You Can't Build Tcc From Nixpkgs If You Are in the UK

Posted3 months agoActive3 months ago

RGBCube

169 points

67 comments

github.comTechstoryHigh profile

calmmixed

Debate

40/100

NixpkgsGeo-BlockingPackage Management

Key topics

Nixpkgs

Geo-Blocking

Package Management

The Nix package manager's ability to build the 'tcc' package is hindered for UK users due to geo-blocking on repo.or.cz, sparking discussions on the implications and potential solutions.

Snapshot generated from the HN discussion

Discussion Activity

Active discussion

First comment

Peak period

2-4h

Avg / period

6.5

Comment distribution52 data points

Loading chart...

Based on 52 loaded comments

Key moments

01Story posted
Oct 10, 2025 at 11:18 AM EDT
3 months ago
Step 01
02First comment
Oct 10, 2025 at 11:19 AM EDT
1m after posting
Step 02
03Peak activity
20 comments in 2-4h
Hottest window of the conversation
Step 03
04Latest activity
Oct 11, 2025 at 4:41 PM EDT
3 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (67 comments)

Showing 52 comments of 67

whatshisface

3 months ago

3 replies

The UK should make exceptions for its legal firewall for scientific and economic access.

freedomben

3 months ago

1 reply

That would either create a gigantic loophole that makes the safety act toothless, or it would create a giant bureacracy of people who review and approve applications. Either outcome is sub-optimal.

The real answer is to repeal this nonsense (IMHO as a non-UK citizen)

noir_lord

3 months ago

Agreed, as a UK citizen.

It as always a stupid idea, see recent discord leak of ID’s.

driverdan

3 months ago

2 replies

The UK shouldn't have stupid ID requirement laws at all.

tripplyons

3 months ago

2 replies

I agree, but I sadly believe these requirements will spread to other countries, including the US. The US Supreme Court recently ruled that Texas' ID law is somehow constitutional.

bigstrat2003

3 months ago

3 replies

"Constitutional" doesn't mean it's a good law, just that it is not prohibited for the state to make such a law. I personally don't like the law but I have a hard time seeing how it would be unconstitutional.

sterlind

3 months ago

it should be unconstitutional because it's clearly a content-based restriction of speech, meaning that regulating it entails strict scrutiny. strict scrutiny requires Texas to use the least burdensome means possible to satisfy the state's legitimate interest in preventing minors from accessing obscene content - probably a home network filter appliance parents can opt into. this is what they held in Paxton v. NetChoice (iirc.)

instead, the Court contorted themselves into holding that adults have accessing content obscene to minors without furnishing their ID isn't protected speech. porn still is protected speech, but proving your age isn't protected speech. as a result, the law is content-neutral, not content-based.. somehow.

it was a low point for the Court - clear activist justices legislating morality from the bench.

tripplyons

3 months ago

Previously, these kinds of laws violated the 1st Amendment, but the changes in the composition of Supreme Court justices have led to different rulings.

hnlmorg

3 months ago

I felt the GP was making that same point.

exasperaited

3 months ago

1 reply

What do you mean "spread to"? The USA passed a dozen such bills into state law before this actually came into effect. That states compete to ignore each other's laws doesn't change a thing.

tripplyons

3 months ago

For the US, I'm referring to federal laws or more laws in more states.

As for other countries, the EU just delayed the vote for "Chat Control" as recently as yesterday!

ChocolateGod

3 months ago

A lot of the groups pushing these laws actually have good motives (e.g. child abuse charities) but it's clear the current law and implementations are not the solution.

rwmj

3 months ago

3 replies

So I think this law is stupid. But it's also popular, for the reason "something should be done, this is something, so this should be done". I doubt that exceptions are going to be made until the effects are felt strongly by everyone. Geoblocking a .cz site used by a tiny number of developers is not having any effect.

o11c

3 months ago

4 replies

And as always, the answer to "something should be done, but not this" is "then suggest something else that actually addresses the problem".

The internet is full of dishonest "we've tried nothing and we're all out of ideas."

chris_wot

3 months ago

1 reply

“Something should be done, so let’s do something stupid and harmful, and all you critics have nothing to add so our stupid thing that causes harm is what you must accept”.

That’s some incredible logic.

o11c

3 months ago

1 reply

I never once said we had to settle for this solution. I absolutely said that there is a real problem, and the people in the best position to make a real solution have absolutely no desire to do anything about it.

