1. There's the obvious legal aspect i.e. how these laws are framed and interpreted.
2. Then there's the geopolitical aspect. Is it fair to impose sanctions on Iran.
3. There's another aspect around GitHub policy that asks if an entire organization be banned for the location of one team member.
4. Finally, there's the aspect of relinquishing control. Your app development is on the cloud. IDEs are on the cloud. Deployments are on the cloud. App stores are on the cloud.
You have relinquished so much control, why be surprised if that stares you back in the face?
Ironically, Git is a decentralized version control system.
We live in a market-based economy with highly specialized division of labor. The idea of "keeping control" of all our necessities and dependencies, is an archaic one. The system generally works, because we create sensible laws that foster trust, vet for partners who are trustworthy, and name-and-shame entities that violate our trust.
If you're a behemoth the size of FANG or a nation-state, maybe it is worth the effort needed to insulate yourself against these black-swan scenarios. But for a startup or small-medium-business that no one has heard of? That just sounds like bad prioritization.
All of which is to say... we should absolutely be surprised when a vendor like GitHub blocks an entire company because of an employee logging in from Iran while on travel. And this surprise, and the resulting name-and-shame, is what keeps the wheels of our economy turning.
If you're a small guy you get screwed and have no practical means of recourse. The little people are the ones who need to care about this kind of stuff.
As to what is archaic - I believe a point can be made that the division of labor thing can suit poorly our brave new cloud software world. You can't just buy things (or software) from others, and completely own them. If you are outsourcing some part of your business to others, you also lose a lot of sovereignty that is crucial to stay flexible and move fast. Apart from the fact that all these solutions are bundled with analytics that will play against you as soon as your supplier wants to become your competitor. And as I said before, staying in control is actually not that hard as soon as you know what you are doing, and can be a huge competitive advantage.
If GitHub is offline we can still setup a git server somewhere. I could offer my own for a quick startup. Mailing patches to each other, Linux kernel style, is not a viable backup plan. The cultural gap is too wide.
If Travis is down we can run tests locally.
We build the deployment artifact on one of our servers. If that one is down probably our production server is down too.
If Slack is down, ah, I was on vacation yesterday. I guess the fastest backup for us would be WhatsApp Web.
THAT SAID, it seems worth it for even a really tiny company to spend a half hour thinking about "what would I do if github (or AWS or google or the app store or whatever) cut me off?"
Probably in a lot of cases the answer is "call them and beg forgiveness" (i.e. if it's AWS), but for something like github it seems like "switch to gitlab" (or "deploy git server" or anything else) is a pretty easy move.
And Git is open source.
Github is a US-registered company under MS. The US has a history of weaponizing its economic power.
Stallman (RMS) was right once again.
https://home.treasury.gov/policy-issues/financial-sanctions/...
118. I have a client that is in Iran to visit a relative. Do I need to restrict the account?
A: No. As long as you are satisfied that the client is not ordinarily resident in Iran, then the account does not need to be restricted. See FAQ 37.
If they do that within the US market, that might be justifiable. But in this particular case, GitHub appears to enforce US foreign policy on what appears to be a company on the EU market. Also in what to me appears to be a rather ruthless, totalitarian, maybe even draconian way.
I'm pretty certain that absent this US law within the EU market, this action is arbitrarily discriminatory, and very likely constitutes inflicting serious damage on another company without a legal basis (within the US, yes .. outside the US, no).
GitHub may find itself stuck, between adhering to US laws and laws elsewhere (in this case EU, but China is probably a good example too). Still, is ultimately is a choice for GitHub to offer their products on multiple markets. If they have issues with that, they are free to exit a particular market. It certainly is never a valid excuse to start violating law in any market outside whatever country your headquarter might be located.
Tangentially, this rather typical popular belief that US companies can simply absolve themselves from legal liability, just by crafting clever TOS/EULA that supposedly does just that, has always confused to me. It was always my understanding that you can not create contracts that violate laws. In most countries with a somewhat sane state of law, governments really do not like or tolerate when companies start essentially making their own law in parallel. But apparently you can rewrite (even basic) law in the USA, as long as you can somehow get both parties to agree on it. Be that by free will or coercion.
Maybe it's time, for other parts of the world to no longer put up with this kind of bullshit, and demand that US companies actually adhere to the laws (and legal protections) that exist within their markets, or be free to buzz off and only operate on the US market alone.
With US foreign policy becoming increasingly self-serving, legally dubious, and in some case downright insane, having internationally operating companies enforcing those policies is becoming a seriously risky proposition for anyone outside the USA.
But git and github are not the same, as the latter contains a lot more extras in terms of functionality.
There are good github alternatives, like https://gitea.io
And if you then talk decentralized version of that, ForgeFed comes into picture. See https://forgefed.peers.community
As it happens there's a recent interest to evaluate that for implementation in Gitea (and maybe funded by NGI0):
GitHub is simultaneously not the be-all-and-end-all of Git[1] and more than Git[2].
If they have good backups of everything (if not they should consider this a beating with the ol' clue stick (I'm assuming everything on github can be backed up away from it?)) this should only be a bump in the road, though a considerably inconvenient bump as there is nothing they can just restore to and move on using without a pile of changes and/or admin work.
[1] pick a new location for the "source of truth" repo for your team, push everything to that, and you're golden again
[2] all the bits wrapped around it are available elsewhere, but not necessarily in a convenient ready-made integrated manner[3]
[3] there is GitLab of course, not a direct 1-1 feature mapping in either direction but close enough for many, I'm told performance is more of an issue but you can always self-host if controlling that is worth the extra admin to you
Its also pretty easy to mirror your repo to other remotes. I've had projects that were in Gitlab, Github and Sourcehut at the same time. Sure, depending on how you sync them, there may be some steps (eg getting people to push their local branches to another remote) when your main one becomes inaccessible, but overall its really easy to work across multiple remotes. Its something git was designed for, after all.
So there are Cloud services that make more sense to use in the long run, in this case Gitlab is one of them.
In this case Github is just unreliable piece of infrastructure. My phone provider bans me for receiving phone call from wrong country? Nice joke.
"Decentralisation" of Git has been a running joke since the beginning.
I think github is the last one at fault for this.
Yeah. Nobody else should be allowed to have nukes, or else the U.S. is gonna take his ball and go home.
Making it difficult for the IAEA to provide oversight is enough of a treaty violation, and that goes double when there is credible evidence that unauthorized enrichment was occurring.
Especially us europeans should not rely on American services at all.It's not worth it.
American corporations are just as much a liability as their counterparts in China.
One of the companies in the EU produces enterprise software almost no one on this website uses (SAP). The other is Dassault.
In the US the top five companies are Microsoft, Oracle, ADP, Adobe, and Salesforce. If you include Alphabet and Amazon, well...
When the EU or Asia (non-China, I guess) can offer mature alternatives even remotely competitive with the American companies, I guess your strategy could work. Until then, no one is going to flock to Hetzner over AWS.
And I like Hetzner.
[0]: https://en.wikipedia.org/wiki/List_of_the_largest_software_c...
Indeed there are viable local options for many of these things. Heck, the reason why European companies have so little relative marked share, is because they serve smaller, domestic, markets.
A Danish webshop provider probably has a better offering for a webshop for servicing the Danish market. It probably has better support for Danish accounting, better locale support etc.
The list employs some particular filters (e.g. SaaS seems to be excluded) and heavily emphasizes market cap over revenue.
What? SAP is a huge software that is used in a lot of companies.
Famous example: MS Windows having a marketshare of 96% should not necessarily stop you from designing your business around linux.
If you keep everything your business is at Amazon you better be prepared to Amazon booting you.
You don't need the market to flock to Hetzner or OVH to use it yourself and avoid US sanctions.
There are problems with the laws, copyright laws too, US gov agencies etc that are all incompatible with our own laws. If something bad were to happen, our own courts have zero power to help us. We also don't have a direct fiber line to America so all our traffic hops through Europe and more recently through South America, so about 200ms added to most requests.
The only reasons to use American hosting companies is because of:
1) The financial cost can in some cases work out to be lower than local options.
2) It can be easier to scale your service vs self-hosting on premisses.
3) American hosting platforms have really nice GUI's and tooling, while being well integrated with the billing side - everything mostly just works as expected.
But other than that, if money and skills are not a problem, then on-prem is best here.
Sure, please let me know how the EU plans to build Office 365, AWS, GitHub competitors of similar scale, quality and success.
We have no private investors that would pony up enough money to go against US tech titans and fat chance the EU would ever fund such initiatives and if they would, the money would evaporate over night to companies with political connections and overpriced consultants who would just produce documentation.
