I think the headline should more accurately be that repo.or.cz has a UK geo-block. I'm unclear why it has one, since it's highly unlikely either that the site contains anything that is covered by the OSA, nor that even if it did, the people running the site should care.
> UK's Online Safety Act 2023 would require us to do a prohibitively complicated risk assessment for our service. We're talking reading through thousands of pages of legal guidelines.
> We're a volunteer operation and would likely be held responsible as individuals. There is talk of fines up to 18 million GBP which would ruin any single one of us, should they get creative about how to actually enforce this.
> Our impression is that this law is deliberately vague, deliberately drastic in its enforcement provisions, and specifically aimed against websites of all sizes, including hobby projects. In other words, this seems to us to be largely indistinguishable from an attempt to basically break the internet for all UK citizens.
> If we could afford to just hope for the best, we'd love to.
The way I understand this is that it's not feasible for them to assess how the legislation impacts them, so they would rather stay safe than risk having their lives destroyed.
Its such a ridiculous law and this outcome is entirely predictable, but bring this up with the proponents of it and they stick their head in the sand, to the point where I think they are perfectly happy with the UK not having a working Internet.
In this case the reaction is more ridiculous than the law, frankly...
Edit:
They are not in the UK and not dealing in anything risky. If they still wanted to demonstrate compliance they could download risk assessment templates (easily available), fill them, keep them on record for the hypothetical future time when they might be asked (they wouldn't). Claiming that it is too risky and complicated so better to ban the UK is either unreasonable or a militant statement but not a "logical reason."
The reaction is entirely reasonable. The only way they can reasonably ensure they protect themselves is to ensure nobody in the UK can access their site.
I'm not deep into this subject, so what's obvious to you isn't so obvious to me. Would you mind explaining a bit more on what's so obvious and why it's particularly unhinged?
They specifically listed their reasons in the geoblock message.
As a someone impacted by this I applaud their decision.
I also hope more high-profile cases like Wikipedia[1] will surface and expose the utter idiocy of the deliberately vague language of the language and the "guidance".
This won't affect most users as they will be using the cache.nixos.org substituter and haven't modified any package that pulls repo.or.cz repositories, but it's still amusing.
Probably someone preferred the 3-level domain system (like UK's .co.uk, .gov.uk, e.g. bbc.co.uk) in .cz, and made .or.cz. This is probably before the time people thought "Oh we can make the domains be words, like 'del.icio.us', that'd be cute!"...
I'm actually working on my own OS agnostic package collection + system management software, and I've found https://radicle.xyz great for this. All repos depended on by the official package collection t will be on the radicle network.
You should focus on the p2p part of code and object distribution. While nix is not perfect, people are not going to learn and adopt yet another package manager.
A distributed git object cache is what is really needed at the moment.
Is this supposed to be a big deal? I use NixOS as a source distribution (nix.settings.substituters = lib.mkForce [ ]) and I get failures when fetching sources pretty regularly. Sometimes the URLs are missing, sometimes the hashes have changed. My usual fix is to fetch the source from cache.nixos.org with nix copy.
I'd say the right answer is to move/add a content addressed model/system for obtaining sources.
Not really. Content-addressed implies that if the content changes, so does its address, such that returning a different result for the same address is a hard protocol violation.
Having a content hash as (part of) the address is common way to this.
IPFS multihash is a well-known example. As opposed to HTTP.
So I think this law is stupid. But it's also popular, for the reason "something should be done, this is something, so this should be done". I doubt that exceptions are going to be made until the effects are felt strongly by everyone. Geoblocking a .cz site used by a tiny number of developers is not having any effect.
When you phrase the question in such a way where people presume it will only target pornographic sites.
If you asked them would they support the law if it happens to accidentally block useful sites that have ZERO pornography on them, I'm very sure, the results would be very different.
Polling for the question “websites that may contain pornographic material”
Which is my point. The OSA isn’t popular as a broad piece of legislation, but the “think of the children” aspect that something needs to be done to restrict access to pornography is popular.
Watch the YouTube link I sent to better understand my point.
Personally, I think even the pornography aspect is stupid. If the government couldn’t stop me accessing porn when I was a kid back before the web was invented, then they’re shit out of luck stopping kids these days. The problem isn’t the law, the problem is parents want a way to diminish their own responsibility. It’s the same tired bullshit we see time and time again of blaming everyone else rather than making ourselves accountable.
