Sourcehut and Codeberg are both currently experiencing a DDoS attack

There&#x27;s been a few of those for sourcehut ... makes you wonder wth is going on ...<p>In one of the previous ones, they said there was high suspicion it related to &#x27;hatred against a transgender developer in the company&#x27; or something like that. Like, who the hell targets a &quot;company&quot; because of an employee who works there you don&#x27;t like ...

A ton of source code that is stored on Sourcehut and Codeberg is also likely replicated over dozens or hundreds of other machines.<p>I wonder if something like the BitTorrent protocol could be used to keep a repo accessible without directing all the traffic to one site. Take a magnet link to a particular repo and commit, receive the complete branch eventually. Now serve these commits to other peers. That would be rather harder to DDoS or censor.<p>(This, of course, ignores other aspects of forges: CI&#x2F;CD, releases, packages, etc. Issues and even code reviews can be branches, too; such tools exist, and e.g. Fossil has them built in.)

Genuinely interested: who the hell pays to DDoS services like Sourcehut and Codeberg? :&#x2F;

I do wish folks would implement PoW ratelimiting. You can host the req&#x27;d JS on a CDN.<p>I implemented this as a .NET lib (<a href="https:&#x2F;&#x2F;bvulpes.net&#x2F;tarpit-a-proof-of-work-http-ratelimiting-scheme&#x2F;" rel="nofollow">https:&#x2F;&#x2F;bvulpes.net&#x2F;tarpit-a-proof-of-work-http-ratelimiting...</a>) for obscure reasons, but an NGINX integration would really be ideal.

Outage statement from Drew: <a href="https:&#x2F;&#x2F;outage.sr.ht&#x2F;" rel="nofollow">https:&#x2F;&#x2F;outage.sr.ht&#x2F;</a>

Wait. I thought the problem of being DDoS-ed is widely solved, i.e., just pick someone else (cloudflare, akamai, fastly, etc) to be the &quot;proxy&quot; of your site, and then let them defend the attack for you. No?

tinfoil hats on.<p>mystery solved: in the coming days github will announce obligatory 2fa linked to a phone number.<p>some Microsoft exec is betting his job that people will not just abandon github if they turn the heat on too hard on the slow boiled frog that is open source still hosted there.<p>to offset that theoretical exec fears that open source projects will jump ship, they spent the equivalent of one expensive dinner on ddos for hire to take the top competitors offline.<p>this is not some coordinate evil plan at Microsoft, just something that someone with even as little as M3@microsoft money and very little cryptocoins can easily do in under an hour.

To use the Mastodon web application, please enable JavaScript. Alternatively, try one of the native apps for Mastodon for your platform.

&gt; &quot;we called [Cloudflare] and they quoted a very big number&quot; [0]<p>This is what I&#x27;ve never understood about Cloudflare.<p>You&#x27;re suppose to be able to purchase a business account for $200&#x2F;mo [1]<p>But it seems like at some point, Cloudflare says you need to upgrade to a custom pricing plan.<p>What triggers Cloudflare to state you can&#x27;t use the $200 Business Plan account?<p>[0] <a href="https:&#x2F;&#x2F;fosstodon.org&#x2F;@arch@floofy.tech&#x2F;111739294821803544" rel="nofollow">https:&#x2F;&#x2F;fosstodon.org&#x2F;@arch@floofy.tech&#x2F;111739294821803544</a><p>[1] <a href="https:&#x2F;&#x2F;www.cloudflare.com&#x2F;plans&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.cloudflare.com&#x2F;plans&#x2F;</a>

Simple solution, Rent a botnet and DDOS the DDOS. &#x2F;s