What I do not understand is why not to work with the openSUSE community, or fork from them. But instead use a USA based distro like Fedora.
openSUSE has all their tooling based in EU ground. For example, OBS that is the build service, has the machines around Germany or Prague. A big bulk of the community is EU based, (with very relevant contributors from many other places), and SUSE, the company that is helping (via infra and some packages) is from Germany.
I do not known if sovereignty makes sense in the open source world, as at the end is a joint effort of multiple developers from many (and some times confronted) places, but if it does make sense then I would value more those other criteria.
Especially weird since the dude behind it is professionally situated in data protection policy work.
Going with effing IBM is a really weird thing to do for his "Proof-of-Concept". Debian for its robustness or openSUSE for being distinctly european would have been much more inspiring.
I agree. I use both and have a slight preference towards Fedora these days, but nevertheless I believe that the foundation for the EU OS should be a European distro. Practically there is very little difference between OpenSUSE Tumbleweed and Fedora.
As of February 2025, the Board has the following members:
Dr. Gerald Pfeifer (Austria), Chair
Ish Sookun (Mauritius)
Jeff Mahoney (United States)
Rachel Schrader (United States)
Shawn W Dunn (United States)
Simon Lees (Australia
And there's no clear value-add here. I am particularly adamant that Linux needs to move towards reproducibility yesterday, since the ability to inject spyware in Linux is first and foremost a process risk.
That is a key area too. I know that most of the distros are working in that direction[1], and in the case of Fedora, openSUSE or Debian they are reaching high level of reproducibility.
Those distributions are making huge efforts in keeping a core that is 100% reproducible, working upstream to fix issues, and providing reporting and tests tools to detect regressions (for example [2])
Not a fan. When I tried it a few years ago, I acquired significant painful scar tissue. It was very Windows-centric, and Linux support was an afterthought. It was more arcane than Active Directory.
After I left Univention behind, I migrated to JumpCloud. It has its faults. Linux support is also secondary to Windows support, but for me, it was several orders of magnitude easier to work with than Univention or Active Directory.
I miss NIS. It made many aspects of managing a collection of Linux machines much easier than anything to date. I hope that the future EU project does not adopt Univention, or anything like Active Directory. Instead, look to where NIS was successful, where JumpCloud is successful, and come up with a better solution overall.
Hrrm. I mentioned them, because I've used parts of their stuff in the past. Never their full distro, though I know people who did in the field of schools.
So they seem to know the stuff necessary to integrate in larger orgs with heterogenous systems.
Scar tissue seems to be unavoidable from Linux POV having to play well with Windows as it is, and has to be deployed in larger orgs.
Whatever. I doubt that this EU-OS people even have a clue about the basics of that.
> What if you actually can’t predict the future and climate change is actually good?
Is this how rational people react, or is some spiritual response talking from fear?
How can be the depletion of biodiversity, the increase of temperatures and the disappearance of ecosystems that we need to survive "good"?
As a community we do no have a crystal ball to predict the future, but we have science and technology and the predictions from there are clear: it is not good for us, and it is not good for the current species.
The far future, the very far one -- sure -- the are good chances that new ecosystems will appear adapted to the new environments, but those will not be "nice" for our current expectations.
A doing-nothing-and-hoping-for-the-best strategy is a guarantee for massive wars, hunger and suffering, as happen many times in the past (but never in a scale of 7.000.000 population)
Your entire framing of the world is engineered by pessimistic news articles which only tell a small part of the story.
Is loss of biodiversity bad? Maybe. Will we have resurrected most extinct species using jurassic park DNA within the next 500 years? I dunno but if that happened, it would make the current loss of biodiversity into more of a blip than an apocalyptic thing.
The science and technology enterprise is economically motivated. It is pretty good at creating value out of fewer and fewer resources. It is not good at making godlike insights into the far future about the late stage interactions between itself and the physical world. Any definite predictions provided to you are more likely driven by short-term incentives of some political figures.
