The French National Gendarmerie has been running its own version of Ubuntu (GendBuntu) on over 100,000 machines for years, I'm curious to see if it influences the decision on which flavor to a...
The French National Gendarmerie has been running its own version of Ubuntu (GendBuntu) on over 100,000 machines for years, I'm curious to see if it influences the decision on which flavor to a Debian based flavor.
While it says that the determination of distribution will be determined later, my guess is that they've already determined and forked their preferred distribution. If they announced it in advance,...
While it says that the determination of distribution will be determined later, my guess is that they've already determined and forked their preferred distribution. If they announced it in advance, everyone who could possibly do so would be targeting it.
Imagine if you could have a backdoor into every single French government system through a single vulnerability you could build into the OS they were about to start using. How much would complete...
Imagine if you could have a backdoor into every single French government system through a single vulnerability you could build into the OS they were about to start using. How much would complete visibility be worth? Billions, certainly.
But wouldn’t this be an issue once they have announced it anyway, which they will have to do at some point? It feels like an unfortunate argument against using open source software, but I’m (as a...
But wouldn’t this be an issue once they have announced it anyway, which they will have to do at some point?
It feels like an unfortunate argument against using open source software, but I’m (as a non expert) not sure how valid that criticism is.
My expectation is that they'll use a branch whose license allows for forks for non-commercial use in some way that the government can argue that they're not breaking the law by having a private...
My expectation is that they'll use a branch whose license allows for forks for non-commercial use in some way that the government can argue that they're not breaking the law by having a private fork, and then they'll seal it up tight and manage it themselves.
This is a misunderstanding of copyleft licences. According to the GPL which is thought to be the most infectious copyleft licence you where always allowed to modify software without releasing it...
This is a misunderstanding of copyleft licences.
According to the GPL which is thought to be the most infectious copyleft licence you where always allowed to modify software without releasing it to your hearts content.
You are not however allowed to release a changed version without also allowing others the same rights you had with the original.
Yes, only if they start redistributing it they need to comply to the GPL, etc. But ofc, I would guess that if this is a sincere effort and not just posturing they would prefer to both upstream any...
Yes, only if they start redistributing it they need to comply to the GPL, etc.
But ofc, I would guess that if this is a sincere effort and not just posturing they would prefer to both upstream any changes to individual packages (since it removes the burden of maintainance) and also get other big organisations on board with using this as a distribution.
IMO (not OP) but it's not a large concern. Permissively licensed, open source libraries are at the core of most software that's written (example), so you can't get away from it. My personal,...
It feels like an unfortunate argument against using open source software, but I’m (as a non expert) not sure how valid that criticism is.
IMO (not OP) but it's not a large concern. Permissively licensed, open source libraries are at the core of most software that's written (example), so you can't get away from it. My personal, poorly informed, guesses as to why they aren't announcing anything immediately are:
(a) they genuinely haven't decided yet,
(b) they don't want to trigger an inter-departmental squabble over who directs whom, so they're pretending to let everyone announce what they're doing individually,
(c) this is for leverage in contract negotiations, since "Linux" can still mean commercial, if they go for a support contract through IBM for RHEL, Canonical for Ubuntu, etc.
Then why hasn't any Windows dev sold such an exploit for billions? Surely someone could do that while fleeing to a country where they could live out the rest of their lives in luxury?
Then why hasn't any Windows dev sold such an exploit for billions? Surely someone could do that while fleeing to a country where they could live out the rest of their lives in luxury?
It's difficult to just stare at a codebase and find vulnerabilities (unless you're an AI, apparently), so it tends to be well funded teams which find them. There's a sizeable market for zero day...
Then why hasn't any Windows dev sold such an exploit for billions?
Do bear in mind that just because you can, for instance, exploit Windows Notepad, it doesn't mean you can instantly use that to control the entire world. As soon as someone catches on that there's an issue in some part of their stack, they can start tightening down the other relevant bolts (e.g. disabling attachments and links in emails, epoxying USB plugs, etc.) to mitigate a threat.
It's impossible to say that such a thing hasn't already happened, as proving a negative is notoriously difficult. But Microsoft has fairly robust defenses against such a thing. Depending on the...
It's impossible to say that such a thing hasn't already happened, as proving a negative is notoriously difficult. But Microsoft has fairly robust defenses against such a thing. Depending on the specific distribution chosen, that particular flavor of Linux might not have been able to defend against every simultaneous state actor trying to get its changes into the code before France starts using it.
I get what the intent is but the fact is that Linux (flavor of the day) and M$ Windows approach is different. This is not an easy project to take on. Moving from M$ to Linux and having a formalize...
