Readit NewsTo me it's a good tradeoff, of course I wouldn't use Telegram for anything illegal or suspect.
Thus, unlike with IC-track positions, it is likely that an engineer promoted into a management role is coming in cold. And while there are a variety of helpful books and training materials about engineering management, in general new EMs are expected to mostly learn by doing.
“Learn by doing” can be tricky, however, because many of the issues a seasoned engineering manager is expected to be able to capably handle do not happen every day. They happen relatively infrequently, and sometimes only when you change teams, but you need to know how to handle them when they do occur.
Because engineering management is largely a “learn by doing” craft, and because it can take years in the role to experience even the half of what a seasoned EM is typically expected to be able to capably handle, I would argue that the best EMs are those who have had abundant opportunities to learn from their mistakes. But you can certainly speed that up at least a little bit by learning from other people's mistakes instead :)
I'm not so sure that's a good reason to be honest. And if you're worried about CVE's, well, you'll be using handwritten, hand delivered notes before long. Keep your systems patched, keep them tidy, none of this is likely to affect you, fail2ban or not.
To tptacek's point, you've got to ask yourself is a denial of service attack in your threat model?
The reality is most folk set up fail2ban after seeing auth failures in their logs, not service degradation.
If you're considering a denial of service attack in your threat model, then I'd probably also consider a DDoS attack and there are likely more effective solutions here (a firewall or CDN).
And don't forget you're using some of those precious CPU cycles to parse the auth logs, with python no less :-)
That leaves noise in the logs - which sure, it's nice to reduce, but using an alternative port can help here.
I may sound like a spoilsport - but the fact that there have been a number of security vulnerabilities (https://www.cvedetails.com/vulnerability-list/vendor_id-5567...) in this project, make it worse than security theatre, it actually increases risk whilst not at all reducing it.
In the end Toe is just a legacy project from the CIA/NSA that has outlived it's usefulness. The NSA has certainly redteamed all the ways to take it down or uncloak users, if needs be, so it's not even a tool against a potential fall into dictatorship of the USA.
Having said that, searching Druapl on the CISA know exploited list shows a number of remote code execution vulnerabilities that this would help mitigate: https://www.cisa.gov/known-exploited-vulnerabilities-catalog