I think we're going to be seeing more and more of this type of thing in Europe.
Of course some administrations have already done it before, sometimes sucessfully, like the French gendarmerie and sometimes unsuccesfully like Munich that ended up reverting to Windows (mostly for political rather than technical reasons).
But previously the motivations were difficult to understand for many, either being about saving money on licenses with dubious returns once retraining was considered or about software freedom arguments that are difficult to explain to non geeks.
These days the US is increasingly seen as an untrustworthy partner / supplier in Europe and the digital digital sovereignty arguments are well understood, both by politicians and the general public.
Even though I tend to bash a bit the whole evolution of Linux Desktop, that is more a complaint of where I wish things to be, than being a naysayer.
FOSS stacks seem the only way with current geopolitics, but there is a big but.
For proper freedom it would only work out if we got back the whole infrastructure from hardware, software, compiler toolchains, everything like in the cold war days, throughout the 8 and 16 bit home computers as well, however I doubt we would go back that far.
I think migrating away from office is not realistic for many companies. They run on Excel, and just breaking one vital table because it uses a macro can cost much more money than the entire office suite for many users over years. The Munich story was doomed to fail.
(Of course there are lots of things that work, the open source mail or Zoom or Slack replacements are totally fine in my opinion.)
Most FOSS organisations, including the Linux Foundation, are headquartered in the US and are supported by American companies and, most likely, American three letter agencies.
Yes, but they work differently. Due to their decentralised nature there is not one switch they can turn to shut off their services or programmes. US companies can be ordered to stop their services for certain organisations, individuals or states
Sure, but then some may not remember how usage of the cryptographic algorithms was limited by the US government, including in Open Source software, all the way until late 90s in Central/East Europe.
See how well it works for countries that were cutted out of Github, where most FOSS projects are hosted nowadays, without copies anywhere else, as if Git wasn't any different from Subversion.
Yes - this is exactly the problem. Big Corporations, like Microsoft, the owner of Github, can shut you out. If you lose access to your E-Mail, or anything connected with your Microsoft Account (or Google Account) you will lose access to a lot of services that relie on it.
And if you keep your source code with Microsoft and Microsoft only, you can lose access to it too.
Broadly speaking this tendency towards concentration and centralization is not only just going on in all aspects of society all over the West, more baffling in many ways is the fact that many of the instances of concentrating power and control is being facilitated and even perpetrated by the collective people themselves, e.g., putting all the eggs into the GitHub basket.
Regardless of why and how it’s happening, it seems extremely risky at best because all concentration of power and control tends to beget more abusive power and control.
It is really important to not build your national infrastructure around closed-source proprietary software that other nations control.
I lived in Latin America for a year. It is shocking how much everything relies on WhatsApp. I got everything from visa appointments, airline tickets, to restaurant bookings in WhatsApp.
Another massive problem is if Meta has a fit with your organization, they can ban you from using WhatsApp for Business. All these Latam countries should and must pass regulations to avoid this kind of behavior. Free market all you want but if you captured market, it’s the nation’s responsibility to ensure their people can get the best service even if these companies are hating each other.
I'm a capitalist but yes when national security is in play "free market" in my book doesn't apply. You can't have health appointments, airline tickets, government services by default on WhatsApp. Most don't even bother with email and just default to WhatsApp.
It was kind of the same but not as pervasive with Facebook Messenger in the Philippines.
None of those are national security issues though, they’re QoL issues. The problem isn’t WhatsApp owning the market, it’s governments making the choice to only make their services available through WhatsApp and providing no alternative of their own to receive services. Every single “WhatsApp is too dominant” story I’ve seen usually boils down to governments acting as enablers for the supposed issue themselves.
You don't think WhatsApp for some reason stopping to work and airlines losing their default way to issue tickets is a national security issue? How about health care appointments with national ID and address on them being sent as PDFs and stored on Meta's servers? All of those are massive national security issues for me. It can grind the country to a halt for days on end.
There's a reason South Korea has laws requiring all data on its citizens and geography to be stored in Korea. Even Google Maps doesn't quite work in Korea.
South Korea is not a great example here. It's been weeks since the big data center fire and they've barely started to recover. Storing all data internally can really backfire if best practices aren't being followed, and that's a lot more likely with a not-invented-here approach.
Why are they running everything through WhatsApp in the first place with no alternatives? Using WhatsApp as a convenience is fine, but if you’re doing it with no way to not use WhatsApp or obtain data through an alternate mechanism other than WhatsApp, that’s what is causing your problems.
Issues that threaten national security are issues that threaten a nation’s sovereignty, put it at risk of war, or compromise the security of high ranking politicians, members of a nation’s intelligence service, military assets, and other issues of that caliber. The potential to miss flights or health care appointments does not rise to that level, but if it’s an actual problem, then it’s something solvable without reaching for the anti-monopoly gun or national security gun and a good start would be governments not using WhatsApp as an exclusive mechanism for obtaining government services. The second step is governments mandating that businesses in healthcare or transportation and other such critical industries have alternative mechanisms for customers to reach them other than WhatsApp.
Of course they are. It’s basically foreign soft power infiltration, invasion, control, and conquest. WhatsApp is Meta, Meta is deeply associated with not only the US government and its agencies, but the various entities of state control in the subordinate countries that believe they are being provided a means of controlling their countries, but do not realize or are deliberately subordinating themselves to the empire that is called America.
The pernicious thing that neutralizes many people like yourself, is that you cannot understand that meta/Facebook/WhatsApp is not just innocuous private business somehow magically different than the government in which at least you have a theoretical level of control over in a democracy.
Every place that an “American” company controls aspects of a technology inside a society is effectively to that degree conquered by the “USA”. One’s own country simply does not exist anymore to the same qualitative degree that it is controlled by foreign technologies/companies. That is also the revealing argument the system made when it threw its fit about the Chinese control of TikTok! So at least the “American” system believes it… “The lady doth protest too much, methinks.”
> The pernicious thing that neutralizes many people like yourself
I get exactly how people view private American companies abroad and that’s irrelevant to what I actually said.
Why are governments running all their communications and services through a private American app? Even in America, we’re not doing that, and there is always a fallback in some form of the telephone system, email, the postal service, the web or just showing up in person for anything that is absolutely essential. If I’m doing anything through a 3rd party app like WhatsApp instead, it’s either not that essential, or I’m doing it as a convenience but the fallbacks are always there.
