this post was submitted on 04 Nov 2024
143 points (100.0% liked)
Technology
37720 readers
648 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Such odd choices here. Why should the EU make its own version of Linux when they could invest in existing project and kernel development? Given the recent sacking of Russian kernel developers, do we want further politicisation of Linux development?
Just no. There are way better solutions than /e/, and suggesting device and OS lock-in like this doesn't exactly inspire trust. In my eyes, that idiosyncracy detracts from the generally positive suggestions of getting public administrations away from corporate platforms and OSes.
But then the government is dependent on this private company again. The idea of an own operating system distribution is, to have the control and not being dependent (as far as a company goes). So its not odd at all. In fact, I am shocked that most governments in the world don't have their own distribution. It just makes sense.
That also means a specific distribution to learn and count on across all governmental institution across all parts. They can integrate any feature, application and configure it for the EU in a government. Is there such a distribution that exists doing exactly that? Probably not. And creating a distribution does not mean they develop everything from scratch, so its not like impossible to workout.
If private companies like Steam can do it, then a government should be able too.
It also means the entirety of the EU's governments would be susceptible to the same vulnerabilities and bugs, and would share the same dependencies. Given recent issues with bad actors taking control of small but essential repos, this seems like a potentially dangerous security flaw.
I mean yes, but currently they're all dependent on Windows, so its less of centralizing OSes, and more changing what its centralized on.
Okay, but when's the last time someone created a security vulnerability by sneakily taking over a Windows dependency controlled by a single developer after pressuring them into handing the keys over with a bunch of sockpuppets?
Sure the threat model is different, I'm just saying it's still a single point of failure.
It's not, though. It's a much wider potential for failure, as there are a great number of dependencies that are often left to individual developers to maintain. That may be a somewhat reasonable amount of risk when you've got multiple options for dependencies and no major target, but when the entire EU relies on single individual maintainers? That's a massively exploitable threat vector. It would be absurd to assume no one will take advantage given what we've already seen.
It would be an extremely foolish move to put the whole EU's security on one single set of open source dependencies. Microsoft at least has a financial and legal incentive to try to prevent straight up breaches by state actors, shitty as they may be. There's no such resource allocation or responsibility when it comes to open source repos.
Push a switch to Linux, by all means, but security monoculture is as big a mistake as putting your eggs in any other single basket, especially one as exposed as one single distro.