Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday March 29 2015, @02:13PM   Printer-friendly
from the must-stop-Rehash-development! dept.

It appears that whatever entity controls the "Great Firewall of China" is using malicious ECMAScript to launch a distributed denial of service attack on Github. The ECMAScript is being delivered through advertisements served by Baidu, which are on many non-Chinese websites. Baidu is denying any involvement, and it seems like the ECMAScript is probably being injected as the advertisements leave China's firewall.

The attack was originally attempting to target the repositories of two specific users; one is Great Fire (which aims to help users circumvent the Chinese government's firewall) and the other is CN-NY Times (an uncensored Chinese version of the New York Times). Since Github is only available through https, this effectively turned into a general attack on the website. It is unclear whether the specific pages were targeted despite being behind https due to technical ignorance on the part of the attackers, or as a way of sending a message.

More to follow:

Github made this post on March 27:

We are currently experiencing the largest DDoS (distributed denial of service) attack in github.com's history. The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we've seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content.

We are completely focused on mitigating this attack. Our top priority is making sure github.com is available to all our users while deflecting malicious traffic. Please watch our status site or follow @githubstatus on Twitter for real-time updates.

Latest updates can be found on the GitHub status page.

I haven't personally had difficulty accessing Github, but it appears that many people have over the last two days. An interesting first-hand account from a security researcher whose computer was redirected to the two offending Github pages can be read at Insight-labs. While that page indicates that the attack has stopped, the latest updates by Github are more recent.

Related Stories

The "Great Cannon" of China 35 comments

We had two Soylents send us news of a new tactic in state-sponsored attempts at silencing undesired content on the internet:

China Is Said to Use Powerful New Weapon to Censor Internet.

Late last month, China began flooding American websites with a barrage of Internet traffic in an apparent effort to take out services that allow China’s Internet users to view websites otherwise blocked in the country.

Initial security reports suggested that China had crippled the services by exploiting its own Internet filter — known as the Great Firewall — to redirect overwhelming amounts of traffic to its targets. Now, researchers at the University of California, Berkeley, and the University of Toronto say China did not use the Great Firewall after all, but rather a powerful new weapon that they are calling the Great Cannon.

The Great Cannon, the researchers said in a report published Friday ( https://citizenlab.org/2015/04/chinas-great-cannon/ ), allows China to intercept foreign web traffic as it flows to Chinese websites, inject malicious code and re-purpose the traffic as Beijing sees fit.

The system was used, they said, to intercept web and advertising traffic intended for Baidu — China’s biggest search engine company — and fire it at GitHub, a popular site for programmers, and GreatFire.org, a nonprofit that runs mirror images of sites that are blocked inside China. The attacks against the services continued on Thursday, the researchers said, even though both sites appeared to be operating normally.

http://www.nytimes.com/2015/04/11/technology/china-is-said-to-use-powerful-new-weapon-to-censor-internet.html

[Continued after the break.]

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Disagree) by Anonymous Coward on Sunday March 29 2015, @02:54PM

    by Anonymous Coward on Sunday March 29 2015, @02:54PM (#163811)

    Why aren't they just calling it javascript? ECMAscript is the name of the standard, but we all, and always have, called it javascript because ECMAscript doesn't roll off the tongue so well.

    As for china, good, github has a horrific user interface and I'd much rather see collaborative coding more akin to multi player notepad. While I'm not a fan of attacks, I do hope that this particular thing is destroyed so I as a developer do not have to pull my hair out losing my work 8 times a day with it's crappy interface. It presents an opportunity to capture what github was trying to do, rebuild it, and do it right, but github needs to die first.

    • (Score: 4, Insightful) by Arik on Sunday March 29 2015, @03:12PM

      by Arik (4543) on Sunday March 29 2015, @03:12PM (#163814) Journal
      "ECMAscript is the name of the standard, but we all, and always have, called it javascript because ECMAscript doesn't roll off the tongue so well."

      Who is this 'we' you speak of?

      I am certainly not that sloppy.

      Anyway yet another incident to demonstrate that Ecmascript is the poison pill that killed the web.
      --
      If laughter is the best medicine, who are the best doctors?
      • (Score: 5, Insightful) by TheGratefulNet on Sunday March 29 2015, @07:11PM

        by TheGratefulNet (659) on Sunday March 29 2015, @07:11PM (#163900)

        yes, ecma and javascript are evil crap that I hate beyond anything else, in software.