So when people are talking about utterly essential services being run through WhatsApp and only WhatsApp, that seems like the obvious problem, because if that’s true, that’s also very stupid, and also a very stupid choice. Facebook profits from the situation, you could even say America profits from the situation, but you can’t say it isn’t without mutual engagement and compliance on the part of the supposedly aggrieved parties here.
Yes. Absolutf*kingeverything is whatsup. That was annoying at the beginning.
But: people there are practical and flexible. It would take days to a month to migrate, what is impossible in first world, just take Germany as an example.
Also whatsapp is e2e encrypted, so not so bad. In Germany many things go over FAX or mail, totally unencrypted…
Yeah it is annoying on principle having everything on WP but it's not the worst piece of software (yet). I think I would rather have it than the American system and their blue bubbles vs green bubbles or fragmentation between multiple incompatible and shitty proprietary messaging systems.
In short: 30k users, 40k mailboxes, 100M emails and calendar entries migrated. The client is Thunderbird. The server / web side is handled by Open-Xchange, hosted by a local provider with the same name (AFAICT), which also offers commercial licensing for the otherwise-AGPL suite.
The service gets operated by Dataport AöR. Dataport is the primary service provider / datacenter of some german federal states and owned by them.
They client is mainly Open-Xchange AppSuite Web UI, some people use Thunderbird on top. There are also thousands of mobile devices, syncing via IMAP, SMTP, CalDAV, CardDAV.
Instead of guessing it's an easy lookup. OpenXchange is an app suite that's been around for >20 years. It's not some random ad hoc combination of software.
There are no high scalability improvements, it is a regular Dovecot Pro setup.
44.000 mailboxes is not really big from Dovecot Pro point of view, there are dozens of other service provider customers running six to eight digit mailbox numbers on it. Biggest European installation serves 40M mailboxes although these are consumer / SMB mailboxes which lower load provide and size compared to Schleswig-Holstein.
I don't think so. Yes, there are open source components in there. But there's also a huge amount of their own code, and can iirc present as a whole MS Exchange server to an Outlook client. There's also a user-customizable web frontend with groupware-like features. The whole package is a lot different than just combining a few packages into a bare-bones email service.
Been saying it for years: the name of the (IT) game through 2030 and beyond won't be AI, so much as it'll be sovereignty. Everyone played the US' game and got relatively burned to varying degrees, so expect more countries utilize homegrown or FOSS products to retain sovereignty over their digital infrastructure going forward.
Of course you don't want to wake up one day and you can't access your mails because the US government doesn't like you. .
Huawei had to develop an in-house solution after SAP cut them off.
SAP is a German company that was pressured by the US government (surely with EU blessing - Huawei still has too much control over foreign infrastructure). I guess the lesson is that every country has to replicate software autarchy, and the easiest way for all but the largest countries is through FOSS.
The rest of the world has had forever to do sovereignty, and the blessing of a FOSS ecosystem (that doesn't exist in fully 85% of alternate universes) which would make it absurdly easy. Europe has the same bosses as everybody else, and they pretty much pilot authoritarian overreach there before they try it in the US against a stronger constitution and clear Bill of Rights.
The reason Europe isn't independent is because they like that the US goes through their citizens' data, and are happy for Microsoft (or whoever, I guess Palantir, Crowdstrike, and 18 Israeli military startups) to package it up and send it to them. They love to not spend on tech and talk the future, just like they love to not spend on the military and talk tough.
The reason they talk about US tech domination is to whip up a "nationalism" which is, of course, an EU federalism and a usurpation of the self-determination of the various nations of Europe for the sake of the deep pockets that dogwalk the EU to where they want it to be. It also keeps France and Germany in the center of Europe forever. They don't talk about "tech independence" because they mean anything by it.
They've had 30 years to grab FOSS and run with it, and infinite cash. Instead, you got cookie banners, social media monitoring, and in a minute, chat control.
The only people who are seriously working on digital sovereignty are the Chinese.
edit: I'd like to add that I'm all for Europe going all-in on FOSS, or (less-so) even coming up with a full proprietary ecosystem completely independent of US tech overlords. This would be nothing but a benefit to me. It will just never, ever happen. Any European who would be expected to pay for it is already heavily invested with US tech overlords, because billionaires aren't nationalists, they're narcissists.
Population decline and climate change impact may not provide enough surpluses in capital for specific areas to invest in reinventing various solutions unless AI makes the cost extremely low.
Everyone likes to trot out “bUt ThE cApItAl” as an excuse to justify their current thing they’re really into, but the fact is that every single time a cause becomes important enough to fund, we always find the money somehow.
This time will be no different. If your choices are sovereignty or subjugation, most organizations will fight for sovereignty when pressed beyond a breaking point or the math adds up in their favor. It might mean pulling funds from highly speculative fields or investments (y’know, like AI) in favor of more immediate benefits and gains, and everyone’s calculus is different, but to those for whom sovereignty is more important the capital will inevitably be found.
> every single time a cause becomes important enough to fund, we always find the money somehow
We as in America, the richest country on the planet? Yes. We as in various countries that went bankrupt, collapsed or got invaded over the centuries because they broke their piggy bank over a boondoggle? No.
> USA also got a household that barely lives on its debts
So did every empire in history.
> Richest nation? Probably china already
If you’re not guessing, the answer is a clear no. (The best source on this might be the CCP. They don’t claim parity because Beijing isn’t delusional.)
More fundamentally, the question was on budget constraints. Credit and cash buy the same infrastructure, healthcare and open-source software.
I think the big thing will be FOSS solutions. That way the Europeans, Chinese, contrarian Americans, Russian, etc can use the same code and share capital costs without actually having to trust each other.
You raise a valid point, the resources we will have to put towards climate mitigation and dealing with extreme events will be a drain on productivity in other areas.
However I think that will mostly be the case for “real” technology, I think capacity to produce software will be minimally affected even if there was no AI.
Indian government announced its decision recently to migrate the IT software of all its government offices and PSUs (public sector units) from Microsoft to Zoho (an India-based IT company, whose affordable products are good alternatives to Microsoft and Google's products).
Zoho has recently (re)launched Ulaa browser (Chromium fork, alternative to Chrome and Firefox) and Arattai (messenger app, alternative to Whatsapp and Singal), which are getting quite popular (Arattai and Ulaa topped Google Play Store recently in messenger and browser category).
