back to article GitHub builds wall round private repos, makes devs in US-sanctioned countries pay for it

Microsoft-owned GitHub has slapped restrictions on users residing in certain countries as the company bows to restrictions resulting from US sanctions, according to a hand-wringing tweet from CEO Nat Friedman. Friedman took to Twitter over the weekend after users began noticing their accounts had been mysteriously blocked. …

  1. revenant Silver badge

    "Vulture Central is almost definitely on some sort of list by now."

    I would hope so. Falling down on the job if you're not.

  2. Rich 2

    Why make things complicated?

    Why would you need to use a "GitHub Enterprise Server" or BitBucket or whatever? Jut run a local git (or other version control system of your choice) repository.

    If fact, why not do this anyway? It's not like it costs much (for most uses, it's just a PC sat on the internet. Fallover/load balancing is an optional extra of course, but even for a small company, the cost is minimal).

    1. richardcox13

      Re: Why make things complicated?

      GitHub, GitLlab, Azure DevOps, BitBucket and other git hosting services do more than host git.

      All that issue/work tracking, documentation pages, ...

      Coordinating a project involves more than the source code.

      1. ibmalone Silver badge

        Re: Why make things complicated?

        As an alternative to GitHub enterprise they could run their own instance of the open source version of GitLab instead.

        1. Ogi

          Re: Why make things complicated?

          Or even one of the other such systems. I personally use "gitea" for my personal repos, which I am very happy with.

          The only problem for public repos (and indeed the only reason I use github) is the issue of account management and logins.

          It is a pain to convince people to sign up to yet another online service, create account, passwords, etc... and manage it. Github at least has the benefit of the network effect (i.e. most people already have an account), so it is easy to put a public repo there and have people contribute.

          If you run your own public git repo, anyone who wants to contribute has to create an account on your server, and on the server of everyone else they want to contribute to, and vice versa. It rapidly becomes a headache.

          There were attempts to get this sorted out (OAuth is the one that comes to mind now), but nothing ever really succeeded. That is where these centralised repos make more sense. However with centralisation you get issues of control like this, where they can pull the rug from you at a moments notice.

      2. Doctor Syntax Silver badge

        Re: Why make things complicated?

        "All that issue/work tracking, documentation pages, "

        Isn't it a shame the FOSS community never got round to tackling such issues. It would be great if you could just Google something like turnkey linux and get a complete server image prebuilt to handle all this stuff.

      3. teknopaul Silver badge

        Re: Why make things complicated?

        Running a git backed wiki is not hard.

        Neither is running a bug tracker.

        I find with bug tracking software less is more.

        If code is your business, I would not recommend being dependent on github.

        1. phuzz Silver badge

          Re: Why make things complicated?

          "I find with bug tracking software less is more."

          Presumably less bug tracking leads to more bugs?

          Although, if you weren't tracking them, you might think there were less.

  3. LDS Silver badge

    Someone in North Korea has a private GitHub repo?

    That's real news!

    1. macjules Silver badge

      Re: Someone in North Korea has a private GitHub repo?

      Nuclear launch codes don't just generate themselves you know. Even despots need their own private store.

      1. IGotOut
        Unhappy

        Re: Someone in North Korea has a private GitHub repo?

        Whereas western governments would stick em on a AWS instance, without a password of course.

  4. ecofeco Silver badge

    Who did not see this coming?

    We knew MS would pull some kind of fuckery stunt but to see them go to "extinguish" this fast is still stunning.

    1. big_D Silver badge

      Re: Who did not see this coming?

      You mean the US Government.

      GitHub would have had to do this, regardless of whether they were still independent or part of Microsoft.

      The same for GitLab and BitBucket.

      1. Anonymous Coward
        Anonymous Coward

        @big_D - Re: Who did not see this coming?

        So this means Microsoft will now hand over any of your data to US government if compelled because they have to comply with US regulations isn't it ? Say it ain't so!

        1. big_D Silver badge

          Re: @big_D - Who did not see this coming?

          The same as any other company with a presence in the USA, in theory, yes. In practice, Microsoft have a track record of testing in court, whether they have to hand the data over, at least in some cases, where there is no precedence.

          Such as the Irish data center being in the USA...

          1. Doctor Syntax Silver badge

            Re: @big_D - Who did not see this coming?

            Up to a point. They seemed delighted when the CLOUD Act came in.

