GitHub Starts Blocking Developers In Countries Facing US Trade Sanctions (zdnet.com) 130

Posted by BeauHD from the restricted-area dept.
After a developer based in the Crimea region of Ukraine was blocked from GitHub this week, the Microsoft-owned software development platform said it has started restricting accounts in countries facing U.S. trade sanctions. GitHub lists Crimea, Cuba, Iran, North Korea, and Syris as countries facing U.S. sanctions. ZDNet reports: As the developer reports, his website https://tkashkin.tk, which is hosted on GitHub, now returns a 404 error. He also can't create new private GitHub repositories or access them. While his website could easily be moved to another hosting provider, the block does pose a challenge for his work on GameHub, which has an established audience on GitHub.

GitHub does offer developers an appeal form to dispute restrictions but [the developer] told ZDNet that, at this point, there's nothing to gain by appealing the restriction. "It is just pointless. My account is flagged as restricted and, in order to unflag it, I have to provide a proof that I don't live in Crimea. I am in fact a Russian citizen with Crimean registration, I am physically in Crimea, and I am living in Crimea my entire life," he said. "For individual users, who are not otherwise restricted by U.S. economic sanctions, GitHub currently offers limited restricted services to users in these countries and territories. This includes limited access to GitHub public repository services for personal communications only," it says.

GitHub notes on its page about U.S. trade controls that its paid-for on-premise software -- aimed to enterprise users -- may be an option for users in those circumstances. "Users are responsible for ensuring that the content they develop and share on GitHub.com complies with the U.S. export control laws, including the EAR (Export Administration Regulations) and the U.S. International Traffic in Arms Regulations (ITAR)," GitHub says. "The cloud-hosted service offering available at Github.com has not been designed to host data subject to the ITAR and does not currently offer the ability to restrict repository access by country. If you are looking to collaborate on ITAR- or other export-controlled data, we recommend you consider GitHub Enterprise Server, GitHub's on-premises offering."

  • Ridiculous (Score:4, Insightful)

    by 110010001000 ( 697113 ) on Friday July 26, 2019 @08:49PM (#58994930) Homepage Journal

    Trade sanctions on software are ridiculous in 2019. Information wants to be free!

    • Re: (Score:2)

      by Dunbal ( 464142 ) *
      If USERS are responsible for compliance then why is github taking action?

    • Re: Ridiculous (Score:5, Insightful)

      by jrumney ( 197329 ) on Friday July 26, 2019 @11:59PM (#58995632)
      Trade sanctions are ridiculous full stop. Take the example of Crimea. Crimea is on the sanctions list because it was annexed from Ukraine by Russia. The sanctions are not punishing Russia for that annexation, they are punishing residents of Crimea, no matter which side they support. And in cases like North Korea, where the leaders of the regime are theoretically in the group that the sanctions are punishing, the leaders always find ways around the sanctions, while ordinary citizens suffer even more than they were under the regime. Apologists for the sanctions will say it pushes the citizens to rise up and revolt against the leadership, but remember that these countries do not have a free media, and dissent against the leadership is dealt with swiftly and fatally so the actual effect is to feed the anti-western propaganda.

      • definition of annexation (Score:5, Insightful)

        by RandySC ( 9804 ) <`teN.retsagillaC' `ta' `toDhsalS'> on Saturday July 27, 2019 @12:51AM (#58995774)

        Annexation means taking a territory by force, the way Israel does it. In contrast, after the revolution in Kiev that was funded by the USA other western countries which replaced Yanukovych with Poroshenko, Crimean officials understood that there was no legitimate government in Ukraine. They then held a free and fair referendum, asking their people if they wanted to stay with Ukraine, post-coup, or petition the Russian government to become a member of the Russian Federation. They overwhelmingly voted to petition the Russian government to become part of the Russian Federation. Using the word annexation implies a single, military action. In this case there were several, distinct actions:
        1. The Crimeans voted to leave Ukraine.
        2. The Crimeans voted to join the Russian Federation.
        3. The Russian Federation accepted Crimea.
        International law allows for self-determination such as this.

        • Re: definition of annexation (Score:4, Informative)

          by jrumney ( 197329 ) on Saturday July 27, 2019 @01:29AM (#58995904)
          And somewhere in this fairytale of peaceful self determination a passenger jet was shot down by a Russian supplied anti-aircraft missile.

