GitHub Starts Blocking Developers In Countries Facing US Trade Sanctions

After a developer based in the Crimea region of Ukraine was blocked from GitHub this week, the Microsoft-owned software development platform said it has started restricting accounts in countries facing U.S. trade sanctions. GitHub lists Crimea, Cuba, Iran, North Korea, and Syris as countries facing U.S. sanctions. ZDNet reports: As the developer reports, his website https://tkashkin.tk, which is hosted on GitHub, now returns a 404 error. He also can't create new private GitHub repositories or access them. While his website could easily be moved to another hosting provider, the block does pose a challenge for his work on GameHub, which has an established audience on GitHub.

GitHub does offer developers an appeal form to dispute restrictions but [the developer] told ZDNet that, at this point, there's nothing to gain by appealing the restriction. "It is just pointless. My account is flagged as restricted and, in order to unflag it, I have to provide a proof that I don't live in Crimea. I am in fact a Russian citizen with Crimean registration, I am physically in Crimea, and I am living in Crimea my entire life," he said. "For individual users, who are not otherwise restricted by U.S. economic sanctions, GitHub currently offers limited restricted services to users in these countries and territories. This includes limited access to GitHub public repository services for personal communications only," it says.

GitHub notes on its page about U.S. trade controls that its paid-for on-premise software -- aimed to enterprise users -- may be an option for users in those circumstances. "Users are responsible for ensuring that the content they develop and share on GitHub.com complies with the U.S. export control laws, including the EAR (Export Administration Regulations) and the U.S. International Traffic in Arms Regulations (ITAR)," GitHub says. "The cloud-hosted service offering available at Github.com has not been designed to host data subject to the ITAR and does not currently offer the ability to restrict repository access by country. If you are looking to collaborate on ITAR- or other export-controlled data, we recommend you consider GitHub Enterprise Server, GitHub's on-premises offering."

Ridiculous

[110010001000]

Trade sanctions on software are ridiculous in 2019. Information wants to be free!

Re:

[Dunbal]

If USERS are responsible for compliance then why is github taking action?

Re: Ridiculous

[jrumney]

Trade sanctions are ridiculous full stop. Take the example of Crimea. Crimea is on the sanctions list because it was annexed from Ukraine by Russia. The sanctions are not punishing Russia for that annexation, they are punishing residents of Crimea, no matter which side they support. And in cases like North Korea, where the leaders of the regime are theoretically in the group that the sanctions are punishing, the leaders always find ways around the sanctions, while ordinary citizens suffer even more than they were under the regime. Apologists for the sanctions will say it pushes the citizens to rise up and revolt against the leadership, but remember that these countries do not have a free media, and dissent against the leadership is dealt with swiftly and fatally so the actual effect is to feed the anti-western propaganda.

definition of annexation

[RandySC]

Annexation means taking a territory by force, the way Israel does it. In contrast, after the revolution in Kiev that was funded by the USA other western countries which replaced Yanukovych with Poroshenko, Crimean officials understood that there was no legitimate government in Ukraine. They then held a free and fair referendum, asking their people if they wanted to stay with Ukraine, post-coup, or petition the Russian government to become a member of the Russian Federation. They overwhelmingly voted to petition the Russian government to become part of the Russian Federation. Using the word annexation implies a single, military action. In this case there were several, distinct actions:
1. The Crimeans voted to leave Ukraine.
2. The Crimeans voted to join the Russian Federation.
3. The Russian Federation accepted Crimea.
International law allows for self-determination such as this.

Re: definition of annexation

[jrumney]

And somewhere in this fairytale of peaceful self determination a passenger jet was shot down by a Russian supplied anti-aircraft missile.

Re:

[dnaumov]

But of course, intercepted phone calls BEFORE the elections showing officials discussing what the official "we want to join Russia" percentage number should be shown as the result and voting when surrounded by people with automatic weapons is totally okay.

Re:definition of annexation

[Njovich]

Putting up soldiers in an area is taking by force, wouldn't you agree? You are now saying, if someone points a gun at you and asks for your money, they don't take it by force unless they also shoot you.

How do you know the referendum was free and fair? There sure as hell wasn't any monitoring and it was held by an illegally invading force. The force broke very other rule, why do you think they stuck up for democracy?