There is nothing indicating massive wars are coming due to climate change, most of the world is lifting out of poverty not slipping back into it. If the world does heat by 5-10 degrees, we should be focused on making sure indians and africans have enough economic resources to afford air conditioning like we do in rich countries.
What an absolutely bullshit take, honestly I have a hard time reasonably reacting to it, it is so dumb.
We can’t predict the future down to a point, but we can make good, large-scale predictions with good accuracy — global average temperatures will increase and by every prediction, that will have catastrophic results. Period. That’s not some doomer news, that is reality. We can’t predict how individual countries will react, but that is not the question.
I’m sorry man but based on the stuff I’ve worked on and the situations I’ve seen, it just seems more plausible to me that the scientific enterprise tasked with scaring the shit out of everyone is not sampling and unbiased distribution.
What scientific enterprise? You do realize there are plenty of countries/institutions with widely different monetary/political incentives that finance absolutely separate groups to do research?
So unless you believe in some Secret Government that controls everything, it is just a completely naive take that has no basis in reality. We can’t even coordinate a single country’s various, independent incentives even in very authoritative governments — and you believe that every study made is financed with the same incentives? If not, you can surely list reputable studies that call out the fake research, right?
Dude neither of us have ever read a scientific study about climate change. We are both going on bullshit we read online and related to experiences we had in corporate land. Maybe I read more right-leaning stuff so I have a more counter opinion. Don’t pretend any of us are fact checking the magical climate science, we aren’t.
The one thing I actually have firsthand experience with is computational complexity. And after thinking about it for a while, it seems plausible to me that we cannot know the scientific prescriptions we see in negative climate coverage with nearly the definitiveness that they claim.
And it also seems plausible that a lot of people gradually managed to form a doom and gloom committee to find doom and gloom in a noisy world where there aren’t that many definitive answers.
> The one thing I actually have firsthand experience with is computational complexity.
If that's the case then I expect you're well across the Dzhanibekov effect and the fact that the long term arc trajectory of (say) a spinning wingnut can be extremely predictable as its CoG follows the usual equations of motion while its short term tumblings are utterly unpredictable and chaotic.
The key point being that the corase climate model is pretty damn simple in terms of basic thermodynamics.
Heat from below (core), light from above (sun), energy absorbtion in the sea and land, energy transform to heat, heat radiation outwards, some heat entrapment by insulation.
Increased insulation ==> greater heat entrapment, etc.
To be sure the fine details of interplay within and between climatic cells are challenging .. but the long term arc of more and more energy being trapped leading to more heat, more storm energy etc is straighfrward enough that it was first done as a back of an envelope calculation more than a century ago.
If you're demanding an exact time table on what and where will reach what tempreture when .. then you'll be sorely disapointed.
Otherwise its a simple case of we're in the direct path of a massive fully laden train that is ever so slowly derailing.
This makes sense and gives me some things to learn about, I really appreciate it.
If climate science is correct, the one hole I still see is that it doesn’t take into account future improvement in technology, which I think might have some solutions especially when the problem actually threatens an economic player like a 1trillion dollar company. It is basically a choice to believe something good like this can/will happen, so you could call this out as semi religious.
You're welcome, athough to be honest I hadn't been paying attention to individual names, just watching a newest comment scroll and responding to various comments re: climate science (I've been in exploration geophysics for some time).
Looking at some of your responses to my comments:
> The problem is that you are recommending we turn off capitalism
I made no direct recomendation although I suggested various approaches - I'm not sure where on the globe is practicing fully informed free market capitalism but I'd certainly want to regulate it in the same manner as we regulate engines of power to avoid them becoming unbalanced and walking across the floor just as first generation unregulated steam engines did.
From a complex dynamics PoV Adam Smith was a first order basic bitch (as I believe the young people of the day might say).
> we will doom the world’s poor people to lives of certain poverty with no hope of upward mobility.
Mighty white of you to say so, maybe you might want to ask some of the worlds poor what they want.