        • Re: (Score:2)

          by dnaumov ( 453672 )

          But of course, intercepted phone calls BEFORE the elections showing officials discussing what the official "we want to join Russia" percentage number should be shown as the result and voting when surrounded by people with automatic weapons is totally okay.

        • Re:definition of annexation (Score:5, Insightful)

          by Njovich ( 553857 ) on Saturday July 27, 2019 @06:37AM (#58996392)

          Putting up soldiers in an area is taking by force, wouldn't you agree? You are now saying, if someone points a gun at you and asks for your money, they don't take it by force unless they also shoot you.

          How do you know the referendum was free and fair? There sure as hell wasn't any monitoring and it was held by an illegally invading force. The force broke very other rule, why do you think they stuck up for democracy?

          So the part where Russia illegally put unmarked soldiers in the area, and illegally held an unmonitored referendum is just a detail right? Your wonderful Russia committed an illegal act of aggression, that is fact. Maybe Russia had some 'moral right' to crimea, but that doesn't give you the right to do all this other stuff. Just own up to the fact that you lost Ukraine as a puppet state, didn't want to lose the navy base and so just did an illegal invasion.

          • Re: (Score:1)

            by agaku ( 2312930 )

            Putting up soldiers in an area is taking by force, wouldn't you agree? You are now saying, if someone points a gun at you and asks for your money, they don't take it by force unless they also shoot you.

            You can test your theory: After an annexation the people are not happy about the state of affairs and seek to reverse it (resistance). After a self-elected destiny the people living there are happy about the state of affairs.

            • Re: (Score:2)

              by Njovich ( 553857 )

              Do you have any internationally monitored and verified studies to confirm that? If you asked the nazis, all occupied territories were also super happy about them being there.

        • Re: (Score:1)

          by davidwr ( 791652 )

          Annexation means taking a territory by force

          Not necessarily, at least not in the United States.

          In 1845, after years of pleading by the government of The Replubic of Texas (roughly land area of the present-day state of Texas), the United States annexed it.

          Cities in the United States typically grow by annexation. Depending on which state they are in, this may be "by force," after a petitiion from those wishing to be annexed, or by an election after the city declares their intent to annex the land.

      • It's worse than that, sanctions can actually help the group in power. In Iraq, the higher-up Ba'ath Party members were in a position to bypass the sanctions and handed out sanction-busting favours to the people they needed support from while the ordinary population suffered. So the result of the sanctions was that it strengthened the Ba'ath Party's grip on power while hurting their opposition. The sanctions achieved the exact opposite of what they were supposed to do.

      • Apologists for the sanctions will say it pushes the citizens to rise up and revolt against the leadership

        It's not about apologizing, that's the explicit goal of sanctions. Do they work? Sometimes. They worked in Iran: President Rouhani campaigned on the promise of changing Iran's relationship with the west, ending the sanctions, and suspending Iran's nuclear weapons program. (Okay he claimed that it was never about weapons, but the clear implication was that he was going to do what it took to end the sanctions.) And he won, and he made a deal with western countries and (mostly) ended sanctions.

    • GitHub is dead. or a walking dead.

    • What did everyone expect when Microsoft bought GitHub? You don't let the scorpion on your back and carry it across and then be surprised when it stings you.

  • Crimea is Russia. (Score:1)

    by Anonymous Coward

    Crimea has been Russia for 200 years.
    If Crimea is not, then Alaska and Washington state is not USA, Hawaii is not USA, Texas is not USA, they are all occupied territories.

    • Re: (Score:1)

      by Anonymous Coward

      Thanks comrade for the Donetsk point of view. Shoot any other civilian airplanes down lately?

  • Now its not just US hardware companies , software companies have joined in the idiocy. What these actions are doing are promoting competitors to come up.
    Time to emigrate form the US. This country is going down the shithole. Noone wants to live in a shithole country.

    • Especially silly for git. (Score:5, Insightful)

      by ron_ivi ( 607351 ) <<sdotno> <at> <cheapcomplexdevices.com>> on Friday July 26, 2019 @09:10PM (#58995014)

      Thanks to its distributed nature, who cares if one hosting site goes dark.

      Easy enough to push it to any other one.

      • Re:Especially silly for git. (Score:5, Insightful)

        by lkcl ( 517947 ) <lkcl@lkcl.net> on Friday July 26, 2019 @10:16PM (#58995278) Homepage

        Thanks to its distributed nature, who cares if one hosting site goes dark.

        Easy enough to push it to any other one.

        Git is not distributed: it is replicable and synchroniseable. There is a massive difference. I wrote about what a truly distributed use of git looks like, over 10 years ago: https://web.archive.org/web/20... [archive.org]

        Note, "Users will be able to decide whom to trust based on who contributes, not on who controls the project's web site."

        And now, 11 years later, after people ABDICATE RESPONSIBILITY for hosting their services "for free" with github, now they are surprised to find that they're screwed over?

        When will people learn not to trust centralised control?? 25 years ago I spent three years of my life working on samba-tng, undoing the damage caused by people trusting Microsoft with their files, and now you're doing it again with github! Fucking wake up, people!

        • They wont learn. We had the mainframe to PC lesson, and that was a glorious revolution, but that time is gone.

      • ... who cares if one hosting site goes dark.

        For the lay, this is kinda like if you're banned on Facebook and like, "who cares if one hosting site goes dark?"

        You can move your shit ... where? How are people gonna find you?

        • Re: (Score:2)

          by HiThere ( 15173 )

          IIRC there's gitlab in Europe. Don't know of anyone else operating in that space, but it's reasonably easy to set up, just not easy to pay for.

    • Re: (Score:2, Troll)

      by Sebby ( 238625 )

      This country is going down the shithole.

      The U.S. is already a shithole country, as per Donald Trump's actions.

    • Blame the idiot ITAR corporations. They're lazy and Microsoft wants money.

      I've seen much worse implemented ITAR than this, so it'd be a step up for a lot of companies like Boeing/GE.

      Plus it'll give rise to some competition. OpenSource/Science doesn't care much about national boundaries.

      My 500 levels controls class was taught by an Iranian-expat. A lot of neural net research is done in Russia and China.

      • Gitea can be run on some pretty bare bones hardware.

        Even if you have bare-bones hardware, you stlil need to connect that hardware to the Internet. If every individual user of GitHub with a public repository were to switch to, say, a Raspberry Pi 3B+ running Gitea on a home broadband connection, that might still not be enough to make the users' repositories available to the public. Because a lot of ISPs don't have enough IPv4 addresses to pass incoming HTTPS and SSH connections to all their home subscribers, they instead put home subscribers behind a NAT [slashdot.org]. Eac

    • Re:Microsoft just shot itself in the head (Score:4, Informative)

      by lkcl ( 517947 ) <lkcl@lkcl.net> on Friday July 26, 2019 @10:38PM (#58995366) Homepage

      Now its not just US hardware companies , software companies have joined in the idiocy. What these actions are doing are promoting competitors to come up.
      Time to emigrate form the US. This country is going down the shithole. Noone wants to live in a shithole country.

      I am sad but relieved that you recognise this. It is also sad to see that history is not teaching countries anything. 2019 and we see the same stuff that was scary to read about at school *being repeated, live*.

      Here is another project that has been impacted:
      https://list.libresilicon.com/... [libresilicon.com]

      Their response: set up their own git server and a redmine bugtracker. They already run their own website. Likewise, I have been running my own resources for over 12 years now.

      * gitolite3 is extremely nice, as it allows RW control even over particular branches.
      * ikiwiki can be forked, and because the pages are autogenerated it is just served as static HTML. http://libre-riscv.org/ [libre-riscv.org]
      * git-daemon presents the repos as HTML. http://git.libre-riscv.org/ [libre-riscv.org]
      * bugzilla is so old it is funny. it's the only code written in perl that I will tolerate. its features however are so powerful that, now that it finally has comment editing, it can be forgiven being written in perl. http://bugs.libre-riscv.org/ [libre-riscv.org]
      * mailing lists are mailman (which itself was easy, just follow the READMEs) with exim4 (which is anyrhing but). this honestly is where the pain starts. The rest was easy, however getting DKIM and getting exim4 configured and spam-free, I must have spent about four man months over the past 15 years on reading HOWTOs and getting the setup ever the more advanced. http://lists.libre-riscv.org/ [libre-riscv.org] contact me if you would like the exim4 configs (I have to sanitise them, remove passwords from them)

      I "get" why people want to use "monetarily zero cost" services. They don't want the "inconvenience". The problem is, what price do you *really* pay for that "convenience"? That train wreck is starting to happen.