Let's face it, the ship of EU dominance in tech has sailed a long time ago, we might as well get comfy with the US pulling the strings on that front.
The only way the EU would ever stand a chance is if the EU would pull a Chinese style great firewall and outright ban foreign tech companies on their internal market, leaving space for local companies to spring up and fill the void but that will never happen.
However, if you cannot trust those products then you cannot use them.
Remember, this thread is about Github blocking an entire company due to one employee due to American politics. If a non-US company risks to lose it project management/code management (Github), its infrastructure (AWS) or its documents (Office 365) on a whim due to American policies then they cannot use those products.
If a big enough chunk of the world can't use the American offerings, then there is a market for alternatives.
You're right that it's probably too late to reverse all of this economic damage that the US has intentionally caused. It's a difficult problem for the world.
Did you miss this a couple of weeks back?
https://www.eetimes.eu/eu-signs-e145bn-declaration-to-develo...
It would be really interesting to know your opinion on what functionality in AWS is indispensable and what you can sacrifice in case Hetzner/OVH price for the rest is the same as AWS or lower.
There are no such plans. EU wields a lot of regulatory power. The most likely path of action would be to force MS/Amazon/etc. to spin-off their EU side of the business. And I believe that the companies have already prepared for this.
China requires access to your company code and pretty much owns you.
The USA government is interfering as much as Europeans government do, by making stupid laws and demanding access when they can think of an excuse. Sure, it's bad but it's not as bad as China.
You can't trust any government, but some are better than others.
Chinese and USA services should be avoided...
All US companies have to comply and majority of the tech companies are unfortunately in the US.
I know you can use a VPN and configure it on a router level to make sure that you are always connected via a VPN but just the fact that 1 slip-up can result in account level blocks (which google is notoriously good at and can essentially shut down your business) means no company would want to work with someone working from Iran.
Coming from a 3rd world country, I know the problems of internet censorship which Iranians also face but being too toxic to touch for everyone outside Iran because the US leadership thinks so is just infuriating and heart breaking.
Imagine being a programmer in Iran. Not only do you have less resources to learn and grow, you have a massive handicap to find good work as most work is outside of the country.
Only bet is to leave the country but even there you have a very low probability as you basically can't have a trial period for your job as most companies don't want to risk having their accounts blocked.
Most of us here know how degrading and infuriating the tech recruiting processes can be and now add to it the horrors of working from Iran.
Wars are not supposed to have civilian casualties but this one has a generation of civilians being starved of information and experience critical for them to grow.
I am not condoning the actions of the United States government, but arguably the Iranian Islamic theocratic regime has unleashed more horrors on the Iranian people in the last 50 years than any other foreign government.
This is the other side of the Enlightenment ideal that the legitimacy of a government can only come from the support of its people.
When you declare another people to be, literally, Satan, there may be resulting consequences.
We're not unaware of the impact of sanctions. Fundamentally, starving a generation of Iranians of information and experience is worth it if leads to civil unrest and regime change, therefore preventing Iran's current leaders from committing the genocide they've said they want to commit so many times.
I'm afraid you're mistaken, and that removing knowledge from people just makes the regime stronger.
Instead, providing the people in Iran with more knowledge and education would make even more people oppose the dictatorship, I'd think.
Not nuclear physics though, but GitHub yes sure.
Unfortunately, peace in the Middle-East would shift political power in all countries involved, shift government spending, reduce military aid from superpowers [1], and reduce the importance of the countries to the superpowers. A lot of power and money is trying to prevent that from happening.
You don't need to play along with those powerful people. They don't want to help you. Lasting peace would help you and your descendants much more than continuing the current situation.
This argument should apply to Israel, which is the biggest per capita committer of genocide, land theft, rape, and fraud in the entire world. The entire history of Israel is one of genocide, from the ancient world to today. We need BDS now and a just society would absolutely shun your nation until they respect human rights.
[1] https://github.com/go-gitea/gitea/issues/1612
[2] https://github.com/go-gitea/gitea/issues/9045
[3] https://gitlab.com/gitlab-org/gitlab/-/issues/6468
[4] https://gitlab.com/gitlab-org/gitlab/-/issues/33665
[5] https://opencollective.com/gitea
The real question here is why people even consider using US cloud companies when they know they have employees working in countries subject to severe US trade restrictions. If you're willing to risk your company being denied business with American companies, then you should also have a mitigation strategy when you get caught. It sucks that you have to work around US regulation to do normal business but this is just how the world works right now.