The people I know that have nothing (I grew up in very outback Australia) want their land back, they want the "developed advanced nations" to stop dumping waste and shit on the land they've cared for the past 40+ thousand years, and other such novel ideas. eg: [1] [2] [3]
Not one has mentioned wanting yourself or others to speak on their behalf.
Of course there are many people across the planet, I wouldn't assume to speak on their behalf - although I did gain some perspective travelling through roughly 2/3rds of the worlds countries in many of the more undeveloped areas.
It's a bit of a bone of contention that so many of these massive copper and lithium deposits are on indigenous lands.
Perhaps the question you best dwell on is whether endless growth and increasing consumption is really all that certain groups of people seem to think it is.
> If climate science is correct ...
It's 2023, the time for "if" was 40 years ago - are you questioning "If GPS science is correct", "If Magnetotellurics is correct", "If the James Webb telescope actually works", "If the Finite Element Method is real", etc.
> ... it doesn’t take into account future improvement in technology
Nor should it, but of course climate models can be tweaked with "what if scenarios" - what if the suns input could be reduced (outward reflecting bubbles in space twixt earth and sun), what if X million tonnes per annumn of C02 can be captured and sequested 'somehow', what if we build out thousands of acres of solar PV and mass produce green ammonia to offset the climate effects of the Haber–Bosch process, etc.
Okay, so I'll try to explain how does global/troposphere warming works:
The earth must radiate all the energy it gets from the sun (else we break physics).
A third of the sun's radiation is reflected directly.
The rest have to be radiated. Calculation show that the temperature needed to radiate the excess energy is 155K. Also, plank's law make that this radiation is mostly infrared.
The atmosphere (GHG concentration especially) makes that the point of emission of the energy is not the earth surface, but high up in the troposphere. The temperature this point need to reach is 155K. To reach that, the point below has to reach 156K, the one below 157... (it's not really discrete values, and it's not really temperature but energy, but I'm both simplifying and explaining in a language I never used for physics or math before).
So, rising the number of Co2 molecules at that altitude (and especially higher) will move the point of emission up. But that new point of emission isn't at 155K yet! So for a while, the earth will absorb more energy than what it's emitting, until the new point of emissions reach 155K.
So basically the balancing point at which CO2-based heating stops is bounded by this 155K number, which I’m assuming relates to something really hot and bad on the surface. This means that with just this model we will all die.
Can we not just seed clouds to reflect lots of energy back into space though? Maybe that is a stupid idea, but I could come up with 10 ideas like that and maybe someone could come up with an idea like that, but which actually works.
The temperature on the surface depends on the altitude the surplus heat is emitted. This altitude is variable but is constantly increasing as Co2 concentration at high altitude rises (it rises by osmosis, and basically the current concentration is what was on the surface 20 years ago).
We have to issues:
we don't know how the feedback loops work: we are jumping into the unknown, we have no data to predict the risks: the only thing we know is that between the last ice age (1km ice sheet over Canada, Sweden) and the climate we had for 10000 years, until 1850, the difference in global temperature was 3,5K (2% increase).
The second issue: the transition lasted 10000 to 20000 years. We are on a real, really fast track and making the same transition in 100/200 years.
Now my opinion : we aren't doomed as a specie. In fact, I'm pretty sure mammals can thrive in jurassic era temperatures. But I do expect a lot of death because the transition is way, way to fast. We are unprepared. And a lot of species will disappear. Also Zooplankton is dying because marine CO2 concentration is too high and the ocean is too acid for zooplankton to form shells from CaCO, which is an issue caused by CO2 but unrelated to tropospheric warming.
Climate engineering is way harder than that (we want to avoid acid rain, reducing direct sunlight will reduce photosynthesis, so as long as we have famine, we want to avoid it too. Augmenting the albedo on the surface is an OK option in hot countries).
