GitHub Starts Blocking Developers In Countries Facing US Trade Sanctions (zdnet.com) 143
After a developer based in the Crimea region of Ukraine was blocked from GitHub this week, the Microsoft-owned software development platform said it has started restricting accounts in countries facing U.S. trade sanctions. GitHub lists Crimea, Cuba, Iran, North Korea, and Syris as countries facing U.S. sanctions. ZDNet reports: As the developer reports, his website https://tkashkin.tk, which is hosted on GitHub, now returns a 404 error. He also can't create new private GitHub repositories or access them. While his website could easily be moved to another hosting provider, the block does pose a challenge for his work on GameHub, which has an established audience on GitHub.
GitHub does offer developers an appeal form to dispute restrictions but [the developer] told ZDNet that, at this point, there's nothing to gain by appealing the restriction. "It is just pointless. My account is flagged as restricted and, in order to unflag it, I have to provide a proof that I don't live in Crimea. I am in fact a Russian citizen with Crimean registration, I am physically in Crimea, and I am living in Crimea my entire life," he said. "For individual users, who are not otherwise restricted by U.S. economic sanctions, GitHub currently offers limited restricted services to users in these countries and territories. This includes limited access to GitHub public repository services for personal communications only," it says.
GitHub notes on its page about U.S. trade controls that its paid-for on-premise software -- aimed to enterprise users -- may be an option for users in those circumstances. "Users are responsible for ensuring that the content they develop and share on GitHub.com complies with the U.S. export control laws, including the EAR (Export Administration Regulations) and the U.S. International Traffic in Arms Regulations (ITAR)," GitHub says. "The cloud-hosted service offering available at Github.com has not been designed to host data subject to the ITAR and does not currently offer the ability to restrict repository access by country. If you are looking to collaborate on ITAR- or other export-controlled data, we recommend you consider GitHub Enterprise Server, GitHub's on-premises offering."
GitHub does offer developers an appeal form to dispute restrictions but [the developer] told ZDNet that, at this point, there's nothing to gain by appealing the restriction. "It is just pointless. My account is flagged as restricted and, in order to unflag it, I have to provide a proof that I don't live in Crimea. I am in fact a Russian citizen with Crimean registration, I am physically in Crimea, and I am living in Crimea my entire life," he said. "For individual users, who are not otherwise restricted by U.S. economic sanctions, GitHub currently offers limited restricted services to users in these countries and territories. This includes limited access to GitHub public repository services for personal communications only," it says.
GitHub notes on its page about U.S. trade controls that its paid-for on-premise software -- aimed to enterprise users -- may be an option for users in those circumstances. "Users are responsible for ensuring that the content they develop and share on GitHub.com complies with the U.S. export control laws, including the EAR (Export Administration Regulations) and the U.S. International Traffic in Arms Regulations (ITAR)," GitHub says. "The cloud-hosted service offering available at Github.com has not been designed to host data subject to the ITAR and does not currently offer the ability to restrict repository access by country. If you are looking to collaborate on ITAR- or other export-controlled data, we recommend you consider GitHub Enterprise Server, GitHub's on-premises offering."
Ridiculous (Score:4, Insightful)
Trade sanctions on software are ridiculous in 2019. Information wants to be free!
Re: (Score:2)
Re: Ridiculous (Score:5, Insightful)
definition of annexation (Score:4, Insightful)
Annexation means taking a territory by force, the way Israel does it. In contrast, after the revolution in Kiev that was funded by the USA other western countries which replaced Yanukovych with Poroshenko, Crimean officials understood that there was no legitimate government in Ukraine. They then held a free and fair referendum, asking their people if they wanted to stay with Ukraine, post-coup, or petition the Russian government to become a member of the Russian Federation. They overwhelmingly voted to petition the Russian government to become part of the Russian Federation. Using the word annexation implies a single, military action. In this case there were several, distinct actions:
1. The Crimeans voted to leave Ukraine.
2. The Crimeans voted to join the Russian Federation.
3. The Russian Federation accepted Crimea.
International law allows for self-determination such as this.
Re: definition of annexation (Score:4, Informative)
Re: (Score:2)
But of course, intercepted phone calls BEFORE the elections showing officials discussing what the official "we want to join Russia" percentage number should be shown as the result and voting when surrounded by people with automatic weapons is totally okay.
Re:definition of annexation (Score:5, Insightful)
Putting up soldiers in an area is taking by force, wouldn't you agree? You are now saying, if someone points a gun at you and asks for your money, they don't take it by force unless they also shoot you.
How do you know the referendum was free and fair? There sure as hell wasn't any monitoring and it was held by an illegally invading force. The force broke very other rule, why do you think they stuck up for democracy?
