Slashdot Mirror

← Back to Stories (view on slashdot.org)

SourceForge Removes Blanket Blocking

Posted by ScuttleMonkey on from the power-to-the-people dept.

Recently there was much gnashing of teeth as SourceForge (which shares a corporate overlord with Slashdot) started programmatically blocking users in certain countries to comply with US export restrictions. Thankfully they didn't let it end there and have found a way to put the power back in the hands of the users. "Beginning now, every project admin can click on Develop -> Project Admin -> Project Settings to find a new section called Export Control. By default, we've ticked the more restrictive setting. If you conclude that your project is *not* subject to export regulations, or any other related prohibitions, you may now tick the other check mark and click Update. After that, all users will be able to download your project files as they did before last month's change."

39 of 147 comments (clear)

  1. Liability? by Anonymous Coward · · Score: 5, Interesting

    So they are letting people "opt in" to remove export controls. Who is liable if the code is subject to export restrictions, SF or the developer?

    1. Re:Liability? by Reason58 · · Score: 4, Interesting

      So they are letting people "opt in" to remove export controls. Who is liable if the code is subject to export restrictions, SF or the developer?

      Is Google liable if I Gmail you restricted encryption algorithms?

    2. Re:Liability? by Yvanhoe · · Score: 2, Insightful

      But before opening a project on sourceforge, you have to describe your proposal and they manually accept or not. That could be argued to be editorial control. This is not exactly a gmail situation.

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
    3. Re:Liability? by casualsax3 · · Score: 2, Informative
      The distribution of source code (encryption in particular) is explicitly protected under the First Amendment:

      http://en.wikipedia.org/wiki/Bernstein_v._United_States

    4. Re:Liability? by westlake · · Score: 2, Insightful

      Is Google liable if I Gmail you restricted encryption algorithms?

      Google isn't hosting the file or providing you with a "home page" for your project. Sourceforge is much more exposed.

    5. Re:Liability? by Ihmhi · · Score: 2, Interesting

      Yes, but once you're actually in the project can change from exportable to non-exportable very quickly.

      For instance, let's say you start with an open source compressor sort of program like Winrar. No biggie there. But then in version 0.42 you add in encryption. At the start everything was peachy keen, but the second you put on that encryption you should, by law, restrict its export.

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
  2. This is completely stupid. by frinkacheese · · Score: 2, Insightful

    This is dumb. The terrorists will just get their mates in another country to get whatever it is they want.

    Only the kind of stupid Americans that though that restricting the export of encryption technology would actually work would think of this. What happened there? They all got it anyway.

    What exactly do they hope to achieve with this stupidity?

    1. Re:This is completely stupid. by BHearsum · · Score: 3, Insightful

      They hope to avoid liability.

    2. Re:This is completely stupid. by Locke2005 · · Score: 2, Interesting

      Why does this requires "mates" in another country? Can't they just go through a proxy server in another country?

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    3. Re:This is completely stupid. by 2short · · Score: 5, Insightful

      They are complying with the law. Certainly, what they are doing is stupid and will be completely ineffective. But that's hard to avoid when complying with a law that is stupid and completely ineffective.

    4. Re:This is completely stupid. by vlm · · Score: 2, Insightful

      But that's hard to avoid when complying with a law that is stupid and completely ineffective.

      How is it stupid and ineffective if the purpose was to enlarge/preserve the great American bureaucracy and secondarily harass O.S. developers?

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    5. Re:This is completely stupid. by HiThere · · Score: 2, Interesting

      Well, when you need to choose between a stupid candidate and an abominable one, sometimes stupid is the better choice. Usually, though, they aren't *actually* stupid. They're just cleverly disguising their goals. But they *aren't* experts in any field except getting elected, and, possibly, law. So they make decisions that look stupid to anyone expert in ANY other field. And that's almost everybody. (They just disagree about which decisions were stupid.)

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    6. Re:This is completely stupid. by harlows_monkeys · · Score: 3, Informative

      Only the kind of stupid Americans that though that restricting the export of encryption technology would actually work[...]

      I'm curious. How do the stupid Americans who think that differ from the stupid Europeans who think that? Or were you not aware that European countries and the EU also have similar export restrictions?

  3. Duh by Locke2005 · · Score: 3, Interesting

    Why not simply host the servers in a country that doesn't have brain-dead restrictions on the "export" of ones and zeros? One that doesn't classify encryption/decryption code as a "munition"?

