Slashdot Mirror

← Back to Stories (view on slashdot.org)

Github Under JS-Based "Greatfire" DDoS Attack, Allegedly From Chinese Government

Posted by Soulskill on from the year-of-the-ddos dept.

An anonymous reader writes: During the past two days, popular code hosting site GitHub has been under a DDoS attack, which has led to intermittent service interruptions. As blogger Anthr@X reports from traceroute lists, the attack originated from MITM-modified JavaScript files for the Chinese company Baidu's user tracking code, changing the unencrypted content as it passed through the great firewall of China to request the URLs github.com/greatfire/ and github.com/cn-nytimes/. The Chinese government's dislike of widespread VPN usage may have caused it to arrange the attack, where only people accessing Baidu's services from outside the firewall would contribute to the DDoS. This wouldn't have been the first time China arranged this kind of "protest."

116 comments

  1. Centralized on GitHub! LOL! by Anonymous Coward · · Score: 0, Insightful

    It's hilarious how so many git aficionados go on and on about how git is decentralized, and how this is the greatest thing ever. Then they all end up centalizing on GitHub. When GitHub is inaccessible for some reason, they start screaming about how they can't get any work done.

    1. Re: Centralized on GitHub! LOL! by Anonymous Coward · · Score: 2

      You can't compensate your evident lack of technical understanding with being condescending. Those are two different contexts for the word 'decentralized' that you are mixing up.

    2. Re:Centralized on GitHub! LOL! by Anonymous Coward · · Score: 0

      Back in my day nerds were at least curious enough about a technology to read an overview. Or maybe this is trolling. Either way I'm too old for this shit.

    3. Re: Centralized on GitHub! LOL! by Anonymous Coward · · Score: 1, Insightful

      The modding here is atrocious.

      The GP is right, and you are wrong.

      There is only one form of decentralization involved here.

      Even if git users have their own copies of a repo, it is not trivial to share changes among more than a couple of users, especially if they are on distinct networks with firewalls and other hindrances.

      That is why GitHub is used.

      GitHub negates the decentralization of git in order to make it practical for real world use.

      GitHub being down may not be a problem for your rinky-dink one-man JavaScript library project that nobody uses.

      But for real projects with distributed teams consisting of numerous people the decentralization of git is a big problem.

      GitHub is the only practical solution to the problems of decentralization.

      When GitHub is down, the entire team suffers from an inability to work.

      If they resort to pushing and pulling from one another's repos, then they will waste more time doing that then they will actually doing real work!

      Some teams will just set up a temporary git repo when GitHub is down.

      But that is still an example of them centralizing, because decentralized version control is an impractical idea.

      Git only works well in the real world when it is centralized.

      GitHub and its popularity and necessity prove this to be true.

    4. Re: Centralized on GitHub! LOL! by Anonymous Coward · · Score: 1

      But for real projects with distributed teams consisting of numerous people the decentralization of git is a big problem.

      Not really. Any real project with a reasonably sized team will have their own servers.

    5. Re: Centralized on GitHub! LOL! by Grishnakh · · Score: 5, Insightful

      You really don't understand what decentralized version control is, do you?

      The whole point isn't to avoid any centralization at all, it's that you're not utterly reliant on it. It's somewhat similar to the argument between a big server and thin clients (where nearly all computation is on the server) and "thick clients" (PCs) and less-capable servers (for sharing files, etc.). With a big server, if that server goes down or the connection to it goes down, you're screwed, and can't do anything. With today's more common thick-client paradigm, if your office file server goes down, you can't easily share files with your coworkers and other things are inaccessible, but you can still get some work done using whatever local copies you have.

      This is what DVCS is all about. With Git, you have a full copy of the repo just by virtue of having "checked out" a copy. You can still get some work done without access to the central server, whether it's down or your WiFi connection is down or your VPN is down. You can't do everything obviously, nor will you ever be able to, but that's not the point. And, in a worst-case scenario, if the central server just disappears one day without accessible backups, everyone with a copy checked out has the full repository, so it's possible to rebuild easily.

    6. Re: Centralized on GitHub! LOL! by abies · · Score: 1

      You can still get some work done without access to the central server, whether it's down or your WiFi connection is down or your VPN is down.

      Same is true for subversion. In both cases you can develop and test your code and review your changes against what was last seen original copy. All the rest (preparing commits early so you can push them faster when connectivity is restored) is just a detail.

      Github changes git into centralized subversion-like system, just with a lot better branching/merging mechanism (which is a HUGE difference, don't get me wrong) - but if it is down, your cooperation workflow is going to suffer badly.

    7. Re: Centralized on GitHub! LOL! by Anonymous Coward · · Score: 1

      It does not matter who hosts and manages the centralized server(s).

      Maybe it is GitHub.

      Maybe it is the development team itself.

      The important point is that it is centralized.

      Centralization is the only way to make git useful for projects with more than one developer.

    8. Re: Centralized on GitHub! LOL! by TemporalBeing · · Score: 1

      The modding here is atrocious.

      The GP is right, and you are wrong.

