The issue is this: Most blog software is based on PHP, and most compromised BSD machines are compromised by PHP. It has a dangerous design, and is dangerous to use. I wish to sponsor this software on machines I care about, running Web servers I want to continue to trust. ... My (our) needs are simple: off-line text creation, copy to the Web page, RSS feeds available, no comments or other external write capabilities needed.

For any given network service I have two choices these days: I can use a commercial or public service, or I can build it myself.

Twenty years ago there was only one choice, of course, and I tend to like to roll my own in general. It helps me understand the protocols and the issues, and try to build something with a demonstrably high resistance to hacking attack.

Sometimes I do get hung up on this. For example, I had surgery for a rare ankle tendon problem, and wrote it up and ran a mailing list by hand for many years. The list did not work well, but I don't trust the security of the various mailing list software packages on my servers. Finally, I just set up a Yahoo group, and that has been a terrific success. Security and maintenance are their problem, and I can move on, even if I haven't solved the mailing list security configuration question to my satisfaction. As my father used to say, "You can't kiss all the girls."

How about hosting my own Web service vs. using a commercial service? Here there is a problem: I have over 150GB of family photos on our Web server (more than even grandma wants to look through). Hosting gets steep vs. buying another disk at Costco.

More importantly, I really do want to jail my own servers. Belt-and-suspenders is an important security tool, and I have employed it over the years to build highly resistant read-only Web pages. I described the details in the "Firewalls" book.