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
    1. Re:Duh by HungryHobo · · Score: 3, Insightful

      Feel free to rent a server in some random country and mirror sourceforge.

    2. Re:Duh by tagno25 · · Score: 2, Interesting

      It is not considered a "munition" any more. http://xkcd.com/504/

    3. Re:Duh by NeoSkandranon · · Score: 2, Informative

      As was said many times in the original article, the issue is the country the business is based in and the laws there. It doesn't matter one ounce where the servers are located.

      --
      If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
    4. Re:Duh by LingNoi · · Score: 2, Interesting

      There already is. It's called launchpad.net and it's free from:

      - US software patent law
      - stupid DMCA take downs ala battle net emulator
      - this silly export law
      - sourceforge's adverts which take up 40% of the page

      I don't know why anyone bothers using sourceforge anymore. It was great when it was the only solution but now there are MUCH better options. Especially now they're blocking non-US connections.

  4. Hmmm by mewsenews · · Score: 4, Interesting

    As a Canadian locked out of Hulu and Comedy Central's web clips, I wish geolocation based on IP would burn in hell already.

    That being said:

    There was a Syrian developer commenting on the story about the original announcement, he was justifiably pissed off that Sourceforge had decided to deny him access to his own work. Does this change allow him to work on his project in peace?

    Has Slashdot decided to stop mentioning that Sourceforge is owned by the same parent company? They're sure trying to do some damage control by going straight to Slashdot's front page with their weird opt-in workaround..

  5. Huh? by leuk_he · · Score: 3, Interesting

    I can code. I am not american. I am not a lawyer. People are downloading from local mirrors, not from USA. How can i say if the project should be restricted or not?

    Why does the USA government not build a firewall to prevent exporting any American byte to the restricted list?

  6. And these restrictions makes so much sense by JoshuaZ · · Score: 4, Insightful

    Yeah. These restrictions make so much sense. Because we all know that North Korea has no way to get access to any servers outside North Korea. And no one can use a proxy server at all. And they really are going to be absolutely helpless without the tiny open-source projects. This is as ridiculous as the old restrictions on exporting encryption (at least those got removed a few years ago).

    1. Re:And these restrictions makes so much sense by HungryHobo · · Score: 2, Insightful

      I'm fairly sure those restrictions were never actually dropped.
      they just gave up trying to enforce them.

    2. Re:And these restrictions makes so much sense by JoshuaZ · · Score: 4, Informative

      Not exactly. In 1996, Clinton issued an executive order which took commercial encryption off the munitions list. It is still on the list of controled commecial exports but that's a lot less restrictive (much, much easier to get permission to export, less severe punishments for violations, and lower priorities for federal investigators).

  7. The right thing to do :) by neo00 · · Score: 4, Insightful

    Great news, and this is a brave thing to do :) Blindly blocking all SF projects to some people was wrong. I said this before, US export laws should only apply to US products. OpenSource/Free software projects should stay "open" and "free/libre" to everybody. Those who worked hard on these projects, including developers from the banned countries, should have the right to decide whether their projects should be blocked or not. Some said the law applies to SF just because they host the projects. If the law was strict to this level then the whole internet should be banned to these countries.

    1. Re:The right thing to do :) by countertrolling · · Score: 2, Insightful

      should only...should stay...should have...should be...

      Well, if you really want want all these should've...could've...would've(s), then you and your neighbors should vote for politicians that will handle the issue properly. If if you're going to cry about how the "system" is rigged against you, save your breath. I'll have none of it. You all are just cursing darkness instead of lighting a candle. There is no law on the books that require you to vote for spoon fed by mass media candidates.. yet.

      --
      For justice, we must go to Don Corleone
  8. Dump sourceforge by starsong · · Score: 4, Insightful

    Why the hell does anyone even use SourceForge anymore? Their tools suck, the site is beyond slow and plastered with ads, and you have to play download roulette with their crappy 90s-era mirroring system. Plus you get crazy decrees like this from whatever's going on at the top. It's not like there aren't alternatives these days. Google Code is awesome by comparison.

    1. Re:Dump sourceforge by Infiniti2000 · · Score: 2, Informative

      Google Code is awesome by comparison.

      I'm guessing you didn't bother to read the Google Code TOS? It puts the blame solely on the developer. Given that it's Google with a boatload of money to throw at attorneys, chances are that it's airtight for them in a legal battle should the need arise.

