Why would they ever be considering that? And I don’t mean it as a jab against the US. Why would any government run any part of its systems on computers in another country, completely beyond its control? Have we all become so completely incompetent?
Yes. And also a lot of corruption and unfair trade practices.
I live in a country where the chair of a lobby group that includes Microsoft writes not just public tenders but also laws in a way that surprisingly benefits Microsoft-partnered companies and Azure. He’s also a prominent member of a governing party.
On top of that, It’s incredible, but even most college-educated politicians treat US tech unlimited free trials as a natural part of the digital ecosystem and expect whole productivity suite at the Google level to cost at most $1/user/month based on this experience when they shop e.g. for party systems. They obviously end up on free Google plans for the most part. Once elected, they get onboarded to Microsoft infrastructure at their offices.
US have managed to capture the minds of people who now equate their companies with most of computing. This will take time to change.
The only secure platform just about everybody in the public sector uses is now Signal.
Most European IT providers only employ people familiar with Microsoft products. Governments were perfectly happy to use these providers; machines, data and software ran on-premise. And the big-ticket item, wages, went to local employees. Because there are multiple providers, you can even issue an invitation to tender, getting the lowest/best bid on Microsoft-related services.
A few years ago, Microsoft started its “inevitable” push towards a SaaS model and the cloud. Governments were complete captives of the Microsoft ecosystem. And to be honest, I think few people in government or its partners were imaginative enough to even consider other options.
As someone who was interested in open source as a teenager, I’ve seen this play out in slow motion since the 90s. At least my government was warned about over-reliance on Microsoft products, and adopted several mandates to only use open standards … which were promptly ignored.
I live in the Netherlands, our current undersecretary of digital affairs used to be an executive at one of these big European “IT providers” I describe. Disregarding the obvious conflict of interest, that should illustrate the kind of people making these decisions.
Not just another country, but also do a company owned by the US. Every country claims that anything companies that are under their jurisdiction are under their jurisdiction worldwide. Just because you are in an EU region doesn’t mean that snapshots of your data isn’t being sent somewhere else.
I would make a stronger statement and say that any large enough organization can run “its own cloud”, because cloud is a way of operating not defined as “someone else’s computer”. I am not going to get into a discussion where people say, “things are hard this and that”. Yeah, do the work. I think running things that look like clouds is much less difficult than made out, because all of the cloud providers have spent the last 15 years gaslighting everyone that running on your hardware is too difficult and were just waiting for a generation of techworkers to age out of running their own hardware.
Governments everywhere, should be running on their own hardware. And they can use cloud abstractions to do it. API driven provisioning for everything.
No,. there’s a lot of policy discretion. The US government has access to any data stored in the US belonging to non-US persons without basic due process like search warrants. The data they choose to access is a policy question. The people being installed in US security agencies have strong connections to global far right movements.
In 2004 servers operated by Rackspace in the UK on behalf of Indymedia were handed over to the American authorities with no consideration of the legal situation in the jurisdiction where they were physically located.
/Any/ organisation- governmental or otherwise- that exposes themselves to that kind of risk needs to be put out of business.
I seem to remember an incident where instapaper went offline. The FBI raided a data centre and took a blade machine offline containing blade servers they had warrants for, and instapapers, which they didn’t. So accidents happen.
Yes, but in that case the server was in an American-owned datacenter physically located in America (Virginia), where it was within the jurisdiction of the FBI.
That is hardly the same as a server in an American-owned datacenter physically located in the UK, where it was not within the jurisdiction of the FBI.
Having worked for an American “multinational” I can see how that sort of thing can happen: a chain of managers unversed in the law assumes it is doing “the right thing”. Which makes it even more important that customers consider both the actual legal situation and the cost of that sort of foulup when choosing a datacenter.
The US government has access to any data stored in the US belonging to non-US persons without basic due process like search warrants.
Serious question, who’s putting data in us-west etc when there is eu data centres? And does that free rein over data extend to data in European data centres? I was under the impression that safe harbour regs protected it? But it’s been years since I had to know about this kind of stuff and it’s now foggy.
It does not matter where the data is stored. Using EU datacenters will help latency if that is where your users are, but it will not protect you from warrants. The author digs into this in this post, but unfortunately, it is in Dutch: https://berthub.eu/articles/posts/servers-in-de-eu-eigen-sleutels-helpt-het/
Serious question, who’s putting data in us-west etc when there is eu data centres?
A lot of non-EU companies. Seems like a weird question, not everyone is either US or EU. Almost every Latin American company I’ve worked for uses us-east/west, even if it has no US customers. It’s just way cheaper than LATAM data centers and has better latency than EU.
Obviously the world isn’t just US/EU, I appreciate that. This article is dealing with the trade agreements concerning EU/US data protection though so take my comment in that perspective.
