[ya3r]

Nat was a great CEO. The best that could have happened to Github after the acquisition IMO.

The one time that I won't forget about Github under Nat, was when they stood up for Iranian developers [1]. They went the extra distance to get a permission/license from the US government specially to offer full Github to developers from Iran. Many other companies didn't do something similar.

[1]: https://github.blog/2021-01-05-advancing-developer-freedom-g...

[rsync]

"They went the extra distance to get a permission/license from the US government specially to offer full Github to developers from Iran."

Wait, that's a thing ?

We get a signup from Iran about once every month and I always, apologetically, send a personal note saying that I wish we could provide service to them but ...

You're saying rsync.net can legally provide service to Iranians with ... some paperwork ?

[dharmab]

It would take some intensive lobbying:

> And separately, we took our case to the Office of Foreign Assets Control (OFAC), part of the US Treasury Department, and began a lengthy and intensive process of advocating for broad and open access to GitHub in sanctioned countries. Over the course of two years, we were able to demonstrate how developer use of GitHub advances human progress, international communication, and the enduring US foreign policy of promoting free speech and the free flow of information. We are grateful to OFAC for the engagement which has led to this great result for developers.

[saurik]

There are standing "general" licenses for any product / company that is doing certain activities and "specific" licenses granted to individual companies. I believe GitHub managed to get a general exemption for anyone providing source code hosting? The general idea is that there are things that the US government wants people in Iran to be able to do as it would help their fight rather than hurt it. This page has the list of general licenses:

https://home.treasury.gov/policy-issues/financial-sanctions/...

[thrwn_frthr_awy]

They are a trillion dollar company which spends ten million dollars a year on lobbying for reasons like this.

[ya3r]

Definitely a thing.

Regarding the cost, it might be more than "some paperwork".

[AriaMinaei]

Iranian dev here. I can tell you if a company goes the extra mile to provide services to us, the reason is almost always that they just care. It's not a marketing tactic. You have to care if you go through all that trouble. And there is very little publicity to these acts. No one is going to notice it but us. They only do it out of the goodness of their hearts.

[rvnx]

They also went the extra-mile to block Iranian developers, they didn't have to do so much police, and probably tried to buy their redemption. For example, in theory Hackernews should block Iranians, but they will probably pretend not to be aware and won't actively chase them.

[ralph84]

Compliance with US export controls and sanctions isn't optional. That some companies are less diligent about it than others doesn't change the compliance requirements, and people can and do regularly go to prison for willful violations.

[IlliOnato]

And if GitHub did not block Iranian developers _before_ it obtained the exemption, it would be in violation of sanctions, which carries both criminal and pretty much unlimited financial charges.

I don't know whether HN violates sanctions, but comparing to GitHub HN is very, very small fish. The chances that GitHub would swim under the radar were pretty slim.

Really, "this company obeys the law, so it is evil" is lame.

[mschuster91]

> They also went the extra-mile to block Iranian developers, they didn't have to do so much police, and probably tried to buy their redemption.

US sanctions, even the threat thereof, are serious business. To this day, US nationals or US tax persons are having a really hard time finding a bank in Europe that is willing to deal with them because many banks don't want any exposure to the US FATCA they can avoid.

I had an ex-girlfriend who was born in Germany to US and Greek parents. Quite the shitshow with paperwork.

[zerkten]

I'm curious how they discover this if they are trying to stay so distant from US authorities. If you have EU citizenship which is what I assume here then presenting the Greek passport and supporting local documents isn't enough? Or, is it the case that something local like a missing local tax number, or even an accent telegraphed the situation.

With the US, it feels like everything is much more uniform with the tie back to a federal social security number. The SSN is universally requested for many types of financial and insurance setups.

[pgeorgi]

That works exactly as long as such an US-aligned company doesn't enter the spotlight in some sanctioned entity related trouble.

Had friends working export compliance for a larger US IT company, and they once (temporarily) blocked a larger shipment to the (British) Royal Air Force because some bozo abbreviated them as "RAF" - which, obviously!, refers to the (German) Red Army Faction, a left-extremist terrorist cell that wasn't relevant for more than 10 years at that point (and wouldn't know what to do with high performance computers, anyway).

Better safe than sorry, otherwise you mess up one day, come back to the HQ on the next and all that's left is a brand new parking lot.

[toast0]

Hacker News probably falls under the general license for personal communications, etc. Github is not really personal communications, so caution is warranted, at least a bit. Rsync.net doesn't really provide personal communications either, IMHO, and it seems reasonable for them to not do business with people in Iran unless rsync.net obtains a specific license or finds a different general license they fit into.

[908B64B197]

> You're saying rsync.net can legally provide service to Iranians with ... some paperwork ?

A lot of it probably. Also, not sure how you can collect payment from these users. And keep in mind your software might end up being used by their regime for oppressive purpose.

Keep in mind the people of Iran can end these sanctions at any time. It's a personal and societal choice.

[type_enthusiast]

> the people of Iran can end these sanctions at any time

Sorry to bite on this off-topic thing... but, _how_? Overthrowing their government? I guess that would be technically true, but "at any time" seems like a weird phrase to use for that.

[908B64B197]

Yes. Just look at Libya during the Arab Spring. Democracy is never given, it is earned.

[mschuster91]

> Just look at Libya during the Arab Spring.

Iran at least has some sort of functioning government entity (which I, to be clear, absolutely despise), Libya collapsed completely as a result of Ghaddafi's (well deserved) downfall and it will likely be a hotbed of Islamist terrorism and instability for decades to come. I don't see any nation or block of nations willing to step up and do nation rebuilding in once-beautiful Libya outside of the EU financing terrorists aka the so-called "coast guard" to torture migrants - what makes you think any kind of revolution in Iran would be assisted by anyone?

The US even abandoned the Kurds ffs.

[toyg]

The Iranian system also has some democratic legitimacy. Yes, the religious authority is supreme, but it's not as overtly tyrannical as the average dictatorial regimes: the religious ruler is himself elected by an assembly (similarly to what happens with the Catholic Pope), and the secular executive branch is elected (although the religious element can pre-emptively stop pesky candidates from running altogether).

There is a good chunk of Iranian society that genuinely thinks their system is good, and it keeps the country somewhat stable in a region where such condition is not particularly common. Telling them to throw it all away by pointing at Libya is basically a cruel joke.

[kmeisthax]

Libya is actually a terrible example of this. If I recall correctly, right after the Arab Spring, their country erupted into civil war, twice, and the current ceasefire is barely a year old. The reason for this is not because they chose civil war, but because Libya and many other poor countries are stuck in a local minima of dictatorship and sectarianism.

Why? This chart should be illustrative: https://en.wikipedia.org/wiki/Libya#/media/File:Libya_Produc...

- Dinosaur juice that we took out of the ground

- Dinosaur farts that we took out of the ground

- Dinosaur juice that we took out of the ground and then cooked

- Shiny metal that we took out of the ground

In other words, all industries that, critically, do not require the people to operate. Libya is the poster child for the resource curse. In poor countries, democracy is a dangerous boondoggle that squanders the wealth of the country, and any country with an economy shaped like this that tries democracy will be swiftly punished for their obvious flaunting of basic economics. Likewise, all of the other things you see in these kinds of countries - sectarian violence, religious and ethnonationalist conflict, and so on - are all merely part and parcel of being poor.[0]

Taking this back to Iran... the country is born out of geopolitical praxis, not a resource curse. The US tried to utterly fuck over Iran and turn it into Libya, in the name of fighting the Soviets. So at least part of the current hostility towards the US is still borne out of actual popular support. Yes, some Iranians would like to just enjoy a cosmopolitan software developer lifestyle, but those people are fewer in number compared to the people who want nothing to do with a country that has hypocritically denied it the right to self-determination. Maybe that will change, and people on both sides will forget long enough for us to normalize trade relations. But that's not a simple matter of uninstalling and reinstalling governments like they were device drivers. Plenty of Iranians still hate the US, and plenty of Americans do, too.

[0] This is also why a lot of Donald Trump voters bought into a lot of far-right racist bullshit, as well as why many poor countries see regular genocides. Because that's exactly what you promise poor people. It's far easier to make you richer than a race or religion you don't like, than to make you richer overall.

[shabazahmed]

I wouldn't say never. ex Bhutanese Democracy[1] was given by the monarchs though lot of population wanted the monarch to continue. [1]: https://en.wikipedia.org/wiki/Bhutanese_democracy

[hni]

Never given; but taken, sometimes.

[_pmf_]

Is this satire?

[ghuntley]

In case people missed it. There was two promotions today. A new CEO at GitHub and the person GitHub reports to a MSFT also got promoted.

Here’s the internal msft email

https://news.ycombinator.com/item?id=29098640

This person at MSFT who got promoted is the one that caused the problems in the dotnet community where features that had a go-live RTM license (as in merged and ready for long term support) were removed from the programming language so that more Microsoft Visual Studio licenses could be sold.

Other items under this persons remit:

- Visual Studio

- .NET

- Python

- TypeScript

- OpenJDK

- GitHub (+NPM)

- (hint hint) Azure SDKs (hint hint)

- (hint hint) Azure PaaS / Azure Serverless (hint hint)

[DaiPlusPlus]

> removed from the programming language so that more Microsoft Visual Studio licenses could be sold.

Honestly, I’m fine with this level of dickishness so long as it means the rest of the VS ecosystem is free-to-use.

Someone or something has to subsidise VSCode.

[geofft]

Right, I have to admit I don't entirely understand the .NET kerfuffle. .NET is clearly Microsoft's language ecosystem, just as much as Swift is Apple's, and much more so than, say, Go is Google's. A lot of the value in .NET is how it works with the Microsoft ecosystem - or put another way, as someone who mostly doesn't develop on Windows (but uses Windows a lot as a desktop OS), I have never once felt that .NET was the best way to solve a problem that wasn't a Windows-specific problem.

It would be totally fine if .NET were a closed-source, Microsoft-run language. It is pretty cool that this isn't true. But the idea that Microsoft organizationally having control over the .NET open source project is somehow bad for open source is just incomprehensible to me, who grew up on .NET not being open source at all.

[DaiPlusPlus]

> It is pretty cool that this isn't true. But the idea that Microsoft organizationally having control over the .NET open source project is somehow bad for open source is just incomprehensible to me, who grew up on .NET not being open source at all.

It's not about open-source: it's more that major organizations and industries won't use a programming platform that is entirely at the whims of a company they have no real control over and without independent means to ensure it keeps on working, so a compromise position that Microsoft took is to make .NET open-source, so that in the event Microsoft disappears overnight (say, Mt. Rainier erupting and wiping out the Seattle metro area) people have something they can keep on using and build and maintain themselves. We saw the opposite with VB6: the VB6 platform was never open and shared and now all the companies that invested in VBA and VB6 in the 1990s is rightfully annoyed because VB6 is a complete dead-end with no feasible upgrade-path to .NET (VB.NET is not compatible with VB6).

--------

While my SaaS (and my current job) is a .NET shop because it originated with some "Classic" ASP 3.0 VBScripts that my boss put together himself in the late 1990s that was slowly transitioned through .NET WebForms (ew) and ASP.NET MVC, we still use it for new greenfield projects because .NET is a nice platform overall that scales really well from one-off prototype projects that can be easily transitioned to high-performance distributed applications without any major rewrites (the only thing I've had to "rewrite" was the conversion from .aspx (as an MVC View, not WebForms) to Razor .cshtml, everything else has been refactored through the years. The tooling and integration between MS products and services does save a lot of trouble otherwise (that's where the value is).

My experience from other shops, and the problems I've seen there is not that other "stacks" (I hate that word) like MySQL+PHP, Postgres+Python, Anything+NodeJS are somehow less capable (excepting PHP, it's often the opposite, actually) but that you end up with dozens of projects all with their own separate stacks and build environments, all with their own tedious onboarding processes (e.g. having one Angular project that absolutely requires Node 12, not Node 14, to run) while another project's server-side NodeJS code absolutely requires Node 16 and Python and Tomcat somewhere.

So I'm more than happy to pay the thousands of USD per year for my MSDN Subscription because it gives me a platform that saves me the trouble and headaches of a highly heterogenous environment especially given the fact we're a small shop.

[smoldesu]

> major organizations and industries won't use a programming platform that is entirely at the whims of a company they have no real control over

100% this, the biggest issue I see with dotnet and Swift is that they're spending too much time trying to be appealing to people who don't want to use them. Swift, as a language, really only makes sense to use if you're extensively targeting Apple systems and planning to skip Windows/Linux altogether. That's a pretty shit deal, from the perspective of developers who want to deliver software to the largest possible audience. Similarly, writing an entire program in dotnet used to be a death sentence until Mono finally got thrown together. Even still it's not a very attractive framework for most cases, which just goes to show how important open governance can be when developing such a complex system.

[toyg]

> Similarly, writing an entire program in dotnet used to be a death sentence until Mono

This is somewhat ironic, considering .NET is effectively "Java as rebuilt by Microsoft", and one of the original selling point of Java was... cross-platform support, "write once - run anywhere". BillG clearly made sure that particular aspect would not carry over to the MS version.

[passivate]

> it's more that major organizations and industries won't use a programming platform that is entirely at the whims of a company they have no real control over and without independent means to ensure it keeps on working,

That is a risk that is common to every single industry, and as such is a risk that is easily understood and quantifiable. We live in an interdependent world. You're always going to be dependent on suppliers, vendors, equipment etc. We have seen how covid related supply chain issues have affected everyone. Atleast with a S/W platform, what you have in-hand continues to work, and you can continue to use the compiler, libraries, etc to churn out new binaries.

[adev_]

> That is a risk that is common to every single industry, and as such is a risk that is easily understood and quantifiable.

Honestly: No

If it would be "easily quantifiable", you would not see in 2021 still bank ATM running damn Windows XP or nuclear power plant under Win2000 with some old deprecated crap supervisor tools.

It is a common drama with proprietary solutions, they are seducing to install and a nightmare to maintain.

This even more due to the decision to use these "vertically integrated proprietary (crap) solution" are generally taken by executive level without any long term thinking and that will be long way gone when the mess need to be cleaned-up

[tailspin2019]

Wow.

[rarkins]

I agree. youtube-dl was another example of them turning a vulnerable moment into a win: https://twitter.com/natfriedman/status/1328365679473426432

[fragmede]

Which, btw, was also thanks to the EFF. Their mission is occasionally murky these days, but their part in the subsequent restoration of youtube-dl in the face of a DMCA takedown is not to be ignored or forgotten.

https://github.com/github/dmca/blob/master/2020/11/2020-11-1...

[depressedpanda]

In what way is their mission occasionally murky?

[fragmede]

In the face of widely popular de-platforming of some individuals, it's not clear to me what the EFF's position should be. I don't want them to ignore current affairs (aka how to counter cultish indoctrination of people with totally bonkers lies like "the covid vaccine has a microchip in it") while at the same time preserving the freedom of speech we believe in (in the US).

[ljm]

I once posted on here to give feedback about the new UI they were testing out at Github. The UI that you now see.

All I said was that it's cool but I can't see the latest commit status (the result of your CI pipeline) any more, and that I sent that feedback through the official channels as it were. I think I tacked a less favourable comment on the end and that was also answered.

First reply to my HN comment was from Nat, acknowledging it.

That was cool. Also, solid leadership.

[devoutsalsa]

I wonder if services of non-Iranians ever get canceled if they travel to Iran for vacation or business. Has anyone heard of that happening?

[mschuster91]

Yes, there were occasional reports of people traveling to Iran, Cuba or North Korea who then happened to have their accounts blocked out.

[schneems]

I didn’t see the Iran thing. That’s interesting.

I’m still personally waiting on “leveraging the vast resources of Microsoft will have the greatest likelihood of affecting public policy” regarding ICE.

That was 2019. It’s almost like he didn’t actually intend on doing anything about it.

[5faulker]

Here's another new chapter to software development.