So the part where Russia illegally put unmarked soldiers in the area, and illegally held an unmonitored referendum is just a detail right? Your wonderful Russia committed an illegal act of aggression, that is fact. Maybe Russia had some 'moral right' to crimea, but that doesn't give you the right to do all this other stuff. Just own up to the fact that you lost Ukraine as a puppet state, didn't want to lose the navy base and so just did an illegal invasion.

Re:

[agaku]

Putting up soldiers in an area is taking by force, wouldn't you agree? You are now saying, if someone points a gun at you and asks for your money, they don't take it by force unless they also shoot you.

You can test your theory: After an annexation the people are not happy about the state of affairs and seek to reverse it (resistance). After a self-elected destiny the people living there are happy about the state of affairs.

Re:

[Njovich]

Do you have any internationally monitored and verified studies to confirm that? If you asked the nazis, all occupied territories were also super happy about them being there.

Re:definition of annexation

[Njovich]

Ah, quilty until proven innocent.

Funny how you can always recognize the Russian by them taking a victim role even if they are clearly the aggressor. You put unmarked soldiers in a country (this is clearly illegal and admitted to by Russia, going to deny this now?) and let them hold a referendum to join the same country the soldiers were from, and lied about the soldiers being there. You're damn right the onus is on you to either prove it being a legal action. Or just be a man like Putin and just accept the sanctions as the cost of doing business. You're country is not a country of innocent little fairies, accept that.

Plenty of countries were invited to monitor the referendum. Plenty of countries said no, because they knew that if they sent people to monitor the referendum they wouldn't have any option other than accepting the results.

They did not receive an invitation by the only country that could hold referenda there: Ukraine. If Chechnyan rebels would somehow return from their concentration/labour camps in Siberia and hold a referendum in Chechnya, that would also not be accepted by the OCSE as a valid referendum unless Russia agreed to it. Even without official observers lots of fraudulent or suspicious activity was reported by the OCSE in the Crimea referendum.

Re:

[Anonymous Coward]

They did not receive an invitation by the only country that could hold referenda there: Ukraine.

That would be the corporate version of democracy, where the people are only allowed to vote when the owners say so.

Did you know that the British didn't permit the USA to declare independence either?

Re:

[Njovich]

That would be the corporate version of democracy, where the people are only allowed to vote when the owners say so.

Nope, that's Sovereignty. Something that Russia is all obsessed about when it comes to areas such as Chechnya, South Ossetia and apparently (as you so clearly demonstrate) even areas outside of its country like Crimea. Corporate version of democracy is what you have in Russia, where a handful of powerful people decide everything. More regular name for that is Oligarchy.

Re:

[davidwr]

Annexation means taking a territory by force

Not necessarily, at least not in the United States.

In 1845, after years of pleading by the government of The Replubic of Texas (roughly land area of the present-day state of Texas), the United States annexed it.

Cities in the United States typically grow by annexation. Depending on which state they are in, this may be "by force," after a petitiion from those wishing to be annexed, or by an election after the city declares their intent to annex the land.

Re:

[arglebargle_xiv]

It's worse than that, sanctions can actually help the group in power. In Iraq, the higher-up Ba'ath Party members were in a position to bypass the sanctions and handed out sanction-busting favours to the people they needed support from while the ordinary population suffered. So the result of the sanctions was that it strengthened the Ba'ath Party's grip on power while hurting their opposition. The sanctions achieved the exact opposite of what they were supposed to do.

Re:

[Can'tNot]

Apologists for the sanctions will say it pushes the citizens to rise up and revolt against the leadership

It's not about apologizing, that's the explicit goal of sanctions. Do they work? Sometimes. They worked in Iran: President Rouhani campaigned on the promise of changing Iran's relationship with the west, ending the sanctions, and suspending Iran's nuclear weapons program. (Okay he claimed that it was never about weapons, but the clear implication was that he was going to do what it took to end the sanctions.) And he won, and he made a deal with western countries and (mostly) ended sanctions.

Yes, of cours

GitHub is dead.

[stooo]

GitHub is dead. or a walking dead.

What did you expect?

[Excelcia]

What did everyone expect when Microsoft bought GitHub? You don't let the scorpion on your back and carry it across and then be surprised when it stings you.

Crimea is Russia.

[Anonymous Coward]

Crimea has been Russia for 200 years.
If Crimea is not, then Alaska and Washington state is not USA, Hawaii is not USA, Texas is not USA, they are all occupied territories.

