To all the people saying that this is nothing new: to me the key point here is that the author of this article, Bert Hubert, isn't your average activist / purist linux hacker. He's at least somewhat influential in government circles, in that he has held various government IT consulting positions and is listened to by lots of government IT workers. He's one of the few people I know of who deeply understands how tech works, and also deeply understands how government works (at least the Dutch government). He's also a frequent guest in radio and TV shows and the likes.
I'm hoping that this article acts as a catalyst for the Dutch government, and other EU governments, to move everything away from American clouds.
I certainly don't blame the activists for governments refusing to listen, but this threat was clear at least 15 years ago and I would expect someone as knowledgeable as Bert Hubert to have perceived it at the time.
Is the idea that they're more ready to listen and take action because of recent executive changes in the US, even though the cost of doing so has gone up by 100-1000x and the possibility of a joint retaliation from US tech giants and the government working in concert is now much higher?
I hope you're right, but one of the rough dislocations of the present moment is the disconnect between how europeans conceive of their sovereignty and the reality of their economic, military, and cultural fragility in their relationship with the US and US companies.
No amount of grandstanding rhetoric and appeals to "courage" changes that if there are any serious economic consequences (caused by US/corporate coercion or otherwise), the government would likely fall and be replaced by someone more amenable to the status quo. What feels like a small price to pay for someone focused on security long-term may be an unacceptable price for someone focused on short-term outcomes in their political fortunes.
> Is the idea that they're more ready to listen and take action because of recent executive changes in the US, even though the cost of doing so has gone up by 100-1000x and the possibility of a joint retaliation from US tech giants and the government working in concert is now much higher?
I believe so, yes. I don't think Americans realize how profoundly the last few weeks have affected European political thought. It'll take a while before you see concrete changes. Europe is like a mammoth tanker, slow to change direction, but practically unstoppable. I believe that it's more likely now than ever before for European governments and businesses to sever their dependency on American technology. Lots of comments in this thread explain how hard this is, how big the feature gap between, say, AWS and OVH is, but as a European entrepreneur I gotta say, this looks a lot more like an opportunity than a problem to me.
Preferably all in the same place and at least somewhat integrated with each other. I'm not spelling out logging, auditing, IaC and other supplementary features but rather core functionality.
That seems to me like a minimal set of services a cloud provider must offer so that clients would work on "service assembly" instead of "building from scratch" or "integrating integration-hostile products".
The concerns expressed seem a bit silly, unless the various Euro systems didn't take the very basic approach of using open standards and avoiding lock-in. Oh, and they should be backing up their data somewhere besides "in the cloud".
If those very basic precautions had been taken, migrating to a Euro cloud, or a private environment (open cloud stack) would be trivial.
If not, a lot of people should be fired...but granted, there are a lot of stupid people out there...
All that said, I'd say the concerns around this are vastly overblown.
“the very basic step” is a lot less basic than you imply.
There’s a million little proprietary APIs and the temptation to glue one to another, especially circumstances like AWS where they use lambdas for basic functionality that should have been just provided by the cloud provider itself.
Why do you say that the cost of throwing out American tech giants has gone up by 100-1000x compared to 15 years ago?
I mean before everything became cloud/SaaS, American software companies were still essential to most European business and governmental operations. It was just on more traditional server/desktop systems?
I hope so too, but move where? Does Scaleway or UpCloud or any other EU cloud provider have comparable offerings? Sure, if everything you have is running on containers or VMs, the stuff is easy to port to Hetzner et al., but what to do with the cloud specific apps (Azure functions etc.)? Rebuilding those for other platforms is probably a no-go unless the Union pours billions into supporting this.
Though I've cursed it for years, I'm increasingly glad our org's cloud migration has been so slow that we've only now rolled out the first apps. Pretty much everything we've build can be run anywhere we want, so if it's time to drop the ball and go back to onprem, we've not wasted anything but time on setting up the base
Coming from IT land, the answer is simple: you don't use them in the first place, and you grit-and-bear the replacement cost if and when the time comes. This is a negative on my research notes, slide decks, and papers when it comes to evaluating various cloud platforms for our workloads, and yet it's also the number one reason we're forced into a specific provider (some leader loves their proprietary tooling, and forces us to use it).
Look, I'm not saying these proprietary tools are bad, per se, just that they have a steeper cost than initially presented to the consumer in terms of architecture complexity and inevitable migration. The very first question you should be asking before consuming niche or proprietary products from vendors is, "Can I do this in a standard way that's more portable?" For stuff like Azure Functions, the answer is emphatically yes - but it comes at the cost of managing additional infrastructure, which is often the main reason companies want to use those tools in the first place (a misguided notion about throwing out infrastructure to save money).
As for the solved problem of compute (VMs and Containers), well, literally any cloud provider should have that ready to go. The question is whether or not your org is willing to retain the talent needed to build and support your clouds internally, or if they'd rather pay higher outsourcing costs with vendor lock-in instead.
One thing that isn't so simple, even if you stuck to VMs or docker containers, is the networking.
The networking stack in Azure or AWS are so different that they require a different mindset to work, especially securely. If your networking needs are simple you are very lucky.
You can have a very complex networking infrastructure with very simple proxies and network segmentation. What specific feature do you have in mind. Load balancing and resource synching?
Often there are proprietary solution to proprietary problems you would otherwise not have in the first place.
I used AWS for a long time but I am back to hosting myself. What arcane network requirement would that entail? I don't think there are benefits even for government scale problems.
Anything involving private links to other organisations, cloudflare or API management to multiple endpoints scattered over on prem and hosted. I would hope you could avoid most of the pitfalls by avoiding the proprietary solutions but sometimes there is no feature parity between host services and you might be stuck.
The private links in Azure are particularly specific.
I mean, networking in general is difficult and complex. While most of my work is in the "systems" realm of IT, my formal education was primarily in the networking side of things with systems as an "also-ran". The complexities of public clouds like AWS and Azure isn't so much new complexity in networking, but a deliberate change in vocabulary and implementation of existing concepts to justify the higher salaries of those certified on a given cloud. After all, if it was the same process to implement, say, HAProxy on AWS as it was on-prem, then the illusion of "new" is shattered and customers might realize they're just paying more money for their same infrastructure, but with shiny new terms and a more consistent API/CLI experience.
After you translate the vocabulary, the process is pretty similar until you get to security items, like ACLs or packet-inspection firewalls. You're still setting up VLANs in the form of subnets, routers in the form of transit gateways, sites in the form of VPCs, inter-site connectivity through peering connections, you get the idea.
If there's one thing I've learned in my IT career, it's that most "new" ideas are just rebrands of existing concepts, and that the real expertise comes from being able to translate marketing-speak into concrete, interchangeable fundamentals. Public Cloud is, largely but not entirely, no different in this regard.
For hosting their government's own specific computing needs, and assuming a respectable GDP, they can build their own datacenters (pretty trivial) and hire contractors to build cloud computing environments (more challenging).
Open source cloud isn't too hard. There's OSS for about 80% of software needed for a cloud computing service provider, and you fill in the rest with proprietary and custom stuff. There's already several providers (one in the US, several in the EU/other countries) that offer "public cloud" using OpenStack. They literally give you, the customer, your own OpenStack cluster, and bill you for what you use. It's insanely easy and powerful. Yet everybody still uses the more popular providers (DO, Hetzner, Scaleway, etc), despite the fact that they all have proprietary interfaces, without anything close to feature parity with OpenStack. I guess people really like vendor lock-in and lack of features.
The hardware is more challenging to source; the chips all come from Taiwan or China, and the US and China make most of the good hardware.
For private business in their country, they might offer grants and tax incentives to EU companies to build out more local cloud hosting services. But since it's the EU I'm sure it's massively more complicated than that.
Rackspace where the archetypal provider and they sucked. The irony is I've only actually ever really seen internal open stack instances, providers for whatever reason seem to prefer to roll thier own
- The one I have experience using is Genesis Hosting out of Chicago. Their website looks like it's from 1997, because it is from 1997... But they provide a nice OpenStack solution that works well.
- I haven't used Vexxhost, they seem to provide something OpenStack-related, but their website is all marketing bullshit, so I have no idea what you actually get.
- RamNode seems to provide access to the OpenStack API.
In Europe:
- OVH Public Cloud is still short on details, but based on some verbiage buried in the marketing BS, it looks like you do get an OpenStack interface.
- Open Telekom Cloud by T-Mobile seems to give you an OpenStack interface.
- Acville Cloud is based in Romania.
- Cyso Cloud (formerly Fuga Cloud) is based in the Netherlands.
- IntoVPS seems to provide its services on OpenStack, but no idea if the API is open. They build a custom OpenStack console called Fleio.
Well as someone who's actually used them as a customer, OpenStack hosting providers do give more functionality than DO, Hetzner, etc, plus they have an open API. None of them compete with the "big 4" public clouds (everyone forgets Oracle is still around...) but if all you want is IaaS then you don't need them.
I know OpenStack is a tire fire to maintain, I've worked with it for large-scale on-prem data solutions. But if a company wants to kill themselves to maintain it for me, I'm happy to pay for the privilege.
Being a customer of an OpenStack provider isn't exactly a picnic. I could show you a long stack of support tickets from all of the things constantly going wrong.
Given a long list of support tickets vs Effectively relying on responsible stewardship by Musk and the King of America, I suspect there will be many a developer who find the long list of ticketed issues to be the less hard problem to tackle.
There are sadly a lot of "sky is falling" type people out there yes. This is why we have to determine a threat model before we implement a security response...
But that's also the point of my other comment in the thread -- a French company builds basically all of the physical infrastructure that datacenters run on. This attitude can be applied both ways.
> OpenStack is a cluster of poorly-interoperating, poorly-documented products -- The customer experience is fucking terrible.
I assume you were unfortunately a victim of Mirantis/Fuel/Puppet/Mcollective... or one of the 'converged' solutions.
While I wouldn't call OpenStack "fun" Especially in the Essex to Icehouse era, where vendors seriously impacted the code stability...It is just a well documented collection of separate components that interact using REST api's and RPC like calls over a message bus.
Nvidia, Cern, JPL, and lots of smaller companies that need private clouds and have the expertise are still running OpenStack.
For me the main value is the ability to have portability between public and private.
If you just use the ansible playbooks included in every OS repo, it is pretty easy to roll your own deployments that are quite easy to maintain if and only if your company is mature enough to follow that model and isn't subject to the soicotechnical issues that plague containers too.
While the workflow changes, the hard parts of OS and k8s, including networking, monitoring, etc,.. are exactly the same.
As a random example of what always screws this up let me point at kubespray, which is not unique at all.
That is because, like many projects, they didn't respect the natural boundaries of the node components, and they are now paying the price for that debt.
k8s and OS from an infrastructure point of view are equal in complexity. It isn't instantiating a container with CRI foo, or libvirt command bar that is the hard part.
It is the distributed computing, virtual networking , resource allocation, federation, API's etc... that is hard.
Note, if you think that the "OS is dead" for all needs, especially in the telco space, you may want to dig into what containers actually are. They are just namespaces running on an OS, and it will still be horses for corses as to what is appropriate.
Especially if you are using the easy ways of instantiating hardware for k8s, almost all of them are highly insecure by default and you are going to have to dig into the same style of systems with similar components or you will have a leak of data at some point.
I wish there was something better than OS, but if you use a dev mindset and not a glass house IT mindset it is a very useful tool that may be the least worst option for you for some needs.
No and No. It's not about the complexity of it or being any worse/better than K8s.
It's about the endless bugs and regressions and laundry list of stupid problems caused by inadequate processes by OpenStack developers.
For example, let's say you're running Cinder v3. Cinder 3.59. You want to get the volumes that you have attached to an instance, so you curl the API:
/cinder/v3/<instance id>/attachments. You get a 404.
You get a 404 because you didn't pass this header: "OpenStack-API-Version: volume 3.27". Because Cinder defaults to Cinder 3.01 behavior even when you're running 3.59. Attachments were only added in 3.27. So even though you're trying to curl a route that wouldn't even exist in 3.01 and you're running a version clearly later than 3.27, the API responds as if it's Cinder 3.01 unless you specifically tell it to do otherwise.
And this is just one of the laundry list of stupid situations that I can remember off the top of my head.
When the thing isn't otherwise failing all the time.
That isn't a bug, that is correct behavior under their contract model (which I will admit isn't my favorite).
It is common for message based systems for the target system to own the contract, and they have both the / and /v3/ endpoints that you can grab the version information from.
While I personally prefer the URL method, when versioning through custom headers, if you bump the API without that custom header, you will break way more than returning correct behavior for the minimum supported version, enforcing backward compatibility for API's is generally considered a best practice.
Note:
> If the OpenStack-API-Version header is not provided, act as if the minimum supported version was specified.
Scaleway at least is genuinely not a bad alternative for this kind of thing already today - they do have plenty of managed services like serverless functions, object storage, queues, etc, in addition to the simple VMs and container hosting.
Scaleway (and I say this with very deep sadness) is pretty bad in terms of reliability right now, there are at least a couple big outages every year over the course of last few years that I've been using them.
Admittedly they have a new CTO who according to our support agent is very focused on improving that, so here's hoping, because otherwise their tech offering is very convenient.
OpenFaaS is one option for your functions. Knative is pretty good as well for the bulk of your applications without exposing developers to kubernetes directly. Between that and Crossplane I think you have all the pieces needed to move away to a self hosted solution where you are managing either metal or VMs through a hosting provider.
I’m not sure what this looks like outside of the US, but colocation providers offer racks of machines, or to host your machines, while providing access to cheap bandwidth and peering capabilities. It’s absolutely possible to move away from the major cloud providers. However, it will require a degree of investment within your organization to support these deployments no matter which you choose, which could be a new investment compared to using AWS, GCP or Azure.
You need teams of people, the good news is that they're available here. It's not hard as such just requires time and money (quite a lot).
It's not just kubernetes and openFaaS, what about that thing that's a virtual appliance and requires a VM, now you need KVM. Network and firewalls? Storage as in fully replicated cannot ever lose a byte or have it unavailable storage? Object as well as block. Databases, point in time restores/backups/automated maintenance for postgres and then you've probably got a mssql server for that one app, and mysql for that other app.
It becomes just a fairly massive task back in the real world.
OpenStack out of the box does KVM, network, firewalls, NVFs, orchestration (via native heat or terraform), and with the Magnum component can launch k8s, Mesos, or Swarm largely automagically. Storage is typically via ceph (which does block, object [supports Swift/S3 protocols] and filesystem) and supports snapshots and is fully replicated. Sadly the managed database service didn't make it far, but with Heat or Terraform it's pretty easy to spin up a VM holding your DBs. The native FaaS service, Qinling got deprecated a while back. Secrets management via the barbican component. Web interface via the horizon component.
I'm not too familiar with the whole range of AWS offerings, but I really think aside for DBaaS and FaaS OpenStack can cover pretty much everything someone would need, especially combined with Ceph for storage.
Yes, I'm aware. It doesn't reduce or negate the need for a team responsible for running storage and understanding how it works, then a team owning databases (probably with some development resources too) and so on.
It actually takes work to setup and run we are not just installing some packages and then pretending you can scrap aws.
AWS EBS volumes (except io2) have an annual failure rate of 0.2%, so if you have 1000 running statistically you will loose 2.
For io2 it's 0.001%, but still not 0.
> People also fool themselves that special keys and “servers in the EU” will get you “a safe space” within the American cloud. It won’t.
The problem isn't sneaky backdoors, the problem is that the King of America can order Google to shut that thing down and Google will have no choice but to comply.
Well, the thing I was referring to isn't GCP regions with data residency requirements. It sounded like a clone of the entire stack installed on hardware owned by the customer government.
I guess the King of America could still shut down the ability to provide support updates.
Only if the systems operate in within their jurisdiction. Systems residing outside of their jurisdiction are not susceptible to the same policies and requests. Most cloud providers in international spaces provide secure government solutions that are designed around the regional policies.
That seems naive or not responsive to the comment. If the US government tells Google to shut down all international sites/servers, or it will cease to exist in the US, I don’t think “but the servers aren’t in the US” will really matter.
I also don’t think anyone can count on extra-judicial demands from the current executive branch.
Then the government of said country will just force the local company to separate from its us parent company. Don’t forget these regions/servers are usually owned by local subsidiaries.
Not really, the whole point of this type of cloud offering is that it doesn't phone home to Google / the US. Sure, it will be left to the partner to support all of it, but it can't be shut down from one day to the other.
If Google isn't able to shut it down or providing the infrastructure necessary to keep it running in some way, why pay them at all? Whatever path towards work that you say could happen to support it in the future could just happen now instead. If that's too expensive for the customer or the local partner to consider, I have to question what this setup is even helping hedge against at all, because the whole point of it seems like it should be for the customer to be able to put in whatever work they need to up front to be able to avoid being forced to deal with it on a timetable they don't have control about in the future.
It sounded like Google was providing all the software necessary to use a cloud system effectively, including IAM. And you could get all of the other GCP services like BigQuery or PubSub etc. I don't remember what it was called though.
So that seems to be the value add. Of course the software will eventually need updates...
In France we have https://www.s3ns.io/ which is a Google / Thales partnership, where Thales owns 90% of the company, handles the datacenters and Google provides the software and the updates without touching the servers themselves.
They are about to go live in a few months.
This is a good option IMHO, and we're about to migrate some of our workload (currently 100% on AWS) on it.
We use EKS, RDS on standard PG, SSM and S3. S3 is a standard now, SSM can be replaced by something else fairly easily, EKS and RDS are just managed open-source software. So it's mostly an added burden on the devops side.
What happens if Google is no longer allowed to provide software updates due to trade restrictions, sanctions or executive orders? Does Thales have a copy of the source code and the capability of keeping it up to date themselves?
People who build vendor locked applications are making a short-sighted decision. Call me old-school, but vendor lock-in benefits developers more than businesses. Agree that they can learn new shuny things. A well-built application should run seamlessly on any Linux-based system without unnecessary dependencies on proprietary ecosystems.
The real moat is Azure AD and Exchange. The government IT teams I know can operate a fleet of VMs just fine, but they need email and identity management handled for them.
> but what to do with the cloud specific apps (Azure functions etc.)?
Don't build them. Vendor lock-in is a real problem: even if there are no political issues, it's a business risk because they can charge you whatever they want.
Also, the cost of migrating off these things is usually overestimated. It's an HTTP request, for crying out loud.
Fully agree with you there - building cloud-only stuff has always seemed foolish to me. Even Azure Functions can be done as e.g. simple C# programs which would be trivial-ish to port ovee to VMs.
But my concern is for those that have built something as Azure/AWS only, who are now stuck with the bed they've made. Sure, there are lessons to be learned here, but if the volume of these is too high, then there will be pushback on any meaningful change since it will be too expensive
If that's the price tag, then I fear that "let it slide" will win the vote when governments decide what to do. Put another way, if the effort of making a change could be lowered, it's more likely that a change will be attempted
by the course of looking for programming job, i have scanned hundreds of job-ads, incl. governmental. everybody-and-his-dog requires AWS/Azure/GCP knowledge as if it matters thaaaat much. These cloud-y things have become a mandatory buzzword, and i am not talking about sysadmin/devops.
In my last gig the system was kept cloud-agnostic, so moving between providers or on-prem be possible at any time. And i as CTO kept that good thing, although had to resist some pushes. But seems such cases are few - most places now dream of hyper mega-giga-scale and Lambdas and Big-queries.. while doodling few thousands of requests.
Lets see if there's any wind change.. vendor-lock is a real thing, with much deeper (architectural or life-cycle) consequences than usually perceived.
The dependence was established sooner by using external infrastructure. The premises that this infrastructure is not under your control is exactly what he now derides.
Someone knowledgeable should have seen this before, this is a core issue when setting up a strategy for digital systems. And this isn't an issue between "purists" and the rest, that is a false dichotomy. The decision was simply to outsource infrastructure to systems you have significantly less control over.
Might work for 15+ years or it might not. I doubt anything will be done now, investments are probably too high. But it is an issue with lacking foresight.
Between countries and the main task for intelligence agencies is industrial espionage. The Dutch government, like many others, decided that exposing themselves is no issue.
I disagree that it has become a problem only now, this is due to his narrow view on politics and a bit naive in my opinion.
I understand the sentiment, but as a Dutch person: The only thing I am more worried about than the government moving all our data to US clouds, is the government trying to do anything IT related themselves. They do not have the skill and have proven that over and over again in a long list of bungled projects.
I'd rather have my data end up with Google/Amazon/CIA than it ending up everywhere on the internet due to poorly configured DIY servers (and at twice the cost probably).
If there really is no organizations competent to run government application in the Netherlands, then that is even bigger reason to start doing more of that in the country. I mean, computers are not going away! The competence and infrastructure does not magically appear. It requires consistent investment over time. Not being able to maintain computer based infrastructure is like not being able to maintain water supply of a country. Completely unacceptable.
Heck these days maintaining water supply at city scale is difficult without computers and networking...
Besides: this is not a problem of competence or incompetence of either US companies or Dutch government. It is about the very real threat of US government no longer allowing US companies to provide us with services.
The concern isn't new. I've been involved in several UK government projects that considered moving to AWS.
Each time the discussion on moving to a US based provider was a big consideration, particularly the use of managed services that involve data was a hot topic. Part of the risk assessment was considering what the consequences might be if the US government became a bad actor. It was seen as high impact but extremely low probability. Starting to look like we got that part of the assessment wrong.
I think it will take time for the impetus to move to US clouds providers to slow and reverse but I'm not sure I'd be surprised if it does happen now.
I've been interviewing candidates using questions targeted at getting them to talk about experience instead of skill. Like asking about their involvement during production incidents, then drill down to see if there's anything interesting to focus on. Can probably also be gamed by AI but people are usually surprised about my approach and they often provide good feedback after the call, even if I have to decline their application so I guess it works somewhat well for both since it doesn't force anyone to just recite the same phrases.
The thing that gets me is the disingenuous parallel construction. Just say the truth.
Europe wants to improve its economy by growing their consumer tech industry. Some of these products like Google Analytics (the example he is upset about) are really hard to replicate (writing to a database on every visit to your website is an expensive thing to do, significantly more expensive than hosting the website!). So they've been slowly increasing the tariffs (disguised as privacy regulations) on US tech firms. It's gone poorly, even EU governments (let alone EU businesses) still use products like Google Analytics, and US tech firms have been able to engineer their way around the regulations, again doing a better job than EU governments who have been busted countless times for breaking GDPR with their own systems.
No one cares about any "data sharing agreement" or a "Privacy and Civil Liberties Oversight Board" no one has ever heard of that has never done anything. Its a tariff with various ways to pick winners and losers.
The only thing thats changed is there is a higher chance these privacy regulations will be recognized as tariffs by the US.
What you describe is true, and it can also be counterproductive vecause to be competitive you need the best and cheapest services, and raising the prices doesn't often result in a healthier tech ecosystem. Typical Eurocrat thinking.
But EU citizens genuinely care about privacy, in part because of decades of totalitarian and near-totalitarian regimes.
There is another risk underpinning this, I'm not familiar with this so it's mostly hearsay on my part, but foreign firms in the US routinely get completely screwed in US courts, and fear the seizing of their data in discovery processes or other ways. The data sharing agreement was made to provide some degree of clarity or assurances in this regard.
I've met managers who are convinced that if they're not careful, their IP and business data will get stolen by their US competitors through various legal or less-legal means. EU executives have been detained for days at the border on suspicions of terrorism to coerce them into selling US assets. I can't judge if this is paranoia, and maybe those companies could make use of better protection against Chinese hackers but there's certainly some truth to that.
Are there any news stories about these specific claims (executives held by the US until they divest assets, EU companies losing their data in discovery and being copied)?
The EU's biggest exports to the US are cars & pharma. I guess the VW diesel situation could be seen through that lens, or the GLP1 compounding rules.
It was never safe for any government to move any secrets to any cloud. The fact that the US government is okay with doing this with its own secrets surprises me to this day. You have no secrets from the person who owns your hardware.
It isn't uniform by any means but the US runs on a physically independent cloud, often in their own facilities, designed by the big cloud companies. When using the public cloud for unclassified work (e.g. working with outside vendors), the data is only allowed to reside in specific data centers that have been vetted by the government, not all US regions have the same authorization. For example, government data in an S3 bucket in the public cloud may only be accessed and processed within the same region, which can be annoying if your infrastructure is elsewhere.
The US is far ahead of most countries when it comes to government use of the cloud. Other developed countries often learn how to do it from the US but are less comfortable with the technical requirements, which slows down adoption.
This is a great point. For example, near where I live there’s a massive Google cloud warehouse out in the middle of a field next to the highway. Inside of that warehouse there’s a separate section for servers belonging to the US government that can benefit from all the electricity contracts Google has negotiated, the physical security and fences that Google has set up, and the fiber optic cables they’ve laid.
It’s the best of both worlds, they get the decades of research Google has put into systems engineering and fault tolerance while retaining the security of having their own servers.
Physical isolation is kind of irrelevant for the concerns being voiced here no? It's not like Europe's main worry is random people walking in and yanking hard disks out of servers in datacenters.
Other developed countries are less comfortable because all the major cloud providers are US-owned companies and the NSA has a very, very long history of using US companies as information security weapons.
Not that they're the only ones. Israel has been busy stuffing investment cash into the pockets of Unit 8200 members so they can found security software and service startups coughSnykcough
The US Gov't has their own GOV Cloud Datacenter Regions. It's run by azure and AWS but there are restrictions on who is allowed to use it. It's not really public
It's not just the corporations as a whole that are an issue. It increases the insider risk footprint of that data to include your cloud provider's employees as well as your own. Amazon, Microsoft, and Google almost certainly employ agents of your adversaries (including US agents working without their knowledge) who have weird attack vectors and now have to be part of your threat model.
You're assuming the people who handle it for the government weren't working at Amazon and Microsoft a year ago, and won't again be working for Amazon and Microsoft a year from now.
The government doesn't have leverage. The government is Amazon and Microsoft's leverage against others.
If a country's citizens want to give away their data, it's well within their right to do so. At most, the U.S. Government should educate about it, much like tobacco dangers.
Having that said, U.S. citizens with clearance and/or government employees should be subject to data loss prevention measures, like they already do[0].
I'd be forward for a ban if it was an issue of public mental health, but the U.S. Government cannot take that angle because they'd have to kill Meta Platforms as well. They know they can't, Meta lobbyists will not allow that.
But restricting TikTok based on data control and free speech liberties, that's overreaching. I've already seen TikTok videos of people saying they'd stamp their U.S. passport on the forehead and give it to Chinese ByteDance rather than use Instagram. It is well within their rights to do so if they so desire.
The US government’s secrets are routinely held and processed by contractors. The prototypical government secret is something like the plans of an airplane designed and manufactured by Lockheed Martin.
Were you this afraid of the propaganda machinery when it was aimed at conservatives? It seems far less radicalized now then it was. Just now other voices are actually allowed.
The world literally has hard proofs of mass espionage by the NSA and CIA after Snowden and Wikileaks Vault 7. Moving your government secrets to the US cloud has been madness for at least 12 years.
When I last looked into it, the compute overhead was very high, such that (for the tasks I was looking at) it seemed significantly cheaper to handle everything on-premises with trusted hardware than remotely on untrusted hardware.
To be clear, this was 10 years ago so things may have changed. Also, my task was memory bandwidth limited, where even changing the memory access patterns slowed things down by 10% or more.
“Secrets” is a broad term that covers everything from payroll information to the history of CIA clandestine operations. Only some kinds of these are stored in the cloud.
This does raise a valid question of what secrets can or should the government have.
I think it's obvious that some secrets should be kept. It makes little sense to expose our nuclear secrets, counter espionage, or ongoing investigation efforts. But how far does or should that extend? Should everything the NSA/CIA/FBI/IRS does be secret? Should they stay secret for years or decades or forever?
IMO, the US goes too far in it's secrets. Stuff gets classified that just makes the government look bad and that's dangerous.
And that's where I'm somewhat less concerned about putting US secrets into the cloud. Sure there's highly sensitive stuff that shouldn't go there, but there's also a lot of stuff that shouldn't have been a secret in the first place.
According to the very link you posted, the US was two whole centuries late to the party. Better late than never of course, but the spin of trying to then frame it as an American Victory(tm) is pretty ridiculous.
“Transparency” as leaks from abuse is very, very different from transparency as a policy of easy access – and neither makes you necessarily better informed. In short, a biased selection of information can leave you worse off than having no information.
I think this is the key. It is cheaper and more convenient than ever to deploy and manage data critical services yourself, in a self hosted manner that is protected by whatever jurisdiction you are in. What matters is not who builds it, but who has access to the data, and ideally, that's only you!
> You have no secrets from the person who owns your hardware.
What if the hardware is physically located in your own country, and employees of cloud vendor are virtually "accompanied", and watched, any time they login to the hardware? That's called sovereign cloud and all cloud vendors have it.
Isn't this just kind of willfully ignorant to the way the government cloud works?
GovCloud claims that it's used to "manage sensitive data and controlled unclassified information (CUI)."
I don't think the US government is dumping classified info onto corporate cloud environments judging by this description from GovCloud. But there's plenty of info that's sensitive but unclassified and the government does need to function in a lot of ways that doesn't involve state secrets.
For the former, confidential compute is far enough along that this data can in fact be secret from the hardware owner. This is vital even for on-prem hardware -- IT folks and techs with physical access shouldn't have access simply due to proximity.
For the latter, sure, but this is very expensive. It goes well beyond owning the hardware.
I guess so, but based on current events, it doesn't seem like the US Govt. has any secrets that it places any value on. Between a bunch of glorified interns being given access to anything & everything and a bunch of known compromised department heads being appointed... it doesn't strike me that the US Govt. takes its national security very seriously at all.
The US Govt. seems empirically much more vested in what goes on in public restrooms than it does in what goes on in global affairs and military conflicts.
You can't post like this here. Since this account has been doing it repeatedly, I've banned the account.
If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future. They're here: https://news.ycombinator.com/newsguidelines.html.
You do realize that whataboutisms don't actually prove your point? Implicitly you're saying that what Hillary did was wrong, but now that my guy is doing it, it's ok, since Hillary did it. You can't have it both ways. You either believe something is wrong, or it's not. To argue both sides usually means a bad faith attempt at pushing a narrative.
I'm very sure that there is a lot of spending that is used inefficiently. Any large organization does run into that problem. Resolving some issues, cutting red tape, making processes more efficient, all that is probably a good idea. However, "DOGE" and those cheering them on have not produced any evidence for the vast majority of the claims they made. Often they also just misrepresented facts (e.g., USAID supposedly funding media sites, condoms in Gaza and many other nonsense) or simply lied. I also don't see much promotion of actual nuanced views on the topic like the Hamilton Project's tracker of federal expenditures which you can find here: https://www.hamiltonproject.org/data/tracking-federal-expend...
At the moment, the US government seems to be mainly focused on causing headlines to make their base happy who want quick victories and have not shown resilience to simplistic takes, and - of course - to make the opposition party and their supporters panic.
And what qualities of an audit would you trust from a department that acts like that? They’re not, for example, combining all prior audits into a sophisticated longitudinal audit research tool. They’ve prepared their conclusions to hold even if they misplace three orders of magnitude.
I believe the audit stuff is overblown [1], there are strict requirements for passing and it doesn’t mean the money is literally disappearing into a black hole. I don’t have every Chipotle receipt saved in the past year but that doesn’t mean my spending is mysterious. I assume that’s why being audited by the IRS is considered a nightmare, it’s nontrivial.
It seems the Pentagon audit process only started in 2018, and Congress gave a deadline of 2028 to pass a fully clean audit, which they have made progress on:
> Of the 28 military agencies, DoD leaders think 11 are expected to receive clean audit opinions, one more than the previous fiscal year.
There are plenty of charts based on public budgets, you can pick your favorite. How shall we judge whether transparency is improved? What if all of this results in less transparency?
Your question can be answered without giving away control and access to unauthorised and inexperienced auditors.
Governance, Risk, and Compliance has been missing. Too many decades of nepotism, insider trading, corruption ( starting with lobbying ), have led to the lack of transparency. The movie “The Big Short” has explained some of these issues.
Don't mistake obliviousness for a conspiracy. The vast majority of the doge savings link straight to the Federal Procurement Data System that anyone can search or ingest from. You're of course free to disagree with the spending but if you weren't even aware you could look at these contracts then maybe you should ask if you're being shown the whole picture or if it's closer to a politically motivated hit job on our civil servants.
And one could peruse that under any administration. The challenge for an honest DOGE is that they must do better than 100% of past Federal efficiency policy, which is maybe a hundred incremental changes[0]. If they cause _any_ problems that those fixed, then they’re at best not up to the job and maybe even deserving cynicism.
On the contrary this is exactly what they said they'd do if elected. This is exactly what was voted for. Don't pretend like Americans didn't have agency in the destruction of their own country.
The very fact that it's even possible to have this kind of thing happening unfettered, unconstrained, and unaccountable is evidence in and of itself that the US Govt. doesn't take its national security & secrets seriously though, isn't it?
In that taking those things seriously would have included:
* More creative threat-modeling.
* More effective prevention measures.
* More vigorous mitigation & stonewalling attempts.
* More rapid remediation & rejection of the intrusion.
Especially for a threat vector that was telegraphed so openly so far in advance. The circumstances might be unprecedented, but they're not at all surprising.
What sort of threat modeling would have prevented this?
There are plenty of mitigation and stonewalling going on, but mostly through the courts.
Executives must have some power, or else the process itself becomes the executive and there's no ability to respond to anything.
If there's anybody to blame, we must place the blame on the executive wielding the power, and those who have enabled this to happen by putting that particular executive in power by subverting the traditional vetting process. If a political party no longer performs basic vetting of that level then the entire party should probably be eliminated.
The polls are starting to agree with you. Trump’s actions are extremely unpopular, and support from his base is eroding:
> In the CNN poll, Musk having a prominent role in the administration is viewed as a “bad thing” (54-28) by a nearly 2-to-1 ratio. The Post-Ipsos poll showed Americans disapprove by a similarly wide margin (52-26) of Musk “shutting down federal government programs that he decides are unnecessary.”
> And Americans said 63 to 34 that they are concerned about Musk’s team getting access to their data, which is the subject of high-profile legal fights.
> Even 37 percent of Republican-leaning voters said they are at least “somewhat” concerned about Musk getting their data.
It was well known that this was exactly what Musk would do, by anyone paying the slightest shred of attention to what was going on.
He said it was what he was going to do, he was up on the stage, I heard many many people salivating for DOGE cuts like this before the election, and even today.
> It was well known that this was exactly what Musk would do, by anyone paying the slightest shred of attention to what was going on.
I agree, and frankly anyone feeling "surprised" right now probably still thinks strongly worded emails and letters are enough to solve the problems they're just now seeing. Those things rely on a stable democracy where constituents and what happens to them matter at all.
> anyone feeling "surprised" right now probably still thinks strongly worded emails and letters are enough
No, it’s completely different than that. Some of them I’ve talked to, they’re confused about this Musk Internet guy. And they’re confused why their news isn’t giving them the predictive edge those aware of Project 2025 seem to have in conversation. “I guess we’ll see…” “I guess we’ll have to have hope…” The same people willing to accept fabulist conspiracy theories for non-white-male candidates now openly rely on faith-based appeals about the character of the richest man in the world.
This is a good point. Aside from the objectively unavoidable and nigh-uncountable deluge of articles, opeds, social media posts, video news segments and direct statements from the candidate and his representatives describing exactly what they intended to do and a 927 page document detailing the plan that was released two and a half years before the election, what warning did anybody have?
Musk buying Twitter and then spending millions to buy votes in PA weeks before the election seemed pretty obvious.
People like him don't spend without an expectation of something in return.
The more surprising thing is the amount of people who think successful capitalist = successful political leader, when the incentives and constituencies are drastically different.
I see Americans defending Trumps and Musk. Or acting as if everyone just overreacted. So I would say, quite a lot of Americans are either fine with this or actively want it.
I heard a meaningful quiet after the H1B fight. The kind of guys who said “kick em out! Imma get me one of them high-pay tech jobs” Those guys had to watch Trump, revealed to employ a lot of H1-class workers, claim we need more.
There are 300M people here and Trump won by ~200K. You can safely say that some are fine with this administrations behavior, but many are not and starting to actively protest and resist. Both are true simultaneously.
That's not necessarily true if you use the appropriate tools and controls to safeguard data. Further, "any cloud" is a sweeping generalization and not all clouds are created equal. You raise valid concerns about trusting third-party hardware BUT.. come on, ease up on the alarmism.
To elaborate: robust encryption, dedicated hardware security modules (HSMs), and sophisticated key management safeguards data even if it resides on someone elses hardware.
If you design your system properly, even if the cloud provider manages the underlying hardware, your secrets remain secure because the keys and sensitive data are protected in a controlled, isolated environment.
I feel like you've narrowed the original statement ("You have no secrets from the person who owns your hardware") when you scope it to just data storage at rest. I take hardware to mean significantly more than just at rest data storage in the context that it was used.
If your unencrypted data flows through any AWS memory or compute, or if your encryption key flows through any AWS memory or compute, then AWS *can* access that data.
Good to see this attitude becoming increasingly prevalent. I'm used to being a Cassandra in IT world, and while I'd have greatly preferred being wrong in my 2019 research concerns about data sovereignty, cloud-repatriation, vendor lock-in, and a shifting geopolitical landscape, welp, here we are anyway. I cut my teeth in data center operations and defense contracting, and knew immediately the real cost of public cloud would be the forfeiture of sovereignty to whichever country (and companies) controlled the major providers - surprise surprise, I was right. The solution was never to outsource core government infrastructure to a third party, but to build it in house and recruit the talent needed to keep it running, something easily done on most developed governments' budgets; by outsourcing to public cloud service providers, they traded national sovereignty for empty promises.
Bookmark this comment, because my read is that in five years' time the question won't be whether or not public cloud providers can be trusted, but how to engineer infrastructure on cloud providers you cannot trust. How do you encrypt storage on a cloud platform when you can't trust the vendor's tooling to secure your keys? How do you orchestrate K8s clusters in a provider who knowingly gives a hostile foreign government access to your etcd or network layer? How do you handle data boundaries within your own org when multiple countries with competing standards demand residency of data and infrastructure? I worry it'll be the "Chinese Firewall" problem but on a global scale, as different regions carve out their own digital kingdoms and demand fealty or expulsion.
This is nothing new, Microsoft signed an agreement with the French government to build a sovereign cloud called Bleu [1] operated by Orange and Capgemini using Azure and Microsoft 365 technology. The German government did something similar and launched Delos Cloud, operated by SAP and Arvato Systems.
The reasoning is that, with sufficient security, on premise (more or less) cloud technology is not much different in terms of sovereinty from sourcing your hardware from China.
That was such a low blow, given we have stellar companies like OVH that have demonstrated their skills and willingness to bring great hosting, and are fully local.
Canadian government IT is mostly all Microsoft. The government can't even send themselves email without it going through Microsoft, a company based in a country (USA) that wants to take over Canada. Insanity.
Since now? It was safe before, as in what is happening now was totally impossible before, and somewhat it happens anyway? Do they started to care about making backups after they lost data?
Risk is not about "something happened, so it may happen again", but if something bad can happen, if it is possible, and maybe weight it as probable or not. Black swans exists, and if you bet everything on that they not, you may lose everything.
And the process of moving government and societies to some controlled by a foreign power cloud takes time to get in, and to get out. And you can't tell that something bad was being done while showing a smiling face.
It is not something coming out of the blue. There was strong signals of intervention back to the start of internet, and a more or less official confirmation of what was happening in the shadow with Snowden's revelations. But somewhat is now when that is perceived as a risk.
The only clear difference between now and even not that long ago is the fair perception that the US has flipped from (probably) "lawful neutral" to "chaotic evil".
Secrets in US cloud were probably never fully safe.. but at least the US wasn't previously on a path to inflict pain on the rest of the world.
the US government was invading and bombing people for decades and the EU did nothing. "chaotic evil" my ass, the only reason they're moving now is because MAGA is threatening them directly via Greenland, or indirectly, by pulling out of NATO and backing Russia.
It has always been unsafe, it is very questionable under the GDPR (though governments are obviously excluded from the GDPR itself), and lots of governments and companies have been using or working on alternatives. But the temptation of of US clouds has been strong, and now is a good time to remember everyone who previously thought the benefits outweighed the risks
One oft forgotten thing is that the US government clouds rated for IL5/6 are secluded on SIPRnet and JWICS. These are totally separate networks with CDS’s being the only way to go from one net to the other.
In practice this means the US Government remains in control of the network backing their cloud. ITAR regulations make it treasonous to have foreign eyes on these clouds. Foreign governments are not afforded any of those protections when sitting on US clouds.
Even among FVEY, there are designations for data relative to member states and information is not as free flowing on JWICS as one might assume. It is more like a controlled stream than a raging river
Its never been a good idea. I do not think non-EU European countries can rely on EU cloud, not can EU countries can necessarily rely on each other.
The only effect the distrust of the current US government will have is a few articles. It expensive and difficult for this to be sufficient incentive to change anything.
We should probably grateful they have not put it all on Chinese clouds.
I work at an large Europe based multi-national and hosting has always been a concern due to the big differences in data protection and privacy rules. We never use a service not hosted in the EEA.
The current threats that the US is making to Europe about it's data protection, privacy, consumer protection, etc... laws is very much of concern and is already beginning to be a factor in our ongoing RFPs and procurement process. We're not just following the law, we also don't trust some companies with our reputation.
A lot of European companies and organisations use services provided by American companies but run on servers in Europe. In the UK the NHS uses AWS, the courts use MS teams, etc.
America is literally allying itself with Russia, trying to turn Ukraine into basically colony (by demanding their resources forever), threatening annexation of Canada (repeatedly). Oh, and in the process of starting a trade war.
Non-EU can trust EU waaay more then anyone except Russia can trust to America. American leadership made it clear that norms, laws or morality are only for suckers.
The levels of behaviors between the sides here are not symmetrical
>Keep in mind it was Ukraine that proposed the idea of offering their resources back in October 2024[0]
The general idea, sure. They offered that in return for security guarantees or as collateral for continued military aid.
That is not what is being offered them by this administration. Instead the administration has chosen the mafia shakedown route. American military aid to Ukraine to date amounts to around $100 billion dollars (and we're not talking stacks of cash here but rather the "value" of military hardware, much of which already had an expiration date and was literally designed and built for the Russia-invades-Europe scenario). But Trump is demanding $500 million from Ukraine, and offering zero in return. As of today many concessions have been demanded from Ukraine, but zero concessions have been asked of Russia - much the opposite actually.
It's not zero in return, why would Ukraine agree to that? Where is your source that it was zero in return?
> and we're not talking stacks of cash here but rather the "value" of military hardware, much of which already had an expiration date and was literally designed and built for the Russia-invades-Europe scenario
That's not true at all, US has sent billions of financial aid[0]. Compare that to Europe's aid which was majority in the form of loans, which Europe gets to collect interest on based off of frozen Russian assets.
EU also demands resources in exchange for military support such as the French+UK-led intervention into Libya. Saying US is an ally of Russia is a pretty big stretch, meanwhile the EU has members that are actually allied with Russia and lots of large Russia-aligned multinationals like Gunvor
Every war that the NATO countries somehow miraculously got involved in is an economic war for natural resources and control, and the big EU countries always take their share of the pie.
