That we admit this, that our government is acting in a criminal fashion, in conflict with the constitution, and we have accepted it as "normal" is just proof that we are frogs who think the water is just fine.
We should be outraged and demanding prosecutions and investigations. But of course, who owns the prosecutors and the investigators? The government.
And we've been taught by government schools to be "good germans" (Eg: to give the benefit of the doubt and wide latitude to government.)
And just like actual frogs that are slowly heated, we will almost certainly jump out of the water if the pot approaches a boil. The apathy stems from the fact that the water is just fine for most citizens; the frogs who are subject to this abuse reside in a completely different pot than the one that most citizens enjoy. I'm not saying I condone surveillance abuse or drug war policies, but the reality is that while your average citizen may be alarmed by the presence of a hot stove, they just can't be bothered to revolt for the sake of an adjacent pot full of drug dealers.
Can you imagine how the citizens of 1995 would have reacted to a Snowden of the time? It'd be a complete non-event.
Who cares if they're transparent in government takedowns if they're going to actively censor their own users?
Yep, not evident from the transparency report that repos get taken down so casually, with other users protesting. [I'm guessing it probably didn't contain those sort of instructions, and they can't claim so in the transparency report, because that would be libelous.]
Overall github is great but they definitely have some
Growing up to do as an organization.
GitHub seems to be following the Reddit moderation style of "nothing that's illegal, or against our rules, or stuff that makes us look bad which we decide when we get grumpy emails"
> 0-249 Affected Accounts
So, I would assume it's fairly safe to say they got 249 NSLs or am I missing something about how people are using ranges to go about skirting this ridiculous law? Obviously it could be within that range, but that's an oddly specific number.
Edit: Just realized this is linked above, apologies
We can probably assume that the number is >0 rather than >=0.
"We can't say we received 84 requests this year. We can only tell you it was in the band [-166, 84]"...
Until such time, we are not even allowed to
say if we've received zero of these reports
Now you first thing it would be some anonymity tool or something like that, nope it's an empty repo with a 32 ways of how to commit suicide in the repo notes including what you need and how long it will take you to die.
Not sure why GitHub only blocked access to that content from Russian IP addresses rather than removing the repo completely like they did with cases in which the repo was actually used for legitimate purposes...
EDIT: I am not smart. I didn't think of that percentage that received information on the disclosure of information and was thinking in terms of total subpoenas.
How is it not 40% or 4 users and we get 43%? One person only got 1/3 of the information?
4/7 users were not informed = 57%
3/7 users were informed = 43%
But left over:
3/10 in which info was not disclosed
I agree, the infographic was not 100% clear (no pun intended)
10 requests for information, 7 responded to, and then 43% of those seven requests has the user informed. How do we get 43% of seven?
Edit - ok next paragraph tells me 10 requests for 40 accounts.
To me this seems pretty low - given that GitHub has millions of accounts, that only 40 got suspected of being involved in crimes seems amazingly low. Or that not even criminals store their secret bank robbery plans in free online hosting services :-)
Back to school
Or is it for just the private repositories ?
Or is it to be able to "subtly add code" to existing repositories without being seen ?
What would it be for ? I am stumped.
Would there be any legal requirement to satisfy such a request? Why should a business expend resources to do something the police could do on their own?
Such as an XML(ish) markup with accompanying code to describe presentation?
I guess the only protection against this would be to either never press the merge button in github, or repeat the merge locally and check there is no diff against the remote merge.
Of course on big projects a lot of the code isn't touched in years but we're talking about revealing that somebody broke SHA1. It sounds very risky given the stakes.
The reasoning is always that you are actually signing the whole commit chain because your commit is liked to every previous one by the commit hashes.
I don't think it's this---I understand it to be basically impossible to mess with git repository histories without people noticing. I guess they might try to sneak it in as a new commit, but hopefully others on the project are inspecting things???
Process would be something like:
-- Take the original chain.
-- Identify a patch in the past where you want to insert the code
-- Check out back to that patch
-- Make the change
-- Roll forward with all the following patches re-applied (with new hashes of course)
-- Replace the repo with the new repo.
The end result is that hashes would change. So if you were talking to people about a particular patch using its hash, or telling people a particular release is set at a particular hash, you would notice when this changes. So it wouldn't be invisible using this method.
An alternative approach might be to generate a series of innocuous code changes that will produce the end result of restoring the hashes of the latest commit to what they should have been before the change. This might be extremely difficult or computationally intensive, unless the hash algo is weak.
But it seems theoretically possible, unless I'm missing something about how git works.
