is in a similar situation. It would have to be reformed, but people in Brussels don't want to see their job axxed away, so nothing will improve here.
My recommendation is that if you are unhappy, go and talk about it - but don't expect others to turn to your assumptions about how a discussion should happen when it comes to the EU, because they may not share your opinion here.
No, I love criticism, as long as it's balanced and thoughtful, and invites discussion rather than being knee-jerk reactionary. Please read my comment more carefully.
You forgot to add "and it matches my worldview of things". Knee-jerk criticism is very fine, like "Microsoft sucks" anytime someone mentions Microsoft. You can just ignore it and move on.
https://www.macrumors.com/2025/06/26/app-store-eu-rule-chang...
Often there is an 'you must open source, unless you explain why not' and then there is some faff about why they really need to be buying more stuff from Microsoft (which is more and more cloud stuff and thus under the CLOUD act etc.)
Time to get rid of the 'unless' bit.
Unless EU citzens are able to easily walk into FNAC, Vobis, Cool Blue, MediaMarket, Carrefour, Publico,.... and come out with a laptop or desktop with e.g. SuSE Linux already set up, this will always be a niche thing from nerds assembling their own PCs, or finding their ways into Tuxedo and co.
And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.
I don't know if Windows is better, I have heard rumours that it's pretty bad.
I know MacOS is MUCH better from a security PoV but I definitely don't want my public sector shelling out to Apple and I don't think it meets the boring IT management requirements anyway (I think big tech has a lot of crazy workarounds to make their MacBook fleets workable).
So yeah overall no good options here. I would love to see the EU fund development of a better distro for this usecase, but doubt it's the highest ROI thing you can do in this space.
It would certainly be the highest ROI to have a local, open system built (by funding) local enterprises. Who knows, maybe a slice of the private sector might adopt it instead of sending money overseas.
Yes we could build a serious distro with a massive investment to get Flatpak, systemd, bootc, up to scratch, set up OSS endpoint management software, set up a safe package supply chain, etc. And yes I would love to see it. But I think in the short term the money would be better spent replacing crap like Outlook and OneDrive than Windows. Note this doesn't require building much software it's about figuring out how to run infrastructure in a way that's friendly to the bizarre world of public sector organisations.
Maybe Dunning-Kruger but the latter just seem like much easier problems to solve.
Also totally pointless until we have an OSS web browser that the whole sector can adopt (maybe we already do, but any funding gaps for Firefox should still be addressed before we build our own EuroOS). No point in having a wonderful sovereign OS that just serves as a bootloader for Chrome.
Other than the elephant in the room that most FOSS projects are anyway sponsored by US companies, that is.
I am just talking about the pure tech fact that GNU/Linux desktops do not have any meaningful intra-host security boundaries.
Is this a worthwhile tradeoff against being tied to US tech? Yeah maybe, like I said there are no good options here, and Linux might be the least bad.
Windows being a buggy spyware wouldn't
It is not enough to fund a new distro. EU needs its own OS (may be based on Linux, sure) and it needs to fully control it. Otherwise it will end up like most other FOSS projects, full of personal drama and technical bike-shedding.
This is the big thing.
Even as a massive nerd, I keep trying various distros and going "meh" and right back to MacOS.
I have simply given up
[0] - You will find emails from me with M$ like signatures during the 1990s, in whatever archives
https://github.com/MinBZK/mijn-bureau-infra/
They show all the components they use here https://minbzk.github.io/mijn-bureau-infra/docs/category/com... and have set up guides for departments to operate it all on Kubernetes
I'm guessing from my own use of NextCloud, Matrix etc that this will simply be deemed not good enough compared to Google Workspace or Microsoft WhateverItsCalledNow as these things are pretty rough around the edges in my experience, but this looks like a good step in the right direction to me
It looks much more polished than a lot of the existing open source tooling, they've been building a lot of stuff in-house and really been paying attention to UX (which imo is the biggest problem with a lot of existing FOSS solutions).
I have high hopes this'll become a viable solution going forward, maybe even for non-gov users.
Although the Directive exempts free and open-source software (OSS) from strict product liability, it does so only if the software is developed or provided outside the course of a commercial activity.
As soon as a company integrates OSS into its own commercial product or uses it for economic purposes, the company becomes liable for any potential defects in the open-source component.
Looks Like fun for freelancers and companies who get Clients thanks to their Open Source projects, for example.
Why not?
First thing first, restore web sites in a solid security network infrastructure. Namely, noscript/basic HTML.
Like that, a few companies are specialized in sucking public funds and delivering nothing. Or just the minimum to say that they did something.
Again here, no money will be directed to the thousands of core and essential OSS projects that are maintained by individuals without a corporate backing. Or to the individual contributors that are the key to these stacks.
Instead, the only one that will be able to get money, legally per EU policy, will be consortium of suckers and eventually nice but useless researchers in University...
Agreed. Fraunhofer institute in Germany is a prime example.
Not just public, private funds as well. Typical EU, I call that helicopter regulating: you see a problem, throw a regulation at it, then close you eyes.
GDPR pop-ups are the most obvious example, but there are so many more.
For instance, now apparently companies can opt to send payslips digitally instead of physically (paper). Of course, some smart ass nitpicked that employees could loose or change their mail address, so the company is now forced to store digitally delivered payslips in some kind of European-hosted vault for 10 years. And since no sane company want to be liable for that, we now have a wonderful ecosystem of trash "payslip digital vaults" startups, which companies use to proxy-send employee payslips.
So in essence, my company is now sending my payslips (with name, address, contact details, compensation breakdown, etc) to a stupid start-up with egregious ToS, just because "send it by mail and let the employee back it up" was too simple. Thanks !!!
The EU makes a lot more sense when you understand it's a neoliberal institution. Just giving people money to work on open source directly would violate state aid/market disruption rules, they aren't allowed to do that because that could negatively impact the profit of some shareholder somewhere. Member states that want to do that even have to ask permission from the commission if they want to give aid to companies [1].
Everything is like that with the EU, they aren't like China that can just put money whereever to develop or fix strategically, rather the EU can't do anything strategically, or fix anything. It's by design they aren't incompetent, that is what market liberalism is. It's core to what they mean when they say "European values".
[1] https://competition-policy.ec.europa.eu/state-aid/overview_e...
> When it describes how the groundwork might be laid for mandating encryption backdoors, the EU chooses to use euphemisms such as creating roadmaps for “lawful and effective access to data for law enforcement” and seeking “technological solutions for accessing encrypted data.”
https://reclaimthenet.org/eu-protecteu-strategy-encryption-b...
> European Commission pushes for encryption ‘backdoors’
https://brusselssignal.eu/2025/04/european-commission-pushes...