Ukraine’s resources, one way or another, will be split up between Russia, EU, and the US (or more precisely it will end up in the hands of the oligarchs and “black rocks” of these countries).
You mean the EU's war in Kuwait, Iraq and Afghanistan which resulted in EU companies such as Exxon Mobile getting even richer off of the oil contracts?
Sorry I mean American's wars, not the EU's wars. The EU hasn't really done resource wars since the colonial times.
I most certainly did not say who Ukraine's resources belong to, I'm saying that I predict that no matter how and when the war ends, I'm afraid the country's resources will be split up between the superpowers. It's not what I want, not what I advocate for, it's just what I foresee happening.
Of course? How is that even in question. The US promised protection to Ukraine for giving up its nuclear weapons, then freely gave much aid as it was in its mown interests to do so.
> Two of the ideas were laid out in Volodymyr Zelensky’s “victory plan” with Trump specifically in mind, said people involved in drawing it up. The proposals were later presented to Trump when Ukraine’s president met him in New York in September.
So Trump agreed eventually and then Zelensky started a media storm about how Trump wants take their natural resources and turn them into a colony. And everyone somehow immediately forgot that the proposal originated with Ukranian government.
> The levels of behaviors between the sides here are not symmetrical
It comes from a fundamentally different perceptions of reality and politics. There is idea that things have to be just and fair. And when they are not we like to say "it's not fair" and someone comes and fixes it. I am afraid it just doesn't work like that past the childhood age.
> American leadership made it clear that norms, laws or morality are only for suckers.
When weren't they? You're thinking maybe everyone just finally woke up? Morality and laws do not apply in practice on the international arena. It would be nice if they did, I agree, but they don't currently.
EU should have always had it's own strong army, it should have never trusted the US and not relied on them for protection. But they also shouldn't have been buying energy from Putin and funding his operation for years.
That was the security guarantee: having the presence of US mining companies there. Honestly, I don't really think US really needs Ukraine's mineral resources. US has plenty of its own to extract. But it was a pretext to invest and increase US presence there.
At some point Ukraine will run out of men. As much as I want to, I don't see US troops deployed to Ukraine, maybe EU can send its troops? Biden said as much at the start of the war, too, and it's still true.
At this point I don't see a Ukrainian victory over Russia and going back to 1992 borders. They will have to give a lot of things up and the longer it waits, the worse its negotiate position will be.
OK. But Ukraine choses to keep figting. Let them decide their fate.
At the start of the war EVERYONE said Russia would take Ukraine in days, and asked Zelenskyy when he wanted to evacuate. Not sure why anything they said back then is worth while to base opinions on today.
> Not sure why anything they said back then is worth while to base opinions on today.
There is still a lot of that hope but it's also a different time. The bravery of of Ukrainians in the initial wave and the counter-offensive as unmatched. The West helped but it didn't help enough. It was always piece-mailing military equipment. With a lot of wait times and a lot of hand wringing. We gave them tanks, but no F16s at the time. We could given them AA weapons earlier and more of it. They also made mistakes, there is a decent amount of corruption, and fumbled on recruiting after those who wanted to fight joined they started sending vans with military dressed people to effectively kidnap men off the streets or their places of employment. That looks bad and make their own people fearful of the military and those men won't be fighting the same way as those who sign up voluntarily.
> OK. But Ukraine choses to keep figting. Let them decide their fate
Their fate was never really just their own after the initial resistance. Without the Western help they couldn't have lasted this long. The West both helped a lot, and not enough at the same time. It's like a friend needing life saving surgery and it costs $10k. We send him $8k. He should be very grateful for such a generous gift, but everyone knows that also won't be enough and he will likely die.
As someone who has (reluctantly) been advocating and pushing our org to move stuff over to Azure, this is going to get interesting as tomorrow I'll start pushing the cart to the other direction. I never wanted to go to the cloud a a goal itself, but wished for a more modern infra to improve processes and security, which we surely now can achieve onprem as well.
Luckily there's always been scepticism and challenges with tightening data security regulations, so maybe people will mostly be relieved if we need to turn around on this.
Anyway, it will surely be an interesting discussion on Monday...
> As someone who has (reluctantly) been advocating and pushing our org to move stuff over to Azure
I get moving off of AWS and GCP. But to Azure? That move doesn't make sense to me at any time that Azure has been a thing. Why have you ever wanted to move things to Azure?
Since practically every government in Europe is a Microsoft "shop", Azure is the first stop when The Cloud is concerned. Unofortunately, often the last one too... Wheels were already moving, I helped rhem gain traction.
So yeah, not my favorite of the whole "not my favorite" cloud migration plan, but the only realistic path forward at the time
Good question! I'll need to think back a few years.
Based on my experience on a couple of govt organizations, the IT departments are very small, compared to the total workforce, and has to deal with decades of legacy. In this environment, any change in direction is considered (way too) carefully - a big ship turns slowly and all that.
Since the team was experienced in dealing with Windows VMs, practically everything else was MS-based and MS offers lucrative bundling, Azure was thought to be the natural continuation on the infra side. One major outsourced software project nailed that trajectory, and due to the small headcount, multicloud was not desireable.
And this is where I jumped in. I'd like to think I was promoting improving our on-prem capabilities until a question of "could we have a reverse proxy so we could access some internal databases from the Internet instead of relying on overnight database copies" hit a steel wall. Having heard murmurings of achieving the same via Azure APIM and ExpressRoute, I clung on, since as an architect I needed that capability for multiple projects.
And after that, it was only natural to take more steps in. Slippery slide and all :p
But as I mentioned, luckily all this has been so slow that reversing is not the end of the world. Unlike some of our sibling organizations who have little to no on-prem capabilities left
European companies are so deeply entrenched in American software ecosystem I can’t even. Just this past week my EU company deployed an agentic LLM hosted on Microsoft Azure with models developed by… Microsoft, on top of the existing GPT hosted on the same platform. They also recently moved their entire in-house HR platform to Oracle.
It’s no mistake China banned foreign companies with infinite money from setting up shop there. It is dangerous and expensive in the long run.
But would they still if the EU used tariff like policy to prohibit it? "The best time to plant a tree was 20 years ago, the next best time is now." Make the law, enforce the law, encourage the behavior and outcomes necessary to achieve the success criteria.
As someone with an infra background a lifetime ago, I am confident I could spin up Kubernetes and Deepseek R1 in OVH or Hetzer within a few days. The primitives exist, the EU simply needs to lean into cultivating and supporting them (orgs, platforms, etc) to push EU entities consuming these services away from US Tech. Perhaps the tech stack is a national security interest, just as a manufacturing base and supply chain is. Better to be prepared than to be entrenched in the US Tech ecosystem and then suddenly be held hostage for reasons.
If you look at other countries/regions that impose high tariffs, their companies continue to buy and use American technologies and absorb the cost (to their local customers' detriment).
I'd certainly enjoy the case studies of European enterprises jumping from full-scale Azure and AWS deployments to OVHcloud or Hetzner, though. That'd make for some interesting reading.
But what if they outright ban it, as the US was going to do with TikTok (for national security reasons)? This it the tech services version of Nord Stream.
It's not really workable. The real-world impact of a TikTok ban, even if it outright stopped working on every American device overnight is pretty minimal; people stop watching videos, and some influencers lose their jobs.
If my (Canadian) government decides to ban Azure in a year, my critical infrastructure company ignores it for 11 months because they figure it won't actually happen, and then goes to the government to tell them that if the ban actually goes through, our infrastructure stops working because we'd actually need a multi-year timeframe to migrate off of Azure.
Tariffs don’t really work for software, especially if the software provider holds lots of foreign government contracts, and you assume the foreign government and provider are colluding to get control over your systems.
Everyone knows spinning things up is a piece of piss. It's the on-going maintenance and economies of scale that aren't. Not to mention migration, compliance, etc
The EU’s problem is that it doesn’t foster company growth on any level and doesn’t help with problems specific to the EU (e.g. multiple languages, differing laws, varying levels of unionization, and more).
Blaming Trump for their own well-known problems is silly. They were dependent on the US before him and they will continue to be dependent on the US after him until they look in the mirror and decide to fix what is broken.
Hosting LLMs at scale without Azure/Bedrock is still a massive pain, and they offer EU based data sovereignty, so not clear what the problem is there (or are we now saying no doing business with US companies at all?)
If Microsoft is providing EU data sovereignty, then they’re either in violation of US law (the US CLOUD Act, specifically) or do not have the technical capability to access data on those servers. (So, for instance, the machines could be air gapped, or they could be configured to never honor MS credentials, including on the software update path).
In practice, this means no US cloud providers provide foreign data sovereignty (though many claim to).
The CLOUD Act is incompatible with basic data protection rights.
As long as whatever sham of a data protection agency was nominally functional in the US european elites could convince themselves that it was legal to transfer personal data to some US corporations, but now that agency is defunct.
But yeah, it's a bad idea to do business with empires. Sooner or later they turn to bullying and extortion.
As a UK based engineer, I wish. I cannot for the life of me even get an interview, maybe first level HR interview for US companies. Meanwhile when applying for UK jobs, no problem.
Don't know what it is. Am I not fake enough? Not forcing fake smiles and excluding obnoxious positivity constantly? Not ego stroking the interviewer? Am I doomed to, in comparison to US, poverty wages?
I'm not sure if you've misunderstood, so apologies if this is old news. US companies may have teams of engineers in various other countries. But they almost always pay local market rate. In much the same way US companies will pay teams in India their local market rate (which is less again).
My last company paid 2-2.5x a UK salary for a US engineer. Perhaps the ratio for a company like Meta is closer, but I doubt it's equal. For startups you may find random roles that have equal pay globally, but they're relatively uncommon.
Oh, you mean like Spotify? Or those thousands of Mittelstand companies across Europe that Americans don't know about but are actually used in Europe?
But the argument of the parent might be that a very active open source community based in Europe points towards a big potential of experienced developers working at their mid sized companies in the shadow of American big tech. Once big tech is gone...
Europe has done this before. Airbus did not exist but now it is the best aircraft maker since Boeing decided to retire all their senior engineers in favor of quick profits. Europe created Airbus, they can do the same with a new Cloud provider.
Don't forget Boeing moved their headquarters and leadership to DC. Making the widgets is just the inconvenient part management doesn't really care about/need to be involved with, the focus worthy part of their business is government extraction in Boeing corporate's minds. Our corporate class is such short sigted trash.
The EU hasn't even got a home-built social network with significant market reach, let alone the wherewithal to pull off ditching Microsoft and Google. It'd be nice to see that change, but there's surely some sort of blocker after 25 years of the Web being a mainstream technology.
The used to exist (e.g. Hyves, StudiVZ), but they are murdered by FAANG. However, there are still locally successful companies that could expand to the rest of Europe if US companies were dropped. E.g. just speaking of The Netherlands, Bol.com is much more popular than Amazon, Marktplaats is more popular than eBay (which is pretty much non-existent here) and owned by a Nordic company, etc., iDEAL is much more popular for payments than PayPal, Stripe, etc. (and works far better). Such companies can fill the void.
Microsoft will be tough to replace. There are good alternatives, but retraining personnel, etc. will take years. Google, I am not sure. Their cloud services are replaceable. Search may be tougher, but the quality of Google Search has become so bad that it's often easier to ask an LLM.
With social networks or any EU startup problem is you have to deal with different languages right at the start.
Being US startup with English only you have access to 300m people right away.
There were country specific social networks but then all cool kids were on FB so everyone moved there.
The same with LinkedIn, our country specific business social network closed down finally last year. First 3-5 years it was growing then everyone moved to LinkedIn so that network was ghost town for 15 years someone kept it alive just in case but seems like they stopped wasting money.
I think the language problem will become less of a problem in the future due to (1) more (young) people living in citys and (2) all young people in cities speaking english. At least compared to previous generations imo. This could be my subjective view based on luxembourg, netherlands, and visiting other european cities.
Don't overestimate "young people speaking english" especially with current demography you still need to tap ones that are excluded from English as there will be much more of those.
I do see opportunities with LLMs as making all kind of platforms language agnostic - you should be able to write your own language and read your own language even if other person is from different country using different language.
Maybe so called social network is not something to reproduce. Who cares who runs them if they deteriorate sociality, generate addictive consumption of things detrimental to mental health and favor extremists point of view?
And that's why we need to stop being dependent on the US: everything in there is described in terms of « market share », and not in terms of usefulness, ethics, or independence.
There is an active effort currently to have the EU contribute towards funding https://freeourfeeds.com/ (to enable a distributed, global AT Proto network). Does the EU need the network to be home grown or have the valuation matter? I argue no, it is a utility, not a business to be captured and squeezed by investors or other potential controlling interests.
(as of this comment, Bluesky has ~32M users and counting)
Well, I'm all for the return of the classic forum experience!
The UK's largest "social" sites are pretty much forums (e.g. Mumsnet, The Student Room, DigitalSpy, MoneySavingExpert) and while they're good for their respective topics, they don't cover the Reddit/Facebook/Instagram use cases (they could be arguably considered on a par with individual sub-reddits).
Well, I'm all for the return of the classic forum experience!
If you make each individual bulletin board receive broadcasts from a central server, then you get the network effects of Facebook and Reddit. Individual boards can just sub to the central server keeping them connected to the hivemind or not. Your community can remain isolated or throttled (only 30% of global updates get through). We do this manually here, where not all global posts get through (you'd be hard pressed to push a Reddit post to the top here). It's the simplest way to federate using existing technology.
This model is already at play. X, Bluesky, Reddit, Truth Social, and Rumble are basically heavily funded private message boards with a large mindshare subscriber base.
Taking our message boards back is proving to be difficult, especially because trying to move the userbase off of it is the same as trying to move people off drugs.
> If you make each individual bulletin board receive broadcasts from a central server
Your're doing this with phpBB? Doesn't happen to be open-source somewhere?
Would be interesting to have a look, I think I a bit like this opt-in partial federation / hivemind. Would be even more interesting if it was possible to sync comments between such forums.
**
Developing forum software myself, Talkyard. Based in Europe (Sweden).
Started thinking even more about using some European cloud, as an option. There's a Swedish hosting provider that looks interesting (I think)
I guess you could do syncing kind of like how CCing email is done. CC my home server and global server. This gives you agency to remain detached from the hivemind, and vice versa. This is not some idea out of left field, it's roughly my workflow between Reddit or HN or other sites. I manually do the filtering in my mind when I move through different channels.
Phpbb is open source, but I mostly brought it up to show that Facebook is just that, and nothing more. Forking Reddit will also give you a Facebook clone (and a Reddit clone).
I was wondering if you're using a phpBB extension you've built yourself, and if it's on GitHub or somewhere (the extension), or ... It's not a built-in feature?
Websearched for "phpBB federation" and "phpbb subscribe rss broadcasts", found this:
Too many trade barriers, stifling rules and general hostility to growing tech companies for the EU to compete with US companies, and only looks to get more restrictive. I’d bet against the EU pulling it off unless there’s a big coordinated realignment of priorities.
> I guess "Make America Great" may spawn a big Cloud Industry in Europe.
Have you tried using OVH? It's... not ready for prime time. Don't get me wrong, I love it for cheap EU servers, but man is it a pain in the ass to deal with.
There is already a decent cloud industry in Europe. OVH has been around for decades, and many companies in North America even use them because they are often a bit cheaper. But you also have newer players like Scaleway and CDNs like Bunney.net that are growing fast.
I think the harder services to replace are things like Github and O365/Google Workplace.
"Cloud" is not boxes like OVH and Hetzner sell. Cloud is a gigantic software layer offering all kinds of features and abstractions.
I think it'd be faster and cheaper to replicate GitHub or even Office, which are complex but fairly feature-stable, than to offer a real cloud competitor with a fraction of the services that Amazon, Microsoft or Google offer in their cloud portfolios.
I heard an interesting thought on the Lex Friedman podcast though. If software engineering really becomes cheaper and more readily available thanks to AI, maybe more companies will start building more of their own services. Then, maybe then, will the European enterprise be able to wean itself off from the big cloud vendors.
Germany pretty much only ordered the F-35 to carry US nuclear weapons because their current platform (Tornado) is getting retired. They didn't want to hand over Typhoon schematics to retrofit it. They pretty much only had the choice between F18s or F35s.
You know, if we were really adversarial, it would be really really wise to reconsider allowing German planes, whether home built or bought from the US, "loaner" nuclear weapons to carry into battle.
The F-35 is an extremely compelling and competitive product, with some unique forward-looking capabilities that are difficult to replicate. It was also built for export, both technically and politically, so many of the foreign buyers are more invested in it than they may otherwise be.
It is this generation's F-16, many thousands will be built and sold.
My country bought the F-35 for the sole purpose of being a deterrent to a future Russian invasion. Now that the US and Russia are allies, how can we trust that those planes will receive spare parts and other support during a conflict?
I think European alternatives for F35 are obviously needed.
Not if the US becomes more and more adversarial, especially if they jeopardize NATO. The current administration already acts almost like an enemy of Europe, it's quite baffling. Politicians have to justify military expenses to the voters.
Many of the physical parts are manufactured in Europe under license. I've never heard of this as a major concern.
The main point of conflict is that the US holds the source code for the advanced software systems very closely, no partner country has access. A lot of the differentiated and exotic capabilities of the F-35 that make it attractive to other countries are in the software, everyone recognizes this. There are many algorithms and techniques that rely on classified computer science to deliver qualitative advantages. Even if other countries could replicate the hardware, without replicating the software anything they built would be a pale shadow of the F-35 in terms of capability, which makes alternative hardware much less compelling.
The US knows all the leverage is in the software, so that is the part they strictly control. It is yet another case of the software eating the world, military systems edition.
The US has a bunch of (classified) tech to make reverse engineering unusually difficult. It is also several million lines of complex code. Different countries have different builds of the software, with some features missing, degraded, or disabled. There are also regular capability upgrades with new software versions; the production versions of some software features are roadmap items still under development.
I suspect that by the time anyone was able to successfully reverse engineer it, it would be semi-obsolete, which limits the value in doing so. Playing catch-up requires taking a lot of aggressive R&D risks that European governments have traditionally been very uncomfortable with or which take far too long to execute.
That's interesting. I'd have assume the secret sauces were in the radar and targeting systems.
Maybe the source code also contains a secret kill switch? I'd definitely put one in if I was selling fighter planes to 3rd parties. Alliances can switch overnight, as we're seeing right now.
IIRC the French refused to give the UK the means to disable Argentina's Exocets during the Falklands War.
They would lose access to lots of tech for example top radar tech which is designed (and I think built) in Europe as well as lithography machines. We'll sell the latter to China instead of the US if they try to play those games.
What drones are you going to get for $10 each (now or in the future)? How are they “unstoppable”? How are you going to deploy millions of $10 drones on the battlefield without tons of $100M platforms that can survive AA defenses long enough to get to the engagement? How much range do you think $10 of batteries even gets you?
I can today assemble a drone from parts from Alipay and program the firmware in an esp32 for ~ 20$. I am not kidding, Google it.
That is without me manufacturing any of the components. If one had a nation state backing I am confident it can be done for a fraction of it.
They are unstoppable because if you have a tank and there is a swarm of 500 of them what do you aim? One of them will find the opening to drop the grenade on your tanks weak spot. These are all single use kamikaze drones.
Same for battery range. Europe is preparing for a defensive war on their land. Even 10 miles of ranges should suffice. You can always deploy them from a mothership.
You’re massively underestimating what it takes to get from an esp32 hobbyist drone to a weaponized drone with 10 mile range and an actual explosive payload capable of taking out armor (in any number). Or the sensor package it would take to make them useful against personnel. Let alone deploying ten million of them in a real war.
And you’re entirely ignoring the very real problem of the mothership which has to survive to get within ten miles of the battlefield, unless you’re planning on releasing them from box trucks which means their range will either be useless or they’ll get taken out by bigger, more expensive loitering drones the second they’re spotted. War is antagonistic co-evolution in its purest form, these naive solutions dont last very long which is why our weapons cost so much (for everyone, not just the west).
When you spread the risk across 10M units you are better off compared to placing all of your bets in one super fancy unit. Remember in the Ukrainian war, Russia took out most of the Ukrainian planes in their hangars, before even they took off.
I totally agree with you that drone swarms is not a silver bullet, and likely some effective adversarial strategy will be developed(jamming, attacking motherships etc), but the point is that airplanes are not as important as they were in the past. Ukraine is still standing with no real air presence.
Given that for today's election here in Germany actual problems barely played a role. Not just that, over the last two decades very little was done. For example, we have skyrocketing rents due to a general lack of housing, which leads to all kinds of problems apart from affordability. For example worker mobility. Who dares to move to another job and city when it's so hard to find a flat?
That's par for the course for almost all big problems.
I think the probability is high that the new German government is going to try to sit this one out. After all, they survived Trump the last time, and it's only four years, right? Worse, they would have to do many things that will be very unpopular with one or the other interest group.
Unless somebody puts a gun to the heads of all those in government they will procrastinate rather than make any big changes.
I see little chance that they will cancel the order for US military hardware. They might actually buy a lot more, to appease Trump. After all, not getting the F-35 would have repercussions for the nuclear sharing agreement with the US. They need the F-35 to have a certified platform for nuclear bombs they are supposed to get from the US, stored in Germany for that purpose.
That would mean they would need a European approach to nuclear weapon sharing and weapons. The German government regularly has trouble even just to work together with only France, due to wildly different philosophies and interests.
Europe is far too divided, and the German government sees its role in doing as little as possible when it comes to radical change.
I think part of it is that the leadership of all our big parties mostly consists of politicians whose whole life is just that. They don't have anything else. Even if they get a job at a company it's for their political connections. They won't risk this, and they barely have any strong opinions! They look at polls and change what they stand for accordingly and easily. I'm not saying this to sound mean, I think that this is a mostly accurate description.
Opposing the US would take spine! It's a lot of trouble and uncertainty. They will try to avoid that if at all possible.
----------
By the way, it's not just F-35. Germany also ordered the Israeli-American Arrow 3 long-range missile defense system, sixty CH-47 Chinook, and 380 other contracts worth 23 billion just from the "Sondervermögen" (special fund) of 100 billion. Surely that will just become more, given that Germany continues to need to purchase things like Patriot missiles.
The strategy was - to the chagrin of the French if I understood the news articles written at the time right - to rather buy something proven and quickly available from the Americans rather than start a lengthy inter-European development process.
> I guess "Make America Great" may spawn a big Cloud Industry in Europe.
Unlikely.
I've worked at an american cloud provider and (in another job) i've worked with an european cloud provider (in this context, when I say "worked with" I mean i was in contact with the people actually managing the hardware as well as the software that serves the "cloud").
It's just a completely different mindset, and I don't see that changing any time soon.
The main issue i see is that european cloud providers mostly have technically-ignorant upper management for which providing a cloud offering essentially boils down to "buy this software component from company xyz (likely an american company) and install this open source product abc, then slap a cloud marketing name and unleash the salespeople". They can't even contemplate the idea hiring somebody with FAANG-level skills, paying it FAANG-level money and let it do FAANG-level work. They hire a few underpaid 20-somethings and have them manage, at best, an OpenStack installation.
I kid you not: in late 2021 i was in a meeting with (among the others) the head of cloud engineering of one such companies and asked when are they planning on offering ipv6 connectivity. The guy had a loud laugh and said they had no plans to even consider ipv6 connectivity. And that was at a company that does both "cloud" computing infrastructure and connectivity (!!!). That's the mindset.
I don't see europe building a realistic alternative to american cloud providers, and the core issue is not technical.
> The main issue i see is that european cloud providers mostly have technically-ignorant upper management for which providing a cloud offering essentially boils down to "buy this software component from company xyz (likely an american company) and install this open source product abc, then slap a cloud marketing name and unleash the salespeople". They can't even contemplate the idea hiring somebody with FAANG-level skills, paying it FAANG-level money and let it do FAANG-level work. They hire a few underpaid 20-somethings and have them manage, at best, an OpenStack installation.
Thank you! As a german that saw how the sauce is made in public sector tenders it's exactly this!
This is not restricted to hosting / cloud sector. It's a good summary for most german IT companies.
Arrogance and incompetence are rampant. Programmers and their managers need to go en masse to have some substantial change.
Everyone is so full of themselves and disconnected from reality it's scary.
>I don't see europe building a realistic alternative to american cloud providers, and the core issue is not technical.
The brain drain ultimately takes it toll. The most capable people from europe ( and every where else), move to US , be they engineers, management, entrepreneurs etc.
> The brain drain ultimately takes it toll. The most capable people from europe ( and every where else), move to US , be they engineers, management, entrepreneurs etc.
And they are going to stay there once the megalomaniac in chief and his South African oligarch have gone with their wrecking ball through the very fabric of the US society and economy?
My local European ISP provided me /64 IPv6 addresses since at least 2020 and had so called sticky IPv4 addresses since at last 1999. They were sticky because they did not change for years if the box was connected within 15 min.
This was possible because motivated individuals held technical positions in the ISP while the management has been totally incompetent and was later jugged outright corrupt.
Because of corrupt management and public scandals, my ISP has been sold to Orange. I am afraid this will end the 25 years of technical excellence as well.
the real point is not ipv6 (or this or that specific service). the point is the attitude.
anybody in this subthread bikeshedding what aws service supports what version of the ip protocol has missed the point and would probably fail a text comprehension test.
Nobody missed the point. The examples of AWS after 15 years still being dragged into full IPv6, is to show the lack of support for IPv6, is not the lack of technical awareness that is trying to be demonstrated.
Depending on the context, and granted, lacking some of the subtle details missing in the interaction described, might actually show real experience in the field.
They also move too slowly, so they fall further and further behind each year.
For example, Hetzner has great potential, but they’re only just now releasing object storage after 4 years in the cloud space, and they don’t even have managed database yet.
But the more important point was that they started branding themselves as a cloud vendor 4 years ago, and investing in new offerings around that pitch, but it’s taking them far too long to release basic parts of the offering, and they’re falling behind.
That was true for Trump 1. This time round, things appear to have changed. The CEOs of these companies sitting front-row at the inauguration is the most visible sign of their newfound mutual love. MAGA have found out these companies will just bend to their ideological will in the interest of shareholder value and it shows.
Not just for Trump 1. It was true right up until January 1 of this year. Their "conversion" just started and it remains to be seen whether there is any depth to it or it's a publicity stunt to avoid Trump's ire over the next 4 years.
Maybe in future, but for now these companies are not liked in MAGA-land, and simply attending the inauguration of a president hasn’t really changed anything.
Three of them (AGA) had tech bosses at prime seats at the inauguration. MAGA might hate them, but the Musk, Thiel, etc. crowd that seem to be in control of the While House are big tech. MAGA was only for the MAGA electorate to get into power. Sadly poor/angry voters will happily vote against their own interests if you can make them hate (immigrants, liberals, DEI, woke, whatever does the job).
There’s not a great alternative in the next few months, perhaps not in the next few years, but in the longer term European countries should take this as a critical warning. Failing to cultivate a domestic software industry in 2025 is like failing to cultivate a domestic manufacturing industry in 1825.
Russia struggles as well. habr.ru is full of stories about rebranded western software and hardware sold at exorbitant prices with fake certificate of local produce )
Some open source projects are rebranded as Russian with minimal changes, that happens, yes, but that's the result of gaming the system that incentivizes development of Russian software, not the result of sanctions.
Russian replacements of Office 365 and Google Docs seem to be doing well.
As for hardware, the EU is not yet under American sanctions.
On the other hand, many of us in Europe still have the memories (or our parents tales) of our governments spying on everything we say and do. With all the chilling consequences.
Half a century of communist rule showed us not to trust our governments.
Every now and then, the Brussels bureaucrats show us how much do they value our privacy and electronic safety.
Europe is already pretty experienced in increasing their costs of doing business to avoid any sort of risk already so I’m sure they’ll figure something out.
That's the problem with adversarial competition instead of collaboration. It becomes a self-fulfilling prophecy. When you think the other entity is a shark, then your going to start acting like a shark too in order to protect yourself.
I think the impact is going to be far greater than that.
I have seen, at least here in the UK, some people speaking about moving entirely back to hardware that is controlled by the organisation. The case is there on a cost basis already but people are reluctant to admit this. If another magical guarantee expires such as a security one, then the reason can be shifted to that and the cost justification is collateral.
Getting out of PaaS systems is going to be horrible and expensive though. We never should have gone further than IaaS.
I suspect the idea of the cloud as it stands today may die fairly quickly.
Yup you already can specifically sequester your data to Microsoft's or Amazon's EU-only servers, and even smaller companies like 1Password offer to store your data on 1password.eu instead of 1password.com.
However there can be weirdness sometimes. I vaguely remember a case where Microsoft had to hand over EU data to a US law enforcement agency due to a court order, but giving that data would violate Irish law. I know there's a new variant of the EU-US Privacy Shield, but with the current US administration that could get ignored very easily.
Which raises the question: can for example Microsoft-the-US-entity in de jure sense cleave off Microsoft-the-EU-entity whilst still maintaining de facto connection between the two? If not, there are definitely big opportunities abound.
What Microsoft might end up doing is following the China model, essentially giving control over their EU servers (probably only those in a special region) to an EU company, while still supplying the software and taking a (very large) cut of the profits.
I just don't know how this makes any meaningful difference towards the threat model of the US gov't becoming compromised if a US company still controls said servers and the CLOUD Act allows the US gov't to freely subpoena the contents of those servers. The companies involved will still do what the US says because they are forced to.
Like, the conversation will go, "Get us this data"; "EU law says we're not allowed to"; "We don't care, do it or we shut you down."
Not just Trump but any potential future administration. We’re no longer reliable partners who can keep continuity of our bureaucracy and foreign policy going for longer than four years without a geopolitical seizure.
Who are “they”? Several European countries have nuclear power (together with some other source as well of course) and are planning to build more. It will probably take a long time though.
Maybe of the "liberal" Europeans techies are commenting on this American website and complaining about how bad America is, apparently with no self-awareness and how European governments and not only should boycott American stuff. The same goes for commenting the same thing on American website Reddit.
Linux will gain traction as soon as people have difficultly figuring out how to open a terminal window - by design. The main problem with linux, or specifically linux distros, is that they are designed and maintained by people who like using linux, which eternally damns it to ~5% market penetration.
I'm in the process of moving my various google data onto Hetzner storage share[1]. It's a Nextcloud instance with 5TB of storage for $16/month. My wife and I each have a normal user, we can share stuff just as well as before, and we can install things like a simple Kanban app, sync to our Android phones, etc etc.
I have been banned from Hetzner multiple times now and believe me, nothing I was doing is even strange, let alone worthy of bans. I don't think an EU cloud can ever be trusted.
As someone who been using US clouds for over 10 years now, I was looking in the state of EU clouds recently.
It's like going back in time 15 years.
OVH co-mingling postgres customers on the same underlying server with no noisy-neighbour protections!
AWS RDS is obsolete tech these days and they can't even match that!
Yeah, this just seems like a great opportunity for a European startup scene. Even though plenty of bad things happened under Joe Biden - the relationship with the US was fine. Every morning you wake up to see crazy stuff Trump said and that really plants a seed.
There are obviously strong emotions on both sides regarding the actions of the first few weeks of the Trump administration. Whether you believe the goals are worthy or not, one must acknowledge that the manner in which all of this is being done is deeply disturbing.
Trump will be gone in a few years, one way or the other. However, the foundations that are being poured for legitimizing a strongman, authoritarian role for the executive and almost eliminating the role of the other two branches is deeply dangerous.
If you believe the goals are worthy enough that the ends justify the means, think of the worst president ever(in your opinion) and consider whether you'd want them to have the same power? Because politicians never let power go willingly. They will certainly point to Trump's precedent as a means of legitimizing their actions.
My fervent hope is that our institutions are strong enough to weather this assault and that enough people make it clear to the administration that there are lines they are not willing to cross. Whether that happens remains to be seen.
I just see this as an experiment to see if the system can survive without the bloat. If we need the bloat, the next person can just put it all back in. It's only 4 years.
That’s like saying your car’s airbags and turn signals are bloat because you’ve never used them. It will already take more than 4 years to repair the immediate damage by firing so many people: in addition to the lost institutional knowledge, consider how much more you have to pay them to come back after proving to be an unreliable employer. If a scientist goes to Europe, they’re not lightly moving to the United States in a couple of years.
Some of the long-term consequences are permanent: everyone in Europe unambiguously knows that the post-war dynamic is gone, and if they invest in their own alternatives they won’t want to throw away that investment. As an example, allies who bought F-35s are wondering if they should’ve followed the French path now that they’re faced with the prospect of being on the other side from America. If they decide to move to European control of key infrastructure, they’re not moving back for at least a generation.
I've been looking at this a lot, for ourselves (multitenant saas app running on gcp) and for our customers, who are starting to be curious about something between fully self-managed (too costly) and centralized/multi-tenant/american cloud.
One thing that strikes me is the relationship with architecture. A monolithic, vertically scaled app can run ANYWHERE where I can rent a VM, whether in Norway with Upcloud or on a VPS in Kenya. It's only when you start stitching together managed DBs with autoscaled instance pools etc that vendor lock in begins.
All of these nice toys make our service highly available. But while the overall risk is lower, it is far more correlated between customers. If our service would go down because of a political event, it would go down for all our customers at once.
What about a control plane that manages a fleet of per-customer VMs across an array of cloud providers? Has anyone ever tried this?
Sure, it isn't safe for EU governments to store data on US clouds.
It also isn't safe for US governments to rely on chips made in Taiwan that China could invade. Or for TikTok to be a primary media source in the US.
The fact is, we're an economically interconnected world at this point, in terms of software, in terms of hardware, and in terms of hardware supply chains.
And it's hard to see it going backwards. Economic efficiency is a powerful force. It often seems like the solution has to be to try to implement as many safeguards as possible, rather than cut off sources of technology. But I don't know... it's an incredibly difficult question.
> Giving all your data to foreign states though may be a bridge too far.
Does it really matter?
If large Western countries want to spy on each other, there are so many ways via so many devices.
That's why I'm talking about safeguards -- why not just focus on ensuring everything is encrypted in rest and in transit, so you can use anybody's cloud anywhere?
Fortunately, going multi-cloud is a thing. Storing data with multiple providers in multiple countries. Lots of companies which specialize in multi-cloud solutions.
And if you're dumb enough to put your government clouds in enemy countries, then you deserve it.
But we're not talking about enemy countries here, now are we? Or are you actually under the impression that we're talking about hosting data in Iran and North Korea...?
It is a rarity to see any organization that self hosts email or uses a domestic provider any more. It is all foreign controlled now (specifically Microsoft). It should be examined by regulators everywhere both as a monopoly and a sovereign threat. The move to US services started long before the current political situation and will still be a threat to sovereignty long after the current US exec is gone. The frustrating thing is email services like many cloud services are highly substitutable and can easily be built on open source infrastructure.
I have interviewed Turkish people that did not have Cloud experience as their large companies (e.g. banks) were not allowed to use US cloud services. Seems like that was wise now.
In addition to Cloud, there is one more thing: Mobile. Banks. Parking lots. Shops.
Europe should invest in a Linux phone OS with NFC and unified push notifications.
Yeah. Progressive web apps are a great way to hedge bets on this. They also bypass App Store censorship, binary tampering, etc.
Maybe someone will revive firefox os or build a better successor to it.
Ideally, there’d be a law saying that any government service (direct, or contracted out, so including infrastructure like parking and EV charging) must be offered via a PWA that works in EurOS, iOS and Android.
Did none of these people read Machiavelli? Relying too much on foreign governments, especially "friendly" imperialists is never safe because it gives them a degree of control over you. That's a problem no matter who is in charge. If you slept through the PRISM scandal and are only regretting your failure to take action because you don't like the guy who just won an election, then you're beyond salvation.
At the very minimum you should be encrypting all data before you transmit it to machines you don't physically control, but even that's not necessarily good enough because it still gives them the ability to withhold that data from you. And that's to speak nothing of some hypothetical future technology that may be able to defeat your encryption entirely.
"The Prince" is the important one, IIRC he wrote some plays and such too but Prince is where his name got associated with cutthroat politics. It's a pretty boring read but it's not difficult to understand, I read it when I was 14 and I didn't have any significant difficulties even though I lacked context in contemporary Italian politics. Even though I was bored out of my mind (i did not read this book by choice) its been a major influence on my life because it explains all the different ways your choices can have surprising results in the long run if they're planned well by you (or your adversary).
It's a book he wrote about how to maintain power in a feudal society, with references to many historical events to back up his arguments. Usually it comes down to being wary of accepting help from somebody else unless you understand their motivations, what they stand to gain, and what you stand to lose in the long run. It's sort of like "Art of War" in that it's written for a specific time and place but the principles behind it are so universal they can be applied to many different situations, even business management and interpersonal relationships.
So anyways, my point in the OP above was that this is the sort of situation that he wrote extensively about; obviously there weren't any computers or cloud storage in 15th-century Italy, but he definitely makes several points on the dangers of relying too heavily on third parties for resources, because it gives them leverage with which to manipulate them.
The Prince[1]. Although I think it's not very "readable" for today's standards. I've had a much easier time reading political science books that were written more recently.
yeah, uh, well he's been on a bit of a sabbatical for the last five centuries so there aren't any recent ones. Not sure when he's planning to come out of retirement.
Well at the very least you need to take the stuff about power dynamics to heart, because that's the part that's most relevant and the part that modern Europeans have the worst understanding of.
I find Europeans to be particularly annoying because they've willingly turned themselves into de-facto vassal-states without even realizing it, and despite constantly panicking over the outcomes of internal American politics they never learn their lesson or take any real steps to become less dependent on the United States.
I'm pretty sure I remember the exact same conversations about whether it's safe to host data in America eight years ago, because they haven't changed at all. I happen to think they're over-reacting and that Trump isn't going to do anything with their precious data, but they're well within their rights to have negative opinions about internal american politics. However it's also incumbent upon them to understand that they have no standing in who the American people elect, and that if they don't feel safe not being America's #1 priority they need to become more self-reliant. Europe is not the center of the world to us, they're just another one of the six continents that aren't North America.
All government systems should be on-prem, and secured by proper personnel. None of the data should be in a cloud providers hands, even by their own country's providers. There needs to be a separation between business and government infrastructure.
As a DevOps’er in the EU, how would I capitalize on this?
I’ve only ever done bare metal and have been lucky all of my employers hated the idea of AWS/Azure/GCP. So I feel like I’m quite well positioned to start helping companies move to bare metal alternatives.
Do I start freelancing, or do I try for an AWS alternative?
There's quite a lot going on over the last year or two to actually build a real cloud in Europe, which is basically nott just dedis/VMs like on Hetzner or OVH. Take a look at Clever Cloud or Molnett!
You have as much sovereignty over a foreign-run cloud as you do over a Tesla or an Iphone. AWS or Google isn't going to give you the source to their software, and even if it did you don't have the engineering resources to review even a snapshot much less review it at the velocity it changes (and even if you wanted to try you'd need to hire the engineers away from the US tech companies).
European cloud providers can only exist in niches at the moment:
- cheap but unreliable -> hetzner
- integrated into the DFN -> gwdg
- and so on
The market is captured by us companies. I doubt that this will change.
The reason is simply that the the number of clients that care for the problems described is small compared to the total market. If you run a company that caters to these clients, you will cater to a small market with special requirements.
Companies like that tend to be pricy and hence won’t take market share from Americans.
Change can be spurred on by law. If governments aren't allowed to use non-EU (or maybe specifically US) hosters a big enough investment could jumpstart it. I'm working for a semi-government organization who just switched over to kubernetes. That can be hosted anywhere, there's not really a moat.
It's true that relying solely on a cloud ecosystem without continuous protections isn't safe. That's why many government agencies should consider what I classify as a co-location strategy. By implementing this approach, agencies can use private tunneling applications with encryption and APIs to securely fetch non-sensitive information.
The cloud provider—such as AWS—can still be used for application hosting, but a private network should be established between the cloud environment and the co-location facility.
Why is this beneficial?
In a cloud environment, public ingress can be cut off instantly if needed, minimizing exposure.
Applications can be designed to serve most (or all) of their data through regional gateways connected to the co-location.
By placing co-location facilities close to critical data sources, latency is reduced while ensuring data remains protected and accessible within a secure network.
This approach allows organizations to balance cloud scalability with enhanced security, ensuring critical data remains under strict control while applications remain flexible and resilient.
It is no longer safe? Like it was safe a month ago? It was safe with Biden, Obama or Bush as presidents?
It baffles me how people look at other administrations through rose colored glasses and pretend that the problem started since Trump took over and Musk is working on this DOGE stunt. The swamp has always been there.
It was never safe, and never will be, no matter who is the president and how outrageous some of their actions are.
This article didn’t need the picture of “Trump is signing things”. This article cannot be taken seriously because of that, and it’s so frustrating because otherwise it made good points.
Nothing is safe in absolute terms but through Obama, European leaders could feel confident that the United States would honor its treaty obligations. The idea of an American President working in conjunction with Russia to run a shakedown on a European power wasn’t even viable in the Tom Clancy-level of cold war novel.
So I’d think of it similar to how climate change has affected property risk assessment: even if your home was never absolutely safe from flooding or wildfire, your practical assessment of how much effort you should spend protecting against those risks was quite reasonably lower in the era before once in a century or once in a thousand years events became once in a decade.
Let me preface this by saying : I don't really like Trump, by why are people suddenly listening to his self-ascribed titles?
In 2016 he was the 'King of Debt' , a title he ascribed while talking about the debts he inherited from the previous administration, no one thought to start worrying about the start of a new monarchy then -- why now? because he's faster and looser with exec orders? hopefully everyone remembers 'king Bush Jr.' then.
Personally I think it's kind of hilarious to watch; on one hand you have mega-corps moving away from places TO America so that they can facilitate E2E, while simultaneously the persona-in-charge at the moment is driving people to any of the countries that have a long history of demanding keys and throwing a fit when denied.
Unless of course this article is about moving our data and software development to the Slovenia .. but it's not.
I think it's great to work towards not being beholden by other countries actions, but it should've had effort towards it before a bad-actor nudged everyone awake; not during the crisis. It shouldn't have taken Trump to remind everyone that nationalization of important goods is sound strategy.
Hopefully, this push will stop the trend of calling countries trying to legislate data residency and privacy laws to keep their citizens data out of foreign prying eyes as authoritarian and painting them as threats balkanizing the free internet.
Wishful thinking? may be, because the world isn't and doesn't have to be fair.
The PRC essentially pioneered the concept of digital sovereignty with the "Great Firewall" approach in the late 90s. It was famously ridiculed by Bill Clinton as a hopeless endeavour.
In the wake of 2014 and souring relations with the West, Russia also started looking more seriously at digital sovereignty. This was castigated as "isolationism" and an attack on the "open Internet".
Now it's nearing a household term among EU tech groups. Because this was never about democratic ideals, it is about power and control, especially in a volatile multipolar world.
Comparing digital sovereignty w/r/t critical services are hosted to "The Great Firewall" is absurd. It's not the same thing at all.
China and Russia blocking YouTube is different from making sure the entire EU government and economy can't be collapsed by US turning the screws on Amazon.