I haven’t personally made up my mind on this, but one piece of evidence in the “it’s dramatically different (in a bad way)” side of things would be the usage of unvetted DOGE staffers with IRS data. That to me seems to indicate that the situation is worse than before.
Not sure what you mean—Operational Desert Storm and the Cold War weren’t initiated by the US nor were Iraq and the USSR allies in the sense that the US is allied with Western Europe, Canada, etc (yes, the US supported the USSR against Nazi Germany and Iraq against Islamist Iran, but everyone understood those alliances were temporary—the US didn’t enter into a mutual defense pact with Iraq or USSR, for example).
they absolutely 100% were initiated by the US. yes the existence of a mutual defense pact is notable, as is its continued existence despite the US “seeking to harm” its treaty partners. it sounds like our differing perceptions of whether the present moment is “dramatically different” come down to differences in historical understanding, the discussion of which would undoubtedly be pruned by pushcx.
This isn’t true, as the US has been the steward of the Internet and its administration has turned hostile towards US’s allies.
In truth, Europe already had a wake-up call with Snowden’s revelations, the US government spying on non-US citizens with impunity, by coercing private US companies to do it. And I remember the Obama administration claiming that “non-US citizens have no rights”.
But that was about privacy, whereas this time we’re talking about a far right administration that seems to be on a war path with US’s allies. The world today is not the same as it was 10 years ago.
hm, you have a good point. I was wondering why now it would be different but “privacy” has always been too vague a concept for most people to grasp/care about. But an unpredictable foreign government which is actively cutting ties with everyone and reneging on many of its promises with (former?) allies might be a bigger warning sign to companies and governments world wide.
I mean, nobody in their right mind would host stuff pertaining to EU citizens in, say, Russia or China.
There does seem to be a bit of a chicken-and-egg problem. A bunch of people (myself included) are eager to work on EU alternatives to American services, but having things that are comparable requires a lot of initial funding and reasonable expectation of usage, which just isn’t there. In the meanwhile, public organizations don’t want to make a move until they see something that inspires confidence, which would require a player to already be set up.
I do wonder how things would go if the article’s recommendation (divert a % of government funds towards setting these things up) would go. The closest we have right now are the tech sovereignty funds / nlnet / similar, which are great, but much smaller than you’d need to compete with (say) AWS. (OVH and similar try, but if you’ve ever used their cloud offerings rather than just a couple of random dedicated servers, the limitations become apparent pretty quickly.)
I think what’s needed is a mandate, rather than a subsidy. Given the level of regulatory capture in democracies around the world including in Europe it’s hard to see that happening, but without a mandate using Google Workplace, AWS EU or similar will always be the easiest route to follow for the large proportion of people who are less ideological.
AWS itself is a product of a mandate that all communication about mechanics should occur via API rather than email.
What AWS actually is in practice right now is a way to bypass a bunch of regulations. SoC Type 2? We’re on AWS, it’s there already. HIPAA? They have a document. So on and so forth. It completely abstracts away company structure as well, leaving only the product, which means the software architects don’t need to learn about, say, network theory, and can just have a checklist that says, “we get our own VPC”, for example.
I recently won a public contract at work that ended up being worth multiple million euros (less than it was supposed to, but I had no part in the charge negotiations). It was originally planned to be hosted on OVH, but due to a bunch of extraneous requirements from them, it became strictly impossible to do (not in any reasonable amount of time, anyway), so it got moved over to AWS Paris instead. This is how it tends to go in my experience.
Agreed. And in 4 years the tides may shift again and everyone will have forgotten how close to the brink we were, and therefore the demand for purely EU services might never materialize.
For those who follow geopolitics and have a fundamental understanding beyond the mainstream narrative, recent developments have largely unfolded as expected, with no significant surprises. The only noticeable difference lies in the aesthetics, which may not be as crucial as some perceive it to be.
In my view, depending on another country for critical infrastructure, even within the EU, has always been a poor decision. This is a fundamental principle of geopolitics and is not about categorizing nations as “good” or “bad,” as such labels can be overly simplistic from a philosophical and social standpoint. Rather, it comes down to a basic yet crucial consideration: what happens if that nation’s interests, whether perceived or actual, no longer align with your own?
The way the U.S. government has approached TikTok - the only major social media platform not based in the U.S.- serves as a clear indication of how vital it is to maintain control over such platforms. It also underscores what the U.S. government, regardless of which administration is in power, considers to be of strategic importance.
Isn’t this the sort of post most of us come to lobste.rs to avoid? There’s a few technical points buried in there, but it’s mainly political rhetoric. I think there’s an orange site that loves this kinda thing that it could be posted to instead.
