The author's comparison to internment camps and other dramatic measures of government suppression seems unfair. Github not providing reasoning is also unfair, but seems to be standard practice among corporations (maybe to help with liability?). The questions Github is asking from the user relate to U.S. OFAC policy, which is how the U.S. enforces economic sanctions. Basically if you've done business with North Korea or a number of other flagged entities you can be held liable criminally or more often for huge fines.
I don't know how the author triggered whatever automatic suspension mechanism github has in place, but I think github should priorize the author's case given their contribution to the community. I don't think Github is an evil organization. I do think OFAC policy is difficult to enforce and the U.S. gov should make it easier. If Github reported the number of suspensions, who was suspended or explain why a suspension happened I would have more trust in them as a platform.
its...getting there. There are good arguments to suggest new Microsoft is the same as old Microsoft and this might be one of them. Github frantically clawing for control of developers, while blindly enforcing things like ITAR are a classic Microsoft case of directionless middle management vying for government rent-seeking and free market capital at the same time.
Either MS fixes this quick, or FLOSS projects will rightly start hosting things elsewhere. free software is free as in speech, and in most cases this crap is interpreted as outright censorship.
They should be doing that anyway, and it should be happening RIGHT NOW, not because of this single dev account suspension but because centralization of control is the antithesis of FOSS, the fact that the community is centralized around github is a clear and present danger to said community.
and no the solution it not for everyone to just move to gitlab, I can see that coming as well, replacing github with hosted gitlab would simply replicate the problem
We as a community need to the distributed, not centralized
[Edit]: Here is another using the BitTorrent protocol - https://github.com/cjb/GitTorrent
...We must be experiencing very different versions of reality. Usually I sort-of get where people are coming from, even when I disagree. Here, I couldn't even name anything Github is doing that would support these statements. What power do they have, except being a useful product?
Possibly liability, but also to keep people from gaming the system. Hard policy lines about exactly what is and is not okay end up being gamed by people that technically don't violate them but cause all the same problems that the policy was instituted to stop.[1] If the reasoning for the ban is explicitly laid out, but the person doesn't quite meet it through definitive evidence (but possibly easily meets it through a preponderance of circumstantial evidence), that's may indicate someone is gaming the rules. Acting on that person in that case may just lead to a bunch of bad press as people argue over whether it was justified. It's in the company's interest to keep it vague so a defense of that sort is harder to put forth.
That's not to say I think this is necessarily good, just that I can see how it came to be somewhat the norm. In a better world, we'd have something more like the legal system, with a case, a defense and offense, an a jury of peers. Unfortunately, that's too time consuming, resource intensive, expensive, and takes control away from the business, so it will never happen.
1: This is easy to do. For example, continuously make statements that are construed as attacks by the group you are targeting, but are less known as attacks outside that group, and feign ignorance when called on it. It polarizes those around, and also causes the targets to become hyper-sensitive to benign statements and causes false-positives, which is more evidence to others that the same group is overreacting, causing more polarization. Open source communities have been ripped apart by this. America seems to be getting ripped apart by this.
When the system is there to protect the company, I understand this position. When it's a system forced on them by law, I really don't think playing games with their users serves any reasonable purpose.
Laws should be black and white and people "toeing the line" should be treated no differently beyond verifying that they are indeed on one side or the other.
I get that the law puts the onus on companies to verify compliance and that creates an incentive for companies to draw an artificially strict rule of their own.
Nevertheless I think it's important to keep the distinction between a company acting as the police and a company that has a policy serving its own interests. When you're the police you don't get to hide the evidence or the charge against the person you've arrested at least in free countries.
There's no good solution, because people aren't good. If you want to make someone a cynic for life, have them moderate a random social media website for a few days.
That by itself is bad behavior and general misconduct in the broader community. That one-liner is not acceptable. We should be shaming organisations that do it. Appealing to legal liability is not an excuse either. If you accuse someone you must actually make a accusation they can answer. Vagueness of explanation is generally not a constructive path for guiding behavior. Otherwise we increase unfairness and ultimately make society worse. [1]
None of this prevents a rapid banhammer for legal reasons and similar. Sometimes a ops team has to take rapid action. I get it. But the process for working out the specifics and working towards a resolution shouldn't be vague or convoluted either.
[1] making society worse is actually being evil. Increasing the background level of unfairness and injustice is being evil. A lot of corporations are already on this path.
I think GitHub should prioritize the case regardless of the authors contributions to the community, or how popular their Medium post gets.