Come on. We can draw a straight line from the GFW to companies like Baidu and Alibaba. Without it, they would (initially) struggle in direct competition with endemic US products.
We are ready. Whole built infrastructure on EU or European (Swiss) cloud. And I mean all. Server, customer data, but also support infra, email, documents, etc.
We build Wide Angle Analytics ground up outside of US systems.
I'd guess a reasonable start at delivering near-equivalent capabilities, capacity, and reliability from a standing start today, in just Europe, to be about €50b. The shopping list isn't all that tough. Who wants to pony up?
European cloud providers already exist, and companies from industries and countries where data protection is regulated are already happy clients (see Swiss FINMA, and German governments required by law to carefully respect GDPR).
Maybe an influx of business will make us grow the European clouds, but that's ok, we're up to it.
Cloud will continue to evolve massively with AI, as vendors offer more specialized infra and software abstractions, but the salient point is that in Europe we haven't even been able to build the first 10% of what providers like Amazon, Microsoft or Google offer. Hetzner was only "considering" a managed Postgres offering, last time I checked, ffs...
My take is that capital in Europe is (a) way too risk-averse and (b) fragmented across many European countries... As much as I've always sympathized with the EU, "Europe" as a single entity is a fucking lie, an illusion in our collective minds.
Try building a business in Spain, and then expanding to France. Yes, you have free movement of capital and labor to help you - which is a massive foundation - but after that all you'll find is red tape and difficulties emanating from the differences in culture and language.
Similarly, it seems impossible to privately amass the amount of capital needed for an investment such as what is needed to "make the first 10% of what AWS offers".
The only alternative is through continent-wide industrial policy, Draghi style[1]. More power to the bureaucrats in Brussels, and more taxes than we're already paying - and we're fucking suffocating already down here. No thanks!
This is why the future looks dire. My only hope is that maybe with AI software development becomes cheaper and we can all build more services in-house. But please someone give us at least the first 10-20% most useful cloud abstractions. I wouldn't want to waste even the compute-time of my AI engineers in building a resilient managed Postgres.
It's not just US clouds, all USA brands are toxic now. Buy elsewhere so our economy collapses. Seriously. You're doing us a favor. We need something drastic to wake up the 77M brain-dead people here that voted for this monstrosity.
Trump is just openly saying what the previous governments have covertly been doing: Spying on their allies and enemies alike. Since the Snowden revelations we know that the US is spying on everyone. Not just citizens, but governments, allied politicians, just everyone. After the revelations there was a moment of shock in Europe. But eventually newspapers and magazines wrote less and less about it. The reality is: There‘s five eyes and Israel, and then there’s the rest of the world. And the world should start distancing itself from these malicious actors.
I don't think it is safe to move to anybody's cloud if you are concerned about spying. We have seen far too many invocations of the magical words "national security" and "think of the children" universally.
Their software stack is open-source, and their machines don't have any telemetry or external dependencies. They're designed to be air-gap-able, while still giving you a cloud-like experience
That's a great start but it doesn't actually solve much.
It's a closed system so I can only buy hardware through them, what if at some later date the US demand hardware backdoors, what if due to tariff (or other drama) we can no longer buy them? How do we get spares?, what do we do if a server breaks?, what if they go out of business? What if we need some other kind of servers or offering they can't provide?
I worry about the rising tides of nationalism/anti-globalism both in the US and in Europe. I view things like this as accelerating the trend, not 'resist'ing it.
If 'US switch sides' means US giving military or financial support to Russia in the war, I strongly doubt it. If it means Trump giving rhetorical support to Russia, sure.
I'm willing to bet against both the military support for Russia & the NATO dissolution at 4:1 odds before end of this year and 2:1 before end of next year.
I don't think anyone serious actually thinks either of those things are going to happen so I doubt anyone would take me up on that offer.
Is it safe to store data in Germany, given the strong showing of AfD in the election? They are now in second place, and who knows what will happen in the next 5 years!
So in other words, storing data in Germany does not solve the problem, it is just better than the US. The US currently has a wannabe monarch, but that's just for the next 4 years... we hope.
The GOP is now full of those wannabe monarchs otherwise they would stop him but they just want to succeed him and use what he and Musk start to implement.
As a third worlder, this is hilarious. I'm sorry but I can't help but laugh at the panic some people are manifesting over the US no longer being the world police and involving itself militarily in another continent.
I don't like Trump, I really don't, but I hope he continues with this. Sadly he probably won't do the same with Israel though.
The US no longer playing world police isn't what's disturbing, it's understandable that they want EU to take care of its defense. The disturbing thing is how the current administration blamed Ukraine for the war, sees Putin's Russia as an ally, and actively wants to destabilize EU by supporting pro-Russian forces inside it.
All this is not so hilarious for me, living next to Russia and wondering if they will invade us within next 5-10 years, and whether we will receive any help from abroad when Europe seems to become increasingly pro-Russian. What is happening now is potentially a matter of life and death to us.
> The US no longer playing world police isn't what's disturbing, it's understandable that they want EU to take care of its defense.
I guess this reality has never reached the leaders of the EU apparently. Trump was in power before and also threatened to leave NATO yet the EU countries did not prepare for this at all. They had 4 years of Biden to do so but alas they simply waited and wasted time.
> The disturbing thing is how the current administration blamed Ukraine for the war, sees Putin's Russia as an ally, and actively wants to destabilize EU by supporting pro-Russian forces inside it.
You find it disturbing because you are missing the forest for the trees.
China is now very tightly coupled with Russia and Iran. The biggest threat to US hegemony is not Russia, not by a mile. China has the means, the power and the will to start asserting itself on the global stage. On the other hand Russia struggles to hold on to a 5th of Ukraine.
Trump wants to split Russia away from China and is willing to give up on Ukraine in order to make this happen. It's that simple. Russia has huge swaths of raw minerals, fossil fuels, lumber and so on that China needs in order to expand it's economy therefore it makes complete sense to try to slide a wedge between them in order to isolate China.
In this game of Geo-politics, Ukraine and the EU are just pawns that can be traded/pushed around because they have barely any weight in the global order.
You can be mad about this but if you do you should be mad towards the EU leaders from the last 30 years who instead of building a robust industrial base, sent all their jobs abroad, who instead of building a army that could resist an invasion, relied on the US protection without even reaching the minimum NATO investment threshold year after year.
The EU countries made their bed and now they are struggling because most of them are broke, their economies are in the gutter and are slowly crumbling.
> All this is not so hilarious for me, living next to Russia and wondering if they will invade us within next 5-10 years, and whether we will receive any help from abroad when Europe seems to become increasingly pro-Russian. What is happening now is potentially a matter of life and death to us.
This is a weird take. On one hand Russia, is not even able to conquer the whole of Ukraine but somehow it has the capability to steamroll over all the Baltic states? So which one is it, is Russia a paper tiger or an unstoppable force?
Baltic states are tiny compared to Russia, and Russians really don't care how many soldiers they lose. So, of course Russians can steamroll the Baltics if there isn't significant foreign help. But I agree it's EU leader's job to finally increase military spending, invest to grow our economies instead of following BS austerity policies, and make sure we can defend Eastern Europe.
As far as US-Russia-China relations go, you can't trust any promises Russia makes to the US. They will betray Americans as soon as China offers them a better deal, which I believe they can. They can just wait until China invades Taiwan, and then attack Eastern Europe & make deal with China while America is too busy fighting them.
China is now very tightly coupled with Russia and Iran. The biggest threat to US hegemony is not Russia, not by a mile. China has the means, the power and the will to start asserting itself on the global stage.
Trump's attitude toward Ukraine does not deter China from actions such as the invasion of Taiwan; it only encourages them. In the last 10 days, Trump has granted Russia a long list of concessions without receiving anything in return. His representative Witkoff couldn't name a single thing during an interview yesterday. Russians are literally wondering if this is some kind of clever trap or if Trump is really this dumb. If Trump does not make a 180 degree turn soon and folds to Russia on Ukraine, then it looks like a rare and highly favorable window of opportunity has opened for China to invade Taiwan.
Trump wants to split Russia away from China and is willing to give up on Ukraine in order to make this happen. It's that simple.
Russia never cared about China. To them, it's a distant and strange country that they don't understand and have little in common with. Even much less than the US, because they have no outsourced manufacturing there and they are too far behind to have a rivalry in science and technology. Instead, they see the US as the main adversary in the world, because the US stands in the way of conquering Eastern Europe. They are willing to promise anything if that gives them any advantage at the expense of the US and the transatlantic alliance. They will break these promises whenever it suits them. And Trump is currently proving that he is entirely unwilling to demand the fulfillment of previous promises. So for Russia, promising to "split from China" is free. It doesn't mean nor cost anything.
EU people calling US unreliable now?
For the last 50 years EU has been doing to Israel what US is doing to EU...
Sadly for you, the West will figure itself out.
It's funny that people only raise this issue because of Donald Trump, whom the article refers to as "King," no less. The previous administration's green-lighting of the largest-ever industrial sabotage against Europe did not raise an eyebrow, but NBC News, a political opponent of Trump, claiming that Trump is "branding himself as a monarch" does the trick.
Schneider Electric, a French company (owners of APC), absolutely dominates the datacenter infrastructure market at somewhere over 1/3 (probably closer to 1/2) of overall TAM.
EU companies many not be storing the data but they're certainly in the "making shovels" business. And that's kind of the deal. France quietly takes a huge percentage of revenue without most companies being the wiser.
If EU companies start moving their infrastructure elsewhere, I'm sure that American datacenter/cloud companies will reconsider who they buy their racks, PDUs, etc, from.
> the legal basis for sharing personal data with American companies is dead since Donald Trump has neutered the special court that would make such transfers legal.
It was always dead, or rather, it's in a shrodinger's state where the EU comission puts bullshit in a box, and companies pretend it's fine until the CJEU opens the box and acknowledge that it is, in fact, bullshit. It's happened multiple times already.
Aside from that small quip, the article is, obviously, right. Any sane European would count their fingers after a handshake with this administration. Expecting this particular agreement to hold is madness.
I think "international cyber-relations" is something that's more
generally coming into mainstream attention [0], whereas it's always
been a bit muted and behind the scenes because people never questioned
where the Internet is. Another factor moving attention back to
geography is energy. We started caring about what "the cloud" costs
the planet. The magic of "The Cloud/Internet" was to make location
disappear. Now, who has your data is an issue again. Clearly the
Danes are not on BFF terms with US at the moment. Here in the UK our
problem is GCHQ using a lot of AWS. I've no doubt current US politics
will lead to big changes in how computing and storage is
structured. Maybe we'll get some good new protocols and practices (I'm
thinking of real massively distributed systems) out of this which make
things more resilient and less parochial for everyone.
Unlike most other developed countries, the US has no real site blocking, mostly because it doesn't need it. They have enough control over the financial system and enough friends in foreign governments that they can essentially nuke websites that don't follow American law off the face of the earth, or at least force them not to serve American users of their own "free will". See e.g. crypto exchanges that don't follow KYC/AML, crypto-native prediction markets that nevertheless require a VPN for Americans to access, despite not even interacting with the non-crypto financial system, piracy sites which are often shut down at the behest of the US government, foreign banks that ask you whether you're a US citizen etc.
Once the answer to "we are the SEC, you can't let Americans visit your site or we'll get you extradited" changes from "yessir" to "fuck off, we're Europeans who have never stepped foot in the US, American law doesn't apply to us, and our government is gonna back us up on that", things will get really interesting.
As a European who is very much against EU tech regulations and the EU way of doing tech generally, this is definitely one change I'll welcome with open arms.
As an aside, I'm surprised "freely offering drugs / pirated content / havala-style unregulated P2P crypto exchanges to Americans on the open internet" isn't a model that a US-unfriendly nation has tried so far.
>foreign banks that ask you whether you're a US citizen
Note that this is largely the case for any bank where you're not a native to their country - because of the Common Reporting Standard. However the US asymmetrically applies FATCA instead of the CRS.
"The U.S. receives information relating to US citizens' accounts from many countries due to the compliance requirements of the FATCA. The United States, in many cases, will reciprocate by sharing banking data with countries for accounts which their citizens hold in the U.S., but not automatically, as is required by the U.S. in FATCA."
This makes serving US citizens in an "average" financial institution an added burden that might not be considered worth the cost.
It wasn't safe when rogue engineers at Amazon colluded with the US government to take down Parler simply because they didn't like the politics they supported.
It wasn't safe when the US government worked with Twitter and Facebook to silence the opposing view points about Covid Vaccine injuries and lied to us constantly about the effectiveness.
There are children to this day that can't get heart transplants in the US because they don't have the Covid vaccine, which only 2% of American children have taken.
I know lots of people that took the J&J vaccine and it's been taken off the market due to deadly blood clots. Doctors mentioning this at the time were silenced and many lost their jobs.
When I see more people in the tech community talking about the authoritarian left that nearly destroyed our freedoms over the last 4 years, I might start listening to you about your concerns about our current state of politics.
AWS suspended Parler over violent content, not because of political views, and not in collusion with the state.
The J&J vaccine was not "taken off the market." It was temporarily paused to investigate rare blood clot cases. Out of 8.7 million doses administered, 28 cases of blood clots were identified, with three reported deaths. COVID-19 killed a million Americans, and would have killed more without the J&J vaccine which probably prevented 5.7 million infections and—with an R0 somewhere between 1.4 and 3.28—many millions more. This information was not suppressed, it's public knowledge discussed openly in scientific and medical communities.
There is an undeniable authoritarian element to the US federal government, but when has the US ever backed a "leftist" coup in a foreign country? There's no coherent "left" movement in the US. No socialist party.
Really, your victim mentality—fed by baseless conspiracy theories—is absurd, and your promotion of this harmful rhetoric endangers innocent lives. The US is a a police state, but not a meaningfully "left" one. It's a republican oligarchy.
This sort of thing makes me groan. Oh, now it is a problem. It wasn't an issue with Obama and Biden but it suddenly is an issue that chester cheeto is running the show.
It is no secret to anyone that Google, Reddit, Meta, Microsoft, Intel, Twitter and Amazon work closely with the three letter agencies in the US.
There are two questions here: Should gov/company/actual human use x, y or z from the US and HOW can they avoid it? I personally don't see a lot of strong answers to the 'how' question right now. At a basic level I think this is because we don't have a clear, coherent 'cloud OS' that makes it easy to build alternative offerings.
I run proxmox and try to host some things locally but the server offerings aren't quite there yet. What would be amazing would be for me to be able to truly host my own cloud so that I could share a doc with someone and the editor was hosted by my servers and safely sandboxed. It would be extraordinary if I could get my phone to offload storage to my personal cloud in place of iCloud and this was as easy as pointing to my personal cloud instead if being, at best, still a patchwork.
Things like portainer, podman, proxmox, etc are putting different pieces together but they are missing the crucial ingredients of exposing themselves to the internet safely and easily and being the foundation that my personal OS can actually easily run on. This split between device OS and cloud OS is something that hasn't yet really happened and it is holding us back from creating a viable alternative ecosystem to commercial offerings. I think the things missing from current offerings like proxmox are:
1) The cloud OS of the future needs to expose VPNs and control domains as first class citizens so that my devices can join it securely and natively. These resources are the hard-drives and network cards of a cloud OS but they are treated like apps in current offerings.
2) It needs to integrate with auth in ways that allow me to 'share' a doc from my personal cloud just as easily as google does and allow others to connect in secure, controlled ways. There isn't a point to opening up to the internet if you can't allow others to connect safely.
3) It needs to integrate with other clouds and provide native ways to migrate data and services between your personal cloud and other clouds.
4) It needs to seamlessly expand from user level cloud to enterprise and beyond. This is the 'Developers developers developers' moment. If I can develop in my local cloud things that I can deploy to a real enterprise could then I will build a lot of things even if they don't go to the enterprise.
I think building the route to 'how' is the important question here. You can't just legislate 'use the alternative' if the alternative doesn't exist. So what is the route here? How do we get to a point where it is actually possible to choose a different cloud? I think there are a couple ways here but a core component is likely a split in linux to start a cloud native install path. Basically, when you install on a machine it always installs as a container running on a hypervisor/cloud OS so the machine joins/starts a cloud OS install first and then the user OS installs are virtualized on top from the start. Basically, bare-metal should belong exclusively to the cloud OS. I think this likely would create the initial split needed to focus efforts on developing the cloud OS separate from the user OS and possibly start us down a path where the ecosystem exists to enable people to hop off of US cloud providers. As a side benefit though it would make migrating to new hardware way easier since I could likely just migrate my virtualized environment after joining it to the cloud OS the old machine is hosted on.
How to say this... it was not in the first place. And it is not specific to the US, it is the external cloud operator which is the issue.
It is a very complex matter. Roughly speaking, if you rely a lot on information systems, in the end you are own by the real operators of those information systems.
Indeed. GDPR, cookie laws, draconian anti-free speech content policies. I'm not a fan at all of the US government but Europe has proven to be the last place on earth you want to host something.
The US has DCMA and strong free speech protections.
There is no free speech protection in any EU country.
DCMA is overlooked but it's hugely beneficial for US companies and means they're not liable for what their users publish/write on their site.
In Europe you have to staff moderation teams to remove defamatory content etc or become liable to be sued yourself.
Yet almost all US companies where users can publish stuff operate in EU just as well. Seems like the upside of the market size outweights the downside of risks.
I don't find USA to have meaningful speech protection. Retaliatory lawsuits are frequent and the process itself is and the process itself is the punishment.
Plus, current goverment don't care about laws and people on top of it have history of retaliating against speech.
It is still a lot better than the nothing that exists in EU as free speech. Also the current government does not care about laws and the previous did not want free speech, but in the end there is plenty of it.
There is free speech in Europe, just not free lies. I think it’s a good thing if voter manipulation through Russian lies is addressed, this is just a piece of online warfare from Russia.
This is the kind of thing you don't have to contend with if you host outside of Europe. I don't care about your beef with Russia, I do care about free speech though.
Online warfare is warfare, and russias lies can destabilize working democracies. We all know the stories of the horrors of the 2nd world war, and never again also means fighting online warfare. Freedom is more important than freedom of lies. I’m sure that if you ask people who experienced the 2nd world war to choose between freedom and freedom of lies, they’d choose freedom.
Also, a vote for the right is a vote to increase the gap between the poor and the wealthy, things will only get worse.
My own country lies to me far more than Russia could ever even dream it. The president of the US went on live tv and said he saw non-existent "beheaded babies" just to service Israel. Russia isn't even a blip of a problem for US citizens (other than the Ukraine stealing our tax dollars). In fact, a lot of people that want to take away our freedoms seem to be anti-Russia, so at worst they're the enemy of our enemy.
I don't vote "right" because the Democrats and the Republicans are both working against my interests.
As soon as citizens no longer trust their democratic government, democracy stops being effective. I the Netherlands I think the governments have done a pretty decent job (although far from perfect, but compared to other countries they’re top of class) and I trust that most people in government are trying to do the right thing. A lot of the online lies are aimed at creating this distrust so democracies stop working.
And that distrust starts with this dishonest framing like ‘ukrain are stealing our dollars’. No they’re not, it’s your politicians that decided it was in the interest of the US to have wars: fight hitler (thank you!), fight communism in Vietnam, fund and later fight saddam, fund and later fight taliban.
But now you have a government that no longer thinks fighting Putin is useful, because they think the Russian style of government is the way to go, and not a threat to the US way of life. I doubt they’re right, the average Russian in the country leads a very poor life, and freedom is not a priority in Russia, if you disagree with government you will get thrown out of a window.
But your government is now following the government style of Russia, not following the rules of law, not following democratic, constitutional rules. Do you really want to be next Russia?
As a citizen I support my government's decision to not fund the Ukraine. I never supported it, most people don't. It's common sense, why send our money halfway across the globe to fight a battle that has nothing to do with us? That's stealing my money in my book and I don't need "Russian trolls" to tell me that. For the record I, along with many others, didn't support the wars against Vietnam, "communism" or the Taliban. We should not be the world's police. A domestic, home grown opinion based on basic logic.
It's indeed easy not to care about "our beef with Russia" when you're far away from them. The feeling is quite different when you live next to them, and know that your home might get bombed one day because of Putin's geopolitical fantasies you have absolutely no control over.
I like free speech, but I would rather not die because an army of Russian trolls managed to replace Western democratic governments with Russian puppets.
Just food for thought... I have a hard time viewing the people who want to restrict speech as my ally. Quite the opposite. I'll take so-called (likely fictional) "trolls" over restrictions of speech any day of the week.
I don't see why anybody would doubt the existence of those trolls. It's quite obvious that social media can be cheap and efficient tool for spreading propaganda, and information warfare / spreading propaganda among your enemies is nothing new. It's done by many nation states and other actors, Russia is just among the most successful.
Anyway, I tend to agree that "too much" freedom of speech is not the real issue here. Across Western world, neoliberal economic policy has failed to bring prosperity among large segments of population. Politicians have also ignored very real issues, such as failed humanitarian migration policies, DEI-policies which discriminate against particular "privileged" groups and so on. Trolls would have much lower success rate, and far right parties would be much smaller if these concerns had been taken seriously before by mainstream parties. People who are happy and optimistic about their lives and future rarely become extremists.
I find it ironic since your complaint about DEI almost certainly comes from the dreaded trolls you're referencing. I don't actually need a "troll" to tell me I don't want to spend billions of my tax dollars defending Europe when everywhere you look in the US things are falling apart. That's not Russia, it's just reality.
If your "tech innovation" isn't capable of restricting child pornography and calls for terrorism and genocide maybe it's not 100% a loss for everyone else?
Either one would agree that if the "MSM" were publishing bad things then there's a need to control it. At which point the question is why is a social media website different. Or you'd say that child porn and other bad things being published on websites are fine and there's no need to control things. At which point you'd be pretty wildly out of step with the majority of the population.
MSM are publishing bad things, freedom of speech is important and I don't think we need to "control" anything (child porn is illegal by any measure, it's an abuse issue, not a speech issue). I can't even imagine how you jumped to that conclusion. Just because I don't agree with something, it doesn't mean I'm ok with eliminating it through fascism.
You can't claim to support total free speech and also accept that there is content that is bad for society that needs to be controlled. The moment you accept the latter premise you then need to build enforcement mechanisms and have debates that boil down to political preferences on what constitutes bad. I think it's kind of a navel gazing gesture to just hand wave at "I support the good free speech' and wash your hands of any of the coercion/"fascism" that comes with how the sausage is made.
Every government and big company spies on you. If you don't host your own hardware, you should expect that. If you do host your own hardware, you're still vulnerable to things like Mossad spyware. None of this is new, and Europe is as guilty if not more guilty than anyone at this state of affairs.
I think the difference is that you would rather take your chances that your own system gets compromised by Mossad, which you can't really do anything about, than willingly hand over your information to a country that is increasingly hostile?
Like you said, the truly hostile entities will gain access anyway. The people breaking into the systems to gain access are the ones you really need to be worried about. I'm pretty sure the US government has that capability if it wants it (not that I endorse it, I don't).
Yes. I agree. But the difference is making them be an adversary, which can be dealt with, versus handing it them willingly. There is a difference there.
Why has it taken this author so long to finally realize this? It was never “safe” to have government data managed and stored in another country.
Sounds more like they just don’t like the current administration in the United States. This dislike somehow has woken them up to the reality that storing their sensitive data in another country was never a good idea.
The world has changed, but the EU acts like the solutions that used to work will continue to work in the future. Neither regulating limits to AI nor waiting for Trump's term to end will solve the underlying problem.
First, Trump's rise in the US is not an isolated phenomenon. Almost every country in Europe has its own right-wing, anti-globalization, pro-nativist parties, and in almost all countries their power has grown. Globalization decreased economic friction, but not evenly--there were winners and losers. The winners were the professional class who could sell their services to a global market. The losers were the labor class who saw their jobs outsourced and who had to pay more to the professionals they needed (doctors, teachers, etc.). The result was Trump.
US policies will moderate as Trump's failures pile up, but we're never going back to the globalist, "citizens of the world" consensus of the 2000s.
Second, (and ironically), globalization has given leverage to high-agency individuals to amass more power than previously possible. Billionaires are exerting influence (Musk, obviously, but also Gates, Bezos, Marc Benioff, Bloomberg, Koch brothers, etc.) not just because they have money, but because money can influence more people through globalized businesses. Social media is the obvious vector, but even a business like Starbucks has influence by how they set labor trends.
Moreover, authoritarians like Putin are only constrained by hard power, not by international institutions. And ironically, the whole point of international institutions is to decrease investment in hard power! The result is that people like Putin can do whatever they want.
It is obvious that globalization, as currently structured, has failed. But no one (to my mind) has yet proposed a better model. The left wants to keep globalization and tinker around the edges; the right wants to tear it all down and retreat to autarchy.
Eventually, the world will enter a more stable equilibrium. Whoever can see that new equilibrium can prepare for it or even influence how it comes about. Anyone got any ideas?
It would be funny if I survived my web dev career without ever having to touch AWS and friends, just because CPU core count, memory bandwidth, etc. scaling got to a point a single machine could handle total population of my country. :D
The UK government just demanded Apple to disable Advanced Data Protection, globally, in order to backdoor the iPhone; and Apple has at least compiled with it for UK users; but no, for sure, its the US Clouds that are unsafe, not because of specific laws or executive orders, but just... vibes. "The vibes are off, we're done" get real.
Romania just annulled a democratic election because of supposed interference from Russia. Some would say that by doing so Russia won anyway, but democracy doesn't seem to be a priority for some European countries. But, sure: Its the United States that presents the greatest danger.
I wouldn't necessarily have a problem with this reasoning, if it wasn't for the fact they only get involved when it's Russia trying to push the election in a certain direction.
There's countless examples of countries trying to influence the elections of others. I'm from the UK and a notable example that comes up here was when the US president threatened Brits that the UK would be put on the bottom of the list of trade talks if they voted Brexit.
And just recently nearly 100 staff from the UK government were supporting Harris in the US presidential election.
I'd also argue that propagating this idea that people are too stupid to see through the lies and interference in an election undermines the point of democracy. If we cannot trust people to make sound democratic decisions, then why do we even support democracy as a political system? In a democracy sometimes people will be misled. You need to trust that people will ultimately make the right decisions.
No; Romania [1]. But yes, Hungary also has its own set of problems; Europe has always been allergic to democracy, and its no surprise that allergy would keep rearing its head in the 21st century.
And European countries are by and large such lumbering behemoths of tradition and regulation that by the time they build up enough will to pump the breaks on these transfers Trump will have already left office and the EU would be split up by Russia and the US.
I think the biggest impediment here is binary thinking, which permeates a lot of this dialog
Sure, I agree with the article. Sure, the EU is way behind here in implementation, and the privacy stuff takes (IMHO) a bit of an absolutist position. But then we ask ourselves, how many people do actually turn down cookie banners (well I do, but still)
As a start, not even the US gov trusts their vendors, that's why there's FedRamp and such. It's a detailed procedural and deep certification.
Is it safe to have your stuff in a US cloud vendor? Well, which stuff? Is it safe to have it in a server under your desk? Probably less safe in the end
Which countries have actual specialists in securing data? (hey didn't the USDS just get shut down?) Which countries actually implement those security guidelines? (Or just general best practices?)
> how many people do actually turn down cookie banners (well I do, but still)
does anyone know why EU hasn't regulated (read: forced) use of DNT headers or a similar mechanism instead of non-standard cookie banners that are obviously being abused in a malicious compliance way?
Seems to me it could've been just "If I send you `DNT: 1`, that means refuse all non-functional cookies".
But see, whenever the EU prescribes a specific technical solution there's endless whining about how they're "locking themselves in" even if there's a path to evolution in the regulation (see the unified charger ruling)
But sure, they could have specified something to the effect of "if a browser specifies (though current technical means) that the user is DNT they should follow that" but there was lobbying from the advertisers and other parties as well
It never was safe in the first place. Storing sensitive data in a locale under the jurisdiction where it can be freely accessed without your knowledge has always been idiotic. That's why all proper, sovereign countries demand that their data, and that of their citizens, is stored in datacenters within their national borders.
On Trump's part this is probably just part of a public trade negotiation, so it's true; Europe should be hosting its own data and its own data processing. They just won't because it means a lot of short term pain for extremely dubious long term gain.
The PCLOB is obviously theater that gives Europe an excuse to pretend that it has an independent data policy focused on protecting Europeans, because:
1) The US will go through European data if it wants, and happily and quietly break its own laws to do it, board or no board.
2) Europeans want even heavier surveillance of European data than the US does.
3) I'm sure Europe is happy to use the US to get around its own privacy laws.
The reason Trump is breaking the board is because that will by law create a necessity for Europeans to move data out of the US, which again would be a nightmare of dubious benefit. In return for not breaking the board, Trump will ask for unrelated concessions that are a lot less expensive than that. Europe will have choices to make.
Privacywise, the US will have access to European data no matter where it is stored, no matter what it needs to do to get that access. It has nothing to lose on that front, only the income (which is imagine is not huge.) But without that board, Europeans have to choose between either onshoring or leaving the data in the US even with no working deal in place (and ending the elaborate pr charade that they care about the privacy of Europeans.) That board is a gift to Europe.
This article is not a reasonable take on the situation. It is saying America isn’t a “reliable partner”. What does that mean? Demanding that NATO countries pay their fair share instead of free loading, is now not being a reliable partner? If anything it’s the other way around, considering the US has funded Europe’s defense. America is still the best partner for Europe and it makes more sense for the two to rely on each other than to waste resources while China - an actual dangerous dictatorship - continues to rise.
It’s also odd to paint Trump as “dictatorial” given that European leaders constantly look for ways to control or punish free speech, or for ways to suppress election results they don’t like. Look at the coup in Ukraine in 2014, the actions taken after it, or the proposal to ban AfD in Germany, or the effort to reverse the Romanian election. It’s EU leadership that has become authoritarian.
Negotiate with russia about Ukraine without Ukraine.
Calling a elected president of country a dictator and spread false claims of 4% approval.
Bringing in a UN resolution that lacks the part where Russia is the aggressor in the war with Russia.
Blackmailing a country that fights for survival to get rare earths.
And for free speech, the US don’t have free speech. People are silenced by fear by „free-speech“ abolitionists so they don’t dare to speak freely in fear of repressive measures.
That’s law of the jungle not free speech.
And the AfD is full of enemies of the constitution and that’s illegal as a party in Germany.
Nobody prohibits to be such an enemy of the state but you can’t expect to get paid by germany tax payers for trying to destroy that state. That his neither authoritarian nor anti-free-speech.
> And for free speech, the US don’t have free speech. People are silenced by fear by „free-speech“ abolitionists so they don’t dare to speak freely in fear of repressive measures.
The US is basically the only country with good free speech laws. I am not saying they’re perfect, but I’m not sure what your argument on that point is. Can you share something more specific and explain how it invalidates the American constitutional protections on free speech?
> And the AfD is full of enemies of the constitution and that’s illegal as a party in Germany.
You either have a democracy where people can choose their leaders or you don’t. It appears Germany doesn’t. Preventing a party that is popular, from existing or participating in elections, is literally authoritarian and anti free speech by definition.
> Bringing in a UN resolution that lacks the part where Russia is the aggressor in the war with Russia.
What do you call the illegal coup in 2014? It removed the representation of everyone in Crimea and Donbas right? What about NATO expansionism? The aggressor isn’t very clear. I would argue that the 2014 coup and efforts to suppress Russian ethnic people in Ukraine was an act of aggression that eventually led to this conflict.
> Blackmailing a country that fights for survival to get rare earths.
This framing just shows how thankless it can be for America to help Europe. Asking for something fair in return for hundreds of billions in defense and security funding (not just in this conflict but for a much longer time), especially since it helps remove China’s rare earth control, is reasonable. It’s not blackmail to propose a fair deal. Ukraine and Europe are also certainly free to refuse the deal and not expect American taxpayers (whose pocket this comes out of) to help them further, considering they’ve already done so much.
> The US is basically the only country with good free speech laws.
You know how online comments can be used to silence people?
Imagine we had a heated argument and I end with „I know where you live“
Depending on the circumstances at some people at that point feel threatened and stop using their free speech.
Or think about the people who get fired for online comments.
You could say, free speech doesn’t mean free if consequences but that means it’s not free speech, but without consequences you could threat other people and stop their freedom of speech.
Every freedom stops where the freedom of others begin, that’s why no freedom can be unlimited.
> You either have a democracy where people can choose their leaders or you don’t.
Sorry that’s BS. Every democracy has rules for those who want to vote and want to get voted. Something like stripping convicted of their voting rights forever is impossible in Germany. You can even vote in prison. And given that taxpayers pay for the parties expenses and that they get free airtime in TV for their ads the are certain rules you have to comply to be a allowed party. So comply with the constitution is one main point.
>It’s not blackmail to propose a fair deal.
Pay or we cut of your military‘s communications via StarLink is not a proposal of a fair deal. Without communication people will die.
Pay or die is definitely blackmail.
> What do you call the illegal coup in 2014? It removed the representation of everyone in Crimea and Donbas right? What about NATO expansionism?
Because former soviet states joined NATO russia had to attack and kill Ukrainian civilians? Really?
And don’t forget that people in Donbass voted for Zelenskyy.
By that livic Russia could attack the US and shouldn’t be labeled the aggressor. I doubt that Trump would do that but maybe he would offer some US states to make a deal to get peace.
> What do you call the illegal coup in 2014? It removed the representation of everyone in Crimea and Donbas right? What about NATO expansionism? The aggressor isn’t very clear. I would argue that the 2014 coup and efforts to suppress Russian ethnic people in Ukraine was an act of aggression that eventually led to this conflict.
If you dont know what youre talking about please dont bring up ridiculous bits of propaganda.
The only illegal coups in Ukraine were in Crimea where unmarked Russian soldiers surronded the regional parliament made them appoint a random criminal from a minor party as the leader and hold an undemocratic "referendum" to join russia. No free speech was allowed by many ukranians (of russian, ukranian, tatar, and other ethncities) who opposed the russian coup.
Russian backed criminals and neonazis and scam artists backed by russian soldiers also commited coups in parts of Donbas. Sadly they were unable to vote in elections or speak freely and were basically under control of corrupt warlords in the following years. The rest of Ukraine including most of the Donbas held several fair free elections. In the last presidential election which was fair and free Zelenskyy crushed the incumbent including getting a super majority in the part of Donbas which was still able to particapate in free elections.
Russia could care less about the rights of "ethnic russians". Its killed thousands of them in their assualt on Ukraine (probably a dispraportionate share of civilans they have killed considering where most of the fighting has occured).
There was no effort to "supress" ethnically russian Ukranians. They are a well integrated part of Ukranian society, the commander in chief of the army is an ethnic russian born in Russia who onpy moved to Ukraine in his teens. Also I'm guessing youre under the mistaken impression that most of the Donbas area was ethnically russian when it was actually only about 1/3.
As for NATO expansionism thats another bit of propaganda. There was never an agreement to not include parts of eastern europe in nato(former soviet leader Gorbachov hinself admitted this in interviews with russian media), countries like Poland begged to be let in and wore down existing nato members. Most imporantly Ukraine was not seeking to join nato in 2013/2014 before russia invaded and everyone knew there was no chance of them getting in in 2014 when russia started the war or 2022 when they expanded it(too many members of nato were opposed). Now after the expansion of the war it seems inevitable.
America has done a lot but Ukranian victory and a russian loss is clearly in Americas best intrest.
With the backlash European companies are making toward US tech, can US companies now rip up their GDPR policies in return and stop with these cookie banners everywhere?
I see what this guy is saying, but one important thing this article misses entirely is: Trump was elected with overwhelming support, and is carrying out the will of the people. I think people should stop pretending that his decisions weren't commissioned, and deluding themselves into believing that he's acting on his sole authority somehow.
I have never worked with companies that chose OVH or Hetzner (or Scaleway or any other EU provider) for something else than doing things cheap.
They don't care at all about the provider being a local or European company.
They just want the cheapest option.
Which usually means using the same server to host dev/UAT/prod, and also using the extra storage available to store company data unrelated to the workloads hosted on the server.
Whereas the companies that are using big clouds are more focused on doing things with more care, and trying to avoid as much disaster as possible.
But I guess having PII data exposed on the web from an Hetzner server is better than having everything encrypted on AWS...
That's true. They were numerous attempts to introduce a European alternative, which (more-or-less) failed. The US cloud providers are years ahead. However, the EU is suffering from that; the US companies pay some taxes, but far less than you possibly believe, and it conversely doesn't have any tax revenue from their own companies. Not to mention the political and data independence that are now more necessary than ever.
The EU is a pretty capitalist organization (I mean the single market is a big part of it). I think they have trouble competing with US tech companies because of our economies of scale, and widespread use of anti-competitive business practices, general inertia, and the tendency of the US to brain drain the rest of the world. I guess, fortunately for you guys, we’re trying to throw away many of our advantages.
There are enough tech people that are ready to brain drain from here right now - some well placed money would go a long way right now if Germany, France, the Netherlands, or another tech hub was ready.
I mean, isn't the US saying that taxing imports is an ideal source of revenue?
But at the end of the day, there was never any real incentive to make an EU-native alternative. Now, there is. The US is in an uncertain state. Will American be great again? A fascist dictatorship? Argentina? Who the heck knows. Right now, we have a lot of speculation about what's going on and precious little information.
Unreliable partners give a very, very strong incentive to have critical infrastructure local.
Beyond that, what's the downside? Before, it risked triggering a trade war. Seems we're there already, and going local just gives a stronger hand.
The British government only fairly recently decided it needed to remove Chinese cameras from sensitive sites. They were complete happy to, for a long time, to give that power to a country that is an actual fascist dictatorship.
Governments are too short termist to care. Its probably OK for the next few years so keep it cheap
The danger is not just governments. Its businesses, and even consumer systems. If another country can brick all your vehicles or look through all your spy cameras or take down your telecoms then they have a great deal of power over you.
As a point of fact, China is not, in fact, a fascist dictatorship. North Korea is not a fascist dictatorship either. Neither is or was Cuba, or medieval kingdoms with actual kings and warlords.
Fascism is a right-wing ideology was widespread throughout all of Europe before WWII, and especially took hold in Germany, Austria, and Italy. It was at the opposite end of the political spectrum from e.g. Stalinist Russia.
It is not a synonym for "bad government," "dictatorship," "violent government," or similar.
I agree that it is important to use the word fascist accurately, but it is also not not as well defined as you say. There is a reasonable case for calling China fascist. It has a cult of personality, state control of the economy, nationalism, racism, elimination of minority cultures. It is far more like Germany, Italy or Spain the in the 1930s than it is like Stalinist Russia.
All of those apply to Ancient Egypt too, only more so.
I did not give a definition for fascism. You can look ones up yourself. However, critically:
1. China is not right-wing. That's prerequisite.
2. China has very little fascist-style state / political violence, and virtually no paramilitary elements. You're at no risk of being beaten up or having your windows broken for having the wrong political views. Police officers didn't even have guns until recently. There aren't Brown Shirts and Black Shirts, are groups like the fascist right-wing militias in the US. Rather, the state violence you see there is institutionalized violence, through proper administrative and bureaucratic channels.
3. China has nationalism, but is very much not ultra-nationalist.
4. China does not try to eliminate minorities if they play ball. Indeed, China is very supportive of non-Han groups (who were, e.g. exempt from One Child). Rather, what you see is forceful "modernization" and cultural assimilation, leading up to violence if there isn't compliance. If the Muslim minorities in China decided to give up their religion, culture, and desire for freedom, and started to act like Han Chinese, they'd almost certainly be left alone. You saw the same directed at Han during the Great Leap Forward. For Jews in 1930 Germany, assimilating was very much not enough to be left alone.
5. Control of the economy is limited and directed. A lot of the Chinese economy is also like the Wild West.
.... and so on.
Note that I'm not passing a value judgment on which system of government is better or worse. However, "fascist" is not the same as "totalitarian."
One of the key things in China is that if you (personally and collectively) go along with the government, for the most part, you're very safe, and life is quite peaceful. Another is that most control is "soft." The wrong post online will simply be hard to find, load slowly, or not show up for other users. Or you'll have a harder time moving up in life.
It's very little like Germany, Italy or Spain the in the 1930s, where you had armed groups walking the streets, breaking windows.
Define right wing in this context. Its historically communist, but it not really so any more, as you your self admit "Control of the economy is limited and directed"
> China has nationalism, but is very much not ultra-nationalist.
It is very nationalist and believes its culture to be superior to minority culture which is why they are assimilating it.
> For Jews in 1930 Germany, assimilating was very much not enough to be left alone.
True, but I said "fascism" not "nazism" which are not the same thing.
> Rather, the state violence you see there is institutionalized violence, through proper administrative and bureaucratic channels.
is that a necessary trait? The Brownshirts were got rid of once the Nazis were in power. Once you control the state you no longer need the paramilitary.
> However, "fascist" is not the same as "totalitarian."
I agree, but I think China has a lot of traits in common with fascist states. it might not tick all the boxes in a definition, but it ticks far more than the typical dictatorship.
> I think China has a lot of traits in common with fascist states. it might not tick all the boxes in a definition, but it ticks far more than the typical dictatorship.
It's very hard for me to see how. Even taking everything you said about China at face value (some of which I might take issue with):
- Almost every dictator tries (with mixed success) to create a personality cult.
- Almost every totalitarian state tries to build nationalist fervor to keep people in-line
- Almost every totalitarian state uses state violence to maintain control
- Almost every culture believes itself to be superior, and most successful politician try to exploit that (with the exception of a few on the far left)
... and so on.
I think a necessary and requisite element for fascism is an army of thugs and a pervasive level of fear. That's different from, for example, an army of educated bureaucrats deciding to stick problem individuals in a gulag. The brownshirts were never gotten rid of, but rather were institutionalized into the SA and to some extent, the SS. They were still thugs and relatively indiscriminate violence.
China lacks thugs. If you don't stick your head up, I don't see many people fear the government. People generally keep their heads down, fall in line, and lead normal lives.
I don't know if it's core to fascism, but expansionism and imperialism is also rather lacking in China. There are some disputes, mind, you, about places which China thinks should belong, namely Tibet, Taiwan, Mongolia, a little bit of Russia (formerly Manchuria), a few mountains near India, and a few islands, but critically, those ambitions have not changed in nearly a century.
What they have to show us is two decades of not wasting time on problems someone else has solved. Capitalism at its finest.
Now someone has thrown a monkey wrench at the invisible hand, and they have to duplicate a lot of effort. They lose, we lose. But at least they've stopped tying their future to an unreliable business partner. Divorce sucks for everyone.
That's basically it isn't it? Try going to any institutional investor asking for money to build a sovereign replacement for Google Docs or whatever in the last 15 years.
We're using Hetzner and BunnyCDN, never store any data on US servers. The decision for it is independent of the current political situation, mostly to avoid the US legal system as best as we can and to ensure GDPR-compliance.
There are plenty of other alternatives, e.g. Softmaker Office and Papyrus are German word processor and office applications.
Most companies I know (and/or have worked for) pay a lot of attention to where exactly their stuff is being hosted, partly due to GDPR. It might not be a Europe-native hoster but in most cases it will still be a data center in Europe (operated by AWS/Azure/GCP).