GitHub reaction is outrageously disproportionate. They should just prevent login from Iran. They had no basis for blocking a legitimate customer in Europe based on this.
I suppose this implies that the employee is Iranian.
The U.S. sanctions are pretty aggressive, and I don't think preventing login from Iran is anywhere near enough to comply. The law is the problem here.
Should it be this way? No. Is it entirely Github’s fault they overreact to any sign they’re serving Iranian users? Also no.
The US military has been wrestling with that reasoning for about 20 years. If the majority of attacks and intrusions on military infrastructure originate from a single nation state and there exists evidence that most such attacks are sponsored by that nation state it would make sense to simply block all IP addresses originating from that nation state. This does not occur because the attorneys will not allow it due to both diplomatic and legal reasons.
Does US law require application to such an extreme degree? If not, then why is GH doing it?
If you are German and USA decides to apply sancations on Germany because of NordStream2 tomorrow, well, good luck setting up your own gitlab ce...
118. I have a client that is in Iran to visit a relative. Do I need to restrict the account?
Answer
No. As long as you are satisfied that the client is not ordinarily resident in Iran, then the account does not need to be restricted. See FAQ 37.
Does everyone in the world need to subscribe to "a list of countries US jurisdiction doesn't like" just so we will be able to work, check email or review opensource code while being on holiday in an exotic country?
This simply wouldn't happen at my company because special permission is needed to take any company assets out of the country. If anyone at my company casually took a company laptop to Iran that would be instant termination. It absolutely astonishes me that a company wouldn't have a policy about taking company resources to foreign countries.
Beyond just the Iran issue, it's known that trade secrets on employee laptops are at risk when crossing some international borders, particularly in airports. Border agents can confiscate electronic devices on vague suspicions, compel you to unlock them (or hack them open in some cases), and then leave them in unsupervised settings with yet more border agents who have the barest electronic security training. These risks terrified me during my travels!
Regardless, this person logged into GitHub, which could have been from any device including a phone.
Presumably GitHub needs some automated tool to prevent inbound traffic from sanctioned countries, and it's hard to be certain that they are complying with US law if such automated tools have some wiggle room allowing for a non-zero amount of usage from sanctioned countries.
The whole situation isn't great, but none of it is GitHub/Microsoft's fault.
But they are responsible for understanding what's required under those laws. If they're going beyond what's required to comply with the law, then those further actions are entirely on them.
Or you get the alternate headline "Github facilitates Iran sanction evasion by allowing Iranian developers to mark themselves as 'visiting a relative'" and the associated charges.
Not really:
https://home.treasury.gov/policy-issues/financial-sanctions/...
pretty clearly states they don’t even need to ban that specific person let alone thr entire company.
https://github.blog/2021-01-05-advancing-developer-freedom-g...
To me, it means "against a law", and laws are made by countries (sure, parliaments of those countries or dictators or...), and generally apply only to that particular country (some things attempt to get a wider reach, but they are usually unenforceable unless there's a local company to pursue, most famous example being GDPR).
There are international conventions and the UN, but countries do not have to be signatories or members to any of them. And I've never heard anyone use the term "illegal" in that sense before.
So what do you mean with "clearly illegal"?
(fwiw, I am very much against the US acting as the "policeman of the world", but sanctions are a political tool to make someone less powerful comply; beats an invasion and bombing that USA has frequently resorted to)
I have now taken revenge on my whole company with minimal effort.
I think that some VPN services offer a "random server" access, so you are essentially playing Russian roulette if you just happen to log in via an Iranian server.
I steal with social engineering (or phishing or other method) the GitHub credentials of an employee from a company I wish to harm.
And then I simply log in GitHub(or use a VPN to appear in Iran) with those stolen credentials.
Sounds like a very easy DOS method.
We lost access to tens of thousands of dollars worth of project code which we had to rewrite.
The customer service support was Google style brick wall.
I wish this guy luck in getting access.
For example, someone has lost their password, email access, phone number, and 2FA app. Make them wait a month to regain account access.
If any time during that month, the account is used or logged into, cancel the takeover request. During the month, every day send an email to all points of contact on the account letting them know what will happen.
It's a trade-off of the harm of unauthorized access to a dormant account Vs blocking someone from accessing their data (that is probably not backed up, and probably took considerable effort to create).
Have an account-level setting to disable such a process, for the people who might be offline for extended periods.
Even with the positive spin you're trying to put on it, it still sounds like you are trying to steal data from your former employer.
The situation would probably also be easily resolvable with your former employer's help, and there is likely a reason they aren't helping you.
I’ve had really positive experiences with GitHub support, but you can’t ask them impossible things.
There’s a GitHub user with my org name, they’ve had it for a long time and aren’t active. I asked GitHub support to see if they were active and if they’d be willing to transfer the account. GitHub confirmed they were active but just with no public activity and they passed along the request.
I like that they were human and didn’t try to force the user to give up their account.
I’ve had multiple colleagues say that we should try to force the user and I don’t support that line of reasoning. The user has a legitimate use of the name.I like that GitHub took the high road,
What in your opinion should github do when an employee loses access to their company email, and 2FA, because they're fired? Should the employee gain access to all the code and the account by just contacting github via their personal email?
couldn't you "just" contact your previous employer?
anyway, why your private account was using job email :o
Consider also doing a regular local backup of all your repos. A quick Google search will yield you tools that will automate this entire process on platforms such as GitHub , BitBucket and GitLab. I personally delegated this to a Cron job. I check the backups manually once a month to check all is in order.
The twitter message says "We are completely blocked from deploying!."
Maybe they already have the source code elsewhere but use GitHub actions?
> we are working with the US government to secure similar licenses for developers in Crimea and Syria as well
That's also super cool to hear!
Related Thread: https://news.ycombinator.com/item?id=25648585
To show they've done what they can to enforce the embargo, in the hope that the policy is enough to satisfy the authorities wrt doing enough.
They can't tell is a user is circumventing the policy via a VPN, but such a user is actively circumventing the enforcement of the policy so can't try pass the buck with a "well they let us, so we just assumed it was OK" based excuse.
I use a ISP in the Netherlands that was founded only recently, I and frequently encounter sites that think I'm in Dubai, which is apparently where the previous owner of my IP block was located.
Fortunately, the only problems this seems to cause for the moment are that I occasionally get geo-blocked by some sites' overly-aggressive firewall rules, and I get Twitter ads in Arabic.
But I shudder to think what might happen should the UAE find itself under sanction.
It's not as if this isn't commonly known. But when you view sanctions as a de-escalatory alternative to outright conflict, which also has huge negative impacts on the people of the countries in conflict.
- sanction the leaders responsible and their buddies, the most common (that's what we do with russia, turkey, ...), hurt their wallet but ultimately is a soft sanction, and also your populace sees it as ineffective / nothing is done
- sanction the country directly, embargo, complete block, kick out of swift, that sort of stuff is what was done to Iran. Can only be done if you're part of the bigger/more powerful group. Massive effect, causes lots of poverty and pain for the populace but that's on purpose, so they are forcing their leaders to change some stuff. Doesn't always work, but both outcome are victories in a way: either the country is forced to change and stop the original abuse, or it doesn't change but is so crippled that it's not longer a problem.
This is bound to something very, very, important: if the country does change and does what you asked, you start lifting.
Part of the message that's more of an european rant: that's why Trump action on the Iran deal was a disaster, because, now the population doesn't believe it's their own leaders fault, and even if they did their leaders don't believe it would ease if they did what was asked. That's how you end up with a north korea.
According to every report I've seen, Iran was fully respecting their part of the deal, and allowing all the inspection necessary, when the USA did a "AHAH ! it's a trap !" trick on them and screwed them. You're not convincing countries to behave, you're telling them that if they don't behave, they better go all the way to the other side.
This is what I'm talking about. Even if I'm to agree with the purpose of the requested change, does it justify the means by which it's being procured?
Trump may have screwed it up even more, but sanctions of the second kind have been introduced on countries like Iran or Syria since the mid-80s afaik. No major change happened, but the idea of knowingly use the population of another country to pressure their government which is known to not be chosen democratically is basically a form of hostage situation, and is immoral imho.
They have refused to do that. Google did that with Gmail and made the argument that Gmail is an important utility for freedom of the people there. Microsoft can do the same.
They could simply block network access from Iran to make it easier. Otherwise, blocking without giving warning is wrong. Even banks give warning and deadline to their clients before closing accounts that are linked to sanctions. Why Github blocked the entire organization without proper communication and deadline to fix or clarify the issue?