            1. LDS Silver badge

              Re: @big_D - Who did not see this coming?

              Sure, because it covered their butts - that's what they wanted when they tested the "Irish email" case in courts. Otherwise they could have become liable. and have to shell out a lot of money...

      2. macjules Silver badge
        Facepalm

        Re: Who did not see this coming?

        Except that BitBucket is Australian.

        1. RunawayLoop

          Re: Who did not see this coming?

          HAHAHAHAHAHAHAHAHAHAHAHAHA

          Wow so funny. Do you seriously think that BitBucket "being Australian" means anything to the US?

          Maybe you should read a little story about a man named Assange, who like BitBucket, is also Australian.

        2. big_D Silver badge

          Re: Who did not see this coming?

          And they have a presence in the USA, so have to comply anyway.

    2. overunder Bronze badge

      Re: Who did not see this coming?

      Does this even fall under those government restrictions? Doesn't seem like it should or else you can't carry any printed text when you physically visit those countries. This sounds more like if Microsoft can't make money off of you, forget it.

      1. Anonymous Coward
        Anonymous Coward

        @overunder - Re: Who did not see this coming?

        Exactly! How comes only free access to GitHub is subjected to US regulations ?

        1. ibmalone Silver badge

          Re: @overunder - Who did not see this coming?

          Exactly! How comes only free access to GitHub is subjected to US regulations ?

          From the fine article:

          Affected users were presented with a yellow warning message with little or no warning last week as access to private repos on the service were summarily blocked.

          From one of the Friedman tweets in the fine article:

          Public repos remain available to developers everywhere – open source repos are NOT affected.

          While they do offer free private repositories this move affects both paid and free private repos.

          To comply with US sanctions, we unfortunately had to implement new restrictions on private repos and paid accounts in Iran, Syria, and Crimea.

      2. eldakka Silver badge

        Re: Who did not see this coming?

        Doesn't seem like it should or else you can't carry any printed text when you physically visit those countries.

        With printed text, the service provided was to print the text. So once you have the paper in your hands with the text on it, the service has been completed. Therefore you carrying that printed material is not a service, you already had it, and you are carrying it around.

        Online stuff is being provided as a service every single time you access the site. It is an ongoing and continuous service (which, BTW is why IT corporations like MS, Amazon, etc, love the cloud because it means you have to continually pay to access the services, your services, rather than a one-off service charge like a kinkos printing a document). And since services are being sanctioned, you lose access to that service if you are in an affected country.

      3. phuzz Silver badge

        Re: Who did not see this coming?

        "Doesn't seem like it should or else you can't carry any printed text when you physically visit those countries."

        That would be joined-up thinking.

        Back in the day it was illegal to export PGP from the United States, but the source code complied into a book was free to be sent anywhere in the world, where you could type it in and compile it legally.

  5. Jamie Jones Silver badge

    Blame Maxi-Boris

    I've based Microsoft lots in the past, but in this case, how can you blame them?

    They have to abide with the law.

    Trump is the problem, and he's too daft to see how his isolationalist policies will backfire in the future.

    1. ThomH Silver badge

      Re: Blame Maxi-Boris

      The future isn't really good concern; if there's a decent chance they won't backfire in the next year and four months, or at least not in a week when he hasn't come up with some other distraction, that'll do. And even if they do backfire before then, he'll just say that they haven't, and a thousand pundits will take to Fox to decry this unfair attack on the President from the hard left.

      1. Jamie Jones Silver badge
        Thumb Up

        Re: Blame Maxi-Boris

        Yes, good point.

    2. Anonymous Coward
      Anonymous Coward

      Re: Blame Maxi-Boris

      > They have to abide with the law.

      Well, there is that thing where they can tie up the US gov in court for years to push back against it.

      As they've done before when it suits them.

      Sounds like they just can't be bothered to stand up for developers.

    3. phuzz Silver badge

      Re: Blame Maxi-Boris

      As much fun as it would be to blame trump, US export restrictions are not exactly a new thing. Check out the problems PGP had for more insight.

  6. big_D Silver badge

    Doh!

    And, yet again, we see why international public clouds just don't work. Arbitrary actions by one government can louse it up for everyone else.

    National clouds and private clouds/local data seem to be the way forward... Splinternet here we come. :-(

    1. Kevin Johnston

      Re: Doh!