Corporates (even governmental companies/ departments) don't usually go for Open-Source since the code may not be maintained and there may not be any support.
This is why FOSS systems like Linux and OpenOffice are still not mainstream in the corporate world (though Linux rightfully dominates in the backend server market), whereas Microsoft rules the corporate world with its expensive software (Windows and MS-Office).
Plenty of server-side FOSS is mainstream. Maintainability of the code is not the problem — there exist commercial support options. On desktop FOSS often has inferior usability for non-tech users due to different incentives for product development. If you ask anyone in the legal or accounting departments of a corporation, they will demand Microsoft (not even Google) not because it’s more expensive or has terms and conditions, but because they just can’t feel themselves productive when using alternatives. LibreOffice is not bad, but it isn’t great too.
Open-source has many technical advantages over closed-source, in addition to the moral ones (which are quite powerful themselves).
Being able to inspect the software you use makes you able to trust house it works, and fix it at points where it's not working; those were the first motivators for creating the FLOSS movement.
There's also the advantage that in the long term you don't depend on the company developing the software; if the company goes under, or simply stops supporting the software, you can hire a different batch of developers to carry on maintaining it. That's the reason why many big contracts require that the software vendor puts the source code under escrow.
In reality, closing the source of software only benefits the seller; everybody else benefits from having it available. With FLOSS, you get that for free.
Being a closed-source stack, their CVE disclosures [0] paints quite a sorry picture, unless, of course, they’ve built such mind-blowing security that it makes Microsoft, Oracle, Salesforce and Google combined look like amateurs.
France is currently developing La Suite numérique[1], which includes email based on Open-Xchange. The German federal government also proposes Open-Xchange in their openDesk suite[2].
Why would we even want that, the whole point is to break the monoculture and single vendor dependency not to create an new mostly irrelevant one to be stuffed with has-been and rejects from the national levels the way most of EU's big prestige projects end up being run.
One of the thing that sets EU apart from most federations is that it kind of enables a lot more regional independence in how things are actually implemented while still guaranteeing the rights of the individual citizens, this lead to a lot of dynamism at the local level despite the failings of the central level, and allow this kind of projects to succeed and create paths for others to follow at their own pace.
Maybe both? The EU could have a reference implementation, without mandating its use. The current EU model requires each member state to implement everything from scratch, obviously with subtle incompatibility that never gets fixed.
On one hand, yes. There should be a good EU-wide easy to adopt system.
On the other hand, the more people are involved, the slower progress is. And It makes sense to accelerate nationally and then combine EU-wide later on.
If more of this happens, especially in email, maybe Google, Microsoft and friends will be forced to democratize their email blacklisting. When countries start suing because email from government agencies is not getting to their citizens, these lists will hopefully get more decentralized.
> Only guarantees Europe currently have are nuclear missiles in France and maybe UK
The security guarantee is from Washington. Europe is de facto de-militarised when it comes to protecting its geopolitical position. Dumping America as a security partner would require materially reducing standards of living across the Continent, something Europeans are reluctant to do.
Highly unlikely given your average age is 46. The time for draconian fertility policies was about 15 years ago. I think at this point most Europeans are just waiting for fiscal collapse.
I hope we get regular updates. Email deliverability is a frustration outside of the M365/Gmail ecosystems, but it’s not as bad as it’s sometimes made out to be, and I’m optimistic that increased rigour with the implementation of SPF/DMARC/DKIM will lead to better deliverability across the board. I’m curious if they see increases/decreases in spam, missed messages, successful phishing attempts, etc. Lastly, I’d love to know if they have had to change any security policies, and how are they handling identity management across the organization.
> Email deliverability is a frustration outside of the M365/Gmail ecosystems, but it’s not as bad as it’s sometimes made out to be […] I’m curious if they see increases/decreases in spam, missed messages, successful phishing attempts, etc.
It's probably not much of an issue in this specific case. If someone doesn't get your email, that's your (the sender's) problem; but if someone doesn't get the government's email, then that's their (the recipient's) problem.
To add to this, most emails are likely within the organization and/or between public institution.
E-Mail was (last time I checked) not an approved medium for delivery of important documents as it does not (per design) have a mandatory receipt of the message being delivered. So a citizens does not need to worry a lot about this for important documents/mail.
(Fax was so popular for public institutions in Germany because it satisfied this standard. It meant it usually was the lowest barrier option and you could rely on it for all (un)important documents)
As former email admin, it’s not bad if someone is dedicated to it and you have your own block of IP. It’s frustrating for self hosting because lack of your IPs and most people don’t want spend free time on this busy work.
We operate an MSP business for tens of thousands of customers and have our own ASN, but gmail outright refuses all our corporate email. Why? We do not know and gmail refuses to tell us. Their postmaster tools lie, are incomplete, display no data, display errors or contain no useful information.
There is no human postmaster to contact, all our attempts have been ignored successfully. It’s downright silly but we have to send our corporate mail via a paid third party relay to be delivered to gmail.
These gmail postmaster tools seems to exist to make antitrust cases difficult, not to enable other MSPs to deal with deliverability issues.
At the same time gmail is emerging as the number one source of spam for our customers. If our spam fighting is too tight we falsely flag important mail as spam, and this is absolutely unacceptable to customers. As a consequence we have to relax our spam classification for gmail senders, which manifests itself in false negatives from the perspective of our customer.
But to the customers this reflects on us, not on gmail.
It’s just gmails best interests to make other MSPs miserable to operate. It drives our users to them.
Even if you do ALL the techinical work you can still find yourself banned/ignored as I learned years ago the hard way.. even big providers outside MS/Goog duopoly finds themselves partially unable to deliver business emails at times.. fun times for a small shop (not).
I’m going to float a compromise that works pretty well and helped us get off Office with absolutely minimal effort…
Exchange Online Plan 1
(the cheapest, no Office)
Apple Mail (Active Sync),
Pages,
Numbers,
Keynote
(all free, perpetually, and mobile apps are available)
Since these are packaged as store apps, we still get basic MDM and the ability to deploy/autoconfigure/autoupdate. Active Sync allows us to get email notifications in near real-time to mobile devices (which is otherwise difficult), as well as wipe emails remotely on lost devices if we need to.
We get data sovereignty by using a Synology NAS, which has a Task to encrypt everything and upload it to Cloudflare R2 as a backup. We could really use any NAS solution, but so far Synology is hands free and can sync everyone’s emails from Exchange to the backup.
