Obviously you can't filter for every possibility in advance, but with a hands-on moderator and some regex it should be super-easy to throttle this. And as more than one person has pointed out, just shutting down new account creation/posting for 24 hours would be equally effective. I'm perplexed at how a mature site full owned and catering to network technologists is vulnerable to such a laughably crude attack.
but then you've shut down account creation for 24 hours. The site operators get to choose how they want to play it, but it seems they don't want to do that just yet.
You're right that it's laughably crude though. Says a lot about things that this hasn't happened until now.
but then you've shut down account creation for 24 hours.
But so what? The impact of that would be negligible, almost certainly less than that of having site performance go through the floor/become temporarily unreadable. It's not like a B2C product launch, and the target audience of HN is more or less optimally positioned to understand why one might deliberately interrupt service.