      Hate the concept but loving the name....Splinternet: local webs for local people

      1. Alistair Silver badge
        Windows

        Re: Doh!

        /me contemplates:

        splinternet:

        Something you dont want wedged under your fingernails while in the offshore holding facility.

      2. eldakka Silver badge
        Joke

        Re: Doh!

        The ultimate expression of this is the wanknet, where an individual hosts everything on-prem, for themselves, individually, with no external access, thus no-one else can access it.

  7. Anonymous Coward
    Anonymous Coward

    Cuba, Iran, North Korea, Syria and

    Crimea ??!! Can anyone help me locate this country ? Next time it will be what ? 52nd street in a large city being on the list of hostile countries ? How about an apartment building ? A mailbox ?

    1. big_D Silver badge

      Re: Cuba, Iran, North Korea, Syria and

      Crimea is a little larger than a post box and it has a long and rich history, especially of conflict.

      1. Doctor Syntax Silver badge

        Re: Cuba, Iran, North Korea, Syria and

        OP had an excellent point, Crimea is a region of another country, not a sovereign state that is a member of the UN in its own right. Where's its international border?

        1. Anonymous Coward
          Anonymous Coward

          "Where's its international border?"

          Ask Putin - but hope he doesn't think to move it again.

          Jokes aside, there's a clear border, and being Russia under sanctions because of its invasion of Crimea, it's no surprise even a region may have restrictions. There are other kinds of restrictions for other places, like Transnistria.

          1. Anonymous Coward
            Anonymous Coward

            @AC - Re: "Where's its international border?"

            From Wikipedia:

            Transnistria is an unrecognised but de facto independent semi-presidential republic with its own government, parliament, military, police, postal system, currency and vehicle registration. Its authorities have adopted a constitution, flag, national anthem and coat of arms.

            Crimea is still not there and I doubt will ever be.

            1. Anonymous Coward
              Anonymous Coward

              "Crimea is still not there and I doubt will ever be."

              Just because Russia considers Crimea it part of its territory - something it's unable to do in Transnistria - still Transnistria exists only because it's being backed by Russia - I've been there....

    2. Anonymous Coward
      Anonymous Coward

      Re: Crimea

      Crimea is a region fairly recently annexed by Russia, despite being rather widely considered on the international stage to be part of Ukraine, as indeed it was prior to the annexation. I presume any local nationalists who happen believe that Crimea should instead be an independent country might be keeping their heads down at the moment.

      1. Anonymous Coward
        Anonymous Coward

        @AC - Re: Crimea

        I wonder how the international stage considers the Guantanamo bay area. A long gone administration gave it away and now the actual one would like it back.

    3. Yet Another Anonymous coward Silver badge

      Re: Cuba, Iran, North Korea, Syria and

      The USA already does this when it comes to immigration ie. H1-B.

      There are different (ie looser) rules for Northern Ireland cf the rest of the UK

  8. Anonymous Coward
    Anonymous Coward

    Can anyone enlighten me

    on how much of a threat is Cuba to the United States ?

    1. David 164

      Re: Can anyone enlighten me

      It not the fact that Cuba a threat, it clearly isn't. It the fact that Cuba embarrassed the US numerous times during the 60s and 70s, the Bay of Pigs. Certain elements of the US government are still sulking about it and they are in power at the moment.

      1. This post has been deleted by its author

    2. hplasm Silver badge
      Big Brother

      Re: Can anyone enlighten me

      Well, they do know just what goes on in Guantanamo Bay...

    3. Nick Kew Silver badge

      Re: Can anyone enlighten me

      Something to do with voters in Miami?

    4. Anonymous Coward
      Anonymous Coward

      Re: Can anyone enlighten me

      Cuba was and is well active in South and Central America, and even in Africa, first a Russia proxy, then even on its own.

      Why for example Russia thinks three little Baltic Republics are a threat?

      1. Anonymous Coward
        Anonymous Coward

        Re: Can anyone enlighten me

        Erm, NATO Proxy perhaps ?

        1. Anonymous Coward
          Anonymous Coward

          Re: Can anyone enlighten me

          No. NATO members. But sure, why Russia fears so much three little Republic it unleashed a cyberattack against them? Or why Russia fears Georgia so much it illegally occupies parts of its territory?

