Skip to content

Grinding Gears

Tales of code crunching from the FreeAgent Engineering team

  • Development
  • Data & ML
  • Infrastructure
  • Mobile
  • Tooling
  • Security
  • Culture
  • Careers

We’re Gonna Need a Bigger Boat

Posted by Richard Grey on March 9, 2021

Earlier this year, the FreeAgent marketing website www.freeagent.com was the target of a volumetric Distributed Denial of Service (DDoS) HTTP flood attack. This was a relatively unsophisticated attack in that it targeted a particular static endpoint of our website with a massive number of HTTP GET requests from multiple remote IP addresses around the globe, as visualised on the map below. Predominantly serving the UK small business base, FreeAgent wouldn’t… Continue reading

➼ Read other posts about security

External authentication scripts in OpenVPN the right way

Posted by Caius Durling on May 22, 2017

OpenVPN is a wonderfully flexible piece of software in anyone's toolkit, but recently we found a sharp edge that wasn't the most obvious thing to work around. After spinning up a new VPN server we wanted to add username/password authentication against an external source. Looking at the OpenVPN documentation, the --auth-user-pass-verify <script> flag provides this functionality. Writing the script for this was easy enough — read the credentials from a… Continue reading

➼ Read other posts about openvpn

Passphrase generation using awk

Posted by Caius Durling on October 14, 2016

Given a requirement of generating a temporary passphrase that can be communicated over the phone to another person, I thought of XKCD #936 which suggests using four random words together as a passphrase. Then there's just the question of how to generate that easily. On each system there's a file containing a list of words somewhere, on OS X it's located at /usr/share/dict/words. This contains a good ~236,000 words on… Continue reading

➼ Read other posts about awk or security

Weak DH – Time to Level Up

Posted by Nathan Howard on October 9, 2015

SSL vulnerabilities have been big news over the last few years. We've had Heartbleed, CSS Injection, POODLE and FREAK among others. At FreeAgent we take these vulnerabilities very seriously and work to mitigate these as fast as possible. The one we will be looking at today is Weak Diffie-Hellman and the Logjam Attack and some changes we are going to be making in the coming months. SSL configuration can be… Continue reading

➼ Read other posts about security or ssl

System hardening leads to CVE-2015-3341 and fun with DTrace

Posted by Steven Williamson on August 19, 2015

Here at FreeAgent, security is a never-ending project. We are never finished, and we are always looking for ways to harden our platform, ensuring data is kept safe. Security should not be taken for granted – it is not just about technical mitigations or fancy enterprise firewalls, equally important is developing the right set of processes and procedures. One important aspect is testing your security controls. You need to be… Continue reading

➼ Read other posts about cve or dtrace or rbac or security

Speeding up SSL

Posted by Thomas Haggett on November 29, 2011

SSL is great; widely supported, easy to set-up, relatively cheap these days and (relatively) secure. We've required it from our early days and it hasn't caused us too many issues other than needing us to renew our SSL certificates from time to time and requiring a few more IP addresses than we otherwise would have needed1. That said, I recently visited Portland to attend PuppetConf (all about Puppet, a configuration… Continue reading

➼ Read other posts about platform or puppet or ssl or tls

We're totally hiring!

See our current engineering vacancies

Built with ❤️ by the FreeAgent team.