Tor

Security by Obscurity

Today this blog post turned up on Hacker News, titled “Obscurity is a Valid Security Layer”. It makes some excellent points on the distinction between good and bad obscurity and it gives an example of good obscurity with SSH.

From the post:

I configured my SSH daemon to listen on port 24 in addition to its regular port of 22 so I could see the difference in attempts to connect to each (the connections are usually password guessing attempts). My expected result is far fewer attempts to access SSH on port 24 than port 22, which I equate to less risk to my, or any, SSH daemon.

Free Software Efforts (2017W42)

Here’s my weekly report for week 42 of 2017. In this week I have replaced my spacebar, failed to replace a HDD and begun the process to replace my YubiKey.

Debian

Eariler in the week I blogged about powerline-taskwarrior . There is a new upstream version available that includes the patches I had produced for Python 2 support and I have filed #879225 to remind me to package this.

The state of emscripten is still not great, and as I don’t have the time to chase this up and I certainly don’t have the time to fix it myself, I’ve converted the ITP for csdr to an RFP.

metrics-bot

On Thursday during the metrics team meeting we decided to rename AtlasBot to metrics-bot to better fit the naming scheme of the team’s other projects.

It would appear that there has been interest in the bot and that it’s something that people want.

The JavaDoc has now moved to a new location, a git repository has been created and there is a new Trac component to organise the metrics-bot todo list.

I’ve planning to be able to push the sources for metrics-bot to the git repository early next week. I just need to do one more pass to make sure there’s no Twitter credentials left in it, and then I’ll be able to close #23933 too.

Contact

• iain@learmonth.me
• irlxyz
• irlxyz