Will ditch Exchange when someone finally starts an antitrust on Microsoft/Google email hosting.
If they (and every public body doing the same move) now start donating 50% of their previous costs to the FOSS projects they, that would most notably put mozilla in a much better position to not have to bow to google money and go down the route they did lately.
The Schleswig-Holstein email migration is so complicated, only three men in Europe have ever understood it. One was Prince Albert, who is dead. The second was a German professor who became mad. I am the third and I have forgotten all about it.
The Swedish tax authorities went all in on Azure. Insane. And screw solidarity with the Danes. We rent our digital infra, and now the Don extractive rents. He also threatens us if we want to have our own laws or, god forbid, support our own digital infra.
Netherlands is generally very sensitive to price, so if the US cloud (plus the 2 millions for the backup) was cheaper than the alternatives they gladly took it. Also, I would expect Microsoft offered them a big discount...
It's a great move. I doubt it will add any substantial security measures, but the fact that more people -either individuals, organizations, or even governments- are disconnecting from the major big tech players is always a good sign and a healthy approach, especially when these few big companies are actively becoming hostile towards their users with different money-grab tactics and invasive technologies. Add to that AI craziness, and you are not a user anymore but a minion or a drone to such companies.
Not exactly (site:gitlab.open-xchange.com in a search engine gets you the links to access the projects directly), but the explore page is indeed restricted.
Wow didn't realize it has comes to this. I guess the AI bots are ignoring the robots.txt now days huh, so just removing the index seems enough to stop the AI scrappers?
Props! I hope they keep it and don't use it as a play to get a better deal from a commercial provider. I am jaded after seeing too many "digital transformation" projects running on a 3-5 year cycle of switching from Offie 365 to Google then back to Office 365.
If you can read the phonetic alphabet, the pronunciation is given on both the German and English Wikipedia page for Schleswig-Holstein. But the English page gives an English variant, not the original (and correct) German pronunciation.
I just go with The Nutmeg State. Much clearer for everyone.
(As a RI/ NH New England lifer, I, as is typical of us, think of Connecticut as New York's attic: a place you hide that which you don't need anymore but it would be gauche to throw out.)
For people never hearing an American say that: It is pronounced "Ar-kan-saw". It is written so strangely because it was named by the French and their stupid silent s.
The website of the Arkansas Secretary of State says "Arkansaw" and includes this gem:
"During the early days of statehood, Arkansas’ two U.S. Senators were divided on the spelling and pronunciation. One was always introduced as the senator from “ARkanSAW” and the other as the senator from “Ar-KANSAS”. "
>In 1881, the state’s General Assembly passed resolution 1-4-105 declaring that the state’s name should be spelled “Arkansas” but pronounced “Arkansaw”.
The pronunciation preserves the memory of the Indians who were the original inhabitants of our state, while the spelling clearly dictates the nationality of French adventurers who first explored this area.
I think we're going to be seeing more and more of this type of thing in Europe. Of course some administrations have already done it before, sometimes sucessfully, like the French gendarmerie and sometimes unsuccesfully like Munich that ended up reverting to Windows (mostly for political rather than technical reasons).
But previously the motivations were difficult to understand for many, either being about saving money on licenses with dubious returns once retraining was considered or about software freedom arguments that are difficult to explain to non geeks.
These days the US is increasingly seen as an untrustworthy partner / supplier in Europe and the digital digital sovereignty arguments are well understood, both by politicians and the general public.
This is just the result of shifting from the uni-polar world to the multi-polar world. Guess this is just one phenomenon of the poles shifting.
Hope this will result in gain for FOSS and the community.
Even though I tend to bash a bit the whole evolution of Linux Desktop, that is more a complaint of where I wish things to be, than being a naysayer.
FOSS stacks seem the only way with current geopolitics, but there is a big but.
For proper freedom it would only work out if we got back the whole infrastructure from hardware, software, compiler toolchains, everything like in the cold war days, throughout the 8 and 16 bit home computers as well, however I doubt we would go back that far.
I think migrating away from office is not realistic for many companies. They run on Excel, and just breaking one vital table because it uses a macro can cost much more money than the entire office suite for many users over years. The Munich story was doomed to fail. (Of course there are lots of things that work, the open source mail or Zoom or Slack replacements are totally fine in my opinion.)
Most FOSS organisations, including the Linux Foundation, are headquartered in the US and are supported by American companies and, most likely, American three letter agencies.
Yes, but they work differently. Due to their decentralised nature there is not one switch they can turn to shut off their services or programmes. US companies can be ordered to stop their services for certain organisations, individuals or states
Sure, but then some may not remember how usage of the cryptographic algorithms was limited by the US government, including in Open Source software, all the way until late 90s in Central/East Europe.
See how well it works for countries that were cutted out of Github, where most FOSS projects are hosted nowadays, without copies anywhere else, as if Git wasn't any different from Subversion.
Yes - this is exactly the problem. Big Corporations, like Microsoft, the owner of Github, can shut you out. If you lose access to your E-Mail, or anything connected with your Microsoft Account (or Google Account) you will lose access to a lot of services that relie on it. And if you keep your source code with Microsoft and Microsoft only, you can lose access to it too.
Broadly speaking this tendency towards concentration and centralization is not only just going on in all aspects of society all over the West, more baffling in many ways is the fact that many of the instances of concentrating power and control is being facilitated and even perpetrated by the collective people themselves, e.g., putting all the eggs into the GitHub basket.
Regardless of why and how it’s happening, it seems extremely risky at best because all concentration of power and control tends to beget more abusive power and control.
Git is distributed. There are git mirrors everywhere and if you pulled the source code once locally you also still have it.
The problem isn't git -- which is open source -- but Github, which is Microsoft.
There are other open options for hosting git FOSS projects.
It is really important to not build your national infrastructure around closed-source proprietary software that other nations control.
I lived in Latin America for a year. It is shocking how much everything relies on WhatsApp. I got everything from visa appointments, airline tickets, to restaurant bookings in WhatsApp.
Huge national security in my view.
It used to piss me off now I despise it.
Another massive problem is if Meta has a fit with your organization, they can ban you from using WhatsApp for Business. All these Latam countries should and must pass regulations to avoid this kind of behavior. Free market all you want but if you captured market, it’s the nation’s responsibility to ensure their people can get the best service even if these companies are hating each other.