I get what the intent is but the fact is that Linux (flavor of the day) and M$ Windows approach is different. This is not an easy project to take on. Moving from M$ to Linux and having a formalize implementation plan by autumn of 2026 is crazy! That might make create copy or news (almost like something Trump would say!) but lacks complete and total understanding of the scope of effort needed. I don't take this to be a serious project but hey, prove me wrong.
I've been mulling this over in my head all day trying to think of what it would take to do this in a way that won't horribly fail I think if someone put me in charge of this project, this is the...
I've been mulling this over in my head all day trying to think of what it would take to do this in a way that won't horribly fail
I think if someone put me in charge of this project, this is the plan I would want:
To start, a small pilot at a couple of agencies. Ask for a few volunteers to switch to Linux, trying to find the unicorns with non-technical workloads but with fairly high technical ability. Offer a small bonus, and ~15% release time for the project. Figure out what they can't do but need to be able to do on Linux, fix it, in this stage targeting necessary software or use cases that are government-wide. The very first groups should start out with a backup Windows laptop so they can fall back if needed to make sure their day job gets done. Use metrics on % of time on each laptop, and backup laptop returns, along side surveys of pilot participants to inform results.
Repeat at a wider array of agencies. Before starting at any agency, survey for the software used in each job role, and how critical it is to that role, and try to get a good idea of what the MVP needs to support, using best practices that were figured out in stage 1, first targeting ~30% of employees not having any blocking software they need. Get that MVP done.
Drop second laptops for allowing dual boot and virtual machines. Once you've got most use cases covered, start expanding out the pilot to larger percentage of users, this time with a smaller bonus and release time to reduce cost. Scale until you have ~5% of users on Linux for 3 months before dropping the pilot program, but allowing anyone who wishes to move to Linux.
(bonus stage 3.9 - push schools to start using Linux as well, offering subsidies and training to teachers for the transition)
See who switches off, collect data on why, see who switches on, collect data on that too. Try to fix pain points. If the number goes much below 5%, continue fixing pain points offer some incentives again until you're back there.
Identify software that is preventing migration for smaller subsets of users. Target that. At the same time, start forcing people in the areas that have the most volunteers, and with no identified software blockers on to Linux. Offer rewards and bonuses to those doing the most peer technical support as part of the transition. Use peer support experience to build quality documentation and training for on-boarding.
The long tail. All new software purchases must be fully usable on Linux or (perhaps for rare one-off things like niche scientific equipment) have a documented exception. All software that requires Windows where the problem cannot be fixed or mitigated is tracked. Begin forcing less technical organizations on to Linux, ideally always starting with a smaller subset of incentivised volunteers to provide peer support later. For absolutely necessary software with no other options, allow Windows virtual machines, and only if that fails, an exception for a Windows computer.
I would expect this to take a decade to do right at minimum, require a large Linux and application developer team for that time frame, and even then, I don't know if it's possible.
(as a sidebar -- I hope this results in a tonne of additional funding from the French government for wine! It'd be amazing to see what a few million dollars going into improving its compatibility...
(as a sidebar -- I hope this results in a tonne of additional funding from the French government for wine! It'd be amazing to see what a few million dollars going into improving its compatibility would accomplish)
I will add step -1: get list of necessary/critical software and workflow from each agency and try to think what can be the replacement for it in Linux. Also security/organisational rules, accesses...
I will add step -1:
get list of necessary/critical software and workflow from each agency and try to think what can be the replacement for it in Linux. Also security/organisational rules, accesses and policies.
The French National Gendarmerie has been running its own version of Ubuntu (GendBuntu) on over 100,000 machines for years, I'm curious to see if it influences the decision on which flavor to a Debian based flavor.
While it says that the determination of distribution will be determined later, my guess is that they've already determined and forked their preferred distribution. If they announced it in advance, everyone who could possibly do so would be targeting it.
Targeting it with…exploits? Lobbying? I’m not sure what would be possible really.
Imagine if you could have a backdoor into every single French government system through a single vulnerability you could build into the OS they were about to start using. How much would complete visibility be worth? Billions, certainly.
But wouldn’t this be an issue once they have announced it anyway, which they will have to do at some point?
It feels like an unfortunate argument against using open source software, but I’m (as a non expert) not sure how valid that criticism is.
My expectation is that they'll use a branch whose license allows for forks for non-commercial use in some way that the government can argue that they're not breaking the law by having a private fork, and then they'll seal it up tight and manage it themselves.
This is a misunderstanding of copyleft licences.
According to the GPL which is thought to be the most infectious copyleft licence you where always allowed to modify software without releasing it to your hearts content.
You are not however allowed to release a changed version without also allowing others the same rights you had with the original.
Ah, thank you. So they can just take their private version and carry on with no fuss? Thank you for the clarification.
Yes, only if they start redistributing it they need to comply to the GPL, etc.
But ofc, I would guess that if this is a sincere effort and not just posturing they would prefer to both upstream any changes to individual packages (since it removes the burden of maintainance) and also get other big organisations on board with using this as a distribution.