        'hey, here's some code. no, don't LOOK at it, just trust us and run it.'

        whoever thought that was a good idea should be shot. look at a typical jscript blurb (yahoo is my 'favorite' since they go out of their way to make variable and proc names unique and garbage, so you can't write good filters to block stuff). its crap! its TRYING to hide from you what they are doing.

        right now, even on soylent, I'm typing into a textbox and the chars are echoing very slowly, causing dropped chars and all kinds of misspellings. we don't need jscript in the middle of everything, dammit! enough is enough.

        when i was doing very early web programming (1998 or so) I avoided jscript and people 'laughed' at me for being too simplistic. but I knew what I was doing and what I was trying to avoid. having my pages work fine with jscript turned off was my goal and I easily reached that. but today, not a single web dev thinks that way. they NEED jscript. crutches.

        hate hate hate jscript. wish it would go back to the devil from which it came.

        also hate that the web has become wysiwyg. it was never meant to be that. it was meant as tagged elements (from the sgml markup concept) and the local engine should render it the way IT makes sense to. but nooooo, we can't have local rendering. I want that button top right corner, dammit (sigh). and so, we ruined a key concept of the web because 'graphic artists' were too dumb to understand the notion of tagged elements and could just not adapt to this concept ;(

        I gave up trying to be a web guy well over 10 years ago. when someone says they are a web author or webadmin, I kind of laugh to myself. sad that it got to be this way.

        --
        "It is now safe to switch off your computer."
        • (Score: 4, Funny) by Anonymous Coward on Sunday March 29 2015, @07:30PM

          by Anonymous Coward on Sunday March 29 2015, @07:30PM (#163910)

          I'm writing some javascript to reply to your post at this very moment, but your failure to start your sentences with capital letters is making my parsing algorithm throw errors. I'm going to have to write a new jquery plugin to handle it, but I'm running into issues trying to support the last half dozen versions of IE.

        • (Score: 2) by Arik on Sunday March 29 2015, @09:22PM

          by Arik (4543) on Sunday March 29 2015, @09:22PM (#163943) Journal
          I got in a little earlier than you but otherwise my experience is the same.

          The web was effectively dead once 'designers' were accepted as a legitimate part of the ecosystem.

          Long term you can choose one - a free and open web or an abominable mess where security has been made impossible by design, and all that is left of it is a constant arms race that government agencies and well-financed criminal organizations 'win' while the rest of us 'lose' every day.

          And ecmascript is a key fulcrum. Turn it off entirely. Yes, you'll be locked out of a lot of addresses (because there is no website hosted at them) but what's left is much more worthwhile.
          --
          If laughter is the best medicine, who are the best doctors?
        • (Score: 2) by hash14 on Monday March 30 2015, @02:26AM

          by hash14 (1102) on Monday March 30 2015, @02:26AM (#164019)

          Given that people are prone to just letting random webservers run javascript on their local machines, I say why can't I embed a javascript-based bitcoin miner on their machines? Come on! Who's gonna stop me?

          • (Score: 2) by Nerdfest on Monday March 30 2015, @03:22AM

            by Nerdfest (80) on Monday March 30 2015, @03:22AM (#164038)

            I believe that's already been done.

      • (Score: 3, Touché) by wonkey_monkey on Sunday March 29 2015, @08:27PM

        by wonkey_monkey (279) on Sunday March 29 2015, @08:27PM (#163936) Homepage

        Who is this 'we' you speak of?

        The "we" he's speaking of is the 99+% of percent who just call it Javascript, as well you know.

        --
        systemd is Roko's Basilisk
      • (Score: 5, Funny) by LoRdTAW on Sunday March 29 2015, @09:44PM

        by LoRdTAW (3755) on Sunday March 29 2015, @09:44PM (#163953) Journal

        I prefer calling it eczemascript because I always get itchy when looking at it.

    • (Score: 4, Insightful) by Nerdfest on Sunday March 29 2015, @03:13PM

      by Nerdfest (80) on Sunday March 29 2015, @03:13PM (#163815)

      Perhaps you should go and experiment with branching and versioning on a team using "multi-player notepad" and let us know how it works out. Instead, I'd recommend perhaps trying one of the alternatives to GitHub, or even host you own Git repository and use the command line, or even fall back to using CVS or Subversion. Most people are quite happy with GitHub, it most certainly does not "need to die".

      • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @07:18PM

        by Anonymous Coward on Sunday March 29 2015, @07:18PM (#163902)

        Don't knock "Duke Nukem: Multi-Player Notepad" until you've leveled up a few times. You don't know what you're missing.

      • (Score: 3, Informative) by gnuman on Monday March 30 2015, @03:35AM

        by gnuman (5013) on Monday March 30 2015, @03:35AM (#164042)

        Fall back to CVS or SVN? From git? That's like chopping your hands off and coding with your nose.

        Git is 100% decentralized. There is absolutely, positively nothing stopping your from continuing to work without any access to github or any other central coordination. You can even send git patches via email - that's how that small project, what was it's name, oh, Linux, works.

        • (Score: 0) by Anonymous Coward on Monday March 30 2015, @03:40AM

          by Anonymous Coward on Monday March 30 2015, @03:40AM (#164047)

          before spelling Nazis,

          s/it's/its/

    • (Score: 4, Insightful) by maxwell demon on Sunday March 29 2015, @03:16PM

      by maxwell demon (1608) on Sunday March 29 2015, @03:16PM (#163816) Journal

      If github is really so bad as you claim (I can't tell, I've never used it), then there's no need to kill it. Make a better one, and people will switch over. Not instantly, but if your site is much better than github (and well advertised to the relevant groups), then the switch will be quite fast.

      And if no one manages to make a site that's better than github, github's existence is very well justified, and killing it would be a disservice.

      --
      The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @03:36PM

        by Anonymous Coward on Sunday March 29 2015, @03:36PM (#163821)

        Well I do actually create local versions that are more like multiplayer notepad when I'm collaborating with other developers. That only happens when I get control of a project so it's rare, but it does work really well. However I'm more often than not forced to use it, and I don't like it.

      • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @03:41PM

        by Anonymous Coward on Sunday March 29 2015, @03:41PM (#163825)

        If your interested in my approach though, it's not that hard.

        You just setup nodeJS so that it can read/write to your javascript, css, and html files.

        Then you use a websocket and everyone can access all the files, edit them, and watch other people editing in real time.

        When you enable nodemon as well you can instantly have the webserver restart with each change to the back end.

        It removes an overly obtuse layer and just lets you get to work immediately.

        • (Score: 2) by maxwell demon on Sunday March 29 2015, @04:00PM

          by maxwell demon (1608) on Sunday March 29 2015, @04:00PM (#163830) Journal

          Can you also revert to an earlier version in case something gets wrong? And can you find out who wrote what piece of code (and therefore know whom to ask if you've got any question about it)?

          --
          The Tao of math: The numbers you can count are not the real numbers.
          • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @04:06PM

            by Anonymous Coward on Sunday March 29 2015, @04:06PM (#163833)

            I usually work with a team of about 3 people, like I said though, you can edit how the logic works, so if you want you can color code each team members contributions.

            I never have rolled back to earlier versions when I'm developing, it hasn't actually been a problem ever.

            That might have something to do with how I develop though, I don't write giant chunks of code and then cross my fingers it works. I write a few lines, refresh the page and see if everything is okay (don't use cookies or sessions because that will serve up confusion). Then layer by layer I work my way up, and I keep my functions separated logically so it doesn't spaghetti together.

            Async is beautiful for that, as well as nodejs 'require'.

            I have one function to build a website that's about 5 pages long, but with require I can cut that into chunks, and then call it from the main index.js with just
            var buildSite=require('/customFunctions/createANewWebsite.js');
            buildSite(nameOfSite);

            • (Score: 1, Funny) by Anonymous Coward on Sunday March 29 2015, @07:34PM

              by Anonymous Coward on Sunday March 29 2015, @07:34PM (#163915)

              I don't write giant chunks of code and then cross my fingers it works

              And you call yourself a developer? What's next, comments in your code?

              • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @08:26PM

                by Anonymous Coward on Sunday March 29 2015, @08:26PM (#163935)

                LOL

                oh I sucker punched myself in the face a few times doing that, writing tons of undocumented code, then having to go back a month or two later to shore up things and add in new functions.

                ALWAYS DOCUMEEEEEEEENT!

                I honestly was shocked though at just how fast I could forget some of the code I'd written myself, it felt so personal at the time when I was dealing with it, but when you go back it can be like an alien wrote it sometimes.

      • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @04:01PM

        by Anonymous Coward on Sunday March 29 2015, @04:01PM (#163831)

        I don't have the whole editing thing up and running at the moment, but I do have a part of it so I can show you what I mean.

        My website is up at https://darrencaldwellwebdesign.ca/ [darrencaldwellwebdesign.ca] (I got SSL working, w00 h00!) anyways, under my portfolio there is an example called 'editable'. It's nothing fancy, and it won't write your changes to any files because it's just a demonstration.

        However that's basically exactly how I do it, you can add more logic to it etc, in the example I have each text area sectioned off, but when I'm collaborating it's just a simple textarea with whatever file contents dumped in it and you can edit to your hearts content and hit 'save' as often as you like, or set it up so it just auto-saves on keyup.

        ex: $(document).on('keyup','.editableCodeArea',function(){
          data=$(this).val().trim();
          editIO=io('/editable');
          editIO.emit('update',data);
        });
        editIO=io('/editable');

        editIO.on('broadCastUpdate',function(data){
          $('.editableCodeArea').val(data);
        });

        It only takes about 6 hours to get it going but once you have the code it becomes a permanent tool you can use.

        • (Score: 2) by maxwell demon on Sunday March 29 2015, @04:46PM

          by maxwell demon (1608) on Sunday March 29 2015, @04:46PM (#163855) Journal

          If that is your idea of how to do it, I can understand that people are not exactly keen on using it, and will only do so if they are forced to.

          Anyway, even if one assumes that it is indeed the best method to handle small web projects, note that projects on github are neither all small, nor all web projects. So what would you suggest where hundred people C++ projects should go if github were killed?

          --
          The Tao of math: The numbers you can count are not the real numbers.
          • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @04:52PM

            by Anonymous Coward on Sunday March 29 2015, @04:52PM (#163859)

            Meh, I wonder why your defending it.

            Does it have to do with github being open source name brand like the world wildlife foundation?

            I guess I'd get the same blowback if I said they were crappy with giving vet assistance to animals if I had experienced that to be the case (I haven't, they are lovely people and do a fantastic job).

