
Github.com unavailable due to a large DDoS attack - jpswade
https://status.github.com/?1
======
richardwhiuk
The second in two days, github is getting increasingly unreliable -
[https://status.github.com/messages](https://status.github.com/messages).

Also, I'd be interested to know how complete lack of service is 'mitigating a
DDOS attack' \- to me it sounds like 'successful DDOS attack'.

~~~
kevingadd
For a large DDOS attack there aren't any easy ways to only drop the DDOS
traffic - especially if it's hard to identify the DDOS traffic in the first
place. If they're getting more 'bad' incoming traffic than their connections
can handle I don't know how they'd drop that stuff - they have to receive the
packets before they can filter them. Maybe their bandwidth provider has tricks
for this...

~~~
corobo
They're using Prolexic by the looks of things.. You'd think a company that
specializes in mitigating DDoS attacks would be able to mitigate DDoS attacks.
Maybe I'm just misunderstanding the word mitigate

~~~
imbriaco
It's not their fault, we were in the middle of provisioning and service
validation with them but it wasn't completed. We're had to work through some
issues on the fly that we were trying to do non-disruptively, but they're
mitigating well for us now that we've got it dialed in.

~~~
corobo
Fair enough. In that case at least it's not a Friday

------
spongle
Again...

personally I can't see why anyone would want to DDoS github unless they are
just being an asshat.

~~~
mataug
Many would just do it as a challenge, Yes they are being a asshat, but they
just don't realise that.

~~~
blumkvist
great advertising for DDoS protection services.

~~~
Karunamon
Considering that Prolexic isn't exactly keeping Github up, not really!

------
bscofield
I'm surprised there's only one "git is distributed" comment thread so far, but
as a reminder:
[http://rubygems.org/gems/deus_ex](http://rubygems.org/gems/deus_ex) _may_
help with getting deploys running during a GitHub outage. Usage instructions
are at
[http://rubydoc.info/gems/deus_ex/0.0.2/frames](http://rubydoc.info/gems/deus_ex/0.0.2/frames).

~~~
reycharles
The github issue tracker and wiki is not distributed as far as I know, though.

~~~
josegonzalez
The wiki is a git repository, so in effect it is distributed.

The issue tracker is not, unfortunately, but neither are most issue trackers.

~~~
tenfingers
The solution is to use a bug tracker within the SCM:

[http://bugseverywhere.org/](http://bugseverywhere.org/) (my personal
favorite, but there are 3/4 other options that you can look into).

Not only it does offer distributed bug tracking on the command line (without
breaking your workflow), but it _implicitly_ allows to isolate bugs to
branches. You can fix a bug in a branch, and a subsequent merge of the
changeset will automatically fix the current branch.

I don't understand why these projects are so underrated. In "early git times",
distributed bug tracking on top of git was quite a hot subject. They solve
_many_ issues nicely.

Github might be a "nifty" viewer, and I _do_ host projects on github for added
visibility (by simply using a second push remote), but that's about it. I find
"tig" and "bugseverywhere" to complement git nicely and work much better than
any web browser could.

------
fauigerzigerk
DDOSing Github reminds me of a study I read about a while ago. It showed that
many burglars tend to break into homes close to their own instead of targeting
wealthier neighborhoods.

Many of the reasons for that will be very different from this attack on Github
as there is no money in attacking Github. But one reason may be similar: Lack
of imagination, or in other words stupidity.

------
maaaats
Hmm, it's scary how much this affects us.

We can't push latest bugfix to GitHub. Azure cannot deploy it. I cannot run
bower_install on the project I would be working on in the meantime.

~~~
jamescun
inb4 "GIT is distributed".

While GIT is distributed, working collaboratively with others still requires a
central platform where everybody working on that GIT repo can connect. GitHub
is a very convenient central platform.

To GITs credit; you can, with a little server know-how, set up your own git
server and give all previous contributors access. However for a small downtime
this could be overkill.

~~~
riffraff
you don't need server know how, you can just use another of the available git
hosting (e.g. bitbucket)

~~~
simonv3
And even if you don't want to use a dedicate git hosting service, good site
hosting platforms (Webfaction) make it incredibly easy to install a git
server.

------
warpech
I bet they DDoS GitHub with use of tools obtained from GitHub

------
trebor
I think it's interesting to note how people have gone to expecting 5-digit
reliability out of an internet service. Not only is GitHub under fire, but the
whole IPSec industry gets blamed.

Back when my dad installed physical PBXes, the big ones that could be the size
of a mainframe, uptime the biggest argument: they had to have reliability to
five nines (99.99999%, if you don't get it). Then when cellphones first came
out, everyone got lackadaisical about dropped calls. And overnight an entire
industry worried about reliability "to five nines" changed, and "whatever,
it's a new service, you've got to expect some difficulties."

The internet started with relatively low reliability. No web host I've ever
seen has truly been able to achieve 99.999% uptime. And yet, when GitHub goes
down under a "large DDOS attack" but still manages to maintain 99.85% uptime
over the last month (with several DDOS-caused outages) everyone comes out of
the woodwork to complain. After all, it isn't as-if hosting a massive service
while keeping everything secure _and_ running happily is an easy thing.

If you're tired of GitHub outages, then get a Bitbucket account, or host your
own Git repository for backup. What serious developer, or service, would keep
all their eggs in one basket if they really depended on the uptime of just one
centralized service?

------
kozhevnikov
Out of curiosity, to those who prefer Bitbucket to GitHub, how often (if ever)
does it (Bitbucket) go down due to DDoS or otherwise?

~~~
daenney
Bitbucket has had it's own fair share of issues, let alone the "we're pulling
Bitbucket offline for 5hrs to move to a new datacenter" debacle not so long
ago. I understand why they had to do it but it is indicative of some issues
with their architecture.

They probably haven't gone offline through a DDoS yet because they're just not
that popular to warrant an attack but I wouldn't bet on it that Bitbucket
would fare any better.

~~~
bluedino
It's not fair to compare scheduled downtime with being down for a few random
hours because of an attack (or any other reason)

------
mathnode
oh thank fuck, I was getting annoyed that it was me, who was screwing up my
homebrew install. For once it's not my fault!

------
joshdance
I'm a rookie so how does Github being down for a few hours cause problems? I
push to Github a few times a day, but if I don't, I just push to Github the
next day.

Are there teams that need to be in constant sync pushing and pulling multiple
times an hour?

~~~
mmgutz
If you deploy from git, like many of us do, and you're in the middle of
pulling down dependencies from github ..

It's happened a couple of times. We moved to our own private server with forks
of any dependencies we need.

~~~
ommm
Anyone dealing with production code should do this, in my opinion. Hope for
the best but plan for the worst.

------
stevoski
These problems coincided with me trying to get started with Git and GitHub for
the first time. I had a perplexing, frustrating day.

~~~
CmonDev
Try BitBucket, same stuff productivity-wise plus private repos.

~~~
ssmoot
Bitbucket: $10/month for 10 users and Unlimited private repositories.

Github: $200/month for Unlimited users and 125 private repositories.

If you're a team of 10 or less, have a few dozen clients and dozens more
supporting libraries in a small company Bitbucket blows Github out of the
water.

For the same $200/month Bitbucket also offers unlimited users (again, with
unlimited private repositories).

I wouldn't call Github's pricing unreasonable. But I have learned to
appreciate Bitbucket's service (they're really on top of things on their
Twitter feed) and their pricing is lunch money for a day (as opposed to
skipping lunches for a month).

Highly recommended.

~~~
bigdubs
We switched from Bitbucket to Github because of Bitbucket's reliability
issues. YMMV.

~~~
ssmoot
I've seen a lot of stuff in their Twitter feed they seem to work through, but
I've never actually run into any issues. So I've interpreted that as
transparency I guess.

Been with 'em for maybe a year now? Never had a failed push or pull. That's
happened a number of times with Github but I wouldn't suggest it's been
damaging to the business. Only a minor inconvenience at times.

So with your anecdote and my anecdote, we get to call this "data" now right?
:-)

------
phaer
Is there a git tool which syncs remotes? I could set up a second remote for
the times github is down, but how do i share it with my team members? Does
everybody need to add it manually? That could become tedious with larger teams
or more remotes.

Plus: There are a bunch of decentralized issue trackers, can any of them sync
with github? Is that possible with their api?

~~~
mcculley
> Plus: There are a bunch of decentralized issue trackers, can any of them
> sync with github? Is that possible with their api?

Last time I looked, their issues are not stored in git itself. This is
something that has kept me from using their issue tracker for my projects as
it encourages lockin.

------
moron4hire
The great thing about GitHub is that it's still Git. If GitHub is down, that
just means that your central publishing site is down. It doesn't mean that
you're developers can't work. They can still share amongst themselves. Like
they probably should be doing even when GitHub is up.

~~~
memset
How would this work? (This is a serious question.)

Would each of us set up each other's internal IP addresses (192.168.0.101,
etc) as remote repositories? Would each of us run a git repository on our own
boxes? Or would we set one up on our own AWS box or something?

~~~
bigdubs
Yep, you set up each developers machine as a remote, but you pull from them
(rather than push). Helps to pull to a separate branch though.

------
gsharma
They are back up for me now.

~~~
gmac
... although trying to download a zip of a repo is giving me a 500 error.

------
CmonDev
If online code availability is _that_ important for you then just push code to
both GitHub and BitBucket.

~~~
galaktor
Since the VCS are distributed, you could always mirror a repository on a NAS
at home or something.

Edit: I might have misread the parent's comment. If CmonDev was referring to
public availability, just a local repo won't do. It depends on who needs
access to the code etc

------
dpweb
maybe the fact they have to deal with non http incoming traffic makes them an
easier target?

------
anentropic
Can anyone explain why Github is a DDoS target?

Seems a bit pointless

~~~
rkv
Testing resources is one.

------
saltyknuckles
Quick blame it on Ruby.

~~~
saltyknuckles
But hurt anyone? lol

