Pages:
Author

Topic: 2012-10-09 Forbes.com - As Inflation Rages In Iran, Bitcoin Software Not Availab (Read 7226 times)

legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
As a temporary workaround, http://files.btcmirror.is/ now exists.

Please verify if the files are correct or not.

A fine workaround ... from my timewarp ftp was the web, not the workaround Smiley

You could I suppose to be ultra-thorough also post the signed hashes of source and pre-built binaries files put up on github by the other devs (so as not to centralise trust on gavin's sig.) ... e.g.

https://github.com/bitcoin/gitian.sigs

https://github.com/bitcoin/gitian.sigs/blob/master/0.7.1/sipa/bitcoin-build.assert
member
Activity: 69
Merit: 10
As a temporary workaround, http://files.btcmirror.is/ now exists.

Please verify if the files are correct or not.
member
Activity: 69
Merit: 10
There is some scepticism on reddit:

- someone needs to check the hashes to make sure nothing was altered (to ease the paranoid)
- does the mirrored site still link to sourceforge? If so Iranians would still be prohibited from downloading right?

I'm doing this for three reasons:

0. Iceland rocks and http://immi.is looks a reality. Go freedom.
1. The world should be able to download their bits as desired without letting some scared corporate lawyers dictate yes or no.
2. I want to host a complete copy of the bitcoin site with binaries on a piratebox with no internet access. I already can do this with Tor, because they put everything locally and provide a quick and easy rsync share. The tor site mirror is roughly 6 GB, which includes all binaries for all operating systems, and fits easily on a 16GB usb drive.

However, any smart person will not trust me. You should check the binaries, the hashes, and everything I've done to mirror the site.

Right now, I have not had time to patch the site to remove the reliance on sf.net and googlecode/googleapis. When I do figure out the patches, I intend to publish my git repo so others can clone/pull and check it out. I don't use github or other social networking technologies like it (facebook, twitter, sourceforge, etc).
legendary
Activity: 1022
Merit: 1000
There is some scepticism on reddit:

- someone needs to check the hashes to make sure nothing was altered (to ease the paranoid)
- does the mirrored site still link to sourceforge? If so Iranians would still be prohibited from downloading right?
hero member
Activity: 784
Merit: 1010
Bitcoin Mayor of Las Vegas
Sounds like this needs to be mirrored to a hidden service...  Roll Eyes
hero member
Activity: 588
Merit: 500
And generally, allow bitcoin.org to be mirrored, or the binaries served up by non-sourceforge hosts (mirrors and bittorrent).
It is MIT licensed, anybody can mirror it anywhere they like. You don't need anybody's permission, just do it!

Step 1: Done. Hourly pulls of website git (https://github.com/bitcoin/bitcoin.github.com.git) from github. See http://btcmirror.is/

Step 2: In progress. Replace sf.net links with local copies of all binaries and related sha(1|256)sum files plus signatures.

Step 3: In progress. Replace googleapi.com and googlecode.com script links with local copies of the files.

Step 4: Serving bitcoin website and binaries out of Iceland. Setup rsyncd for mirroring.

Step 5: There is no step 5.

Step 6: Thank you, teamhugs!
member
Activity: 69
Merit: 10
And generally, allow bitcoin.org to be mirrored, or the binaries served up by non-sourceforge hosts (mirrors and bittorrent).
It is MIT licensed, anybody can mirror it anywhere they like. You don't need anybody's permission, just do it!

Step 1: Done. Hourly pulls of website git (https://github.com/bitcoin/bitcoin.github.com.git) from github. See http://btcmirror.is/

Step 2: In progress. Replace sf.net links with local copies of all binaries and related sha(1|256)sum files plus signatures.

Step 3: In progress. Replace googleapi.com and googlecode.com script links with local copies of the files.

Step 4: Serving bitcoin website and binaries out of Iceland. Setup rsyncd for mirroring.

Step 5: There is no step 5.
hero member
Activity: 763
Merit: 500
setting up an rsyncd with the recent bitcoin binaries + valid signatures is a great idea. i'm sure, there are plenty of admins who would want to mirror it and a dedicated mirror index html page should list all of them.

just like the wikileaks fallback pages when their DNS entries were removed.
member
Activity: 69
Merit: 10
It is MIT licensed, anybody can mirror it anywhere they like. You don't need anybody's permission, just do it!

Correct. You could make it easier to mirror it though. Right now httrack and pulling the binaries is my solution.
legendary
Activity: 1652
Merit: 2311
Chief Scientist
And generally, allow bitcoin.org to be mirrored, or the binaries served up by non-sourceforge hosts (mirrors and bittorrent).
It is MIT licensed, anybody can mirror it anywhere they like. You don't need anybody's permission, just do it!
member
Activity: 69
Merit: 10
Are you both suggesting that the core bitcoin development group (who are listed at bitcoin.org) remove the checkbox that blocks SourceForge downloads to sanctioned countries?