      There is only one form of decentralization involved here.

      Even if git users have their own copies of a repo, it is not trivial to share changes among more than a couple of users, especially if they are on distinct networks with firewalls and other hindrances.

      That is why GitHub is used.

      All true.

      GitHub negates the decentralization of git in order to make it practical for real world use.

      GitHub being down may not be a problem for your rinky-dink one-man JavaScript library project that nobody uses.

      But for real projects with distributed teams consisting of numerous people the decentralization of git is a big problem.

      GitHub is the only practical solution to the problems of decentralization.

      This can actually be mitigated by several different means:

      • 1. Using multiple Git services - e.g Git Hub AND Gitorious or Public GitHub and Git Hub for Enterprises if you use private repositories
      • 2. Using your own servers as well - e.g. Qt has gitorious but also their own servers

      It's just a matter of deciding where the "master" copy resides and keeping them all (hopefully automatically) in sync.

      Now, this can be managed with tools like Subversion too, using replication, but it's no where near as nicely done as it is in git.

      However, if you don't take the time to do the replication between several services then yes, you are risking this kind of situation.
      Or, you could take advantage of this kind of replication by using the DVCS nature of git to your advantage.

      --
      Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
    9. Re: Centralized on GitHub! LOL! by Count+Fenring · · Score: 1

      There's a world of difference between having an agreed-upon repository of record, and having a centralized system. A big part of the difference is that setting up a pro-tem repository of record can be done trivially from any up-to-date repository.

      GitHub is convenient. It's not necessary.

    10. Re: Centralized on GitHub! LOL! by friedmud · · Score: 1

      Same is true for subversion. In both cases you can develop and test your code and review your changes against what was last seen original copy

      Subversion has gotten better recently... but in the past nearly every command required a round-trip to the central server. Like I say, that has recently changed for a few (like 'svn stat') but there are still MANY that require a live link to the central server.

      Contrast this with Git where the _only_ time you need to access a server is for sharing.

      When GitHub is down it only takes one command to push your whole repo to BitBucket so you can keep working with peers. Sure, you don't have access to any *data* (wiki, issues, etc) that you had on GitHub... but the most important thing (the code) is VERY mobile.

    11. Re: Centralized on GitHub! LOL! by Grishnakh · · Score: 1

      It does seem like it'd be really nice if we had some easy way of replicating wikis and bugtrackers, so we could move those around as needed, like we do with Git.

    12. Re: Centralized on GitHub! LOL! by Anonymous Coward · · Score: 0

      GitHub is the only practical solution to the problems of decentralization.

      Pretty sure the entire linux kernel development community would disagree with you.

    13. Re: Centralized on GitHub! LOL! by friedmud · · Score: 1

      Well... on GitHub the wiki _is_ actually stored in a Git repo... and all of the pages are simply Markdown. They are VERY easy to move to many other systems (or even to view locally).

      GitHub even publishes an open source version of its wiki renderer to make it even easier: https://github.com/gollum/goll...

      NOW: The bugtracker stuff is a little more difficult. You can use the GitHub API to pull out all of the info easily enough and store it locally... but you have to do some sort of transformation to get it into a new format if you're trying to move to a different service.

      Personally, I've done this the other way around. We went from using Trac on our own servers to using GitHub. I wrote scripts to take all of our Tickets from Trac and upload them to GitHub as Issues using the GitHub API. It was a pain but not impossible....

    14. Re: Centralized on GitHub! LOL! by Grishnakh · · Score: 1

      Same is true for subversion. In both cases you can develop and test your code and review your changes against what was last seen original copy.

      It's admittedly been a while since I last used SVN, but it was not at all like Git; it was entirely centralized and required server access to do almost anything. Not every developer has a full copy of the repo, as they do with Git. It was pretty slow when I used it too (though nothing like ClearCase).

      With Git, you can check in changes, create branches, etc. all you want without needing any network access at all. You only need network access and server access when you want to share those changes with others. This just isn't possible in a centralized version control system.

      Github changes git into centralized subversion-like system

      No, it doesn't. It facilitates sharing between developers, and that's all. This is not like a centralized VCS, where you need server access to actually do version-control.

      but if it is down, your cooperation workflow is going to suffer badly.

      No, not really. The whole point to the GitHub (or similar) server is to provide a single point to facilitate sharing. Without it, you'll need to do pushes and pulls directly between developers' machines, which obviously is inefficient, but is doable. However, it's also trivial to switch to a new central server at any time: just stop using the old one, clone the latest version of the repo (which whoever last pushed to GitHub would have) to the new server, have everyone point to the new server, and you're done. That's something you can't easily do with a centralized VCS.

    15. Re: Centralized on GitHub! LOL! by Anonymous Coward · · Score: 0

      There is bugs everywhere: http://www.bugseverywhere.org/

      It's a neat idea but I don't think it's gained much traction.

    16. Re: Centralized on GitHub! LOL! by Anonymous Coward · · Score: 1

      Actually you can also distribute the central servers of git.
      I personally have some projects located on two servers and some on three.
      You can push and pull changes on multiple servers and let git figure out the mess.

    17. Re: Centralized on GitHub! LOL! by Wootery · · Score: 3, Informative

      With Git, you have a full copy of the repo just by virtue of having "checked out" a copy.

      Quick nitpick: that would be a clone, not a checkout.

      For the non-git-users among us:

      git clone: copy that repository to my local file-system. (All branches are copied across. This is normally over ssh or https.)

      git checkout: give me the specified branch. (Doesn't require use of the network.)

      git fetch: update the local store of the repository to reflect the current state of the repository on the server.

    18. Re:Centralized on GitHub! LOL! by Daniel+Hoffmann · · Score: 1

      As opposed to what? Subversion would be completely unusable in this situation, at least git users can push and pull from each other peer to peer, which you would only do if you REALLY need it, because it is kinda of a pain in the ass compared to push/pulling to origin. Plus you CAN carry on your own work keeping a normal commit history as long as you don't want to share it with anyone until the servers come back online.

      Really, it is "the greatest thing ever (for source control)".

    19. Re: Centralized on GitHub! LOL! by Anonymous Coward · · Score: 0

      You're not even close to being right. If github went away all the git users would just point to a new server and push their repos there. Not even a heartbeat.

    20. Re: Centralized on GitHub! LOL! by Atzanteol · · Score: 2

      # git remote add newupstream git://new.server/my-project
      # git push master newupstream

      Aaaaand, done.

      You're not going to do that with Subversion anytime soon. Sorry - I like SVN. But to claim that having a central repository is anything like *requiring* a central repository is just missing the point.

      --
      "Ignorance more frequently begets confidence than does knowledge"

      - Charles Darwin
    21. Re: Centralized on GitHub! LOL! by Atzanteol · · Score: 1

      GitHub negates the decentralization of git in order to make it practical for real world use.

      Negates? No - it just provides a single location through with to share code. You're confusing "using a central repository" with "requiring a central repository." It is just above trivial for any git project to switch to a new "central" server through with to share code.

      --
      "Ignorance more frequently begets confidence than does knowledge"

      - Charles Darwin
    22. Re: Centralized on GitHub! LOL! by Anonymous Coward · · Score: 0

      It's not the same. You can't check-in anything into subversion when you can't access the svn server. Nor can you browse the change history. You can't rollback changes. You can't create a new branch. If the main server dies with no backups, you lose your entire history. Sure you have the LATEST version, but in many cases prior versions are just as important.

      With git, I can commit my changes (with comments), rollback my changes (not revert... rollback multiple commits), browse the history of each file, etc etc. When connectivity is restored, just push and then the main server is updated with all your changes (all new commits, comments, etc). Unless I need changes from someone else to do my work for the day, there is no reason to ever connect to the main server with git.

      With git, I can get assigned a new branch that may take a week or two complete, grab my laptop and sit on the beach while I code away for a week, committing daily or feature complete changes in as they happen, and when I'm done, head back to the office and push it all to the main server.

    23. Re: Centralized on GitHub! LOL! by farble1670 · · Score: 1

      With Git, you have a full copy of the repo just by virtue of having "checked out" a copy. You can still get some work done without access to the central server

      sure, as long as you aren't collaborating on anything, or if you are, you have a mirror. my guess is that most github users don't create mirrors.

    24. Re: Centralized on GitHub! LOL! by farble1670 · · Score: 1

      GitHub is the only practical solution to the problems of decentralization.

      did you mean git? or github? you don't need github to setup a git remote.

    25. Re: Centralized on GitHub! LOL! by lilrobbie · · Score: 1

      Same is true for subversion. In both cases you can develop and test your code and review your changes against what was last seen original copy. All the rest (preparing commits early so you can push them faster when connectivity is restored) is just a detail.

      Depends on how you use commits and what you think they are for. As they say, the devil is in the detail... in this case, the area you've marked out probably contains enough room for the entirety of hell ;-)

      The key advantage of git is that if the central server goes down, I can spin up a complete copy (using git itself, emails, or an existing open source git server) and restore a large portion of collaboration. Subversion can't do that.

    26. Re: Centralized on GitHub! LOL! by Aighearach · · Score: 1

      When the big changeover from SVN being the #1 VCS to git taking the crown happened, SVN did not have those features. You couldn't check in changes without talking to the server. If the server was down, you'd have to wait and check in all your changes at once. That was one of the big features of git that had people excited; they could still do local checkins. The only thing they were missing when the server was down was sharing the code and handling any conflicting changes. But actually checking the changes in doesn't get messed up.

      Sure, after "everybody" switched, then SVN finally added the needed parts of de-centralization. I actually enjoyed using svn more than git, but I sure don't regret switching. If nobody had switched, we'd still be without modern features...