I have a personal mail server and have heard that Hetzner doesn’t have a good reputation for their IP range. Too many spam operators. I have no proof if this is the case.
I’ve used their auction servers in the past for projects and have been very pleased.
Can you elaborate the “laziness” part? I have a very narrow view of EU, but I read somewhere that EU does not encourage risk taking like the US does, so most large successful tech companies are American and not European.
But we sure are more conservative in technology. We let others do the pioneering work and then just pick established technologies, instead of trying or building new stuff. We are scared of being wrong and of failing.
There are exceptions of course, but they are too rare.
Though I think the difference may be more cultural - in general EU has a low risk taking culture (scared of being wrong and failing), which possibly also means the society in general frowns upon those who fail. Unlike in the US, where every failure (that does not ruin you financially) is celebrated and risk taking is rewarded.
European culture is different, but from what I understand, there are also very practical reasons that we don’t have a VC culture like the US. For all the talk about harmonization, single market, etc., I was surprised to learn that it is apparently not possible that a VC in one EU country can fund a startup in another one. Or at least not without jumping through countless bureaucratic hoops. Effectively, each country needs to take on Silicon Valley on its own.
I would be genuinely curious to know if anyone here knows of a decent European cloud provider. I’m not going to name names, but there is a prominent one that frequently takes down whole regions for days and doesn’t count it toward their downtime. Another prominent one lost a whole datacenter to a fire because it had inadequate fire suppression.
You may be interested in the author’s thoughts. In general, Europe has nothing like an Amazon Web Services; Europe does have “Scaleway, OVH, Hetzner, Leaseweb, Contabo and ionos”, but those are not really competitors to the big clouds.
That said, I strongly feel that hosting a mail server isn’t actually beyond the collective power of the European continent.
People who bring up real issues are often dismissed as being too worried, being hyperbolic, sometimes as being conspiracy nuts. It really boils down to people not wanting to expend the energy that’d be required if they really considered the possible consequences of their actions. It’s not unlike the “I have nothing to hide” people - you do, but you lack the energy to imagine how information about you can be used against you once extremists are in a position to do that very thing.
Take Cloudflare - if you talk shit about them on the orange site, you’ll get tons of downvotes with almost no actual engagement, because people can’t really defend Cloudflare’s shitty behavior. It’s because people want to believe what they want to believe - Cloudflare is good, they promise good things and offer tools and services for free to end users, they’re going to protect you from the boogey man, whatever. The reality of Cloudflare is that they want to be a monopoly (or at very least be in a position where almost everyone has to rely on them or put up with them), want to re-centralize the Internet around them, and as a for-profit company operating in the United States, we have no reason to think they aren’t or won’t sell access to the data they collect. They ardently protect scammers, marginalize people on the Internet throughout the world who aren’t in “desirable” (mostly western) places, and participate in underhanded schemes like Mozilla’s defaulting of DNS-over-https, which tricks people in to giving up their privacy to Cloudflare without warning or notice, and without being asked.
Of course anyone with a brain would realize that using Cloudflare puts privacy at risk and makes data that should otherwise stay private available to the United States, but when you have people who don’t want to expend the energy thinking, and/or people who have become fans because Cloudflare gave them a free service, and/or people who have the “nobody ever got fired for buying IBM” mentality, it’s easy to see why people decide to use stuff like this without considering the implications.
Glad to see this being discussed on lobsters. In the (paraphrased) words of Dylan Beattie, “Some people say ’keep politics out of technology ’. Politics create the problems technology tries to solve”
Whatever else you agree with or disagree with in this article, I think they should include Jeff Bezos along with Trump and Musk. I hear a lot of people store their data on Jeff Bezos’s online book retailer’s servers, of all places. And he has thrown his lot in with the other two.
The major clouds have spent billions on supporting jurisdictional controls for cloud workloads. This includes features across every service for isolating data, compute, and network to a particular legal jurisdiction (US, EU, or at the country level). And it also includes turning up special data centers for governments to run their workloads - for defence and state industries like oil extraction.
So no serious government has been running their workloads in other regions.
That doesn’t mean control plane access is not possible cross region. But even that is something they’re doing.
Google’s Trusted Partner Cloud program has data centers that Google engineers can only access with partner okay. Partners are supposed to run it on their own. So in that case they benefit from public cloud tech but have local control.
Despite the naysayers the public clouds do have tons of useful tech, if at a premium. It would make sense for a government to forfeit that.
That all said - as the transatlantic alliance crumbles, we’re living in changing times.
Yes. There are obviously myriad offline/geopolitical/social/etc aspects to this, but my view is that, in Internet terms at least, this is because in the mid-00s there started an indecently exponential rush towards globalisation through centralisation rather than federation. It’s been downhill ever since.