Which doesn't protect these companies. The CLOUD act allows the US to access the data even if hosted outside of the US, if it's a US company - since 2018. That has been a looming threat ever since, but is now more perilous than ever.
Locally (in my country) managed virtual machines, or managed hosting services (1990-2000s variant of "git push" (ftp) your PHP app somewhere and have the website running, that US companies re-invented as "git push" to deploy, while somehow managing to invert the "app" hosting vs VM cost relationship at the same time, making managed hosting more expensive).
At work we rely on "big" clouds offered by major telecom companies. AWS is seen as ridiculously expensive "religious requirement" to gain trust, if we'd ever decide to market our product to US customers, but little else.
Big benefit of smaller countries and local apps. We can more easily fit apps on one to a few computers and don't need your hyperscaling clouds to serve the entire world, because our world is 10 mil. people.
For decades, the technology center of the universe has been Silicon Valley. No matter where you lived -- Canada, the UK, Germany, India -- if you wanted to be serious, you moved to the US. And if you had a company, being acquired by a Silicon Valley company was basically the goal. In the same way that you had to move to LA if you wanted to do anything serious in the entertainment industry.
So every innovation and success ends up being sucked into the gravity well of Silicon Valley. Every talent ends up having to move to the US to be credible. Soon everything is "American". The great innovation center of the universe, fueled by foreigners and acquired foreign businesses.
Hetzner isn’t really a full-service cloud provider. They provide machines and storage for rent. It’s the first rung on the ladder to becoming a cloud provider, but they’ve got a long way to go.
That’s a cute pithy statement, but it’s not particularly relevant.
For example, Hetzner doesn’t even offer database services. Some would consider those to be table stakes to run their application. Does it add complexity? Potentially. But we accept some additional complexity if it yields incremental value.
If you don’t value the additional functionality cloud providers offer, that’s fine. But lots of people do.
Certainly, unnecessary complexity should be avoided. But it’s a bit naive to associate comprehensiveness with complexity. They’re not entirely identical.
> For example, Hetzner doesn’t even offer database services.
I am totally OK setting up my own database software on Hetzner. I understand that some people are used to "cloud" spoon-feeding them what they need and even what they really don't, but I perceive this as a nuisance.
What you call “spoon feeding” is what another calls “value adding.” Additional security, automated failover, automated backups, and automated version upgrades are key features, and a lot of people value them. It often means their customers don’t have to hire expensive domain experts (or can hire fewer of them) and can instead focus their resources on more direct value creation.
Like, of those, which provide managed services like storage (blob and smb), ampq message queue, databases in a fairly cohesive way and easily accessible from C#?
Wow propaganda bullshit straight on Hackernews. This what it has come to.
After over a decade here I didn't expect to see the deterioration coming, but it's not surprising considering the state and division of your country.
European Democracies should start a, new, NATO-like military Alliance on their own, but without Trump's America.
(and without the notorious US-made military equipment kill-switches)
And while we're at it, this time will be different: Instead of the membership criteria being anti-communism, it should be effective Liberal Democracy and Freedom from Exceptionalist Exemptions, namely from the International Rule of Law. So, to be part,
1. Compulsory ICC membership - hence no exceptionalistic US, and no exceptionalistic Israel.
2. No "Illiberal Democracies": say, for example, composite of a minimum 0.67 score on the WJP Rule of Law Index and others: therefore no Orbanic Hungary, and no illiberal others like it. Poland, Slovakia, Italy: you better watch your ways if you want in.
3. Democratic backsliding removes you rights in the Alliance, and, can proportionally lead to outright expulsion.
Not one more new military equipment purchase from the US, (and dispreference for other non-qualifying nations procurement). Member nations should use their - substantial - industrial capacity to equip themselves with indigenous military materiel.
Hey, it would be actually great for their economy!
Initially European scope, but bridges to a broader global scope (or even a secondary sister-Alliance) with open-ended partnerships with Canada, Australia, New Zeland, Japan, South Korea, and yes: Taiwan.
US and/or Israel want to join, if a more Democratic future selves? Simple: fully join the ICC, and meet the Alliance's full criteria as every other member.
1. How do you intend to pay for it?
2. How do you intend to enforce it?
3. How do you intend to defend it?
How many tanks can you deploy? IFVs? Artillery? How much ammunition can you supply? How many fighters are in service and mission ready? Bombers? Tanker aircraft? Transport? Helicopters? How many battalions (of any type) can be formed/deployed?
Repeat the same exercise in the context of a navy.
3. Defense strategy shifts from NATO's "US-centric" model to a distributed European capability matrix:
Start with French and U.K. nuclear deterrence as foundation. Layer in proven European systems (Rafale, Gripen, Leopard) while rapidly developing next-gen capabilities through joint programs. Think European DARPA meets industrial policy.
Key force multipliers: integrated air defense spanning the continent, standardized logistics, shared intelligence platforms, and fully interoperable command systems. Defense partnerships with Canada/Australia/New Zeland/Japan/South Korea/Taiwan provide complementary capabilities and strategic depth.
No US kill-switches means full sovereign control of systems. Distributed manufacturing ensures supply resilience. Distributed architecture rather than centralized hub-and-spoke.
This model isn't about matching US or legacy NATO capabilities 1:1, but creating a robust, autonomous system that potential adversaries can't easily disrupt or defeat. European industrial and technological capacity makes this feasible - we just need the political will to execute.
We would use something similar to the EU's Recovery and Resilience Facility (RRF) to fund this initiative - like a EU Marshall Plan, and, cooperate across partners’ ample industrial capacity:
If we can make cars, airliners and cruise ships, we can make military equipment.
Swedish gear is actually a good template: license manufacturing of what’s needed criss-crossing the Alliance, and joint develop new generation equipment and technologies as necessary.
After all, it’s being done since Concorde and goes on today - we just need to increase the scale.
2. Enforcement follows naturally from the funding mechanism:
Access to joint funding, industrial cooperation, and defense capabilities is tied directly to maintaining democratic standards. Very simple - fail the democratic checks (Rule of Law index, ICC membership, etc.), and your access to the system's resources and voting rights gets restricted - like originally mentioned.
Continue backsliding on democracy? The restrictions escalate proportionally. This creates both carrots (access to shared capabilities) and sticks (potential exclusion) that make democratic standards self-enforcing through practical incentives rather than just moral arguments.
The Orbán playbook stops working when undermining democratic institutions has immediate defense and industrial consequences. It's a more robust enforcement mechanism than the EU's current Article 7 process.
Bonus: Times have indeed changed - Trumpist chaos (came back to bite us and) is upon us. It is high time our security Alliance evolves from anti-communism to effective upholding of Democracy.
An overwhelming majority of democratic countries in the world recognize the ICC.
Why accept exceptionalist members any longer?
In short,
- NATO: Accept compromised / exceptionalist members for strategic advantage.
- This proposed new Alliance: Democratic standards ARE the strategic advantage.
Will the members truly be willing to goto war (even nuclear war) to enforce the agreement? Unless the entire planet believes that whole heartedly the pact is meaningless.
I have my doubts, without the US NATO is largely toothless IMO.
The credibility question cuts both ways - a Trump-compromised NATO isn't more reliable than a European alliance with clear democratic commitments and mutual interests.
France and the UK already maintain a credible nuclear deterrent. European industrial capacity dwarfs Russia's. The EU's combined GDP exceeds China's. Scale isn't our problem - political will is.
Sweden indeed shows how principled positions can be maintained while building serious defense capabilities. Now multiply that model by Europe's combined industrial and technological base.
The ICC point is crucial - when most nations accept international law, continuing to accommodate "exceptionalism" becomes a weakness, not a strength. An alliance of genuine democracies, bound by shared values and mutual accountability, may prove more reliable than one held together by mere convenience.
Rather than asking if Europe can afford to build this capability, perhaps we should ask if we can afford not to.
Interesting how you demand evidence for technical claims while making sweeping political statements without any.
Speaking of speech control - how many Russian journalists have mysteriously fallen out of windows recently? …or is evidence only required for Western claims?
> 3. Democratic backsliding removes you rights in the Alliance, and, can proportionally lead to outright expulsion.
Ok, so the alliance is a non starter then.
The invalidation of the result of the referendum in France related to the EU constitution in 2005 by the signing of the Lisbon treaty a year or so later was a clear demonstration that the will of the people was not respected.
The fact that the EU is pushing for the Chat Control law in order to access all your data on your phone, emails, pictures of your loved ones at all times without any reasonable causes/warrants is clearly an attempt to muzzle the population.
Then there is the invalidation of the Romanian election not long ago which was done under the guise of protecting democracy.
Then we can talk about the different parties in power in France /Germany and elsewhere who refuse to work with right wing parties that have been elected fair and square in parliament once again under the guise of protecting democracy and therefore are sending a clear signal that no matter who you vote for, the mainstream parties will refuse to listen/compromise and prefer to brand everyone who do not agree with them as Nazi extremists.
I thought that democracy was that the will of the people was to be respected but it turns out that ignoring 20 to 30% of your population because you don't agree with them is just easier.
To think that the EU has the gall to give lessons of democracy to authoritarian regimes....
Your examples actually demonstrate democracy working, not failing:
1. France used constitutional processes for the Lisbon Treaty - or should we never adapt treaties as circumstances change?
2. Chat Control (wich I don’t personally agree) is being debated, modified, opposed - that's democracy in action. Try publicly opposing surveillance laws in China.
3. Refusing to coalition with anti-democratic parties IS protecting democracy. Just like we don't let parties run on platforms of abolishing elections.
Democracy isn't just counting votes - it's sustaining a system where we can keep voting freely. That's why we have guardrails.
Or would you prefer we just have one final vote to end all voting?
> France used constitutional processes for the Lisbon Treaty - or should we never adapt treaties as circumstances change?
The answer was no, and then it was overridden without consultation. The people had spoken and were ignored.
> Chat Control is being debated, modified, opposed - that's democracy in action. Try publicly opposing surveillance laws in China.
The fact that Chat Control is on the table at all is the problem. You can't claim you want to protect privacy and democracy and demand access without cause to all your citizens data.
The fact that "liberal" countries are willing to debate if we should end all privacy for every citizen is not the greatest definition of democracy. Should we also have a debate about bringing back slavery as well or maybe talk about installing cameras in every home in the EU? Where does this stop?
> Refusing to coalition with anti-democratic parties IS protecting democracy. Just like we don't let parties run on platforms of abolishing elections.
The fact that you refer to right wing parties as anti-democratic parties when people have voted for them fair and square is very telling in terms of your biases. Anything we do not agree with is anti-democratic , anything we support is pro democracy. How convenient!
> Democracy isn't just counting votes - it's sustaining a system where we can keep voting freely. That's why we have guardrails.
Exactly and ignoring the votes of your constituents because you don't like how people vote is exactly what's killing democracy and why a lot of people are turning away from the mainstream parties. Instead of listening and trying to find solutions which means finding compromises, it's much simpler to label everyone you disagree with as anti democratic and label the voters as extremists.
> Or would you prefer we just have one final vote to end all voting?
Your Lisbon Treaty argument ignores that France later approved it through constitutional processes. Should one referendum permanently bind a nation against any adaptation? That's not democracy - that's fossilization.
On Chat Control - you're using classic slippery slope fallacy. Debating specific measures against CSAM isn't equivalent to "ending all privacy" or "bringing back slavery." This kind of hyperbole reveals bad faith argumentation.
About right-wing coalitions: When parties openly advocate undermining democratic institutions, refusing to empower them IS protecting democracy. Not all electoral success deserves governing power - see 1933 German Elections for why.
Your "ignoring votes" argument confuses:
- Right to be voted for;
- Right to automatic coalition inclusion;
- Right to implement anti-democratic agenda;
No one's votes are "ignored" - but winning some votes doesn't grant right to dismantle democratic safeguards.
You're basically arguing that protecting democracy from its enemies is somehow undemocratic. That's both logically and historically wrong.
> Your Lisbon Treaty argument ignores that France later approved it through constitutional processes. Should one referendum permanently bind a nation against any adaptation? That's not democracy - that's fossilization.
The referendum is the government asking for the people's choice which means that if you simply ignore it and wait for a year before bypassing said choice, you clearly never really cared about the outcome of the vote.
> On Chat Control - you're using classic slippery slope fallacy. Debating specific measures against CSAM isn't equivalent to "ending all privacy" or "bringing back slavery." This kind of hyperbole reveals bad faith argumentation.
The slippery slope is you asserting that giving up my right to privacy in order to fight CSAM is not an overreach by any government. The fact that you don't realize what this proposal entails tells me you haven't probably looked at it in details.
Anybody who thinks that this proposal is reasonable or should be debated is not a friend of privacy nor democracy.
> About right-wing coalitions: When parties openly advocate undermining democratic institutions, refusing to empower them IS protecting democracy. Not all electoral success deserves governing power - see 1933 German Elections for why.
Refusing to listen to your people when your people tell you that things are not going well is how you get revolutions and blood baths. Refusing to work with them to find potential solutions to issues because you do not agree with then is what leads to things like the Syrian war.
> Your "ignoring votes" argument confuses: - Right to be voted for - Right to automatic coalition inclusion - Right to implement anti-democratic agenda
Your response to ignoring and refusing to work with parties that are supported by 1/5th to 1/3rd of a given population is simply to hide behind the "protect the democracy" mantra. It does nothing and it solves nothing. But it makes the anger and frustration of these people stew and then at some point it will blow up.
> No one's votes are "ignored" - but winning some votes doesn't grant right to dismantle democratic safeguards.
Again with the "saving the democracy" rhetoric. This is an empty argument devoid of substance. When you refuse to work with parties that represent a good chunk of your constituents just because you do not agree with them, that is not democracy, when you label them as extremists without listening to their concerns, that is not democracy, when you attempt to ban parties because they are starting to gain traction , that is not democracy.
> You're basically arguing that protecting democracy from its enemies is somehow undemocratic. That's both logically and historically wrong.
You are arguing that not listening to people and refusing to find compromises with all the representatives of a country's population is saving democracy.
I am arguing that listening to the people is what democracy is about. if that means that a far right or a far left government is elected, so what? That is the will of the people.
Anyway I can see that you and I don't agree on this topic and that this discussion will lead to nowhere. It's best to leave at that.
Fascinating how your talking points align perfectly with active measures playbooks. Let me guess - democracy is when we let its enemies dismantle it?
The Syrian war comparison is particularly... creative. Though I suppose someone's meeting their "international conflict reference" quota for the day.
Your "let's respectfully disagree" sign-off after casually mentioning "bloodbaths" is an especially artistic touch. Very subtle. Chef's kiss for that one.
But let's address your actual arguments:
- One referendum doesn't permanently bind a nation (or France would still be a monarchy);
Here's the thing: real democracy is complex, messy, requires compromise and institutional protection. It's not just "whoever gets 51% can burn it all down."
But I suspect you know this already. The coordinated voting patterns on these threads are... interesting.
In 2025, Trump dumped Ukraine, sided with Putin and made a number of bully threats (including invasion) to its formal National Security partners. Security which - at least still today - is bound by literal treaty.
And how about making every citizen constantly carry an always-on device from the USA full of sensors and permanent internet access?
And how about basing all infrastructure on these devices, so that nothing works without them?
And how about not letting a software ecosystem flurish, so that when robots (cars, humanoid robots, weapons ...) take over, all of them will be controlled by US software?
All this doesn't mean your back-end should be based on something like Microsoft Windows Server with MS Sql Server. Or modern equivalent of serverless Windows Azure.
Russians (and everyone closely watching) started that transition almost painlessly in 2014.
Have your own search engine. Have your own payment system. Base your infrastructure on open-source.
You know, be sovereign, not dependent.
The users switching from iOS to Android is just the last mile.
That would require banning US services. As the European industry (held down by bureaucracy) does not stand a chance to build solutions that can compete.
It seems like this is not on the horizon yet. And in the times of AI, it would probably result in a huge productivity hit.
> All this doesn't mean your back-end should be based on something like Microsoft Windows Server with MS Sql Server.
Why the hell not?
From a technology perspective (i.e., data/information theory/performance/what HN should be about), MSSQL is really, really hard to beat in a big enterprise ecosystem. This isn't because of decades of prerequisite evil dealings that make it a morally incompatible offering, but because it's been so thoroughly exposed to every possible use case that yours would certainly flow nicely.
I've been watching a lot of otherwise really compelling ideas and high energy teams get turned into complete shit due to these ideologies. I can understand a EU tech startup being hesitant toward US-based technology, but in 99% of the cases I hear about, it's a purely American tech company with zero international presence that is making a bunch of noise about how much they hate whatever domestic/paid/"closed" offerings.
If you believe that the USA has the only government that wants to surveil its citizens, then you should open your eyes. The US possibly has more restrictions on directly surveilling its own citizens (within the US) than any other country.
That pesky Fourth Amendment to the Bill of Rights keeps getting in their way, so they've created ways around it, such as allowing allied nations to do the surveillance for them.
Every government in the world has mandates that require a surveillance capability. This has been the reason that satellite constellations cannot route traffic directly from user-to-user, but instead must route through "hubs", at a cost of doubling the required, but precious bandwidth.
You’re not wrong, but your point doesn’t diminish the point of the post.
Maybe we should discuss one topic at a time so we can make progress somewhere without the implication that progress that isn’t everywhere is progress nowhere?
> And how about making every citizen constantly carry an always-on device from the USA
Screw that, every EU politician have an iPhone or Android phone, loaded with apps from Meta, X, Tiktok and what have you. Step one should be for our politicians to put some sort of emphasis on their own privacy in relationship to the US, Russia and China.
Android devices run a Google OS and report data to Google. Apple's privacy claims are not actually impressive when inspected, however Android is far, far worse when it comes to privacy violations. It doesn't really matter than the phone itself might be manufactured by a 3rd party. In fact, it could be worse; your data could be excessively leaked to both Samsung and Google, rather than merely Google.
This is such a bad argument, because for a functional modern smartphone (for non nerds) you need to get into bed with either Apple or Google.
The way out of this is not expecting consumers to install fdroid. It’s putting in place proper regulations to preserve privacy and security for EI societies.
> It’s putting in place proper regulations to preserve privacy and security
That ship sailed so long ago. Not only because national security demanded warrantless backdoors, but because our companies now control regulation. If Tim Cook or Elon Musk take issue with some pesky demands for open architecture or security audits, they complain to Trump and resolve it via EO. Any protest is already quashed. Phone owners who don't actively resist hold no leverage against their OEM.
Stuff like F-Droid and PostmarketOS is the solution to this particular problem - people just don't want to admit it. It's easier to give up essential liberty, purchase temporary safety, and demand that you deserve security along with it too. Too few people realize that personal freedom is a necessary precondition to personal safety.
Can you help me understand how I've broken the site guidelines? Both my comment and the parent's are good faith discussions cut along the same rhetoric this site has tolerated for years. None of the responses are even taking this into flamewar territory, it's a black-and-white pastiche of security versus obscurity.
> so we don't have to keep banning you
My account has five karma, Dan. One downside of uncommunicated permanent bans is that it precludes the leverage you ordinarily use to encourage reform.
> One downside of uncommunicated permanent bans is that it precludes the leverage you ordinarily use to encourage reform
I'm afraid I don't understand what you're saying here. It seems simple to me though: if you'd stop breaking the site guidelines so repeatedly and badly then we'd be happy not to ban you again, and if you won't stop doing that, we have little choice.
I think it would be very reasonable to redefine the term monopoly (or "anti-competitiveness") so that it encompasses the closed technical platforms that dominate the 21st century.
Sure, but you can't do that legally without an act of congress, and the DOJ only (in theory) prosecutes when laws are broken. Redefining what a monopoly is doesn't really help in a courtroom.
In my younger days, I had a significant other who took advantage of my good nature, expected me to pay for everything, and was borderline abusive toward me at times. When I finally stood up to her, she told me she hated me. I believed her.
Could you please stop posting flamewar comments to HN? We had to ask you this just recently. It's not what this site is for, and destroys what it is for.
I know I'll get downvoted for this, but it seems like telling the truth is now a downvote-worthy offense on Hacker News. I thought we had become more open-minded, especially with the new sheriff in town.
Arguably 4G networks were developed in Europe and they are widely used.
It's a marathon, not a sprint. I live with a high living standard with access to good health care. Hey, I also live in a democracy, and you're right that I think we need to defend that well. Let's hope & see if we have what it takes..
And most of the world doesn't run on fancy new gizmos (that don't make money for the shareholders anyway). Europe is still rich because it produces high value items like steel from iron ore, and machines and cars from steel.
They are both German citizens instead of showing false national pride you should think about why you had an astronomical brain drain over the last 20 years.
I had the same initial reaction. I just finished watching 60 Minutes about policing the internet in Germany and was left genuinely confused about European culture. A place where the GDPR probably has better protections for European citizens than the U.S. but where you can apparently be arrested for insulting someone online.
I think it's safe to say that both continents have problems. No need to act superior.
Well, I summarized the other two words you used into a single one (insulting). Perhaps it's too generalized, but my point is obvious: that free speech isn't a thing over there anymore.
What do you mean by there? I live in Europe and can say what I want, as long as I don't threaten someone, etc. You may want to check the World Press Freedom Index: https://rsf.org/en/index
The top-13 are only European countries. The top-18 are only European countries + Canada. The US is at position 55. Similarly, in the freedom of expression index, many European countries (including Germany, which was your example), rank higher than the US:
I'm just using common sense here. If you can go to jail or be fined for saying something inflammatory online, you don't have freedom of speech. My "there" comment referenced Germany since that was my example and where the 60 Minutes segment was done.
They openly admit that insults can also get you a fine and have your computer confiscated. And this isn't a weird conspiracy theory, they are proud of it.
> Not only is it a terrible idea given the kind of things
> the “King of America” keeps saying,
When attempting to formulate a persuasive argument, this isn't a great place to start in my opinion. It's perfectly acceptable to dislike Trump and his policies. If you do, then go ahead and state your reasons. He was elected by the people of his country and he'll be done in four years' time. That's not how kings generally function. Perhaps I'm throwing the baby out with the bathwater, but I don't find myself too interested in reading the article after the inflammatory introductory TLDR.
You imply that the title "King of America" is pejorative, but did he or did he not refer to himself as a king? As far as I can tell, he endorsed this title.
To add on this, prediction markets currently put Trump Sr. as 8.5% likely to win the 2028 GOP nomination (electionbettingodds.com). So, I wouldn't take your "he'll be done in four years" as certainty. The market thinks things are far more precarious than you do.
This is a good question. It looks like Kalshi (which hosts the underlying market in question here) in fact does pay interest on both cash balances and open positions, at a reasonable market rate: 4.05%. https://kalshi.com/blog/article/interest-cash-open-positions
It's interesting to me that the reaction of Europe is to start taking their security more seriously. While I'm never sure the though process of a certain individual I do know this was the point of the conservative party in the US
> I do know this was the point of the conservative party in the US
No incumbent president, democrat or republican, has ever meaningfully restricted America's digital surveillance capabilities. Backdooring domestic hardware for the sake of "national security" is a bipartisan effort in America.
Seconding this, iirc at the time when Edward Snowden started leaking documents Barack Obama was president and I don't remember any effort from him to restrict USA's surveillance capabilities.
It's like the world is slowly realising "wait, why don't we just become self-sufficient as much as we can" which is what every country should be focusing on from the get go. No brainer. You never want the power switch in someone else's hands.
Europe is going down an incredibly dark path. Political censorship, encryption bans, and absurd consumer "protection" laws (e.g., like those limiting AI rollouts) mean Europeans are becoming second class globally. The irony of this post is that it is no longer safe for Europeans to rely on a European cloud.
Despite these problems Europe is still the better place to live in compared to "global leaders" like USA, Russia or China. Because limiting AI rollouts is not really relevant for your quality of live, social security, health, safety, sanity etc.
To all the people saying that this is nothing new: to me the key point here is that the author of this article, Bert Hubert, isn't your average activist / purist linux hacker. He's at least somewhat influential in government circles, in that he has held various government IT consulting positions and is listened to by lots of government IT workers. He's one of the few people I know of who deeply understands how tech works, and also deeply understands how government works (at least the Dutch government). He's also a frequent guest in radio and TV shows and the likes.
I'm hoping that this article acts as a catalyst for the Dutch government, and other EU governments, to move everything away from American clouds.
I certainly don't blame the activists for governments refusing to listen, but this threat was clear at least 15 years ago and I would expect someone as knowledgeable as Bert Hubert to have perceived it at the time.
Is the idea that they're more ready to listen and take action because of recent executive changes in the US, even though the cost of doing so has gone up by 100-1000x and the possibility of a joint retaliation from US tech giants and the government working in concert is now much higher?
I hope you're right, but one of the rough dislocations of the present moment is the disconnect between how europeans conceive of their sovereignty and the reality of their economic, military, and cultural fragility in their relationship with the US and US companies.
No amount of grandstanding rhetoric and appeals to "courage" changes that if there are any serious economic consequences (caused by US/corporate coercion or otherwise), the government would likely fall and be replaced by someone more amenable to the status quo. What feels like a small price to pay for someone focused on security long-term may be an unacceptable price for someone focused on short-term outcomes in their political fortunes.
> Is the idea that they're more ready to listen and take action because of recent executive changes in the US, even though the cost of doing so has gone up by 100-1000x and the possibility of a joint retaliation from US tech giants and the government working in concert is now much higher?
I believe so, yes. I don't think Americans realize how profoundly the last few weeks have affected European political thought. It'll take a while before you see concrete changes. Europe is like a mammoth tanker, slow to change direction, but practically unstoppable. I believe that it's more likely now than ever before for European governments and businesses to sever their dependency on American technology. Lots of comments in this thread explain how hard this is, how big the feature gap between, say, AWS and OVH is, but as a European entrepreneur I gotta say, this looks a lot more like an opportunity than a problem to me.
Is there a EU-based cloud vendor which offers:
- Compute (vm, k8s, containers, faas)
- Storage (disks, file shares, S3)
- DBs (relational, document)
- User management and access control
- SDN
- Configuration management
- Secrets management
- Key management
- CDN
- DNS
- Domain and cert registration
- Email / SMS
- Messaging broker
- Streaming broker
Preferably all in the same place and at least somewhat integrated with each other. I'm not spelling out logging, auditing, IaC and other supplementary features but rather core functionality.
That seems to me like a minimal set of services a cloud provider must offer so that clients would work on "service assembly" instead of "building from scratch" or "integrating integration-hostile products".
The concerns expressed seem a bit silly, unless the various Euro systems didn't take the very basic approach of using open standards and avoiding lock-in. Oh, and they should be backing up their data somewhere besides "in the cloud".
If those very basic precautions had been taken, migrating to a Euro cloud, or a private environment (open cloud stack) would be trivial.
If not, a lot of people should be fired...but granted, there are a lot of stupid people out there...
All that said, I'd say the concerns around this are vastly overblown.
“the very basic step” is a lot less basic than you imply.
There’s a million little proprietary APIs and the temptation to glue one to another, especially circumstances like AWS where they use lambdas for basic functionality that should have been just provided by the cloud provider itself.
Why do you say that the cost of throwing out American tech giants has gone up by 100-1000x compared to 15 years ago? I mean before everything became cloud/SaaS, American software companies were still essential to most European business and governmental operations. It was just on more traditional server/desktop systems?
If only because there are 100-1000x more system that have now tied themselves ne their data to said cloud
I hope so too, but move where? Does Scaleway or UpCloud or any other EU cloud provider have comparable offerings? Sure, if everything you have is running on containers or VMs, the stuff is easy to port to Hetzner et al., but what to do with the cloud specific apps (Azure functions etc.)? Rebuilding those for other platforms is probably a no-go unless the Union pours billions into supporting this.
Though I've cursed it for years, I'm increasingly glad our org's cloud migration has been so slow that we've only now rolled out the first apps. Pretty much everything we've build can be run anywhere we want, so if it's time to drop the ball and go back to onprem, we've not wasted anything but time on setting up the base
> but what to do with the cloud specific apps
Coming from IT land, the answer is simple: you don't use them in the first place, and you grit-and-bear the replacement cost if and when the time comes. This is a negative on my research notes, slide decks, and papers when it comes to evaluating various cloud platforms for our workloads, and yet it's also the number one reason we're forced into a specific provider (some leader loves their proprietary tooling, and forces us to use it).
Look, I'm not saying these proprietary tools are bad, per se, just that they have a steeper cost than initially presented to the consumer in terms of architecture complexity and inevitable migration. The very first question you should be asking before consuming niche or proprietary products from vendors is, "Can I do this in a standard way that's more portable?" For stuff like Azure Functions, the answer is emphatically yes - but it comes at the cost of managing additional infrastructure, which is often the main reason companies want to use those tools in the first place (a misguided notion about throwing out infrastructure to save money).
As for the solved problem of compute (VMs and Containers), well, literally any cloud provider should have that ready to go. The question is whether or not your org is willing to retain the talent needed to build and support your clouds internally, or if they'd rather pay higher outsourcing costs with vendor lock-in instead.
One thing that isn't so simple, even if you stuck to VMs or docker containers, is the networking.
The networking stack in Azure or AWS are so different that they require a different mindset to work, especially securely. If your networking needs are simple you are very lucky.
You can have a very complex networking infrastructure with very simple proxies and network segmentation. What specific feature do you have in mind. Load balancing and resource synching?
Often there are proprietary solution to proprietary problems you would otherwise not have in the first place.
I used AWS for a long time but I am back to hosting myself. What arcane network requirement would that entail? I don't think there are benefits even for government scale problems.
Anything involving private links to other organisations, cloudflare or API management to multiple endpoints scattered over on prem and hosted. I would hope you could avoid most of the pitfalls by avoiding the proprietary solutions but sometimes there is no feature parity between host services and you might be stuck.
The private links in Azure are particularly specific.
I mean, networking in general is difficult and complex. While most of my work is in the "systems" realm of IT, my formal education was primarily in the networking side of things with systems as an "also-ran". The complexities of public clouds like AWS and Azure isn't so much new complexity in networking, but a deliberate change in vocabulary and implementation of existing concepts to justify the higher salaries of those certified on a given cloud. After all, if it was the same process to implement, say, HAProxy on AWS as it was on-prem, then the illusion of "new" is shattered and customers might realize they're just paying more money for their same infrastructure, but with shiny new terms and a more consistent API/CLI experience.
After you translate the vocabulary, the process is pretty similar until you get to security items, like ACLs or packet-inspection firewalls. You're still setting up VLANs in the form of subnets, routers in the form of transit gateways, sites in the form of VPCs, inter-site connectivity through peering connections, you get the idea.
If there's one thing I've learned in my IT career, it's that most "new" ideas are just rebrands of existing concepts, and that the real expertise comes from being able to translate marketing-speak into concrete, interchangeable fundamentals. Public Cloud is, largely but not entirely, no different in this regard.
> but move where?
For hosting their government's own specific computing needs, and assuming a respectable GDP, they can build their own datacenters (pretty trivial) and hire contractors to build cloud computing environments (more challenging).
Open source cloud isn't too hard. There's OSS for about 80% of software needed for a cloud computing service provider, and you fill in the rest with proprietary and custom stuff. There's already several providers (one in the US, several in the EU/other countries) that offer "public cloud" using OpenStack. They literally give you, the customer, your own OpenStack cluster, and bill you for what you use. It's insanely easy and powerful. Yet everybody still uses the more popular providers (DO, Hetzner, Scaleway, etc), despite the fact that they all have proprietary interfaces, without anything close to feature parity with OpenStack. I guess people really like vendor lock-in and lack of features.
The hardware is more challenging to source; the chips all come from Taiwan or China, and the US and China make most of the good hardware.
For private business in their country, they might offer grants and tax incentives to EU companies to build out more local cloud hosting services. But since it's the EU I'm sure it's massively more complicated than that.
Interesting, thank you! Care to link any OpenStack providers? Do you have experience working with any of them?
Rackspace where the archetypal provider and they sucked. The irony is I've only actually ever really seen internal open stack instances, providers for whatever reason seem to prefer to roll thier own
In the US:
- The one I have experience using is Genesis Hosting out of Chicago. Their website looks like it's from 1997, because it is from 1997... But they provide a nice OpenStack solution that works well.
- I haven't used Vexxhost, they seem to provide something OpenStack-related, but their website is all marketing bullshit, so I have no idea what you actually get.
- RamNode seems to provide access to the OpenStack API.
In Europe:
- OVH Public Cloud is still short on details, but based on some verbiage buried in the marketing BS, it looks like you do get an OpenStack interface.
- Open Telekom Cloud by T-Mobile seems to give you an OpenStack interface.
- Acville Cloud is based in Romania.
- Cyso Cloud (formerly Fuga Cloud) is based in the Netherlands.
- IntoVPS seems to provide its services on OpenStack, but no idea if the API is open. They build a custom OpenStack console called Fleio.
There's a lot more listed here: https://www.openstack.org/marketplace/public-clouds/
https://www.infomaniak.com/en/hosting/public-cloud
As someone who runs OpenStack clusters and uses public cloud providers, I think it's worth noting a few things:
- Outside of the Telco sector, OpenStack is basically dead.
- Even within Telco, everyone sees the writing on the wall of OS being dead and is looking to make the jump.
- OpenStack is a cluster of poorly-interoperating, poorly-documented products -- The customer experience is fucking terrible.
- DO, Hetzner, etc all offer a superior product.
- None of those products even come close to touching the features of the big three clouds or even Oracle.
If your needs could be well-served by DO, Hetzner, etc., then your needs could be well served by racks in a colo.
Past that scale, American cloud providers are really your only option if you want that level of automation.
(Or Chinese cloud providers, but largely assuming that's a non-option)
Well as someone who's actually used them as a customer, OpenStack hosting providers do give more functionality than DO, Hetzner, etc, plus they have an open API. None of them compete with the "big 4" public clouds (everyone forgets Oracle is still around...) but if all you want is IaaS then you don't need them.
I know OpenStack is a tire fire to maintain, I've worked with it for large-scale on-prem data solutions. But if a company wants to kill themselves to maintain it for me, I'm happy to pay for the privilege.
Being a customer of an OpenStack provider isn't exactly a picnic. I could show you a long stack of support tickets from all of the things constantly going wrong.
Given a long list of support tickets vs Effectively relying on responsible stewardship by Musk and the King of America, I suspect there will be many a developer who find the long list of ticketed issues to be the less hard problem to tackle.
There are sadly a lot of "sky is falling" type people out there yes. This is why we have to determine a threat model before we implement a security response...
But that's also the point of my other comment in the thread -- a French company builds basically all of the physical infrastructure that datacenters run on. This attitude can be applied both ways.
> OpenStack is a cluster of poorly-interoperating, poorly-documented products -- The customer experience is fucking terrible.
I assume you were unfortunately a victim of Mirantis/Fuel/Puppet/Mcollective... or one of the 'converged' solutions.
While I wouldn't call OpenStack "fun" Especially in the Essex to Icehouse era, where vendors seriously impacted the code stability...It is just a well documented collection of separate components that interact using REST api's and RPC like calls over a message bus.
Nvidia, Cern, JPL, and lots of smaller companies that need private clouds and have the expertise are still running OpenStack.
For me the main value is the ability to have portability between public and private.
If you just use the ansible playbooks included in every OS repo, it is pretty easy to roll your own deployments that are quite easy to maintain if and only if your company is mature enough to follow that model and isn't subject to the soicotechnical issues that plague containers too.
While the workflow changes, the hard parts of OS and k8s, including networking, monitoring, etc,.. are exactly the same.
As a random example of what always screws this up let me point at kubespray, which is not unique at all.
Note the: > Remove docker requirements https://github.com/kubernetes-sigs/kubespray/issues/6400
That is because, like many projects, they didn't respect the natural boundaries of the node components, and they are now paying the price for that debt.
k8s and OS from an infrastructure point of view are equal in complexity. It isn't instantiating a container with CRI foo, or libvirt command bar that is the hard part.
It is the distributed computing, virtual networking , resource allocation, federation, API's etc... that is hard.
Note, if you think that the "OS is dead" for all needs, especially in the telco space, you may want to dig into what containers actually are. They are just namespaces running on an OS, and it will still be horses for corses as to what is appropriate.
Especially if you are using the easy ways of instantiating hardware for k8s, almost all of them are highly insecure by default and you are going to have to dig into the same style of systems with similar components or you will have a leak of data at some point.
I wish there was something better than OS, but if you use a dev mindset and not a glass house IT mindset it is a very useful tool that may be the least worst option for you for some needs.
No and No. It's not about the complexity of it or being any worse/better than K8s.
It's about the endless bugs and regressions and laundry list of stupid problems caused by inadequate processes by OpenStack developers.
For example, let's say you're running Cinder v3. Cinder 3.59. You want to get the volumes that you have attached to an instance, so you curl the API:
/cinder/v3/<instance id>/attachments. You get a 404.
You get a 404 because you didn't pass this header: "OpenStack-API-Version: volume 3.27". Because Cinder defaults to Cinder 3.01 behavior even when you're running 3.59. Attachments were only added in 3.27. So even though you're trying to curl a route that wouldn't even exist in 3.01 and you're running a version clearly later than 3.27, the API responds as if it's Cinder 3.01 unless you specifically tell it to do otherwise.
And this is just one of the laundry list of stupid situations that I can remember off the top of my head.
When the thing isn't otherwise failing all the time.
That isn't a bug, that is correct behavior under their contract model (which I will admit isn't my favorite).
It is common for message based systems for the target system to own the contract, and they have both the / and /v3/ endpoints that you can grab the version information from.
This is documented BTW:
https://docs.openstack.org/api-ref/block-storage/v3/index.ht...
While I personally prefer the URL method, when versioning through custom headers, if you bump the API without that custom header, you will break way more than returning correct behavior for the minimum supported version, enforcing backward compatibility for API's is generally considered a best practice.
Note:
> If the OpenStack-API-Version header is not provided, act as if the minimum supported version was specified.
https://specs.openstack.org/openstack/api-wg/guidelines/micr...
Once again, fully documented, expected behavior.
Scaleway at least is genuinely not a bad alternative for this kind of thing already today - they do have plenty of managed services like serverless functions, object storage, queues, etc, in addition to the simple VMs and container hosting.
Scaleway (and I say this with very deep sadness) is pretty bad in terms of reliability right now, there are at least a couple big outages every year over the course of last few years that I've been using them.
Admittedly they have a new CTO who according to our support agent is very focused on improving that, so here's hoping, because otherwise their tech offering is very convenient.
I mean a new CTO and a potential large investment from EU govs could work wonders for stabilizing the platform.
The reliability is pretty terrible, the billing sucks (especially SEPA) but apart from that..
OpenFaaS is one option for your functions. Knative is pretty good as well for the bulk of your applications without exposing developers to kubernetes directly. Between that and Crossplane I think you have all the pieces needed to move away to a self hosted solution where you are managing either metal or VMs through a hosting provider.
I’m not sure what this looks like outside of the US, but colocation providers offer racks of machines, or to host your machines, while providing access to cheap bandwidth and peering capabilities. It’s absolutely possible to move away from the major cloud providers. However, it will require a degree of investment within your organization to support these deployments no matter which you choose, which could be a new investment compared to using AWS, GCP or Azure.
You need teams of people, the good news is that they're available here. It's not hard as such just requires time and money (quite a lot).
It's not just kubernetes and openFaaS, what about that thing that's a virtual appliance and requires a VM, now you need KVM. Network and firewalls? Storage as in fully replicated cannot ever lose a byte or have it unavailable storage? Object as well as block. Databases, point in time restores/backups/automated maintenance for postgres and then you've probably got a mssql server for that one app, and mysql for that other app.
It becomes just a fairly massive task back in the real world.
OpenStack out of the box does KVM, network, firewalls, NVFs, orchestration (via native heat or terraform), and with the Magnum component can launch k8s, Mesos, or Swarm largely automagically. Storage is typically via ceph (which does block, object [supports Swift/S3 protocols] and filesystem) and supports snapshots and is fully replicated. Sadly the managed database service didn't make it far, but with Heat or Terraform it's pretty easy to spin up a VM holding your DBs. The native FaaS service, Qinling got deprecated a while back. Secrets management via the barbican component. Web interface via the horizon component.
I'm not too familiar with the whole range of AWS offerings, but I really think aside for DBaaS and FaaS OpenStack can cover pretty much everything someone would need, especially combined with Ceph for storage.
All opensource.
Yes, I'm aware. It doesn't reduce or negate the need for a team responsible for running storage and understanding how it works, then a team owning databases (probably with some development resources too) and so on.
It actually takes work to setup and run we are not just installing some packages and then pretending you can scrap aws.
Check out longhorn which offers replicated iscsi or nvme for free on your hardware. What you say is not that hard to do, if you want to do it.
AWS EBS volumes (except io2) have an annual failure rate of 0.2%, so if you have 1000 running statistically you will loose 2. For io2 it's 0.001%, but still not 0.
io2 high durability is 1 in 100,000 per year.
S3 has 99.999999999% durability as standard.
I see your point that it's not technically 100% but, as close as can be reasonably achieved.
That is why you have snapshots on S3
Isn't Google doing some thing where they give the software stack to a local operating partner?
I guess you can say the code is still backdoored / untestable but it seems that could be audited.
From the article:
> People also fool themselves that special keys and “servers in the EU” will get you “a safe space” within the American cloud. It won’t.
The problem isn't sneaky backdoors, the problem is that the King of America can order Google to shut that thing down and Google will have no choice but to comply.
Well, the thing I was referring to isn't GCP regions with data residency requirements. It sounded like a clone of the entire stack installed on hardware owned by the customer government.
I guess the King of America could still shut down the ability to provide support updates.
Only if the systems operate in within their jurisdiction. Systems residing outside of their jurisdiction are not susceptible to the same policies and requests. Most cloud providers in international spaces provide secure government solutions that are designed around the regional policies.
That seems naive or not responsive to the comment. If the US government tells Google to shut down all international sites/servers, or it will cease to exist in the US, I don’t think “but the servers aren’t in the US” will really matter.
I also don’t think anyone can count on extra-judicial demands from the current executive branch.
Am I wrong or misunderstanding something?
Then the government of said country will just force the local company to separate from its us parent company. Don’t forget these regions/servers are usually owned by local subsidiaries.
Not really, the whole point of this type of cloud offering is that it doesn't phone home to Google / the US. Sure, it will be left to the partner to support all of it, but it can't be shut down from one day to the other.
(Googler, opinion my own)
The issue with that is that Google can be required to backdoor it, and the partner can't realistically vet updates to a reasonable level.
If Google isn't able to shut it down or providing the infrastructure necessary to keep it running in some way, why pay them at all? Whatever path towards work that you say could happen to support it in the future could just happen now instead. If that's too expensive for the customer or the local partner to consider, I have to question what this setup is even helping hedge against at all, because the whole point of it seems like it should be for the customer to be able to put in whatever work they need to up front to be able to avoid being forced to deal with it on a timetable they don't have control about in the future.
It sounded like Google was providing all the software necessary to use a cloud system effectively, including IAM. And you could get all of the other GCP services like BigQuery or PubSub etc. I don't remember what it was called though.
So that seems to be the value add. Of course the software will eventually need updates...
Have your heard of the Clarifying Lawful Overseas Use of Data Act?
In France we have https://www.s3ns.io/ which is a Google / Thales partnership, where Thales owns 90% of the company, handles the datacenters and Google provides the software and the updates without touching the servers themselves.
They are about to go live in a few months.
This is a good option IMHO, and we're about to migrate some of our workload (currently 100% on AWS) on it.
We use EKS, RDS on standard PG, SSM and S3. S3 is a standard now, SSM can be replaced by something else fairly easily, EKS and RDS are just managed open-source software. So it's mostly an added burden on the devops side.
What happens if Google is no longer allowed to provide software updates due to trade restrictions, sanctions or executive orders? Does Thales have a copy of the source code and the capability of keeping it up to date themselves?
In France, this is https://www.s3ns.io/en
People who build vendor locked applications are making a short-sighted decision. Call me old-school, but vendor lock-in benefits developers more than businesses. Agree that they can learn new shuny things. A well-built application should run seamlessly on any Linux-based system without unnecessary dependencies on proprietary ecosystems.
The real moat is Azure AD and Exchange. The government IT teams I know can operate a fleet of VMs just fine, but they need email and identity management handled for them.
>I hope so too, but move where?
On premises.
I find that often people conflate "move to cloud" with "take crusty thick client application and webify it".
Replace (most, not all) crusty apps with a web version - sounds good to me. Put it in the cloud - that's optional.
https://european-alternatives.eu/
> but what to do with the cloud specific apps (Azure functions etc.)?
Don't build them. Vendor lock-in is a real problem: even if there are no political issues, it's a business risk because they can charge you whatever they want.
Also, the cost of migrating off these things is usually overestimated. It's an HTTP request, for crying out loud.
Fully agree with you there - building cloud-only stuff has always seemed foolish to me. Even Azure Functions can be done as e.g. simple C# programs which would be trivial-ish to port ovee to VMs.
But my concern is for those that have built something as Azure/AWS only, who are now stuck with the bed they've made. Sure, there are lessons to be learned here, but if the volume of these is too high, then there will be pushback on any meaningful change since it will be too expensive
Canada
OVH? Hertzner?
Lidl?
:/
If it costs billions then that is what it costs.
The upside of having a "aws" level competitor that pays taxes in Europe, could be worth billions or more.
If that's the price tag, then I fear that "let it slide" will win the vote when governments decide what to do. Put another way, if the effort of making a change could be lowered, it's more likely that a change will be attempted
heh.
by the course of looking for programming job, i have scanned hundreds of job-ads, incl. governmental. everybody-and-his-dog requires AWS/Azure/GCP knowledge as if it matters thaaaat much. These cloud-y things have become a mandatory buzzword, and i am not talking about sysadmin/devops.
In my last gig the system was kept cloud-agnostic, so moving between providers or on-prem be possible at any time. And i as CTO kept that good thing, although had to resist some pushes. But seems such cases are few - most places now dream of hyper mega-giga-scale and Lambdas and Big-queries.. while doodling few thousands of requests.
Lets see if there's any wind change.. vendor-lock is a real thing, with much deeper (architectural or life-cycle) consequences than usually perceived.
The dependence was established sooner by using external infrastructure. The premises that this infrastructure is not under your control is exactly what he now derides.
Someone knowledgeable should have seen this before, this is a core issue when setting up a strategy for digital systems. And this isn't an issue between "purists" and the rest, that is a false dichotomy. The decision was simply to outsource infrastructure to systems you have significantly less control over.
Might work for 15+ years or it might not. I doubt anything will be done now, investments are probably too high. But it is an issue with lacking foresight.
Between countries and the main task for intelligence agencies is industrial espionage. The Dutch government, like many others, decided that exposing themselves is no issue.
I disagree that it has become a problem only now, this is due to his narrow view on politics and a bit naive in my opinion.
I understand the sentiment, but as a Dutch person: The only thing I am more worried about than the government moving all our data to US clouds, is the government trying to do anything IT related themselves. They do not have the skill and have proven that over and over again in a long list of bungled projects.
I'd rather have my data end up with Google/Amazon/CIA than it ending up everywhere on the internet due to poorly configured DIY servers (and at twice the cost probably).
If there really is no organizations competent to run government application in the Netherlands, then that is even bigger reason to start doing more of that in the country. I mean, computers are not going away! The competence and infrastructure does not magically appear. It requires consistent investment over time. Not being able to maintain computer based infrastructure is like not being able to maintain water supply of a country. Completely unacceptable. Heck these days maintaining water supply at city scale is difficult without computers and networking...
That is because you only hear about the failures.
Besides: this is not a problem of competence or incompetence of either US companies or Dutch government. It is about the very real threat of US government no longer allowing US companies to provide us with services.
It is Russian gas all over again.
Here's to hoping that decision makers will listen to him.
The concern isn't new. I've been involved in several UK government projects that considered moving to AWS.
Each time the discussion on moving to a US based provider was a big consideration, particularly the use of managed services that involve data was a hot topic. Part of the risk assessment was considering what the consequences might be if the US government became a bad actor. It was seen as high impact but extremely low probability. Starting to look like we got that part of the assessment wrong.
I think it will take time for the impetus to move to US clouds providers to slow and reverse but I'm not sure I'd be surprised if it does happen now.
I've been interviewing candidates using questions targeted at getting them to talk about experience instead of skill. Like asking about their involvement during production incidents, then drill down to see if there's anything interesting to focus on. Can probably also be gamed by AI but people are usually surprised about my approach and they often provide good feedback after the call, even if I have to decline their application so I guess it works somewhat well for both since it doesn't force anyone to just recite the same phrases.
The thing that gets me is the disingenuous parallel construction. Just say the truth.
Europe wants to improve its economy by growing their consumer tech industry. Some of these products like Google Analytics (the example he is upset about) are really hard to replicate (writing to a database on every visit to your website is an expensive thing to do, significantly more expensive than hosting the website!). So they've been slowly increasing the tariffs (disguised as privacy regulations) on US tech firms. It's gone poorly, even EU governments (let alone EU businesses) still use products like Google Analytics, and US tech firms have been able to engineer their way around the regulations, again doing a better job than EU governments who have been busted countless times for breaking GDPR with their own systems.
No one cares about any "data sharing agreement" or a "Privacy and Civil Liberties Oversight Board" no one has ever heard of that has never done anything. Its a tariff with various ways to pick winners and losers.
The only thing thats changed is there is a higher chance these privacy regulations will be recognized as tariffs by the US.
What you describe is true, and it can also be counterproductive vecause to be competitive you need the best and cheapest services, and raising the prices doesn't often result in a healthier tech ecosystem. Typical Eurocrat thinking.
But EU citizens genuinely care about privacy, in part because of decades of totalitarian and near-totalitarian regimes.
There is another risk underpinning this, I'm not familiar with this so it's mostly hearsay on my part, but foreign firms in the US routinely get completely screwed in US courts, and fear the seizing of their data in discovery processes or other ways. The data sharing agreement was made to provide some degree of clarity or assurances in this regard.
I've met managers who are convinced that if they're not careful, their IP and business data will get stolen by their US competitors through various legal or less-legal means. EU executives have been detained for days at the border on suspicions of terrorism to coerce them into selling US assets. I can't judge if this is paranoia, and maybe those companies could make use of better protection against Chinese hackers but there's certainly some truth to that.
> EU executives have been detained for days at the border on suspicions of terrorism to coerce them into selling US assets
You're going to need a citation on that sort of thing, because I'd expect it to be a much bigger deal.
Are there any news stories about these specific claims (executives held by the US until they divest assets, EU companies losing their data in discovery and being copied)?
The EU's biggest exports to the US are cars & pharma. I guess the VW diesel situation could be seen through that lens, or the GLP1 compounding rules.
By that do you mean influential with the Obama/biden administration?
I said the word "Dutch" multiple times. The article itself says it a million times. So, no, not the "Obama/biden administration".
My confusion came from this line:
> To all the people saying that this is nothing new
An EU state wants to boycott or regulate American business? I don’t know how that’s new.
It was never safe for any government to move any secrets to any cloud. The fact that the US government is okay with doing this with its own secrets surprises me to this day. You have no secrets from the person who owns your hardware.
It isn't uniform by any means but the US runs on a physically independent cloud, often in their own facilities, designed by the big cloud companies. When using the public cloud for unclassified work (e.g. working with outside vendors), the data is only allowed to reside in specific data centers that have been vetted by the government, not all US regions have the same authorization. For example, government data in an S3 bucket in the public cloud may only be accessed and processed within the same region, which can be annoying if your infrastructure is elsewhere.
The US is far ahead of most countries when it comes to government use of the cloud. Other developed countries often learn how to do it from the US but are less comfortable with the technical requirements, which slows down adoption.
This is a great point. For example, near where I live there’s a massive Google cloud warehouse out in the middle of a field next to the highway. Inside of that warehouse there’s a separate section for servers belonging to the US government that can benefit from all the electricity contracts Google has negotiated, the physical security and fences that Google has set up, and the fiber optic cables they’ve laid.
It’s the best of both worlds, they get the decades of research Google has put into systems engineering and fault tolerance while retaining the security of having their own servers.
Physical isolation is kind of irrelevant for the concerns being voiced here no? It's not like Europe's main worry is random people walking in and yanking hard disks out of servers in datacenters.
It's not the technology, it's the US Cloud Act which has slowed a lot of it down.
Very few actually qualified and capable techies here trust any of the US-based cloud providers.
Other developed countries are less comfortable because all the major cloud providers are US-owned companies and the NSA has a very, very long history of using US companies as information security weapons.
Not that they're the only ones. Israel has been busy stuffing investment cash into the pockets of Unit 8200 members so they can found security software and service startups coughSnykcough
for Israel I would have said Check Point firewalls, or the company that owns Express VPN and Private Internet Access
The US Gov't has their own GOV Cloud Datacenter Regions. It's run by azure and AWS but there are restrictions on who is allowed to use it. It's not really public
https://aws.amazon.com/govcloud-us/?whats-new.sort-by=item.a...
https://learn.microsoft.com/en-us/azure/azure-government/doc...
The 4 major cloud vendors (Azure, AWS, GCP and Oracle) all have Air-gapped regions in addition to their "GovCloud" regions.
The point is Amazon and Microsoft surely have vested interests in government data they are not supposed to be privy to.
It's not just the corporations as a whole that are an issue. It increases the insider risk footprint of that data to include your cloud provider's employees as well as your own. Amazon, Microsoft, and Google almost certainly employ agents of your adversaries (including US agents working without their knowledge) who have weird attack vectors and now have to be part of your threat model.
And the government has lots of leverage it can use against Amazon and MS if they use it in a way the government doesn't want. EU govts don't have that
US Government leverage: $200,000 fine, appealable.
US Government leverage: FISA secret court, prison time
touch the right HSM in one of these facilities and you get to know what it's like to disappear
Not with this current government.
You're assuming the people who handle it for the government weren't working at Amazon and Microsoft a year ago, and won't again be working for Amazon and Microsoft a year from now.
The government doesn't have leverage. The government is Amazon and Microsoft's leverage against others.
I am sure both companies have NDAs and contractual agreements in place that can be enforced and monitored.
Yes, I agree.
I make the parallel with "gold." Whoever has your gold, got you by the hanging spheres.
Given the importance of data today, I am baffled common citizens are not familiar with the "Data at rest" principle.
So the US is within its rights to ban TikTok?
No, that's overreaching.
If a country's citizens want to give away their data, it's well within their right to do so. At most, the U.S. Government should educate about it, much like tobacco dangers.
Having that said, U.S. citizens with clearance and/or government employees should be subject to data loss prevention measures, like they already do[0].
I'd be forward for a ban if it was an issue of public mental health, but the U.S. Government cannot take that angle because they'd have to kill Meta Platforms as well. They know they can't, Meta lobbyists will not allow that.
But restricting TikTok based on data control and free speech liberties, that's overreaching. I've already seen TikTok videos of people saying they'd stamp their U.S. passport on the forehead and give it to Chinese ByteDance rather than use Instagram. It is well within their rights to do so if they so desire.
--
[0]: https://www.pbs.org/newshour/politics/why-tiktok-is-being-ba...
Quick note I wanted to add: My take on this matter comes from a "regardless of what you do, the why is more important than the what."
Ban TikTok? Do whatever, I don't use my account. I deleted the app long ago.
Why do you do it? Fight that tooth and nail. Do it for the right reason and be consistent.
Nice comparison
The US government’s secrets are routinely held and processed by contractors. The prototypical government secret is something like the plans of an airplane designed and manufactured by Lockheed Martin.
Elon Musk will have access to all data.
That should scare everyone given his propaganda machinery aimed at elections he does or doesn’t like
Were you this afraid of the propaganda machinery when it was aimed at conservatives? It seems far less radicalized now then it was. Just now other voices are actually allowed.
his propaganda machinery hasn't been aimed at conservatives for a decade or more now.
"other voices" is a joke given how much censorship there is on twitter
Security isn't a "safe" vs. "not safe" bool
The world literally has hard proofs of mass espionage by the NSA and CIA after Snowden and Wikileaks Vault 7. Moving your government secrets to the US cloud has been madness for at least 12 years.
https://www.usenix.org/system/files/1401_08-12_mickens.pdf
Alright so get a magical amulet.
Cool, encrypt everything before uploading. Keep the key client-side
See, parent is right? Safe/not safe dichotomy helps nobody
I didn't know that computation on encrypted data without decryption was solved overnight.
It seems like you might be aware of limitations but for those who aren't aware of the technique:
https://en.m.wikipedia.org/wiki/Homomorphic_encryption
When I last looked into it, the compute overhead was very high, such that (for the tasks I was looking at) it seemed significantly cheaper to handle everything on-premises with trusted hardware than remotely on untrusted hardware.
To be clear, this was 10 years ago so things may have changed. Also, my task was memory bandwidth limited, where even changing the memory access patterns slowed things down by 10% or more.
Correct, it's more like a bitmask.
Except if any of the bits are flipped you're f-d; especially so if your adversary is a nation.
“Secrets” is a broad term that covers everything from payroll information to the history of CIA clandestine operations. Only some kinds of these are stored in the cloud.
This does raise a valid question of what secrets can or should the government have.
I think it's obvious that some secrets should be kept. It makes little sense to expose our nuclear secrets, counter espionage, or ongoing investigation efforts. But how far does or should that extend? Should everything the NSA/CIA/FBI/IRS does be secret? Should they stay secret for years or decades or forever?
IMO, the US goes too far in it's secrets. Stuff gets classified that just makes the government look bad and that's dangerous.
And that's where I'm somewhat less concerned about putting US secrets into the cloud. Sure there's highly sensitive stuff that shouldn't go there, but there's also a lot of stuff that shouldn't have been a secret in the first place.
FOIA makes the US gov't one of the more transparent democracies, as a counterpoint. So much so it started getting copied by them.
https://reason.com/2024/12/26/foia-for-all/
According to the very link you posted, the US was two whole centuries late to the party. Better late than never of course, but the spin of trying to then frame it as an American Victory(tm) is pretty ridiculous.
“Transparency” as leaks from abuse is very, very different from transparency as a policy of easy access – and neither makes you necessarily better informed. In short, a biased selection of information can leave you worse off than having no information.
> The fact that the US government is okay with doing this with its own secrets surprises me to this day.
This fact conveys information. Namely, how tightly bound these supposedly independent services like AW GovCloud are with the government itself.
Which also tells us how much direct access the government has to all the AWS (and all other providers) infrastructure.
I think this is the key. It is cheaper and more convenient than ever to deploy and manage data critical services yourself, in a self hosted manner that is protected by whatever jurisdiction you are in. What matters is not who builds it, but who has access to the data, and ideally, that's only you!
The US government is okay basically because people who own cloud platforms are part of the government.
pretty sure my remote encrypted backups[1] can keep a secret or two from the cloud storage provider
[1]https://rclone.org/crypt/
I disagree.
Why would encrypted data, which the provider holds no keys to, be a dangerous way For a government to hold a secret?
> You have no secrets from the person who owns your hardware.
What if the hardware is physically located in your own country, and employees of cloud vendor are virtually "accompanied", and watched, any time they login to the hardware? That's called sovereign cloud and all cloud vendors have it.
But the long hand of US law reaches even there if it is owned by an US company.
or if the company that runs it touches a US dollar
Isn't this just kind of willfully ignorant to the way the government cloud works?
GovCloud claims that it's used to "manage sensitive data and controlled unclassified information (CUI)."
I don't think the US government is dumping classified info onto corporate cloud environments judging by this description from GovCloud. But there's plenty of info that's sensitive but unclassified and the government does need to function in a lot of ways that doesn't involve state secrets.
https://aws.amazon.com/govcloud-us/ for more of a description of what GovCloud actually is.
>> I don't think the US government is dumping classified info onto corporate cloud environments judging by this description from GovCloud.
There are cloud environments specifically for classified info:
https://aws.amazon.com/federal/secret-cloud/
https://techcommunity.microsoft.com/blog/coreinfrastructurea...
and google also, including top secret: https://www.nextgov.com/acquisition/2024/04/google-now-autho...
There are secrets and then there are secrets.
For the former, confidential compute is far enough along that this data can in fact be secret from the hardware owner. This is vital even for on-prem hardware -- IT folks and techs with physical access shouldn't have access simply due to proximity.
For the latter, sure, but this is very expensive. It goes well beyond owning the hardware.
I guess so, but based on current events, it doesn't seem like the US Govt. has any secrets that it places any value on. Between a bunch of glorified interns being given access to anything & everything and a bunch of known compromised department heads being appointed... it doesn't strike me that the US Govt. takes its national security very seriously at all.
The US Govt. seems empirically much more vested in what goes on in public restrooms than it does in what goes on in global affairs and military conflicts.
The sheer number of flagged replies to this comment is telling.
Some political views are now prohibited on HN, it would appear.
EDIT: Case in point.
[flagged]
[flagged]
You can't post like this here. Since this account has been doing it repeatedly, I've banned the account.
If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future. They're here: https://news.ycombinator.com/newsguidelines.html.
[flagged]
You do realize that whataboutisms don't actually prove your point? Implicitly you're saying that what Hillary did was wrong, but now that my guy is doing it, it's ok, since Hillary did it. You can't have it both ways. You either believe something is wrong, or it's not. To argue both sides usually means a bad faith attempt at pushing a narrative.
I'm not sure I'm understanding the relationship to what I said there.
Is that example supposed to be an indication that the US Govt. does take its national security and secrets seriously?
And people who made big deal about that while being silent now are quite massive hypocrites.
It is so clear in retrospect how fake the outrage was.
The outrage wasn’t only fake, it was literally manufactured by Russian bots.
[flagged]
I'm very sure that there is a lot of spending that is used inefficiently. Any large organization does run into that problem. Resolving some issues, cutting red tape, making processes more efficient, all that is probably a good idea. However, "DOGE" and those cheering them on have not produced any evidence for the vast majority of the claims they made. Often they also just misrepresented facts (e.g., USAID supposedly funding media sites, condoms in Gaza and many other nonsense) or simply lied. I also don't see much promotion of actual nuanced views on the topic like the Hamilton Project's tracker of federal expenditures which you can find here: https://www.hamiltonproject.org/data/tracking-federal-expend...
At the moment, the US government seems to be mainly focused on causing headlines to make their base happy who want quick victories and have not shown resilience to simplistic takes, and - of course - to make the opposition party and their supporters panic.
And what qualities of an audit would you trust from a department that acts like that? They’re not, for example, combining all prior audits into a sophisticated longitudinal audit research tool. They’ve prepared their conclusions to hold even if they misplace three orders of magnitude.
I believe the audit stuff is overblown [1], there are strict requirements for passing and it doesn’t mean the money is literally disappearing into a black hole. I don’t have every Chipotle receipt saved in the past year but that doesn’t mean my spending is mysterious. I assume that’s why being audited by the IRS is considered a nightmare, it’s nontrivial.
It seems the Pentagon audit process only started in 2018, and Congress gave a deadline of 2028 to pass a fully clean audit, which they have made progress on:
> Of the 28 military agencies, DoD leaders think 11 are expected to receive clean audit opinions, one more than the previous fiscal year.
[1] https://thenationaldesk.com/news/fact-check-team/pentagon-fa...
I have literally no idea how this relates to what I said. Did you mean to reply to someone else?
It’s that mentality of ‘flooding the zone’.
There are plenty of charts based on public budgets, you can pick your favorite. How shall we judge whether transparency is improved? What if all of this results in less transparency?
The only audits that have failed have to do with national defense budgets. athis is the one area of government that Republicans hate to cut.
Your question can be answered without giving away control and access to unauthorised and inexperienced auditors.
Governance, Risk, and Compliance has been missing. Too many decades of nepotism, insider trading, corruption ( starting with lobbying ), have led to the lack of transparency. The movie “The Big Short” has explained some of these issues.
Many many years ago I used to work at a drug store with two tills and we couldn't account for every penny.
What audits?
Pentagon audits, they've failed for 7 years in a row and they don't expect to be able to pass an audit until 2028 https://breakingdefense.com/2024/11/pentagon-fails-7th-audit...
Has Elon (I guess rather his "DOGE" department) so far even remotely touched anything military related?
Nuclear workers in the Department of Energy are militarized.
Yes.
Poster is probably referring to the audits that the Pentagon keeps failing year after year: https://www.defensenews.com/pentagon/2023/11/16/pentagon-fai...
Don't mistake obliviousness for a conspiracy. The vast majority of the doge savings link straight to the Federal Procurement Data System that anyone can search or ingest from. You're of course free to disagree with the spending but if you weren't even aware you could look at these contracts then maybe you should ask if you're being shown the whole picture or if it's closer to a politically motivated hit job on our civil servants.
And one could peruse that under any administration. The challenge for an honest DOGE is that they must do better than 100% of past Federal efficiency policy, which is maybe a hundred incremental changes[0]. If they cause _any_ problems that those fixed, then they’re at best not up to the job and maybe even deserving cynicism.
[0](https://trumpwhitehouse.archives.gov/omb/management/office-f...)
[flagged]
On the contrary this is exactly what they said they'd do if elected. This is exactly what was voted for. Don't pretend like Americans didn't have agency in the destruction of their own country.
The very fact that it's even possible to have this kind of thing happening unfettered, unconstrained, and unaccountable is evidence in and of itself that the US Govt. doesn't take its national security & secrets seriously though, isn't it?
In what sense?
In that taking those things seriously would have included:
* More creative threat-modeling.
* More effective prevention measures.
* More vigorous mitigation & stonewalling attempts.
* More rapid remediation & rejection of the intrusion.
Especially for a threat vector that was telegraphed so openly so far in advance. The circumstances might be unprecedented, but they're not at all surprising.
What sort of threat modeling would have prevented this?
There are plenty of mitigation and stonewalling going on, but mostly through the courts.
Executives must have some power, or else the process itself becomes the executive and there's no ability to respond to anything.
If there's anybody to blame, we must place the blame on the executive wielding the power, and those who have enabled this to happen by putting that particular executive in power by subverting the traditional vetting process. If a political party no longer performs basic vetting of that level then the entire party should probably be eliminated.
The polls are starting to agree with you. Trump’s actions are extremely unpopular, and support from his base is eroding:
> In the CNN poll, Musk having a prominent role in the administration is viewed as a “bad thing” (54-28) by a nearly 2-to-1 ratio. The Post-Ipsos poll showed Americans disapprove by a similarly wide margin (52-26) of Musk “shutting down federal government programs that he decides are unnecessary.”
> And Americans said 63 to 34 that they are concerned about Musk’s team getting access to their data, which is the subject of high-profile legal fights.
> Even 37 percent of Republican-leaning voters said they are at least “somewhat” concerned about Musk getting their data.
https://www.washingtonpost.com/politics/2025/02/20/trump-pol...
Thank you. This’ll be cake compared to the inevitable bailout of DOGE.
It was well known that this was exactly what Musk would do, by anyone paying the slightest shred of attention to what was going on.
He said it was what he was going to do, he was up on the stage, I heard many many people salivating for DOGE cuts like this before the election, and even today.
> It was well known that this was exactly what Musk would do, by anyone paying the slightest shred of attention to what was going on.
I agree, and frankly anyone feeling "surprised" right now probably still thinks strongly worded emails and letters are enough to solve the problems they're just now seeing. Those things rely on a stable democracy where constituents and what happens to them matter at all.
> anyone feeling "surprised" right now probably still thinks strongly worded emails and letters are enough
No, it’s completely different than that. Some of them I’ve talked to, they’re confused about this Musk Internet guy. And they’re confused why their news isn’t giving them the predictive edge those aware of Project 2025 seem to have in conversation. “I guess we’ll see…” “I guess we’ll have to have hope…” The same people willing to accept fabulist conspiracy theories for non-white-male candidates now openly rely on faith-based appeals about the character of the richest man in the world.
This is a good point. Aside from the objectively unavoidable and nigh-uncountable deluge of articles, opeds, social media posts, video news segments and direct statements from the candidate and his representatives describing exactly what they intended to do and a 927 page document detailing the plan that was released two and a half years before the election, what warning did anybody have?
Musk buying Twitter and then spending millions to buy votes in PA weeks before the election seemed pretty obvious.
People like him don't spend without an expectation of something in return.
The more surprising thing is the amount of people who think successful capitalist = successful political leader, when the incentives and constituencies are drastically different.
I see Americans defending Trumps and Musk. Or acting as if everyone just overreacted. So I would say, quite a lot of Americans are either fine with this or actively want it.
I heard a meaningful quiet after the H1B fight. The kind of guys who said “kick em out! Imma get me one of them high-pay tech jobs” Those guys had to watch Trump, revealed to employ a lot of H1-class workers, claim we need more.
The masses are asses.
There are 300M people here and Trump won by ~200K. You can safely say that some are fine with this administrations behavior, but many are not and starting to actively protest and resist. Both are true simultaneously.
He still got almost 48% of the overall vote, however.
He may not have won the popular vote by much, but he certainly has a dedicated base of staunch supporters.
By their unceasing jeering, bright hats, and constant online presence I'd be surprised if there's anyone hasn't noticed them by this point.
Somehow it's worse than in 2016
That's not necessarily true if you use the appropriate tools and controls to safeguard data. Further, "any cloud" is a sweeping generalization and not all clouds are created equal. You raise valid concerns about trusting third-party hardware BUT.. come on, ease up on the alarmism.
To elaborate: robust encryption, dedicated hardware security modules (HSMs), and sophisticated key management safeguards data even if it resides on someone elses hardware.
If you design your system properly, even if the cloud provider manages the underlying hardware, your secrets remain secure because the keys and sensitive data are protected in a controlled, isolated environment.
[dead]
you can obviously have secrets from someone who holds your ssd, that is the whole point of encryption.
I feel like you've narrowed the original statement ("You have no secrets from the person who owns your hardware") when you scope it to just data storage at rest. I take hardware to mean significantly more than just at rest data storage in the context that it was used.
If your unencrypted data flows through any AWS memory or compute, or if your encryption key flows through any AWS memory or compute, then AWS *can* access that data.
> It was never safe for any government to move any secrets to any cloud.
does this not refer to moving data?
I don’t think it refers solely to data at rest, no.
Thats not fool proof what so ever.
It's as fool proof as you can get though.
If your data is well encrypted they practically don't have any access to any of the information except how much of it there is
Good to see this attitude becoming increasingly prevalent. I'm used to being a Cassandra in IT world, and while I'd have greatly preferred being wrong in my 2019 research concerns about data sovereignty, cloud-repatriation, vendor lock-in, and a shifting geopolitical landscape, welp, here we are anyway. I cut my teeth in data center operations and defense contracting, and knew immediately the real cost of public cloud would be the forfeiture of sovereignty to whichever country (and companies) controlled the major providers - surprise surprise, I was right. The solution was never to outsource core government infrastructure to a third party, but to build it in house and recruit the talent needed to keep it running, something easily done on most developed governments' budgets; by outsourcing to public cloud service providers, they traded national sovereignty for empty promises.
Bookmark this comment, because my read is that in five years' time the question won't be whether or not public cloud providers can be trusted, but how to engineer infrastructure on cloud providers you cannot trust. How do you encrypt storage on a cloud platform when you can't trust the vendor's tooling to secure your keys? How do you orchestrate K8s clusters in a provider who knowingly gives a hostile foreign government access to your etcd or network layer? How do you handle data boundaries within your own org when multiple countries with competing standards demand residency of data and infrastructure? I worry it'll be the "Chinese Firewall" problem but on a global scale, as different regions carve out their own digital kingdoms and demand fealty or expulsion.
Perhaps Homomorphic encryption can provide part of the solution in running services on untrusted Cloud platforms?
Although with Microsoft's recent breakthrough in their quantum processor, I'm not sure whether quantum will be a help or a hindrance.
This is nothing new, Microsoft signed an agreement with the French government to build a sovereign cloud called Bleu [1] operated by Orange and Capgemini using Azure and Microsoft 365 technology. The German government did something similar and launched Delos Cloud, operated by SAP and Arvato Systems.
[1] https://www.globenewswire.com/en/news-release/2021/05/27/223...
[2] https://www.bertelsmann.com/news-and-media/news/first-sovere...
> called Bleu operated by Orange and […] using Azure
This is somehow funny.
Not sure how the person doesn’t realize the contradiction.
https://en.wikipedia.org/wiki/Bleu_de_France_(colour)
The pun is intended.
They should have used "violette" then (azure + orange)
> The German government did something similar and launched Delos Cloud, operated by SAP and Arvato Systems.
this will be an overpriced nightmare
Aweful strategists did that, if they weren't simply corrupted.
The reasoning is that, with sufficient security, on premise (more or less) cloud technology is not much different in terms of sovereinty from sourcing your hardware from China.
> using Azure and Microsoft 365 technology
then they didn't do what the article is suggesting
https://www.cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-001/
https://cyber.gouv.fr/decouvrir-les-solutions-qualifiees
That was such a low blow, given we have stellar companies like OVH that have demonstrated their skills and willingness to bring great hosting, and are fully local.
Canadian government IT is mostly all Microsoft. The government can't even send themselves email without it going through Microsoft, a company based in a country (USA) that wants to take over Canada. Insanity.
That's true for most EU governments as well. We lost the ability to host our own email infrastructure long before we moved to US clouds.
big tech has been pushing for cloud for a decade.
same companies that also happen to have advertising and data mining as primary functions. is there any surprise they made this call?
Since now? It was safe before, as in what is happening now was totally impossible before, and somewhat it happens anyway? Do they started to care about making backups after they lost data?
Risk is not about "something happened, so it may happen again", but if something bad can happen, if it is possible, and maybe weight it as probable or not. Black swans exists, and if you bet everything on that they not, you may lose everything.
And the process of moving government and societies to some controlled by a foreign power cloud takes time to get in, and to get out. And you can't tell that something bad was being done while showing a smiling face.
It is not something coming out of the blue. There was strong signals of intervention back to the start of internet, and a more or less official confirmation of what was happening in the shadow with Snowden's revelations. But somewhat is now when that is perceived as a risk.
The only clear difference between now and even not that long ago is the fair perception that the US has flipped from (probably) "lawful neutral" to "chaotic evil".
Secrets in US cloud were probably never fully safe.. but at least the US wasn't previously on a path to inflict pain on the rest of the world.
the US government was invading and bombing people for decades and the EU did nothing. "chaotic evil" my ass, the only reason they're moving now is because MAGA is threatening them directly via Greenland, or indirectly, by pulling out of NATO and backing Russia.
It has always been unsafe, it is very questionable under the GDPR (though governments are obviously excluded from the GDPR itself), and lots of governments and companies have been using or working on alternatives. But the temptation of of US clouds has been strong, and now is a good time to remember everyone who previously thought the benefits outweighed the risks
One oft forgotten thing is that the US government clouds rated for IL5/6 are secluded on SIPRnet and JWICS. These are totally separate networks with CDS’s being the only way to go from one net to the other.
In practice this means the US Government remains in control of the network backing their cloud. ITAR regulations make it treasonous to have foreign eyes on these clouds. Foreign governments are not afforded any of those protections when sitting on US clouds.
Even among FVEY, there are designations for data relative to member states and information is not as free flowing on JWICS as one might assume. It is more like a controlled stream than a raging river
Its never been a good idea. I do not think non-EU European countries can rely on EU cloud, not can EU countries can necessarily rely on each other.
The only effect the distrust of the current US government will have is a few articles. It expensive and difficult for this to be sufficient incentive to change anything.
We should probably grateful they have not put it all on Chinese clouds.
I work at an large Europe based multi-national and hosting has always been a concern due to the big differences in data protection and privacy rules. We never use a service not hosted in the EEA.
The current threats that the US is making to Europe about it's data protection, privacy, consumer protection, etc... laws is very much of concern and is already beginning to be a factor in our ongoing RFPs and procurement process. We're not just following the law, we also don't trust some companies with our reputation.
A lot of European companies and organisations use services provided by American companies but run on servers in Europe. In the UK the NHS uses AWS, the courts use MS teams, etc.
America is literally allying itself with Russia, trying to turn Ukraine into basically colony (by demanding their resources forever), threatening annexation of Canada (repeatedly). Oh, and in the process of starting a trade war.
Non-EU can trust EU waaay more then anyone except Russia can trust to America. American leadership made it clear that norms, laws or morality are only for suckers.
The levels of behaviors between the sides here are not symmetrical
It's a bit premature to call it an alliance. So far there have only been talks.
> trying to turn Ukraine into basically colony (by demanding their resources forever)
Keep in mind it was Ukraine that proposed the idea of offering their resources back in October 2024[0]
0. https://www.cfr.org/expert-brief/zelenskyys-victory-plan-ukr...
>Keep in mind it was Ukraine that proposed the idea of offering their resources back in October 2024[0]
The general idea, sure. They offered that in return for security guarantees or as collateral for continued military aid.
That is not what is being offered them by this administration. Instead the administration has chosen the mafia shakedown route. American military aid to Ukraine to date amounts to around $100 billion dollars (and we're not talking stacks of cash here but rather the "value" of military hardware, much of which already had an expiration date and was literally designed and built for the Russia-invades-Europe scenario). But Trump is demanding $500 million from Ukraine, and offering zero in return. As of today many concessions have been demanded from Ukraine, but zero concessions have been asked of Russia - much the opposite actually.
It's not zero in return, why would Ukraine agree to that? Where is your source that it was zero in return?
> and we're not talking stacks of cash here but rather the "value" of military hardware, much of which already had an expiration date and was literally designed and built for the Russia-invades-Europe scenario
That's not true at all, US has sent billions of financial aid[0]. Compare that to Europe's aid which was majority in the form of loans, which Europe gets to collect interest on based off of frozen Russian assets.
0. https://www.ukraineoversight.gov/Funding/
>It's not zero in return, why would Ukraine agree to that? Where is your source that it was zero in return?
It is zero in return and that's why Ukraine have not agreed to either of the two versions of the deal.
The vast majority of the aid is not financial aid, it's physical hardware.
> But Trump is demanding $500 million from Ukraine
$500 Billion, right?
EU also demands resources in exchange for military support such as the French+UK-led intervention into Libya. Saying US is an ally of Russia is a pretty big stretch, meanwhile the EU has members that are actually allied with Russia and lots of large Russia-aligned multinationals like Gunvor
To further expand on that, Europe gave aid to Ukraine as a form of a loan with the interest being paid back based off of Russian frozen assets.
I don’t get why you are downvoted.
Every war that the NATO countries somehow miraculously got involved in is an economic war for natural resources and control, and the big EU countries always take their share of the pie.
Ukraine’s resources, one way or another, will be split up between Russia, EU, and the US (or more precisely it will end up in the hands of the oligarchs and “black rocks” of these countries).
You mean the EU's war in Kuwait, Iraq and Afghanistan which resulted in EU companies such as Exxon Mobile getting even richer off of the oil contracts?
Sorry I mean American's wars, not the EU's wars. The EU hasn't really done resource wars since the colonial times.
righhht https://wikileaks.org/clinton-emails/emailid/12900
france is involved in resource conflicts all over subsaharan africa bffr
Iceland was bullied into joining the EFTA purely due to the UK encroaching into their fishing grounds.
Ukraine's resources belong to Ukraine, and will return to Ukraine, as soon as Russia stops their unprovoked and unjustified assault.
I most certainly did not say who Ukraine's resources belong to, I'm saying that I predict that no matter how and when the war ends, I'm afraid the country's resources will be split up between the superpowers. It's not what I want, not what I advocate for, it's just what I foresee happening.
Shouldn’t America’s resources (money, military support, Starlink, etc.) then belong to America?
Of course? How is that even in question. The US promised protection to Ukraine for giving up its nuclear weapons, then freely gave much aid as it was in its mown interests to do so.
What natural resources or economic values was the Kosovo war in 1999 about?
What other incentives than control, resources or economics do wars in general have? Why do you hold the countries you mentioned to higher standards?
Like in serbia with operation "Allied Force"? You can question the official story, but that was not for control over natural resources.
> America is literally allying itself with Russia, trying to turn Ukraine into basically colony (by demanding their resources forever)
It was Ukraine/Zelensky who suggested that first not Trump. It was back in November. But we tend to forget such things for some reason...
From https://www.ft.com/content/623c197f-6952-4229-bfbc-0a96e43d6...
> Two of the ideas were laid out in Volodymyr Zelensky’s “victory plan” with Trump specifically in mind, said people involved in drawing it up. The proposals were later presented to Trump when Ukraine’s president met him in New York in September.
So Trump agreed eventually and then Zelensky started a media storm about how Trump wants take their natural resources and turn them into a colony. And everyone somehow immediately forgot that the proposal originated with Ukranian government.
> The levels of behaviors between the sides here are not symmetrical
It comes from a fundamentally different perceptions of reality and politics. There is idea that things have to be just and fair. And when they are not we like to say "it's not fair" and someone comes and fixes it. I am afraid it just doesn't work like that past the childhood age.
> American leadership made it clear that norms, laws or morality are only for suckers.
When weren't they? You're thinking maybe everyone just finally woke up? Morality and laws do not apply in practice on the international arena. It would be nice if they did, I agree, but they don't currently.
EU should have always had it's own strong army, it should have never trusted the US and not relied on them for protection. But they also shouldn't have been buying energy from Putin and funding his operation for years.
The real problem with the resources deal was the lack of security guarantees.
That was the security guarantee: having the presence of US mining companies there. Honestly, I don't really think US really needs Ukraine's mineral resources. US has plenty of its own to extract. But it was a pretext to invest and increase US presence there.
At some point Ukraine will run out of men. As much as I want to, I don't see US troops deployed to Ukraine, maybe EU can send its troops? Biden said as much at the start of the war, too, and it's still true.
At this point I don't see a Ukrainian victory over Russia and going back to 1992 borders. They will have to give a lot of things up and the longer it waits, the worse its negotiate position will be.
OK. But Ukraine choses to keep figting. Let them decide their fate.
At the start of the war EVERYONE said Russia would take Ukraine in days, and asked Zelenskyy when he wanted to evacuate. Not sure why anything they said back then is worth while to base opinions on today.
> Not sure why anything they said back then is worth while to base opinions on today.
There is still a lot of that hope but it's also a different time. The bravery of of Ukrainians in the initial wave and the counter-offensive as unmatched. The West helped but it didn't help enough. It was always piece-mailing military equipment. With a lot of wait times and a lot of hand wringing. We gave them tanks, but no F16s at the time. We could given them AA weapons earlier and more of it. They also made mistakes, there is a decent amount of corruption, and fumbled on recruiting after those who wanted to fight joined they started sending vans with military dressed people to effectively kidnap men off the streets or their places of employment. That looks bad and make their own people fearful of the military and those men won't be fighting the same way as those who sign up voluntarily.
> OK. But Ukraine choses to keep figting. Let them decide their fate
Their fate was never really just their own after the initial resistance. Without the Western help they couldn't have lasted this long. The West both helped a lot, and not enough at the same time. It's like a friend needing life saving surgery and it costs $10k. We send him $8k. He should be very grateful for such a generous gift, but everyone knows that also won't be enough and he will likely die.
As someone who has (reluctantly) been advocating and pushing our org to move stuff over to Azure, this is going to get interesting as tomorrow I'll start pushing the cart to the other direction. I never wanted to go to the cloud a a goal itself, but wished for a more modern infra to improve processes and security, which we surely now can achieve onprem as well.
Luckily there's always been scepticism and challenges with tightening data security regulations, so maybe people will mostly be relieved if we need to turn around on this.
Anyway, it will surely be an interesting discussion on Monday...
> As someone who has (reluctantly) been advocating and pushing our org to move stuff over to Azure
I get moving off of AWS and GCP. But to Azure? That move doesn't make sense to me at any time that Azure has been a thing. Why have you ever wanted to move things to Azure?
Since practically every government in Europe is a Microsoft "shop", Azure is the first stop when The Cloud is concerned. Unofortunately, often the last one too... Wheels were already moving, I helped rhem gain traction.
So yeah, not my favorite of the whole "not my favorite" cloud migration plan, but the only realistic path forward at the time
I get what you're saying. But often it just takes a voice to speak up to fight against wrongdoing.
What made it the only realistic plan?
Good question! I'll need to think back a few years.
Based on my experience on a couple of govt organizations, the IT departments are very small, compared to the total workforce, and has to deal with decades of legacy. In this environment, any change in direction is considered (way too) carefully - a big ship turns slowly and all that.
Since the team was experienced in dealing with Windows VMs, practically everything else was MS-based and MS offers lucrative bundling, Azure was thought to be the natural continuation on the infra side. One major outsourced software project nailed that trajectory, and due to the small headcount, multicloud was not desireable.
And this is where I jumped in. I'd like to think I was promoting improving our on-prem capabilities until a question of "could we have a reverse proxy so we could access some internal databases from the Internet instead of relying on overnight database copies" hit a steel wall. Having heard murmurings of achieving the same via Azure APIM and ExpressRoute, I clung on, since as an architect I needed that capability for multiple projects.
And after that, it was only natural to take more steps in. Slippery slide and all :p
But as I mentioned, luckily all this has been so slow that reversing is not the end of the world. Unlike some of our sibling organizations who have little to no on-prem capabilities left
That makes sense! Thanks for clarifying
"Azure’s Security Vulnerabilities Are Out of Control" - https://www.lastweekinaws.com/blog/azures_vulnerabilities_ar...
Come to Cloudflare.
I guess "Make America Great" may spawn a big Cloud Industry in Europe. If I was in Europe, I would never use any US Tech products.
Maybe Linux will end up making big inroads in Europe, replacing Windows and MicroSoft Office and Office 365 along with Google Docs.
European companies are so deeply entrenched in American software ecosystem I can’t even. Just this past week my EU company deployed an agentic LLM hosted on Microsoft Azure with models developed by… Microsoft, on top of the existing GPT hosted on the same platform. They also recently moved their entire in-house HR platform to Oracle.
It’s no mistake China banned foreign companies with infinite money from setting up shop there. It is dangerous and expensive in the long run.
But would they still if the EU used tariff like policy to prohibit it? "The best time to plant a tree was 20 years ago, the next best time is now." Make the law, enforce the law, encourage the behavior and outcomes necessary to achieve the success criteria.
As someone with an infra background a lifetime ago, I am confident I could spin up Kubernetes and Deepseek R1 in OVH or Hetzer within a few days. The primitives exist, the EU simply needs to lean into cultivating and supporting them (orgs, platforms, etc) to push EU entities consuming these services away from US Tech. Perhaps the tech stack is a national security interest, just as a manufacturing base and supply chain is. Better to be prepared than to be entrenched in the US Tech ecosystem and then suddenly be held hostage for reasons.
If you look at other countries/regions that impose high tariffs, their companies continue to buy and use American technologies and absorb the cost (to their local customers' detriment).
I'd certainly enjoy the case studies of European enterprises jumping from full-scale Azure and AWS deployments to OVHcloud or Hetzner, though. That'd make for some interesting reading.
But what if they outright ban it, as the US was going to do with TikTok (for national security reasons)? This it the tech services version of Nord Stream.
It's not really workable. The real-world impact of a TikTok ban, even if it outright stopped working on every American device overnight is pretty minimal; people stop watching videos, and some influencers lose their jobs.
If my (Canadian) government decides to ban Azure in a year, my critical infrastructure company ignores it for 11 months because they figure it won't actually happen, and then goes to the government to tell them that if the ban actually goes through, our infrastructure stops working because we'd actually need a multi-year timeframe to migrate off of Azure.
Impossible, even in the current crazy atmosphere. An actual ban would mean an all-out commercial war and a very serious dent in globalization.
We are rapidly approaching that point. Globalization is over.
https://www.youtube.com/watch?v=O5_4DvPO-7w
https://www.cnbc.com/2025/02/20/airbus-could-prioritise-non-...
Tariffs don’t really work for software, especially if the software provider holds lots of foreign government contracts, and you assume the foreign government and provider are colluding to get control over your systems.
Hosting Deepseek R1 is not the problem. It's just not great in a lot of use cases.
Everyone knows spinning things up is a piece of piss. It's the on-going maintenance and economies of scale that aren't. Not to mention migration, compliance, etc
The EU’s problem is that it doesn’t foster company growth on any level and doesn’t help with problems specific to the EU (e.g. multiple languages, differing laws, varying levels of unionization, and more).
Blaming Trump for their own well-known problems is silly. They were dependent on the US before him and they will continue to be dependent on the US after him until they look in the mirror and decide to fix what is broken.
Hosting LLMs at scale without Azure/Bedrock is still a massive pain, and they offer EU based data sovereignty, so not clear what the problem is there (or are we now saying no doing business with US companies at all?)
If Microsoft is providing EU data sovereignty, then they’re either in violation of US law (the US CLOUD Act, specifically) or do not have the technical capability to access data on those servers. (So, for instance, the machines could be air gapped, or they could be configured to never honor MS credentials, including on the software update path).
In practice, this means no US cloud providers provide foreign data sovereignty (though many claim to).
The CLOUD Act is incompatible with basic data protection rights.
As long as whatever sham of a data protection agency was nominally functional in the US european elites could convince themselves that it was legal to transfer personal data to some US corporations, but now that agency is defunct.
But yeah, it's a bad idea to do business with empires. Sooner or later they turn to bullying and extortion.
The EU doesn't have a significant tech industry.
It doesn’t have megacorps. It’s full of engineers working for US ones.
As a UK based engineer, I wish. I cannot for the life of me even get an interview, maybe first level HR interview for US companies. Meanwhile when applying for UK jobs, no problem.
Don't know what it is. Am I not fake enough? Not forcing fake smiles and excluding obnoxious positivity constantly? Not ego stroking the interviewer? Am I doomed to, in comparison to US, poverty wages?
Absolutely infuriating.
I'm not sure if you've misunderstood, so apologies if this is old news. US companies may have teams of engineers in various other countries. But they almost always pay local market rate. In much the same way US companies will pay teams in India their local market rate (which is less again).
My last company paid 2-2.5x a UK salary for a US engineer. Perhaps the ratio for a company like Meta is closer, but I doubt it's equal. For startups you may find random roles that have equal pay globally, but they're relatively uncommon.
Pythonblendervim? Ah sorry thats just the netherlands
That's not an "industry". "Industry" is something you can list on a stock exchange or lobby in a parliament.
Oh, you mean like Spotify? Or those thousands of Mittelstand companies across Europe that Americans don't know about but are actually used in Europe?
But the argument of the parent might be that a very active open source community based in Europe points towards a big potential of experienced developers working at their mid sized companies in the shadow of American big tech. Once big tech is gone...
[dead]
Europe has done this before. Airbus did not exist but now it is the best aircraft maker since Boeing decided to retire all their senior engineers in favor of quick profits. Europe created Airbus, they can do the same with a new Cloud provider.
Don't forget Boeing moved their headquarters and leadership to DC. Making the widgets is just the inconvenient part management doesn't really care about/need to be involved with, the focus worthy part of their business is government extraction in Boeing corporate's minds. Our corporate class is such short sigted trash.
This presumes that today’s Europe is comparable to the one ca. 60 years ago: https://en.m.wikipedia.org/wiki/History_of_Airbus#1970%E2%80...
(I’m not disputing the chances, just the logic of the analogy with Airbus.)
Evroc in Sweden is trying to do this.
They can do even better. I don't know how much I can say but there is an EU funded alternative in the works.
The EU hasn't even got a home-built social network with significant market reach, let alone the wherewithal to pull off ditching Microsoft and Google. It'd be nice to see that change, but there's surely some sort of blocker after 25 years of the Web being a mainstream technology.
The used to exist (e.g. Hyves, StudiVZ), but they are murdered by FAANG. However, there are still locally successful companies that could expand to the rest of Europe if US companies were dropped. E.g. just speaking of The Netherlands, Bol.com is much more popular than Amazon, Marktplaats is more popular than eBay (which is pretty much non-existent here) and owned by a Nordic company, etc., iDEAL is much more popular for payments than PayPal, Stripe, etc. (and works far better). Such companies can fill the void.
Microsoft will be tough to replace. There are good alternatives, but retraining personnel, etc. will take years. Google, I am not sure. Their cloud services are replaceable. Search may be tougher, but the quality of Google Search has become so bad that it's often easier to ask an LLM.
Takeaway (thuisbezorgd) and Zalando are some pretty large players in the EU markets. Spotify of course.
Booking.com. Adyen. ASML. Messagebird. TomTom. To name a few from a tiny speck of land in Europe. It's not like we lack capabilities.
Is Marktplaats not bought out by eBay?
See also: https://mergr.com/transaction/ebay-acquires-marktplaats-bv
eBay sold Marktplaats in 2015: https://nl.m.wikipedia.org/wiki/Marktplaats.nl
Tuenti?
Tuenti was huge in Spain.
With social networks or any EU startup problem is you have to deal with different languages right at the start.
Being US startup with English only you have access to 300m people right away.
There were country specific social networks but then all cool kids were on FB so everyone moved there.
The same with LinkedIn, our country specific business social network closed down finally last year. First 3-5 years it was growing then everyone moved to LinkedIn so that network was ghost town for 15 years someone kept it alive just in case but seems like they stopped wasting money.
I think the language problem will become less of a problem in the future due to (1) more (young) people living in citys and (2) all young people in cities speaking english. At least compared to previous generations imo. This could be my subjective view based on luxembourg, netherlands, and visiting other european cities.
Don't overestimate "young people speaking english" especially with current demography you still need to tap ones that are excluded from English as there will be much more of those.
I do see opportunities with LLMs as making all kind of platforms language agnostic - you should be able to write your own language and read your own language even if other person is from different country using different language.
Network effect is also hugely important.
Maybe so called social network is not something to reproduce. Who cares who runs them if they deteriorate sociality, generate addictive consumption of things detrimental to mental health and favor extremists point of view?
And that's why we need to stop being dependent on the US: everything in there is described in terms of « market share », and not in terms of usefulness, ethics, or independence.
Mastodon is German:
https://joinmastodon.org/about
(So is SAP, for that matter.)
There is an active effort currently to have the EU contribute towards funding https://freeourfeeds.com/ (to enable a distributed, global AT Proto network). Does the EU need the network to be home grown or have the valuation matter? I argue no, it is a utility, not a business to be captured and squeezed by investors or other potential controlling interests.
(as of this comment, Bluesky has ~32M users and counting)
They can fork phpbb. You didn’t really think these social networks are anything more than that?
We just need to see if phpbb can scale to a billion, and if not, why not.
Well, I'm all for the return of the classic forum experience!
The UK's largest "social" sites are pretty much forums (e.g. Mumsnet, The Student Room, DigitalSpy, MoneySavingExpert) and while they're good for their respective topics, they don't cover the Reddit/Facebook/Instagram use cases (they could be arguably considered on a par with individual sub-reddits).
Well, I'm all for the return of the classic forum experience!
If you make each individual bulletin board receive broadcasts from a central server, then you get the network effects of Facebook and Reddit. Individual boards can just sub to the central server keeping them connected to the hivemind or not. Your community can remain isolated or throttled (only 30% of global updates get through). We do this manually here, where not all global posts get through (you'd be hard pressed to push a Reddit post to the top here). It's the simplest way to federate using existing technology.
This model is already at play. X, Bluesky, Reddit, Truth Social, and Rumble are basically heavily funded private message boards with a large mindshare subscriber base.
Taking our message boards back is proving to be difficult, especially because trying to move the userbase off of it is the same as trying to move people off drugs.
> If you make each individual bulletin board receive broadcasts from a central server
Your're doing this with phpBB? Doesn't happen to be open-source somewhere?
Would be interesting to have a look, I think I a bit like this opt-in partial federation / hivemind. Would be even more interesting if it was possible to sync comments between such forums.
**
Developing forum software myself, Talkyard. Based in Europe (Sweden).
Started thinking even more about using some European cloud, as an option. There's a Swedish hosting provider that looks interesting (I think)
sync comments
I guess you could do syncing kind of like how CCing email is done. CC my home server and global server. This gives you agency to remain detached from the hivemind, and vice versa. This is not some idea out of left field, it's roughly my workflow between Reddit or HN or other sites. I manually do the filtering in my mind when I move through different channels.
Phpbb is open source, but I mostly brought it up to show that Facebook is just that, and nothing more. Forking Reddit will also give you a Facebook clone (and a Reddit clone).
I was wondering if you're using a phpBB extension you've built yourself, and if it's on GitHub or somewhere (the extension), or ... It's not a built-in feature?
Websearched for "phpBB federation" and "phpbb subscribe rss broadcasts", found this:
"Feed post bot: This extension enables you to read any RSS, ATOM or RDF feed. It looks for new items every half hour and post them to a specified forum." https://www.phpbb.com/community/viewtopic.php?f=456&t=241159...
Intering way to use RSS
It doesn’t exist. I was contemplating how to connect all existing message boards together via a central server(s), mimicking Reddit and FB news flow.
https://matrix.org/ is partly funded by French government.
> We just need to see if phpbb can scale to a billion
No need for that, we are just half a billion in Europe.
Too many trade barriers, stifling rules and general hostility to growing tech companies for the EU to compete with US companies, and only looks to get more restrictive. I’d bet against the EU pulling it off unless there’s a big coordinated realignment of priorities.
PeerTube is made in France, Mastodon AFAIK in Germany.
So we're about to finally get the year of Linux on the desktop?
Almost every EU company I worked with, migrated from Windows to Ubuntu at some point.
I've worked with many and it was always Windows, with some use of MacBooks in recent years. Never once seen Linux desktops.
More like "Year of the EU computing independence" this time, totally for real guys!
It's been one year away for 30 years!
Not just cloud but military and many other things.
I think MAGA is good for Europe, there’s a big incentive to remove any kind of US dependency.
> I guess "Make America Great" may spawn a big Cloud Industry in Europe.
Have you tried using OVH? It's... not ready for prime time. Don't get me wrong, I love it for cheap EU servers, but man is it a pain in the ass to deal with.
There is already a decent cloud industry in Europe. OVH has been around for decades, and many companies in North America even use them because they are often a bit cheaper. But you also have newer players like Scaleway and CDNs like Bunney.net that are growing fast.
I think the harder services to replace are things like Github and O365/Google Workplace.
"Cloud" is not boxes like OVH and Hetzner sell. Cloud is a gigantic software layer offering all kinds of features and abstractions.
I think it'd be faster and cheaper to replicate GitHub or even Office, which are complex but fairly feature-stable, than to offer a real cloud competitor with a fraction of the services that Amazon, Microsoft or Google offer in their cloud portfolios.
I heard an interesting thought on the Lex Friedman podcast though. If software engineering really becomes cheaper and more readily available thanks to AI, maybe more companies will start building more of their own services. Then, maybe then, will the European enterprise be able to wean itself off from the big cloud vendors.
How does Scaleway measure up these days?
Are there good resources for comparing clouds with sovereignty in mind?
Are OVH decent? I'm not entirely sure that they're even passable and what other options would you have in Europe?
https://www.theregister.com/2021/03/10/ovh/
Not only cloud, but the entire defense industry that was hibernating for the past 70 years, for you know good reasons.
All of these nice F35s made in USA, will soon have no buyers except the USA itself.
Germany pretty much only ordered the F-35 to carry US nuclear weapons because their current platform (Tornado) is getting retired. They didn't want to hand over Typhoon schematics to retrofit it. They pretty much only had the choice between F18s or F35s.
You know, if we were really adversarial, it would be really really wise to reconsider allowing German planes, whether home built or bought from the US, "loaner" nuclear weapons to carry into battle.
What? At least read a wiki article before commenting because it looks like you have no idea about the extended nuclear umbrella and how it works.
The F-35 is an extremely compelling and competitive product, with some unique forward-looking capabilities that are difficult to replicate. It was also built for export, both technically and politically, so many of the foreign buyers are more invested in it than they may otherwise be.
It is this generation's F-16, many thousands will be built and sold.
My country bought the F-35 for the sole purpose of being a deterrent to a future Russian invasion. Now that the US and Russia are allies, how can we trust that those planes will receive spare parts and other support during a conflict?
I think European alternatives for F35 are obviously needed.
Not if the US becomes more and more adversarial, especially if they jeopardize NATO. The current administration already acts almost like an enemy of Europe, it's quite baffling. Politicians have to justify military expenses to the voters.
But will the US renege on the supply of spare parts?
Will it tear up existing deals and say 'accept the new terms or your planes won't fly'?
Many of the physical parts are manufactured in Europe under license. I've never heard of this as a major concern.
The main point of conflict is that the US holds the source code for the advanced software systems very closely, no partner country has access. A lot of the differentiated and exotic capabilities of the F-35 that make it attractive to other countries are in the software, everyone recognizes this. There are many algorithms and techniques that rely on classified computer science to deliver qualitative advantages. Even if other countries could replicate the hardware, without replicating the software anything they built would be a pale shadow of the F-35 in terms of capability, which makes alternative hardware much less compelling.
The US knows all the leverage is in the software, so that is the part they strictly control. It is yet another case of the software eating the world, military systems edition.
I wonder how hard it would be to reverse engineer it, if it really came to that.
The US has a bunch of (classified) tech to make reverse engineering unusually difficult. It is also several million lines of complex code. Different countries have different builds of the software, with some features missing, degraded, or disabled. There are also regular capability upgrades with new software versions; the production versions of some software features are roadmap items still under development.
I suspect that by the time anyone was able to successfully reverse engineer it, it would be semi-obsolete, which limits the value in doing so. Playing catch-up requires taking a lot of aggressive R&D risks that European governments have traditionally been very uncomfortable with or which take far too long to execute.
Might be a good idea to spend a couple of million by setting up a small office of 10 people to work on it in the coming years.
That's interesting. I'd have assume the secret sauces were in the radar and targeting systems.
Maybe the source code also contains a secret kill switch? I'd definitely put one in if I was selling fighter planes to 3rd parties. Alliances can switch overnight, as we're seeing right now.
IIRC the French refused to give the UK the means to disable Argentina's Exocets during the Falklands War.
They would lose access to lots of tech for example top radar tech which is designed (and I think built) in Europe as well as lithography machines. We'll sell the latter to China instead of the US if they try to play those games.
Not sure how valuable is the hand that Trump has.
Why today would one spend $100M on 1 equipment unit when you can pump instead $100M and get 10M unstoppable drones?
$100M/10M drones = $10 per drone.
What drones are you going to get for $10 each (now or in the future)? How are they “unstoppable”? How are you going to deploy millions of $10 drones on the battlefield without tons of $100M platforms that can survive AA defenses long enough to get to the engagement? How much range do you think $10 of batteries even gets you?
I can today assemble a drone from parts from Alipay and program the firmware in an esp32 for ~ 20$. I am not kidding, Google it.
That is without me manufacturing any of the components. If one had a nation state backing I am confident it can be done for a fraction of it.
They are unstoppable because if you have a tank and there is a swarm of 500 of them what do you aim? One of them will find the opening to drop the grenade on your tanks weak spot. These are all single use kamikaze drones.
Same for battery range. Europe is preparing for a defensive war on their land. Even 10 miles of ranges should suffice. You can always deploy them from a mothership.
You’re massively underestimating what it takes to get from an esp32 hobbyist drone to a weaponized drone with 10 mile range and an actual explosive payload capable of taking out armor (in any number). Or the sensor package it would take to make them useful against personnel. Let alone deploying ten million of them in a real war.
And you’re entirely ignoring the very real problem of the mothership which has to survive to get within ten miles of the battlefield, unless you’re planning on releasing them from box trucks which means their range will either be useless or they’ll get taken out by bigger, more expensive loitering drones the second they’re spotted. War is antagonistic co-evolution in its purest form, these naive solutions dont last very long which is why our weapons cost so much (for everyone, not just the west).
When you spread the risk across 10M units you are better off compared to placing all of your bets in one super fancy unit. Remember in the Ukrainian war, Russia took out most of the Ukrainian planes in their hangars, before even they took off.
I totally agree with you that drone swarms is not a silver bullet, and likely some effective adversarial strategy will be developed(jamming, attacking motherships etc), but the point is that airplanes are not as important as they were in the past. Ukraine is still standing with no real air presence.
That is very optimistic.
Given that for today's election here in Germany actual problems barely played a role. Not just that, over the last two decades very little was done. For example, we have skyrocketing rents due to a general lack of housing, which leads to all kinds of problems apart from affordability. For example worker mobility. Who dares to move to another job and city when it's so hard to find a flat?
That's par for the course for almost all big problems.
I think the probability is high that the new German government is going to try to sit this one out. After all, they survived Trump the last time, and it's only four years, right? Worse, they would have to do many things that will be very unpopular with one or the other interest group.
Unless somebody puts a gun to the heads of all those in government they will procrastinate rather than make any big changes.
I see little chance that they will cancel the order for US military hardware. They might actually buy a lot more, to appease Trump. After all, not getting the F-35 would have repercussions for the nuclear sharing agreement with the US. They need the F-35 to have a certified platform for nuclear bombs they are supposed to get from the US, stored in Germany for that purpose.
That would mean they would need a European approach to nuclear weapon sharing and weapons. The German government regularly has trouble even just to work together with only France, due to wildly different philosophies and interests.
Europe is far too divided, and the German government sees its role in doing as little as possible when it comes to radical change.
I think part of it is that the leadership of all our big parties mostly consists of politicians whose whole life is just that. They don't have anything else. Even if they get a job at a company it's for their political connections. They won't risk this, and they barely have any strong opinions! They look at polls and change what they stand for accordingly and easily. I'm not saying this to sound mean, I think that this is a mostly accurate description.
Opposing the US would take spine! It's a lot of trouble and uncertainty. They will try to avoid that if at all possible.
----------
By the way, it's not just F-35. Germany also ordered the Israeli-American Arrow 3 long-range missile defense system, sixty CH-47 Chinook, and 380 other contracts worth 23 billion just from the "Sondervermögen" (special fund) of 100 billion. Surely that will just become more, given that Germany continues to need to purchase things like Patriot missiles.
The strategy was - to the chagrin of the French if I understood the news articles written at the time right - to rather buy something proven and quickly available from the Americans rather than start a lengthy inter-European development process.
> I guess "Make America Great" may spawn a big Cloud Industry in Europe.
Unlikely.
I've worked at an american cloud provider and (in another job) i've worked with an european cloud provider (in this context, when I say "worked with" I mean i was in contact with the people actually managing the hardware as well as the software that serves the "cloud").
It's just a completely different mindset, and I don't see that changing any time soon.
The main issue i see is that european cloud providers mostly have technically-ignorant upper management for which providing a cloud offering essentially boils down to "buy this software component from company xyz (likely an american company) and install this open source product abc, then slap a cloud marketing name and unleash the salespeople". They can't even contemplate the idea hiring somebody with FAANG-level skills, paying it FAANG-level money and let it do FAANG-level work. They hire a few underpaid 20-somethings and have them manage, at best, an OpenStack installation.
I kid you not: in late 2021 i was in a meeting with (among the others) the head of cloud engineering of one such companies and asked when are they planning on offering ipv6 connectivity. The guy had a loud laugh and said they had no plans to even consider ipv6 connectivity. And that was at a company that does both "cloud" computing infrastructure and connectivity (!!!). That's the mindset.
I don't see europe building a realistic alternative to american cloud providers, and the core issue is not technical.
> The main issue i see is that european cloud providers mostly have technically-ignorant upper management for which providing a cloud offering essentially boils down to "buy this software component from company xyz (likely an american company) and install this open source product abc, then slap a cloud marketing name and unleash the salespeople". They can't even contemplate the idea hiring somebody with FAANG-level skills, paying it FAANG-level money and let it do FAANG-level work. They hire a few underpaid 20-somethings and have them manage, at best, an OpenStack installation.
Thank you! As a german that saw how the sauce is made in public sector tenders it's exactly this!
This is not restricted to hosting / cloud sector. It's a good summary for most german IT companies.
Arrogance and incompetence are rampant. Programmers and their managers need to go en masse to have some substantial change.
Everyone is so full of themselves and disconnected from reality it's scary.
>I don't see europe building a realistic alternative to american cloud providers, and the core issue is not technical.
The brain drain ultimately takes it toll. The most capable people from europe ( and every where else), move to US , be they engineers, management, entrepreneurs etc.
> The brain drain ultimately takes it toll. The most capable people from europe ( and every where else), move to US , be they engineers, management, entrepreneurs etc.
And they are going to stay there once the megalomaniac in chief and his South African oligarch have gone with their wrecking ball through the very fabric of the US society and economy?
Ipv6 wasn't rally viable in a box until like last year.
My local European ISP provided me /64 IPv6 addresses since at least 2020 and had so called sticky IPv4 addresses since at last 1999. They were sticky because they did not change for years if the box was connected within 15 min.
This was possible because motivated individuals held technical positions in the ISP while the management has been totally incompetent and was later jugged outright corrupt.
Because of corrupt management and public scandals, my ISP has been sold to Orange. I am afraid this will end the 25 years of technical excellence as well.
I wrote AWS but got autocorrected...
"AWS Services That Do Not Support IPv6" - https://github.com/DuckbillGroup/aws-ipv6-gaps
That’s two years out of date and the AWS announcements page is filled with IPv6 announcements.
IPv6 is the new ISDN. I Still Don't Need it.
Lot's of No here: https://docs.aws.amazon.com/vpc/latest/userguide/aws-ipv6-su...
congratulations on missing the point.
the real point is not ipv6 (or this or that specific service). the point is the attitude.
anybody in this subthread bikeshedding what aws service supports what version of the ip protocol has missed the point and would probably fail a text comprehension test.
Nobody missed the point. The examples of AWS after 15 years still being dragged into full IPv6, is to show the lack of support for IPv6, is not the lack of technical awareness that is trying to be demonstrated.
Depending on the context, and granted, lacking some of the subtle details missing in the interaction described, might actually show real experience in the field.
"Why No IPv6?": https://news.ycombinator.com/item?id=40039154
Ok, that's one datapoint. Another datapoint says that Linux originated in Europe.
These datapoints don't contradict each other.
> Another datapoint says that Linux originated in Europe.
Linus moved to the US and since 2010 is an american citizen, according to https://en.wikipedia.org/wiki/Linus_Torvalds#Personal_life
Thank you for backing up my argument, I guess?
Great, now pull up a geo-map of originated commits per country....
They also move too slowly, so they fall further and further behind each year.
For example, Hetzner has great potential, but they’re only just now releasing object storage after 4 years in the cloud space, and they don’t even have managed database yet.
"4 years in the cloud space"
Hetzner has existed for a really long time, I'm not even sure what "cloud" means in your context.
Object storage and VMs is what made AWS "cloud" 15 years ago, so by that definition Hetzner only just became a cloud provider.
I mean since they started marketing themselves as a cloud vendor and selling cloud instances, instead of just a dedicated server vendor.
"cloud instances"; like a VPS?
Yes, they are VPSs
But the more important point was that they started branding themselves as a cloud vendor 4 years ago, and investing in new offerings around that pitch, but it’s taking them far too long to release basic parts of the offering, and they’re falling behind.
And they certainly didn't develop the software themselves either.
Definitely is, it triggered us at Molnett, Clever Cloud, Safespring and others to start believing in competing with the hyperscalers!
A new term seen recently: "The MAGA cloud companies": Microsoft, Apple, Google, Amazon.
Why Apple? Oracle would probably fit better with others. Or even IBM.
> Why Apple?
https://appleinsider.com/articles/25/01/20/tim-cook-joins-bi...
> Why not Oracle or even IBM.
a) They're not as prominent as the 4 mentioned
b) as an acronym, "MAGAFIO" doesn't have the same punch to it. It's cluttered. We get the idea that the 2nd tier tech oligarchs are on board anyway.
Except, MAGA hate all those companies. They view them as non-ideologically diverse breeding grounds for progressives.
That was true for Trump 1. This time round, things appear to have changed. The CEOs of these companies sitting front-row at the inauguration is the most visible sign of their newfound mutual love. MAGA have found out these companies will just bend to their ideological will in the interest of shareholder value and it shows.
Not just for Trump 1. It was true right up until January 1 of this year. Their "conversion" just started and it remains to be seen whether there is any depth to it or it's a publicity stunt to avoid Trump's ire over the next 4 years.
Maybe in future, but for now these companies are not liked in MAGA-land, and simply attending the inauguration of a president hasn’t really changed anything.
It may not have changed how the rank and file see them, but that's not who they are currying favor with.
It has demonstrated those companies willingness to comply. I don't agree that "it hasn't changed anything".
Three of them (AGA) had tech bosses at prime seats at the inauguration. MAGA might hate them, but the Musk, Thiel, etc. crowd that seem to be in control of the While House are big tech. MAGA was only for the MAGA electorate to get into power. Sadly poor/angry voters will happily vote against their own interests if you can make them hate (immigrants, liberals, DEI, woke, whatever does the job).
Microsoft did issue congratulations: https://www.linkedin.com/posts/satyanadella_congratulations-...
On the one hand, this is a bland, press-release congratulations letter that could apply to any new president.
On the other hand, it signals "business as usual".
MAGA hates basically everything modern. What matters is if those companies bend the knee. And in 2025 they do.
I am all for more European development. It seems like the EU makes it harder to build anything-- from what I've read I should say.
I get your point. It’s almost impossible at the stage we are at right now.
But what’s the alternative?
There’s not a great alternative in the next few months, perhaps not in the next few years, but in the longer term European countries should take this as a critical warning. Failing to cultivate a domestic software industry in 2025 is like failing to cultivate a domestic manufacturing industry in 1825.
Russia can do that, so can Europe.
Russia struggles as well. habr.ru is full of stories about rebranded western software and hardware sold at exorbitant prices with fake certificate of local produce )
Rebranded western software?
Some open source projects are rebranded as Russian with minimal changes, that happens, yes, but that's the result of gaming the system that incentivizes development of Russian software, not the result of sanctions.
Russian replacements of Office 365 and Google Docs seem to be doing well.
As for hardware, the EU is not yet under American sanctions.
On the other hand, many of us in Europe still have the memories (or our parents tales) of our governments spying on everything we say and do. With all the chilling consequences.
Half a century of communist rule showed us not to trust our governments.
Every now and then, the Brussels bureaucrats show us how much do they value our privacy and electronic safety.
The US govt would never do that.
Europe is already pretty experienced in increasing their costs of doing business to avoid any sort of risk already so I’m sure they’ll figure something out.
That's the problem with adversarial competition instead of collaboration. It becomes a self-fulfilling prophecy. When you think the other entity is a shark, then your going to start acting like a shark too in order to protect yourself.
I think the impact is going to be far greater than that.
I have seen, at least here in the UK, some people speaking about moving entirely back to hardware that is controlled by the organisation. The case is there on a cost basis already but people are reluctant to admit this. If another magical guarantee expires such as a security one, then the reason can be shifted to that and the cost justification is collateral.
Getting out of PaaS systems is going to be horrible and expensive though. We never should have gone further than IaaS.
I suspect the idea of the cloud as it stands today may die fairly quickly.
I thought you were being serious til I read your last paragraph. Well done
The law about EU data having to be on the servers located in EU already exists.
Yup you already can specifically sequester your data to Microsoft's or Amazon's EU-only servers, and even smaller companies like 1Password offer to store your data on 1password.eu instead of 1password.com.
However there can be weirdness sometimes. I vaguely remember a case where Microsoft had to hand over EU data to a US law enforcement agency due to a court order, but giving that data would violate Irish law. I know there's a new variant of the EU-US Privacy Shield, but with the current US administration that could get ignored very easily.
Which raises the question: can for example Microsoft-the-US-entity in de jure sense cleave off Microsoft-the-EU-entity whilst still maintaining de facto connection between the two? If not, there are definitely big opportunities abound.
That's not the way.
What Microsoft might end up doing is following the China model, essentially giving control over their EU servers (probably only those in a special region) to an EU company, while still supplying the software and taking a (very large) cut of the profits.
https://www.s3ns.io/en
This is Google + Thales doing the 3rd party operator model, with the operator being a subsidiary of Thales and not Google.
(NB: I work for Google in the EU.)
Data residency is not data sovereignty.
You clearly did not read the original post. It says that
1. US companies hosting EU data on EU servers are more vulnerable to US Govt demand, not less.
2. US-EU Privacy Shield does not exist anymore.
I just don't know how this makes any meaningful difference towards the threat model of the US gov't becoming compromised if a US company still controls said servers and the CLOUD Act allows the US gov't to freely subpoena the contents of those servers. The companies involved will still do what the US says because they are forced to.
Like, the conversation will go, "Get us this data"; "EU law says we're not allowed to"; "We don't care, do it or we shut you down."
The EU courts agree with you:
https://nextcloud.com/blog/eu-court-withdraw-personal-data-o...
Any cloud provider that operates in the US and claims to offer data sovereignty is lying.
Doesn‘t matter thanks to the CloudAct.
Isn't that what Russia already does?
> If I was in Europe, I would never use any US Tech products.
Could you possibly name any specific riscs?
Some specific RISCs: RISC-V, MIPS, ARM, POWER, PowerPC.
Some others: SPARC and SuperH.
Trump.
Not just Trump but any potential future administration. We’re no longer reliable partners who can keep continuity of our bureaucracy and foreign policy going for longer than four years without a geopolitical seizure.
As intended. European independence and sovereignty would be a great outcome from all this.
[flagged]
Where are they going to get their power?
Russian gas? Suddenly build nuclear?
Who are “they”? Several European countries have nuclear power (together with some other source as well of course) and are planning to build more. It will probably take a long time though.
Don't they still have North Sea oil?
They also have a strong windmill industry.
Maybe of the "liberal" Europeans techies are commenting on this American website and complaining about how bad America is, apparently with no self-awareness and how European governments and not only should boycott American stuff. The same goes for commenting the same thing on American website Reddit.
Linux will gain traction as soon as people have difficultly figuring out how to open a terminal window - by design. The main problem with linux, or specifically linux distros, is that they are designed and maintained by people who like using linux, which eternally damns it to ~5% market penetration.
I'm in the process of moving my various google data onto Hetzner storage share[1]. It's a Nextcloud instance with 5TB of storage for $16/month. My wife and I each have a normal user, we can share stuff just as well as before, and we can install things like a simple Kanban app, sync to our Android phones, etc etc.
So far it's been great, I highly recommend it.
[1] https://www.hetzner.com/storage/storage-share/
I have been banned from Hetzner multiple times now and believe me, nothing I was doing is even strange, let alone worthy of bans. I don't think an EU cloud can ever be trusted.
It's only an option, if you trust hetzner, since there no encryption whatsoever, it's just a managed nextcloud instance.
Regardless of any cloud:
I hope you have a proper backup strategy
Multiple local copies, a cloud copy, and an archive copy on a different provider.
Store a local copy offsite with a friends or relative you visit regularly(encrypted). One fire and all your local copies gone otherwise.
"Now that we know how you did it, we will raid you and get it. And we will use the $5 wrench to get the passwords from you" :)
Interesting that I got down voted for this
The main problem to my mind is that we have none. OVH are perhaps the only semi serious option and that's super depressing.
As someone who been using US clouds for over 10 years now, I was looking in the state of EU clouds recently.
It's like going back in time 15 years.
OVH co-mingling postgres customers on the same underlying server with no noisy-neighbour protections! AWS RDS is obsolete tech these days and they can't even match that!
Yes, I know. I wouldn't really want to use OVH for anything besides bare metal, same for hetzner (even then, they're not great at it).
The only good providers I'd use again are London based.
Did you check Scaleway as well?
OVH, who burned down a data center because it didn’t have fire suppression. Never forget.
Using Scaleway. It's great. Lots of open source stacks too.
If you just need compute, Hetzner is pretty good too. But recently they have been having capacity problems. Most server types are sold out.
I wonder why )
US is an unreliable partner. EU needs to work on decoupling from it ASAP in every domain.
https://european-alternatives.eu/alternatives-to
Yeah, this just seems like a great opportunity for a European startup scene. Even though plenty of bad things happened under Joe Biden - the relationship with the US was fine. Every morning you wake up to see crazy stuff Trump said and that really plants a seed.
There are obviously strong emotions on both sides regarding the actions of the first few weeks of the Trump administration. Whether you believe the goals are worthy or not, one must acknowledge that the manner in which all of this is being done is deeply disturbing.
Trump will be gone in a few years, one way or the other. However, the foundations that are being poured for legitimizing a strongman, authoritarian role for the executive and almost eliminating the role of the other two branches is deeply dangerous.
If you believe the goals are worthy enough that the ends justify the means, think of the worst president ever(in your opinion) and consider whether you'd want them to have the same power? Because politicians never let power go willingly. They will certainly point to Trump's precedent as a means of legitimizing their actions.
My fervent hope is that our institutions are strong enough to weather this assault and that enough people make it clear to the administration that there are lines they are not willing to cross. Whether that happens remains to be seen.
I just see this as an experiment to see if the system can survive without the bloat. If we need the bloat, the next person can just put it all back in. It's only 4 years.
That’s like saying your car’s airbags and turn signals are bloat because you’ve never used them. It will already take more than 4 years to repair the immediate damage by firing so many people: in addition to the lost institutional knowledge, consider how much more you have to pay them to come back after proving to be an unreliable employer. If a scientist goes to Europe, they’re not lightly moving to the United States in a couple of years.
Some of the long-term consequences are permanent: everyone in Europe unambiguously knows that the post-war dynamic is gone, and if they invest in their own alternatives they won’t want to throw away that investment. As an example, allies who bought F-35s are wondering if they should’ve followed the French path now that they’re faced with the prospect of being on the other side from America. If they decide to move to European control of key infrastructure, they’re not moving back for at least a generation.
That has been obvious since 2013 at least.
I've been looking at this a lot, for ourselves (multitenant saas app running on gcp) and for our customers, who are starting to be curious about something between fully self-managed (too costly) and centralized/multi-tenant/american cloud.
One thing that strikes me is the relationship with architecture. A monolithic, vertically scaled app can run ANYWHERE where I can rent a VM, whether in Norway with Upcloud or on a VPS in Kenya. It's only when you start stitching together managed DBs with autoscaled instance pools etc that vendor lock in begins.
All of these nice toys make our service highly available. But while the overall risk is lower, it is far more correlated between customers. If our service would go down because of a political event, it would go down for all our customers at once.
What about a control plane that manages a fleet of per-customer VMs across an array of cloud providers? Has anyone ever tried this?
That ship has sailed with technology in general.
Sure, it isn't safe for EU governments to store data on US clouds.
It also isn't safe for US governments to rely on chips made in Taiwan that China could invade. Or for TikTok to be a primary media source in the US.
The fact is, we're an economically interconnected world at this point, in terms of software, in terms of hardware, and in terms of hardware supply chains.
And it's hard to see it going backwards. Economic efficiency is a powerful force. It often seems like the solution has to be to try to implement as many safeguards as possible, rather than cut off sources of technology. But I don't know... it's an incredibly difficult question.
There’s an old civics aphorism: if goods don’t cross borders, then armies will.
Giving all your data to foreign states though may be a bridge too far. That’s not the same as buying cars or Swedish Fish.
> Giving all your data to foreign states though may be a bridge too far.
Does it really matter?
If large Western countries want to spy on each other, there are so many ways via so many devices.
That's why I'm talking about safeguards -- why not just focus on ensuring everything is encrypted in rest and in transit, so you can use anybody's cloud anywhere?
Supply lines. You offer political asylum to someone I don’t like I can shut your entire federal government down to get him.
That's an act of war.
Fortunately, going multi-cloud is a thing. Storing data with multiple providers in multiple countries. Lots of companies which specialize in multi-cloud solutions.
Again, like I said -- safeguards.
Gonna be a very short war.
And if you're dumb enough to put your government clouds in enemy countries, then you deserve it.
But we're not talking about enemy countries here, now are we? Or are you actually under the impression that we're talking about hosting data in Iran and North Korea...?
I don't know if you've been watching politics for the last 4 months...
I don't know if you understand the concept of military enemy and how it differs from countries that are simply cooperating less...
I recently got a message on LinkedIn from an AWS headhunter for: "Position for European Sovereign Cloud".
So I assume most of the mentioned issues will be irrelevant soon™. Because a) the convenience, b) lack of actual competitors.
The Cloud Act means that product offering is either violating US law or snake oil.
It is a rarity to see any organization that self hosts email or uses a domestic provider any more. It is all foreign controlled now (specifically Microsoft). It should be examined by regulators everywhere both as a monopoly and a sovereign threat. The move to US services started long before the current political situation and will still be a threat to sovereignty long after the current US exec is gone. The frustrating thing is email services like many cloud services are highly substitutable and can easily be built on open source infrastructure.
I have interviewed Turkish people that did not have Cloud experience as their large companies (e.g. banks) were not allowed to use US cloud services. Seems like that was wise now.
In addition to Cloud, there is one more thing: Mobile. Banks. Parking lots. Shops. Europe should invest in a Linux phone OS with NFC and unified push notifications.
Yeah. Progressive web apps are a great way to hedge bets on this. They also bypass App Store censorship, binary tampering, etc.
Maybe someone will revive firefox os or build a better successor to it.
Ideally, there’d be a law saying that any government service (direct, or contracted out, so including infrastructure like parking and EV charging) must be offered via a PWA that works in EurOS, iOS and Android.
Did none of these people read Machiavelli? Relying too much on foreign governments, especially "friendly" imperialists is never safe because it gives them a degree of control over you. That's a problem no matter who is in charge. If you slept through the PRISM scandal and are only regretting your failure to take action because you don't like the guy who just won an election, then you're beyond salvation.
At the very minimum you should be encrypting all data before you transmit it to machines you don't physically control, but even that's not necessarily good enough because it still gives them the ability to withhold that data from you. And that's to speak nothing of some hypothetical future technology that may be able to defeat your encryption entirely.
I haven't read Machiavelli, where would you recommend I begin for this in particular?
"The Prince" is the important one, IIRC he wrote some plays and such too but Prince is where his name got associated with cutthroat politics. It's a pretty boring read but it's not difficult to understand, I read it when I was 14 and I didn't have any significant difficulties even though I lacked context in contemporary Italian politics. Even though I was bored out of my mind (i did not read this book by choice) its been a major influence on my life because it explains all the different ways your choices can have surprising results in the long run if they're planned well by you (or your adversary).
It's a book he wrote about how to maintain power in a feudal society, with references to many historical events to back up his arguments. Usually it comes down to being wary of accepting help from somebody else unless you understand their motivations, what they stand to gain, and what you stand to lose in the long run. It's sort of like "Art of War" in that it's written for a specific time and place but the principles behind it are so universal they can be applied to many different situations, even business management and interpersonal relationships.
So anyways, my point in the OP above was that this is the sort of situation that he wrote extensively about; obviously there weren't any computers or cloud storage in 15th-century Italy, but he definitely makes several points on the dangers of relying too heavily on third parties for resources, because it gives them leverage with which to manipulate them.
> they can be applied to many different situations, even business management and interpersonal relationships
Disclaimer: most people do not think "Machiavellian" is a flattering descriptor
The Prince[1]. Although I think it's not very "readable" for today's standards. I've had a much easier time reading political science books that were written more recently.
[1]: https://www.gutenberg.org/ebooks/57037
I'd be interested if you have any recent book suggestions
yeah, uh, well he's been on a bit of a sabbatical for the last five centuries so there aren't any recent ones. Not sure when he's planning to come out of retirement.
check this "Machiavelli for kids".. seems gone as of now, so in archive.org:
https://web.archive.org/web/20160304023516/https://www.claud...
The world would be better off if people, like yourself (no offense) would read Machiavelli as a satire.
Well at the very least you need to take the stuff about power dynamics to heart, because that's the part that's most relevant and the part that modern Europeans have the worst understanding of.
I find Europeans to be particularly annoying because they've willingly turned themselves into de-facto vassal-states without even realizing it, and despite constantly panicking over the outcomes of internal American politics they never learn their lesson or take any real steps to become less dependent on the United States.
I'm pretty sure I remember the exact same conversations about whether it's safe to host data in America eight years ago, because they haven't changed at all. I happen to think they're over-reacting and that Trump isn't going to do anything with their precious data, but they're well within their rights to have negative opinions about internal american politics. However it's also incumbent upon them to understand that they have no standing in who the American people elect, and that if they don't feel safe not being America's #1 priority they need to become more self-reliant. Europe is not the center of the world to us, they're just another one of the six continents that aren't North America.
EU should build their own cloud services. I mean it's not rocket science, but I don't know anything in EU that can compete with the big three.
You don't need to compete with the big three if they are part of a world order crumbling in front of your eyes.
You need to build services that allow you to continue to function as democracies and that ensure you can tackle the challenges ahead.
Ukraine moved their governmental data into AWS in the start of war [1].
[1] https://d1.awsstatic.com/institute/AWS-Institute-Accelerate-...
All government systems should be on-prem, and secured by proper personnel. None of the data should be in a cloud providers hands, even by their own country's providers. There needs to be a separation between business and government infrastructure.
As a DevOps’er in the EU, how would I capitalize on this?
I’ve only ever done bare metal and have been lucky all of my employers hated the idea of AWS/Azure/GCP. So I feel like I’m quite well positioned to start helping companies move to bare metal alternatives.
Do I start freelancing, or do I try for an AWS alternative?
There's quite a lot going on over the last year or two to actually build a real cloud in Europe, which is basically nott just dedis/VMs like on Hetzner or OVH. Take a look at Clever Cloud or Molnett!