Remember that previous status quo was "I'd rather make money off of child abuse, because nobody is stopping us". This is the end result of self-regulation, so show me something better.

chris_wot

3 months ago

Yes, but implicit in your statement was that the awful solution should be implemented if you don’t have a better solution.

I don’t have a better solution. But I don’t need to accept a detrimental “solution” needs to be implemented. Nor am I obligated to find the better solution.

saghm

3 months ago

It's not logically inconsistent for someone to think that one proposal is worse than the status quo without having an alternative that's better than the status quo. Maybe the reason that nothing has been done yet is because every "solution" that's been proposed including this one, are worse than the problem it's supposed to solve.

The internet is also full of bad takes like "the ends justify the means" and "the solution to this problem is obvious and no one has done it because they're evil/stupid/lazy".

debugnik

3 months ago

> then suggest something else that actually addresses the problem

As opposed to the original suggestion that doesn't actually address the problem? How is proposing that in the first place more honest than calling it out?

andrewaylett

3 months ago

If this is the best we can do, we shouldn't have done anything.

I like an idea I first saw in Debian's general resolution process: all votes have a "further discussion" option, and often a "retain the status quo" option, and the voting system lets people use them effectively.

In the UK parliament (as in many contexts) a vote against something could mean that the person doesn't think there's a problem to be fixed, or it could mean that they don't think this is the right fix -- and that could be because it's too extreme or because it's not extreme enough. That's supposed to be addressed by the committee stages, or by amendments, but it's really hard to divine actual preference from a series of yes/no votes.

hnlmorg

3 months ago

1 reply

Is it popular? I’m a parent and none of my parent friends like it.

I suspect this law isn’t popular. Just the messaging of doing nothing is more unpopular. So it gets spun as this is popular.

https://youtu.be/ahgjEjJkZks?si=mGE0k5QT3aXycHtU

daveoc64

3 months ago

2 replies

Polling has shown it is quite popular:

https://yougov.co.uk/technology/articles/52693-how-have-brit...

hnlmorg

3 months ago

Polling for the question “websites that may contain pornographic material”

Which is my point. The OSA isn’t popular as a broad piece of legislation, but the “think of the children” aspect that something needs to be done to restrict access to pornography is popular.

Watch the YouTube link I sent to better understand my point.

Personally, I think even the pornography aspect is stupid. If the government couldn’t stop me accessing porn when I was a kid back before the web was invented, then they’re shit out of luck stopping kids these days. The problem isn’t the law, the problem is parents want a way to diminish their own responsibility. It’s the same tired bullshit we see time and time again of blaming everyone else rather than making ourselves accountable.

themafia

3 months ago

When you phrase the question in such a way where people presume it will only target pornographic sites.

If you asked them would they support the law if it happens to accidentally block useful sites that have ZERO pornography on them, I'm very sure, the results would be very different.

exasperaited

3 months ago

Except the UK didn't geoblock anything. This is just someone virtue-signalling about internet freedom from a country that has its own problems it should be addressing.

mongol

3 months ago

4 replies

What is repo.or.cz? It sounds like the domain name is saying something but I don't understand.

AceJohnny2

3 months ago

It's one of the older Git hosts, predating Github.

tasn

3 months ago

Maybe Orcs?

0x457

3 months ago

It is a super simple git repo hosting/mirror based in EU. https://repo.or.cz

netsharc

3 months ago

Probably someone preferred the 3-level domain system (like UK's .co.uk, .gov.uk, e.g. bbc.co.uk) in .cz, and made .or.cz. This is probably before the time people thought "Oh we can make the domains be words, like 'del.icio.us', that'd be cute!"...

rwmj

3 months ago

5 replies

I think the headline should more accurately be that repo.or.cz has a UK geo-block. I'm unclear why it has one, since it's highly unlikely either that the site contains anything that is covered by the OSA, nor that even if it did, the people running the site should care.

__float

3 months ago

1 reply

It's a bit hard to find, but going to the service's Mastodon account eventually leads one to https://repo.or.cz/uk-blocked.html

RGBCubeAuthor

3 months ago

The linked GitHub isssue links to that page, too.

ruuda

3 months ago

2 replies

It says so at https://repo.or.cz/uk-blocked.html:

> UK's Online Safety Act 2023 would require us to do a prohibitively complicated risk assessment for our service. We're talking reading through thousands of pages of legal guidelines.

