Taking me back some years…

…used to tinker with MOTD on all the *nix boxes (was rarely Linux — HPUX, AIX, Sun).

Only memory that stands out was appending dictionary.com WotD and weather and recall that the typical web http libraries were not functional for whatever reason and had to write Perl socket code to actually fetch the HTML data.

@ IceBrain:

The FreeBSD thing was a call of the network guys. I was like “Can I has debian facing web?” and they were like “NO, FreeBSD or GTFO!” Allegedly it’s more stable, more secure, etc, etc.. Ultimately all I needed on there was Apache and PHP so I didn’t really care what OS it was running as long as it was not Windows. :P

I’m not a fan of MOTDs. Usually I keep jumping in and out off SSH servers all day, so the less fuss and noise, the better. Granted, I’m spoiled since all the machines I manage are Debian or derivatives, but even if they weren’t, I’d rather just keep a “tips” file in the $HOME.

By the way, any particular reason for using FreeBSD? I tried it for a while, but I kept asking myself why would I use it. Besides ZFS, which I had no particular need for,
I never found any good reason to stick with it. Learning alternatives to the mainstream is always good, but if it’s for the educational value, I’d rather learn something particularly different like Plan9. FreeBSD just seems too similar, yet annoyingly different.

@ Chris Wellons:

Exactly. I’m going to use “layered defense” instead of “just a precaution” from now on. :)

@ Matt`:

Yeah, I’m aware that blurring isn’t optimal. I think there is an algorithm for unscrambling Photoshop blur somewhere out there as well. But I figured that if someone actually puts that much effort into deciphering my redacted screenshots I’m fucked anyway. This was more of a “stave off the temptation” kind of move. Cause I know I will get that sometimes – I will be reading a blog post, see some IP addresses or domain names and get the inkling to ping them just to see if they are real. :P

May be best not to rely on a blur to hide things you want hidden – can be easier than expected to figure out what the original text was, given the limited pool of options (easiest being picking out which of 10 digits the blurred result came from).

Haven’t peered closely enough at your images to know if it’s a possibility here, but you really can’t go wrong with a solid black bar over the ‘secret’ bits… no clues through that, so long as you don’t fail hilariously.

Obscurity ain’t security, but posting [IP] addresses along with configuration details on the internet is just asking for trouble.

Definitely don’t rely on obscurity in your design — that’s security through obscurity and bad design. However, even if your design is perfect, the implementation is almost certainly not, so you definitely want to give attackers as little information as possible. That’s not security through obscurity; that’s layered defense.