Github Under JS-Based "Greatfire" DDoS Attack, Allegedly From Chinese Government

An anonymous reader writes: During the past two days, popular code hosting site GitHub has been under a DDoS attack, which has led to intermittent service interruptions. As blogger Anthr@X reports from traceroute lists, the attack originated from MITM-modified JavaScript files for the Chinese company Baidu's user tracking code, changing the unencrypted content as it passed through the great firewall of China to request the URLs github.com/greatfire/ and github.com/cn-nytimes/. The Chinese government's dislike of widespread VPN usage may have caused it to arrange the attack, where only people accessing Baidu's services from outside the firewall would contribute to the DDoS. This wouldn't have been the first time China arranged this kind of "protest."

Centralized on GitHub! LOL!

It's hilarious how so many git aficionados go on and on about how git is decentralized, and how this is the greatest thing ever. Then they all end up centalizing on GitHub. When GitHub is inaccessible for some reason, they start screaming about how they can't get any work done.

Re: Centralized on GitHub! LOL!

The modding here is atrocious.

The GP is right, and you are wrong.

There is only one form of decentralization involved here.

Even if git users have their own copies of a repo, it is not trivial to share changes among more than a couple of users, especially if they are on distinct networks with firewalls and other hindrances.

That is why GitHub is used.

GitHub negates the decentralization of git in order to make it practical for real world use.

GitHub being down may not be a problem for your rinky-dink one-man JavaScript library project that nobody uses.

But for real projects with distributed teams consisting of numerous people the decentralization of git is a big problem.

GitHub is the only practical solution to the problems of decentralization.

When GitHub is down, the entire team suffers from an inability to work.

If they resort to pushing and pulling from one another's repos, then they will waste more time doing that then they will actually doing real work!

Some teams will just set up a temporary git repo when GitHub is down.

But that is still an example of them centralizing, because decentralized version control is an impractical idea.

Git only works well in the real world when it is centralized.

GitHub and its popularity and necessity prove this to be true.

Re: Centralized on GitHub! LOL!

[Grishnakh]

You really don't understand what decentralized version control is, do you?

The whole point isn't to avoid any centralization at all, it's that you're not utterly reliant on it. It's somewhat similar to the argument between a big server and thin clients (where nearly all computation is on the server) and "thick clients" (PCs) and less-capable servers (for sharing files, etc.). With a big server, if that server goes down or the connection to it goes down, you're screwed, and can't do anything. With today's more common thick-client paradigm, if your office file server goes down, you can't easily share files with your coworkers and other things are inaccessible, but you can still get some work done using whatever local copies you have.

This is what DVCS is all about. With Git, you have a full copy of the repo just by virtue of having "checked out" a copy. You can still get some work done without access to the central server, whether it's down or your WiFi connection is down or your VPN is down. You can't do everything obviously, nor will you ever be able to, but that's not the point. And, in a worst-case scenario, if the central server just disappears one day without accessible backups, everyone with a copy checked out has the full repository, so it's possible to rebuild easily.

Ancient Chinese wisdom

[benjfowler]

For the purported great and ancient wisdom of 5000-year-old Chinese civilization, they have pretty lousy leaders.

The West has leaders with minds like children too, but at least we can laugh at them, and eventually get rid of them. Must suck to be Chinese with these idiots in charge...

can't we all just get along... to block China?

[swschrad]

knock them off the web for 12 hours, open it up... if they continue, block 'em again...

Re:Socialism

You're thinking of what letting the self-described "Conservatives," who are really right-wing religious authoritarians, have power outside their cult results in.

Re:Github is scary for critical code

[wisnoskij]

Well considering that apparently f***en CHINA is DDOSing them and they are only experiencing intermittent downtime that is pretty impressive to me. More of reason to switch than a warning against it.

Still, no backups, no alternative plan, your coworker is an idiot.

Re:I love the alert they changed the page to

[blueg3]

Not only do they see that message, but the alert pauses the loop that keeps loading the pages.

Re:Github is scary for critical code

[dave420]

You put your local github repo on some server, and then have it push its updates to Github. Should anything happen to that server, you can use Github to get a copy. The chances of Github and your local server losing your data is clearly much lower than either on its own, hence it making sense. Or just hate on Github because you are scared and don't understand stuff. Whatever's easier.

Re:Github is scary for critical code

[fhage]

This is a good example of people having a fundamental lack of knowledge about Git and GitHub.

You heard; "We don't need a backup because GitHub is so awesome". That does sound scary.

However, the whole point of Git is everyone who cares about the project has the complete repository, usually with multiple backups, and works "off-line" as normal practice.

Github is just an awesome and easy place to share a copy of the repository. It's trivial to set up another shared repository or just share directly with those involved in the development.