Secondly, I kind of like when big sites go down when I'm not in desperate need because it means a really nice aftermath write up is on the way. Can't wait to hear more about this one.
It's been a disaster for a bunch of people I know.
git is distributed by nature so they all had extra remotes they could use.
github's issues and other project metadata wasn't distributed, since that's github's alone.
So all of the friends of mine who are corporate github users who were using git in a distributed style (a minority of their overall customer base, I would suspect) are more screwed by the web app's absence than they would have been by a repository problem.
I suspect github made the right choice for their customer base overall, but I still find the anecdata interesting.
They got lucky. What would be a great way to handle it if next time it's port 21 or 443?
OTOH, if I had a botnet and I wanted to see how powerfully it could DDOS without drawing a lot of mainstream media attention, github might be good for target practice. They have better infrastructure than most, and they always do detailed write-ups afterwards.
I sort of expect it wouldn't be an effective practice anywhere.
Honestly, grow a pair, fellas. It's part of doing business on the Internet.
Low Orbit Ion Cannon (LOIC) is an open source network
stress testing and denial-of-service attack application
LOIC performs a denial-of-service (DoS) attack (or when
used by multiple individuals, a DDoS attack) on a target
site by flooding the server with TCP packets or UDP
packets with the intention of disrupting the service of a
particular host. People have used LOIC to join voluntary
1) ssh myserver.com
2) adduser git
3) sudo su git
4) cd $HOME
5) mkdir .ssh
6) Add people's public keys to .ssh/authorized_keys (in /home/git)
7) git init --bare myrepo.git
8) Push and pull to email@example.com:myrepo.git
Srsly tho, the relationship between Git and GitHub, might be somewhat analogous to that of BitTorrent and TPB
Well, except for Issues, Pull Requests, Wiki, etc, but those aren't part of Git.
It would limit the potential damage these attacks could cause, given the reliance dev teams have on pushing code to a central repo. Taking down a site like Github has a fairly clear effect on the productivity of a lot of their users.
That said, Github has never been down long enough for me to justify a fallback procedure and policy for my team. The complexity of the solution outweighs the benefit. We'll cross that bridge when we come to it.
We've temporarily disabled service on port 80 while we investigate the source of a connection flood. HTTPS, GIT, and SSH service are unaffected.
01:33 PM PST
"We are experiencing issues due to a DDOS attack, working hard to restore service"
It's not going to make Github go online any quicker. They have a Twitter account, you know.
Great way to keep the git push/pull workflow unaffected.
EDIT: or not anymore. I was able to push but now I am not.
> host status.github.com
status.github.com is an alias for appid129905herokucom-760859479.us-east-1.elb.amazonaws.com.
appid129905herokucom-760859479.us-east-1.elb.amazonaws.com has address 184.108.40.206
appid129905herokucom-760859479.us-east-1.elb.amazonaws.com has address 220.127.116.11
appid129905herokucom-760859479.us-east-1.elb.amazonaws.com has address 18.104.22.168
I'm not BitBucket marketing team, check my posts. This is just an honest view on GitHub.