> We're a volunteer operation and would likely be held responsible as individuals. There is talk of fines up to 18 million GBP which would ruin any single one of us, should they get creative about how to actually enforce this.

> Our impression is that this law is deliberately vague, deliberately drastic in its enforcement provisions, and specifically aimed against websites of all sizes, including hobby projects. In other words, this seems to us to be largely indistinguishable from an attempt to basically break the internet for all UK citizens.

> If we could afford to just hope for the best, we'd love to.

The way I understand this is that it's not feasible for them to assess how the legislation impacts them, so they would rather stay safe than risk having their lives destroyed.

stuaxo

3 months ago

1 reply

Its such a ridiculous law and this outcome is entirely predictable, but bring this up with the proponents of it and they stick their head in the sand, to the point where I think they are perfectly happy with the UK not having a working Internet.

corobo

3 months ago

I think we might need a bit of pain if we're going to dislodge this silly thing.

For what it's worth I salute anyone blocking, whether through an excess of caution or just as a middle finger.

fsckboy

3 months ago

>which would ruin any single one of us, should they get creative about how to actually enforce this

actually, it would ruin all of them collectively should "they" get creative enforcing it.

bitdivision

3 months ago

It hosts user uploaded content I would guess, so presumably the OSA could apply to them.

TeeMassive

3 months ago

Censorship causes self-censorship born out of caution.

Would you pay their legal fees if they are sued? It's easy to say when you don't have your future on the line.

subscribed

3 months ago

They specifically listed their reasons in the geoblock message. As a someone impacted by this I applaud their decision. I also hope more high-profile cases like Wikipedia[1] will surface and expose the utter idiocy of the deliberately vague language of the language and the "guidance".

[1] https://wikimediafoundation.org/news/2025/09/12/wikimedia-fo...

rich66man

3 months ago

1 reply

Similar stuff happens often with Russian IP addresses, you just gotta deal with it I guess

WesolyKubeczek

3 months ago

3 replies

One reason is DDoS attacks come overwhelmingly from those IPs. Plug them in your firewall, and it’s calm all of a sudden.

stek29

3 months ago

https://krebsonsecurity.com/2025/10/ddos-botnet-aisuru-blank...

betaby

3 months ago

https://blog.cloudflare.com/ddos-threat-report-for-2024-q4/

viraptor

3 months ago

It doesn't matter what you do at the firewall level. It's too late. If anyone wants to volume DDoS you, they'll send traffic regardless just to overload your connection.

mindslight

3 months ago

1 reply

Is this supposed to be a big deal? I use NixOS as a source distribution (nix.settings.substituters = lib.mkForce [ ]) and I get failures when fetching sources pretty regularly. Sometimes the URLs are missing, sometimes the hashes have changed. My usual fix is to fetch the source from cache.nixos.org with nix copy.

I'd say the right answer is to move/add a content addressed model/system for obtaining sources.

charcircuit

3 months ago

1 reply

>I'd say the right answer is to move/add a content addressed model/system for obtaining sources.

Isn't that almost what the nix file already is while being legal. Having a cache of all build files is not legal to do.

baobun

3 months ago

Not really. Content-addressed implies that if the content changes, so does its address, such that returning a different result for the same address is a hard protocol violation.

Having a content hash as (part of) the address is common way to this.

IPFS multihash is a well-known example. As opposed to HTTP.

andrewchambers

3 months ago

2 replies

Was playing around with the idea of p2p source hosting in package trees like nix and did a little weekend package prototype here of my own here:

https://github.com/magnet-linux/magnet-linux

Not really ready for prime time, but I think I have some interesting ideas there at least.

TeeMassive

3 months ago

You should focus on the p2p part of code and object distribution. While nix is not perfect, people are not going to learn and adopt yet another package manager.

A distributed git object cache is what is really needed at the moment.

RGBCubeAuthor

3 months ago

I'm actually working on my own OS agnostic package collection + system management software, and I've found https://radicle.xyz great for this. All repos depended on by the official package collection t will be on the radicle network.

RGBCubeAuthor

3 months ago

This won't affect most users as they will be using the cache.nixos.org substituter and haven't modified any package that pulls repo.or.cz repositories, but it's still amusing.

15 more comments available on Hacker News

View full discussion on Hacker News

ID: 45540011Type: storyLast synced: 11/20/2025, 3:44:06 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN