Comment by exceptione

Comment by exceptione 4 hours ago

16 replies

View on Hacker News

Crazy. Who would have an incentive to spend resources on DDoS'ing Codeberg? The only party I can think of would be Github. I know that the normalization of ruthlessness and winner-takes-all mentality made crime mandatory for large parts of the economy, but still cannot wrap my mind around it.

Kelteseth 3 hours ago

Not just them. For example, Qt self hosted cgit got ddos just two weeks ago. No idea why random open source projects getting attacked.

> in the past 48 hours, code.qt.io has been under a persistent DDoS attack. The attackers utilize a highly distributed network of IP addresses, attempting to obstruct services and network bandwidth.

https://lists.qt-project.org/pipermail/development/2025-Nove...

Reply View 1 reply
  • delfinom 18 minutes ago

    Probably some little script kiddie fucks who think they are elite mega haxors and use their mommie's credit card to pay one of the ddos services readily accessible.

    Reply View 0 replies
rcxdude 3 hours ago

DDoS are crazy cheap now, it could be a random person for the lulz, or just as a test or demo (though I suspect Codeberg aren't a bit enough target to be impressive there).

Reply View 1 reply
  • Sammi 3 hours ago

    Is it because the s in iot stands for security? I'm asking genuinely. Where are these requests coming from?

    Reply View 0 replies
ncruces an hour ago

Big tech would be far more interested in slurping data than DDoS'ing them.

An issue with comments, linked to a PR with review comments, the commit stack implementing the feature, and further commits addressing comments is probably valuable data to train a coding agent.

Serving all that data is not just a matter of cloning the repo. It means hitting their (public, documented) API end points, that are likely more costly to run.

And if they rate limit the scrappers, the unscrupulous bunch will start spreading requests across the whole internet.

Reply View 0 replies
sznio 3 hours ago

>The only party I can think of would be Github.

I think it's not malice, but stupidity. IoT made even a script kiddie capable of running a huge botnet capable of DDoSing anything but CloudFlare.

Reply View 0 replies
Ygg2 3 hours ago

> Who would have an incentive to spend resources

That's not how threat analysis works. That's a conspiracy theory. You need to consider the difficulty of achieving it.

Otherwise I could start speculating which large NAS provider is trying to DDoS me, when in fact it's a script kiddie.

As for who would have the most incentives? Unscrupulous AI scrapers. Every unprotected site experiences a flood of AI scrapers/bots.

Reply View 3 replies
  • theteapot 3 hours ago

    Actually I think that's roughly how threat analysis works though.

    Reply View 2 replies
    • Ygg2 2 hours ago

      For threat analysis, you need to know how hard you are to break in, what the incentives are, and who your potential adversaries are.

      For each potential adversary, you list the risk strategy; that's threat analysis 101.

      E.g. you have a locked door, some valuables, and your opponent is the state-level. Risk strategy: ignore, no door you can afford will be able to stop a state-level actor.

      Reply View 1 reply
      • theteapot an hour ago

        I concur the question, "Who would have an incentive to spend resources on DDoS'ing Codeberg?" is a bit convoluted in mixing incentive and resources. But it's still, exactly, threat analysis, just not very useful threat analysis.

        Reply View 0 replies
tonyhart7 3 hours ago

its easier for MS to buy codeberg and close it than to spent time and money to DDOS things

Reply View 5 replies
  • matrss 3 hours ago

    How do you buy an e.V.?

    Reply View 4 replies
    • tonyhart7 2 hours ago

      You goes to BYD dealership???

      Reply View 1 reply
      • matrss an hour ago

        I said e.V., not EV. Codeberg is an e.V., i.e. a "registered association" in Germany. I am not actually sure if you could technically buy an e.V., but I am 100% certain that all of the Codeberg e.V. members would not take kindly to an attempt at a hostile takeover from Microsoft. So no, buying Codeberg is not easier than DDoSing them.

        Reply View 0 replies