> the TPM enables verification of a particular state of your system, i.e., a particular set of binaries and OS configuration
That is a bit misleading. The TPM is a passive device, it cannot verify any state. It is the OS who measure the system (in Linux via the IMA system). And is the Linux kernel the one that, if you have a TPM, can produce a process where a 3rd party can be sure that the measurements are "true" and "legit" (via PCR#10 extension).
As you state later, it is this 3rd party the one that assert (verify) if you are state considered OK or not.
Maybe I am too simplistic, but I do not see the evil in the TPM here, but only in the 3rd party policy.
TPM can be abused but, as a developer, I am happy that we can use the TPM for good and fair goals in open source projects.
It is the user who can decide to use the TPM or not, and should be noted that in the TCG specification it is stated that the TPM can be disabled and cleared by the user at any moment.
>
Maybe I am too simplistic, but I do not see the evil in the TPM here, but only in the 3rd party policy.
The evil is that the "Trusted" in "Trusted Computing" and "Trusted Platform Module (TPM)" means that one deeply distrusts the user (who might tamper with the system), but instead the trust lies in the computing (trusted computing) or TPM. In other words: Trusted Computing and TPM means a disempowerment of the user.
I'm not sure if I understand your argument. As long as you can put your own things on your TPM and use it for your own good it's not too bad right? And in corporate environments it's reasonable to not own your own device right?
Sure Infineon can probably get my data, but that's far beyond the scope of my threat model.
As long as the system is open to putting your own keys on there I'm fine with it.
> I'm not sure if I understand your argument. As long as you can put your own things on your TPM and use it for your own good it's not too bad right?
As long as software that uses the TPM cannot detect whether you tampered with the TPM or not, it is principally all right.
But as I wrote down: this is exactly the opposite of what trusted computing was invented for: make the machine trustable (for the companies that have control over the TPM/trusted computing), because the user is distrusted.
Indeed, so the user should not buy a computer where they're not in control of the TPM, if you can't disable it/add your own keys, then don't buy that computer
> That rapidly converges on "you can't buy a computer and use it", because economic interests favor trusted computing devices.
I would rather argue that it converges to "you become more and more morally obliged to learn about hacking (and perhaps become a less and less law-abiding citizen) if you buy a computer and use it".
Windows security models and policies are the enemy, not remote attestation (RA).
RA is a technology that has its fair use, and can be desired for other systems, like in Linux. With a pure RA system your services can decide to trust or not those devices on your network that can be compromised, and report to other devices that there is something suspicious.
As anything, this can be used properly to increase the security of your edge architecture, or wrongly to limit the users actions.
Let me put another example. With RA I should be able to authorize validated systems in my R&D VPN. If you are using your own laptop with the company certificate, and the verifier tag the systems as "unknown" or "unhealthy", it will not allow the access to the internal network, but sure you can still use your laptop for anything else. This, IMHO, is a fair use of this technology.
Yes, lots of Linux devices apply it like that today: You can't use your banking app or consume DRM crippled media on your Android phone if you have root or run a open source Android distribution.
Yep! Basically, it's safer if you don't own your PC. Think about users with a million toolbars and Bonzi Buddy installed.
Of course, the system for it is rudimentary, and puts a disproportionate amount of control in the hands of providers. And that works very well for them too.
> Yep! Basically, it's safer if you don't own your PC. Think about users with a million toolbars and Bonzi Buddy installed.
And it is a pretty terrible solution to the problem.
- It is also keeping the good guys outside too: Anyone that want to analyse and understand the security of the system for good reasons cannot. Excepted if explicitly allowed by the corporation X and that is a terrible security property.
- No root access also means very little control or ability to scan the system itself if your are not the X corporation controlling it. That means no possibility to mandate reviewer corporation Y to check that corporation X is doing the right thing.
TPMs currently make that even worst by design, they are undocumented and complex, therefore rely on blind trust that company X do the rthe ight thing. And since the Intel management engine fiasco, we do know they are not doing the right thing.
