The EU Open Source Strategy

If the headline was "EU invests 100B into open source to further independence from US", I imagine things would be different. But right now it's "we have intentions to have plans about tech and open source in the EU sometime in the future".

You dislike criticism? I find criticism an important part of discourse and discussion. HN is very clearly not anything like reddit - just the insane amount of censorship on reddit alone, is already one argument against that claim. Many more could be given. I have been using reddit in the past for many years, so I know how reddit changed. Not that everything is perfect on hackernews; I dislike the "you are posting too much" limitation, for instance. But we don't have over-eager censor-mods here whereas that was locking down numerous interesting discussions on reddit.

With regards to the EU situation: the EU is in a very strange situation. On the one hand it is doing good things; this then gets cancelled by the EU commission acting as a pure lobbyist group, as well as a huge army of bureaucrats who want more and more money and dream about assimilating more and more countries, which makes zero sense. Whether the EU will succeed with regards to their open source strategy or not, who knows. What I do know is that individual countries, such as France or the Netherlands, are quite intelligent when it comes to good decisions (Germany is absolutely undermined by lobbyists, so it is totally paralysed here); I am not convinced the EU is in a similar situation. It would have to be reformed, but people in Brussels don't want to see their job axxed away, so nothing will improve here.

My recommendation is that if you are unhappy, go and talk about it - but don't expect others to turn to your assumptions about how a discussion should happen when it comes to the EU, because they may not share your opinion here.

I want the US tech community to continue thinking of us as some sort of technological backwater. Ridiculing and deriding us, so they never see as any place where they are welcome. Since given the last ten years, they pretty much aren't. There's basically little to nothing that US tech services have to offer Europe.

Most EU initiatives have damaged everyday UX on the web and in tech. Yes, some malicious compliance has played a role by over-reacting to well-intended regulations. But overall the EU has brought this upon itself.

This specific Open Source Strategy memo is typical. It's in fact not a strategy but a list of key goals and requirements, put together in technocratic jargon. It will have zero effect on the actual open source ecosystem.

It's interesting because not that long ago nobody cared about what europe did in tech. Or more like everybody was fine with the fact that europe imported computers and exported something else. It was like that forever. I am not sure where this is coming from. It almost seems like even these weak efforts might mess up with somebodys business.

Free to copy this code base https://github.com/lobsters/lobsters

- CRA (cyber resiliency act): Manufacturers must handle and release security patches for vulnerabilities, and developers are required to report actively on exploited vulnerabilities and breaches.

- PLD (Product Liability Directive): A failure to provide critical security updates or the presence of exploitable vulnerabilities can now legally constitute a "defect" and if defective software causes physical harm or property damage, manufacturers are strictly liable and cannot contractually exclude or limit this liability.

And the kicker is this: Non-commercial open-source software is generally exempt from these commercial liability frameworks. However, if an open-source component is integrated into a commercial, for-profit product, the responsibility shifts to the corporate manufacturer.

So good luck making some money of your open source project where the risk outweighs any potential profit, or integrate an open source project into your commercial offering.

"Support uptake of open source alternatives to proprietary solutions together with Member States and the Digital Commons EDIC — cloud, workplace tools, secure e-mail, decentralised social media."

BTW, the EU also plans for a energy transformation, being a military powerhouse, surveillance state - what else could be wish into reality?

My impression in general is that there is rather a very EU friendly view here on HN in general, but HN is critical of everything.

So I also say, lot's of nice words, great that they at least start so late with that now, but more concrete steps would be more welcome.

"Making public administrations anchor users and contributors to open source, through procurement guidance, open-source friendly tendering, strengthening the Open Source Programme Office and its networks, reusable public digital assets and by embedding openness and sovereignty in digital investment decisions"

Because this for example sounds great. But is it very concrete? It sounds like it, but I don't see how it is.

Unless EU citzens are able to easily walk into FNAC, Vobis, Cool Blue, MediaMarket, Carrefour, Publico,.... and come out with a laptop or desktop with e.g. SuSE Linux already set up, this will always be a niche thing from nerds assembling their own PCs, or finding their ways into Tuxedo and co.

And there needs to be some kind of value in actually doing that for normal people, otherwise it will be just like netbooks, most people will return them and ask for a Windows PC, after being "tricked" into getting one of those Linux PCs.

https://github.com/MinBZK/mijn-bureau-infra/

They show all the components they use here https://minbzk.github.io/mijn-bureau-infra/docs/category/com... and have set up guides for departments to operate it all on Kubernetes

I'm guessing from my own use of NextCloud, Matrix etc that this will simply be deemed not good enough compared to Google Workspace or Microsoft WhateverItsCalledNow as these things are pretty rough around the edges in my experience, but this looks like a good step in the right direction to me

https://openwallet.foundation/

For freelancers / oss companies - you can still sell services such as consulting or support - without selling your oss project - then its a service - not a product.

Why not?

Besides, supply chain payments are already a thing and help maintainers like myself already while providing security benefits for corporations.

this is a sure way for grifters to make a boatload of money by lobbying for various projects to be funded.

Agreed. Fraunhofer institute in Germany is a prime example.

Not just public, private funds as well. Typical EU, I call that helicopter regulating: you see a problem, throw a regulation at it, then close you eyes.

GDPR pop-ups are the most obvious example, but there are so many more.

For instance, now apparently companies can opt to send payslips digitally instead of physically (paper). Of course, some smart ass nitpicked that employees could loose or change their mail address, so the company is now forced to store digitally delivered payslips in some kind of European-hosted vault for 10 years. And since no sane company want to be liable for that, we now have a wonderful ecosystem of trash "payslip digital vaults" startups, which companies use to proxy-send employee payslips.

So in essence, my company is now sending my payslips (with name, address, contact details, compensation breakdown, etc) to a stupid start-up with egregious ToS, just because "send it by mail and let the employee back it up" was too simple. Thanks !!!

I think that's a perfect summary.

As an aside, regarding what I would like EU to do in opensource - when American government writes some code, it must be put in the public domain (no copyright). EU doesn't have a similar rule.