I'm a capitalist but yes when national security is in play "free market" in my book doesn't apply. You can't have health appointments, airline tickets, government services by default on WhatsApp. Most don't even bother with email and just default to WhatsApp.
It was kind of the same but not as pervasive with Facebook Messenger in the Philippines.
None of those are national security issues though, they’re QoL issues. The problem isn’t WhatsApp owning the market, it’s governments making the choice to only make their services available through WhatsApp and providing no alternative of their own to receive services. Every single “WhatsApp is too dominant” story I’ve seen usually boils down to governments acting as enablers for the supposed issue themselves.
You don't think WhatsApp for some reason stopping to work and airlines losing their default way to issue tickets is a national security issue? How about health care appointments with national ID and address on them being sent as PDFs and stored on Meta's servers? All of those are massive national security issues for me. It can grind the country to a halt for days on end.
There's a reason South Korea has laws requiring all data on its citizens and geography to be stored in Korea. Even Google Maps doesn't quite work in Korea.
South Korea is not a great example here. It's been weeks since the big data center fire and they've barely started to recover. Storing all data internally can really backfire if best practices aren't being followed, and that's a lot more likely with a not-invented-here approach.
https://www.koreatimes.co.kr/southkorea/society/20251009/rec...
Why are they running everything through WhatsApp in the first place with no alternatives? Using WhatsApp as a convenience is fine, but if you’re doing it with no way to not use WhatsApp or obtain data through an alternate mechanism other than WhatsApp, that’s what is causing your problems.
Issues that threaten national security are issues that threaten a nation’s sovereignty, put it at risk of war, or compromise the security of high ranking politicians, members of a nation’s intelligence service, military assets, and other issues of that caliber. The potential to miss flights or health care appointments does not rise to that level, but if it’s an actual problem, then it’s something solvable without reaching for the anti-monopoly gun or national security gun and a good start would be governments not using WhatsApp as an exclusive mechanism for obtaining government services. The second step is governments mandating that businesses in healthcare or transportation and other such critical industries have alternative mechanisms for customers to reach them other than WhatsApp.
Of course they are. It’s basically foreign soft power infiltration, invasion, control, and conquest. WhatsApp is Meta, Meta is deeply associated with not only the US government and its agencies, but the various entities of state control in the subordinate countries that believe they are being provided a means of controlling their countries, but do not realize or are deliberately subordinating themselves to the empire that is called America.
The pernicious thing that neutralizes many people like yourself, is that you cannot understand that meta/Facebook/WhatsApp is not just innocuous private business somehow magically different than the government in which at least you have a theoretical level of control over in a democracy.
Every place that an “American” company controls aspects of a technology inside a society is effectively to that degree conquered by the “USA”. One’s own country simply does not exist anymore to the same qualitative degree that it is controlled by foreign technologies/companies. That is also the revealing argument the system made when it threw its fit about the Chinese control of TikTok! So at least the “American” system believes it… “The lady doth protest too much, methinks.”
> The pernicious thing that neutralizes many people like yourself
I get exactly how people view private American companies abroad and that’s irrelevant to what I actually said.
Why are governments running all their communications and services through a private American app? Even in America, we’re not doing that, and there is always a fallback in some form of the telephone system, email, the postal service, the web or just showing up in person for anything that is absolutely essential. If I’m doing anything through a 3rd party app like WhatsApp instead, it’s either not that essential, or I’m doing it as a convenience but the fallbacks are always there.
So when people are talking about utterly essential services being run through WhatsApp and only WhatsApp, that seems like the obvious problem, because if that’s true, that’s also very stupid, and also a very stupid choice. Facebook profits from the situation, you could even say America profits from the situation, but you can’t say it isn’t without mutual engagement and compliance on the part of the supposedly aggrieved parties here.
Yes. Absolutf*kingeverything is whatsup. That was annoying at the beginning.
But: people there are practical and flexible. It would take days to a month to migrate, what is impossible in first world, just take Germany as an example.
Also whatsapp is e2e encrypted, so not so bad. In Germany many things go over FAX or mail, totally unencrypted…
Yeah it is annoying on principle having everything on WP but it's not the worst piece of software (yet). I think I would rather have it than the American system and their blue bubbles vs green bubbles or fragmentation between multiple incompatible and shitty proprietary messaging systems.
What is "firat world"?
Probably a typo „a“ is next to „s“
First. Corrected.
In short: 30k users, 40k mailboxes, 100M emails and calendar entries migrated. The client is Thunderbird. The server / web side is handled by Open-Xchange, hosted by a local provider with the same name (AFAICT), which also offers commercial licensing for the otherwise-AGPL suite.
The service gets operated by Dataport AöR. Dataport is the primary service provider / datacenter of some german federal states and owned by them.
They client is mainly Open-Xchange AppSuite Web UI, some people use Thunderbird on top. There are also thousands of mobile devices, syncing via IMAP, SMTP, CalDAV, CardDAV.
Open-Xchange is most likely a more effective name for the combination Cyrus IMAP, postfix, etc.
Instead of guessing it's an easy lookup. OpenXchange is an app suite that's been around for >20 years. It's not some random ad hoc combination of software.
The email server underneath is dovecot btw.
The mail server is Dovecot Pro, with some high-scalability improvements.
There are no high scalability improvements, it is a regular Dovecot Pro setup.
44.000 mailboxes is not really big from Dovecot Pro point of view, there are dozens of other service provider customers running six to eight digit mailbox numbers on it. Biggest European installation serves 40M mailboxes although these are consumer / SMB mailboxes which lower load provide and size compared to Schleswig-Holstein.
So besides it being dovecot instead of cyrus, I am right?
Btw, cyrus and postfix are far from random.
I don't think so. Yes, there are open source components in there. But there's also a huge amount of their own code, and can iirc present as a whole MS Exchange server to an Outlook client. There's also a user-customizable web frontend with groupware-like features. The whole package is a lot different than just combining a few packages into a bare-bones email service.
Been saying it for years: the name of the (IT) game through 2030 and beyond won't be AI, so much as it'll be sovereignty. Everyone played the US' game and got relatively burned to varying degrees, so expect more countries utilize homegrown or FOSS products to retain sovereignty over their digital infrastructure going forward.
Of course you don't want to wake up one day and you can't access your mails because the US government doesn't like you. . Huawei had to develop an in-house solution after SAP cut them off.
