what makes you think a convert op to DDoS github is out of the question?
The fact that this attack doesn't pass even a most cursory risk/reward analysis.
Anyone with the technical smarts to carry it out must be well aware that there is zero upside potential for China. The targeted projects are not gonna disappear, github is not gonna disappear.
All possible outcomes are negative; The targeted projects get extra media attention (Streisand effect), the "Cyberwar" narrative in the west is fueled (cf. this HN thread), in the worst case there could even be a minor diplomatic quarrel with the US.
I see several wins for china, the first one is showing off the offensive power of their "great firewall". Not everyone has the ability to withstand such an attack, the chilling effect is real.
Looks like if you want to mess with China then all you have to do is put your material on Github. You think that is the lesson China wanted to teach the world?
Now let's say you want to provide some sort of service that the Chinese government would frown upon. Would this not make you think twice about doing that? A lot of people would take an attack as a point of pride and be deliberately defiant, but a lot of other people would just see it as a big risk to be avoided.
You dont see a chilling effect when the choice is either host your content on github or be blasted off the internet?
Lets not forget this wasnt an easy thing for github to handle. Their service still isnt running at 100% normal. Not to mention the cost burden they're currently dealing with.
You dont see a chilling effect when the choice is either host your content on github or be blasted off the internet?
Was there any doubt about China's ability to blast sites much bigger than Github off the internet to begin with?
They're the second largest economy in the world. They don't need to play painfully obvious MITM tricks on their own infrastructure to carry out an attack - which then doesn't even have enough oomph to make a dent on a large but probably not particularly hardened site.
Lets not forget this wasnt an easy thing for github to handle.
That doesn't change the message that this random, half-assed neck-slap sends.
If this was really done by Chinese authorities and if I was a Chinese dissident then I'd be thrilled rather than chilled. Who knew keeping my stuff online could be as easy as uploading it to Github!
Nobody ever said China couldn't run DDOS tools. This is a deterrent signal sent to businesses outside of China. It publicly demonstrates that China has the will to punish businesses for serving certain kinds of content. Although it's obvious who benefits, it's just deniable enough that they have avoided international censure; today nobody can reasonably think "China wouldn't do that because they fear reprisals," since they just did it; which helps China maintain a credible threat to businesses. They aren't trying to destroy GitHub, just to exert control over businesses which are out of their regulatory reach.
It publicly demonstrates that China has the will to punish businesses for serving certain kinds of content.
Do you really think anyone concerned with these things (activists, VPN providers, companies doing business with China) needed a half-assed, unsuccessful Github attack as a "deterrent signal"?
The fact that this attack doesn't pass even a most cursory risk/reward analysis.
Anyone with the technical smarts to carry it out must be well aware that there is zero upside potential for China. The targeted projects are not gonna disappear, github is not gonna disappear.
All possible outcomes are negative; The targeted projects get extra media attention (Streisand effect), the "Cyberwar" narrative in the west is fueled (cf. this HN thread), in the worst case there could even be a minor diplomatic quarrel with the US.
What do they have to win here?