            At any rate, like I said, the idea of code sharing isn't what gets my ire up, it's how it doesn't facilitate collaboration online but makes you download everything then download and overwrite stuff with branchs all with very few labells about whats going on or why this button 'sync' reads or writes.

            Heh, I only know web development stuff, I don't usually deal with C++ for anything, I really like javascript because it's super flexible and lets me do all kinds of powerful things.

            Websockets are probably the biggest thing that it can do. I really cannot get over how awesome web sockets are for facilitating collaboration where you immediately see changes without a refresh or a download. That saves a massive amount of time and it keeps my will to develop strong when I can feel that I'm working with other people because I can see them all working and they can see me working.

            • (Score: 3, Informative) by janrinok on Sunday March 29 2015, @06:52PM

              by janrinok (52) Subscriber Badge on Sunday March 29 2015, @06:52PM (#163894) Journal
              I guess he's defending it because it does far more than your offering seems to do. Does your system work with 100+ contributors of c++ code, and can you track who submitted what and when?
              • (Score: 2) by Nerdfest on Sunday March 29 2015, @07:02PM

                by Nerdfest (80) on Sunday March 29 2015, @07:02PM (#163898)

                It also allows changes to be reviews before they're incorporated, projects to be forked, etc. If multiple people need to edit the same files simultaneously in a project, I'd also suggest that your project may not be well structured. It's actually difficult to do using JavaScript. Have a look at AMD (requireJS) for effectively giving JavaScript namespace and dependency support. I really couldn't tolerate using JavaScript on anything other than a toy project before I started using it.

      • (Score: 3, Interesting) by darkfeline on Sunday March 29 2015, @07:42PM

        by darkfeline (1030) on Sunday March 29 2015, @07:42PM (#163918) Homepage

        The lesson taught by Unix is relevant here: Once something is "good enough", it's near impossible to replace. You wouldn't be able to replace Github with something better; rather, you need something that is revolutionarily better to displace it.

        --
        Join the SDF Public Access UNIX System today!
        • (Score: 3, Insightful) by maxwell demon on Sunday March 29 2015, @09:19PM

          by maxwell demon (1608) on Sunday March 29 2015, @09:19PM (#163942) Journal

          No, you would be able to replace Github with something better. It's just that if it is only slightly better, it will take a long time, while if it is revolutionary better, it will displace it in a quite short time frame.

          --
          The Tao of math: The numbers you can count are not the real numbers.
    • (Score: 5, Informative) by physicsmajor on Sunday March 29 2015, @03:37PM

      by physicsmajor (1471) on Sunday March 29 2015, @03:37PM (#163822)

      I'm a core developer on an open source project which exclusively uses GitHub to manage hundreds of geographically distributed contributors.

      I literally cannot understand what your problem could possibly be. I have never, nor ever heard of anyone losing their work due to GitHub. Do you not understand how Git works? Your local repository has everything. You can also back that up anywhere you like in parallel with GitHub.

      If you branched or stashed, your work is not lost. Maybe if you used the in-browser editor exclusively I could understand, but ugh what a terrible practice. Learn to use Git on your machine to unlock it's actual potential.

      • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @04:11PM

        by Anonymous Coward on Sunday March 29 2015, @04:11PM (#163835)

        lack of labelling, and sync doesn't really tell me if it's writing to my hard drive or reading from it.

        It needs more clear labels, or maybe menu's that pop up and explain things when you hover.

        Also I don't like that your stuck downloading local versions, when I develop I create a live site and then everyone just gets in there and works on it. That way you KNOW file access is setup right, you KNOW that everyone has the exact same files and you KNOW if something is broken or not instantly because it's all 1 thing not 6 different file versions on 6 different computers with branches and all that other garbage.

        • (Score: 2) by Marand on Sunday March 29 2015, @04:38PM

          by Marand (1081) on Sunday March 29 2015, @04:38PM (#163849) Journal

          Also I don't like that your stuck downloading local versions, when I develop I create a live site and then everyone just gets in there and works on it.

          So, you're saying that the problem with GitHub is that it, um, uses git? How dare a site called GitHub use git! What were those morons thinking? Sorry bro, but I think the problem here isn't GitHub, it's that you don't know what you're talking about.

          • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @04:45PM

            by Anonymous Coward on Sunday March 29 2015, @04:45PM (#163854)

            I'm talking from my experience with it, I already had a webserver up and going and was ready to get to work. Then I got stuck using github and spent a bunch of time screwing around hitting unlabelled buttons and experimenting losing my work over and over again. It really was unpleasant, and it could be done better by making it more online collaborative and less local.

            I don't disagree though with having the code downloadable and accessible, that feature of github is great. I'm more talking about using it when your working and suddenly your dealing with branches etc but you never really know whats going on without some kind of explanation. Also you don't know if a bug that crops up is from local environment, or from the project itself.

            • (Score: 3, Insightful) by Marand on Sunday March 29 2015, @05:08PM

              by Marand (1081) on Sunday March 29 2015, @05:08PM (#163870) Journal

              I still stand by my previous comment, because again, everything you're saying in these comments basically boils down to "I don't understand git, I have never used git for anything, and I tried using github without even rudimentary knowledge of git"

              The first clue was when you mentioned "multi player notepad", because collaborative editing is a completely different use case than git. If you want collaborative editing, you use something like Gobby [github.io], and that's fine for certain uses.