    27. Re: Centralized on GitHub! LOL! by Anonymous Coward · · Score: 0

      Also it is extremely easy to have multiple remotes. We use github as the origin, but also keep a spare server as local-origin that automatically fetches updates from origin daily. If github ever goes down, you just pull from local-origin instead, and check out to that. Whenever github is back up, just push to origin. It even works if the internet is out :)

    28. Re: Centralized on GitHub! LOL! by Anonymous Coward · · Score: 0

      "Creating a mirror" is trivial. It takes all of two commands (after the few set-up-an-account-and-initialize-a-repo clicks on Assembla, Beanstalk, Bitbucket, CloudForge, GitLab, or any of a whole bunch of other hosts, or renting a $5 VPS and setting up an SSH login), and there's your mirror, because Git, unlike a certain other stupid VCS, keeps full history on every clone.

  2. Ancient Chinese wisdom by benjfowler · · Score: 5, Insightful

    For the purported great and ancient wisdom of 5000-year-old Chinese civilization, they have pretty lousy leaders.

    The West has leaders with minds like children too, but at least we can laugh at them, and eventually get rid of them. Must suck to be Chinese with these idiots in charge...

    1. Re:Ancient Chinese wisdom by dave420 · · Score: 4, Funny

      Can't you figure out how to use chopsticks? Poor baby.

    2. Re:Ancient Chinese wisdom by gstoddart · · Score: 2

      Gunpowder. Navigation. Paper. Writing. Printing. Silk. The compass. Noodles.

      In fact, a staggering list.

      And you being incompetent enough to not be able to eat with them means that China didn't achieve much?

      Get a life.

      What the hell have you invented?

      --
      Lost at C:>. Found at C.
    3. Re:Ancient Chinese wisdom by Anonymous Coward · · Score: 2

      They archived a lot, then stagnated. Same for the Middle East.

    4. Re: Ancient Chinese wisdom by Anonymous Coward · · Score: 0

      Y'all mod up racism for being racist? Good job, Slashdot.

    5. Re:Ancient Chinese wisdom by blueg3 · · Score: 2

      Writing.

      I had no idea Mesopotamia was part of China.

    6. Re:Ancient Chinese wisdom by fhage · · Score: 0

      Mods, please smack parents for racist troll.

    7. Re:Ancient Chinese wisdom by jeffmeden · · Score: 0

      Any civilisation that in 5000 years never managed to invent the fork and carried on using 2 sticks to eat with isn't that great.

      Any civilisation that after 5000 years still makes food so hard to eat that it needs to be poked, chopped, ripped, etc AFTER the chef is done, isn't that great. Chopsticks are not a symptom of lack of refinement, the food that passes as "prepared" in western cultures is.

      /flame on

    8. Re:Ancient Chinese wisdom by Dasher42 · · Score: 1

      Any civilisation that in 5000 years never managed to invent the fork and carried on using 2 sticks to eat with isn't that great.

      Really? You're sure that they just couldn't figure a fork out?

      Here's the story of chopsticks. Having potential weapons at the dinner table became a real problem in times of tension, and it became a violent, rude spectacle to stab or slice your food at dinner with others - think state functions or otherwise. It implies what you might be thinking to do to others present. Hence, leave the knives in the kitchen with the cooks. Hence, you don't use those stabby forks. Spoons and chopsticks become the social acceptable ways to eat.

      Not that everyone learns from the past however old their civilization is, but China's cultural roots are extremely sensible. Save your slurs for the stupid officials who are acting authoritarian in childish ways. They're not good examples of any culture.

    9. Re:Ancient Chinese wisdom by benjfowler · · Score: 2

      I think we all have a lot to learn from each other. Elements of Confucianism have a lot going for them, e.g. filial piety and respect for elders.

      But like all cultures, there will be assclowns who will selectively appropriate ideas for their own ends, e.g. the CCP notion of 'state as family', which inevitably leads to 'father knows best, you'll do what you're told' -- and naturally, conveniently ignore the fact filial piety also involves a duty to tell it like it is when your "betters" are screwing up.

      One element of Western culture I do think the world can learn from, is the deep understanding that power can be, and usually gets abused -- learnt from centuries of war, conflict and change in the West. Democracy doesn't so much come from the notion that "letting the people decide" (which, if you understand just how fucking stupid and easily influenced the average person actually is, is a REALLY bad idea), but rather, "if there are going to be revolutions, make them smooth and orderly". Thus, we have the Western model of representative democracy, which at its essence, is about smoothly getting rid of bad leaders. This is a piece of "ancient Western wisdom" that the Chinese will eventually learn the hard way.

    10. Re:Ancient Chinese wisdom by Anonymous Coward · · Score: 0

      At least the koreans figured out that picking up the bowl & shoveling rice into your mouth while slurping wasn't pretty and started using a spoon.

    11. Re:Ancient Chinese wisdom by sgt_doom · · Score: 1

      So you prefer chopsticks to more advanced tools? You a former IBM'er, per chance?

    12. Re:Ancient Chinese wisdom by BronsCon · · Score: 1

      No. If they decide to leave, they've clearly decided not to be trash. For the record, before anyone points out that I forgot to check the "Post Anonymously" box, no, I didn't, I'm not the AC who posted the "all Chinese are trash" remark, nor do I necessarily agree with it; but if we make the assumption that he is correct and everyone in China is trash, then it stands to reason that anyone who leaves China is not. Just following the logic, not saying it's correct.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    13. Re:Ancient Chinese wisdom by Anonymous Coward · · Score: 0

      Navigation

      You're using this word, and I don't think it means what you think it does.