That has always been a pipe dream, despite “globalization” being inevitable. Adam Smith once said:
“Let us suppose that the great empire of China, with all its myriads of inhabitants, was suddenly swallowed up by an earthquake, and let us consider how a man of humanity in Europe, who had no sort of connection with that part of the world, would be affected upon receiving intelligence of this dreadful calamity. He would, I imagine, first of all, express very strongly his sorrow for the misfortune of that unhappy people, he would make many melancholy reflections upon the precariousness of human life, and the vanity of all the labours of man, which could thus be annihilated in a moment. He would too, perhaps, if he was a man of speculation, enter into many reasonings concerning the effects which this disaster might produce upon the commerce of Europe, and the trade and business of the world in general. And when all this fine philosophy was over, when all these humane sentiments had been once fairly expressed, he would pursue his business or his pleasure, take his repose or his diversion, with the same ease and tranquillity, as if no such accident had happened. The most frivolous disaster which could befall himself would occasion a more real disturbance. If he was to lose his little finger to-morrow, he would not sleep to-night; but, provided he never saw them, he will snore with the most profound security over the ruin of a hundred millions of his brethren, and the destruction of that immense multitude seems plainly an object less interesting to him, than this paltry misfortune of his own.”
TLDR — we care about our family and friends, our neighbors, our fellow citizens within a couple of hundred miles at most. We don’t care about people on the other side of the globe, and that’s just human nature.
This isn’t necessarily bad. A world government would most likely be totalitarian. And speaking of the Internet, I think we’ve lost our way by allowing Big Tech companies to centralize information. My hope, my dream, is that people will once again realize the importance of:
federation or even decentralization, and
end-to-end encryption.
The US has been a benevolent dictator of the Internet, but it’s all but clear that world is ending, so we need to act accordingly.
We don’t care about people on the other side of the globe, and that’s just human nature.
It might be the nature of some humans, but it’s demonstrably true that many many people have the capacity for empathy with those they haven’t met, and I’m very grateful for that fact.
You’re right in your larger point but this particular conclusion is abhorrent.
Putting the politics aside, isn’t it a bit much to equate counting visitors (Google Analytics) with “transferring information about someone applying for a job with the security services”?
Sure someone applying there will end up being counted in visitor statistics, but the https://www.werkenvoornederland.nl/ website is for all government jobs. The fact that you visit it doesn’t really mean anything, especially considering that anyone from any country can do so.
That argument only makes sense if the analytics only count front-page visits and do not log any information from other sub-pages visited. That does seem unlikely (to the contrary, it happens way to often that such systems get setup to log even more precise data, e.g. from forms, and not just page visits)
Yeah I just checked and Google indeed gets information about “conversions” and “site exit”. The main page initially has no GA, but when you actually enter your data and submit an application it at least downloads the gtm.js script (albeit without cookies).
They also use google fonts, with an X-Client-Data that can likely be used to uniquely identify you(r machine) in combination with your IP.
Edit: obviously I disabled my ad blocker while doing this. Other than the Google Fonts thing none of this data will be transmitted if you use an ad blocker.
Why would they ever be considering that? And I don’t mean it as a jab against the US. Why would any government run any part of its systems on computers in another country, completely beyond its control? Have we all become so completely incompetent?
Yes. And also a lot of corruption and unfair trade practices.
I live in a country where the chair of a lobby group that includes Microsoft writes not just public tenders but also laws in a way that surprisingly benefits Microsoft-partnered companies and Azure. He’s also a prominent member of a governing party.
On top of that, It’s incredible, but even most college-educated politicians treat US tech unlimited free trials as a natural part of the digital ecosystem and expect whole productivity suite at the Google level to cost at most $1/user/month based on this experience when they shop e.g. for party systems. They obviously end up on free Google plans for the most part. Once elected, they get onboarded to Microsoft infrastructure at their offices.
US have managed to capture the minds of people who now equate their companies with most of computing. This will take time to change.
The only secure platform just about everybody in the public sector uses is now Signal.
Another unlimited free trial!
It’s just insane.
Most European IT providers only employ people familiar with Microsoft products. Governments were perfectly happy to use these providers; machines, data and software ran on-premise. And the big-ticket item, wages, went to local employees. Because there are multiple providers, you can even issue an invitation to tender, getting the lowest/best bid on Microsoft-related services.
A few years ago, Microsoft started its “inevitable” push towards a SaaS model and the cloud. Governments were complete captives of the Microsoft ecosystem. And to be honest, I think few people in government or its partners were imaginative enough to even consider other options.
As someone who was interested in open source as a teenager, I’ve seen this play out in slow motion since the 90s. At least my government was warned about over-reliance on Microsoft products, and adopted several mandates to only use open standards … which were promptly ignored.