A case regarding a popular contributor should be prioritized over someone who has contributed nothing, as it'll have an impact on those who rely on those contributions.
There is absolutely no normative contribution to such practice being common. It is entirely unacceptable. GitHub is a public good, even if technically it's owned by a private corporation.
GitHub shouldn't "prioritize the author's case" - it should not remove people automatically this way. See my other, independent comment.
Whoa!! What an astonishing comparison!
Go host your software on gitlab, IPFS, or some other service and please don't bother comparing your experience hosting software with forced internment.
> Remind me, GitHub, since when are you Ordnungspolizei? Who exactly granted you the authority to interrogate and police regular people?
B...b...but it's their server, their disk space. You granted them the authority by showing up at their doorstep asking for the service.
Finding some random github repo is almost worse than nothing to me. without some third party indicator as to quality, it's not worth my time, because I don't have time to review and assess everything I come across, only the items that I have some indication actually do what I need and do it sufficiently.
How exactly has GitHub done that? What actions has GitHub taken, other than providing a useful service?
Open source developers have chosen to make GitHub a near monopoly.
Language package repositories (npmjs.com, crates.io, etc.) or documentation hosting sites (docs.rs) tend to rank pretty well on Google, generally about the same as GitHub. For me personally a lot of project discovery also happens via either Reddit or HN.
It's still a pretty big barrier for contributions, but at least discovery seems to be decently decentralized.
I have no idea why would I search on Github exclusively. That's sounds too limiting.
Github has done nothing of the sort - they're popular, but being popular is not the same as having a monopoly.
> The likelihood of your software being discovered, used or contributed to goes to zero as soon as you host it anywhere but GitHub.
Untrue. It's less likely, because again Github is more popular, but not zero, because popularity isn't monopoly. Active projects do exist elsewhere, people still use projects hosted on Sourceforge FFS.
Unless Github can forcibly prevent competitors from arising by leveraging their control over resources or a legal advantage granted them by the government, they don't have a monopoly.
There is hope with Federated Code Hosting being developed.
Having discovered it account creation DOES present a barrier to entry for those that want to contribute but nowadays many such services allow one to sign in with a social service. For example Gitlab.com allows one to sign on with google, twitter, salesforce, github, or bitbucket. Likely reducing the barrier to account creation to 30 seconds via oauth or 1 minute to create a new account via email.
I don't find it credible that people who want to contribute hours to hundreds of hours of work will be liable to be put off by the need to do half a minute of work.
or apt, or cpan, or ctan, or cran, or PyPi, or ...
Oh wait.
I offer free Fossil hosting [1].
I should start using Fossil more; seems like things are getting out of hand in an implicit way.
Ultimately, people that get banned from a site usually complain about it because they want something the site offers that they can't build themselves. People can distribute the source code without Github's help; what they offer is nice, but not essential. The community is hard to clone, though; and the community is a great way to get pull requests, bug reports, manage permissions, setup CI sandboxes, etc. (It reminds me a lot of YouTubers complaining about YouTube. The reason they don't self-host videos is not because it's hard to put an mp4 file on a webserver and let people download it. The part they can't reproduce is YouTube's steady stream of viewers and advertiser relationships. That is why they whine when YouTube demonitizes a video, but they don't leave the platform -- YouTube has something that they can't make themselves. Github is similar, though in my opinion, a lot less important.)
how is that different than github?
I see your homepage handles user signup data and it might expose your users to eavesdropping.
> “If you accessed GitHub.com while you were visiting Iran, North Korea, Syria, or Crimea, please tell us why you used GitHub.com.”
He may have tripped over the US government sanctions.
I also feel that it's poor taste for a Russian living in an authoritarian state to liken github to the gulag.
The ire at such situation can be of basically of two forms: "I wish this damned government didn't antagonize the rest of the world", and "I wish those bloody foregners didn't antagonize this country". And if the person doesn't actually suffer from any repressions from the occupying country, the first raction is unlikely, especially after 6 years of being surrounded by the state propaganda.
I'm not saying that to defend Russia, but here the authoritarian state imposing unilateral sanctions to individuals and companies of a few selected states is the US... This is also sometimes done against EU companies as well. This needs to change.
If Microsoft is no better than Roskomnadzor (and in this case it isn't), than he's rightfully doing so. Russian government being shitty is no excuse for the US government or US companies to be shitty as well.
That's right, but that's because the way a lot of us imagined this did not involve relying on third parties with other agendas to host cost that we write that others rely on in production.
