Skip to content

Top New Best Ask Show Jobs

GitHub and Trade Controls | Better HN

GitHub and Trade Controls (opens in new tab)

(help.github.com)

79 pointsbass3l6y ago71 comments

71 comments

These rules are so stupid and actually hurts no one but the poor individual developer, a few years ago I used to live in Syria before the events. I had to find 3rd party mirrors or VPNs for the stupidest shit... like Nvidia graphics driver, adobe flash player, Java runtime and silly stuff like that, some ISPs had public download pages where you can find these general utilities most of it was outdated but does the job.

I guess the US is afraid that terrorists may develop weapons using Adobe flash player xD

themacguffinman6y ago

> I guess the US is afraid that terrorists may develop weapons using Adobe flash player xD

This is a glib take on US sanctions regardless of whether you feel US sanctions are appropriate. Sanctions are just a weapon, they're not supposed to specifically ban things that are useful to terrorists. It doesn't matter if terrorists use Adobe flash player or not. What matters is that the bans make life worse for Syrian people and their government. Clearly, it's working, because even savvy Syrian developers have to scramble to find illegal/unofficial 3rd party mirrors and VPNs to access basic downloads which, even if it "does the job", can be severely outdated. Enough of a problem that you're coming to this forum and complaining about it.

guitarbill6y ago

It's also a huge waste of time for companies in the US, and to companies all over the world that use US-based services like GitHub.

> GitHub.com may not be used for purposes prohibited under applicable export control laws, including purposes related to the development, production, or use of nuclear, biological, or chemical weapons or long range missiles or unmanned aerial vehicles.

Not only is this sentence an affront to the English language, but I hope you aren't trying to develop any drone software on GitHub...

If you're trying to develop any technology which requires trade secrets or IP protection -> you should not be using a public SaaS.

leggomylibro6y ago

You mean like this?

https://github.com/intel-aero

rednixion6y ago

That's a pretty common sentence actually and is hidden away in the agreement text or the back of the manual on most things (drone bit looks new though).

>I guess the US is afraid that terrorists may develop weapons using Adobe flash player xD

Don't forget the old iTunes TOS.

It's honestly about time.

I've been sounding the alarm bells about ITAR, DFARS, EAR compliance for a while now! None of the software vendors I've talked to seem to understand that it is AGAINST THE LAW to upload customer supplied IP to their super-secure Cloud based product that they're trying to get me to switch too. "The lowest TCO, you'll get ROI in 6 months!"

Ya, but are you compliant with NIST 800-171 requirements?

"Ohhh, uhhh... I don't know. I'll ask the engineering team but I'm sure we're fine!"

Ya, ok.

stingraycharles6y ago

I suspect this is one of the things that Microsoft has more experience with, and we might be seeing their influence here.

This is like 95% of startups and companies who've raised under $100m USD.

It's funny how people used to complain that code.google.com did this but github didn't, and didn't like the answer that "the difference is that Github is not compliant with the law".

I suspect people will now complain that github does this but <x new service> does not :)

That's a good reminder that, given the slight deterioration of the USA strategic/diplomatic stability in the past few years, using any US-based services without a strictly non-US backup is like playing poker.

And it happens we're a lot to play poker here.

ITAR has been in place for decades...

mindslight6y ago

Things had been getting better though, rather than worse. When was the last time someone had to publish cryptographic software by printing it on a stack of paper?

Trump has been in place for 2 years.

You seem not to see the true damages he and his team did to, for a start, transatlantic alliances.

And that this is not headed the right way for the next decade either.

This is just sad. I feel for all my open source developers in these countries.

I feel for all my peers who I spent my undergrad with in Iran.

These archaic laws need to be deleted. America needs to be shamed for making it so hard for people to gain skills in these countries. Companies need to be shamed for not challenging these laws.

abstract76y ago

Shame should be directed at the sanctioned govts like that of Cuba that jail or kill people for political dissent. And shame on companies that help them. These regimes are unelected or sponsor terrorism, like Iran. They must not grow. It's a bad situation all around and there is no other peaceful alternative. Crippling these govts provides them with less resources to setup extreme surveillance grids and control, like China who has Muslims under total surveillance and has 1 million of them in a camp (they aren't trying to sneak into China). They also harvest political prisoner organs and millions of unregistered women are in hiding because of the 1-child policy (not too mention females are aborted at an extreme rate). Iran's people have a shot because it's hard for the govt to control them with limited resources. The Soviets were energized by not so bad relations with the West after WII. That gave them the build up for future proxy wars and destroying pockets of dissent, including entrenching the CPB and North Korea. And if we didn't resist and sanction, hundreds of millions would now be under the thumb of the Soviets and possibly under German Nationalist Socialists if the free world did not fight and sanction them too.