Except the UK didn't geoblock anything. This is just someone virtue-signalling about internet freedom from a country that has its own problems it should be addressing.
> then suggest something else that actually addresses the problem
As opposed to the original suggestion that doesn't actually address the problem? How is proposing that in the first place more honest than calling it out?
It's not logically inconsistent for someone to think that one proposal is worse than the status quo without having an alternative that's better than the status quo. Maybe the reason that nothing has been done yet is because every "solution" that's been proposed including this one, are worse than the problem it's supposed to solve.
The internet is also full of bad takes like "the ends justify the means" and "the solution to this problem is obvious and no one has done it because they're evil/stupid/lazy".
“Something should be done, so let’s do something stupid and harmful, and all you critics have nothing to add so our stupid thing that causes harm is what you must accept”.
I never once said we had to settle for this solution. I absolutely said that there is a real problem, and the people in the best position to make a real solution have absolutely no desire to do anything about it.
Remember that previous status quo was "I'd rather make money off of child abuse, because nobody is stopping us". This is the end result of self-regulation, so show me something better.
I agree, but I sadly believe these requirements will spread to other countries, including the US. The US Supreme Court recently ruled that Texas' ID law is somehow constitutional.
"Constitutional" doesn't mean it's a good law, just that it is not prohibited for the state to make such a law. I personally don't like the law but I have a hard time seeing how it would be unconstitutional.
it should be unconstitutional because it's clearly a content-based restriction of speech, meaning that regulating it entails strict scrutiny. strict scrutiny requires Texas to use the least burdensome means possible to satisfy the state's legitimate interest in preventing minors from accessing obscene content - probably a home network filter appliance parents can opt into. this is what they held in Paxton v. NetChoice (iirc.)
instead, the Court contorted themselves into holding that adults have accessing content obscene to minors without furnishing their ID isn't protected speech. porn still is protected speech, but proving your age isn't protected speech. as a result, the law is content-neutral, not content-based.. somehow.
it was a low point for the Court - clear activist justices legislating morality from the bench.
Previously, these kinds of laws violated the 1st Amendment, but the changes in the composition of Supreme Court justices have led to different rulings.
What do you mean "spread to"? The USA passed a dozen such bills into state law before this actually came into effect. That states compete to ignore each other's laws doesn't change a thing.
A lot of the groups pushing these laws actually have good motives (e.g. child abuse charities) but it's clear the current law and implementations are not the solution.
That would either create a gigantic loophole that makes the safety act toothless, or it would create a giant bureacracy of people who review and approve applications. Either outcome is sub-optimal.
The real answer is to repeal this nonsense (IMHO as a non-UK citizen)
I think the headline should more accurately be that repo.or.cz has a UK geo-block. I'm unclear why it has one, since it's highly unlikely either that the site contains anything that is covered by the OSA, nor that even if it did, the people running the site should care.
It's a bit hard to find, but going to the service's Mastodon account eventually leads one to https://repo.or.cz/uk-blocked.html
The linked GitHub isssue links to that page, too.
It hosts user uploaded content I would guess, so presumably the OSA could apply to them.
It says so at https://repo.or.cz/uk-blocked.html:
> UK's Online Safety Act 2023 would require us to do a prohibitively complicated risk assessment for our service. We're talking reading through thousands of pages of legal guidelines.
> We're a volunteer operation and would likely be held responsible as individuals. There is talk of fines up to 18 million GBP which would ruin any single one of us, should they get creative about how to actually enforce this.
> Our impression is that this law is deliberately vague, deliberately drastic in its enforcement provisions, and specifically aimed against websites of all sizes, including hobby projects. In other words, this seems to us to be largely indistinguishable from an attempt to basically break the internet for all UK citizens.
> If we could afford to just hope for the best, we'd love to.
The way I understand this is that it's not feasible for them to assess how the legislation impacts them, so they would rather stay safe than risk having their lives destroyed.
Its such a ridiculous law and this outcome is entirely predictable, but bring this up with the proponents of it and they stick their head in the sand, to the point where I think they are perfectly happy with the UK not having a working Internet.