    14. Re:Ancient Chinese wisdom by BitZtream · · Score: 1

      Or ... More likely, the story is complete bullshit.

      China would really sanction such a petty operation against github ... WHY?

      GitHub is suddenly target because of what?

      It makes no sense for the Chinese to use their own primary connectivity to the rest of the world to run a half assed DDoS against a company that almost no one outside the OSS world even knows exists.

      And if they wanted to do it, they'd take github down and be done with it. China has WAY more bandwidth than github, even taking AWS into account.

      The whole story is wildly unbelievable to anyone who stops and thinks about it rather running life a half cocked nut job like appearently slashdot has devolved to. If you believe this story, you really need to come back to reality

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    15. Re:Ancient Chinese wisdom by Anonymous Coward · · Score: 0

      Would you also inefficiently pitch hay using chopsticks too? Forks are better at both (pitchfork variant still being a form of a fork to make the point here). It's a more useful efficient tool and for more purposes. The poster you replied to has a strong point and it's obvious you're just being a wiseass troll. Is your life so miserable that all you can do is give others grief to attempt to drag them down to your low level, misery loves company and what have you? You're projecting that your life state is that in your actions.

    16. Re: Ancient Chinese wisdom by Anonymous Coward · · Score: 0

      Someone needs to learn what racism means.

      Hint: first, look up the definition of race.

    17. Re:Ancient Chinese wisdom by Anonymous Coward · · Score: 0

      Someone needs to learn what racism means.

      First step: look up the definition of race.

    18. Re:Ancient Chinese wisdom by Viol8 · · Score: 1

      It was a tongue in cheek comment. Obviously you and the pre-school moderators were too fucking stupid to see that.

    19. Re:Ancient Chinese wisdom by Anonymous Coward · · Score: 0

      How cute that you think the west can get rid of the leaders easier than China can. I bet you think there is actually democracy too. Cute as hell.

    20. Re:Ancient Chinese wisdom by Viol8 · · Score: 1

      You need your food mashed up like a baby or something?

    21. Re:Ancient Chinese wisdom by Anonymous Coward · · Score: 0

      Well, it could be petty management squabbles. Those exist in any sufficiently large bureaucratic structure (and I'd say the Chinese government definitely qualifies...).

  3. can't we all just get along... to block China? by swschrad · · Score: 3, Insightful

    knock them off the web for 12 hours, open it up... if they continue, block 'em again...

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
  4. Socialism by Anonymous Coward · · Score: 1

    This is where socialism leads: Authoritarianism.

    1. Re:Socialism by Anonymous Coward · · Score: 0, Insightful

      You're thinking of what letting the self-described "Conservatives," who are really right-wing religious authoritarians, have power outside their cult results in.

    2. Re:Socialism by benjfowler · · Score: 1

      Are you seriously calling China "socialist"? They are socialist in name only.

      The most "socialism" anybody in my family experienced, FWIW, was the cradle-to-grave welfare under Francisco Franco. So it's impossible to generalize.

    3. Re:Socialism by blueg3 · · Score: 3, Funny

      Well, the acronym for Socialist In Name Only is "sino".

    4. Re:Socialism by halivar · · Score: 2

      See, that's a serious image problem right there. Since absolutely no self-described socialist or communist government in the world is considered "true" socialism or communism by those philosophy's respective defenders (who then go on to praise "socialist" European nations that are, in fact, simply capitalism plus robust welfare), it leads the rest of us to believe that those philosophies are simply impossible to implement in reality.

    5. Re:Socialism by Anonymous Coward · · Score: 0

      Moderate socialism is not communism, regulated "buffered" capitalism is not libertarianism. The best current systems do not try for an ideologically "pure" economic system. The current balance seems to be between (to give a ballpark figure) 20-40% "socialist" provision, anything in that region functions and produces a working modern nation, assuming you do not have other fundamental failures.

      Communist governments try to persuade their own people that dictatorial total socialism is the only "real" socialism, because the absolute form is convenient to them but bad for the country. If you give a choice between the two absolutes you can cover up the fact that your absolute is bad by persuading people that the other is worse. eg without the communist governments socialist provisions for welfare the old and sick would starve, and the capitalist industries would poison us all, so we must be good. This is the same trick a lot of corporate lobbyists use in the other direction, deregulation (of our industry) is better because it is capitalist which is good, all regulation is socialism like communism and therefore bad.

    6. Re:Socialism by HiThere · · Score: 1

      While you are correct, I defy you to come up with an example of a form of government (that has been in use) that doesn't/didn't lead to authoritarianism.

      In the US it took less than 10 years (see "The Whiskey Rebellion"). The only thing that slowed down the process was the existence of an "open border" along the west. Closed borders foster authroitarianism, whatever the form of government.

      Actually, I believe that there ARE forms of government that don't necessarily drift towards authoritarianism, but they would all have the characteristic that desiring power didn't increase your chance of getting it.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    7. Re:Socialism by Anonymous Coward · · Score: 0

      No. Authoritarianism is a prerequisit of Socialism. Socialism leads to Totalitarianism.

  5. Too bad the US is so legalistic by MikeRT · · Score: 3, Interesting

    If our country weren't run by lawyers, we'd do what Russia and China do which is allow victims like GitHub to retaliate. Would be hilarious if GitHub contracted a few black hats to penetrate China's academic/military networks and give them a taste of the Wikileaks treatment.

    1. Re:Too bad the US is so legalistic by Anonymous Coward · · Score: 0

      Retaliate against who ?
      Pretty damn easy to set someone else up to look like the bad guy to a hot headed asshole who just wants revenge.

    2. Re:Too bad the US is so legalistic by dave420 · · Score: 1

      That would be pretty fucked up if the military and academic networks had nothing to do with it. I guess that's why international diplomacy is usually steered away from vigilantism, and those nations who engage in vigilantism are treated with a certain level of disdain...

    3. Re:Too bad the US is so legalistic by Anonymous Coward · · Score: 0

      So, you're saying all nations are treated with a certain level of disdain?

      What countries say publicly is their policy is not their policy in secret.

  6. Three Options by Anonymous Coward · · Score: 0

    If it's really as simple as China doing this, then either:

    1) The US government is truly incapable of using diplomatic or technological pressure to stop foreign countries from disrupting US industry via the internet.
    2) The US government wants to make it seem like they are helpless for reason X.

    At this point I hope it's reason X and that reason X is a good reason, but that's probably naive.

    1. Re:Three Options by benjfowler · · Score: 1

      Maybe the strategy is to publicly expose what the Chinese government goon squad are doing. Then quietly pull them aside, and tell them that they're losing face.

    2. Re:Three Options by HBI · · Score: 1, Flamebait

      Or:

      3) Current leadership is incompetent and lacks the will to do something about it.

      I vote 3.

      --
      HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
    3. Re:Three Options by Anonymous Coward · · Score: 0

      Reason X is invariably:

      create fear to justify plan to invade / destabilize Y so Z gets greater profits

  7. Github is scary for critical code by Anonymous Coward · · Score: 2, Interesting

    I have a coworker who advocates GitHub as the solution to all of our needs. He wants us to store all of our production code there. I asked him if he had a plan for backing up the GitHub repo, and his answer was along the lines of, 'someone will have the latest version on their PC, so we don't need a backup.' I asked him how we would work in times of limited GitHub availabilty. What if it goes down? What if it gets hit with DDOS? 'Oh, they're a big company, that won't happen.'

    I have no fundamental problem with GitHub. But if a software shop uses it as their sole repo for mission-critical code, I think they're crazy.

    1. Re:Github is scary for critical code by wisnoskij · · Score: 4, Insightful

      Well considering that apparently f***en CHINA is DDOSing them and they are only experiencing intermittent downtime that is pretty impressive to me. More of reason to switch than a warning against it.

      Still, no backups, no alternative plan, your coworker is an idiot.

      --
      Troll is not a replacement for I disagree.
    2. Re:Github is scary for critical code by zerosomething · · Score: 1, Interesting

      Run your own GitHub or Git repo. Why in the world would your rely on an outside company to store your production code? It verges on incompetence to do so.

      --
      It all starts at 0
    3. Re:Github is scary for critical code by Anonymous Coward · · Score: 0

      Well, the way Git works, every user *will* have their own local repo, so if something does go down, you've at least got backups of the current version. And if (when?) GitHub goes down, that's not entirely unavoidable; it could happen to anyone. You can easily just create a new repo (either on your own server or through some other service such as Sourceforge) and continue where you left off.

    4. Re:Github is scary for critical code by Anonymous Coward · · Score: 0

      > backing up the GitHub repo
      > What if it goes down?

      It took me about 60 seconds with google to find answers to your questions.

      And here's the thing - I knew those answers would be there. Not because I know anything about github, I know jack-shit, but because there is no way that despite being around for seven years with more than 200 employees, nobody at github had ever thought out about those issues. Your complaints simply did not pass the laugh test.

    5. Re:Github is scary for critical code by dave420 · · Score: 5, Insightful

      You put your local github repo on some server, and then have it push its updates to Github. Should anything happen to that server, you can use Github to get a copy. The chances of Github and your local server losing your data is clearly much lower than either on its own, hence it making sense. Or just hate on Github because you are scared and don't understand stuff. Whatever's easier.

    6. Re:Github is scary for critical code by Fwipp · · Score: 2

      If you're that paranoid about an outage for an hour or two; mirror it on bitbucket, gitorious, gitlab, amazon S3, a local server, etc, etc, etc.

      It's trivial to do these sorts of mirrors, precisely because git's a DVCS.

    7. Re:Github is scary for critical code by abies · · Score: 2

      Technically, it is not China itself which is DDOSing them, but all the people from _outside_ of china which are accessing Baidu servers in China. Basically some part of chinese disapora is DDOSing github. Which is considerably smaller number of people than 'China'.
      Plus, it is happening just on browser refresh, not as dedicated trojan running heavy DOS attack from each PC.

