Slashdot Mirror
SourceForge Removes Blanket Blocking
Recently there was much gnashing of teeth as SourceForge (which shares a corporate overlord with Slashdot) started programmatically blocking users in certain countries to comply with US export restrictions. Thankfully they didn't let it end there and have found a way to put the power back in the hands of the users. "Beginning now, every project admin can click on Develop -> Project Admin -> Project Settings to find a new section called Export Control. By default, we've ticked the more restrictive setting. If you conclude that your project is *not* subject to export regulations, or any other related prohibitions, you may now tick the other check mark and click Update. After that, all users will be able to download your project files as they did before last month's change."
This is dumb. The terrorists will just get their mates in another country to get whatever it is they want.
Only the kind of stupid Americans that though that restricting the export of encryption technology would actually work would think of this. What happened there? They all got it anyway.
What exactly do they hope to achieve with this stupidity?
Yeah. These restrictions make so much sense. Because we all know that North Korea has no way to get access to any servers outside North Korea. And no one can use a proxy server at all. And they really are going to be absolutely helpless without the tiny open-source projects. This is as ridiculous as the old restrictions on exporting encryption (at least those got removed a few years ago).
Great news, and this is a brave thing to do :)
Blindly blocking all SF projects to some people was wrong. I said this before, US export laws should only apply to US products. OpenSource/Free software projects should stay "open" and "free/libre" to everybody. Those who worked hard on these projects, including developers from the banned countries, should have the right to decide whether their projects should be blocked or not.
Some said the law applies to SF just because they host the projects. If the law was strict to this level then the whole internet should be banned to these countries.
Why the hell does anyone even use SourceForge anymore? Their tools suck, the site is beyond slow and plastered with ads, and you have to play download roulette with their crappy 90s-era mirroring system. Plus you get crazy decrees like this from whatever's going on at the top. It's not like there aren't alternatives these days. Google Code is awesome by comparison.
Feel free to rent a server in some random country and mirror sourceforge.
...that projects such as TOR and Freenet exist.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
The USA has compiled a list of the countries it considers most repressive, and attempted to forbid the citizens of those countries from using encrypted communications... I don't think the governments on that list mind.
# cat
Damn, my RAM is full of llamas.
Or any of the millions of the completely open proxy servers.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
But before opening a project on sourceforge, you have to describe your proposal and they manually accept or not. That could be argued to be editorial control. This is not exactly a gmail situation.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
The number one reason why this is *very* much ado about nothing is that the projects the U.S. Government would have any interest in AT ALL are novel and strong encryption schemes. To satisfy both novel and strong conditions puts one into a *very* small and elite group.
Sure, there are many projects that implement standard/weak/known encryption. That's completely different than a project that implements legitimately novel AND strong to the point of piquing the interest of the BIS/spooks. I don't know for sure, but zrtp might be an example.
An American company can export SSL/TLS/PKI and similar, crypto products without ever drawing the interest of the BIS. I guess at some point in distant history, this was not the case. As someone that actually worked with the BIS on getting encryption export compliance it has been easy for a long time.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
The USA is squandering some of its technological lead and economic opportunities with dumb-ass laws.
I've already had to stop hosting several online businesses in the US due to the patriot act and international customers' unwillingness to have there data stored in the US.
Stem cell research was set back a decade by Christian fundamentalist opposition making its way into
federal law.
Laws restricting export of US software just result in software being innovated faster elsewhere.
As Freeman Dyson once said: The best way to defeat soviet communism would be to ship Apple computers to their population en masse. He was basically right, though who knew it would be cloned PCs that would do the trick.
Where are we going and why are we in a handbasket?
Is Google liable if I Gmail you restricted encryption algorithms?
Google isn't hosting the file or providing you with a "home page" for your project. Sourceforge is much more exposed.
Some information... only has use for killing. I can't think of any information that would make it easier to kill that couldn't also be used to help prevent death. In the technological realm, almost everything is a two-edged sword. Security by obscurity is a poor means of defense.
I've abandoned my search for truth; now I'm just looking for some useful delusions.