              Git is something completely different: a version control system. You use it for tracking commits, saving different code branches, tracking files in a project, branch merging, "time travel" back to older commits, etc. It makes it easy to copy (or fork) a codebase to work, which means that collaboration in a loose sense -- multiple people working on the same project -- is convenient, but it's not a collaborative editor, or in fact any kind of editor at all. If you want (or must) use git, Git Magic [stanford.edu] is a good introduction to what it is, how it works, etc.

              GitHub is basically just a hosting provider for git with some extra additions to make it appealing to people hosting code. Those value-adds are the website features, like browsing without cloning a repo, wiki and bug report pages, a pastebin-clone, etc. They're still based around using git, and are essentially all optional. All you need is a github account and the git command line program and you're set.

              Tl;DR: You're upset that a version control system is not a collaborative text editor. Your complaints are akin to biting into an apple and complaining that it doesn't taste like an orange. Read Git Magic [stanford.edu] to get up to speed on what git's about.

              • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @05:25PM

                by Anonymous Coward on Sunday March 29 2015, @05:25PM (#163872)

                Oh, I use git, I've been messing around grabbing code off of it so I could take a look at how other people do things.

                I don't actually have anything up on git myself, I created an account and I was trying to get my framework for creating javascript only website (very fast, not good for SEO though) up on there but I couldn't figure out how to get it to upload, and after awhile, I kinda just lost interest and quit caring and went back to work.

                Tell you what though, your actually talking to me, you wanna do something together? :D

                I've been in kind of a rut lately not making much of anything. If you want to create something, I'm a creator, your a creator, lets create!

                I have been thinking about a friendlier user interface for JSON object databases (sooooooooooo much better than mysql).

                I was thinking that each object in the db should be skeletonized for viewing so
                var skeletonizedObjects=[];
                var databaseReturn=db.find({},function(err,data){
                  for(i in data){
                    skeletonize(data[i]);
                  }
                  socket.emit('skeletonized objects for viewing',skeletonizedObjects);
                });
                var skeletonize=function(databaseJSONobject){
                  var keys=[];
                  for(i in databaseJSONobject){
                    keys.push[i];
                  }
                  skeletonizedObjects.push(keys);
                };

                Thats just to show structure, then slap on the value in a text field, and bind the 'enter' key to saveing

                $(document).on('keyup',function(e){
                  if(e.keyCode == 13){
                    //update the data for this key in this object
                  }
                });

                MySql has TONS of really great ways to display and edit data, but JSON databases are newer, there's some projects for it, but they have a tendancy to be localhost and what I need is one that is a webpage on the webserver itself so I can genuinely see operational data and edit it as necessary.

                • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @07:47PM

                  by Anonymous Coward on Sunday March 29 2015, @07:47PM (#163921)

                  You should look into some of the nosql document databases. They can make very good use of json data. YouTube has some short videos about the differences between the types of nosql DB offerings as well as some longer ones (Martin Fowler's is informative but a long 50 minutes).

                  I'm an RDBMS type of guy, but some of my projects are very json heavy so I'm looking into the nosql alternatives. PostgreSQL also has a data type that is queryable json IIRC.

                  • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @08:15PM

                    by Anonymous Coward on Sunday March 29 2015, @08:15PM (#163929)

                    Heh, yeah I know what you mean about databases. I started out using mysql, but what I was finding I kept having to do was queury 1 table for the user, query another table for their comments, query another table for their option settings, query another table for this that and the other. Then I'd have to crush it all into JSON objects nested inside each other and pass it forward. It takes a lot of code and the more times you hit your server for data the more overhead builds up. Also when I'd give a client the end project I kept having to give them all sorts of instructions about how to setup a database, how to create the user, what the user password had to be etc etc.

                    I ended up going with a database called nedb which just stores JSON objects, so now when I get a user I just run 1 query and everything comes back as a big JSON object and I slingshot that from the server to the client. The other advantage is that because it's just a text file you don't setup a server, or users, or user passwords, or have to rebuild the database etc and if you zip the project up hand it over the client can just unzip it and run it without having to go through a long list of complicated instructions (which depending on their comfort level might level them with a project they can only stare at but never get up and going).

                    • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @08:20PM

                      by Anonymous Coward on Sunday March 29 2015, @08:20PM (#163932)

                      Oh, I forgot all about php.ini environmental variables as well. Trying to explain to someone how to find the php.ini file, how to edit it etc. It can really be a nightmare, you can't just give them a copy of your php.ini because that might break existing things they have setup.

              • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @05:45PM

                by Anonymous Coward on Sunday March 29 2015, @05:45PM (#163881)

                Hey, I'm going to head out for a drive through the forest for awhile (it's how I unwind) and grab a coffee. I'll be back later on though, I wasn't kidding it would be great to get back to work and do something. You can contact me through my website https://darrencaldwellwebdesign.ca [darrencaldwellwebdesign.ca] if you want, there's a contact button there. Just toss me a message if you feel like collaborating on something :)

            • (Score: 0) by Anonymous Coward on Monday March 30 2015, @01:29PM

              by Anonymous Coward on Monday March 30 2015, @01:29PM (#164215)

              but you never really know whats going on without some kind of explanation

              So your problem is that you don't read manuals?

      • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @04:16PM

        by Anonymous Coward on Sunday March 29 2015, @04:16PM (#163837)

        I guess I don't like how it centralizes the code, but you cannot see that central code in action without downloading it and running it in your particular environment.

        With nodeJs that's not such a big deal because you can use a DB like nedb and transfer all files at once open it up and have functional site.

        However if your doing LAMP development then downloading and running the files means you have to account for each users local environment. They have to setup their databases, users, etc etc and often there are problems that have more to do with mysql and php running localhost than anything being wrong with the project which leads to delays as each member hits those snags like slashes (windows slashes go \ everyone else goes / )

      • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @04:26PM

        by Anonymous Coward on Sunday March 29 2015, @04:26PM (#163844)

        Also, I just absolutely HATE HATE HATE installing programs on my hard drive. It's not 'universal' and it implies that I trust the github team enough to give them access to my ram, HDD, and CPU, which I don't.

        If it was a totally online thing the way I was describing, that means that you gather your team, tell them to load up site www.x.com and voila their all up and running.

        With github I have to download and install, then some other guy tells me about this add on, then that add on, then the other add on, then you have to piss around with bizarre command lines and it just becomes a headache that eats time I could use to do what I was hired to do which is work, not work on getting github to work so I can work.

        • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @04:42PM

          by Anonymous Coward on Sunday March 29 2015, @04:42PM (#163853)

          You write toys... Try your multipler notepad on serious multi-million dollars project like a 4 separate layers (database, business rules, presentation control/caching,in browser ui) ERP+CRM built by two geographically separated team. You will want to die with your approach....

          • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @05:02PM

            by Anonymous Coward on Sunday March 29 2015, @05:02PM (#163863)

            You might be right, I usually only work with about 3 other people. Actually generally it's the same 3 people but I've done online collaboration etc.

            I'm usually not building a site that's multi-million dollar. It's more like I had one where it was a virtual convention expo and you could have people sign up and setup their own booth (we did it for a golf trade show). I used that and while it wasn't multi million it was still decently complicated.

            We had to make a front end for visitors to see, one for people with booths, and then a 3rd for admin to control everything behind the scenes.

            I got control on that one and we used my webserver to go ahead and all work together and it went super well. I loved that project but a big part of why I loved it was because I was really connected and working alongside my team instead of us all working separately then using branches etc to glue everything together.

            Actually though, why wouldn't it work with a multi million dollar project? If your singular files are getting that big you might want to break them down into more human understandable functions for future editing by the next team that comes in. That way if you and 3 guys are working on one area you either decide 'okay we're working on this file today, everyone lets go!' or you just individually create files and then use require statements to glue it together.

            I usually don't go near corporate environments because they like to use PHP and mySql a whole lot, which I find isn't nearly as easy to work with, use, update, etc etc as nedb. I get most of my work off freelancer.ca, kijiji and odesk.

            • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @06:18PM

              by Anonymous Coward on Sunday March 29 2015, @06:18PM (#163889)

              The project I talked about use Oracle as the dB, Java/Jersey for the business layer, node+couchbase for transformation/caching, apache for static file serving and a js components toolkit for the ui. Only a dozen file have over 1kloc, and we have well over 5000 files. Managing every aspect of a 5000 employees Corp, is quite different from your work line.

                I am not diminutive of your work, starting a freelancing business require courage and I respect that but please understand that some techniques that are efficient in smaller settings counterproductive in a bigger settings and vice versa...

              Sorry if I was I bit rash with my toy comment

              • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @07:54PM

                by Anonymous Coward on Sunday March 29 2015, @07:54PM (#163922)

                LOL, dude calling my stuff a 'toy' is probably the least offensive thing anyone has said about my work. People really hate javascript (I don't know why, it works, if it works its good) and my sites are almost entirely javascript because it can take disparate entities like server file access, smtp email server, database, web server and roll everything into 1 language which makes it easier to find people to work with and it makes it all into this one unified universal language which is awesome and its a big part of what I feel the philosophy of the net is about (things just work). As it splits into different languages you need to keep grabbing different people and more overhead because you need specialists with each individual piece.