  9. It is for these reasons... by steelfood · · Score: 3, Insightful

    ...that projects such as TOR and Freenet exist.

    --
    "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  10. How to check for an 'American' byte? by thijsh · · Score: 3, Funny

    The problem is the cost of the special made-in-USA-color-electron-microscope, they have to check each byte to see if it contains red, white and blue electrons.

  11. Stupid, stupid law by bcmm · · Score: 3, Insightful

    The USA has compiled a list of the countries it considers most repressive, and attempted to forbid the citizens of those countries from using encrypted communications... I don't think the governments on that list mind.

    --
    # cat /dev/mem | strings | grep -i llama
    Damn, my RAM is full of llamas.
  12. Debian has never found this sort of blocking... by John+Hasler · · Score: 4, Interesting

    ...necessary. Why has Source Forge suddenly decided that it is?

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    1. Re:Debian has never found this sort of blocking... by vlm · · Score: 2, Informative

      Never say never... Admittedly this battle ended about a decade ago. Not sure how/why SF caught up with the 90s and had their little fit.

      http://www.debian.org/legal/cryptoinmain

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  13. To which country? by tepples · · Score: 2, Interesting

    Which developed country is willing to take thousands of refugees from the U.S. copyright regime, software patent regime, mobile phone regulatory regime, and other results of bought senators?

  14. war by anonieuweling · · Score: 2, Funny

    A couple of weeks ago, to ensure compliance with US law as we roll out improvements to SourceForge.net, we began programmatically blocking access to the site for users in certain countries against which the US government imposes sanctions.
    `Sanctions` are acts of WAR
    So private corporations assist in illegal types of warfare by the US goverment which is legally owned by the deepest pockets.
    How can SourceForge allow project admins to circumvent this law that provides for teh safety of all scared american peeple?
    I mean, first it is law and now the project admin, who can be non-american -terrorist?- , can decide?

  15. Re:Mates in another country by CastrTroy · · Score: 2, Insightful

    Or any of the millions of the completely open proxy servers.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  16. Reality Check by mpapet · · Score: 2, Insightful

    The number one reason why this is *very* much ado about nothing is that the projects the U.S. Government would have any interest in AT ALL are novel and strong encryption schemes. To satisfy both novel and strong conditions puts one into a *very* small and elite group.

    Sure, there are many projects that implement standard/weak/known encryption. That's completely different than a project that implements legitimately novel AND strong to the point of piquing the interest of the BIS/spooks. I don't know for sure, but zrtp might be an example.

    An American company can export SSL/TLS/PKI and similar, crypto products without ever drawing the interest of the BIS. I guess at some point in distant history, this was not the case. As someone that actually worked with the BIS on getting encryption export compliance it has been easy for a long time.

    --
    http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
  17. Counterproductive laws by presidenteloco · · Score: 4, Insightful

    The USA is squandering some of its technological lead and economic opportunities with dumb-ass laws.

    I've already had to stop hosting several online businesses in the US due to the patriot act and international customers' unwillingness to have there data stored in the US.

    Stem cell research was set back a decade by Christian fundamentalist opposition making its way into
    federal law.

    Laws restricting export of US software just result in software being innovated faster elsewhere.

    As Freeman Dyson once said: The best way to defeat soviet communism would be to ship Apple computers to their population en masse. He was basically right, though who knew it would be cloned PCs that would do the trick.

    --

    Where are we going and why are we in a handbasket?
  18. Whoa there Tiger by mpapet · · Score: 2, Informative

    My project FileUniq is plain python, and executes a call to "md5" in order to get a hash.

    MD5 is non-special (and deprecated anyway) no one at the BIS would give you a moment's difficulty. Worst case scenario, notify the BIS and they send you an official reply. I know this because I've worked with the BIS to export encryption technology. They were very easy to work with and tolerated my inexperience. Call them and explain your situation.

    Sourceforge's language is a little daunting. A (new?) lawyer (justifying his job?) at sourceforge MegaCorp probably has quite a bit to do with the entire fiasco.

    --
    http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
  19. Re:Don't think so by Locke2005 · · Score: 2, Insightful

    Some information... only has use for killing. I can't think of any information that would make it easier to kill that couldn't also be used to help prevent death. In the technological realm, almost everything is a two-edged sword. Security by obscurity is a poor means of defense.

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.