I live in the Netherlands, our current undersecretary of digital affairs used to be an executive at one of these big European “IT providers” I describe. Disregarding the obvious conflict of interest, that should illustrate the kind of people making these decisions.
Yeah, I can see it, but ugh. It’s a real pity no one said they would cancel if they couldn’t have on-prem.
Not just another country, but also do a company owned by the US. Every country claims that anything companies that are under their jurisdiction are under their jurisdiction worldwide. Just because you are in an EU region doesn’t mean that snapshots of your data isn’t being sent somewhere else.
I would make a stronger statement and say that any large enough organization can run “its own cloud”, because cloud is a way of operating not defined as “someone else’s computer”. I am not going to get into a discussion where people say, “things are hard this and that”. Yeah, do the work. I think running things that look like clouds is much less difficult than made out, because all of the cloud providers have spent the last 15 years gaslighting everyone that running on your hardware is too difficult and were just waiting for a generation of techworkers to age out of running their own hardware.
Governments everywhere, should be running on their own hardware. And they can use cloud abstractions to do it. API driven provisioning for everything.
It’s just as safe as it’s always been.
No,. there’s a lot of policy discretion. The US government has access to any data stored in the US belonging to non-US persons without basic due process like search warrants. The data they choose to access is a policy question. The people being installed in US security agencies have strong connections to global far right movements.
[Comment removed by moderator pushcx: Pruning off-topic political argument.]
[Comment removed by moderator pushcx: Pruning off-topic political argument.]
[Comment removed by moderator pushcx: Trying to win a point by bringing up historical atrocities has never actually led to a topical converation.]
[Comment removed by moderator pushcx: Pruning off-topic political argument.]
[Comment removed by moderator pushcx: Pruning off-topic political argument.]
[Comment removed by moderator pushcx: Pruning off-topic political argument.]
[Comment removed by moderator pushcx: Pruning off-topic political argument.]
[Comment removed by moderator pushcx: Pruning off-topic political argument.]
[Comment removed by moderator pushcx: Pruning off-topic political argument.]
[Comment removed by moderator pushcx: Pruning off-topic political argument.]
[Comment removed by moderator pushcx: Pruning off-topic political argument.]
[Comment removed by moderator pushcx: Pruning off-topic political argument.]
[Comment removed by author]
[Comment removed by moderator pushcx: Pruning off-topic political thread.]
In 2004 servers operated by Rackspace in the UK on behalf of Indymedia were handed over to the American authorities with no consideration of the legal situation in the jurisdiction where they were physically located.
/Any/ organisation- governmental or otherwise- that exposes themselves to that kind of risk needs to be put out of business.
I seem to remember an incident where instapaper went offline. The FBI raided a data centre and took a blade machine offline containing blade servers they had warrants for, and instapapers, which they didn’t. So accidents happen.
Link: https://blog.instapaper.com/post/6830514157
Yes, but in that case the server was in an American-owned datacenter physically located in America (Virginia), where it was within the jurisdiction of the FBI.
That is hardly the same as a server in an American-owned datacenter physically located in the UK, where it was not within the jurisdiction of the FBI.
Having worked for an American “multinational” I can see how that sort of thing can happen: a chain of managers unversed in the law assumes it is doing “the right thing”. Which makes it even more important that customers consider both the actual legal situation and the cost of that sort of foulup when choosing a datacenter.
The FBI has offices around the world.
https://www.fbi.gov/contact-us/international-offices
Serious question, who’s putting data in
us-westetc when there is eu data centres? And does that free rein over data extend to data in European data centres? I was under the impression that safe harbour regs protected it? But it’s been years since I had to know about this kind of stuff and it’s now foggy.It does not matter where the data is stored. Using EU datacenters will help latency if that is where your users are, but it will not protect you from warrants. The author digs into this in this post, but unfortunately, it is in Dutch: https://berthub.eu/articles/posts/servers-in-de-eu-eigen-sleutels-helpt-het/
I re-read the English article a bit better and see he addresses it with sources and linked articles. Saturday morning, what can I say.
A lot of non-EU companies. Seems like a weird question, not everyone is either US or EU. Almost every Latin American company I’ve worked for uses us-east/west, even if it has no US customers. It’s just way cheaper than LATAM data centers and has better latency than EU.
Obviously the world isn’t just US/EU, I appreciate that. This article is dealing with the trade agreements concerning EU/US data protection though so take my comment in that perspective.
I don’t see how this is at odds with the parent comment?
That is the one good thing. It has always been unsafe, but now people are finally starting to understand that.
Because it’s dramatically less safe. Everyone saying “it’s the same as before” has no clue what is happening in the US government right now.
And everyone saying it’s dramatically different has no clue what has happened in the US government in the past.
