AWS Tips I Wish I'd Known Before I Started

Moving from physical servers to the "cloud" involves a paradigm shift in thinking. Generally in a physical environment you care about each invididual host; they each have their own static IP, you probably monitor them individually, and if one goes down you have to get it back up ASAP. You might think you can just move this infrastructure to AWS and start getting the benefits of the "cloud" straight away. Unfortunately, it's not quite that easy (believe me, I tried). You need think differently when it comes to AWS, and it's not always obvious what needs to be done.
Read More...

Protecting Yourself Against Insecure Websites

There's a big problem with the internet right now: there are a large number of websites storing passwords insecurely. It seems there are lots of bad developers out there who don't know how to store passwords properly. That's fine, it's not really their fault, everyone had to learn at some point, and some people just haven't come across the information yet. Perhaps "bad" isn't the right word, "inexperienced" would be a better description. The life of a programmer is one of constant learning after all (if you're a decent programmer, the worst code you've ever seen is likely to be code you wrote a few years earlier). Read More...

Fix Graphics in Ubuntu 10.04 Lucid Lynx on a Toshiba Portégé

This is a brief follow on from my previous note on how to fix networking for the same setup.

After recently purchasing the awesome Humble Bundle V, it became apparent that I'd never got the graphics working properly on my laptop with Ubuntu 10.04. For those crazy people out there who, like me, want to run Ubuntu 10.04 on their new laptop, here's how to get the graphics drivers installed and working. Read More...

Fix Networking in Ubuntu 10.04 Lucid Lynx on a Toshiba Portégé

It's been a while since I've written anything here, so I figured I'd start getting into the habit again with a quick note.

I recently got a new Toshiba Portégé laptop (Z835-ST6N03), onto which I immediately loaded Ubuntu 10.04. Unfortunately, 10.04 is getting a bit old, yet the hardware in the laptop is quite recent, so neither ethernet or wireless networking worked. Read More...

Secure Session Management Tips

Most (if not all) modern websites use sessions to control the experience for individual users, and to maintain state between requests (since HTTP is a stateless protocol after all). Sessions are fantastic and incredibly useful, but if managed incorrectly they can expose your website to security vulnerabilities and potentially allow a malicious attacker to gain unauthorised access to user accounts. Read More...

Cross Site Request Forgery (CSRF/XSRF)

If you're building a site that allows users to update any sort of information (so most websites), then you should probably think about protecting against Cross Site Request Forgery (referred to as CSRF or XSRF). Being susceptible to this type of attack can be annoying in some cases, but extremely dangerous in others. Unfortunately, it's not the type of attack that's easy to understand at first, and it's not immediately obvious how to prevent such an attack. Because of this, protecting against XSRF is often overlooked, even on some big name websites. Read More...

Picture of Rich Adams.

W(e)blinks is the personal site of Rich Adams (that rather handsome looking guy in the photo). I'm a British programmer living in San Francisco. By day I work with servers at PagerDuty, by night I write code and fight crime1. I'm @r_adams on Twitter if you want to get in touch.

1probably not true