email article printer friendly

Letters to the Editor

Posted January 12, 2004

Letters to Visual Studio Magazine are welcome. Letters must include your name, address, and daytime phone number to be considered for publication. Letters might be edited for form, fit, and style. Please send them to Letters to the Editor, c/o Visual Studio Magazine, 2600 El Camino Real, Suite 300, San Mateo, CA 94403; fax them to 650-570-6307; or e-mail them to vsmedit@fawcette.com.

Defend Against Attacks
I have an effective technique against dictionary attacks that James McCaffrey didn’t discuss in his article, “Prevent Dictionary Attacks” [December 2003]. If the login fails, I delay the reply for a few seconds using a sleep thread. It’s easy to implement and has no accessibility issues. The attacker can see that the effective response rate to the attack is low and will find easier game. I also log the IP and count retries. The sleep period can be proportional to the number of invalid retries from that IP. Consecutive invalid logins get slower and slower but do not lock out the account. This prevents a denial-of-service attack that an account lockout method causes. You can use this method in combination with all of James’ other suggestions.

Bill Addington

Cooper Out of Touch?
I recently read Alan Cooper’s The Software Architect column, “The Last Gasp” [November 2003], and I have to admit I think he missed something fundamental in his logic. Normally I’ve been in complete agreement with Alan over the years and have enjoyed reading his various books, columns, and white papers.

I believe he’s playing games with semantics, not reality. Software, and the necessary enabling technologies which are required to run the software on, are indeed manufactured goods. Yes, in a pure sense, software is an abstract collection of state potentials, but in order for it to be usable, it needs to be placed on some form of media or transferred over another form. In our world, things break out into two major marketable commodities: either goods or services. Software is a good, not a service. The software can provide a service, but it is a good intrinsically. The act of creating it is a manufacturing process. It uses raw materials by the tons. The factories are now office buildings stuffed full of people, computers, cubes, phones, infrastructure, and so on. They might also be a home office, but they still exist and consume resources, and you can get a tax credit from the IRS for all of it.