You have as much sovereignty over a foreign-run cloud as you do over a Tesla or an Iphone. AWS or Google isn't going to give you the source to their software, and even if it did you don't have the engineering resources to review even a snapshot much less review it at the velocity it changes (and even if you wanted to try you'd need to hire the engineers away from the US tech companies).
European cloud providers can only exist in niches at the moment: - cheap but unreliable -> hetzner - integrated into the DFN -> gwdg - and so on
The market is captured by us companies. I doubt that this will change.
The reason is simply that the the number of clients that care for the problems described is small compared to the total market. If you run a company that caters to these clients, you will cater to a small market with special requirements.
Companies like that tend to be pricy and hence won’t take market share from Americans.
Change can be spurred on by law. If governments aren't allowed to use non-EU (or maybe specifically US) hosters a big enough investment could jumpstart it. I'm working for a semi-government organization who just switched over to kubernetes. That can be hosted anywhere, there's not really a moat.
OTOH most of the stuff these cloud services run won't be really missed if gone.
It's true that relying solely on a cloud ecosystem without continuous protections isn't safe. That's why many government agencies should consider what I classify as a co-location strategy. By implementing this approach, agencies can use private tunneling applications with encryption and APIs to securely fetch non-sensitive information.
The cloud provider—such as AWS—can still be used for application hosting, but a private network should be established between the cloud environment and the co-location facility.
Why is this beneficial?
In a cloud environment, public ingress can be cut off instantly if needed, minimizing exposure.
Applications can be designed to serve most (or all) of their data through regional gateways connected to the co-location.
By placing co-location facilities close to critical data sources, latency is reduced while ensuring data remains protected and accessible within a secure network.
This approach allows organizations to balance cloud scalability with enhanced security, ensuring critical data remains under strict control while applications remain flexible and resilient.
It is also supporting companies openly admitting to run projects for the US army and Israel (project Nimbus). This alone is already enough.
It is no longer safe? Like it was safe a month ago? It was safe with Biden, Obama or Bush as presidents?
It baffles me how people look at other administrations through rose colored glasses and pretend that the problem started since Trump took over and Musk is working on this DOGE stunt. The swamp has always been there.
It was never safe, and never will be, no matter who is the president and how outrageous some of their actions are.
This article didn’t need the picture of “Trump is signing things”. This article cannot be taken seriously because of that, and it’s so frustrating because otherwise it made good points.
Nothing is safe in absolute terms but through Obama, European leaders could feel confident that the United States would honor its treaty obligations. The idea of an American President working in conjunction with Russia to run a shakedown on a European power wasn’t even viable in the Tom Clancy-level of cold war novel.
So I’d think of it similar to how climate change has affected property risk assessment: even if your home was never absolutely safe from flooding or wildfire, your practical assessment of how much effort you should spend protecting against those risks was quite reasonably lower in the era before once in a century or once in a thousand years events became once in a decade.
Few of my clients have been very nervous about this, and I know we're trying to ditch several US offerings with alternatives.
Microsoft is one of the hardest to get rid off, as it traverse the business from teams to SharePoint to azure dev ops and GitHub.
But when it comes to running systems themselves, there's valid European alternatives.
Let me preface this by saying : I don't really like Trump, by why are people suddenly listening to his self-ascribed titles?
In 2016 he was the 'King of Debt' , a title he ascribed while talking about the debts he inherited from the previous administration, no one thought to start worrying about the start of a new monarchy then -- why now? because he's faster and looser with exec orders? hopefully everyone remembers 'king Bush Jr.' then.
Personally I think it's kind of hilarious to watch; on one hand you have mega-corps moving away from places TO America so that they can facilitate E2E, while simultaneously the persona-in-charge at the moment is driving people to any of the countries that have a long history of demanding keys and throwing a fit when denied.
Unless of course this article is about moving our data and software development to the Slovenia .. but it's not.
I think it's great to work towards not being beholden by other countries actions, but it should've had effort towards it before a bad-actor nudged everyone awake; not during the crisis. It shouldn't have taken Trump to remind everyone that nationalization of important goods is sound strategy.
Hopefully, this push will stop the trend of calling countries trying to legislate data residency and privacy laws to keep their citizens data out of foreign prying eyes as authoritarian and painting them as threats balkanizing the free internet.
Wishful thinking? may be, because the world isn't and doesn't have to be fair.
Just a reminder…
There are cloud infras (“clouds”) that are wholly independent of the large, entrenched, politically connected providers like Amazon and Microsoft.
We think of this as a monoculture wherein every single thing is somehow built on top of AWS. That’s not true.
This reminder would be a little more helpful if you gave some examples.
FWIW he _is_ an example already: https://rsync.net/
The PRC essentially pioneered the concept of digital sovereignty with the "Great Firewall" approach in the late 90s. It was famously ridiculed by Bill Clinton as a hopeless endeavour.
In the wake of 2014 and souring relations with the West, Russia also started looking more seriously at digital sovereignty. This was castigated as "isolationism" and an attack on the "open Internet".
Now it's nearing a household term among EU tech groups. Because this was never about democratic ideals, it is about power and control, especially in a volatile multipolar world.
Comparing digital sovereignty w/r/t critical services are hosted to "The Great Firewall" is absurd. It's not the same thing at all.
China and Russia blocking YouTube is different from making sure the entire EU government and economy can't be collapsed by US turning the screws on Amazon.
Come on. We can draw a straight line from the GFW to companies like Baidu and Alibaba. Without it, they would (initially) struggle in direct competition with endemic US products.
We are ready. Whole built infrastructure on EU or European (Swiss) cloud. And I mean all. Server, customer data, but also support infra, email, documents, etc.
We build Wide Angle Analytics ground up outside of US systems.
What’s the alternative to ICANN?
ENS[1] and Box[2] come to mind. The crypto people have been contemplating this for a long time.
[1]: https://ens.domains/ [2]: https://my.box/
I'd guess a reasonable start at delivering near-equivalent capabilities, capacity, and reliability from a standing start today, in just Europe, to be about €50b. The shopping list isn't all that tough. Who wants to pony up?
European cloud providers already exist, and companies from industries and countries where data protection is regulated are already happy clients (see Swiss FINMA, and German governments required by law to carefully respect GDPR).
Maybe an influx of business will make us grow the European clouds, but that's ok, we're up to it.
I'd argue that there are actually no EU cloud providers. There are only EU hosting providers.
Time for Ericsson to resurrect their phone division?
Cloud will continue to evolve massively with AI, as vendors offer more specialized infra and software abstractions, but the salient point is that in Europe we haven't even been able to build the first 10% of what providers like Amazon, Microsoft or Google offer. Hetzner was only "considering" a managed Postgres offering, last time I checked, ffs...
My take is that capital in Europe is (a) way too risk-averse and (b) fragmented across many European countries... As much as I've always sympathized with the EU, "Europe" as a single entity is a fucking lie, an illusion in our collective minds.
Try building a business in Spain, and then expanding to France. Yes, you have free movement of capital and labor to help you - which is a massive foundation - but after that all you'll find is red tape and difficulties emanating from the differences in culture and language.
Similarly, it seems impossible to privately amass the amount of capital needed for an investment such as what is needed to "make the first 10% of what AWS offers".
The only alternative is through continent-wide industrial policy, Draghi style[1]. More power to the bureaucrats in Brussels, and more taxes than we're already paying - and we're fucking suffocating already down here. No thanks!
This is why the future looks dire. My only hope is that maybe with AI software development becomes cheaper and we can all build more services in-house. But please someone give us at least the first 10-20% most useful cloud abstractions. I wouldn't want to waste even the compute-time of my AI engineers in building a resilient managed Postgres.
[1] https://en.wikipedia.org/wiki/Draghi_report
It's not just US clouds, all USA brands are toxic now. Buy elsewhere so our economy collapses. Seriously. You're doing us a favor. We need something drastic to wake up the 77M brain-dead people here that voted for this monstrosity.
I'm sorry that you feel so isolated from the majority.
What powerful force do you think caused over half the people you know to be so misguided?
propaganda
What makes you so sure that your viewpoint was not also influenced by propaganda?
The US army and NATO where the first global cloud services
Trump is just openly saying what the previous governments have covertly been doing: Spying on their allies and enemies alike. Since the Snowden revelations we know that the US is spying on everyone. Not just citizens, but governments, allied politicians, just everyone. After the revelations there was a moment of shock in Europe. But eventually newspapers and magazines wrote less and less about it. The reality is: There‘s five eyes and Israel, and then there’s the rest of the world. And the world should start distancing itself from these malicious actors.
On the topic of this, what is the best platform similar to Digital Ocean App Platform that isn’t run by a US company?
It is NEVER "safe to move for any government and secrets to US clouds", unless you want to be spied up on.
Russia found about it the hard way when Google and Apple payment services were suspended.
In fairness, the whole international consumer banking industry cut them off. Try using your Visa card or PayPal on a Russian web site.
I don't think it is safe to move to anybody's cloud if you are concerned about spying. We have seen far too many invocations of the magical words "national security" and "think of the children" universally.
People have always thoightabputitand said no to cloud. Especially those folks who are non-native tech businesses
I wonder if growing distrust in the american cloud will benefit companies like Oxide in coming years
Who are based where? Same fundamental problem right, you still can't get overall security (of continued supply, support and software/firmware)
Their software stack is open-source, and their machines don't have any telemetry or external dependencies. They're designed to be air-gap-able, while still giving you a cloud-like experience
That's a great start but it doesn't actually solve much.
It's a closed system so I can only buy hardware through them, what if at some later date the US demand hardware backdoors, what if due to tariff (or other drama) we can no longer buy them? How do we get spares?, what do we do if a server breaks?, what if they go out of business? What if we need some other kind of servers or offering they can't provide?
I worry about the rising tides of nationalism/anti-globalism both in the US and in Europe. I view things like this as accelerating the trend, not 'resist'ing it.
War is already here and expanding. The US will probably switch sides and align with Russia.
It wouldn’t surprise me if NATO is replaced with something that excludes the US and includes Ukraine, Greenland, Canada and Mexico.
If 'US switch sides' means US giving military or financial support to Russia in the war, I strongly doubt it. If it means Trump giving rhetorical support to Russia, sure.
I'm willing to bet against both the military support for Russia & the NATO dissolution at 4:1 odds before end of this year and 2:1 before end of next year.
I don't think anyone serious actually thinks either of those things are going to happen so I doubt anyone would take me up on that offer.
I think the US will pull out of Ukraine and then focus on maintaining martial law and territorial expansion.
If you think I’m making the latter part up, look at the budget package the senate voted for yesterday.
maintaining martial law?
The US will get closer to Russia in order to pull Putin away from China. Isolating China is a higher priority than saving Ukraine.
Anything that fucks Bezos and Ellison is a good thing . There’s your argument
Is it safe to store data in Germany, given the strong showing of AfD in the election? They are now in second place, and who knows what will happen in the next 5 years!
AfD is pro-Russia and pro-Trump: https://en.wikipedia.org/wiki/AfD_pro-Russia_movement
Political parties in Germany don’t have the same power as the president in the US.
What about the Chancellor?
Not nearly as in the US, plus our version of the supreme court is not beholden to political parties
So in other words, storing data in Germany does not solve the problem, it is just better than the US. The US currently has a wannabe monarch, but that's just for the next 4 years... we hope.
The GOP is now full of those wannabe monarchs otherwise they would stop him but they just want to succeed him and use what he and Musk start to implement.
Isn't the yellow monarch already talking about running for a third term? (Dementia and legality concerns not considered)
No governments are trust worthy.
When did Hacker News start believing they are?
Quis custodiet ipsos custodes?
>When did Hacker News start believing they are?
I think the 'majority' were always like that, though I think in the recent years the proportions became higher.
It's safe to use FLOSS solutions with e2e encryption.
Not for long: https://www.infosecurity-magazine.com/news/microsoft-quantum...
Open source post quantum cryptography is already being used at scale.
This is far from actual applications: https://news.ycombinator.com/item?id=43106687
As a third worlder, this is hilarious. I'm sorry but I can't help but laugh at the panic some people are manifesting over the US no longer being the world police and involving itself militarily in another continent.
I don't like Trump, I really don't, but I hope he continues with this. Sadly he probably won't do the same with Israel though.
The US no longer playing world police isn't what's disturbing, it's understandable that they want EU to take care of its defense. The disturbing thing is how the current administration blamed Ukraine for the war, sees Putin's Russia as an ally, and actively wants to destabilize EU by supporting pro-Russian forces inside it.
All this is not so hilarious for me, living next to Russia and wondering if they will invade us within next 5-10 years, and whether we will receive any help from abroad when Europe seems to become increasingly pro-Russian. What is happening now is potentially a matter of life and death to us.
> The US no longer playing world police isn't what's disturbing, it's understandable that they want EU to take care of its defense.
I guess this reality has never reached the leaders of the EU apparently. Trump was in power before and also threatened to leave NATO yet the EU countries did not prepare for this at all. They had 4 years of Biden to do so but alas they simply waited and wasted time.
> The disturbing thing is how the current administration blamed Ukraine for the war, sees Putin's Russia as an ally, and actively wants to destabilize EU by supporting pro-Russian forces inside it.
You find it disturbing because you are missing the forest for the trees.
China is now very tightly coupled with Russia and Iran. The biggest threat to US hegemony is not Russia, not by a mile. China has the means, the power and the will to start asserting itself on the global stage. On the other hand Russia struggles to hold on to a 5th of Ukraine.
Trump wants to split Russia away from China and is willing to give up on Ukraine in order to make this happen. It's that simple. Russia has huge swaths of raw minerals, fossil fuels, lumber and so on that China needs in order to expand it's economy therefore it makes complete sense to try to slide a wedge between them in order to isolate China.
In this game of Geo-politics, Ukraine and the EU are just pawns that can be traded/pushed around because they have barely any weight in the global order.
You can be mad about this but if you do you should be mad towards the EU leaders from the last 30 years who instead of building a robust industrial base, sent all their jobs abroad, who instead of building a army that could resist an invasion, relied on the US protection without even reaching the minimum NATO investment threshold year after year.
The EU countries made their bed and now they are struggling because most of them are broke, their economies are in the gutter and are slowly crumbling.
> All this is not so hilarious for me, living next to Russia and wondering if they will invade us within next 5-10 years, and whether we will receive any help from abroad when Europe seems to become increasingly pro-Russian. What is happening now is potentially a matter of life and death to us.
This is a weird take. On one hand Russia, is not even able to conquer the whole of Ukraine but somehow it has the capability to steamroll over all the Baltic states? So which one is it, is Russia a paper tiger or an unstoppable force?
Both can't be true at the same time.
Baltic states are tiny compared to Russia, and Russians really don't care how many soldiers they lose. So, of course Russians can steamroll the Baltics if there isn't significant foreign help. But I agree it's EU leader's job to finally increase military spending, invest to grow our economies instead of following BS austerity policies, and make sure we can defend Eastern Europe.
As far as US-Russia-China relations go, you can't trust any promises Russia makes to the US. They will betray Americans as soon as China offers them a better deal, which I believe they can. They can just wait until China invades Taiwan, and then attack Eastern Europe & make deal with China while America is too busy fighting them.
EU people calling US unreliable now? For the last 50 years EU has been doing to Israel what US is doing to EU... Sadly for you, the West will figure itself out.
US is involving itself. They arw actively supporting Russia and actively threatening Canada.
USA is not stepping back, they are acting like an aggressor both against Ukraine and Canada. And against EU those somewhat less so.
So, you’re hoping for more US backed genocide and ethnic cleansing campaigns, and less defending third parties when dictators decide to invade them?
How do you envision this playing out in your corner of the third world?
It was never safe in the first place and only a fool could be convinced of that. Keep your data locally as much as you can.
This is going to hurt as we will all have to hand in our iPhones then.
"Free trade is good, actually" where different places can focus on doing what they do best and trade for other goods and services.
But you have to have reasonably sane trading partners for that to work and that has gone out the window.
And yeah, it's going to hurt a lot of people.
This has been common sense for a long time.
It's funny that people only raise this issue because of Donald Trump, whom the article refers to as "King," no less. The previous administration's green-lighting of the largest-ever industrial sabotage against Europe did not raise an eyebrow, but NBC News, a political opponent of Trump, claiming that Trump is "branding himself as a monarch" does the trick.
Oh well, whatever it takes.
Schneider Electric, a French company (owners of APC), absolutely dominates the datacenter infrastructure market at somewhere over 1/3 (probably closer to 1/2) of overall TAM.
EU companies many not be storing the data but they're certainly in the "making shovels" business. And that's kind of the deal. France quietly takes a huge percentage of revenue without most companies being the wiser.
If EU companies start moving their infrastructure elsewhere, I'm sure that American datacenter/cloud companies will reconsider who they buy their racks, PDUs, etc, from.
> the legal basis for sharing personal data with American companies is dead since Donald Trump has neutered the special court that would make such transfers legal.
It was always dead, or rather, it's in a shrodinger's state where the EU comission puts bullshit in a box, and companies pretend it's fine until the CJEU opens the box and acknowledge that it is, in fact, bullshit. It's happened multiple times already.
Aside from that small quip, the article is, obviously, right. Any sane European would count their fingers after a handshake with this administration. Expecting this particular agreement to hold is madness.
Lots of people seem to think this is only about data. The real risk is if trump says "ok, switch off the clouds for Europe"
Europe has no choice but to create its own subsidised cloud and mandate its use.
> Europe has no choice but to create its own subsidised cloud and mandate its use.
Don't threaten me with a good time..
I think "international cyber-relations" is something that's more generally coming into mainstream attention [0], whereas it's always been a bit muted and behind the scenes because people never questioned where the Internet is. Another factor moving attention back to geography is energy. We started caring about what "the cloud" costs the planet. The magic of "The Cloud/Internet" was to make location disappear. Now, who has your data is an issue again. Clearly the Danes are not on BFF terms with US at the moment. Here in the UK our problem is GCHQ using a lot of AWS. I've no doubt current US politics will lead to big changes in how computing and storage is structured. Maybe we'll get some good new protocols and practices (I'm thinking of real massively distributed systems) out of this which make things more resilient and less parochial for everyone.
[0] https://cybershow.uk/episodes.php?id=31
And this will be felt on both sides of the pond.
Unlike most other developed countries, the US has no real site blocking, mostly because it doesn't need it. They have enough control over the financial system and enough friends in foreign governments that they can essentially nuke websites that don't follow American law off the face of the earth, or at least force them not to serve American users of their own "free will". See e.g. crypto exchanges that don't follow KYC/AML, crypto-native prediction markets that nevertheless require a VPN for Americans to access, despite not even interacting with the non-crypto financial system, piracy sites which are often shut down at the behest of the US government, foreign banks that ask you whether you're a US citizen etc.
Once the answer to "we are the SEC, you can't let Americans visit your site or we'll get you extradited" changes from "yessir" to "fuck off, we're Europeans who have never stepped foot in the US, American law doesn't apply to us, and our government is gonna back us up on that", things will get really interesting.
As a European who is very much against EU tech regulations and the EU way of doing tech generally, this is definitely one change I'll welcome with open arms.
As an aside, I'm surprised "freely offering drugs / pirated content / havala-style unregulated P2P crypto exchanges to Americans on the open internet" isn't a model that a US-unfriendly nation has tried so far.
>foreign banks that ask you whether you're a US citizen
Note that this is largely the case for any bank where you're not a native to their country - because of the Common Reporting Standard. However the US asymmetrically applies FATCA instead of the CRS.
https://en.wikipedia.org/wiki/Common_Reporting_Standard#Mult...
"The U.S. receives information relating to US citizens' accounts from many countries due to the compliance requirements of the FATCA. The United States, in many cases, will reciprocate by sharing banking data with countries for accounts which their citizens hold in the U.S., but not automatically, as is required by the U.S. in FATCA."
This makes serving US citizens in an "average" financial institution an added burden that might not be considered worth the cost.
I'm not convinced that the answer is renting rackspace at the local MS datacenter..
Now please don't use that as an excuse to get on alibaba's rack.
It wasn't safe when rogue engineers at Amazon colluded with the US government to take down Parler simply because they didn't like the politics they supported.
It wasn't safe when the US government worked with Twitter and Facebook to silence the opposing view points about Covid Vaccine injuries and lied to us constantly about the effectiveness.
There are children to this day that can't get heart transplants in the US because they don't have the Covid vaccine, which only 2% of American children have taken.
I know lots of people that took the J&J vaccine and it's been taken off the market due to deadly blood clots. Doctors mentioning this at the time were silenced and many lost their jobs.
When I see more people in the tech community talking about the authoritarian left that nearly destroyed our freedoms over the last 4 years, I might start listening to you about your concerns about our current state of politics.
AWS suspended Parler over violent content, not because of political views, and not in collusion with the state.
The J&J vaccine was not "taken off the market." It was temporarily paused to investigate rare blood clot cases. Out of 8.7 million doses administered, 28 cases of blood clots were identified, with three reported deaths. COVID-19 killed a million Americans, and would have killed more without the J&J vaccine which probably prevented 5.7 million infections and—with an R0 somewhere between 1.4 and 3.28—many millions more. This information was not suppressed, it's public knowledge discussed openly in scientific and medical communities.
There is an undeniable authoritarian element to the US federal government, but when has the US ever backed a "leftist" coup in a foreign country? There's no coherent "left" movement in the US. No socialist party.
Really, your victim mentality—fed by baseless conspiracy theories—is absurd, and your promotion of this harmful rhetoric endangers innocent lives. The US is a a police state, but not a meaningfully "left" one. It's a republican oligarchy.
This sort of thing makes me groan. Oh, now it is a problem. It wasn't an issue with Obama and Biden but it suddenly is an issue that chester cheeto is running the show.
It is no secret to anyone that Google, Reddit, Meta, Microsoft, Intel, Twitter and Amazon work closely with the three letter agencies in the US.
https://justine.lol/tmp/trump.jpg
There are two questions here: Should gov/company/actual human use x, y or z from the US and HOW can they avoid it? I personally don't see a lot of strong answers to the 'how' question right now. At a basic level I think this is because we don't have a clear, coherent 'cloud OS' that makes it easy to build alternative offerings.
I run proxmox and try to host some things locally but the server offerings aren't quite there yet. What would be amazing would be for me to be able to truly host my own cloud so that I could share a doc with someone and the editor was hosted by my servers and safely sandboxed. It would be extraordinary if I could get my phone to offload storage to my personal cloud in place of iCloud and this was as easy as pointing to my personal cloud instead if being, at best, still a patchwork.
Things like portainer, podman, proxmox, etc are putting different pieces together but they are missing the crucial ingredients of exposing themselves to the internet safely and easily and being the foundation that my personal OS can actually easily run on. This split between device OS and cloud OS is something that hasn't yet really happened and it is holding us back from creating a viable alternative ecosystem to commercial offerings. I think the things missing from current offerings like proxmox are:
1) The cloud OS of the future needs to expose VPNs and control domains as first class citizens so that my devices can join it securely and natively. These resources are the hard-drives and network cards of a cloud OS but they are treated like apps in current offerings. 2) It needs to integrate with auth in ways that allow me to 'share' a doc from my personal cloud just as easily as google does and allow others to connect in secure, controlled ways. There isn't a point to opening up to the internet if you can't allow others to connect safely. 3) It needs to integrate with other clouds and provide native ways to migrate data and services between your personal cloud and other clouds. 4) It needs to seamlessly expand from user level cloud to enterprise and beyond. This is the 'Developers developers developers' moment. If I can develop in my local cloud things that I can deploy to a real enterprise could then I will build a lot of things even if they don't go to the enterprise.
I think building the route to 'how' is the important question here. You can't just legislate 'use the alternative' if the alternative doesn't exist. So what is the route here? How do we get to a point where it is actually possible to choose a different cloud? I think there are a couple ways here but a core component is likely a split in linux to start a cloud native install path. Basically, when you install on a machine it always installs as a container running on a hypervisor/cloud OS so the machine joins/starts a cloud OS install first and then the user OS installs are virtualized on top from the start. Basically, bare-metal should belong exclusively to the cloud OS. I think this likely would create the initial split needed to focus efforts on developing the cloud OS separate from the user OS and possibly start us down a path where the ecosystem exists to enable people to hop off of US cloud providers. As a side benefit though it would make migrating to new hardware way easier since I could likely just migrate my virtualized environment after joining it to the cloud OS the old machine is hosted on.
European alternatives for digital products: https://european-alternatives.eu/
https://www.scaleway.com/en/
EuroStack: https://euro-stack.eu/
https://www.ceps.eu/a-bold-proposal-to-build-the-eurostack-b...
How to say this... it was not in the first place. And it is not specific to the US, it is the external cloud operator which is the issue.
It is a very complex matter. Roughly speaking, if you rely a lot on information systems, in the end you are own by the real operators of those information systems.
This is rich considering the UK just a few weeks ago jawboning Apple into making user data visible to the state.
Is the UK still considered "European"?
By the rest of Europe? Kinda.
They always seem to have imagined themselves to sit halfway across the Atlantic instead of a few miles off the French coast.
Only geographically. For many other attributes, accelerating away at speed.
Indeed. GDPR, cookie laws, draconian anti-free speech content policies. I'm not a fan at all of the US government but Europe has proven to be the last place on earth you want to host something.
The US has DCMA and strong free speech protections.
There is no free speech protection in any EU country.
DCMA is overlooked but it's hugely beneficial for US companies and means they're not liable for what their users publish/write on their site. In Europe you have to staff moderation teams to remove defamatory content etc or become liable to be sued yourself.
I'll challenge you to find any EU member state where free speech is not protected by constitution.
Yet almost all US companies where users can publish stuff operate in EU just as well. Seems like the upside of the market size outweights the downside of risks.
I don't find USA to have meaningful speech protection. Retaliatory lawsuits are frequent and the process itself is and the process itself is the punishment.
Plus, current goverment don't care about laws and people on top of it have history of retaliating against speech.
It is still a lot better than the nothing that exists in EU as free speech. Also the current government does not care about laws and the previous did not want free speech, but in the end there is plenty of it.
There is free speech in Europe, just not free lies. I think it’s a good thing if voter manipulation through Russian lies is addressed, this is just a piece of online warfare from Russia.
This is the kind of thing you don't have to contend with if you host outside of Europe. I don't care about your beef with Russia, I do care about free speech though.
Online warfare is warfare, and russias lies can destabilize working democracies. We all know the stories of the horrors of the 2nd world war, and never again also means fighting online warfare. Freedom is more important than freedom of lies. I’m sure that if you ask people who experienced the 2nd world war to choose between freedom and freedom of lies, they’d choose freedom.
Also, a vote for the right is a vote to increase the gap between the poor and the wealthy, things will only get worse.
My own country lies to me far more than Russia could ever even dream it. The president of the US went on live tv and said he saw non-existent "beheaded babies" just to service Israel. Russia isn't even a blip of a problem for US citizens (other than the Ukraine stealing our tax dollars). In fact, a lot of people that want to take away our freedoms seem to be anti-Russia, so at worst they're the enemy of our enemy.
I don't vote "right" because the Democrats and the Republicans are both working against my interests.
As soon as citizens no longer trust their democratic government, democracy stops being effective. I the Netherlands I think the governments have done a pretty decent job (although far from perfect, but compared to other countries they’re top of class) and I trust that most people in government are trying to do the right thing. A lot of the online lies are aimed at creating this distrust so democracies stop working.
And that distrust starts with this dishonest framing like ‘ukrain are stealing our dollars’. No they’re not, it’s your politicians that decided it was in the interest of the US to have wars: fight hitler (thank you!), fight communism in Vietnam, fund and later fight saddam, fund and later fight taliban.
But now you have a government that no longer thinks fighting Putin is useful, because they think the Russian style of government is the way to go, and not a threat to the US way of life. I doubt they’re right, the average Russian in the country leads a very poor life, and freedom is not a priority in Russia, if you disagree with government you will get thrown out of a window.
But your government is now following the government style of Russia, not following the rules of law, not following democratic, constitutional rules. Do you really want to be next Russia?
As a citizen I support my government's decision to not fund the Ukraine. I never supported it, most people don't. It's common sense, why send our money halfway across the globe to fight a battle that has nothing to do with us? That's stealing my money in my book and I don't need "Russian trolls" to tell me that. For the record I, along with many others, didn't support the wars against Vietnam, "communism" or the Taliban. We should not be the world's police. A domestic, home grown opinion based on basic logic.
It's indeed easy not to care about "our beef with Russia" when you're far away from them. The feeling is quite different when you live next to them, and know that your home might get bombed one day because of Putin's geopolitical fantasies you have absolutely no control over.
I like free speech, but I would rather not die because an army of Russian trolls managed to replace Western democratic governments with Russian puppets.
Just food for thought... I have a hard time viewing the people who want to restrict speech as my ally. Quite the opposite. I'll take so-called (likely fictional) "trolls" over restrictions of speech any day of the week.
I don't see why anybody would doubt the existence of those trolls. It's quite obvious that social media can be cheap and efficient tool for spreading propaganda, and information warfare / spreading propaganda among your enemies is nothing new. It's done by many nation states and other actors, Russia is just among the most successful.
Anyway, I tend to agree that "too much" freedom of speech is not the real issue here. Across Western world, neoliberal economic policy has failed to bring prosperity among large segments of population. Politicians have also ignored very real issues, such as failed humanitarian migration policies, DEI-policies which discriminate against particular "privileged" groups and so on. Trolls would have much lower success rate, and far right parties would be much smaller if these concerns had been taken seriously before by mainstream parties. People who are happy and optimistic about their lives and future rarely become extremists.
I find it ironic since your complaint about DEI almost certainly comes from the dreaded trolls you're referencing. I don't actually need a "troll" to tell me I don't want to spend billions of my tax dollars defending Europe when everywhere you look in the US things are falling apart. That's not Russia, it's just reality.
one of these things is not like the others
If your "tech innovation" isn't capable of restricting child pornography and calls for terrorism and genocide maybe it's not 100% a loss for everyone else?
So tear down the bulletin boards. No not the electronic ones, the wooden ones.
There are calls for terrorism and genocide coming daily from the MSM in Europe and the US.
You'd agree that there are limits to free speech then?
I think you may have replied to the wrong comment or this is a very drastic non sequitur.
Either one would agree that if the "MSM" were publishing bad things then there's a need to control it. At which point the question is why is a social media website different. Or you'd say that child porn and other bad things being published on websites are fine and there's no need to control things. At which point you'd be pretty wildly out of step with the majority of the population.
MSM are publishing bad things, freedom of speech is important and I don't think we need to "control" anything (child porn is illegal by any measure, it's an abuse issue, not a speech issue). I can't even imagine how you jumped to that conclusion. Just because I don't agree with something, it doesn't mean I'm ok with eliminating it through fascism.
You can't claim to support total free speech and also accept that there is content that is bad for society that needs to be controlled. The moment you accept the latter premise you then need to build enforcement mechanisms and have debates that boil down to political preferences on what constitutes bad. I think it's kind of a navel gazing gesture to just hand wave at "I support the good free speech' and wash your hands of any of the coercion/"fascism" that comes with how the sausage is made.
It never was
Every government and big company spies on you. If you don't host your own hardware, you should expect that. If you do host your own hardware, you're still vulnerable to things like Mossad spyware. None of this is new, and Europe is as guilty if not more guilty than anyone at this state of affairs.
I think the difference is that you would rather take your chances that your own system gets compromised by Mossad, which you can't really do anything about, than willingly hand over your information to a country that is increasingly hostile?
Like you said, the truly hostile entities will gain access anyway. The people breaking into the systems to gain access are the ones you really need to be worried about. I'm pretty sure the US government has that capability if it wants it (not that I endorse it, I don't).
Yes. I agree. But the difference is making them be an adversary, which can be dealt with, versus handing it them willingly. There is a difference there.
US is truly hostile tho.
I would argue that all aggregations of power are truly hostile, whether that's the US, the EU or Meta.
Why has it taken this author so long to finally realize this? It was never “safe” to have government data managed and stored in another country.
Sounds more like they just don’t like the current administration in the United States. This dislike somehow has woken them up to the reality that storing their sensitive data in another country was never a good idea.
See also
- https://github.com/asmaier/awesome-gdpr-services
- https://european-alternatives.eu/
- https://tycrek.github.io/degoogle/
The world has changed, but the EU acts like the solutions that used to work will continue to work in the future. Neither regulating limits to AI nor waiting for Trump's term to end will solve the underlying problem.
First, Trump's rise in the US is not an isolated phenomenon. Almost every country in Europe has its own right-wing, anti-globalization, pro-nativist parties, and in almost all countries their power has grown. Globalization decreased economic friction, but not evenly--there were winners and losers. The winners were the professional class who could sell their services to a global market. The losers were the labor class who saw their jobs outsourced and who had to pay more to the professionals they needed (doctors, teachers, etc.). The result was Trump.
US policies will moderate as Trump's failures pile up, but we're never going back to the globalist, "citizens of the world" consensus of the 2000s.
Second, (and ironically), globalization has given leverage to high-agency individuals to amass more power than previously possible. Billionaires are exerting influence (Musk, obviously, but also Gates, Bezos, Marc Benioff, Bloomberg, Koch brothers, etc.) not just because they have money, but because money can influence more people through globalized businesses. Social media is the obvious vector, but even a business like Starbucks has influence by how they set labor trends.
Moreover, authoritarians like Putin are only constrained by hard power, not by international institutions. And ironically, the whole point of international institutions is to decrease investment in hard power! The result is that people like Putin can do whatever they want.
It is obvious that globalization, as currently structured, has failed. But no one (to my mind) has yet proposed a better model. The left wants to keep globalization and tinker around the edges; the right wants to tear it all down and retreat to autarchy.
Eventually, the world will enter a more stable equilibrium. Whoever can see that new equilibrium can prepare for it or even influence how it comes about. Anyone got any ideas?
People will only act on that, if Elon Musk buys Microsoft. But then it is too late.
I never was. Claiming otherwise is blatant political propaganda.
Sovereign nations... Europe is not sadly
The US should stop subsidizing the EU. It's clear Europe has nothing to offer the US, economically or geopolitically.
Nothing to offer?
Then why the tariffs?
You are aware that US business selling stuff to Europe is what makes trade deficit smaller? It is not a subsidy for a business to sell and get money.
The cloud cometh and the cloud slowly fades away.
It would be funny if I survived my web dev career without ever having to touch AWS and friends, just because CPU core count, memory bandwidth, etc. scaling got to a point a single machine could handle total population of my country. :D
I'm sure you are aware that companies can buy more than one machine for their datacenter.
Yeah, that mever came to my mind.
The UK government just demanded Apple to disable Advanced Data Protection, globally, in order to backdoor the iPhone; and Apple has at least compiled with it for UK users; but no, for sure, its the US Clouds that are unsafe, not because of specific laws or executive orders, but just... vibes. "The vibes are off, we're done" get real.
Romania just annulled a democratic election because of supposed interference from Russia. Some would say that by doing so Russia won anyway, but democracy doesn't seem to be a priority for some European countries. But, sure: Its the United States that presents the greatest danger.
Only one half of your comment is true.
Election interference does occur, and to protect democracy, courts must act where there is clear evidence.
Or are you referring to Hungary in your second paragraph?
I wouldn't necessarily have a problem with this reasoning, if it wasn't for the fact they only get involved when it's Russia trying to push the election in a certain direction.
There's countless examples of countries trying to influence the elections of others. I'm from the UK and a notable example that comes up here was when the US president threatened Brits that the UK would be put on the bottom of the list of trade talks if they voted Brexit.
And just recently nearly 100 staff from the UK government were supporting Harris in the US presidential election.
I'd also argue that propagating this idea that people are too stupid to see through the lies and interference in an election undermines the point of democracy. If we cannot trust people to make sound democratic decisions, then why do we even support democracy as a political system? In a democracy sometimes people will be misled. You need to trust that people will ultimately make the right decisions.
No; Romania [1]. But yes, Hungary also has its own set of problems; Europe has always been allergic to democracy, and its no surprise that allergy would keep rearing its head in the 21st century.
[1] https://theloop.ecpr.eu/the-cancelled-elections-and-the-main...
People discussing ideas freely on social media isn’t “election interference”.
It actually is in this case, unless you’re using doublespeak.
One thing is for sure: Annulling the results of an election is definitely election interference, unless you're using doublespeak.
I suspect that Trump will have a very negative impact on US tech companies.
And European countries are by and large such lumbering behemoths of tradition and regulation that by the time they build up enough will to pump the breaks on these transfers Trump will have already left office and the EU would be split up by Russia and the US.
4D chess
I think the biggest impediment here is binary thinking, which permeates a lot of this dialog
Sure, I agree with the article. Sure, the EU is way behind here in implementation, and the privacy stuff takes (IMHO) a bit of an absolutist position. But then we ask ourselves, how many people do actually turn down cookie banners (well I do, but still)
As a start, not even the US gov trusts their vendors, that's why there's FedRamp and such. It's a detailed procedural and deep certification.
Is it safe to have your stuff in a US cloud vendor? Well, which stuff? Is it safe to have it in a server under your desk? Probably less safe in the end
Which countries have actual specialists in securing data? (hey didn't the USDS just get shut down?) Which countries actually implement those security guidelines? (Or just general best practices?)
tl;dr: SNAFU
> how many people do actually turn down cookie banners (well I do, but still)
does anyone know why EU hasn't regulated (read: forced) use of DNT headers or a similar mechanism instead of non-standard cookie banners that are obviously being abused in a malicious compliance way?
Seems to me it could've been just "If I send you `DNT: 1`, that means refuse all non-functional cookies".
But see, whenever the EU prescribes a specific technical solution there's endless whining about how they're "locking themselves in" even if there's a path to evolution in the regulation (see the unified charger ruling)
But sure, they could have specified something to the effect of "if a browser specifies (though current technical means) that the user is DNT they should follow that" but there was lobbying from the advertisers and other parties as well
Meanwhile author makes zero comment on UK encryption nonsense, or the mad EU drive towards absolute information control.
Its just another case of rocket + orange man bad
Because the US are the bigger threat.
The EU has much more leverage against the UK.
It never was safe in the first place. Storing sensitive data in a locale under the jurisdiction where it can be freely accessed without your knowledge has always been idiotic. That's why all proper, sovereign countries demand that their data, and that of their citizens, is stored in datacenters within their national borders.
On Trump's part this is probably just part of a public trade negotiation, so it's true; Europe should be hosting its own data and its own data processing. They just won't because it means a lot of short term pain for extremely dubious long term gain.
The PCLOB is obviously theater that gives Europe an excuse to pretend that it has an independent data policy focused on protecting Europeans, because:
1) The US will go through European data if it wants, and happily and quietly break its own laws to do it, board or no board.
2) Europeans want even heavier surveillance of European data than the US does.
3) I'm sure Europe is happy to use the US to get around its own privacy laws.
The reason Trump is breaking the board is because that will by law create a necessity for Europeans to move data out of the US, which again would be a nightmare of dubious benefit. In return for not breaking the board, Trump will ask for unrelated concessions that are a lot less expensive than that. Europe will have choices to make.
Privacywise, the US will have access to European data no matter where it is stored, no matter what it needs to do to get that access. It has nothing to lose on that front, only the income (which is imagine is not huge.) But without that board, Europeans have to choose between either onshoring or leaving the data in the US even with no working deal in place (and ending the elaborate pr charade that they care about the privacy of Europeans.) That board is a gift to Europe.
This article is not a reasonable take on the situation. It is saying America isn’t a “reliable partner”. What does that mean? Demanding that NATO countries pay their fair share instead of free loading, is now not being a reliable partner? If anything it’s the other way around, considering the US has funded Europe’s defense. America is still the best partner for Europe and it makes more sense for the two to rely on each other than to waste resources while China - an actual dangerous dictatorship - continues to rise.
It’s also odd to paint Trump as “dictatorial” given that European leaders constantly look for ways to control or punish free speech, or for ways to suppress election results they don’t like. Look at the coup in Ukraine in 2014, the actions taken after it, or the proposal to ban AfD in Germany, or the effort to reverse the Romanian election. It’s EU leadership that has become authoritarian.
Negotiate with russia about Ukraine without Ukraine.
Calling a elected president of country a dictator and spread false claims of 4% approval.
Bringing in a UN resolution that lacks the part where Russia is the aggressor in the war with Russia.
Blackmailing a country that fights for survival to get rare earths.
And for free speech, the US don’t have free speech. People are silenced by fear by „free-speech“ abolitionists so they don’t dare to speak freely in fear of repressive measures.
That’s law of the jungle not free speech.
And the AfD is full of enemies of the constitution and that’s illegal as a party in Germany.
Nobody prohibits to be such an enemy of the state but you can’t expect to get paid by germany tax payers for trying to destroy that state. That his neither authoritarian nor anti-free-speech.
You forgot threatening to annex greenland, canada and panama, and attempting to put an end to mexican sovereignty.
> And for free speech, the US don’t have free speech. People are silenced by fear by „free-speech“ abolitionists so they don’t dare to speak freely in fear of repressive measures.
The US is basically the only country with good free speech laws. I am not saying they’re perfect, but I’m not sure what your argument on that point is. Can you share something more specific and explain how it invalidates the American constitutional protections on free speech?
> And the AfD is full of enemies of the constitution and that’s illegal as a party in Germany.
You either have a democracy where people can choose their leaders or you don’t. It appears Germany doesn’t. Preventing a party that is popular, from existing or participating in elections, is literally authoritarian and anti free speech by definition.
> Bringing in a UN resolution that lacks the part where Russia is the aggressor in the war with Russia.
What do you call the illegal coup in 2014? It removed the representation of everyone in Crimea and Donbas right? What about NATO expansionism? The aggressor isn’t very clear. I would argue that the 2014 coup and efforts to suppress Russian ethnic people in Ukraine was an act of aggression that eventually led to this conflict.
> Blackmailing a country that fights for survival to get rare earths.
This framing just shows how thankless it can be for America to help Europe. Asking for something fair in return for hundreds of billions in defense and security funding (not just in this conflict but for a much longer time), especially since it helps remove China’s rare earth control, is reasonable. It’s not blackmail to propose a fair deal. Ukraine and Europe are also certainly free to refuse the deal and not expect American taxpayers (whose pocket this comes out of) to help them further, considering they’ve already done so much.
> The US is basically the only country with good free speech laws.
You know how online comments can be used to silence people? Imagine we had a heated argument and I end with „I know where you live“ Depending on the circumstances at some people at that point feel threatened and stop using their free speech.
Or think about the people who get fired for online comments.
You could say, free speech doesn’t mean free if consequences but that means it’s not free speech, but without consequences you could threat other people and stop their freedom of speech. Every freedom stops where the freedom of others begin, that’s why no freedom can be unlimited.
> You either have a democracy where people can choose their leaders or you don’t.
Sorry that’s BS. Every democracy has rules for those who want to vote and want to get voted. Something like stripping convicted of their voting rights forever is impossible in Germany. You can even vote in prison. And given that taxpayers pay for the parties expenses and that they get free airtime in TV for their ads the are certain rules you have to comply to be a allowed party. So comply with the constitution is one main point.
>It’s not blackmail to propose a fair deal.
Pay or we cut of your military‘s communications via StarLink is not a proposal of a fair deal. Without communication people will die. Pay or die is definitely blackmail.
> What do you call the illegal coup in 2014? It removed the representation of everyone in Crimea and Donbas right? What about NATO expansionism?
