What Engine Yard Learned from the 10/26/2016 DNS DDoS Attack, and What You Can Too

The DDoS attack that happened on Friday, October 21st 2016, took a massive number of websites offline and caused widespread outages. Even if your application wasn’t affected, you more than likely noticed that some of your favorite sites were completely inaccessible for a period of time. The attack made one thing very clear: there are single points of failure all over the Internet, even in this day and age of hyper-conscious networking security.

Even Engine Yard, which prides itself on being an incredibly secure platform, was affected negatively by the late October attack and suffered platform downtime. Although these attacks are a scary display of Internet insecurity, they present a great opportunity to make your application and offering stronger. Studying what happened and learning from these attacks is an important piece of getting better and stronger. Here’s what we learned to harden our platform, and what you can too.

Through detailed investigation, Engine Yard identified the individual components of our platform that failed as a result of the DDOS attack and has implemented changes that prevent recurrence of these events; specifically, Engine Yard has set up alternative DNS service providers. At a moment’s notice, Engine Yard is now able to switch among multiple providers in the event of a similar DDoS attack in the future.

Engine Yard highly recommends that all of our customers also look into solutions such as this. In addition to setting up multiple DNS providers, creating a well documented process to switch from one provider to another in the case of an emergency is also important. Ensuring your documentation is clear and easy to follow will allow almost anyone within your organization to assist in an emergency. We also suggest that you undertake a series of simulated dry-runs, so that when the moment comes, you’ll be ready.

These types of attacks present a hidden opportunity to learn and develop safer systems. Our mission is to not only harden our own platform, but help our clients reduce their own risk as well.

If you have any feedback, please contact Engine Yard at customersuccess@engineyard.com.

Running a Containerized Turnkey Application on Engine Yard Cloud

YouTrack is an issue tracking system developed by JetBrains. You can run it on your own servers, or pay a subscription and run it from JetBrains’s servers. It is an excellent example of a turnkey software, i.e. software that you run without modification for most of its lifetime.

In this post I will introduce you to the docker_youtrack custom Chef recipe that installs a Docker container running YouTrack on a utility instance inside an Engine Yard Cloud environment.

Even if you don’t plan to install YouTrack yourself, you can still follow along. Understanding how this recipe functions is a good starting point for writing your own Chef recipe that installs an application of your choice.

This article assumes you’re already familiar with Engine Yard Cloud and already have a running environment. If that’s not the case, please start with Getting Started with Docker on Engine Yard Cloud.

Read More
Learn about Engine Yard
Try Engine Yard for your Ruby or PHP Apps

Inline Styles: Yes or No?

Recently, a team I work with has been porting some existing tools written with JavaScript to a new codebase using ReactJS. We were discussing how we should handle styling, and one member suggested using inline styles.

Another teammate said: “Inline styles? Are you serious?”

The first one came back, “yeah, it’s the new hotness, haven’t you heard?”

This led to a heated discussion about the merits of CSS/LESS/SASS vs. JavaScript-based inline styling. We went back and forth trying to decide, which would be more maintainable? Readable? Performant?

Since most of us didn’t really know how inline styles even became a thing, I decided to do a little digging and find out what it’s all about.

Read More

Credit Card Requirement Removed from Engine Yard Trial

At Engine Yard, we’re all about speed and getting our clients where they need to go faster. From deploying to support, we want to make it as easy and as quick as possible. With that in mind we’re happy to announce that we’re removing the credit card entry step from the free Engine Yard trial. Forget about reaching for your wallet or purse when you want to see the power of Engine Yard, just get going!

The credit card step was added (unfortunately) as a means to dissuade fraud. Now that this once annoying roadblock is out of your way, there’s nothing stopping you from quickly leveraging the power of the Engine Yard Cloud Platform.

So what’s your excuse? Get out there and deploy!

Software Evaluation, Part Two: A Closer Look

Adding software dependencies to a project can be good or bad. On the one hand, they can save us time not having to implement things that have already been built for us. But on the other hand, they can sometimes cause problems.

In part one of this miniseries, we looked at how to make a basic assessment of a third-party software project with a view to adding it as a dependencies in one of our own. We looked at how the project handles breaking changes, testing, release branches, and licensing.

In this post, we’re going to look at how to scrutinise a project closer.

Read More

CHECK OUT OUR CURATED COLLECTIONS

Look through our specially curated posts to get focused, in-depth information on a single topic.