GitHub wipes hand across bloodied face, stumbles from brutal DDoS beating

Re: Not even a small developer would trust it for private, internal code

"Close the git server from the web" isn't an option if you want to allow your developers to work remotely.

No, but you could have a firewall list that only allows the IP addresses of your developers to gain access. Even with a bit of IP re-use on domestic broadband being added in, you are down from ~1 billion computers able to attack to a hundred or so.

Re: Not even a small developer would trust it for private, internal code

When you're talking about DDOS attacks "security through obscurity" is the only way to prevent DDOS from happening in the first place. If nobody but your core developers know the location of the repository... so no it's not "stupid".

Of course you can't stop anybody from deliberately targeting your developers thru social engineering / trojan / malware / 0-day exploit that will then potentially compromise your systems, but the point here is that a DDOS attack on your "central" repository potentially stops one (or more) from working.

Git maybe decentralised, but when groups work together people still need to merge/fork/branch on common ground.

Any tech/software companies that relies on a cloud repository WILL think twice about renewing their services or bringing it 'in-house' or at least deploying a private cloud / vps (perhaps even run by the public cloud providers) where their own repo will not be affected in case of a DDOS on the public cloud.

The OP DOES make a good point in that companies like IBM where security and trade secert is of paramount importance would not even have a repository accessible from a public IP. They're more likely deployed and accessible only via limited VPN access if they're even allowed to access it over the internet.

It's pretty common knowledge that if you want things to be secure, first of all, get off the grid.

Re: Not even a small developer would trust it for private, internal code

"Many, many businesses use services like github, bitbucket, asssembla."

Then they deserve everything they get. I can understand a proper enterprise ready cloudy solution such as http://tfs.visualstudio.com/ , but these insecure and flaky third party ventures are simply not suitable for business use...

Re: GitHub & businesses

The good thing about git repositories is that checking out is cloning. So everybody has their own fully functional git repository, and the remote is backed up quite well even if you've no formal process.

If GitHub vanishes temporarily, pick any local machine to be the new central repository, and remember to push from there when GitHub comes back up.

Re: GitHub & businesses

Who let grandpa on the internet again? Time to give him his pills.

Pfft. It was "grandpas" that built most of this Internet of yours ...

Re: One question not covered

"to be more highly trained than you need to be to write the code in the first place has got it priorities wrong."

Some of the biggest projects in the world are using git without issue... Really if you can't work out how to use the 3 or 4 commands you need in daily usage and read the manual when you need to do something more complex I think it says more about you than git. Maybe you should find a job that's more suitable and requires less thinking.

Re: One question not covered

I just use Git GUI.

Almost everything I need to do is a click on a button or menu option, and when I've needed to do something more esoteric I just Google it and add it to the "custom tools" menu so it becomes just another menu option.

There are annoyances with it - the tags list gets too long & can't easily edit a custom tool (have to open config file), but overall it's much easier than VSS or ClearCase so I'm happy.

Mercurial may well be better but I've not used it.