The scenario described happens frequently when people `git push -f` a rebased tree, and it certainly does not go unnoticed by other developers on the project — more “havoc” than “subtle”.
For example: account information, access logs, IP addresses, relating to the Tor project's managers, contributors, downloaders, etc etc.
> Or is it to be able to "subtly add code" to existing repositories without being seen ?
Come on now, this is not productive to speculate on. This is "the CIA is controlling the population by putting chemicals in your water supply!" level stuff.
I'm not talking about moon or UFO's conspiracies. I'm talking about things that, according to leaks and official documents, they already did in the past and keep doing today.
This is something else. Basic rationality demands that we not treat something as truth until we have evidence of it.
The existence of bad actors does not mean an abandonment of critical thinking! Critical thinking in this case tells us that compromising a git repo is a horrible idea, mostly because even if you broke SHA and even if you managed to slip the code in undetected, the jig is up the moment somebody makes a conflicting change in that file, wonders what's going on, and then discovers that the server copy does not jibe with the local copy.
But we can't blindly defend governments, agencies or countries and attack someone just because their opinion or ideia doesn't fit on the "official version".
There is also a big deference between what I did (considering the ability to do something) and accuse them of doing something. You don't need evidence to think if they can or not do it.
Please cite an official document that shows the US government forcing GitHub to secretly modify the source code of a project in one of its repos.
As far as I'm aware, they've literally never done that, and to suggest they have means you have to show evidence that such a thing has taken place.
This is some Fox News level bullshit. "How do we know the FBI hasn't raped and murdered a girl in 1990? They've never come out and specifically stated they haven't!"
I'm not saying that the US (or other country) government did change some code on some repo on Github, what I'm saying is: if they want, they can do it legally or illegally. Do you understand my comment now?
When we make statements, we do so with context, and in this context, stating "the US government could do X" is implying that, yes, in fact the US government did do X.
Furthermore, saying "we don't know they didn't" is a specious argument, at best, because it suggests they did do X, when in reality they're no more likely to have done X, than I am to have done Y, which is some arbitrary other thing which is, while in the realm of possiblity, a complete waste of time to consider.
There exists, within the set of possible things, a set of things which are not among the greater set of things one must consider. The US government secretly forcing GitHub to modify source code in one of their repositories is one of those things that we can safely not consider, even though it is, you're right, technically and politically possible.
So while I completely relate to your feeling of trying to avoid conspiracy theory fantasies of "how do we know they haven't done that", I think it is probably not a good idea to say, "[this] is one of those things that we can safely not consider, even though it is... technically and politically possible".
Whether or not it has happened in the past, we probably don't want it to be possible and we probably should consider to consequences of what would happen if the government decided to take that action. 'Eternal vigilance is the price of liberty,' and all that rot.
Hence the phrase "good germans" for people who believe anything the government tells them, without question, despite the history of government criminal activity, pretty much nonstop going back to the revolution. (Hell, imposing the constitution was done by a coup, there was no mechanism for replacing the prior government, so they just did it with fait accompli. That said, I wish we operated under that constitution, then there would be no need for these reports to reveal just how many people's (in bands of 250) constitutional rights are being violated.)
In the remaining case (the only time the word 'water' itself shows up) is this sentence:
> One police writer claims that the threat of scopolamine interrogation has been effective in extracting confessions from criminal suspects, who are told they will first be rendered unconscious by chloral hydrate placed covertly in their coffee or drinking water.
Which is absolutely unrelated to putting chemicals in the drinking supply of a population in an attempt to mind control them.
"In order to meet the perceived threat to the national security, substantial programs for the testing and use of chemical and biological agents-including projects involving the surreptitious administration of LSD to unwitting nonvolunteer subjects "at all social levels, high and low, native American and foreign"-were conceived, and implemented. These programs resulted in substantial violations of the rights of individuals within the United States."
pg. 73 (393)
See also: https://en.wikipedia.org/wiki/Frank_Olson
So much anger, in such a personal form. Why the chip on your shoulder?
This thread, while straying from the content of the submitted post, has come to be about your implication regarding CIA and mind control. I have admitted that the CIA directly participating in mind control efforts via water supply poisoning seems outlandish, while pointing out that you are overlooking some crucial tidbits in the above link. The CIA has participated in some unsavory experiments on unknowing citizens in the past. While NSLs and the CIA have a tenuous connection at best, you did indeed bring the CIA into the conversation in the first place. I'd say that pointing out past government indiscretion (MKULTRA) is fair game, when we are considering the merits of another (NSLs).
These Stasi guys don't take anything that may jeopardize the reign of their paymasters lightly
IMO for Github to be trustworthy, they would only remove repos when required by law and then they should end up in this report.
[Also, someone seems to have flagged my original comment so it isn't visible. Could they unflag it, so people can follow the conversation, and how my viewpoint changed? Aside: bit funny that this happened in my comment about censorship against unpopular viewpoints.]
For instance, I once had my account hellbanned for talking about how I'd met grace hopper as a kid. Seriously, was the only post in weeks and then poof, gone.
The unaccountable unelected masters of Hacker News have acted extremely capriciously and in a very politically biased fashion in the past.
I know there have been changes, but Hacker News should have a transparency report. Or some transparency.
(A more neutral way to share your concern might be “I would also like to see some transparency around TOS takedowns, and not just takedowns instigated by third parties.”)
I don't know if it was a ToS takedown at all. Look at what the page says -- "Access to this repository has been disabled by GitHub staff. Contact support to restore access to this repository." Geek Feminism's wiki  says "Misogynist C Plus Equality satire project announced and repositories were created on GitHub and BitBucket, with commits impersonating various geek feminists. GitHub removed it quickly." without mentioning a reason.
You obviously dragged your baggage into this discussion. It’s your baggage, drag it everywhere you like, but do not be surprised if you get called for ranting about feminist conspiracies in tech in a discussion that is not about feminism.
Sure, GitHub has taken some repos offline. Fine and good to suggest that it would be helpful for them to report on these things, in this or another report.
Excellent to bring up an example that matters to you personally. You’re invested in it, you feel strongly about it.
But the moment you started to talk about tech culture as a whole and some bias the industry may have with respect to feminism, you left the subject matter behind.
Since Andrea Dworkin died in 2005, I'm not sure how she could have a github account today, so the "impersonation" claim might be a little thin. I think it would be akin to creating a github user called "ErwinRommel" or something -- referencing a well known person who isn't around any more.
Censoring art is still censorship, even if we care for neither the art, the artist, or the message.
It was a silly, somewhat mean-spirited project, but it lived in its own dumb little bubble and didn't hurt anyone who didn't choose to go there and be outraged.
Compare them to a bookstore. Say the bookstore sends some books back to the publisher (without saying why, but maybe the owner didn't like the paper or something). The bookstore might not be a very good bookstore, but it hasn't burned any books.
Anybody hosting the only copy of anything on Github is making a mistake, so it isn't fair to use an analogy implying that they destroyed something.
That's fine, but if they subsequently publish a Transparency Report that isn't very transparent about some things, it's probably a good thing to call them out on it. Would you agree?
Through precisely which mechanisms do you believe that repositories are being removed due to anything resembling "pro-feminist" ideology?
Does github have a "report this repo for not being feminist enough" button that i've been missing all this time?
My guess is, internally. Someone says, "Ugh, we don't want these anti-feminist people pushing commits to this repo, let's disable access to it."
> Does github have a "report this repo for not being feminist enough" button that i've been missing all this time?
I appreciate the heavy sarcasm, but if you think about it, it's a bit chilling. Github, which stood up to the Chinese government, is not strong enough to stand up for the rights of its users who want to make an anti-feminist parody language.
While Github held out against the Chinese, they did not make any outward statements of accusation towards the Chinese government in a smart move. That form of political tension is better handled by the United States government such that Github does not face further backlash. Github's role was purely technical: stopping the DDoS.
Github decided to do something. Nobody forced them to do it. They decided. We also don't know on what terms they decided to take that repository down.
Positioning feminism as an outside pressure group that is more powerful than the Chinese Government is pretty weaselly framing, so... ¯\_(ツ)_/¯ you tell me who's trying to chill whom.
Imagine if the Chinese Government sent a tweet to Github and they took down the "offensive" repos at one stroke over the protests of dissenters. Why do you think this case is special? If it contains personal info or something (which I strongly doubt, by the way), fine. Take it down, and mark it as such -- and put it in your “Transparency Report”.
All its forks seem to have been censored too, e.g.
And was that the real Andrea Dworkin or a troll impostor? ...
I see now, the original and its forks were censored.
Until the courts change the law and say they can say if they've received zero of these reports or not, they are not allowed to. There is no 'warrant canary'. It would be illegal, and Github is not telling you they are going to break the law, they are telling you they are supporting efforts to change the law, but until such time, they will have to comply, and they can't tell you if they received any.
Until they receive 250, and then they can say they received somewhere in the range of 250-499.