I haven’t personally made up my mind on this, but one piece of evidence in the “it’s dramatically different (in a bad way)” side of things would be the usage of unvetted DOGE staffers with IRS data. That to me seems to indicate that the situation is worse than before.
yeah could be
You’re incorrect. The US has never had a government that openly seeks to harm its own allies.
What do you mean? Take Operation Desert Storm. Or the early Cold War.
Not sure what you mean—Operational Desert Storm and the Cold War weren’t initiated by the US nor were Iraq and the USSR allies in the sense that the US is allied with Western Europe, Canada, etc (yes, the US supported the USSR against Nazi Germany and Iraq against Islamist Iran, but everyone understood those alliances were temporary—the US didn’t enter into a mutual defense pact with Iraq or USSR, for example).
they absolutely 100% were initiated by the US. yes the existence of a mutual defense pact is notable, as is its continued existence despite the US “seeking to harm” its treaty partners. it sounds like our differing perceptions of whether the present moment is “dramatically different” come down to differences in historical understanding, the discussion of which would undoubtedly be pruned by pushcx.
[Comment removed by author]
My gut feeling says that you’re right, but actually I think practically nobody knows whether you are or not. To take one example, it’s not clear whether the US government is going to crash its own banking system: https://www.crisesnotes.com/how-can-we-know-if-government-payments-stop-an-exploratory-analysis-of-banking-system-warning-signs/ . The US governmant has done plenty of things that BAD before but it doesn’t often do anything that STRANGE. I think.
[Comment removed by author]
the reply was to me
Oh, yeah. Clearly I’m bad at parsing indentation on mobile.
Just because it was not safe before, doesn’t mean it cannot be (alarmingly) less safe now.
And just because it logically can be less safe now doesn’t mean it is.
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
[Comment removed by moderator pushcx: Pruning an off-topic thread on current politics.]
It is not. Not anymore. But I don’t want to get into political debate here.
I suspect parent meant it has never been safe
This isn’t true, as the US has been the steward of the Internet and its administration has turned hostile towards US’s allies.
In truth, Europe already had a wake-up call with Snowden’s revelations, the US government spying on non-US citizens with impunity, by coercing private US companies to do it. And I remember the Obama administration claiming that “non-US citizens have no rights”.
But that was about privacy, whereas this time we’re talking about a far right administration that seems to be on a war path with US’s allies. The world today is not the same as it was 10 years ago.
hm, you have a good point. I was wondering why now it would be different but “privacy” has always been too vague a concept for most people to grasp/care about. But an unpredictable foreign government which is actively cutting ties with everyone and reneging on many of its promises with (former?) allies might be a bigger warning sign to companies and governments world wide.
I mean, nobody in their right mind would host stuff pertaining to EU citizens in, say, Russia or China.
Which is to say: its not safe at all and never has been a good idea.
There does seem to be a bit of a chicken-and-egg problem. A bunch of people (myself included) are eager to work on EU alternatives to American services, but having things that are comparable requires a lot of initial funding and reasonable expectation of usage, which just isn’t there. In the meanwhile, public organizations don’t want to make a move until they see something that inspires confidence, which would require a player to already be set up.
I do wonder how things would go if the article’s recommendation (divert a % of government funds towards setting these things up) would go. The closest we have right now are the tech sovereignty funds / nlnet / similar, which are great, but much smaller than you’d need to compete with (say) AWS. (OVH and similar try, but if you’ve ever used their cloud offerings rather than just a couple of random dedicated servers, the limitations become apparent pretty quickly.)
I think what’s needed is a mandate, rather than a subsidy. Given the level of regulatory capture in democracies around the world including in Europe it’s hard to see that happening, but without a mandate using Google Workplace, AWS EU or similar will always be the easiest route to follow for the large proportion of people who are less ideological.
AWS itself is a product of a mandate that all communication about mechanics should occur via API rather than email.
What AWS actually is in practice right now is a way to bypass a bunch of regulations. SoC Type 2? We’re on AWS, it’s there already. HIPAA? They have a document. So on and so forth. It completely abstracts away company structure as well, leaving only the product, which means the software architects don’t need to learn about, say, network theory, and can just have a checklist that says, “we get our own VPC”, for example.
I recently won a public contract at work that ended up being worth multiple million euros (less than it was supposed to, but I had no part in the charge negotiations). It was originally planned to be hosted on OVH, but due to a bunch of extraneous requirements from them, it became strictly impossible to do (not in any reasonable amount of time, anyway), so it got moved over to AWS Paris instead. This is how it tends to go in my experience.
Agreed. And in 4 years the tides may shift again and everyone will have forgotten how close to the brink we were, and therefore the demand for purely EU services might never materialize.