- Bonzi Buddy and toolbar type of problem can be easily avoided by separating properly the normal user account from any admin account(the unix way). It should be painful to be admin but not impossible, just to make sure your grandma do not install a rootkit by mistake when she want her 20% coupon.
In summary: That is mainly bullshit from company X to keep full control on the entire user device, and not for their own good.
I agree. In a proposal like this, security is basically a byproduct, and sometimes not even that[0]. This is also a domain where the governmental and corporate powers have a similar goal, which is wresting away the control from the public / individual. They basically work in synergy, only to a point of course, but still.
Regarding Bonzi Buddy, I disagree. I think user data is as important, if not more important, than root access - which is why I'm dumbfounded when ancient server security features, like Linux's sudo system, are applied to the consumer device like a PC or a smartphone. These contexts are much better server by a sandboxing, permission-based whatever that seems to pick up steam, like the current permission systems on smartphones. Grandma's logins and bank data will be stolen from her own user account just the same as an admin account. Related XKCD[1]
> like the current permission systems on smartphones
Ugh, except that one goes overboard in the completely opposite direction, and often doesn't let me properly share data between apps even when I want to.
Think about users with a million toolbars and Bonzi Buddy installed.
I say let them be. As long as they also have the freedom to remove or not install such software, it's a good thing. Instead we have locked-down devices with the functional equivalent of such unwanted software, protected so that you cannot remove it without somehow getting root.
"Those who give up freedom for security deserve neither."
My parents grew up in a non English speaking developing country, and they cannot be reasonably expected to learn the nuances of malware laden links to figure out which English text link is good or bad.
Do they deserve to not be able to shop online without fear of having their payment information stolen? Or mistyping a URL in their non native language and ending up at a scam website that installs malware? Or simply having a device that comes to a crawl such that they cannot reliably video call their grandkids?
I can assure you that the upcoming generations aren't much better at any of this, on average.
And no, it's not smartphones' faults. Most people just don't "get" desktop OS paradigms, or how web pages work, or any of that, and they don't really care to.
In a sane society these features would allow secure voting.
In this one... that's not what they'll be used for.
This is the end game for the corporate internet. Not only can all your activity be logged, but if any of it is unwelcome - on any scale, from family to school to work to country to world - you can be locked out.
I feel like it's flawed. Voters and politicians abuse it left and right - pun intended. I don't think we ever came up with anything more humane though, and I don't wish to change it for anything other - to be honest, for the simple reason of not wanting the responsibility that goes along with it.
Choosing a party is not like choosing an OS for your PC, though. Choosing the OS would be like choosing the political system - and recognizing the incredible privilege I have by being born into a democracy, I very much wouldn't like other people to change it.
Going further into democracy, while you might put an X on a paper sometimes, still forbids a very high number of actions. I'd liken it to having the power of choosing between Apple's App Store and Google's Play Store for your phone. Which, getting back to the point, is safer for the users than installing any third party software. Like how in a well functioning democracy, I'm forbidden to do a great many things, but also I can feel safe in the thought that others have the same restrictions too.
So, putting it all together, someone should choose and restrict which OS can be installed on your PC, so that you can feel safe in the thought that everyone has the same restriction?
At least that's how I managed to understand your comment to the best of my abilities, so hopefully I'm missing something. Though if there is such a something, the point did not get across successfully.
I think if I pick two groups: all iPhone users, and all PC users, PC users en bloc are in greater general digital danger than iPhone users. By digital danger, I'm thinking of malware, ransomware, phishing and successful hacking. And I think this is because of how tightly Apple controls their devices. And so, I'd consider an iPhone a safe choice - for example a safe recommendation for someone who doesn't want to spend time managing their device.
This makes sense to entities providing a service, and also for many who doesn't mind not having control over their something, which is, I think, very similar to how we don't really have control over a great many of things. This is the point I wanted to get across to the original commenter, who protested "god forbid you have control of your own PC?".
> [...] which is, I think, very similar to how we don't really have control over a great many of things.