I think we might need a bit of pain if we're going to dislodge this silly thing.
For what it's worth I salute anyone blocking, whether through an excess of caution or just as a middle finger.
In this case the reaction is more ridiculous than the law, frankly...
Edit: They are not in the UK and not dealing in anything risky. If they still wanted to demonstrate compliance they could download risk assessment templates (easily available), fill them, keep them on record for the hypothetical future time when they might be asked (they wouldn't). Claiming that it is too risky and complicated so better to ban the UK is either unreasonable or a militant statement but not a "logical reason."
The reaction is entirely reasonable. The only way they can reasonably ensure they protect themselves is to ensure nobody in the UK can access their site.
That is very obviously not true... and a little unhinged.
I'm not deep into this subject, so what's obvious to you isn't so obvious to me. Would you mind explaining a bit more on what's so obvious and why it's particularly unhinged?
The reaction is utterly sound. What issue do you have with these very clearly laid out and logical reasons?
Fuck around, find out. When governments start throwing around threats, is it any surprise the goodwill dries up?
>which would ruin any single one of us, should they get creative about how to actually enforce this
actually, it would ruin all of them collectively should "they" get creative enforcing it.
They specifically listed their reasons in the geoblock message. As a someone impacted by this I applaud their decision. I also hope more high-profile cases like Wikipedia[1] will surface and expose the utter idiocy of the deliberately vague language of the language and the "guidance".
[1] https://wikimediafoundation.org/news/2025/09/12/wikimedia-fo...
Censorship causes self-censorship born out of caution.
Would you pay their legal fees if they are sued? It's easy to say when you don't have your future on the line.
Similar stuff happens often with Russian IP addresses, you just gotta deal with it I guess
One reason is DDoS attacks come overwhelmingly from those IPs. Plug them in your firewall, and it’s calm all of a sudden.
https://blog.cloudflare.com/ddos-threat-report-for-2024-q4/
This won't affect most users as they will be using the cache.nixos.org substituter and haven't modified any package that pulls repo.or.cz repositories, but it's still amusing.
What is repo.or.cz? It sounds like the domain name is saying something but I don't understand.
It is a super simple git repo hosting/mirror based in EU. https://repo.or.cz
It's one of the older Git hosts, predating Github.
Probably someone preferred the 3-level domain system (like UK's .co.uk, .gov.uk, e.g. bbc.co.uk) in .cz, and made .or.cz. This is probably before the time people thought "Oh we can make the domains be words, like 'del.icio.us', that'd be cute!"...
Maybe Orcs?
Was playing around with the idea of p2p source hosting in package trees like nix and did a little weekend package prototype here of my own here:
https://github.com/magnet-linux/magnet-linux
Not really ready for prime time, but I think I have some interesting ideas there at least.
I'm actually working on my own OS agnostic package collection + system management software, and I've found https://radicle.xyz great for this. All repos depended on by the official package collection t will be on the radicle network.
You should focus on the p2p part of code and object distribution. While nix is not perfect, people are not going to learn and adopt yet another package manager.
A distributed git object cache is what is really needed at the moment.
Is this supposed to be a big deal? I use NixOS as a source distribution (nix.settings.substituters = lib.mkForce [ ]) and I get failures when fetching sources pretty regularly. Sometimes the URLs are missing, sometimes the hashes have changed. My usual fix is to fetch the source from cache.nixos.org with nix copy.
I'd say the right answer is to move/add a content addressed model/system for obtaining sources.
>I'd say the right answer is to move/add a content addressed model/system for obtaining sources.
Isn't that almost what the nix file already is while being legal. Having a cache of all build files is not legal to do.
Not really. Content-addressed implies that if the content changes, so does its address, such that returning a different result for the same address is a hard protocol violation.
Having a content hash as (part of) the address is common way to this.
IPFS multihash is a well-known example. As opposed to HTTP.
The UK should make exceptions for its legal firewall for scientific and economic access.
So I think this law is stupid. But it's also popular, for the reason "something should be done, this is something, so this should be done". I doubt that exceptions are going to be made until the effects are felt strongly by everyone. Geoblocking a .cz site used by a tiny number of developers is not having any effect.
Is it popular? I’m a parent and none of my parent friends like it.
