Github Under JS-Based "Greatfire" DDoS Attack, Allegedly From Chinese Government

An anonymous reader writes: During the past two days, popular code hosting site GitHub has been under a DDoS attack, which has led to intermittent service interruptions. As blogger Anthr@X reports from traceroute lists, the attack originated from MITM-modified JavaScript files for the Chinese company Baidu's user tracking code, changing the unencrypted content as it passed through the great firewall of China to request the URLs github.com/greatfire/ and github.com/cn-nytimes/. The Chinese government's dislike of widespread VPN usage may have caused it to arrange the attack, where only people accessing Baidu's services from outside the firewall would contribute to the DDoS. This wouldn't have been the first time China arranged this kind of "protest."

Too bad the US is so legalistic

[MikeRT]

If our country weren't run by lawyers, we'd do what Russia and China do which is allow victims like GitHub to retaliate. Would be hilarious if GitHub contracted a few black hats to penetrate China's academic/military networks and give them a taste of the Wikileaks treatment.

Github is scary for critical code

I have a coworker who advocates GitHub as the solution to all of our needs. He wants us to store all of our production code there. I asked him if he had a plan for backing up the GitHub repo, and his answer was along the lines of, 'someone will have the latest version on their PC, so we don't need a backup.' I asked him how we would work in times of limited GitHub availabilty. What if it goes down? What if it gets hit with DDOS? 'Oh, they're a big company, that won't happen.'

I have no fundamental problem with GitHub. But if a software shop uses it as their sole repo for mission-critical code, I think they're crazy.

Re:Github is scary for critical code

[zerosomething]

Run your own GitHub or Git repo. Why in the world would your rely on an outside company to store your production code? It verges on incompetence to do so.