For those who follow geopolitics and have a fundamental understanding beyond the mainstream narrative, recent developments have largely unfolded as expected, with no significant surprises. The only noticeable difference lies in the aesthetics, which may not be as crucial as some perceive it to be.
In my view, depending on another country for critical infrastructure, even within the EU, has always been a poor decision. This is a fundamental principle of geopolitics and is not about categorizing nations as “good” or “bad,” as such labels can be overly simplistic from a philosophical and social standpoint. Rather, it comes down to a basic yet crucial consideration: what happens if that nation’s interests, whether perceived or actual, no longer align with your own?
The way the U.S. government has approached TikTok - the only major social media platform not based in the U.S.- serves as a clear indication of how vital it is to maintain control over such platforms. It also underscores what the U.S. government, regardless of which administration is in power, considers to be of strategic importance.
Very well said, and I fully agree with this.
Was it ever?
Isn’t this the sort of post most of us come to lobste.rs to avoid? There’s a few technical points buried in there, but it’s mainly political rhetoric. I think there’s an orange site that loves this kinda thing that it could be posted to instead.
Yes, “hidden by 26 users”, says currently near the top of the page. That’s a lot.
I found this site to be helpful in understanding some options. https://european-alternatives.eu/
Personally I think I’ll go with scaleway from digitalocean and can reduce monthly costs by ~75% by switching to their “dedibox”.
Depending on what you need, also take a look at Hetzner.
I have a personal mail server and have heard that Hetzner doesn’t have a good reputation for their IP range. Too many spam operators. I have no proof if this is the case.
I’ve used their auction servers in the past for projects and have been very pleased.
I wouldn’t know about that as I’m not hosting an email server.
But I self-host on Hetzner and I like them for being very cheap.
It’s no longer safe to have anything in US clouds. But we in Europe have been massively lazy in some aspects.
Can you elaborate the “laziness” part? I have a very narrow view of EU, but I read somewhere that EU does not encourage risk taking like the US does, so most large successful tech companies are American and not European.
I wouldn’t be sure that the difference is political. For instance, https://www.heritage.org/index/pages/all-country-scores shows that 14 countries in Europe are more free than USA in terms of economic freedom.
But we sure are more conservative in technology. We let others do the pioneering work and then just pick established technologies, instead of trying or building new stuff. We are scared of being wrong and of failing.
There are exceptions of course, but they are too rare.
Thanks for the Freedom Index, useful data.
Though I think the difference may be more cultural - in general EU has a low risk taking culture (scared of being wrong and failing), which possibly also means the society in general frowns upon those who fail. Unlike in the US, where every failure (that does not ruin you financially) is celebrated and risk taking is rewarded.
European culture is different, but from what I understand, there are also very practical reasons that we don’t have a VC culture like the US. For all the talk about harmonization, single market, etc., I was surprised to learn that it is apparently not possible that a VC in one EU country can fund a startup in another one. Or at least not without jumping through countless bureaucratic hoops. Effectively, each country needs to take on Silicon Valley on its own.
I would be genuinely curious to know if anyone here knows of a decent European cloud provider. I’m not going to name names, but there is a prominent one that frequently takes down whole regions for days and doesn’t count it toward their downtime. Another prominent one lost a whole datacenter to a fire because it had inadequate fire suppression.
I keep hearing that Lidl (Schwarz) is building a more serious Cloud, but I have never tried nor met anyone who has https://www.stackit.de
You may be interested in the author’s thoughts. In general, Europe has nothing like an Amazon Web Services; Europe does have “Scaleway, OVH, Hetzner, Leaseweb, Contabo and ionos”, but those are not really competitors to the big clouds.
That said, I strongly feel that hosting a mail server isn’t actually beyond the collective power of the European continent.
Hetzner is a long time name in the server / VPS provider, but they are not exactly in the “cloud” space. Same for OVH, probably.
People who bring up real issues are often dismissed as being too worried, being hyperbolic, sometimes as being conspiracy nuts. It really boils down to people not wanting to expend the energy that’d be required if they really considered the possible consequences of their actions. It’s not unlike the “I have nothing to hide” people - you do, but you lack the energy to imagine how information about you can be used against you once extremists are in a position to do that very thing.
Take Cloudflare - if you talk shit about them on the orange site, you’ll get tons of downvotes with almost no actual engagement, because people can’t really defend Cloudflare’s shitty behavior. It’s because people want to believe what they want to believe - Cloudflare is good, they promise good things and offer tools and services for free to end users, they’re going to protect you from the boogey man, whatever. The reality of Cloudflare is that they want to be a monopoly (or at very least be in a position where almost everyone has to rely on them or put up with them), want to re-centralize the Internet around them, and as a for-profit company operating in the United States, we have no reason to think they aren’t or won’t sell access to the data they collect. They ardently protect scammers, marginalize people on the Internet throughout the world who aren’t in “desirable” (mostly western) places, and participate in underhanded schemes like Mozilla’s defaulting of DNS-over-https, which tricks people in to giving up their privacy to Cloudflare without warning or notice, and without being asked.