          Cuba, meanwhile, it's a dictatorship which keeps its citizens under Orwellian control. And sells its women (and men) to tourists for some hard money. Great place... probably that's the reason you like it.

          1. Claverhouse Silver badge

            Re: Can anyone enlighten me

            I can only thank God there are no prostitutes in the USA.

            1. Anonymous Coward
              Anonymous Coward

              Re: Can anyone enlighten me

              But shouldn't be Cuba a paradise for the people, unlike those ugly capitalist countries? Cuba was a brothel before Castro, and is still a brothel under the Castros. And you can't even leave it easily.

              And many prostitutes in the USA and other countries come from communist countries because they have no way to live there because there's no economy to speak about, and have to sell themselves abroad - where they find a lot of people who hail communism and dictatorships while paying for sex in the ugliest capitalist way.

  9. iron Silver badge

    What do we do now?

    You could try not re-electing Trump for a start.

    1. Anonymous Coward
      Anonymous Coward

      Re: What do we do now?

      Pot (UK) meet Kettle (US)?

      I'm pretty sure from your previous posts you aren't one of the ones to blame but sorry, just can't resist.

      1. John G Imrie

        Re: What do we do now?

        Very few of us in the UK elected mini-trump to his current elevated position. Admittedly many more of us voted for fellow members of his political party, which is what gave him the opportunity to run for the job of leader of the largest party in parliament at the moment.

        1. Anonymous Coward
          Anonymous Coward

          Re: What do we do now?

          Admittedly many more of us voted for fellow members of his political party

          Really? People really, actually voted for the gentleman (Esq) who wants a return to Imperial Standards and has a problem with the word "unacceptable"? By Jove!

          1. AndrueC Silver badge
            Unhappy

            Re: What do we do now?

            Apparently, yes, some people did. The mind boggles somewhat. But maybe he's in a safe seat where there are enough die-hard Conservative voters to ensure that whoever is in that seat will get voted in. Most seats in the UK are at least fairly safe, elections are usually decided on a relatively small number of seat changes.

            I live in a very safe seat (Mrs. Leadsom's) and there's nothing I can do about it. Every time in recent history the Conservatives win by a clear margin. Often so large a margin that even if the votes for all the other candidates were pooled together it wouldn't make any difference.

            This is what passes for democracy in the UK :-/

            1. Nick Kew Silver badge
              Devil

              Re: What do we do now?

              Can you get her indicted for Treason?

              I'd say it's dodgy but not criminal to make gazillions betting against Blighty (as George Soros did in 1992). But to do it from within parliament - even government - smells of treason to me. Ben Leadsom's hedge fund should be barred from betting against Blighty on grounds of insider trading - though he isn't personally an insider, his wife obviously is. It's her who has a serious conflict of interest, and should be prosecuted for treason.

              Of course she's not the only one ...

            2. Anonymous Coward
              Anonymous Coward

              Re: What do we do now?

              I live in a very safe seat (Mrs. Leadsom's) and there's nothing I can do about it. Every time in recent history the Conservatives win by a clear margin. Often so large a margin that even if the votes for all the other candidates were pooled together it wouldn't make any difference.

              This is what passes for democracy in the UK :-/

              --------------

              That is quite clearly democracy.

              If an absolute majority of the people voting vote for one candidate among several, that person wins the seat. No other result could be democratic.

              And you being able to change that would not improve democracy, it would substitute tyranny.

          2. Michael B.

            Re: What do we do now?

            That person was voted in with more than 50% of the vote. So he is in that very rare position in British politics that more people voted for him than cumulatively against him.

    2. ThomH Silver badge

      Re: What do we do now?

      Quite a lot of people are trying really hard, including some of the 46% that voted for him last time. Unfortunately Twitter rewards whomever slings the best mud.

  10. Adair

    Goodbye GitHub

    'America - World Police' - FUCK NO!

  11. Anonymous South African Coward Silver badge

    The Cloud = another man's computer

    And reality strikes yet again.

    And people really, really should look at this Reg article. Posted last week too. Don't fall into the trap of thinking you're safe and secure in the cloud. It could become a right royal pain in the SaaS

    1. oiseau Silver badge
      Facepalm

      @big_D

      And, yet again, we see why international public clouds just don't work.

      There you go, reads much better now.

      The Cloud = another man's computer

      Indeed ...