    8. Re:Github is scary for critical code by fhage · · Score: 3, Insightful
      This is a good example of people having a fundamental lack of knowledge about Git and GitHub.

      You heard; "We don't need a backup because GitHub is so awesome". That does sound scary.

      However, the whole point of Git is everyone who cares about the project has the complete repository, usually with multiple backups, and works "off-line" as normal practice.

      Github is just an awesome and easy place to share a copy of the repository. It's trivial to set up another shared repository or just share directly with those involved in the development.

    9. Re:Github is scary for critical code by Anonymous Coward · · Score: 0

      Or just host yourself and backup off site. Why rely on github at all? If someone wants to create a fork of your project let them download a zip with the source in it.

    10. Re:Github is scary for critical code by friedmud · · Score: 2

      If GitHub is down just:

      git remote add bitbucket git@bitbucket.org:company/project.git
      git push bitbucket

      And then keep rolling.

      Replace Bitbucket with any number of alternatives.

      It simply doesn't matter if GitHub goes down. It has a convenient interface, for sure, but you can continue to work without it easily.

    11. Re:Github is scary for critical code by HiThere · · Score: 1

      Well, if your production code is open source, then storing your code on GitHub seems like a reasonable approach ... for backup.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    12. Re:Github is scary for critical code by phorm · · Score: 1

      And using GIThub for your prod code is stupid, unless you fully plan on sharing it with the world, including possibly any "fun" stuff that gets included by accident like private company info, passwords, internal IP-space, users, or security flaws...

    13. Re:Github is scary for critical code by DraconPern · · Score: 1

      I hope you don't work on any critical work.. lol

    14. Re:Github is scary for critical code by prs · · Score: 1

      Some other comments mention that you can just clone your git repositories and use that a backup, but that's not practical when you're using git workflow as a core part of running your development team.

      Relying on external services is never a good business move, so the a solution is to use GitHub Enterprise, which lets you run a private copy of the GitHub site on your own servers, with your own backup solution and security provisions.

      Maybe this is what your coworker is advocating.

    15. Re:Github is scary for critical code by Anonymous Coward · · Score: 0

      And using GIThub for your prod code is stupid, unless you fully plan on sharing it with the world, including possibly any "fun" stuff that gets included by accident like private company info, passwords, internal IP-space, users, or security flaws...

      Maybe that is what the GP's coworker intends? "I didn't share the proprietary information, someone else did, and they did it 'by accident'!"

    16. Re:Github is scary for critical code by rdnetto · · Score: 1

      The main advantage of Github, etc. isn't the hosting - you can use any SSH-capable server for that. It's in the issue tracking and other built-in features.
      That means it makes more sense to have your backup server pull updates from Github, since it can't provide that.

      Of course, an even better approach would be to use an alternative like Gitorious (now Gitlab?) that allows you to host it yourself, so you don't lose access to anything if your primary hosting goes down...

      --
      Most human behaviour can be explained in terms of identity.
  8. What IS "Greatfire" by Anonymous Coward · · Score: 0

    http://lmgtfy.com/?q=greatfire

    I don't think they're talking about the great fire in London in 1666.

  9. I love the alert they changed the page to by Anonymous Coward · · Score: 2, Funny

    To fight back they have changed those projects to be

    alert("WARNING: malicious javascript detected on this domain")

    So the user sees a message =)

    1. Re:I love the alert they changed the page to by blueg3 · · Score: 3, Insightful

      Not only do they see that message, but the alert pauses the loop that keeps loading the pages.

    2. Re:I love the alert they changed the page to by fhage · · Score: 1
      This was the whole point. Someone wanted to cause a disruption to users in China surfing via a VPN.

      I assumed they selected Github as the target because they wanted an effective response delivered to the originators of the original http request.

      They are constantly mapping accessible VPNs and developing countermeasures against them. I understand it's a constant game of whack-a-mole over there with access to VPNs outside the great firewall.

  10. Explain by Anonymous Coward · · Score: 0

    Maybe it would help if you guys explained WHY they might be doing this. What is "Greatfire" and "cn-nytimes" projects? Are they VPN projects?

    1. Re: Explain by Anonymous Coward · · Score: 1

      The greatfire guys always post something about ways to bypass the wall and changes in the wall's behavior.

  11. Naming ddos? by Anonymous Coward · · Score: 0

    Fucking kids these days.

    1. Re:Naming ddos? by Anonymous Coward · · Score: 0

      That's a crime. Don't do that.

  12. Fix is pretty obvious. by tlambert · · Score: 2

    Fix is pretty obvious.

    There are two URLs being hit.

    Step 1: Put a reverse proxy cache which serves static pages directly out of RAM from a kernel module in front of GitHuB. If there's nothing like this for Linux, there is for FreeBSD, and it's pretty trivial to set up.

    Step 2: At the first URL, serve pro Free Tibet information. At the second URL, serve pro Falun Gong information.