Are you sure that you know where do you live yourself? How many people life have USA ruined or ended for only it's own good? should I mention the whole Africa, Iraq, Afghanistan, Palestine, Iran, .... USA has ruined these people life only for the money and power. USA starts many of the terrorism groups, don't be blind, nobody create these groups nearby himself. It does this so it can sell it's weapons. It's like USA has made a playground way outside of his home, starting fights and selling weapon to them to fight and get money out of it and showing itself no related and sorry for all of these. Do you even understand not being able to buy a simplest drug for cancer of your close people what can do to you?

How is this related to people being limited?

Why is this even a point? Would you be happy if I took away your kids future by pointing out however many fucked up things your country has done?

> Travel in these regions may impact your account status,...

?!?@!

nness6y ago

I believe Slack did this too; if you've ever signed-in to Slack within a country that is currently restricted, your account was just deleted without warning.

kevsim6y ago

Except GitHub seems to be handling it a lot more professionally. A clearer written policy and process for appeals - as opposed to Slack that did a behind the scenes change and borked a bunch of accounts.

Thats a good one! One more reason not to use Slack.

mindslight6y ago

When you give every company a log of your rough location, it's not surprising they'll find ways to abuse it contrary to your interests. Information can't be used to hassle you if you're not leaking it in the first place. We're at the point where it's just basic laziness to not be using a VPN that decouples your network access address from what webservices see.

If you travel to a Forbidden Zone, find they block wireguard, and don't have time to set up obfsproxy, that's a much more straightforwardly manageable outcome than being arbitrarily messed with after your return.

vorpalhex6y ago

TLDR, you can visit these countries with the right visas and paperwork and nobody cares if you're a tourist. If you visit for several months out of the year and clearly have a business relationship with these sanctioned countries, then you have problems.

rad_gruchalski6y ago

“GitHub.com may not be used for purposes prohibited under applicable export control laws, including purposes related to the development, production, or use of nuclear, biological, or chemical weapons or long range missiles or unmanned aerial vehicles.“

So anybody developing any kind of drone and hosting on github is breaking the law?

smudgymcscmudge6y ago

There's no law saying it's illegal to develop on github specifically. If it's against the law, it's against the law regardless of github's policies.

Basically yes.

rad_gruchalski6y ago

That was a rhetorical question. But, yeah, wow.

elygre6y ago

I find it awesome that they actually have a defined and documented Appeals Process.

Related to this post I just made: https://news.ycombinator.com/item?id=20527070

ezoe6y ago

Reminds me of a US based PC vendor(I think it was Dell or IBM) whose web site store has a check box like : I do not use this product for nuclear weapon development.

stunt6y ago

Wow! What kind of product was it? I assume it wasn’t a laptop or a general purpose server hardware.

op00to6y ago

I've had to certify that license term when I bought servers for an academic research lab that did nothing with nuclear energy. (We actually worked with infectious diseases, way more dangerous imo!)

Regular computers can't be exported to ITAR restricted countries generally.

Seems a real shame there's no mainstream alternative not subject to the US' belligerent foreign policy. Does anyone know if Gitlab is subject to the same restrictions?

The sanctioned countries and regions fall even further behind and open source developers have to deal with the fallout of America's broken foreign policy.

Any SaaS run out of a first world country is subject to this.

AFAIK its probably not illegal to run your own Git/SVN server...

This page doesn't appear to have a date on it. Is this something new that GitHub is doing? If so, is this Microsoft's influence we're seeing?

bass3lOP6y ago

Yes it's new, my repos were disabled today

rwmj6y ago

What was the particular reason given?

How feasible is for Github to create an EU organization, which is effectively mirror of github.com? So all commits, issues,... are cloned in both. But .eu usage is not governed by US law. Also, repos can be blacklisted from .com/.eu based on rules.

jrochkind16y ago

I would not be optimistic about that working as any kind of legal loophole to get around US export restrictions. I don't know any reason it would. (I am not a lawyer).

Correct, GitHub would then become the exporter and be in violation of ITAR.

What if users had the option to host repositories in EU servers run by the EU subsidiary? There's no exporting then right?

anticensor6y ago

Svalbard has zero VAT and expenditure taxes, natural cooling and very few trading sanctions.

Its part of Norway...

tzs6y ago

OT:

> On which countries and territories are U.S. government sanctions applied?

> Crimea, Cuba, Iran, North Korea, and Syria.

Crimea? Isn't that part of Russia now, so what is the point of sanctions against Crimea? To affect Crimean policy wouldn't they need to sanction Russia, not Crimea?

true_religion6y ago

Policy lets you sanction individual regions of a country by saying the port of entry or destination port is subject to sanctions.

So you can take a ship with X to Russia proper, but not to Crimea. Or you can work with a Russian bank, but not a Russian bank based in Crimea.

It's like how Hong Kong is considered a separate territory, despite being a part of China.

j / k navigate · click thread line to collapse