Of course anyone with a brain would realize that using Cloudflare puts privacy at risk and makes data that should otherwise stay private available to the United States, but when you have people who don’t want to expend the energy thinking, and/or people who have become fans because Cloudflare gave them a free service, and/or people who have the “nobody ever got fired for buying IBM” mentality, it’s easy to see why people decide to use stuff like this without considering the implications.
Glad to see this being discussed on lobsters. In the (paraphrased) words of Dylan Beattie, “Some people say ’keep politics out of technology ’. Politics create the problems technology tries to solve”
Whatever else you agree with or disagree with in this article, I think they should include Jeff Bezos along with Trump and Musk. I hear a lot of people store their data on Jeff Bezos’s online book retailer’s servers, of all places. And he has thrown his lot in with the other two.
The major clouds have spent billions on supporting jurisdictional controls for cloud workloads. This includes features across every service for isolating data, compute, and network to a particular legal jurisdiction (US, EU, or at the country level). And it also includes turning up special data centers for governments to run their workloads - for defence and state industries like oil extraction.
So no serious government has been running their workloads in other regions.
That doesn’t mean control plane access is not possible cross region. But even that is something they’re doing.
Google’s Trusted Partner Cloud program has data centers that Google engineers can only access with partner okay. Partners are supposed to run it on their own. So in that case they benefit from public cloud tech but have local control.
Despite the naysayers the public clouds do have tons of useful tech, if at a premium. It would make sense for a government to forfeit that.
That all said - as the transatlantic alliance crumbles, we’re living in changing times.
And thus, the vision of one global world dies a sad death.
What’s global about having all platforms in one country?
Yes. There are obviously myriad offline/geopolitical/social/etc aspects to this, but my view is that, in Internet terms at least, this is because in the mid-00s there started an indecently exponential rush towards globalisation through centralisation rather than federation. It’s been downhill ever since.
That has always been a pipe dream, despite “globalization” being inevitable. Adam Smith once said:
TLDR — we care about our family and friends, our neighbors, our fellow citizens within a couple of hundred miles at most. We don’t care about people on the other side of the globe, and that’s just human nature.
This isn’t necessarily bad. A world government would most likely be totalitarian. And speaking of the Internet, I think we’ve lost our way by allowing Big Tech companies to centralize information. My hope, my dream, is that people will once again realize the importance of:
The US has been a benevolent dictator of the Internet, but it’s all but clear that world is ending, so we need to act accordingly.
It might be the nature of some humans, but it’s demonstrably true that many many people have the capacity for empathy with those they haven’t met, and I’m very grateful for that fact.
You’re right in your larger point but this particular conclusion is abhorrent.
[Comment removed by author]
European alternatives need to step up their game. I’m willing to give a chance to something with rough edges, but many aren’t, or can’t.
[Comment removed by moderator pushcx: Pruning off-topic thread about X.]
[Comment removed by moderator pushcx: Pruning off-topic thread about X.]
[Comment removed by moderator pushcx: Pruning off-topic thread about X.]
Never was.
It never has been safe in the first place.
Looking forward to the moment when Office365 becomes Office0. Swiss government will be terribly pleased.
Putting the politics aside, isn’t it a bit much to equate counting visitors (Google Analytics) with “transferring information about someone applying for a job with the security services”?
Sure someone applying there will end up being counted in visitor statistics, but the https://www.werkenvoornederland.nl/ website is for all government jobs. The fact that you visit it doesn’t really mean anything, especially considering that anyone from any country can do so.
That argument only makes sense if the analytics only count front-page visits and do not log any information from other sub-pages visited. That does seem unlikely (to the contrary, it happens way to often that such systems get setup to log even more precise data, e.g. from forms, and not just page visits)
Yeah I just checked and Google indeed gets information about “conversions” and “site exit”. The main page initially has no GA, but when you actually enter your data and submit an application it at least downloads the gtm.js script (albeit without cookies).
They also use google fonts, with an X-Client-Data that can likely be used to uniquely identify you(r machine) in combination with your IP.
Edit: obviously I disabled my ad blocker while doing this. Other than the Google Fonts thing none of this data will be transmitted if you use an ad blocker.
[Comment removed by moderator pushcx: Me-too performative surprise.]
I am even more skeptical and would remove ‘longer’ and ‘US’ words from the title.
I am ‘kinda OK’ with some workload at cloud - but with backup/data on premise for security.
[Comment removed by moderator pushcx: Don't mock articles.]