After DreamHost's breach 8 months ago, I was aggravated at their poor handling of the situation, but willing to give them the benefit of the doubt, and still happy with their low prices and flexible services.

With the new bad news and worse confirmation (still with poor incident handling), though, it's time to get out of dodge.

I have moved Extra Pepperoni back onto my own hardware. I started blogging on Apple's Blojsom install, but gave up on Tiger Server for Blojsom (and Mailman) because the services kept silently shutting down, leaving me to notice they were disabled days or weeks later (no fault of Blojsom or Mailman -- Apple didn't do a good job porting SpamAssassin either). Bringing up a WordPress blog and mailing lists at DreamHost was easy and cheap, but that's no good if they are unsafe.

I'll look at moving a couple very light-duty Mailman lists off DH next, but the lists are so lightly used I'm not too concerned. There just isn't any confidential information on the mailing lists, aside from their tiny subscriber lists.

Ah, well. I now know much more about WordPress and MySQL than I cared too, but the setup wasn't too bad. I hadn't realized how many customizations and tweaks I made to WordPress until it came time to recreate them on my own system:

  1. Almost Spring theme (included by DreamHost); with minor hack
  2. PHP Markdown Extra; with minor hack
  3. MySQL admin UI
  4. WP-DB-Backup (DH included one, which I'm no longer using)
  5. mod_rewrite for permalinks
  6. Admin-SSL, with "Shared SSL" tweak, integrated into my existing SSL site (meaning EP is available through two different "sites", and I have to keep the Apache configurations reconciled)
  7. Twitter
  8. WP-Cache (DH standard)
  9. Akismet anti-spam registration
  10. Technorati pinger (came over automatically with the DB).
  11. Fix for widget.php to use legal JavaScript tag.