> It's 2020, we should have some way to connect them
We do: set up your own hosting for projects that you provide that others rely on in production.
Oh, that costs money, you say? First, hosting is cheap these days. Second, if your code is used by so many people, at least some of them will probably be willing to pay for it.
I guess, the only safe way to host something is to use onion network.
See the difference? Domains were not seized, traffic was not silently redirected to /dev/null. Microsoft could do something along these lines too, but instead just chose to be evil.
I understand when a corporation needs some CYA policy to avoid charges of "hostile environment" or whatever. But for whole open source development world be the hostage of these policies is not a normal situation. We need separation of corporate PC and technology, otherwise it ends in a lot of trouble for everybody.
Perhaps he was pushing code from his holiday in Crimea and his IP got tagged. Something like that would possibly do it.
There's no reason for you or me to be supportive of Microsoft in this situation.
Indeed, it's a fiduciary obligation to the shareholders given they are a listed company.
I run showdead, and most shadowbanned accounts deserve it. I also rescue the occasional comment from the grave.
Do the moderators un-shadowban users if they get enough vouched comments? No idea, but they do have enough information to do so.
When I run across such an account, should I email an HN mod to investigate? I wouldn't mind doing that, but I've tried before and never got a reply back -- so not sure what the outcome was.
Self-hosting is better, I agree, but people use medium, github, twitter, youtube etc because they'll instantly have a much bigger audience. I mean a self-hosted github alternative should be easy to set up on your own servers.
Actually if you operate a JS library with things like a CDN and hosted icons, you probably should. Sure, github is free for things like that, but you - and your users who depend on you - cannot depend on them.
I am not sure if it is possible but (not FOSS) competition could use this flagging mechanism to prop their own business.
I’d say this type of brhaviour from GH is somewhat abusive. Had they given an explaination that such and such rule was violated I’d be a lot more forgiving... Just my 2c
My god, not Crimea, where all the crime is produced and then shipped all over the world.
The whole process is still messed up, even if he had been to Crimea, Iran or, god forbid, Cuba. No explanation why, no ability to challenge the flagging (yes, a form exists, but apparently it goes to /dev/null) etc.
Github is trembling in their boots.
Then I would self host.
If still angry then I would create a liceasd that doesn't allow Microsoft/github/etc to use your product in anyway. Share to lib users with self hosted link.
This would actually cause your project to no longer be open source. AGPLv3 is probably the closest you can get, forcing anyone who uses your project, even on a server and not distributed to end-users, to contribute all changes back.
Actually, it doesn't quite do that. It treats "providing access to via a network" as "distribution", and requires the source to be provided, under the AGPL, to users who ask. For example, if Hacker News was AGPL'd (and not copyright owned by Y Combinator), I could ask Y Combinator for the source and they'd have to give it to me… but they wouldn't have to provide the original developers their patches.
If, say, this AGPL Hacker News was only available to people within Y Combinator, I wouldn't be entitled to receiving a copy of the source from the company. I'm not a user, you see. (Notably, the original developers aren't entitled to Y Combinator's fork, unless they're also being provided the software.) But I could ask a friendly employee for a copy, and they could get it for me, and then I could give it to anybody who wanted it as per normal GPL rules.
It does feel like a poison pill that would reduce usage. But maybe it's worth it.
Sanctions aren't really logical when you get down to it -- at face value they're supposed to put a specific stress to either motivate a population for change or impact the bottom line of targets enough to frustrate them into cooperation.
In reality, the targets of sanctions typically are not affected, and those who are affected lack the ability to make meaningful change in the near future or even an extended future.
Basically, even if you do something like this and replicate using a system outside of the intended mechanism, the sanction-ers' response is simply "why aren't you just banning them?"
Call me cynical, but if the cost is bad publicity vs favor with the US government, it's not hard to see why a given company would choose favor.
(I don't condone this, but I've lived in Russia for 6-ish years now as an ex-patriate -- it's...pretty clear that the sanctions affect no one they're intended to, and it's not like Russians haven't tried to change the status quo (they really have). But really, nothing has changed since the sanctions were imposed except a readjustment of prices and salaries)
Each entity can easy be forced not to replicate content from a sister jurisdiction or allow connections from within that jurisdiction but how are they supposed to keep entities from pulling data through a proxy they themselves are not appraised of or a client pulling data from multiple centers to get the complete picture.
Censorship in that case merely makes service slower not nonexistent.
I look forward to the pearl-clutchers in the thread walking back their overheated rhetoric.
“Ain’t no problem, bruh!”, — I thought. You know, we developers should stand for each other. Only that I’m more used to GitHub so I’ve posted a (now deleted) issue rather than a tweet. The issue was titled “You’re a [funny-word]” where [funny-word] was a set of latin characters reminding a transliterated Russian half-offensive word for “gay”, while not being equal to that specific word. Think of something like “mother-lucker” or “mother-trucker”.
That doesn't look like reason for blocking an account and all the repository. Probably Github should delete such comment and send email to poster to repost comment without using any offensive words (As per their dictionary).
Github was pretty reliable for a long time. oh well... I guess the flaw of code centralization should have warned us.
> Flagged”? So this is how you call “disposing of someone” in a “politically correct” manner nowadays — you “flag” them. “The United States flagged 120,000 Japanese Americans during World War II”. Yeah, much friendlier than: “The United States forcefully relocated and incarcerated in concentration camps about 120,000 Japanese Americans during World War II”.
Yes, Russia did it to uncounted millions of their own, and actually murdered many millions of those, for decades. That does not excuse US behavior: both are indefensible. The US has, at this moment, more people imprisoned than any other country. The US doesn't seem to harvest their organs, at least on a grand scale, but does engage in slavery: products stamped "made in USA" are now quite likely to be produced by enforced prison labor, particularly in Louisiana.
Solitary confinement for months or years on end, and withholding medical treatment are certified torture methods, and routine practice in US prisons. The American Way is to have corporations do it under contract, somehow absolving government officials of responsibility.
Issue tracking and SCM features needs to live inside the Git repo or at least in a decentralized app. Git is supposed to be decentralized by nature. Everyone is so content with GitHub and GitLab that not much innovation has happened for decentralizing SCM as a whole. They have so much money and resources that they can blackhole anyone who says otherwise.
I understand: it's frustrating and maybe undeserved that a service has banned you. But comparisons to the Second World War, concentration camps and the treatment of Jews by Nazi Germany are really, really not appropriate. Take a breath.
> Also, apparently, all my comments in all issues in all other repos have instantly disappeared for anyone other than me, and some of those comments contained a lot of really useful and valuable information/knowledge/solutions
Reminded me of something: I was following a thread in a Github issue, received an email that had a useful answer but was hard to read due to gmail not formatting code well. I let it be and the next day went to the thread and the comment was nowhere to be found. I wonder if something similar happened.
Companies that pay for GitHub and have remote workers that may trip up the detection system should take note of this situation. They could lose their employees work in an instant.
I still use github because it is convenient for many other people, but it is always a mirror of the canonical repository, which runs under my control on AWS (and is fully replicated locally).
I understand the convenience, but once burned, twice shy: I'm never going to rely on 3rd party code hosting services ever again.
> post that on Medium
Hoo boy.
Related note while we're banning people for word selection:
Does github realise that "git" has a pejorative association? Its not actually a polite word. If you were to call me a "git" in comments on any of my projects it would be an automatic code-of-conduct violation. You'd get one very specific warning about abusive word use then you'd be blocked.
Are they aware of this? Its always made me laugh. They've basically put a minor league swear/offensive word in the name of their corporation.
PS Please don't explain why the git tool is named git. Or why github was named. I already know. Just understand that "git" is similar and has as much offensive weight as pointedly calling someone a "worthless idiot". You're actually being deliberately offensive. In some places you would also likely get a punch in the face depending on who you insulted. Its at that level of offensiveness. Different cultures etc.
Sorry, it's not your intellectual property anymore, it belongs to Microsoft now. People tend to forget Microsoft owns GitHub nowadays, and also tend to forget Microsoft is a corporation.
Even if an account is ever closed due to a terms of service or policy violation and the issue could not be resolved through customer service channels (exceedingly unlikely but possible) -- you and every other user would still be able to download YOUR DATA from YOUR ACCOUNT, even if the account was closed or suspended...
It's amazing what passes for both "customer service" and software "usability" these days...
1. Demonstrable just cause for removal, fully communicated to the removed user.
2. Due process - before and after the removal (some kind of prior notice, ability to challenge claims against you, adjudication mechanism, appeal mechanism etc.)
3. Community notification about the removal - no axing accounts in secret.
Though that might just be my hatred for medium and its walls talking.
As for this case, I don't know what's going on, and can't tell from the article, but a user 1) from Russia, 2) with a "drug name" in their handle is not the picture perfect story of corporation friendly. Too bad for his users!