SAP is a German company that was pressured by the US government (surely with EU blessing - Huawei still has too much control over foreign infrastructure). I guess the lesson is that every country has to replicate software autarchy, and the easiest way for all but the largest countries is through FOSS.
> Huawei had to develop an in-house solution after SAP cut them off.
Every organization should be so lucky.
The rest of the world has had forever to do sovereignty, and the blessing of a FOSS ecosystem (that doesn't exist in fully 85% of alternate universes) which would make it absurdly easy. Europe has the same bosses as everybody else, and they pretty much pilot authoritarian overreach there before they try it in the US against a stronger constitution and clear Bill of Rights.
The reason Europe isn't independent is because they like that the US goes through their citizens' data, and are happy for Microsoft (or whoever, I guess Palantir, Crowdstrike, and 18 Israeli military startups) to package it up and send it to them. They love to not spend on tech and talk the future, just like they love to not spend on the military and talk tough.
The reason they talk about US tech domination is to whip up a "nationalism" which is, of course, an EU federalism and a usurpation of the self-determination of the various nations of Europe for the sake of the deep pockets that dogwalk the EU to where they want it to be. It also keeps France and Germany in the center of Europe forever. They don't talk about "tech independence" because they mean anything by it.
They've had 30 years to grab FOSS and run with it, and infinite cash. Instead, you got cookie banners, social media monitoring, and in a minute, chat control.
The only people who are seriously working on digital sovereignty are the Chinese.
edit: I'd like to add that I'm all for Europe going all-in on FOSS, or (less-so) even coming up with a full proprietary ecosystem completely independent of US tech overlords. This would be nothing but a benefit to me. It will just never, ever happen. Any European who would be expected to pay for it is already heavily invested with US tech overlords, because billionaires aren't nationalists, they're narcissists.
Population decline and climate change impact may not provide enough surpluses in capital for specific areas to invest in reinventing various solutions unless AI makes the cost extremely low.
Everyone likes to trot out “bUt ThE cApItAl” as an excuse to justify their current thing they’re really into, but the fact is that every single time a cause becomes important enough to fund, we always find the money somehow.
This time will be no different. If your choices are sovereignty or subjugation, most organizations will fight for sovereignty when pressed beyond a breaking point or the math adds up in their favor. It might mean pulling funds from highly speculative fields or investments (y’know, like AI) in favor of more immediate benefits and gains, and everyone’s calculus is different, but to those for whom sovereignty is more important the capital will inevitably be found.
> every single time a cause becomes important enough to fund, we always find the money somehow
We as in America, the richest country on the planet? Yes. We as in various countries that went bankrupt, collapsed or got invaded over the centuries because they broke their piggy bank over a boondoggle? No.
USA also got a household that barely lives on its debts. Richest nation? Probably china already.
> USA also got a household that barely lives on its debts
So did every empire in history.
> Richest nation? Probably china already
If you’re not guessing, the answer is a clear no. (The best source on this might be the CCP. They don’t claim parity because Beijing isn’t delusional.)
More fundamentally, the question was on budget constraints. Credit and cash buy the same infrastructure, healthcare and open-source software.
I think the big thing will be FOSS solutions. That way the Europeans, Chinese, contrarian Americans, Russian, etc can use the same code and share capital costs without actually having to trust each other.
You raise a valid point, the resources we will have to put towards climate mitigation and dealing with extreme events will be a drain on productivity in other areas. However I think that will mostly be the case for “real” technology, I think capacity to produce software will be minimally affected even if there was no AI.
Indian government announced its decision recently to migrate the IT software of all its government offices and PSUs (public sector units) from Microsoft to Zoho (an India-based IT company, whose affordable products are good alternatives to Microsoft and Google's products).
Zoho has recently (re)launched Ulaa browser (Chromium fork, alternative to Chrome and Firefox) and Arattai (messenger app, alternative to Whatsapp and Singal), which are getting quite popular (Arattai and Ulaa topped Google Play Store recently in messenger and browser category).
https://www.newsbytesapp.com/news/science/meet-ulaa-zoho-s-a...
Good news but it would be much better if Zoho would be committed to open source its software.
Corporates (even governmental companies/ departments) don't usually go for Open-Source since the code may not be maintained and there may not be any support.
This is why FOSS systems like Linux and OpenOffice are still not mainstream in the corporate world (though Linux rightfully dominates in the backend server market), whereas Microsoft rules the corporate world with its expensive software (Windows and MS-Office).
Plenty of server-side FOSS is mainstream. Maintainability of the code is not the problem — there exist commercial support options. On desktop FOSS often has inferior usability for non-tech users due to different incentives for product development. If you ask anyone in the legal or accounting departments of a corporation, they will demand Microsoft (not even Google) not because it’s more expensive or has terms and conditions, but because they just can’t feel themselves productive when using alternatives. LibreOffice is not bad, but it isn’t great too.
> since the code may not be maintained and there may not be any support.
Isn't this an argument in favor of open source? Zoho may not be around forever, but open source code is, and you could just pay someone to work on it.
Try getting support from google
Just curious: why is committing to open-source an expectation? Is it a moral standard you hold of businesses or is it because of the govt adoption?
Open-source has many technical advantages over closed-source, in addition to the moral ones (which are quite powerful themselves).
Being able to inspect the software you use makes you able to trust house it works, and fix it at points where it's not working; those were the first motivators for creating the FLOSS movement.
There's also the advantage that in the long term you don't depend on the company developing the software; if the company goes under, or simply stops supporting the software, you can hire a different batch of developers to carry on maintaining it. That's the reason why many big contracts require that the software vendor puts the source code under escrow.
In reality, closing the source of software only benefits the seller; everybody else benefits from having it available. With FLOSS, you get that for free.
Being a closed-source stack, their CVE disclosures [0] paints quite a sorry picture, unless, of course, they’ve built such mind-blowing security that it makes Microsoft, Oracle, Salesforce and Google combined look like amateurs.
[0] https://www.cvedetails.com/vendor/14145/
You are criticising them for their lack of CVEs?
And to top it off you add Microsoft into your mentions, that just had a disastrous security bug, that was just mind blowing?
I get what you are saying but the FANG evangelism gotta stop. They are just like other huge companies. When was the last time your bank got hacked?
Zoho is interesting in the sense that it is one of the few email providers I know of that lets you use a custom domain with one of their free plans.