This is a very handwavey sentence and is doing far too much work in your reasoning. Yes, you don't have control "over a great many things", because the point is so vague so as to be meaningless. But it doesn't at all follow from that vague sentence that we should allow total corporate/government control over our personal digital devices.
In this case, the proposed cure is far worse than the disease.
I agree. It's basically appointing a dictator and hope that they'll stay benevolent.
With my reasoning I wanted to capture what people might think, while accepting something that they have no control of. I have a hard time with this, because I got a PC in my formative years and I loved to tinker with it, and hated, and still do, everything that stood in the way of that. But the general population doesn't share this experience. And if I look at my own life, I only have this experience with computers (and smartphones), all the other things are, even if not centrally managed, out of my control. At the first wrong noise I have to call an expert who hopefully fixes it and is hopefully benevolent to me, because I have no clue what happens to the device I own. Or even my own body, now that I think about it. And so, the PC and the phone is just in a long list of things that people depend on, but not control.
The addendum being here, and what most people miss who feel the way I described above, is that our ever-connected devices make a "paper trail" unprecendented in history. And it can be centrally managed, activated, replayed, assembled, or even more tracking could be remotely controlled to an extent[0] - and to an even larger extent with a specialized application[1]. This is where the otherwise similar level of "not being controlled" can lead to a much worse situation than ever before. And I wish I could point this out empathetically to people without sounding like a lunatic.
Oh, modern democracies solved this nasty problem of voters possibly making the wrong choice by simply providing only the right choices to chose from: you get two slightly different brands of shit whose policies mostly coincide, enjoy your right to vote.
This is the root of the pro market / mainstream market split.
For the pro market people want control. Pros also generally know a bit more about how to use that control and tend to be less likely to end up getting pwned immediately.
For regular users people just want shit that works. Not having control is a feature, because if you have control then the malware you are tricked into installing from "ɡeτflrêfox.com" also has control.
You can see it in the Apple ecosystem with iOS vs. macOS. Macs and iPads are now almost the same hardware. (The M chips are just A chips on 'roids.) But Macs can run other OSes and you can "sudo root." That's because Macs are for pros.
For me that’s a problem for the average user? That’s everyone else’s problem that idiots don’t care to control their technology and need big tech to do so with an iron fist
Calling the problem is “idiots” is a cognitive trap which prevents you from meaningfully dealing with it. Everyone is at risk from zero-days, almost anyone can be phished (yes, this includes you), many people have no way or time to investigate whether some well-known vendor is misrepresenting their product, and even security experts have to trust other people on a daily basis because they don’t have time to reverse-engineer every software update. Most people who get snide about this are a single malicious package in their favorite programming language away from a big mess!
The best progress we’ve seen in decades came from most people using locked-down phone operating systems, followed by stricter desktop OSes. If you don’t like that trajectory, you should be focused on how to get the benefits with other trade offs. One of the first steps is respecting people enough to understand their needs rather than calling them idiots.
Well that's the problem.... the next step would be requiring users to use MS Edge, because a malicious version of firefox could capture/modify banking/transaction data. Want to pay bills? Give money to microsoft first.
Are you saying the bank doesn’t have the right to define what kinds of software are permitted to access its systems?
We’re not just talking about the freedom to run software on your own device here, we’re talking about interacting with outside systems. There is an important distinction in context.
If this was the reason they'd be blocking access from phones that are not up to date on security updates and are being actively exploited by malware to get root.
But it's the other way around, if you improve your old device by installing a up to date Android on your vendor-abandoned previously vulnerable device, you go from working banking to banned from banking.
Those are independent. Having root access does not mean that other parties do, but more importantly, NOT having root does not mean AT ALL that other parties don't.
Uhm, these things don't really take away your control, rather, they shift it from you to you.
The software you boot sets up some state and then toggles a bit, and after that something can't be changed. The state is secure against much modification after that time, but not before that time.
The "you" that boots the device are in control, and the "you" that uses the device after that have exactly what "you" set up at boot time, neither more nor less. If both "you" are the same person, then there's no loss of control.