I suspect this law isn’t popular. Just the messaging of doing nothing is more unpopular. So it gets spun as this is popular.
https://youtu.be/ahgjEjJkZks?si=mGE0k5QT3aXycHtU
Polling has shown it is quite popular:
https://yougov.co.uk/technology/articles/52693-how-have-brit...
When you phrase the question in such a way where people presume it will only target pornographic sites.
If you asked them would they support the law if it happens to accidentally block useful sites that have ZERO pornography on them, I'm very sure, the results would be very different.
Polling for the question “websites that may contain pornographic material”
Which is my point. The OSA isn’t popular as a broad piece of legislation, but the “think of the children” aspect that something needs to be done to restrict access to pornography is popular.
Watch the YouTube link I sent to better understand my point.
Personally, I think even the pornography aspect is stupid. If the government couldn’t stop me accessing porn when I was a kid back before the web was invented, then they’re shit out of luck stopping kids these days. The problem isn’t the law, the problem is parents want a way to diminish their own responsibility. It’s the same tired bullshit we see time and time again of blaming everyone else rather than making ourselves accountable.
Except the UK didn't geoblock anything. This is just someone virtue-signalling about internet freedom from a country that has its own problems it should be addressing.
And as always, the answer to "something should be done, but not this" is "then suggest something else that actually addresses the problem".
The internet is full of dishonest "we've tried nothing and we're all out of ideas."
> then suggest something else that actually addresses the problem
As opposed to the original suggestion that doesn't actually address the problem? How is proposing that in the first place more honest than calling it out?
It's not logically inconsistent for someone to think that one proposal is worse than the status quo without having an alternative that's better than the status quo. Maybe the reason that nothing has been done yet is because every "solution" that's been proposed including this one, are worse than the problem it's supposed to solve.
The internet is also full of bad takes like "the ends justify the means" and "the solution to this problem is obvious and no one has done it because they're evil/stupid/lazy".
“Something should be done, so let’s do something stupid and harmful, and all you critics have nothing to add so our stupid thing that causes harm is what you must accept”.
That’s some incredible logic.
I never once said we had to settle for this solution. I absolutely said that there is a real problem, and the people in the best position to make a real solution have absolutely no desire to do anything about it.
Remember that previous status quo was "I'd rather make money off of child abuse, because nobody is stopping us". This is the end result of self-regulation, so show me something better.
The UK shouldn't have stupid ID requirement laws at all.
I agree, but I sadly believe these requirements will spread to other countries, including the US. The US Supreme Court recently ruled that Texas' ID law is somehow constitutional.
"Constitutional" doesn't mean it's a good law, just that it is not prohibited for the state to make such a law. I personally don't like the law but I have a hard time seeing how it would be unconstitutional.
it should be unconstitutional because it's clearly a content-based restriction of speech, meaning that regulating it entails strict scrutiny. strict scrutiny requires Texas to use the least burdensome means possible to satisfy the state's legitimate interest in preventing minors from accessing obscene content - probably a home network filter appliance parents can opt into. this is what they held in Paxton v. NetChoice (iirc.)
instead, the Court contorted themselves into holding that adults have accessing content obscene to minors without furnishing their ID isn't protected speech. porn still is protected speech, but proving your age isn't protected speech. as a result, the law is content-neutral, not content-based.. somehow.
it was a low point for the Court - clear activist justices legislating morality from the bench.
Previously, these kinds of laws violated the 1st Amendment, but the changes in the composition of Supreme Court justices have led to different rulings.
I felt the GP was making that same point.
What do you mean "spread to"? The USA passed a dozen such bills into state law before this actually came into effect. That states compete to ignore each other's laws doesn't change a thing.
For the US, I'm referring to federal laws or more laws in more states.
As for other countries, the EU just delayed the vote for "Chat Control" as recently as yesterday!
A lot of the groups pushing these laws actually have good motives (e.g. child abuse charities) but it's clear the current law and implementations are not the solution.
That would either create a gigantic loophole that makes the safety act toothless, or it would create a giant bureacracy of people who review and approve applications. Either outcome is sub-optimal.
The real answer is to repeal this nonsense (IMHO as a non-UK citizen)
Agreed, as a UK citizen.
It as always a stupid idea, see recent discord leak of ID’s.