                I feel sometimes like there's too much out there, like it's overwhelming and impossible y'know. I need a kind of edge so I can pull some serious david vs goliath shit and knock out a product by myself that competes with one made by a team and do it faster with more functionality (all while being paid less).

                when you were mentioning all those different products, I could simplify some of that into a few lines

                http=require('http').Server().listen(80); //web server up and operational
                Database=require('nedb'); database=new Database({filename:'/var/www/database.db', autoload:true}); //no users etc to setup, and its just a file instead of a full server, also no sql injection problems
                io=require('socket.io');
                io.on('connect',function(websocket){
                  database.find({},function(err,websiteWebPages){
                    websocket.emit('giveWebsite',websiteWebPages);
                  });
                }); //This grabs all the webpages, and sends it back as an object of pages nested inside pages, which makes creating the navigation at the client side a whole lot easier because the menu and sub menus conform to how the object is physically nested, also you can keep a copy at the back end so if they perform a transaction you don't grab the $ from the front, you reference the original object you sent forward

                • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @09:59PM

                  by Anonymous Coward on Sunday March 29 2015, @09:59PM (#163961)

                  I hate JS because people abuse it, sites that don't need it use it to the extreme, asshats use it to switch on hidden divs (hiding content until you enable JS), it's used for stupid shit like handling a submit button, it slows my browser to a crawl, it's used to restrict basic functionality such as right-click, it's used to track me, but mostly I'm sick of the fact that 'web developers' cannot write a website today without including a bunch of bloated JS libs hosted with various sites like Google (which I love to block). The web was just fine without JS. My refusal to run it means that huge portions of the web are just plain broken for me. Still worth it...

                  So please, fuck off with all the JS already...

          • (Score: 0) by Anonymous Coward on Monday March 30 2015, @02:03PM

            by Anonymous Coward on Monday March 30 2015, @02:03PM (#164234)

            "You have a woman's hands, milord. I'll wager those are fingers that have never been worn to mere stubs by decades of enterprise code."

      • (Score: 2) by tonyPick on Sunday March 29 2015, @04:50PM

        by tonyPick (1237) on Sunday March 29 2015, @04:50PM (#163857) Homepage Journal

        Your local repository has everything.

        Being pedantic: This is Not Quite True unless you do a "--mirror" clone (and almost nobody does that routinely).

    • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @04:23PM

      by Anonymous Coward on Sunday March 29 2015, @04:23PM (#163841)

      Why don't you move to Slashdot with your infantile rant?

      • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @04:41PM

        by Anonymous Coward on Sunday March 29 2015, @04:41PM (#163852)

        Lol, actually I like slashdot and I contribute there often. Despite what you wrote about slashdot being for infantile rants I'd be willing to bet you post there same as me.

        Anyhow this isn't a rant, I'm serious, github has certain issues and it's on the right track but it isn't 'there' yet because it requires installing software on your hard drive which is unacceptable. Also it needs a way to express and show these projects live and in action somewhere so that you can tell when your doing localhost editing if the problem is the project or your environment.

        It needs better labels about what operations are performed, because as it stands it's just confusing using it if someone else threw it at you without telling you anything about it (that happened to me, and experimenting with a bunch of unlabelled buttons is why I lost my work over and over again).

        I don't use office for the same reason, I just use google docs or croc doc, I don't use the calc, I use https://www.mathway.com/problemwidget.aspx?affiliateid=affil18092 [mathway.com]

        • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @05:48PM

          by Anonymous Coward on Sunday March 29 2015, @05:48PM (#163883)

          Lol, actually I like slashdot and I contribute there often. Despite what you wrote about slashdot being for infantile rants I'd be willing to bet you post there same as me.

          Sure, slashdot has a great many "contributors".

          Anyhow this isn't a rant, I'm serious, github has certain issues and it's on the right track but it isn't 'there' yet because it requires installing software on your hard drive which is unacceptable.

          I find a similar problem with my chromebook. If it's running everything from the cloud then it shouldn't need an operating system or any other locally installed software. It should just work by magic.

          Also it needs a way to express and show these projects live and in action somewhere so that you can tell when your doing localhost editing if the problem is the project or your environment.

          It could well be that you're joking or a product of your environment.

          It needs better labels about what operations are performed, because as it stands it's just confusing using it if someone else threw it at you without telling you anything about it (that happened to me, and experimenting with a bunch of unlabelled buttons is why I lost my work over and over again).

          Do you think that in the interest of efficient communication it would be better if they did away with labels or other short descriptors that you appear not to favor and replaced them with meandering run-on sentences?

    • (Score: 3, Interesting) by JNCF on Sunday March 29 2015, @04:51PM

      by JNCF (4317) on Sunday March 29 2015, @04:51PM (#163858) Journal

      Why aren't they just calling it javascript? ECMAscript is the name of the standard, but we all, and always have, called it javascript because ECMAscript doesn't roll off the tongue so well.

      If I called it JavaScript I would be referring to a specific (trademarked) implementation of the standard. Humans would still be able to parse the intent, but technically I would be stating that the attack affects a specific implementation of ECMAScript. Internet Explorer might be safe since it runs JScript, not JavaScript. The implementations really are different in how they fill in some gray areas of the standard, people just mostly avoid those parts.

      I definitely agree that ECMAScript is a shittier name than JavaScript. It's a great example of why you shouldn't trademark things like that.

      • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @05:06PM

        by Anonymous Coward on Sunday March 29 2015, @05:06PM (#163868)

        IE still uses that? I remember them trying it and developers like me just hate it when stuff doesn't work between browsers, it's part of the appeal of this work is that we are trying to interconnect the world so we can all get stuff done in a more mnemonic and simple way.

        I thought IE ditched it a long time ago and just bowed to the pressure of using javascript. Well at any rate, I tested out my site and it seems to work okay with IE, except that IE doesn't like my SSL cert while opera, chrome, and FF are fine with it.

        • (Score: 2) by JNCF on Sunday March 29 2015, @05:38PM

          by JNCF (4317) on Sunday March 29 2015, @05:38PM (#163879) Journal

          I was unaware of that, but you are correct. They dropped it in IE 10. It looks like IE 6, 7, 8, and 9 still have a combined share of about 6% of browsers, so JScript is still being used.

  • (Score: 2, Informative) by Anonymous Coward on Sunday March 29 2015, @04:31PM

    by Anonymous Coward on Sunday March 29 2015, @04:31PM (#163846)

    http://www.digitalattackmap.com/ [digitalattackmap.com] is showing the lowest levels of ddos in years.

    • (Score: 2) by dyingtolive on Sunday March 29 2015, @10:01PM

      by dyingtolive (952) on Sunday March 29 2015, @10:01PM (#163962)

      To be fair, they never said it was affecting anything. For the smallest values of largest. It still holds true. :P

      --
      Don't blame me, I voted for moose wang!
      • (Score: 2) by aristarchus on Sunday March 29 2015, @10:24PM

        by aristarchus (2645) on Sunday March 29 2015, @10:24PM (#163971) Journal

        Soon!

        For the smallest values of largest. It still holds true. :P

        Nicholas of Cusa was fond of saying that it also held true for the largest values of the smallest! And Buckaroo Banzai said, "When you're this far inside the brain, it's all the same."

        • (Score: 2) by dyingtolive on Sunday March 29 2015, @10:45PM

          by dyingtolive (952) on Sunday March 29 2015, @10:45PM (#163979)

          Well, Buckaroo Banzai WAS my favorite documentary...

          --
          Don't blame me, I voted for moose wang!
  • (Score: 3, Informative) by No Respect on Sunday March 29 2015, @06:23PM

    by No Respect (991) on Sunday March 29 2015, @06:23PM (#163890)

    Block IP addresses from China at the router. Unblock them when the attack stops. Problem solved.

    • (Score: 5, Insightful) by maxwell demon on Sunday March 29 2015, @06:53PM

      by maxwell demon (1608) on Sunday March 29 2015, @06:53PM (#163895) Journal

      If you block IP addresses from China, then no one from China can access you. Given that this apparently was the exact goal of the attack, I'm not sure that this would be the best answer. Especially since when you unblock China, the attack would likely restart soon, in the hope that after some cycles you'll block Chinese IPs permanently as answer, which would be Mission Accomplished.

      --
      The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @07:30PM

        by Anonymous Coward on Sunday March 29 2015, @07:30PM (#163911)

        Maybe there might be a way to fuse torrent technology with github technology? I know that if they try to get rid of move XXX online, it's near impossible, the magnet links and torrent files are so tiny and can be easily hosting all over the place that it becomes a game of whack a mole with the mole box being 100 acres in size.

        I saw an attempt with this at GHTorrent, but it tirelessly keeps harvesting from github itself which has no inherant way to in the back end convert the files into a torrent magnet link along with regular download links.

        Is there source code for github somewhere so anyone can just run a localized version?

        I complain about github, but maybe I should get in there and try to do something about it instead.

        • (Score: 2) by maxwell demon on Sunday March 29 2015, @09:06PM

          by maxwell demon (1608) on Sunday March 29 2015, @09:06PM (#163939) Journal

          That's an interesting idea. Since every git user has a copy of the archive for every project he works on (or simply downloaded by archive cloning), seeding should not be much of a problem. So basically the task would be to build a "GitTorrent" protocol around it, and then to get people to adopt it. I guess the main problem to solve would be the uploading of new versions to existing repositories. As I understand it, BitTorrent only has the functionality "Get the file over there", not the functionality "sent this file to over there".

          I don't know about sources of github, but git itself is certainly open source.

          --
          The Tao of math: The numbers you can count are not the real numbers.
        • (Score: 0) by Anonymous Coward on Sunday March 29 2015, @09:25PM

          by Anonymous Coward on Sunday March 29 2015, @09:25PM (#163945)

          Is there source code for github somewhere so anyone can just run a localized version?

          No there is not. But there are free replacements.

      • (Score: 0) by Anonymous Coward on Monday March 30 2015, @10:46AM

        by Anonymous Coward on Monday March 30 2015, @10:46AM (#164165)

        Your point? You seem to presuppose that the whole world gives two shits about how China throttles their population. We have our own fish to fry closer to home without wasting time trying to oppose the PLA.

        • (Score: 0) by Anonymous Coward on Monday March 30 2015, @02:14PM

          by Anonymous Coward on Monday March 30 2015, @02:14PM (#164239)

          This might come as a surprise, but yes, there exists people in the whole world who give two shits about how China throttles their population. It's fairly possible that some of those people work for github also.