IMO (not OP) but it's not a large concern. Permissively licensed, open source libraries are at the core of most software that's written (example), so you can't get away from it. My personal, poorly informed, guesses as to why they aren't announcing anything immediately are:
(a) they genuinely haven't decided yet,
(b) they don't want to trigger an inter-departmental squabble over who directs whom, so they're pretending to let everyone announce what they're doing individually,
(c) this is for leverage in contract negotiations, since "Linux" can still mean commercial, if they go for a support contract through IBM for RHEL, Canonical for Ubuntu, etc.
Personally that sounds like the most plausible explanation.
Then why hasn't any Windows dev sold such an exploit for billions? Surely someone could do that while fleeing to a country where they could live out the rest of their lives in luxury?
It's difficult to just stare at a codebase and find vulnerabilities (unless you're an AI, apparently), so it tends to be well funded teams which find them. There's a sizeable market for zero day vulns (as well as bounties for reporting them legitimately).
Do bear in mind that just because you can, for instance, exploit Windows Notepad, it doesn't mean you can instantly use that to control the entire world. As soon as someone catches on that there's an issue in some part of their stack, they can start tightening down the other relevant bolts (e.g. disabling attachments and links in emails, epoxying USB plugs, etc.) to mitigate a threat.
It's impossible to say that such a thing hasn't already happened, as proving a negative is notoriously difficult. But Microsoft has fairly robust defenses against such a thing. Depending on the specific distribution chosen, that particular flavor of Linux might not have been able to defend against every simultaneous state actor trying to get its changes into the code before France starts using it.
I get what the intent is but the fact is that Linux (flavor of the day) and M$ Windows approach is different. This is not an easy project to take on. Moving from M$ to Linux and having a formalize implementation plan by autumn of 2026 is crazy! That might make create copy or news (almost like something Trump would say!) but lacks complete and total understanding of the scope of effort needed. I don't take this to be a serious project but hey, prove me wrong.
I've been mulling this over in my head all day trying to think of what it would take to do this in a way that won't horribly fail
I think if someone put me in charge of this project, this is the plan I would want:
To start, a small pilot at a couple of agencies. Ask for a few volunteers to switch to Linux, trying to find the unicorns with non-technical workloads but with fairly high technical ability. Offer a small bonus, and ~15% release time for the project. Figure out what they can't do but need to be able to do on Linux, fix it, in this stage targeting necessary software or use cases that are government-wide. The very first groups should start out with a backup Windows laptop so they can fall back if needed to make sure their day job gets done. Use metrics on % of time on each laptop, and backup laptop returns, along side surveys of pilot participants to inform results.
Repeat at a wider array of agencies. Before starting at any agency, survey for the software used in each job role, and how critical it is to that role, and try to get a good idea of what the MVP needs to support, using best practices that were figured out in stage 1, first targeting ~30% of employees not having any blocking software they need. Get that MVP done.
Drop second laptops for allowing dual boot and virtual machines. Once you've got most use cases covered, start expanding out the pilot to larger percentage of users, this time with a smaller bonus and release time to reduce cost. Scale until you have ~5% of users on Linux for 3 months before dropping the pilot program, but allowing anyone who wishes to move to Linux.
(bonus stage 3.9 - push schools to start using Linux as well, offering subsidies and training to teachers for the transition)
See who switches off, collect data on why, see who switches on, collect data on that too. Try to fix pain points. If the number goes much below 5%, continue fixing pain points offer some incentives again until you're back there.
Identify software that is preventing migration for smaller subsets of users. Target that. At the same time, start forcing people in the areas that have the most volunteers, and with no identified software blockers on to Linux. Offer rewards and bonuses to those doing the most peer technical support as part of the transition. Use peer support experience to build quality documentation and training for on-boarding.
The long tail. All new software purchases must be fully usable on Linux or (perhaps for rare one-off things like niche scientific equipment) have a documented exception. All software that requires Windows where the problem cannot be fixed or mitigated is tracked. Begin forcing less technical organizations on to Linux, ideally always starting with a smaller subset of incentivised volunteers to provide peer support later. For absolutely necessary software with no other options, allow Windows virtual machines, and only if that fails, an exception for a Windows computer.
I would expect this to take a decade to do right at minimum, require a large Linux and application developer team for that time frame, and even then, I don't know if it's possible.
(as a sidebar -- I hope this results in a tonne of additional funding from the French government for wine! It'd be amazing to see what a few million dollars going into improving its compatibility would accomplish)
I will add step -1:
get list of necessary/critical software and workflow from each agency and try to think what can be the replacement for it in Linux. Also security/organisational rules, accesses and policies.
This is exciting to see. Hopefully it helps improve some of the FOSS business/workplace apps.