Tell HN: GitHub deleted anti-censorship activist repositories
Github just deleted ValdikSS [1] account and all of his repositories.
Including GoodbyeDPI, bypassing some DPI-based censorship, and Super-UEFIinSecureBoot-Disk, allowing to boot things when secure boot is enabled. The interesting thing is that he recently published some work [2] breaking UEFI secure boot (not on github, but on zeronet), basically undermining Microsoft, current owner of Github and big pusher of UEFI.
His twitter account confirming that: twitter.com/ValdikSS
[1] https://github.com/ValdikSS
[2] https://habr.com/en/post/446238/
72 comments
[ 2.7 ms ] story [ 125 ms ] threadThis apparently requires a Kaspersky rescue GRUB
" Red Hat GRUB Secure Boot repository[2], the only problem—PE header parser is missing. GRUB gets parsed header from shim, in a response to a function call via a special protocol. This could be easily fixed by porting the appropriate code from the shim or PreLoader to GRUB."
[1] https://habr.com/en/post/446238/
[2] https://github.com/rhboot/grub2/tree/grub-2.02-sb
[3] https://techcommunity.microsoft.com/t5/Windows-Hardware-Cert...
So much love and respect for you, ValdikSS.
https://web.archive.org/web/20190412171819/https:/twitter.co...
https://web.archive.org/web/*/https://github.com/ValdikSS
It's ironic that browser makers talk about sandboxes and isolation these days. They started out mostly that way, but then had to provide ways for web sites to gain progressively more access to your computer.
ZeroNet: https://zeronet.io
GitCenter: http://127.0.0.1:43110/1GitLiXB6t5r8vuU2zC6a8GYj9ME6HMQ4t/
For a long time, we didn't really have to worry about this sort of thing, because the physical infrastructure required for such a system didn't exist, would be prohibitively expensive to create, and would likely lead to massive protests if someone tried to create it.
But now we are in the digital age, and we have slowly been creating our own memory hole infrastructure, bit by bit, in the form of centralized cloud services. This deletion is an example.
Now, these service providers should be (have to be) allowed to remove whatever they want from their platform, but the fact that they can do so should be front and center in everyone's mind when they post content to them, be it code or text or video. We should be patronizing alternatives to github, youtube, facebook, and all other large centralized data stores as much as possible.
Interestingly, while Greek history from that period is lost, Mesopotamian/Assyrian/Persian/etc. records continue with cultural continuity from ~3000 BC right up to the Arab conquests, at which point they forgot how to read their old records too. This strongly suggests that that loss was intentional.
Try for yourself: https://en.wikipedia.org/wiki/Sütterlin
But it seems that Hitler's rationalization of “if we're to trade with the rest of Europe, those nations must understand German writing” came to be fulfilled.
Akkadian and Sumerian were thousands of years old (and, obviously, long dead) when they got wiped out. And while Mycenaean Greek is not much different from classical Greek (with a gap of only a few centuries), it is written using a writing system entirely unrelated to that of classical Greek, which we assume was originally developed for some other unknown language because it fits Greek so poorly.
> “if we're to trade with the rest of Europe, those nations must understand German writing”
I don't see why this would make any difference. We trade with Japan (and had been doing so for centuries before Hitler). Recognizing the letters in a German contract isn't much good if you can't understand the words.
[1] https://scuttlebutt.nz
[2]https://github.com/ssbc/patchwork
[3]https://github.com/noffle/git-ssb-intro
For every act of evil that we see Microsoft commit there are 20 that we don't see. Remember that.
Sidenote: Github had these same rules and did ban people long before Microsoft was in the picture. I wouldn't be too quick to conclude Microsoft made the difference here.
Also, not as righteous as everyone makes him out to be. The dude was hosting torrents on things like Christchurch shootings in his repos. His content probably violated some terms of service.
My personal opinion we do ourselves a huge disservice by filtering out these things. You should display its grotesqueness. Display the horrors of humanity. Teach people life isn't snowflakes and rainbows and that there actually are terrible, evil people out there, not a sea of undiscovered victims. Evil exists as a virtue in of it self, if not to simply show you what the opposite of evil is. Maybe you don't know what good is, but know that it isn't "that"
>It's not a slippery slope if it is actually happening.
How can you start a comment with eventually and then end with, it's not a slippery slope it is actually happening?
There's a line to trace somewhere between what is acceptable to host and what isn't. You may disagree with WHERE the line is, sure, but there's a line to trace. It can be barely where it's legal in the country hosting that content (which is still open to interpretation, or else we wouldn't have court systems).
Now are you disagreeing with a line that include Christchurch shootings content? Then say that, or else, sure it will be someone else that will decide where to trace that line.
He had links in gists. What terms does this violate? Shouldn't they remove it or warn him rather than locking / shadowbanning his whole account?
"I have other torrents in gists, and I used to have blocked repository for which Github contacted me prior to blocking this exact repository, asking to remove some files from it. This time I've got no notifications and got my account (not a repo/gist/etc) shadowed."
There are few good reasons to want to review a crime scene, and many good reasons against watching. There may be no direct reason to watch the video of the crime, and only the indirect chance that it might be important. There may also be perverse incentives or at least a morbid curiosity. Stipulating any of that would be unjust, though. The saving grace would be that clicking on a link is anyone's own responsibility, or the parents in case of child protection. Especially a security researcher and privacy advocate would highlight that fact. The real problem may not be the sensitive feelings but primarily advertisement, an expression of affirmation. Just what does merely hosting a video express?
Legally speaking, not formally but morally, the personality rights involved in the content stand against the matter of public interest. Claiming a matter of public interrest over this individually should be neigh impossible. It's rather confusing and contradictory to devalue others privacy, making a stand for privacy, and defending integrity of privacy.
...
Yeah, me neither.
So even the hearsay about the links to the page that may include magnet links lowers your Chinese-style social credit score if nameless hard-working censor of some “respectable” corporation is triggered by that.
[1] http://www.dmlp.org/legal-guide/circumventing-copyright-cont...
No, this is likely not because of GoodbyeDPI or Super UEFIinSecureBoot Disk.
Most probably it's because of someone has been spamming from my ISP's /24 IP range.
>His twitter account confirming that: twitter.com/ValdikSS
No, learn to read.
It seems like all that his Twitter feed confirms is that his page shows as 404, but nothing more than that. He did not mention any association between the ban and his work, instead on Twitter he's just saying self-hosting is more reliable. The latest tweet implies the shadow ban ("invisible issues, invisible commits, invisible code comments!").
That's pretty much what I implied. But added twitter so that people can see his perspective.
He sure is understandably upset. It sure explain WHY he answered like that, but it's not an excuse to act like that.
I'm really getting pissed off when people overinterpret other people texts and create "news" based on their biased misinterpretation. What I stated in twitter post is that any company can do anything with your data or account, and you should not rely on any free service on the internet. That's it, only that. I did not say that my github account is deleted or that the reason behind that is one of my repository.
Moreover, for some reason people tend to read only that first tweet while what I wanted to say is in next 5 tweets too.
My primary language is Russian, and I'm usually very cautious of my written language and always try to write any texts (emails, blog posts, Russian craiglist listings) as clear, unambiguously and literate as possible, but always see people who just don't read. This is not an insult, I mean it literally: PLEASE learn to read in full.
I find it amusing that wanting other people to learn to read can be and often is considered insulting. Perhaps there's also a bit of a culture clash - Russians are relatively direct.
Spending your time trying to write clearly and unambiguously likely won't be appreciated much, but it does make the world a better place.
It's an insult when that person does know how to do it.
This issue wasn't related with his capacity to read either, which further enhance how it was used as an insult.
It was a misunderstanding, that's all. No one is specifically responsible for it.
I find it concerning that Twitter has become such a common way to share news. The short message format can make it impossible to get a full point across reliably.
All based on basically a misunderstanding, which I don't believe was done out of malice. But at the end of the day this is essentially "fake news". Again, likely born out of ignorance, not malice. But I think the person being misrepresented saying "learn to read" is hardly over the top.
> 2019-04-10
> Many people, incl. friends of mine, rely on "cloud" for file storage, use "free" messengers, listen to music on "services", and expect companies to provide stable and consistent service.
> This is what you get in the end: https://github.com/ValdikSS [image of 404 error]
> 2019-04-11
> I can create invisible issues, invisible commits, invisible code comments!
The first one sure looks like "deleted".
In the second, you could be talking about being shadowbanned, but getting that depends on knowing what it is.
Also, being shadowbanned is arguably worse than deleted. I've seen shadowbanned accounts post for many months, apparently unaware of their status. When I see one with a listed email address, I let them know, as a courtesy.
I always expect that, because I always read terms of service. This is an excerpt from Github ToS:
>GitHub has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately. GitHub reserves the right to refuse service to anyone for any reason at any time.
So I don't understand why people give attention to some problems with my account, why anybody should give a clue and why this is a topic for discussion. Nothing unexpected has happened. I never stored sensitive data on github, never used it for OAuth, and this account does not have serious value for me. I have all the data backed up locally, on external drive, on several others git hostings and on remote computers. I don't know the reason yet, Github did not send any notifications before shadowban and I did not receive a reply from support yet, but I'm pretty sure that neither GoodbyeDPI nor Super UEFIinSecureBoot repository are to blame. Most probably this is false positive of their anti-spam system.
But this isn't about you.
This is about people being concerned that GitHub is banning or shadowbanning accounts for political reasons. Your GitHub account may be worthless to you, but many have (stupidly enough, I agree) relied on GitHub. Consider the confusion if GitHub took down Docker. Or even algo or Streisand.
Why was this thread flagged? A misleading thread title?