Yes. And generally, allow bitcoin.org to be mirrored, or the binaries served up by non-sourceforge hosts (mirrors and bittorrent).
sr. member
Activity: 303
Merit: 251
My understanding was that SourceForge is claiming that the specific OFAC sanctions against Iran would take precedence over the munitions export controls which were indeed relaxed for non-sanctioned countries. It just hasn't been challenged yet.

They can claim whatever they want as their excuse. They are wrong, but its their choice if they don't want to do it.

+1

Are you both suggesting that the core bitcoin development group (who are listed at bitcoin.org) remove the checkbox that blocks SourceForge downloads to sanctioned countries?
member
Activity: 69
Merit: 10
In thinking broader about this, bitcoin.org is hosted on github servers. They are a US company and may also look at the embargoed countries and decide the citizens of an 'axis of evil' country cannot download bitcoin. It seems clear there needs to be a mirroring plan for bitcoin.org and binaries run by volunteers, in case of stupidity. This would also work well if someone forced the .org people to take down bitcoin.org.
legendary
Activity: 1834
Merit: 1019
My understanding was that SourceForge is claiming that the specific OFAC sanctions against Iran would take precedence over the munitions export controls which were indeed relaxed for non-sanctioned countries. It just hasn't been challenged yet.

They can claim whatever they want as their excuse. They are wrong, but its their choice if they don't want to do it.

+1
member
Activity: 69
Merit: 10
My understanding was that SourceForge is claiming that the specific OFAC sanctions against Iran would take precedence over the munitions export controls which were indeed relaxed for non-sanctioned countries. It just hasn't been challenged yet.

They can claim whatever they want as their excuse. They are wrong, but it's their choice if they don't want to do it.
sr. member
Activity: 303
Merit: 251
The developers don't have a choice. Bitcoin uses strong cryptography, which, for reasons which don't really make sense, is legally classified as a military weapon under the Wassenaar Arrangement, and therefore illegal to export to "certain" countries. Simply making the source code available for download worldwide is legally equivilant to selling bombs to Iran. As fucked up as the law is, it must be obeyed if you want to avoid being jailed for arms trafficking.

This is not true. Open source, free software does not fall under the US munitions export controls. Otherwise, tools like openssl, tor, openssh, linux distributions, etc would not be available outside the US. See https://www.federalregister.gov/articles/2011/01/07/2010-32803/publicly-available-mass-market-encryption-software-and-other-specified-publicly-available-encryption for the public restatement of that fact. This fact has been true since 1996. See John Gilmore's fights and wins in the US courts here, http://www.toad.com/gnu/export/export.html.

My understanding was that SourceForge is claiming that the specific OFAC sanctions against Iran would take precedence over the munitions export controls which were indeed relaxed for non-sanctioned countries. It just hasn't been challenged yet.
member
Activity: 69
Merit: 10
The developers don't have a choice. Bitcoin uses strong cryptography, which, for reasons which don't really make sense, is legally classified as a military weapon under the Wassenaar Arrangement, and therefore illegal to export to "certain" countries. Simply making the source code available for download worldwide is legally equivilant to selling bombs to Iran. As fucked up as the law is, it must be obeyed if you want to avoid being jailed for arms trafficking.

This is not true. Open source, free software does not fall under the US munitions export controls. Otherwise, tools like openssl, tor, openssh, linux distributions, etc would not be available outside the US. See https://www.federalregister.gov/articles/2011/01/07/2010-32803/publicly-available-mass-market-encryption-software-and-other-specified-publicly-available-encryption for the public restatement of that fact. This fact has been true since 1996. See John Gilmore's fights and wins in the US courts here, http://www.toad.com/gnu/export/export.html.
member
Activity: 69
Merit: 10
The bitcoin devs aren't really involved here, other than their choice of sourceforge for hosting. Sourceforge is blocking Iran and other sanctioned countries to minimize any legal risks with the US government. I'm willing to host a mirror of bitcoin.org+binaries in Iceland, if only there was some easy way to mirror the site. wget -u is a crappy way to do a mirror. rsync would be great.
sr. member
Activity: 303
Merit: 251
legendary
Activity: 2282
Merit: 1050
Monero Core Team
I suspect the developers have no option but to block access to avoid serious legal problems in the United States where the lead developer is based. The same would occur is many other countries for example Canada. I actually support the developers doing this for this very reason. That been said what is to prevent someone in a jurisdiction that does not have sanctions on Iran from downloading the software and then making it available via a server or bit-torrent? In the latter case for example on TPB.



I suspect the developers don't give a fuck as they've been ignoring my questions about this very issue since 1.3a.

There are sites which are more embargo-compliant and others that are less compliant and the bitcoin project also uses Italian domains or others that would not have any legal issues linking to open source for Iranians.

Actually if the USA wouldn't be scared of Bitcoin, it could use it as a weapon against Iran alongside its USD to destabilize the IRR.

If this is a concern why not simply download the source code and binaries and put them on a server not affected by this issue. This is after all the whole point of Free Software / Open Source software. The developers do care which is why the software was released under a Free Libre Open Source software license.
Pages:
Jump to: