Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It seems completely bizarre. At least the government has the wisdom to not publicly take credit for it. It looks really bad when one of the most powerful nations on earth, over a billion strong, can't stop a little 300 person operation.

Github is smart and talented, and i'm sure that bandwidth cost is horrible. But they are up against an organization 7 orders of magnitude larger, and seem to be holding up just fine.

I kinda hope China comes out and says, whoops, unauthorized sneaky hackers. Github's resilience makes them look like a joke.



At this point do they really have a option besides continue until Github caves because of mounting costs?

Admitting whoops, unauthorized sneaky hackers co-opted our national packet mangling infrastructure would be a LOT of egg on their face.


That's a big freaking gamble. How effective does Github's mitigation need to be to make the costs tolerable? They're already using a full 1% of the traffic to ddos, they can only double that 7 times.

Really, at this point Github could probably put together a really nice blacklist of baidu users outside of china, and whitelist those that actually use the service. I can think of a couple of cute ways to accelerate the whitelisting.

Banking on Github not finding a good enough solution seems really risky.

Why not just ddos every time there's positive Github news? Ideally a half hour in advance of the event? China must know when MS is going to host some cool new project. China must know when the U.S. data service is going to host a cool new project. China must know when Github is going to announce a new feature.

This approach is just super half assed.


Side question, does GitHub run ruby on rails? If so, I'm pretty impressed.


They are on Rails 3 which is pretty old for Rails standards and they got there recently. See http://shayfrendt.com/posts/upgrading-github-to-rails-3-with...

This is their architecture in 2009 https://github.com/blog/530-how-we-made-github-fast Couldn't find anything more recent.


They do, but a real ruby on rails site typically serves most html content out of memcache, even higher for users that aren't logged into the platform. Its not unknown to see 5-10ms response times in those scenarios


>can't stop a little 300 person operation.

Police forces can infiltrate world-wide gangs.

What's stopping China from infiltrating Github if this DDoS doesn't work out?


Is there any evidence of China infiltrating Microsoft or other major OS vendors?


While I don't know of any cases relating to Microsoft, there have been a number of Chinese spies found in American companies (defence, industrial components, medicine). There's a summary on en.m.wikipedia.org/wiki/Chinese_Intelligence_Operations_in_the_United_States




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: