Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They're probably demonstrating that the Chinese government can leverage nearly the entire Chinese internet userbase to DDOS anyone they want, at any time, and the easiest protection mechanism is to block Chinese IPs. Which is exactly want they want.


Except this particular attack is not coming from Chinese IPs, rather from visitors of Chinese websites from outside China.


right, which is why unfortunately github couldn't counter by piping in some anti-china propaganda or something.

As a sidenote though, VPN users are probably also affected.


Maybe they could -- it might not be a wise move, particularly given the political tensions which obviously exist already, and it would certainly be inflammatory, but it may well be technically possible.

Github serves HTML over HTTPS, which means that if they started putting a few well-chosen words in Chinese in every HTML page served to China, the only thing the government could easily do about it would be to block github from Chinese users entirely -- which they've already tried once, and didn't keep up, presumably because cutting off github for more than a few days poses problems for their own domestic software sector.


Chinese VPN users are absolutely affected, and in fast this puts more pressure on Chinese-used VPN services, and to a lesser extent the users, too.


Damn! I just realized, github is getting a full 1% of baidu's traffic. I wonder if they're getting the search terms. I bet they're getting cookies.

The ultimate mitigation might be google paying to show the results instead of baidu.

Or just showing their own ads.


Github wouldn't get baidu's cookies since they're different domains.


They could if they put code to read cookies in JS and send them home in the JS included in people's pages.


Good point, all the more reason page authors should use httpOnly cookies: https://www.owasp.org/index.php/HttpOnly


> leverage nearly the entire Chinese internet userbase

Well, not just Chinese users. Anyone who was accessing a site that used Baidu's analytics, regardless of where they came from. Things like this remind me why I like Piwik so much.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: