whateverthing.com

☰

Last month, Nintendo announced that one of its sites (Nintendo Club of Japan) had been compromised by a brute force login attack. The attackers made 15,000,000 authentication attempts, and successfully took control of 24,000 accounts.

The attack would have failed if Nintendo had implemented login throttling.

Fail2Ban is a Python-based utility that hooks directly into the system's firewall to ban malicious IP addresses, and I'm going to show a few easy steps to make your site safer by blacklisting brute-force attackers. If you maintain a web application that doesn't have built-in authentication throttling, this might be the how-to you're looking for - alternatively, this would work as an additional way to punish pesky rogue connections.

It's that time again! I've been gathering links from far and wide (translation: twitter and my collection of RSS feeds), and I've chosen a few interesting ones to show you.

Recently, I read an article called Making Virtual Teams Work: Ten Basic Principles. It was all about ways to improve team communication, but the 7th Principle gave me an idea for marketing my wtBoard project.

You've probably heard people talk about "legacy code". They're usually referring to systems that are no longer supported or updated. However, there are other types of legacy code out there. Code that was written years ago, but still runs your company's products every day. Often an unruly mess of hacks justified by shifting business requirements and the airy whims of management, it's your job to keep it maintained and working.

Since people seem to think it's easy to just go in and presto-change-o add a feature, I'd just like to point out a few things that complicate that process. These three threats conspire to make the Total Cost of Ownership of a codebase hard to predict, and they are why you should use best practices at all times to ensure that you aren't willfully strapping yourself into a straitjacket in the name of short-term savings.