So the part where Russia illegally put unmarked soldiers in the area, and illegally held an unmonitored referendum is just a detail right? Your wonderful Russia committed an illegal act of aggression, that is fact. Maybe Russia had some 'moral right' to crimea, but that doesn't give you the right to do all this other stuff. Just own up to the fact that you lost Ukraine as a puppet state, didn't want to lose the navy base and so just did an illegal invasion.
Re: (Score:1)
Putting up soldiers in an area is taking by force, wouldn't you agree? You are now saying, if someone points a gun at you and asks for your money, they don't take it by force unless they also shoot you.
You can test your theory: After an annexation the people are not happy about the state of affairs and seek to reverse it (resistance). After a self-elected destiny the people living there are happy about the state of affairs.
Re: (Score:2)
Do you have any internationally monitored and verified studies to confirm that? If you asked the nazis, all occupied territories were also super happy about them being there.
Re:definition of annexation (Score:4, Insightful)
Funny how you can always recognize the Russian by them taking a victim role even if they are clearly the aggressor. You put unmarked soldiers in a country (this is clearly illegal and admitted to by Russia, going to deny this now?) and let them hold a referendum to join the same country the soldiers were from, and lied about the soldiers being there. You're damn right the onus is on you to either prove it being a legal action. Or just be a man like Putin and just accept the sanctions as the cost of doing business. You're country is not a country of innocent little fairies, accept that.
They did not receive an invitation by the only country that could hold referenda there: Ukraine. If Chechnyan rebels would somehow return from their concentration/labour camps in Siberia and hold a referendum in Chechnya, that would also not be accepted by the OCSE as a valid referendum unless Russia agreed to it. Even without official observers lots of fraudulent or suspicious activity was reported by the OCSE in the Crimea referendum.
Re: (Score:1)
They did not receive an invitation by the only country that could hold referenda there: Ukraine.
That would be the corporate version of democracy, where the people are only allowed to vote when the owners say so.
Did you know that the British didn't permit the USA to declare independence either?
Re: (Score:2)
Nope, that's Sovereignty. Something that Russia is all obsessed about when it comes to areas such as Chechnya, South Ossetia and apparently (as you so clearly demonstrate) even areas outside of its country like Crimea. Corporate version of democracy is what you have in Russia, where a handful of powerful people decide everything. More regular name for that is Oligarchy.
Re: (Score:1)
Annexation means taking a territory by force
Not necessarily, at least not in the United States.
In 1845, after years of pleading by the government of The Replubic of Texas (roughly land area of the present-day state of Texas), the United States annexed it.
Cities in the United States typically grow by annexation. Depending on which state they are in, this may be "by force," after a petitiion from those wishing to be annexed, or by an election after the city declares their intent to annex the land.
Re: (Score:2)
Re: (Score:2)
Apologists for the sanctions will say it pushes the citizens to rise up and revolt against the leadership
It's not about apologizing, that's the explicit goal of sanctions. Do they work? Sometimes. They worked in Iran: President Rouhani campaigned on the promise of changing Iran's relationship with the west, ending the sanctions, and suspending Iran's nuclear weapons program. (Okay he claimed that it was never about weapons, but the clear implication was that he was going to do what it took to end the sanctions.) And he won, and he made a deal with western countries and (mostly) ended sanctions.
Yes, of cours
GitHub is dead. (Score:2)
GitHub is dead. or a walking dead.
What did you expect? (Score:3)
What did everyone expect when Microsoft bought GitHub? You don't let the scorpion on your back and carry it across and then be surprised when it stings you.
Crimea is Russia. (Score:1)
Crimea has been Russia for 200 years.
If Crimea is not, then Alaska and Washington state is not USA, Hawaii is not USA, Texas is not USA, they are all occupied territories.
Re: (Score:1)
Thanks comrade for the Donetsk point of view. Shoot any other civilian airplanes down lately?
Microsoft just shot itself in the head (Score:1)
Now its not just US hardware companies , software companies have joined in the idiocy. What these actions are doing are promoting competitors to come up.
Time to emigrate form the US. This country is going down the shithole. Noone wants to live in a shithole country.
Especially silly for git. (Score:5, Insightful)
Thanks to its distributed nature, who cares if one hosting site goes dark.
Easy enough to push it to any other one.
Re:Especially silly for git. (Score:5, Insightful)
Thanks to its distributed nature, who cares if one hosting site goes dark.
Easy enough to push it to any other one.
Git is not distributed: it is replicable and synchroniseable. There is a massive difference. I wrote about what a truly distributed use of git looks like, over 10 years ago: https://web.archive.org/web/20... [archive.org]
Note, "Users will be able to decide whom to trust based on who contributes, not on who controls the project's web site."
