Politics/commentary on the sanctions themselves aside, I do not know why the author keeps harping so strongly on the fact that it was a "FREE" service. The cost of the service/product is irrelevant. You are still doing business with a company by using their product even if you aren't explicitly giving them currency.
It's also entirely irrelevant because the purpose of the sanctions has nothing to do with restricting GitHub's revenue, but instead is supposed to restrict the sanctioned user's ability to use that service, which is exactly what's happening here, "free" or not.
Why focus on the irrelevant paragraph about nuclear weapons and ignore the very next paragraph, which even says the same thing as the website notice? Github repository services aren't food or medicine, or otherwise exempted from sanctions, as far as I can tell. [1]
I had the same thought. I feel sorry for this individual, who is being hurt. However, his complaints make no sense. They're weird comments about "nuclear weapons" and "free" as if they had some relevance. Hint: they don't have ANY relevance.
The US has laws that specifically sanction Iran. Companies in the US must follow US law, or risk serious consequences, and so they're following the law as required. That's it. The blocking doesn't have anything to do with whether or not you're developing a nuclear weapon, or if the service is free. Details here:
https://www.treasury.gov/resource-center/faqs/Sanctions/Page... which say:
"630. Is the provision or delivery of goods or services to an Iranian counterparty after November 4, 2018 allowed?
[No, ] The wind-down period has ended and the United States intends to fully enforce the sanctions that have come back into effect. The provision or delivery of goods or services and/or the extension of additional loans or credits to an Iranian counterparty after November 4, 2018 — even pursuant to written contracts or written agreements entered into prior to May 8, 2018 — may result in the imposition of U.S. sanctions unless such activities are exempt from regulation, authorized by OFAC, or otherwise not sanctionable. The United States maintains authorizations and exceptions under U.S. sanctions that allow for the sale of agricultural commodities, food, medicine, and medical devices to Iran by U.S. persons and non-U.S. persons [in certain cases]."
GitHub provides a service that is not "the sale of agricultural commodities, food, medicine, and medical devices". So under US law there must be an attempt to block services to Iranians.
It's very reasonable to discuss whether or not the US should do this; argue away! But let's focus on what's actually happening, and not some irrelevant strawman argument.
I understand and applaud the intent of keeping extremely dangerous weapons out of the hands of just anybody. But the implementation is insane. Until recently, this same regulation was preventing people from freely distributing SSL libraries!
I also understand that Microsoft feels forced to act on this, but as a developer I consider it user-hostile and will investigate other alternatives. Losing access to your repositories on a whim with no chance to download backups is a worst-case scenario. This really vidates the concerns that people had when GitHub was acquired.
The US really needs to reassess a lot of its laws which heavily impact electronics - it's not just ITAR, but also things like the CFAA.
In the meantime, remember to mirror your repositories locally, because it looks like GitHub is no longer an unlikely point of failure.
I don't think this has anything to do with ITAR. It's a sanction that includes export restrictions, but it's a completely different law. I think the law you want to focus on is: CISADA (Comprehensive Iran Sanctions, Accountability, and Divestment Act of 2010).
ITAR is just one of several export control laws in the US. The Export Administration Regulations (EAR) is another. In most cases these don't interfere with international software development... but sometimes they do.
As someone who has to deal with ITAR stuff I couldn't agree more. For example, its ok for us to mirror a bunch of open source stuff on the public internet, but we cant put that mirror on a CD and ship it overseas. What a joke.
It's a bit much yeah. I started putting together a motion sensing unit, and realized (after leisurely reading related international law) that I had modified a component (changed its operating frequency) in a way that I may have had to declare it or talk to somebody in advance if I traveled with it outside the U.S. and Canada.
After dealing with stubborn, pedantic people in government, I don't even want to touch that unless I know there's good money in it.
I think it would be very cool if there were some tax credits or grant programs to offset the cost of compliance, particularly ones that don't require you to have a personal lobbyist to avail yourself of them.
My impression is that a lot of creative potential in arms and arms-adjacent (I actually agree with some of the ITAR's more dubious classifications to some extent, though I think there should be less onerous tiers of control for these things) industry is being squandered by unintended effects of the ITAR.
I cannot comment on the reasons, why's or whatnot of this particular issue, but I do wonder about the outcry of "not having access to download the repo"?
I mean, aside from maybe not having any forks (because you can fork another repo to your repo, but not do anything with it - so you may not have a copy) - your stuff should reside on your local box, right?
Unless you've been editing everything in the repo using the editors provided by github, or some other similar service, and never did a git clone of your own repo?
That is - you were using git...well, I can't say "wrong", but maybe "wrong-ish"...?
If I lost GitHub access I'd lose access to a couple dozen gists, certain branches I decided I didn't need locally any longer, and certain repos I started years ago and never felt the need to re-clone when I upgraded computers.
Github is not a backup service, but I can reasonably see how he doesn't have copies of everything locally
Yes you can. Git doesn't require GitHub to work. Anything from setting up your own git servers, to committing to repos on shared drives, to sending patches through email, you can do without GitHub.
This is not even about relying on a single third party service for anything critical to your business, this is just laziness to learn the tools you use.
Probably because you didn't know about these specific US law or maybe you heard it buy didn't think it applies to you. Finally the network effect makes sure that people think of GH as a global utility.
Reminds me of case when Slack blocked the accounts of Iranian s living outside of Iran(ie. Iranian national with Canadian permanent residency). Tech companies should be more careful with these blanket blocks. https://news.ycombinator.com/item?id=18724107
All this reminds me of the death throes of a dying empire.
The US is flailing incoherently. Most of it's actions are ultimately making it weaker. It's blown all it's its international credibility. It's spending about 50% of it's GDP on a worthless security state and rent seeking. And this sort of thing is tossing the US's corporate credibility in the fire.
They probably don't block on nationality as such, but on something like:
- Creation IP geocodes to Iran
- More than X% of the requests in last Y years came from IPs that geocode to Iran.
Just blocking requests from Iranian IPs will achieve nothing except move those users to proxies and VPNs. If the lawyers have decided that there needs to be a technical solution, they probably need to go with one that's not totally trivial to work around.
The alternative option would be some kind of proxy/VPN detection (which I assume Microsoft must have technology for already). But it seems particularly ill-suited for Github's business, since they must get a ton of valid traffic from datacenter IPs.
I don’t know anything about rules ghat might control blocking of accounts but, in general, US export regulations do say that conveying technology to a foreign citizen even face to face in the US is an “export”. The term for this concept is “deemed export”.
I know it's a super minor part of the story but did anyone else find it interesting GitHub is using AirTable to collect responses to accounts they are deactivating?
There is forgefed, connecting Git web services including gitlab by based on ActivityPub, but the spec looks still not fixed.
https://github.com/forgefed/forgefed
The US seems hellbent on giving up their world hegemony. Stopping people from using US software (or banks, money, etc) won't do anything else than hasten the flight to other systems and alliances.
The plan is of course to give those who flee the death penalty, but that never accomplished more than entertainment for the twisted.
It is sad to see such a great idea as the US nation behave so stupidly.
Using the law to do harm; it is the same country that put it's citizens of Japanese origin in camps, so doing something wrong to an Iranian developer is not something they care about.
"Eschew flamebait. Don't introduce flamewar topics unless you have something genuinely new to say. Avoid unrelated controversies and generic tangents."
It's also entirely irrelevant because the purpose of the sanctions has nothing to do with restricting GitHub's revenue, but instead is supposed to restrict the sanctioned user's ability to use that service, which is exactly what's happening here, "free" or not.