Re:

[Anonymous Coward]

Thanks comrade for the Donetsk point of view. Shoot any other civilian airplanes down lately?

Microsoft just shot itself in the head

[ghoul]

Now its not just US hardware companies , software companies have joined in the idiocy. What these actions are doing are promoting competitors to come up.
Time to emigrate form the US. This country is going down the shithole. Noone wants to live in a shithole country.

Especially silly for git.

[ron_ivi]

Thanks to its distributed nature, who cares if one hosting site goes dark.

Easy enough to push it to any other one.

Re:Especially silly for git.

[lkcl]

Thanks to its distributed nature, who cares if one hosting site goes dark.

Easy enough to push it to any other one.

Git is not distributed: it is replicable and synchroniseable. There is a massive difference. I wrote about what a truly distributed use of git looks like, over 10 years ago: https://web.archive.org/web/20... [archive.org]

Note, "Users will be able to decide whom to trust based on who contributes, not on who controls the project's web site."

And now, 11 years later, after people ABDICATE RESPONSIBILITY for hosting their services "for free" with github, now they are surprised to find that they're screwed over?

When will people learn not to trust centralised control?? 25 years ago I spent three years of my life working on samba-tng, undoing the damage caused by people trusting Microsoft with their files, and now you're doing it again with github! Fucking wake up, people!

Re:

[spire3661]

They wont learn. We had the mainframe to PC lesson, and that was a glorious revolution, but that time is gone.

Re:

[CaptainDork]

... who cares if one hosting site goes dark.

For the lay, this is kinda like if you're banned on Facebook and like, "who cares if one hosting site goes dark?"

You can move your shit ... where? How are people gonna find you?

Re:

[HiThere]

IIRC there's gitlab in Europe. Don't know of anyone else operating in that space, but it's reasonably easy to set up, just not easy to pay for.

Re:

[njdj]

No, it's not easy. The worldwide free-software development community needs to have hosting that serves the whole community, regardless of any one government's whims, but providing it is going to be difficult. The US government is powerful and wealthy and it will try to sabotage or cripple any globally-free hosting, by for example DDoS attacks, and it will also try to cut off its funding, as it did to Wikileaks.

Re:

[Sebby]

This country is going down the shithole.

The U.S. is already a shithole country, as per Donald Trump's actions.

Re:

[0100010001010011]

Blame the idiot ITAR corporations. They're lazy and Microsoft wants money.

I've seen much worse implemented ITAR than this, so it'd be a step up for a lot of companies like Boeing/GE.

Plus it'll give rise to some competition. OpenSource/Science doesn't care much about national boundaries.

My 500 levels controls class was taught by an Iranian-expat. A lot of neural net research is done in Russia and China.

Another competitor will arise. [Gitea](https://gitea.io/en-us/) can be run on some pretty bare bones hardwa

Gitea on home broadband or on VPS?

[tepples]

Gitea can be run on some pretty bare bones hardware.

Even if you have bare-bones hardware, you stlil need to connect that hardware to the Internet. If every individual user of GitHub with a public repository were to switch to, say, a Raspberry Pi 3B+ running Gitea on a home broadband connection, that might still not be enough to make the users' repositories available to the public. Because a lot of ISPs don't have enough IPv4 addresses to pass incoming HTTPS and SSH connections to all their home subscribers, they instead put home subscribers behind a NAT [slashdot.org]. Eac

Re:

[0100010001010011]

We are talking about ITAR data. All of that should be behind corporate firewalls.

Re:

[tepples]

GitHub can't offer any paid services to areas subject to a general embargo, not even private repositories containing non-ITAR data. It's not even clear whether those in embargoed countries are allowed to commit to public repositories.

Re:

[tepples]

Oracle is shutting down Dyn [slashdot.org], and its replacement (Oracle Cloud Infrastructure DNS) lacks dynamic DNS.

Even assuming that by "DynDNS" you meant the general concept of dynamic DNS, not the brand name: DNS maps hostnames to IP addresses, which doesn't help if your ISP hasn't assigned your computer a unique routable IP address. So if you want the public to see your Git remote, you have to pay for a VPS on which to run your Git remote.

Re:Microsoft just shot itself in the head

[lkcl]

Now its not just US hardware companies , software companies have joined in the idiocy. What these actions are doing are promoting competitors to come up.
Time to emigrate form the US. This country is going down the shithole. Noone wants to live in a shithole country.