Very startup friendly. Also free POP/IMAP, so you are not locked in.
That used to be the case. You can still get free email hosting, but POP/IMAP needs a paid plan.
Zoho's plans are very affordable and friendly for startups.
That affordability, quality and service is why Indian government is migrating its IT dependencies from Microsoft to Zoho.
France is currently developing La Suite numérique[1], which includes email based on Open-Xchange. The German federal government also proposes Open-Xchange in their openDesk suite[2].
[1] https://lasuite.numerique.gouv.fr/ [2] https://www.opendesk.eu/en/product#email
Another missed opportunity to make a EU-wide project.
Why would we even want that, the whole point is to break the monoculture and single vendor dependency not to create an new mostly irrelevant one to be stuffed with has-been and rejects from the national levels the way most of EU's big prestige projects end up being run.
One of the thing that sets EU apart from most federations is that it kind of enables a lot more regional independence in how things are actually implemented while still guaranteeing the rights of the individual citizens, this lead to a lot of dynamism at the local level despite the failings of the central level, and allow this kind of projects to succeed and create paths for others to follow at their own pace.
Maybe both? The EU could have a reference implementation, without mandating its use. The current EU model requires each member state to implement everything from scratch, obviously with subtle incompatibility that never gets fixed.
On one hand, yes. There should be a good EU-wide easy to adopt system.
On the other hand, the more people are involved, the slower progress is. And It makes sense to accelerate nationally and then combine EU-wide later on.
If more of this happens, especially in email, maybe Google, Microsoft and friends will be forced to democratize their email blacklisting. When countries start suing because email from government agencies is not getting to their citizens, these lists will hopefully get more decentralized.
What do you mean by democratize their blacklisting? Like having people vote for who is blacklisted?
I mean being transparent and provide a direct means for recourse.
This should be quicker. It is time to end the US hegemony in Europe.
> It is time to end the US hegemony in Europe
That only happens if Europe militarizes. The security guarantee, not Microsoft Office, underwrites the dependence.
Only guarantees Europe currently have are nuclear missiles in France and maybe UK.
> Only guarantees Europe currently have are nuclear missiles in France and maybe UK
The security guarantee is from Washington. Europe is de facto de-militarised when it comes to protecting its geopolitical position. Dumping America as a security partner would require materially reducing standards of living across the Continent, something Europeans are reluctant to do.
> Europe is de facto de-militarised
What an absolutely ridiculous statement.
German here. We need to get our shit together yesterday. But we're mostly just fumbling around.
Highly unlikely given your average age is 46. The time for draconian fertility policies was about 15 years ago. I think at this point most Europeans are just waiting for fiscal collapse.
Unfortunately for Europe, once Trump leaves they will forget all about building up their military.
I hope we get regular updates. Email deliverability is a frustration outside of the M365/Gmail ecosystems, but it’s not as bad as it’s sometimes made out to be, and I’m optimistic that increased rigour with the implementation of SPF/DMARC/DKIM will lead to better deliverability across the board. I’m curious if they see increases/decreases in spam, missed messages, successful phishing attempts, etc. Lastly, I’d love to know if they have had to change any security policies, and how are they handling identity management across the organization.
> Email deliverability is a frustration outside of the M365/Gmail ecosystems, but it’s not as bad as it’s sometimes made out to be […] I’m curious if they see increases/decreases in spam, missed messages, successful phishing attempts, etc.
It's probably not much of an issue in this specific case. If someone doesn't get your email, that's your (the sender's) problem; but if someone doesn't get the government's email, then that's their (the recipient's) problem.
To add to this, most emails are likely within the organization and/or between public institution.
E-Mail was (last time I checked) not an approved medium for delivery of important documents as it does not (per design) have a mandatory receipt of the message being delivered. So a citizens does not need to worry a lot about this for important documents/mail.
(Fax was so popular for public institutions in Germany because it satisfied this standard. It meant it usually was the lowest barrier option and you could rely on it for all (un)important documents)
As former email admin, it’s not bad if someone is dedicated to it and you have your own block of IP. It’s frustrating for self hosting because lack of your IPs and most people don’t want spend free time on this busy work.
We operate an MSP business for tens of thousands of customers and have our own ASN, but gmail outright refuses all our corporate email. Why? We do not know and gmail refuses to tell us. Their postmaster tools lie, are incomplete, display no data, display errors or contain no useful information. There is no human postmaster to contact, all our attempts have been ignored successfully. It’s downright silly but we have to send our corporate mail via a paid third party relay to be delivered to gmail.
These gmail postmaster tools seems to exist to make antitrust cases difficult, not to enable other MSPs to deal with deliverability issues.
At the same time gmail is emerging as the number one source of spam for our customers. If our spam fighting is too tight we falsely flag important mail as spam, and this is absolutely unacceptable to customers. As a consequence we have to relax our spam classification for gmail senders, which manifests itself in false negatives from the perspective of our customer.
But to the customers this reflects on us, not on gmail.
It’s just gmails best interests to make other MSPs miserable to operate. It drives our users to them.
Even if you do ALL the techinical work you can still find yourself banned/ignored as I learned years ago the hard way.. even big providers outside MS/Goog duopoly finds themselves partially unable to deliver business emails at times.. fun times for a small shop (not).
Are you suggesting that people who want to communicate with their government might have to have an account with a service that is not M365/GMail?
And?
So weird how HN ranking system works. Same article submitted 2 days ago barely got any traction:
https://news.ycombinator.com/item?id=45538928
Good luck to them!
On a nother note: still 1+ year(s) until we get a real email database (enabling gmail like thread view) in TB. [0]
[0] https://blog.thunderbird.net/2025/10/video-conversation-view...
Oh, sounds like Microsoft needs to move their German headquarter again.
I wonder if they will dedicate resources to help the development of their open source tools?
Great and I wish they keep at it.
However we have gotten multiple efforts in Germany that have been rolled back after a new administration takes over.
A few years ago there were a few libraries in NRW using SuSE, and nowadays it is Windows on kiosk mode.
I’m going to float a compromise that works pretty well and helped us get off Office with absolutely minimal effort…
Exchange Online Plan 1 (the cheapest, no Office)
Apple Mail (Active Sync), Pages, Numbers, Keynote (all free, perpetually, and mobile apps are available)
Since these are packaged as store apps, we still get basic MDM and the ability to deploy/autoconfigure/autoupdate. Active Sync allows us to get email notifications in near real-time to mobile devices (which is otherwise difficult), as well as wipe emails remotely on lost devices if we need to.