It's also alright to blame people for interpreting laws too widely and too abusively. The legal and security departments are much at fault for this where they'll prefer to abuse people than to take up any kind of risk.
Personally, I'd rather a world where companies obey the law than one where they pick and choose what laws they would like to obey.
Essentially you're saying that Nat Friedman should risk 20 years in prison, and a million dollar fine per user in order to let Iranian developers use Github.
As much as I hate the idea of software not being freely available to everyone, I would not be willing to take that risk. I doubt many HN readers would.
I'll pick the legal way unless the profits I can make somehow outweigh the sanctions (legislators can make mistakes too) and there are no penal repercussions.
Another thing it also doesn't care about is the U.S.A. laws that prohibit those under 13 from effectively contributing.
The real issue is that many projects, many of which making sanctimonious statements about inclusivity they clearly caren't a bit about continue to operate through GitHub and other companies under U.S.A. control and remain reliant upon them for contribution.
The last time I assessed the matter, publishing on crates.io seemed to require a GitHub account, though I'm not sure whether this issue has now been fixed; I've certainly seen Rust preach and pat itself on the back how much it cares about not excluding anyone, but apparently Iran isn't so included.
Is it an X-ray machine? Does it use crypto? Is it more than 231 dpi? Well you can't export it to Middleeastistan.
https://www.bis.doc.gov/index.php/licensing/commerce-control...
Maybe Cuba has a very well known set of IP addresses and it's easy to block?
We were required to block traffic from sanctioned countries, and were allowed to use a Geolocation IP Database to do so. Lots of lawyers reviewed it, as well as external consultants.
On the flip side the US can do little if someone like China or Russia decide to trade with and help out Iran. The problem is the software sector is heavily dominated by the US, so they can disproportionately affect Iran.
Because terrorism implies violence. What kind of deaths result from economic embargo?
I don't know, it just looks like some kind of surveillance automation kicked in, froze the account, and customer service was slow.
Isn't it trivial for them to catch you at the border if they wanted to do it?
I mean, what do you need github for to integrate and deploy?
Also GitHub: "sorry you're from a wrong country"
git branch -m master main
GitHub has no choice into the matter short of moving all it's infra in another country.
This is a political issue, pressure need to be put on political leaders to change that stupid law.
Can most internet operations not run through companies who are registered and have servers in a country where most of those laws don't apply to customers who are not US citizen?
If you are ideologically motivated, you might do it. Apparently project Gutenberg has set up servers in locations with shorter copyright durations so that they can mirror public domain books. https://news.ycombinator.com/item?id=25610024
Companies pull tricks to optimize profits. Evading tax increases profit, but so does controlling the internet and sending blanket DMCA takedown requests instead of spending money on case-by-case review.
Heck, if the big companies wanted to avoid these things, they'd probably wouldn't be lobbying for these things.
Here comes a new employee onboarding document to sign: no Iranian VPN nor travel to Iran.
While it's certainly very convenient and economically reasonable to use cloud services for development and production, every company should have a plan B.
In this case, it's an absolute must to have daily backups of all repositories / all branches which are stored on premise. If your company is not doing that, you play the lottery of losing access to your own source code.
Then watch as bunches of companies are blocked from GitHub.
If the Iranian government wanted to have fun with US laws, they could totally set this up. And it wouldn't even be illegal.
* Is this a US Company?
* What was the employee doing in Iran?
* Is the employee an Iranian national?
* Was the company aware of this?
Headlines like this make me really scratch my head.
They are way too big to actually be penalized in a meaningful way and doing the right thing once in a while feels great.
The technology to realize a peer-to-peer alternative to GH is here. We just need to make it happen. IMO radicle.xyz is the most promising one right now.
> Hi Sebastian, sorry to hear about this. I will check into it right away and get your org unblocked.
https://twitter.com/natfriedman/status/1346452935924846593?s...
Pretty messed up that they built this kill switch in the first place though, if you ask me.
https://github.blog/2021-01-05-advancing-developer-freedom-g...
This sort of union between tech and politics is not going to take us anywhere.
But since they are the same, I bet you can show us where the USA holds a few (at least 5 digit range) people in abduction camps, just to name one difference. Now that would be interesting.
Their main problem is using SaaS for something as basic and important as version control. Than you have to deal with silly US laws.