"Mike, remember that project you did for us last year? Yeah, we've been shipping it with our product for a while - working great, thanks! Say... I don't suppose you might happen to still have a copy of the source code anywhere? I know, you probably deleted it after the project was over, but you were always so good about making backups - do you suppose you could rummage through your old backup tapes and see if there's anything? No, it's nothing like that! Well, we seem to have lost all our copies of the source and really hope you could help us out."
True story.
Pretty please?
This is a service I pay for and my business relies on. Having it down three times in three days impacts our work.
What amounts to throwing a massive amount of hardware at the problem (i.e., boxes that can handle 10-100+gbps of traffic, filter out the attacks, and pass only legit stuff down to your servers) is expensive[1], and casuses all sorts of unexpected behavior: API clients mysteriously break, good traffic gets mistakenly dropped, latency is added to the whole process, etc. It gets even weirder on SSL-protected sites. And it's all dependent on attackers not getting the IP of your actual servers which they could then just attack directly.
[1] For sites with even not a whole lot of traffic, you're talking a one-year contract easily in the range of an engineer's salary. I wouldn't be surprised if the cost to protect sites with as much traffic as Github exceeded $1m/year. Even if you have plenty of cash in the bank, that's one hell of a pill to swallow.
When you say things like "And it's all dependent on attackers not getting the IP of your actual servers" this makes me wonder how much you understand the subject matter. There are many, many options.
"UGH GitHub down again, I guess I have to go work on something equally as important for upwards of an hour"
I call shenanigans on you, good sir.
Since never. At least for businesses that want to remain an ongoing concern.
I wonder if there's a way to host Git repositories with static files, say, on Amazon S3... That would be neat.
This meme is getting really, really tiresome. Github being down is NOT a central point of failure. Most people know that setting up your own git server is trivial, literally a 3-4 step process. We know that we don't lose our files, our history, our working tree, etc.
The "git" in Github is easily replaced. The "hub" part has its own value. The communication tools, the well-presented diffs, the inline-editing capability, issues, wiki, etc. That's the value people are gnashing their teeth over.
http://ozmm.org/posts/when_github_goes_down.html has a good summary of quick ways to keep using git without github.
http://blog.spearce.org/2008/07/using-jgit-to-publish-on-ama...
Initially we blocked all Ec2[1] & spamhaus ip list. But then realized Flipboard proxies[2], some blog aggregation proxies etc are based on Ec2 machines.
What would be a good way to block such rogue machines? Is there a community sponsored list or Ec2/Rackspace ips that are creating issues?
Fighting DDoS attacks is not trivial, especially if you're against a sophisticated botnet, and your code has multiple slow parts.
No data will be compromised, but it will still be a pain in the .. head.