  • Most people are just plain honest people (Score:5, Insightful)

    by Rosco P. Coltrane ( 209368 ) on Friday July 26, 2019 @09:25PM (#58995080)

    who want to live their lives and go about their business in peace. That includes developers in Crimea or Cuba. All I see here is yet another instance of stupid geopolitics from stupid world leaders disrupting normal people's lives.

    Fuck trade sanctions, US or otherwise.

    • Re: (Score:1)

      by Anonymous Coward

      Seems anti-productive for the whole "move to the cloud" movement if companies can turn off the taps willy-nilly.

      • Re: (Score:2)

        by HiThere ( 15173 )

        Yes, and it should have been foreseen. Also it's not the worst defect of the cloud, with is either lack of security or goes down when the internet connection goes down, depending on your application.

    • It's inconsistent too, for some reason only Crimea is targeted by those particular sanctions, not entire Russian Federation. It looks like particular people living in Crimea are singled out and punished for exercising their right of self-determination in a way not liked by US. This will not endear them to cooperation with any US-aligned powers in the future.

  • Lots of AC Russian troll farm chatter in this discussion I think to myself.

    Then I see 110010001000 post after a long raft of nonsensical bullshit, and it's confirmed.

  • This is the very natural consequence of putting anything important on servers you don't control (Cloud Computing). How many times are people going to allow themselves to be raped before they get out of bed with the rapists? People's lack of foresight always amazes me.

  • Money! Money! Money! Money! Money! Money!

    Great marketing.

    It's the OTHER guy's fault.

  • Pay for hosting and GIT all you like to whoever. (Score:4, Insightful)

    by Seven Spirals ( 4924941 ) on Friday July 26, 2019 @11:54PM (#58995612)
    If you put yourself in the power of the "cloud providers" you're going to get what they give you, including a hard time if that's what they choose to do. It's a private enterprise with their own agenda and values providing a free service. Personally, I've kept my $HOME in CVS (and more recently GIT) for about 24 years now. I host it on my own domain and servers etc... However, anyone can get a cheap VPS and host GIT or use dyndns and your home internet connection if your project is small enough. I know it pains some to hear it, but the "cloud" is a trap set by corporate interests who definitely do things like obey court orders.

  • Crimea? (Score:3)

    by Darinbob ( 1142669 ) on Saturday July 27, 2019 @12:46AM (#58995760)

    Last I checked, Crimea is not a country. Maybe GitHub knows something we don't?

    • Not we. Just you. Specifically Github knows that there are current US sanctions against the region known as the Cimean Peninsula.

  • I should have said my goodbyes when Microsoft bought them, but I hoped they would do good. Wishful thinking considering Nadella pretty much said he would support the US NeoNazi party if they won the election: https://www.gamesindustry.biz/... [gamesindustry.biz]

  • So presumably the next step is to stop scientists working in these countries from publishing in journals produced in the US. I seem to recall this happening before, something like "Jewish science" and "Communist science".

    I also note that the trade restrictions may have hit the publishers of bibles - https://www.worthynews.com/418... [worthynews.com]

  • It seems that non-US-Americans and companies should be wary of dealing with american companies at all, since the rug can be pulled from beneath your feet by unpredictable whim.

    Another example is that at least one european company that I know of, that is owned by a large american aircraft manufacturer, now has to dismiss workers that have citizenship in a sanctioned country even though the company they are employed by is registered in a country that does not have those sanctions.

  • GitHub Enterprise is subject to the same trade sanctions. Are Microsoft in fact publicly admitting "if you pay us money we will look the other way?" What the actual?
  • The developers in those countries should tell their leaders to quit fucking with baby Trump so they can Git their Hub access back. Priase God, Vote Trumpcofeefee!
  • Delete GitHub. Go Bitbucket.

  • Why is US EAR (Export Administration Regulation) concerned with Github? Like all the content in it is created in America? The arrogance... Looks like the fiasco with the export control of cryptography is happening all over again. What was the result of it? Everyone started hosting their open-source (and not only) projects outside of the US. I have no reasons to think that this time it will be any different.

  • new CoC.
    Welcome back to big tech.
    Just like helping with PRISM.
  • At this point does this make it mandatory that ALL GNU/GPL projects must be available somewhere other than NSA/Microsoft Github?

  • As of 7/27/2019 13:20 I can access those pages from Canada