And now, 11 years later, after people ABDICATE RESPONSIBILITY for hosting their services "for free" with github, now they are surprised to find that they're screwed over?
When will people learn not to trust centralised control?? 25 years ago I spent three years of my life working on samba-tng, undoing the damage caused by people trusting Microsoft with their files, and now you're doing it again with github! Fucking wake up, people!
Re: (Score:2)
Re: (Score:2)
... who cares if one hosting site goes dark.
For the lay, this is kinda like if you're banned on Facebook and like, "who cares if one hosting site goes dark?"
You can move your shit ... where? How are people gonna find you?
Re: (Score:2)
IIRC there's gitlab in Europe. Don't know of anyone else operating in that space, but it's reasonably easy to set up, just not easy to pay for.
Re: (Score:2)
Re: (Score:2, Troll)
This country is going down the shithole.
The U.S. is already a shithole country, as per Donald Trump's actions.
Re: (Score:1)
Blame the idiot ITAR corporations. They're lazy and Microsoft wants money.
I've seen much worse implemented ITAR than this, so it'd be a step up for a lot of companies like Boeing/GE.
Plus it'll give rise to some competition. OpenSource/Science doesn't care much about national boundaries.
My 500 levels controls class was taught by an Iranian-expat. A lot of neural net research is done in Russia and China.
Another competitor will arise. [Gitea](https://gitea.io/en-us/) can be run on some pretty bare bones hardwa
Gitea on home broadband or on VPS? (Score:2)
Gitea can be run on some pretty bare bones hardware.
Even if you have bare-bones hardware, you stlil need to connect that hardware to the Internet. If every individual user of GitHub with a public repository were to switch to, say, a Raspberry Pi 3B+ running Gitea on a home broadband connection, that might still not be enough to make the users' repositories available to the public. Because a lot of ISPs don't have enough IPv4 addresses to pass incoming HTTPS and SSH connections to all their home subscribers, they instead put home subscribers behind a NAT [slashdot.org]. Eac
Re: (Score:2)
We are talking about ITAR data. All of that should be behind corporate firewalls.
Re: (Score:2)
GitHub can't offer any paid services to areas subject to a general embargo, not even private repositories containing non-ITAR data. It's not even clear whether those in embargoed countries are allowed to commit to public repositories.
Re: (Score:2)
Oracle is shutting down Dyn [slashdot.org], and its replacement (Oracle Cloud Infrastructure DNS) lacks dynamic DNS.
Even assuming that by "DynDNS" you meant the general concept of dynamic DNS, not the brand name: DNS maps hostnames to IP addresses, which doesn't help if your ISP hasn't assigned your computer a unique routable IP address. So if you want the public to see your Git remote, you have to pay for a VPS on which to run your Git remote.
Re:Microsoft just shot itself in the head (Score:4, Informative)
Now its not just US hardware companies , software companies have joined in the idiocy. What these actions are doing are promoting competitors to come up.
Time to emigrate form the US. This country is going down the shithole. Noone wants to live in a shithole country.
I am sad but relieved that you recognise this. It is also sad to see that history is not teaching countries anything. 2019 and we see the same stuff that was scary to read about at school *being repeated, live*.
Here is another project that has been impacted:
https://list.libresilicon.com/... [libresilicon.com]
Their response: set up their own git server and a redmine bugtracker. They already run their own website. Likewise, I have been running my own resources for over 12 years now.
* gitolite3 is extremely nice, as it allows RW control even over particular branches.
* ikiwiki can be forked, and because the pages are autogenerated it is just served as static HTML. http://libre-riscv.org/ [libre-riscv.org]
* git-daemon presents the repos as HTML. http://git.libre-riscv.org/ [libre-riscv.org]
* bugzilla is so old it is funny. it's the only code written in perl that I will tolerate. its features however are so powerful that, now that it finally has comment editing, it can be forgiven being written in perl. http://bugs.libre-riscv.org/ [libre-riscv.org]
* mailing lists are mailman (which itself was easy, just follow the READMEs) with exim4 (which is anyrhing but). this honestly is where the pain starts. The rest was easy, however getting DKIM and getting exim4 configured and spam-free, I must have spent about four man months over the past 15 years on reading HOWTOs and getting the setup ever the more advanced. http://lists.libre-riscv.org/ [libre-riscv.org] contact me if you would like the exim4 configs (I have to sanitise them, remove passwords from them)
I "get" why people want to use "monetarily zero cost" services. They don't want the "inconvenience". The problem is, what price do you *really* pay for that "convenience"? That train wreck is starting to happen.