    Step 3: Wait for someone in China in charge of the attack to call it off in fear for their life from the government for serving this illegal in China content to everyone in China going to one of the affected web sites that has the javascript injected.

    Step 4: (optional) Laugh your ass off as they are sent to a reeducation camp.

    1. Re:Fix is pretty obvious. by Anonymous Coward · · Score: 1

      The content and attack is only served to people OUTSIDE of China accessing Baidu. People from inside of China aren't affected.

    2. Re:Fix is pretty obvious. by sgt_doom · · Score: 1

      Can't see those trees, can ya? The forest too much in the way for ya? China can do whatever they like, as long as the banksters continue to offshore all the jobs, all the technology and all the investment their way.

    3. Re:Fix is pretty obvious. by Anonymous Coward · · Score: 0

      Step 2: At the first URL, serve pro Free Tibet information. At the second URL, serve pro Falun Gong information.

      A Mac user, a BSD user and a vegan walk into a bar. How do I know? After 2 minutes *everybody* fucking knew.

    4. Re:Fix is pretty obvious. by tlambert · · Score: 1

      The content and attack is only served to people OUTSIDE of China accessing Baidu. People from inside of China aren't affected.

      China watches external visibility of Chinese sites. A Chinese site serving pro Tibet/Falun Gong info would get flagged very quickly, especially if the text is sensational and purports to be from a Baidu employe, since the press outside of China isn't going to check their sources very closely, any more than they check any of their sources very closely these days.

      So it will at least hit some, if not many, mainstream news channels, especially if it's couched as a "Help! I'm trapped in a Chinese fortune cookie factory!" style message. It depends on how good the story ends up being.

      This is a matter of using social engineering Judo against the Chinese attack on GitHub. Don't tell me that GitHub is not (also) used by grey and black hat hackers familiar with social engineering techniques.

      The point is to make them look bad for doing the attack, and for the attack itself to participate in making them look bad so that the way to remedy looking bad is to desist the attack.

  13. Conspiracy Theory #1 - It is Google by Anonymous Coward · · Score: 0

    Conspiracy Theory #1 - It is Google who did this. Google is a competitor of Baidu. Baidu is not only used in China. Who in their right mind would use Baidu at this point if they thought they would be part of the attack by doing so? If they don't use Baidu then they don't click on "ads". If they don't get served up ads then it hurts Baidu. This can also switch people long term.

    From an article I read the attack is part of their "baidu analytics" and "baidu ads" js code.

    That is "ct#1"

  14. Re your weird assed comments by sgt_doom · · Score: 1

    If Korporate AmeriKa hadn't (along with their subsidiary, the US gov't) offshored all the jobs, technology and investment to China, they wouldn't have been capable of doing this. We now stand at a disadvantage, thanks to the banksters!

  15. EOTD by Anonymous Coward · · Score: 1

    <span>Github Under JS-Based "Greatfire" DDoS Attack, Allegedly From {{enemyOfTheDay}}</span>

  16. Ching Chong Wing Wong by Anonymous Coward · · Score: 0

    Can we get these rice eating commies off our internet?

  17. Right by Anonymous Coward · · Score: 0

    because this is exactly what the Chinese government would do, in this bullish, clumsy, and apparent manner.

  18. Why isn't the law involved? by Anonymous Coward · · Score: 0

    Aren't we getting to the stage where there needs to be a crime unit working on this sort of thing? I'm assuming that plenty of laws are being broken.

  19. XIJINPINGSB by Anonymous Coward · · Score: 0

    Fk my government, fk Xijinping!!!!

  20. Baidu’s traffic hijacked to DDoS GitHub.com by DougPaulson · · Score: 2

    So basically Baidus search results is being hijacked to run a JS script in the client computers. Unlike a normal DDOS the client computer hasn't yet been compromised.

    Baidu’s traffic hijacked to DDoS GitHub.com

  21. Vigilantism? by MikeRT · · Score: 1

    If it's vigilantism for GitHub to conduct a private retaliation against the Chinese government, then one could call what the Chinese did an act of war. Hey, if we're tossing around emotionally loaded terms without regard for the context, why stop with just calling that hypothetical action by GitHub an act of vigilantism.

  22. Cluster DDos China? by gabrieltss · · Score: 1

    Why not setup every computer in the U.S. in like a beowolf cluster and mass DDos China. Shut the whole country down. No loss there.... Might help generate new manufacturing jobs in the U.S...

    --
    The Truth is a Virus!!!
    1. Re:Cluster DDos China? by Anonymous Coward · · Score: 0

      Why not setup every computer in the U.S. in like a beowolf cluster and mass DDos China. Shut the whole country down. No loss there.... Might help generate new manufacturing jobs in the U.S...

      Because we all have data caps

  23. smell my vagina! by Anonymous Coward · · Score: 0

    Smell that smelly west CIA/mass media propaganda vagina.

    inhale it and believe every word you are told.

  24. There are millions people in Chinese goverment by Anonymous Coward · · Score: 0

    Who is the damned disgusting bastard did the such thing? I need his/her/its name!