Because former soviet states joined NATO russia had to attack and kill Ukrainian civilians? Really?
And don’t forget that people in Donbass voted for Zelenskyy.
By that livic Russia could attack the US and shouldn’t be labeled the aggressor. I doubt that Trump would do that but maybe he would offer some US states to make a deal to get peace.
> What do you call the illegal coup in 2014? It removed the representation of everyone in Crimea and Donbas right? What about NATO expansionism? The aggressor isn’t very clear. I would argue that the 2014 coup and efforts to suppress Russian ethnic people in Ukraine was an act of aggression that eventually led to this conflict.
If you dont know what youre talking about please dont bring up ridiculous bits of propaganda.
The only illegal coups in Ukraine were in Crimea where unmarked Russian soldiers surronded the regional parliament made them appoint a random criminal from a minor party as the leader and hold an undemocratic "referendum" to join russia. No free speech was allowed by many ukranians (of russian, ukranian, tatar, and other ethncities) who opposed the russian coup.
Russian backed criminals and neonazis and scam artists backed by russian soldiers also commited coups in parts of Donbas. Sadly they were unable to vote in elections or speak freely and were basically under control of corrupt warlords in the following years. The rest of Ukraine including most of the Donbas held several fair free elections. In the last presidential election which was fair and free Zelenskyy crushed the incumbent including getting a super majority in the part of Donbas which was still able to particapate in free elections.
Russia could care less about the rights of "ethnic russians". Its killed thousands of them in their assualt on Ukraine (probably a dispraportionate share of civilans they have killed considering where most of the fighting has occured). There was no effort to "supress" ethnically russian Ukranians. They are a well integrated part of Ukranian society, the commander in chief of the army is an ethnic russian born in Russia who onpy moved to Ukraine in his teens. Also I'm guessing youre under the mistaken impression that most of the Donbas area was ethnically russian when it was actually only about 1/3.
As for NATO expansionism thats another bit of propaganda. There was never an agreement to not include parts of eastern europe in nato(former soviet leader Gorbachov hinself admitted this in interviews with russian media), countries like Poland begged to be let in and wore down existing nato members. Most imporantly Ukraine was not seeking to join nato in 2013/2014 before russia invaded and everyone knew there was no chance of them getting in in 2014 when russia started the war or 2022 when they expanded it(too many members of nato were opposed). Now after the expansion of the war it seems inevitable.
America has done a lot but Ukranian victory and a russian loss is clearly in Americas best intrest.
With the backlash European companies are making toward US tech, can US companies now rip up their GDPR policies in return and stop with these cookie banners everywhere?
I see what this guy is saying, but one important thing this article misses entirely is: Trump was elected with overwhelming support, and is carrying out the will of the people. I think people should stop pretending that his decisions weren't commissioned, and deluding themselves into believing that he's acting on his sole authority somehow.
He got less than 50% of the votes
His most popular policies have about 50% support. Most poll at 2:1 or 3:1 against:
https://archive.is/C08bk
That’s actually bad if even his most popular ones only reach 50% at max.
you've had twenty years to build an EU-native alternative...what do you have to show us?
the EU has settled for using US tech but just taxing the success with fines
EU actually built solutions that people that care about $ use like OVH and Hetzner.
I have never worked with companies that chose OVH or Hetzner (or Scaleway or any other EU provider) for something else than doing things cheap.
They don't care at all about the provider being a local or European company. They just want the cheapest option.
Which usually means using the same server to host dev/UAT/prod, and also using the extra storage available to store company data unrelated to the workloads hosted on the server.
Whereas the companies that are using big clouds are more focused on doing things with more care, and trying to avoid as much disaster as possible.
But I guess having PII data exposed on the web from an Hetzner server is better than having everything encrypted on AWS...
That's true. They were numerous attempts to introduce a European alternative, which (more-or-less) failed. The US cloud providers are years ahead. However, the EU is suffering from that; the US companies pay some taxes, but far less than you possibly believe, and it conversely doesn't have any tax revenue from their own companies. Not to mention the political and data independence that are now more necessary than ever.
The EU is a pretty capitalist organization (I mean the single market is a big part of it). I think they have trouble competing with US tech companies because of our economies of scale, and widespread use of anti-competitive business practices, general inertia, and the tendency of the US to brain drain the rest of the world. I guess, fortunately for you guys, we’re trying to throw away many of our advantages.
There are enough tech people that are ready to brain drain from here right now - some well placed money would go a long way right now if Germany, France, the Netherlands, or another tech hub was ready.
I mean, isn't the US saying that taxing imports is an ideal source of revenue?
But at the end of the day, there was never any real incentive to make an EU-native alternative. Now, there is. The US is in an uncertain state. Will American be great again? A fascist dictatorship? Argentina? Who the heck knows. Right now, we have a lot of speculation about what's going on and precious little information.
Unreliable partners give a very, very strong incentive to have critical infrastructure local.
Beyond that, what's the downside? Before, it risked triggering a trade war. Seems we're there already, and going local just gives a stronger hand.
The British government only fairly recently decided it needed to remove Chinese cameras from sensitive sites. They were complete happy to, for a long time, to give that power to a country that is an actual fascist dictatorship.
Governments are too short termist to care. Its probably OK for the next few years so keep it cheap
The danger is not just governments. Its businesses, and even consumer systems. If another country can brick all your vehicles or look through all your spy cameras or take down your telecoms then they have a great deal of power over you.
This will only change after something happens.
As a point of fact, China is not, in fact, a fascist dictatorship. North Korea is not a fascist dictatorship either. Neither is or was Cuba, or medieval kingdoms with actual kings and warlords.
Fascism is a right-wing ideology was widespread throughout all of Europe before WWII, and especially took hold in Germany, Austria, and Italy. It was at the opposite end of the political spectrum from e.g. Stalinist Russia.
It is not a synonym for "bad government," "dictatorship," "violent government," or similar.
I agree that it is important to use the word fascist accurately, but it is also not not as well defined as you say. There is a reasonable case for calling China fascist. It has a cult of personality, state control of the economy, nationalism, racism, elimination of minority cultures. It is far more like Germany, Italy or Spain the in the 1930s than it is like Stalinist Russia.
All of those apply to Ancient Egypt too, only more so.
I did not give a definition for fascism. You can look ones up yourself. However, critically:
1. China is not right-wing. That's prerequisite.
2. China has very little fascist-style state / political violence, and virtually no paramilitary elements. You're at no risk of being beaten up or having your windows broken for having the wrong political views. Police officers didn't even have guns until recently. There aren't Brown Shirts and Black Shirts, are groups like the fascist right-wing militias in the US. Rather, the state violence you see there is institutionalized violence, through proper administrative and bureaucratic channels.
3. China has nationalism, but is very much not ultra-nationalist.
4. China does not try to eliminate minorities if they play ball. Indeed, China is very supportive of non-Han groups (who were, e.g. exempt from One Child). Rather, what you see is forceful "modernization" and cultural assimilation, leading up to violence if there isn't compliance. If the Muslim minorities in China decided to give up their religion, culture, and desire for freedom, and started to act like Han Chinese, they'd almost certainly be left alone. You saw the same directed at Han during the Great Leap Forward. For Jews in 1930 Germany, assimilating was very much not enough to be left alone.
5. Control of the economy is limited and directed. A lot of the Chinese economy is also like the Wild West.
.... and so on.
Note that I'm not passing a value judgment on which system of government is better or worse. However, "fascist" is not the same as "totalitarian."
One of the key things in China is that if you (personally and collectively) go along with the government, for the most part, you're very safe, and life is quite peaceful. Another is that most control is "soft." The wrong post online will simply be hard to find, load slowly, or not show up for other users. Or you'll have a harder time moving up in life.
It's very little like Germany, Italy or Spain the in the 1930s, where you had armed groups walking the streets, breaking windows.
> China is not right-wing. That's prerequisite.
Define right wing in this context. Its historically communist, but it not really so any more, as you your self admit "Control of the economy is limited and directed"
> China has nationalism, but is very much not ultra-nationalist.
It is very nationalist and believes its culture to be superior to minority culture which is why they are assimilating it.
> For Jews in 1930 Germany, assimilating was very much not enough to be left alone.
True, but I said "fascism" not "nazism" which are not the same thing.
> Rather, the state violence you see there is institutionalized violence, through proper administrative and bureaucratic channels.
is that a necessary trait? The Brownshirts were got rid of once the Nazis were in power. Once you control the state you no longer need the paramilitary.
> However, "fascist" is not the same as "totalitarian."
I agree, but I think China has a lot of traits in common with fascist states. it might not tick all the boxes in a definition, but it ticks far more than the typical dictatorship.
> I think China has a lot of traits in common with fascist states. it might not tick all the boxes in a definition, but it ticks far more than the typical dictatorship.
It's very hard for me to see how. Even taking everything you said about China at face value (some of which I might take issue with):
- Almost every dictator tries (with mixed success) to create a personality cult.
- Almost every totalitarian state tries to build nationalist fervor to keep people in-line
- Almost every totalitarian state uses state violence to maintain control
- Almost every culture believes itself to be superior, and most successful politician try to exploit that (with the exception of a few on the far left)
... and so on.
I think a necessary and requisite element for fascism is an army of thugs and a pervasive level of fear. That's different from, for example, an army of educated bureaucrats deciding to stick problem individuals in a gulag. The brownshirts were never gotten rid of, but rather were institutionalized into the SA and to some extent, the SS. They were still thugs and relatively indiscriminate violence.
China lacks thugs. If you don't stick your head up, I don't see many people fear the government. People generally keep their heads down, fall in line, and lead normal lives.
I don't know if it's core to fascism, but expansionism and imperialism is also rather lacking in China. There are some disputes, mind, you, about places which China thinks should belong, namely Tibet, Taiwan, Mongolia, a little bit of Russia (formerly Manchuria), a few mountains near India, and a few islands, but critically, those ambitions have not changed in nearly a century.
What they have to show us is two decades of not wasting time on problems someone else has solved. Capitalism at its finest.
Now someone has thrown a monkey wrench at the invisible hand, and they have to duplicate a lot of effort. They lose, we lose. But at least they've stopped tying their future to an unreliable business partner. Divorce sucks for everyone.
That's basically it isn't it? Try going to any institutional investor asking for money to build a sovereign replacement for Google Docs or whatever in the last 15 years.
People have tried and you're right, there wasn't a lot of buy-in.
It didn't help that these attempts were torpedoed aggressively by Microsoft, Google et al.
We're using Hetzner and BunnyCDN, never store any data on US servers. The decision for it is independent of the current political situation, mostly to avoid the US legal system as best as we can and to ensure GDPR-compliance.
There are plenty of other alternatives, e.g. Softmaker Office and Papyrus are German word processor and office applications.
Most companies I know (and/or have worked for) pay a lot of attention to where exactly their stuff is being hosted, partly due to GDPR. It might not be a Europe-native hoster but in most cases it will still be a data center in Europe (operated by AWS/Azure/GCP).
Which doesn't protect these companies. The CLOUD act allows the US to access the data even if hosted outside of the US, if it's a US company - since 2018. That has been a looming threat ever since, but is now more perilous than ever.
I think this article provides a more balanced perspective:
https://www.linklaters.com/insights/blogs/digilinks/2019/sep...
You and your colleagues probably need to learn more about the CLOUD Act, because it has changed the rules you thought you were operating under.
A useful resource: https://www.csis.org/analysis/cloud-act-and-transatlantic-tr...
Locally (in my country) managed virtual machines, or managed hosting services (1990-2000s variant of "git push" (ftp) your PHP app somewhere and have the website running, that US companies re-invented as "git push" to deploy, while somehow managing to invert the "app" hosting vs VM cost relationship at the same time, making managed hosting more expensive).
At work we rely on "big" clouds offered by major telecom companies. AWS is seen as ridiculously expensive "religious requirement" to gain trust, if we'd ever decide to market our product to US customers, but little else.
Big benefit of smaller countries and local apps. We can more easily fit apps on one to a few computers and don't need your hyperscaling clouds to serve the entire world, because our world is 10 mil. people.
OVH and Hetzner are quite decent and popular. The alternative does exist and I've used it a bunch, it works.
GDPR is a great incentive to build better products. Pre-gdpr there was a lot of sloppyness.
For decades, the technology center of the universe has been Silicon Valley. No matter where you lived -- Canada, the UK, Germany, India -- if you wanted to be serious, you moved to the US. And if you had a company, being acquired by a Silicon Valley company was basically the goal. In the same way that you had to move to LA if you wanted to do anything serious in the entertainment industry.
So every innovation and success ends up being sucked into the gravity well of Silicon Valley. Every talent ends up having to move to the US to be credible. Soon everything is "American". The great innovation center of the universe, fueled by foreigners and acquired foreign businesses.
Will this continue? That is hugely to be seen.
There are many EU-native cloud alternatives.
https://european-alternatives.eu/category/cloud-computing-pl...
Hetzner is another big one that is for some reason not listed.
Hetzner isn’t really a full-service cloud provider. They provide machines and storage for rent. It’s the first rung on the ladder to becoming a cloud provider, but they’ve got a long way to go.
They launched S3 Storage a few weeks ago so I guess they are on their way.
What is missing from here that prevents you from calling it full-service?
https://www.hetzner.com/cloud
Spend some time comparing with AWS, GCP, Azure, or even Oracle Cloud or Alibaba Cloud, and it should be pretty clear.
Complexity does not equal completeness.
That’s a cute pithy statement, but it’s not particularly relevant.
For example, Hetzner doesn’t even offer database services. Some would consider those to be table stakes to run their application. Does it add complexity? Potentially. But we accept some additional complexity if it yields incremental value.
If you don’t value the additional functionality cloud providers offer, that’s fine. But lots of people do.
Certainly, unnecessary complexity should be avoided. But it’s a bit naive to associate comprehensiveness with complexity. They’re not entirely identical.
> For example, Hetzner doesn’t even offer database services.
I am totally OK setting up my own database software on Hetzner. I understand that some people are used to "cloud" spoon-feeding them what they need and even what they really don't, but I perceive this as a nuisance.
What you call “spoon feeding” is what another calls “value adding.” Additional security, automated failover, automated backups, and automated version upgrades are key features, and a lot of people value them. It often means their customers don’t have to hire expensive domain experts (or can hire fewer of them) and can instead focus their resources on more direct value creation.
Like, of those, which provide managed services like storage (blob and smb), ampq message queue, databases in a fairly cohesive way and easily accessible from C#?
I just checked a handful but didn't see any.
Most of them are horrible.
I'd love to have a good Google Docs alternative. No one has made one. Nextcloud is the closest we've got, and I use it sometimes, but it's pretty bad.
It's a lot less hard to build in 2025, and hopefully, someone will now.
Proton Docs has seemed fine to me.
https://github.com/ONLYOFFICE
https://github.com/dream-num/univer
https://github.com/ether/etherpad-lite
https://github.com/firebase/firepad
https://github.com/prosemirror
https://github.com/CollaboraOnline/online
https://github.com/hedgedoc/hedgedoc
https://github.com/gobby/gobby
Can't comment on the other options, but a tool that requires proprietary Google Cloud Firebase is not a great option for ditching Google.
Uh, isnt Hetzner HNs favorite host?
Yeah, it is call free trade. Paying to someone else. You know the trade deficit thing? Selling these things made it smaller.
You will surprised, but American businesses benefit from selling their services.
Wow propaganda bullshit straight on Hackernews. This what it has come to. After over a decade here I didn't expect to see the deterioration coming, but it's not surprising considering the state and division of your country.
[flagged]
[dead]
[dead]
European Democracies should start a, new, NATO-like military Alliance on their own, but without Trump's America.
(and without the notorious US-made military equipment kill-switches)
And while we're at it, this time will be different: Instead of the membership criteria being anti-communism, it should be effective Liberal Democracy and Freedom from Exceptionalist Exemptions, namely from the International Rule of Law. So, to be part,
1. Compulsory ICC membership - hence no exceptionalistic US, and no exceptionalistic Israel.
2. No "Illiberal Democracies": say, for example, composite of a minimum 0.67 score on the WJP Rule of Law Index and others: therefore no Orbanic Hungary, and no illiberal others like it. Poland, Slovakia, Italy: you better watch your ways if you want in.
3. Democratic backsliding removes you rights in the Alliance, and, can proportionally lead to outright expulsion.
Not one more new military equipment purchase from the US, (and dispreference for other non-qualifying nations procurement). Member nations should use their - substantial - industrial capacity to equip themselves with indigenous military materiel.
Hey, it would be actually great for their economy!
Initially European scope, but bridges to a broader global scope (or even a secondary sister-Alliance) with open-ended partnerships with Canada, Australia, New Zeland, Japan, South Korea, and yes: Taiwan.
US and/or Israel want to join, if a more Democratic future selves? Simple: fully join the ICC, and meet the Alliance's full criteria as every other member.
Same applies for prospective new members.
Curious for any specific feedback!
1. How do you intend to pay for it? 2. How do you intend to enforce it? 3. How do you intend to defend it?
How many tanks can you deploy? IFVs? Artillery? How much ammunition can you supply? How many fighters are in service and mission ready? Bombers? Tanker aircraft? Transport? Helicopters? How many battalions (of any type) can be formed/deployed?
Repeat the same exercise in the context of a navy.
https://www.statista.com/statistics/584035/defense-expenditu... https://www.statista.com/statistics/1294391/nato-tank-streng... https://www.statista.com/statistics/1293688/nato-aircraft-st...
3. Defense strategy shifts from NATO's "US-centric" model to a distributed European capability matrix:
Start with French and U.K. nuclear deterrence as foundation. Layer in proven European systems (Rafale, Gripen, Leopard) while rapidly developing next-gen capabilities through joint programs. Think European DARPA meets industrial policy.
Key force multipliers: integrated air defense spanning the continent, standardized logistics, shared intelligence platforms, and fully interoperable command systems. Defense partnerships with Canada/Australia/New Zeland/Japan/South Korea/Taiwan provide complementary capabilities and strategic depth.
No US kill-switches means full sovereign control of systems. Distributed manufacturing ensures supply resilience. Distributed architecture rather than centralized hub-and-spoke.
This model isn't about matching US or legacy NATO capabilities 1:1, but creating a robust, autonomous system that potential adversaries can't easily disrupt or defeat. European industrial and technological capacity makes this feasible - we just need the political will to execute.
1. Funding and Industrial Coordination:
We would use something similar to the EU's Recovery and Resilience Facility (RRF) to fund this initiative - like a EU Marshall Plan, and, cooperate across partners’ ample industrial capacity:
If we can make cars, airliners and cruise ships, we can make military equipment.
Swedish gear is actually a good template: license manufacturing of what’s needed criss-crossing the Alliance, and joint develop new generation equipment and technologies as necessary.
After all, it’s being done since Concorde and goes on today - we just need to increase the scale.
2. Enforcement follows naturally from the funding mechanism:
Access to joint funding, industrial cooperation, and defense capabilities is tied directly to maintaining democratic standards. Very simple - fail the democratic checks (Rule of Law index, ICC membership, etc.), and your access to the system's resources and voting rights gets restricted - like originally mentioned.
Continue backsliding on democracy? The restrictions escalate proportionally. This creates both carrots (access to shared capabilities) and sticks (potential exclusion) that make democratic standards self-enforcing through practical incentives rather than just moral arguments.
The Orbán playbook stops working when undermining democratic institutions has immediate defense and industrial consequences. It's a more robust enforcement mechanism than the EU's current Article 7 process.
Bonus: Times have indeed changed - Trumpist chaos (came back to bite us and) is upon us. It is high time our security Alliance evolves from anti-communism to effective upholding of Democracy.
An overwhelming majority of democratic countries in the world recognize the ICC. Why accept exceptionalist members any longer?
In short,
- NATO: Accept compromised / exceptionalist members for strategic advantage.
- This proposed new Alliance: Democratic standards ARE the strategic advantage.
Will the members truly be willing to goto war (even nuclear war) to enforce the agreement? Unless the entire planet believes that whole heartedly the pact is meaningless.
I have my doubts, without the US NATO is largely toothless IMO.
The credibility question cuts both ways - a Trump-compromised NATO isn't more reliable than a European alliance with clear democratic commitments and mutual interests.
France and the UK already maintain a credible nuclear deterrent. European industrial capacity dwarfs Russia's. The EU's combined GDP exceeds China's. Scale isn't our problem - political will is.
Sweden indeed shows how principled positions can be maintained while building serious defense capabilities. Now multiply that model by Europe's combined industrial and technological base.
The ICC point is crucial - when most nations accept international law, continuing to accommodate "exceptionalism" becomes a weakness, not a strength. An alliance of genuine democracies, bound by shared values and mutual accountability, may prove more reliable than one held together by mere convenience.
Rather than asking if Europe can afford to build this capability, perhaps we should ask if we can afford not to.
Illiberal democracies start with suppression and control of speech. Which is core to the EU regime currently.
> without the notorious US-made military equipment kill-switches
Evidence?
It’s a secondary point, but sure,
It’s a widely common practice:
France had kill switches in its export Exocet missiles - why wouldn’t the US have also kill switches in its export equipment?
It would actually be strange if they were absent.
https://www.reddit.com/r/europe/comments/ui54r7/france_urged...
Interesting how you demand evidence for technical claims while making sweeping political statements without any.
Speaking of speech control - how many Russian journalists have mysteriously fallen out of windows recently? …or is evidence only required for Western claims?
> Illiberal democracies start with suppression and control of speech. Which is core to the EU regime currently.
Really?
The EU limits explicit calls to violence, genocide denial, and coordinated disinformation campaigns.
Meanwhile, Russia imprisons people for holding blank signs, China censors Winnie the Pooh, and Hungary closed its last independent radio station.
Don’t you think your standards for what free speech is could be slightly different, depending to whom they apply?
> 3. Democratic backsliding removes you rights in the Alliance, and, can proportionally lead to outright expulsion.
Ok, so the alliance is a non starter then.
The invalidation of the result of the referendum in France related to the EU constitution in 2005 by the signing of the Lisbon treaty a year or so later was a clear demonstration that the will of the people was not respected.
The fact that the EU is pushing for the Chat Control law in order to access all your data on your phone, emails, pictures of your loved ones at all times without any reasonable causes/warrants is clearly an attempt to muzzle the population.
Then there is the invalidation of the Romanian election not long ago which was done under the guise of protecting democracy.
Then we can talk about the different parties in power in France /Germany and elsewhere who refuse to work with right wing parties that have been elected fair and square in parliament once again under the guise of protecting democracy and therefore are sending a clear signal that no matter who you vote for, the mainstream parties will refuse to listen/compromise and prefer to brand everyone who do not agree with them as Nazi extremists.
I thought that democracy was that the will of the people was to be respected but it turns out that ignoring 20 to 30% of your population because you don't agree with them is just easier.
To think that the EU has the gall to give lessons of democracy to authoritarian regimes....
Your examples actually demonstrate democracy working, not failing:
1. France used constitutional processes for the Lisbon Treaty - or should we never adapt treaties as circumstances change?
2. Chat Control (wich I don’t personally agree) is being debated, modified, opposed - that's democracy in action. Try publicly opposing surveillance laws in China.
3. Refusing to coalition with anti-democratic parties IS protecting democracy. Just like we don't let parties run on platforms of abolishing elections.
Democracy isn't just counting votes - it's sustaining a system where we can keep voting freely. That's why we have guardrails.
Or would you prefer we just have one final vote to end all voting?
> France used constitutional processes for the Lisbon Treaty - or should we never adapt treaties as circumstances change?
The answer was no, and then it was overridden without consultation. The people had spoken and were ignored.
> Chat Control is being debated, modified, opposed - that's democracy in action. Try publicly opposing surveillance laws in China.
The fact that Chat Control is on the table at all is the problem. You can't claim you want to protect privacy and democracy and demand access without cause to all your citizens data.
The fact that "liberal" countries are willing to debate if we should end all privacy for every citizen is not the greatest definition of democracy. Should we also have a debate about bringing back slavery as well or maybe talk about installing cameras in every home in the EU? Where does this stop?
> Refusing to coalition with anti-democratic parties IS protecting democracy. Just like we don't let parties run on platforms of abolishing elections.
The fact that you refer to right wing parties as anti-democratic parties when people have voted for them fair and square is very telling in terms of your biases. Anything we do not agree with is anti-democratic , anything we support is pro democracy. How convenient!
> Democracy isn't just counting votes - it's sustaining a system where we can keep voting freely. That's why we have guardrails.
Exactly and ignoring the votes of your constituents because you don't like how people vote is exactly what's killing democracy and why a lot of people are turning away from the mainstream parties. Instead of listening and trying to find solutions which means finding compromises, it's much simpler to label everyone you disagree with as anti democratic and label the voters as extremists.
> Or would you prefer we just have one final vote to end all voting?
I am not sure where this suggestion comes from.
Your Lisbon Treaty argument ignores that France later approved it through constitutional processes. Should one referendum permanently bind a nation against any adaptation? That's not democracy - that's fossilization.
On Chat Control - you're using classic slippery slope fallacy. Debating specific measures against CSAM isn't equivalent to "ending all privacy" or "bringing back slavery." This kind of hyperbole reveals bad faith argumentation.
About right-wing coalitions: When parties openly advocate undermining democratic institutions, refusing to empower them IS protecting democracy. Not all electoral success deserves governing power - see 1933 German Elections for why.
Your "ignoring votes" argument confuses:
- Right to be voted for;
- Right to automatic coalition inclusion;
- Right to implement anti-democratic agenda;
No one's votes are "ignored" - but winning some votes doesn't grant right to dismantle democratic safeguards.
You're basically arguing that protecting democracy from its enemies is somehow undemocratic. That's both logically and historically wrong.
> Your Lisbon Treaty argument ignores that France later approved it through constitutional processes. Should one referendum permanently bind a nation against any adaptation? That's not democracy - that's fossilization.
The referendum is the government asking for the people's choice which means that if you simply ignore it and wait for a year before bypassing said choice, you clearly never really cared about the outcome of the vote.
> On Chat Control - you're using classic slippery slope fallacy. Debating specific measures against CSAM isn't equivalent to "ending all privacy" or "bringing back slavery." This kind of hyperbole reveals bad faith argumentation.
The slippery slope is you asserting that giving up my right to privacy in order to fight CSAM is not an overreach by any government. The fact that you don't realize what this proposal entails tells me you haven't probably looked at it in details.
Anybody who thinks that this proposal is reasonable or should be debated is not a friend of privacy nor democracy.
> About right-wing coalitions: When parties openly advocate undermining democratic institutions, refusing to empower them IS protecting democracy. Not all electoral success deserves governing power - see 1933 German Elections for why.
Refusing to listen to your people when your people tell you that things are not going well is how you get revolutions and blood baths. Refusing to work with them to find potential solutions to issues because you do not agree with then is what leads to things like the Syrian war.
> Your "ignoring votes" argument confuses: - Right to be voted for - Right to automatic coalition inclusion - Right to implement anti-democratic agenda
Your response to ignoring and refusing to work with parties that are supported by 1/5th to 1/3rd of a given population is simply to hide behind the "protect the democracy" mantra. It does nothing and it solves nothing. But it makes the anger and frustration of these people stew and then at some point it will blow up.
> No one's votes are "ignored" - but winning some votes doesn't grant right to dismantle democratic safeguards.
Again with the "saving the democracy" rhetoric. This is an empty argument devoid of substance. When you refuse to work with parties that represent a good chunk of your constituents just because you do not agree with them, that is not democracy, when you label them as extremists without listening to their concerns, that is not democracy, when you attempt to ban parties because they are starting to gain traction , that is not democracy.
> You're basically arguing that protecting democracy from its enemies is somehow undemocratic. That's both logically and historically wrong.
You are arguing that not listening to people and refusing to find compromises with all the representatives of a country's population is saving democracy.
I am arguing that listening to the people is what democracy is about. if that means that a far right or a far left government is elected, so what? That is the will of the people.
Anyway I can see that you and I don't agree on this topic and that this discussion will lead to nowhere. It's best to leave at that.
Fascinating how your talking points align perfectly with active measures playbooks. Let me guess - democracy is when we let its enemies dismantle it?
The Syrian war comparison is particularly... creative. Though I suppose someone's meeting their "international conflict reference" quota for the day.
Your "let's respectfully disagree" sign-off after casually mentioning "bloodbaths" is an especially artistic touch. Very subtle. Chef's kiss for that one.
But let's address your actual arguments:
- One referendum doesn't permanently bind a nation (or France would still be a monarchy);
- Constitutional processes exist for a reason;
- Coalition participation isn't a right;
- Democratic institutions protect democracy itself;
Here's the thing: real democracy is complex, messy, requires compromise and institutional protection. It's not just "whoever gets 51% can burn it all down."
But I suspect you know this already. The coordinated voting patterns on these threads are... interesting.
Tell me, how's the weather in [redacted]? ;)
Genuinely confused:
Why the downvotes?
In 2025, Trump dumped Ukraine, sided with Putin and made a number of bully threats (including invasion) to its formal National Security partners. Security which - at least still today - is bound by literal treaty.
Should Europe just roll over and wag its tail?
What kind of partnership is this that one side wants to boss around its only-good-if-wimp partner?
Ok.
And how about making every citizen constantly carry an always-on device from the USA full of sensors and permanent internet access?
And how about basing all infrastructure on these devices, so that nothing works without them?
And how about not letting a software ecosystem flurish, so that when robots (cars, humanoid robots, weapons ...) take over, all of them will be controlled by US software?
All this doesn't mean your back-end should be based on something like Microsoft Windows Server with MS Sql Server. Or modern equivalent of serverless Windows Azure.
Russians (and everyone closely watching) started that transition almost painlessly in 2014.
Have your own search engine. Have your own payment system. Base your infrastructure on open-source.
You know, be sovereign, not dependent.
The users switching from iOS to Android is just the last mile.
That would require banning US services. As the European industry (held down by bureaucracy) does not stand a chance to build solutions that can compete.
It seems like this is not on the horizon yet. And in the times of AI, it would probably result in a huge productivity hit.
> All this doesn't mean your back-end should be based on something like Microsoft Windows Server with MS Sql Server.
Why the hell not?
From a technology perspective (i.e., data/information theory/performance/what HN should be about), MSSQL is really, really hard to beat in a big enterprise ecosystem. This isn't because of decades of prerequisite evil dealings that make it a morally incompatible offering, but because it's been so thoroughly exposed to every possible use case that yours would certainly flow nicely.
I've been watching a lot of otherwise really compelling ideas and high energy teams get turned into complete shit due to these ideologies. I can understand a EU tech startup being hesitant toward US-based technology, but in 99% of the cases I hear about, it's a purely American tech company with zero international presence that is making a bunch of noise about how much they hate whatever domestic/paid/"closed" offerings.
> The users switching from iOS to Android
Google collects 20 times more telemetry from Android devices than Apple from iOS (therecord.media)
816 points by gormandizer on March 30, 2021 | 445 comments
https://news.ycombinator.com/item?id=26639261
Android does not mean Google services are involved... (I know it does for most, but not for all =)
Only if you're able to reinstall the OS, and only if you gave your money directly to Google (to buy a Pixel).
This is factually wrong. All Chinese manufacturers sell Android phones without Google services.
And without tracking?
If you believe that the USA has the only government that wants to surveil its citizens, then you should open your eyes. The US possibly has more restrictions on directly surveilling its own citizens (within the US) than any other country.
That pesky Fourth Amendment to the Bill of Rights keeps getting in their way, so they've created ways around it, such as allowing allied nations to do the surveillance for them.
Every government in the world has mandates that require a surveillance capability. This has been the reason that satellite constellations cannot route traffic directly from user-to-user, but instead must route through "hubs", at a cost of doubling the required, but precious bandwidth.
You’re not wrong, but your point doesn’t diminish the point of the post.
Maybe we should discuss one topic at a time so we can make progress somewhere without the implication that progress that isn’t everywhere is progress nowhere?
> And how about making every citizen constantly carry an always-on device from the USA
Screw that, every EU politician have an iPhone or Android phone, loaded with apps from Meta, X, Tiktok and what have you. Step one should be for our politicians to put some sort of emphasis on their own privacy in relationship to the US, Russia and China.
And then fund a lot of talking instead of a lot of doing.
That comes on top
> making every citizen constantly carry an always-on device from the USA full of sensors and permanent internet access
I hope it gives at least some boost to GNU/Linux phones. Librem 5 is my daily driver, and it feels amazing despite its drawbacks.
Related:
'The tyranny of apps': those without smartphones are unfairly penalised (theguardian.com)
676 points by zeristor 1 day ago | 784 comments
https://news.ycombinator.com/item?id=43137488
Nobody forced you to buy an iPhone, an android alternative has always existed
Android devices run a Google OS and report data to Google. Apple's privacy claims are not actually impressive when inspected, however Android is far, far worse when it comes to privacy violations. It doesn't really matter than the phone itself might be manufactured by a 3rd party. In fact, it could be worse; your data could be excessively leaked to both Samsung and Google, rather than merely Google.
At least with Pixel you can install GrapheneOS.
After giving your money directly to Google.
This is such a bad argument, because for a functional modern smartphone (for non nerds) you need to get into bed with either Apple or Google.
The way out of this is not expecting consumers to install fdroid. It’s putting in place proper regulations to preserve privacy and security for EI societies.
The way out is fixing "you need to get into bed with either Apple or Google" which is the root of the problem.
> It’s putting in place proper regulations to preserve privacy and security
That ship sailed so long ago. Not only because national security demanded warrantless backdoors, but because our companies now control regulation. If Tim Cook or Elon Musk take issue with some pesky demands for open architecture or security audits, they complain to Trump and resolve it via EO. Any protest is already quashed. Phone owners who don't actively resist hold no leverage against their OEM.
Stuff like F-Droid and PostmarketOS is the solution to this particular problem - people just don't want to admit it. It's easier to give up essential liberty, purchase temporary safety, and demand that you deserve security along with it too. Too few people realize that personal freedom is a necessary precondition to personal safety.
Unless you're using Graphene or similar, you're still plugged into a US corporation when using Android.
No matter if you use iPhone or Android - in both cases a US company has full control over it.
Define "full control" for those of us with GrapheneOS installed, pretty please.
So a different American company?
[flagged]
Can you please stop breaking the site guidelines so we don't have to keep banning you?
https://news.ycombinator.com/newsguidelines.html
Can you help me understand how I've broken the site guidelines? Both my comment and the parent's are good faith discussions cut along the same rhetoric this site has tolerated for years. None of the responses are even taking this into flamewar territory, it's a black-and-white pastiche of security versus obscurity.
> so we don't have to keep banning you
My account has five karma, Dan. One downside of uncommunicated permanent bans is that it precludes the leverage you ordinarily use to encourage reform.
Your GP comment broke at least these:
"Don't be snarky."
"Eschew flamebait. Avoid generic tangents."
"Please don't sneer, including at the rest of the community."
"When disagreeing, please reply to the argument instead of calling names."
https://news.ycombinator.com/newsguidelines.html
> One downside of uncommunicated permanent bans is that it precludes the leverage you ordinarily use to encourage reform
I'm afraid I don't understand what you're saying here. It seems simple to me though: if you'd stop breaking the site guidelines so repeatedly and badly then we'd be happy not to ban you again, and if you won't stop doing that, we have little choice.
How can iPhone have a monopoly if android exists without redefining the term monopoly? Serious question.
I think it would be very reasonable to redefine the term monopoly (or "anti-competitiveness") so that it encompasses the closed technical platforms that dominate the 21st century.
Sure, but you can't do that legally without an act of congress, and the DOJ only (in theory) prosecutes when laws are broken. Redefining what a monopoly is doesn't really help in a courtroom.
It's called duopoly, and it's not much different.
[flagged]
Europe has housed millions of Ukrainian refugees from the war.
Here's a count of European contributions to the war. Is this embarrassing?
https://www.eeas.europa.eu/delegations/united-states-america...
Presented without comment: https://english.nv.ua/amp/european-and-us-military-aid-in-nu...
I mean, Europe has spent 132bn, with 115bn more allocated. Bit more than the US (114bn). https://www.ifw-kiel.de/topics/war-against-ukraine/ukraine-s...
Issue is America is actively supporting Russia while America is exaggerating own contributions.
[flagged]
[flagged]
There are different threat models each of which demand a different approach to security. It's not a binary decision like you're talking about.
The US threat model has changed given the current regime. So it's appropriate to update your security practices
You're still a Trump supporter? Still?!
Getting everything I voted for and more.
[flagged]
Please don't perpetuate flamewars on HN. This is the second time I've had to ask you this in the last day—not a good sign.
https://news.ycombinator.com/newsguidelines.html
p.s. https://news.ycombinator.com/item?id=43151226 is also not cool
In my younger days, I had a significant other who took advantage of my good nature, expected me to pay for everything, and was borderline abusive toward me at times. When I finally stood up to her, she told me she hated me. I believed her.
This time, America is the abuser. Not borderline abuser, but straightforwardly and clearly so.
Given you think America behavior is reasonable now, I have doubts about you ever having nature you claim.
[flagged]
Could you please stop posting flamewar comments to HN? We had to ask you this just recently. It's not what this site is for, and destroys what it is for.
https://news.ycombinator.com/newsguidelines.html
[flagged]
[flagged]
[flagged]
[flagged]
[flagged]
[flagged]
I know I'll get downvoted for this, but it seems like telling the truth is now a downvote-worthy offense on Hacker News. I thought we had become more open-minded, especially with the new sheriff in town.
What does it mean, that "EU is nothing" without US involvement? You might want to write something more substantial if you don't want those votes.
What technological advancements has the EU developed in the past 20 years that are widely used today?
Arguably 4G networks were developed in Europe and they are widely used.
It's a marathon, not a sprint. I live with a high living standard with access to good health care. Hey, I also live in a democracy, and you're right that I think we need to defend that well. Let's hope & see if we have what it takes..
And most of the world doesn't run on fancy new gizmos (that don't make money for the shareholders anyway). Europe is still rich because it produces high value items like steel from iron ore, and machines and cars from steel.
Linux?
mrna, stable diffusion, extreme ultraviolet lithography, CRISPR, graphene isolation, ozempic... are the first that come to mind.
Is this really all European? A couple things where it seeks your claim is wrong…
MRNA - Pfizer, Moderna, and DARPA (who was involved in funding research) are all American. Just not BioNTech
Stable diffusion - the original diffusion paper was at Stanford in the US, not Europe
EUV - a DARPA project whose tech was licensed to ASML
That said, American tech depends on getting great talent from all over.
BioNTech was founded by 2 turks, they are not even european lol :)
They are both German citizens instead of showing false national pride you should think about why you had an astronomical brain drain over the last 20 years.
Either you like it or not like it, your system is falling and is not competitive.
good discussion but I guess with that name nothing else to expect.
Smartphones?
[flagged]
I had the same initial reaction. I just finished watching 60 Minutes about policing the internet in Germany and was left genuinely confused about European culture. A place where the GDPR probably has better protections for European citizens than the U.S. but where you can apparently be arrested for insulting someone online.
I think it's safe to say that both continents have problems. No need to act superior.
where you can apparently be arrested for insulting someone online.
Nobody gets arrested for insulting someone online. Threatening, yes. Discriminating, maybe. Insulting, never heard of such a thing.
Well, I summarized the other two words you used into a single one (insulting). Perhaps it's too generalized, but my point is obvious: that free speech isn't a thing over there anymore.
What do you mean by there? I live in Europe and can say what I want, as long as I don't threaten someone, etc. You may want to check the World Press Freedom Index: https://rsf.org/en/index
The top-13 are only European countries. The top-18 are only European countries + Canada. The US is at position 55. Similarly, in the freedom of expression index, many European countries (including Germany, which was your example), rank higher than the US:
https://ourworldindata.org/grapher/freedom-of-expression-ind...
I'm just using common sense here. If you can go to jail or be fined for saying something inflammatory online, you don't have freedom of speech. My "there" comment referenced Germany since that was my example and where the 60 Minutes segment was done.
You can watch the interview yourself here: https://www.youtube.com/watch?v=-bMzFDpfDwc
It's worth pointing out the usage of "insult" in the interview.
> "Is it a crime to insult somebody in public?"
> "Yes."
They openly admit that insults can also get you a fine and have your computer confiscated. And this isn't a weird conspiracy theory, they are proud of it.
What insults? (I am not sure where to look, because the comment does not have references) Insults covers a lot of ground, including racist insults.
[flagged]
Problems can be solved independently and/or in parallel. I hope I made you smarter today.
No excrement Sherlock. When team America is suddenly team Russia, things get pretty wild. Not only for EU ...
Step 0 for keeping a secret from anyone is not asking them to store it in their house.
one of them is former ally supporting Russia and far right movements.
[flagged]
[flagged]
> Not only is it a terrible idea given the kind of things > the “King of America” keeps saying,
When attempting to formulate a persuasive argument, this isn't a great place to start in my opinion. It's perfectly acceptable to dislike Trump and his policies. If you do, then go ahead and state your reasons. He was elected by the people of his country and he'll be done in four years' time. That's not how kings generally function. Perhaps I'm throwing the baby out with the bathwater, but I don't find myself too interested in reading the article after the inflammatory introductory TLDR.
You imply that the title "King of America" is pejorative, but did he or did he not refer to himself as a king? As far as I can tell, he endorsed this title.
To add on this, prediction markets currently put Trump Sr. as 8.5% likely to win the 2028 GOP nomination (electionbettingodds.com). So, I wouldn't take your "he'll be done in four years" as certainty. The market thinks things are far more precarious than you do.
Do these prediction markets pay interest? If not I'd rather not pay $0.915 for a $1.00 payout in three years.
This is a good question. It looks like Kalshi (which hosts the underlying market in question here) in fact does pay interest on both cash balances and open positions, at a reasonable market rate: 4.05%. https://kalshi.com/blog/article/interest-cash-open-positions
It's interesting to me that the reaction of Europe is to start taking their security more seriously. While I'm never sure the though process of a certain individual I do know this was the point of the conservative party in the US
> I do know this was the point of the conservative party in the US
No incumbent president, democrat or republican, has ever meaningfully restricted America's digital surveillance capabilities. Backdooring domestic hardware for the sake of "national security" is a bipartisan effort in America.
I don't disagree with that but don't see how it is relevant. Spying on yourself is a different issue
Seconding this, iirc at the time when Edward Snowden started leaking documents Barack Obama was president and I don't remember any effort from him to restrict USA's surveillance capabilities.
The only thing that changed is hearsay and inuendo which this post is based on.
It's like the world is slowly realising "wait, why don't we just become self-sufficient as much as we can" which is what every country should be focusing on from the get go. No brainer. You never want the power switch in someone else's hands.
If only that same attitude would spread to consumers to fuel a new self-hosting renaissance.
Europe is going down an incredibly dark path. Political censorship, encryption bans, and absurd consumer "protection" laws (e.g., like those limiting AI rollouts) mean Europeans are becoming second class globally. The irony of this post is that it is no longer safe for Europeans to rely on a European cloud.
Despite these problems Europe is still the better place to live in compared to "global leaders" like USA, Russia or China. Because limiting AI rollouts is not really relevant for your quality of live, social security, health, safety, sanity etc.
- https://en.wikipedia.org/wiki/The_Economist_Democracy_Index
- https://en.wikipedia.org/wiki/Human_Development_Index