We get data sovereignty by using a Synology NAS, which has a Task to encrypt everything and upload it to Cloudflare R2 as a backup. We could really use any NAS solution, but so far Synology is hands free and can sync everyone’s emails from Exchange to the backup.
Will ditch Exchange when someone finally starts an antitrust on Microsoft/Google email hosting.
If they (and every public body doing the same move) now start donating 50% of their previous costs to the FOSS projects they, that would most notably put mozilla in a much better position to not have to bow to google money and go down the route they did lately.
Why do we want them to donate money rather then time/people.
The Schleswig-Holstein email migration is so complicated, only three men in Europe have ever understood it. One was Prince Albert, who is dead. The second was a German professor who became mad. I am the third and I have forgotten all about it.
In stark contrast to the dutch taxes division moving fully to office 365 this month.
Interesting. Apparently they are planning to spend €2 million a year just to keep manual backups of critical data in case the US cuts off access.
https://www.dutchnews.nl/2025/10/dutch-tax-office-moves-emai...
The Swedish tax authorities went all in on Azure. Insane. And screw solidarity with the Danes. We rent our digital infra, and now the Don extractive rents. He also threatens us if we want to have our own laws or, god forbid, support our own digital infra.
Ok… that’s odd. Wouldn’t expect anything like this from the Dutch government, since they have a very progressive digital image in Europe.
For the past 15 years being progressive meant moving everything to the (US-owned) cloud
Netherlands is generally very sensitive to price, so if the US cloud (plus the 2 millions for the backup) was cheaper than the alternatives they gladly took it. Also, I would expect Microsoft offered them a big discount...
Image ≠ reality :)
It's a great move. I doubt it will add any substantial security measures, but the fact that more people -either individuals, organizations, or even governments- are disconnecting from the major big tech players is always a good sign and a healthy approach, especially when these few big companies are actively becoming hostile towards their users with different money-grab tactics and invasive technologies. Add to that AI craziness, and you are not a user anymore but a minion or a drone to such companies.
I vaguely remember this area from my history classes. Was it one of the two areas grabbed from Holland?
There was a war over it in 1864, as the Prussians grew to become Germany taking the land from Denmark.
https://en.wikipedia.org/wiki/Second_Schleswig_War
> Was it one of the two areas grabbed from Holland?
Denmark, but being dutch vs danish is very commonly confused/conflated in the US :D
Ah my bad! Thanks for the clarification. The name is pretty special so it brought forward some memory.
Haha sorry if I came across salty, I just wanted to joke around.
It is true though. Can’t count how many times I’ve had this exchange “Oh danish huh? I love Amsterdam!” (the dutch capital)
Europe is full of tiny countries and I absolutely can’t name all 50 US states or place even half on the map. No intention of shaming
Not quite.
https://en.wikipedia.org/wiki/Schleswig%E2%80%93Holstein_que...
No
You're probably thinking of Denmark. TL;DR:
See also: https://en.wikipedia.org/wiki/Schleswig%E2%80%93Holstein_que...where does open-xchange store its source code? github repos seem to be outdated
Looks like a self-hosted gitlab
https://gitlab.open-xchange.com/
Wait so you need an account to view the source code?
Not exactly (site:gitlab.open-xchange.com in a search engine gets you the links to access the projects directly), but the explore page is indeed restricted.
You can thank AI bots for that.
Wow didn't realize it has comes to this. I guess the AI bots are ignoring the robots.txt now days huh, so just removing the index seems enough to stop the AI scrappers?
Yep. I have my own small gitweb server, and I was getting literally thousands requests per second from bots who try to crawl through all the links.
Props! I hope they keep it and don't use it as a play to get a better deal from a commercial provider. I am jaded after seeing too many "digital transformation" projects running on a 3-5 year cycle of switching from Offie 365 to Google then back to Office 365.
[flagged]
What’s that to mean in particular?
I’m trying to read this but I keep getting popups and redirects. WTF?
works fine with Firefox + uBlock Origin
Here is an archived version: https://archive.ph/H2IKF
No problemon vanilla android chrome.
Look at the username. Troll account.
Schleswig-Holstein is even harder to pronounce then Massachusetts.
It's quite easy for English speakers.
Sh-less-wig Hole-stein or Shlayz-wig Hole-stein.
And this my friend is both not correct. :-) I am from Schleswig-Holstein btw..
I don't know why you're getting downvoted
Because they tried to pronounce Schleswig-Holstein in a correct way and now their tongue hurts really bad. :-D
Hmmm. I am not sure.
"Hol" is short. Stein is like a beer keg or stein beer.
Schleswig is a bit awkward of a word. But Holstein should be easier, also there is the Holstein cow, black-white fur.
If you can read the phonetic alphabet, the pronunciation is given on both the German and English Wikipedia page for Schleswig-Holstein. But the English page gives an English variant, not the original (and correct) German pronunciation.
What about Connecticut though?
I just go with The Nutmeg State. Much clearer for everyone.
(As a RI/ NH New England lifer, I, as is typical of us, think of Connecticut as New York's attic: a place you hide that which you don't need anymore but it would be gauche to throw out.)
Arkansas takes the crown I think.
For people never hearing an American say that: It is pronounced "Ar-kan-saw". It is written so strangely because it was named by the French and their stupid silent s.
Is it Ar-kan-saw, or Ar-kan-Sah?
The website of the Arkansas Secretary of State says "Arkansaw" and includes this gem:
"During the early days of statehood, Arkansas’ two U.S. Senators were divided on the spelling and pronunciation. One was always introduced as the senator from “ARkanSAW” and the other as the senator from “Ar-KANSAS”. "
https://www.sos.arkansas.gov/education/arkansas-history/how-...
Further down it says:
>In 1881, the state’s General Assembly passed resolution 1-4-105 declaring that the state’s name should be spelled “Arkansas” but pronounced “Arkansaw”.
The pronunciation preserves the memory of the Indians who were the original inhabitants of our state, while the spelling clearly dictates the nationality of French adventurers who first explored this area.
Explains everything…
> Massachusetts
If English had proper 'c' (not just fake 'k' or 's') you could simplify it at least to: 'Massačusec'.
Similarly 'Schleswig' can be compressed to 'Šleswig'.
Why stop there? Maßačusec