      For the longest time I've been saying that this cloud thing is all very nice but NO thanks, being endelessly criticized for it.

      "It's SO convenient and easy." I hear people gush over and over again.

      It will be -30º C in hell before I even consider putting anything in a/the cloud, no matter how convenient it may be.

      That I'm old?

      Yes, I am.

      But that's why I know better.

      O.

      1. Anonymous Coward
        Anonymous Coward

        You might know better, but in the same way betamax was superior to VHS - and we know how that turned out....

        It is clear is that legacy technologies: networking, compute, storage, security, etc, are no longer fit for purpose. The replacement is cloud-based, whether public cloud, or on-prem private cloud.

        ...funnily enough, the "cloud" is no different in business terms from a mainframe back in the day...

        1. eldakka Silver badge

          You might know better, but in the same way betamax was superior to VHS - and we know how that turned out....

          Rubbish. VHS had a superior recording time to Betamax, and price, it was cheaper. Sure, Betamax did catch up to the recording time, but after VHS was already dominating the market, but still more expensive than VHS, too little too late.

          Since the consumer regarded a longer recording time as a more important feature than picture quality, once picture quality was good enough, not having to swap tapes in the middle of watching a movie, only having to carry half as many tapes home from the video-store, or over to a friends house, or to store on the shelf, being able to record an entire movie via a timer, which you couldn't do with Betamax (without extraordinary measures like having a dual tape device or having 2 devices that you carefully program to sequential record the movie/show) that means that VHS was overall superior.

          Now, you personally may have valued superior picture quality as more important than the numerous advantages VHS had over Betamax, but since the majority of people preferred VHSs advantages over Betamax, then that makes VHS a superior product overall, despite it having inferior picture quality.

  12. TheNotSoEvilEngineer

    What did anyone expect?

    Microsoft bought GitHub.... did anyone NOT think they were going to try an monitize something they paid $7.5 B for?

    Main people that are going to suffer are outsourced "developers" who do nothing but copy and paste from GitHub.

    1. IGotOut
      WTF?

      Re: What did anyone expect?

      Remind me how dropping potentially thousands / millions of customers makes your MORE money?

      1. TheNotSoEvilEngineer

        Re: What did anyone expect?

        It's microsoft... logic need not apply.

  13. mark4155

    I use github for my small business website with a tld .io I'm a newbie, in the UK. Will this affect me? Thanks for any help.

    1. IGotOut

      Not yet, until we decide to export something to USA the orange one decides they can't compete with (excluding our superior steel / Aluminium of course)

    2. nojobhopes

      No idea! You could also be affected by the Chagos islands dispute: https://www.theregister.co.uk/2019/05/27/io_domains_uk_un/

  14. YetAnotherJoeBlow

    Again

    I get no pleasure in saying this, but I think it is unsound practice for a small/medium company to host their own critical resources; NOT AS A SERVICE. You will always be a victim to all of this malarkey.

    1. Anonymous Coward
      Anonymous Coward

      @YetAnotherJoeBlow - Re: Again

      Not only small/medium company. Any company, organization or state irrespective of size should evaluate how bad they need the data in case a mighty corporation or state might decide to deny access to it.

      If this happens in times of peace, just try to imagine what would happen in time of armed conflict. How's Azure and Office 365 going to run for you if you'll happen to be on the wrong side of the gun barrel.

      And we're not talking about the usual mighty, scary enemies of the US like Iran, Syria, Cuba and others. Yes, you all Western countries have a nice noose around your neck / balls when time will come to deal with US who is holding the string. No war is needed, just the US feeling a little bit uncomfortable or displeased. The actual president will go after his second term (hopefully) but America will remain great for a long time. His successor will likely continue the ascension, you don't stop when you're on a winning streak. Expect all economic, trade or any other kind of agreement bilateral or multilateral to be renegotiated the Trump's way.

      Now that is scary!

      1. oiseau Silver badge
        WTF?

        Re: @YetAnotherJoeBlow - Again

        The actual president will go after his second term ...

        Now that is scary!

        Indeed ...

        A second term with Trump in the Oval Office is a very scary idea.

        Now add to that scenario the UK's own clone clown doing his thing.

        How scary are things now?

        O.

  15. _LC_ Bronze badge
    Thumb Up

    Adding to the list:

    - avoid US hardware ✓

    - avoid US software ✓

    - avoid US services ✓

    ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019