I am sad but relieved that you recognise this. It is also sad to see that history is not teaching countries anything. 2019 and we see the same stuff that was scary to read about at school *being repeated, live*.

Here is another project that has been impacted:
https://list.libresilicon.com/... [libresilicon.com]

Their response: set up their own git server and a redmine bugtracker. They already run their own website. Likewise, I have been running my own resources for over 12 years now.

* gitolite3 is extremely nice, as it allows RW control even over particular branches.
* ikiwiki can be forked, and because the pages are autogenerated it is just served as static HTML. http://libre-riscv.org/ [libre-riscv.org]
* git-daemon presents the repos as HTML. http://git.libre-riscv.org/ [libre-riscv.org]
* bugzilla is so old it is funny. it's the only code written in perl that I will tolerate. its features however are so powerful that, now that it finally has comment editing, it can be forgiven being written in perl. http://bugs.libre-riscv.org/ [libre-riscv.org]
* mailing lists are mailman (which itself was easy, just follow the READMEs) with exim4 (which is anyrhing but). this honestly is where the pain starts. The rest was easy, however getting DKIM and getting exim4 configured and spam-free, I must have spent about four man months over the past 15 years on reading HOWTOs and getting the setup ever the more advanced. http://lists.libre-riscv.org/ [libre-riscv.org] contact me if you would like the exim4 configs (I have to sanitise them, remove passwords from them)

I "get" why people want to use "monetarily zero cost" services. They don't want the "inconvenience". The problem is, what price do you *really* pay for that "convenience"? That train wreck is starting to happen.

Re: Microsoft just shot itself in the head

[BytePusher]

We don't have a mass immigration problem. We have a mass education problem and a whole fuckton of gullible people. What the US has is a corporate problem. The reason there aren't enough jobs in middle America is the outsourcing of manufacturing encouraged since the 1990s. Neoliberal policies, low wages, free market healthcare, erosion of workers rights, bad trade deals, all have caused middle America to feel like they're under siege, and they're RIGHT. The problem is, people like Trump who have spent the

Most people are just plain honest people

[Rosco P. Coltrane]

who want to live their lives and go about their business in peace. That includes developers in Crimea or Cuba. All I see here is yet another instance of stupid geopolitics from stupid world leaders disrupting normal people's lives.

Fuck trade sanctions, US or otherwise.

Re:

[Anonymous Coward]

Seems anti-productive for the whole "move to the cloud" movement if companies can turn off the taps willy-nilly.

Re:

[HiThere]

Yes, and it should have been foreseen. Also it's not the worst defect of the cloud, with is either lack of security or goes down when the internet connection goes down, depending on your application.

Re:

[loonycyborg]

It's inconsistent too, for some reason only Crimea is targeted by those particular sanctions, not entire Russian Federation. It looks like particular people living in Crimea are singled out and punished for exercising their right of self-determination in a way not liked by US. This will not endear them to cooperation with any US-aligned powers in the future.

Russian troll farm chatter

[Ryzilynt]

Lots of AC Russian troll farm chatter in this discussion I think to myself.

Then I see 110010001000 post after a long raft of nonsensical bullshit, and it's confirmed.

Why Is Anyone Surprised?

[StormReaver]

This is the very natural consequence of putting anything important on servers you don't control (Cloud Computing). How many times are people going to allow themselves to be raped before they get out of bed with the rapists? People's lack of foresight always amazes me.

Money!

[CaptainDork]

Money! Money! Money! Money! Money! Money!

Great marketing.

It's the OTHER guy's fault.

Pay for hosting and GIT all you like to whoever.

[Seven Spirals]

If you put yourself in the power of the "cloud providers" you're going to get what they give you, including a hard time if that's what they choose to do. It's a private enterprise with their own agenda and values providing a free service. Personally, I've kept my $HOME in CVS (and more recently GIT) for about 24 years now. I host it on my own domain and servers etc... However, anyone can get a cheap VPS and host GIT or use dyndns and your home internet connection if your project is small enough. I know it pains some to hear it, but the "cloud" is a trap set by corporate interests who definitely do things like obey court orders.

Re:

[Seven Spirals]

You still need a central server to commit to. It's not like all the other maintainers in the GIT repo are going to give you their IP's and setup a way for you to sync, do you have your head that far up your ass or have you just never written any code in your life and don't really know how it works?

Crimea?

[Darinbob]

Last I checked, Crimea is not a country. Maybe GitHub knows something we don't?

Re:

[thegarbz]

Not we. Just you. Specifically Github knows that there are current US sanctions against the region known as the Cimean Peninsula.

Re:

[Uldis Segliņš]

This has little to do with Github, they get gag order from govnrment and have to comply. I am in no way an expert, but one seems strange for me - as far as I know, USA does not consider Crimea as part of Russia (https://www.rferl.org/a/u-s-issues-crimea-declaration-reaffirming-rejection-of-russia-s-annexation/29390681.html). So why is it acting with sanctions against Ukraine?

Re:

[Darinbob]

My point here is that it's not a country. Russia doesn't consider it an independent country, Ukraine doesn't believe that, probably even GitHub doesn't consider that. But the Zdnet article uses that word. Typical online journalism by wannabes.

Goodbye github

[BytePusher]

I should have said my goodbyes when Microsoft bought them, but I hoped they would do good. Wishful thinking considering Nadella pretty much said he would support the US NeoNazi party if they won the election: https://www.gamesindustry.biz/... [gamesindustry.biz]

Scientific Journals

[Epeeist]

So presumably the next step is to stop scientists working in these countries from publishing in journals produced in the US. I seem to recall this happening before, something like "Jewish science" and "Communist science".

I also note that the trade restrictions may have hit the publishers of bibles - https://www.worthynews.com/418... [worthynews.com]

Don't touch it - it's American

[dromgodis]

It seems that non-US-Americans and companies should be wary of dealing with american companies at all, since the rug can be pulled from beneath your feet by unpredictable whim.

Another example is that at least one european company that I know of, that is owned by a large american aircraft manufacturer, now has to dismiss workers that have citizenship in a sanctioned country even though the company they are employed by is registered in a country that does not have those sanctions.

How is GitHub Enterprise any different

[scdeimos]

GitHub Enterprise is subject to the same trade sanctions. Are Microsoft in fact publicly admitting "if you pay us money we will look the other way?" What the actual?

make them stop

[AndyKron]

The developers in those countries should tell their leaders to quit fucking with baby Trump so they can Git their Hub access back. Priase God, Vote Trumpcofeefee!

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Is this finally the end of Github?

[vbdasc]

Why is US EAR (Export Administration Regulation) concerned with Github? Like all the content in it is created in America? The arrogance... Looks like the fiasco with the export control of cryptography is happening all over again. What was the result of it? Everyone started hosting their open-source (and not only) projects outside of the US. I have no reasons to think that this time it will be any different.

Welcome to the

[AHuxley]

new CoC.
Welcome back to big tech.
Just like helping with PRISM.

Doesn't this violate the GNU GPL?

[themusicgod1]

At this point does this make it mandatory that ALL GNU/GPL projects must be available somewhere other than NSA/Microsoft Github?

7/27/2019 13:20 I can access his pages from Canada

[cubicle]

As of 7/27/2019 13:20 I can access those pages from Canada

Re:

[tepples]

Also, Gitea is open source too. So who the fuck cares about GitHub?

People behind ISPs that block external access to self-hosted Gitea, for one.

Re: Who the hell develops software in eastern Ukra

[reanjr]

Takes like 5 minutes to setup a Git server at AWS or Linode or Azure or Google Cloud or...

Re:

[tepples]

Takes like 5 minutes to setup a Git server at AWS or Linode or Azure or Google Cloud or...

All four providers that you listed require a valid credit card number before you can set up your Git remote. GitHub.com and GitLab.com do not for public repositories under a free software license.

Re:

[tepples]

Then why is it that open source developers seem to love Github so much?

Part of it is the ability to publish your repository without having to spend a ton of money leasing either A. a VPS for your Gitea instance or B. a non-NAT IP address to allow incoming connections to the Gitea instance on your home computer.

Re:

[tepples]

WTF is Gitea[1]?

Gitea is a piece of software that implements a Git remote. You install Gitea on your own computer or a computer that you lease. However, Gitea will accept connections only if the computer that it runs on can accept connections, and PCs behind many home Internet connections cannot.

With Git, you can have a public repository using any web server, and if you have ssh access, you can push directly. Just about every cheap virtual web hosting service can do the first, and most can do both.

But then you need money and a bank account with which to pay for a "cheap virtual web hosting service".