Re: Microsoft just shot itself in the head (Score:2)
Most people are just plain honest people (Score:5, Insightful)
who want to live their lives and go about their business in peace. That includes developers in Crimea or Cuba. All I see here is yet another instance of stupid geopolitics from stupid world leaders disrupting normal people's lives.
Fuck trade sanctions, US or otherwise.
Re: (Score:2, Insightful)
Seems anti-productive for the whole "move to the cloud" movement if companies can turn off the taps willy-nilly.
Re: (Score:2)
Yes, and it should have been foreseen. Also it's not the worst defect of the cloud, with is either lack of security or goes down when the internet connection goes down, depending on your application.
Re: (Score:3)
Russian troll farm chatter (Score:1)
Lots of AC Russian troll farm chatter in this discussion I think to myself.
Then I see 110010001000 post after a long raft of nonsensical bullshit, and it's confirmed.
Why Is Anyone Surprised? (Score:2)
This is the very natural consequence of putting anything important on servers you don't control (Cloud Computing). How many times are people going to allow themselves to be raped before they get out of bed with the rapists? People's lack of foresight always amazes me.
Money! (Score:2)
Money! Money! Money! Money! Money! Money!
Great marketing.
It's the OTHER guy's fault.
Pay for hosting and GIT all you like to whoever. (Score:4, Insightful)
Re: (Score:2)
Crimea? (Score:3)
Last I checked, Crimea is not a country. Maybe GitHub knows something we don't?
Re: (Score:2)
Not we. Just you. Specifically Github knows that there are current US sanctions against the region known as the Cimean Peninsula.
Re: (Score:1)
Re: (Score:2)
My point here is that it's not a country. Russia doesn't consider it an independent country, Ukraine doesn't believe that, probably even GitHub doesn't consider that. But the Zdnet article uses that word. Typical online journalism by wannabes.
Goodbye github (Score:2)
Scientific Journals (Score:2)
So presumably the next step is to stop scientists working in these countries from publishing in journals produced in the US. I seem to recall this happening before, something like "Jewish science" and "Communist science".
I also note that the trade restrictions may have hit the publishers of bibles - https://www.worthynews.com/418... [worthynews.com]
Don't touch it - it's American (Score:2)
It seems that non-US-Americans and companies should be wary of dealing with american companies at all, since the rug can be pulled from beneath your feet by unpredictable whim.
Another example is that at least one european company that I know of, that is owned by a large american aircraft manufacturer, now has to dismiss workers that have citizenship in a sanctioned country even though the company they are employed by is registered in a country that does not have those sanctions.
How is GitHub Enterprise any different (Score:2)
make them stop (Score:2)
Re: (Score:1)
Re: (Score:1)
Is this finally the end of Github? (Score:1)
Why is US EAR (Export Administration Regulation) concerned with Github? Like all the content in it is created in America? The arrogance... Looks like the fiasco with the export control of cryptography is happening all over again. What was the result of it? Everyone started hosting their open-source (and not only) projects outside of the US. I have no reasons to think that this time it will be any different.
Welcome to the (Score:2)
Welcome back to big tech.
Just like helping with PRISM.
Doesn't this violate the GNU GPL? (Score:1)
7/27/2019 13:20 I can access his pages from Canada (Score:1)
As of 7/27/2019 13:20 I can access those pages from Canada
Re: (Score:2)
Also, Gitea is open source too. So who the fuck cares about GitHub?
People behind ISPs that block external access to self-hosted Gitea, for one.
Re: Who the hell develops software in eastern Ukra (Score:2)
Takes like 5 minutes to setup a Git server at AWS or Linode or Azure or Google Cloud or...
Re: (Score:2)
Takes like 5 minutes to setup a Git server at AWS or Linode or Azure or Google Cloud or...
All four providers that you listed require a valid credit card number before you can set up your Git remote. GitHub.com and GitLab.com do not for public repositories under a free software license.
Re: (Score:2)
Then why is it that open source developers seem to love Github so much?
Part of it is the ability to publish your repository without having to spend a ton of money leasing either A. a VPS for your Gitea instance or B. a non-NAT IP address to allow incoming connections to the Gitea instance on your home computer.
Re: (Score:2)
WTF is Gitea[1]?
Gitea is a piece of software that implements a Git remote. You install Gitea on your own computer or a computer that you lease. However, Gitea will accept connections only if the computer that it runs on can accept connections, and PCs behind many home Internet connections cannot.
With Git, you can have a public repository using any web server, and if you have ssh access, you can push directly. Just about every cheap virtual web hosting service can do the first, and most can do both.
But then you need money and a bank account with which to pay for a "cheap virtual web hosting service".