But of course they're often not really the same person. If you want to boot a Microsoft-signed image, the party that boots is more or less Microsoft, not you personally. But in that case, you also want to use that Microsoft-signed OS, right? So the shift towards boot-time control is then a shift from mostly-Microsoft use-time control to mostly-Microsoft boot-time control. Mostly Microsoft here, mostly Microsoft there, even if the two mostlies aren't quite the same percentage it's difficult to regard this as a significant loss of control.
How so? Redefines from what to what? Please elaborate.
Perhaps you mean that if you, as owner and legitimate user of a device, are able to perform a particular change only during a brief window of time rather than at any time of your choosing, then that limits your control over the device? If so, then my answer is yes, certainly it does. But it also limits the access of anyone who impersonates you (such as the evil exploity javascript I make your browser execute).
You're wrong because the bootloader is more often locked than not, and there are various other nefarious controls in place that prevent you from doing it without voiding your warranty, such as one-time fuses.
In theory, yes, you could implement it like you said, but that's not what happens in practice nor the direction we've been tending towards in recent times.
> The "you" that boots the device are in control, and the "you" that uses the device after that have exactly what "you" set up at boot time, neither more nor less. If both "you" are the same person, then there's no loss of control.
How is it orthogonal? Okay, we're not strictly speaking of only bootloader locking, but of boot-time-control locking.
That CPU is set up by the kernel at boot time, given the code to run, then some hardware bits are toggled such that the main CPU can't write later, it can only access the separate CPU via a defined API.
The kernel could do the same with an in-kernel process. It wouldn't have quite the same depth of defense against userspace sandbox escapes, but could be done. That's roughly how /dev/random was implemented for many years.
Look at the APIs provided — it's nothing new. It's nothing OSes haven't provided before, it's just further removed from a Chrome/FF/Safari sandbox escape, because overcoming the write-once hardware toggles is harder than getting kernel read/write primitives for a sandbox privilege escalation.
> But for helping the very poorest advance, I'm not sure it works in practice.
I think it does. I studied in the south of Spain (I am Spaniard too), and some of my fellow students comes from very poor sides of the city.
It is very frequent now to see teachers, lawyers and other careers that requires University level studies that are Gypsies, that were born and raised inside those communities.
IMHO free quality education is the perfect equalizer, but it is true that there is much to do there.
RSA is very slow for decryption. The general approach is tp use RSA to encrypt / decrypt the key of a symmetric encryption algorithm, that is much faster.
I submitted this entry because IMHO is the first survey, that I am aware of, that is giving some data about the Rust toolchain inside a distribution.
I guess that openSUSE can be a bit different than Debian or Fedora, but there are some answers that for me are not expected. For example, the "In your ideal workflow, how would you prefer to manage your Rust dependencies?" question seems to favor cargo, instead a distribution package. That raises to me a lot of questions about how in this workflow we can have long time supported packages, when we need to backport fixes into dependencies that are not supported anymore upstream.
Anyone that needs to be maintained for a long period of time. For example: Firefox.
Today Firefox have all the rust deps bundled (similar to cargo bundle). If / when tomorrow the maintainer of the distribution find a bug in one of the rust dependencies, s/he needs to add the fix inside the bundle without a clear process (1. do I need to fork and update Cargo.toml to point to my branch? 2. can I add the fix as a .patch and apply it after it gets unbundled by the build server? 3. ...)
An also this process needs to be repeated for each application that have this version of the crate as a dependency, and again without a clear way of identifying those applications that are affected.
openSUSE has all their tooling based in EU ground. For example, OBS that is the build service, has the machines around Germany or Prague. A big bulk of the community is EU based, (with very relevant contributors from many other places), and SUSE, the company that is helping (via infra and some packages) is from Germany.
I do not known if sovereignty makes sense in the open source world, as at the end is a joint effort of multiple developers from many (and some times confronted) places, but if it does make sense then I would value more those other criteria.