David Heinemeier Hansson dhh

Basecamp was under network attack

The attack detailed below has stopped (for the time being) and almost all network access for almost all customers have been restored. We're keeping this post and the timeline intact for posterity. Unless the attack resumes, we'll post a complete postmortem within 48 hours (so before Wednesday, March 26 at 11:00am central time).

Criminals have laid siege to our networks using what's called a distributed denial-of-service attack (DDoS) starting at 8:46 central time, March 24 2014. The goal is to make Basecamp, and the rest of our services, unavailable by flooding the network with bogus requests, so nothing legitimate can come through. This attack was launched together with a blackmail attempt that sought to have us pay to avoid this assault.

Note that this attack targets the network link between our servers and the internet. All the data is safe and sound, but nobody is able to get to it as long as the attack is being successfully executed. This is like a bunch of people

	Hi David

	I'm impressed with your back ground and your responsibilities at 37signals. When researching your profile I also found that you have 4.8K followers and have been starred 29 times on GitHub. This speaks volumes to your work and your high technical expertise. I'd love the opportunity to speak with you about a Ruby Engineering role I'm currently working on for Heroku. I'd like to share more details about the position and find out if you or anyone you know would be interested.

	Heroku is a Platform as a Service (PaaS) that lets you deploy, run and manage applications written in Ruby, Node.js, Java, Python, Clojure and Scala. Heroku is owned by Salesforce however, we operate as a completely separate entity. This allows us to maintain our technology, culture and the formula that has made us so successful.

	Anyway, it would be great to set up sometime to chat. I am more than happy to answer any questions that you might have and it would be great for me to hear about what you are looking for in any potentia

	class GroupersController < ApplicationController::Base
	def create
	@grouper = Grouper.new(leader: current_member)

	if @grouper.save
	confirm_grouper_via_emails(@grouper)
	enqueue_bar_assignment(@grouper)

	redirect_to home_path
	else

	class GroupersController < ApplicationController::Base
	def create
	@grouper = Grouper.new(leader: current_member)

	if @grouper.save
	ConfirmedGrouperEmails.new(@grouper).deliver
	AssignBarForGrouper.enqueue(@grouper.id)

	redirect_to home_path
	else

	# MODEL

	class Case < ActiveRecord::Base
	include Eventable

	has_many :tasks

	concerning :Assignment do
	def assign_to(new_owner:, details:)
	transaction do

	class Ticket < ActiveRecord::Base
	belongs_to :grouper
	belongs_to :user

	validate :user_cant_be_blacklisted, on: :confirmation
	validate :user_cant_double_book, on: :confirmation

	validate :grouper_cant_be_full, on: :confirmation
	validate :grouper_cant_have_occurred, on: :confirmation

	# config/routes.rb
	resources :documents do
	scope module: 'documents' do
	resources :versions do
	post :restore, on: :member
	end

	resource :lock
	end
	end

	class TimeEntriesController < ApplicationController
	before_action :set_project, :set_issue

	def create
	@time_entry = container.time_entries.build time_entry_params.merge(user: User.current)

	if @time_entry.save
	respond_to do \|format\|
	format.html { redirect_back_or_default created_time_entry_url, notice: l(:notice_successful_create) }
	format.api { render :show, status: :created, location: @time_entry }

	# Option A: I'd start with this
	class Micropost < ActiveRecord::Base
	validate :no_profanity

	private
	def no_profanity
	if user.minor? && profanity = profane_words_used_in_content
	errors.add :content, "Profanity: '#{profanity.join(", ")}' not allowed!"
	end
	end

	class UserAuthenticationsController < AuthenticatedController
	def create
	if authenticate
	enroll_promotions
	redirect_to return_path
	else
	redirect_to back_path, error: authentication_error_message
	end
	end