I was sick yesterday, so I didn’t get to report on our Mazda experience. We looked at a Mazda 5, to see if it would do the people-mover job for us. I think we’ve decided that it won’t at the price they’re asking. Not much to talk about actually.

Get ready for some geek-talk (ie. you can stop reading now if you don’t care.) I used to run this site on OpenBSD, which is known for it’s security focus. I liked it a lot, but administering it was a lot of work, and I didn’t have time to really do the job right. End result was that I was running a very out of date system that had only been patched a couple of times for specific vulnerabilities. Now, granted, attacks against OpenBSD are rare, and I never got hit by a successful one, but I was a little uneasy at how out of date I’d let the system get. The site currently runs on Gentoo Linux, which I’ve really enjoyed taking care of. Keeping in mind some basic security principles when setting it up really helped, but honestly I think it’s probably a lot more secure than my old OpenBSD install was (strictly because I do a better job of keeping it up to date.) Portage and it’s associated tools are great. etc-update/dispatch-conf are a godsend, and a big part of why I keep the system more up to date than I did with OpenBSD. I like reading about security vulnerabilities, and then realizing that I’d already installed a non-vulnerable version a couple of weeks prior. It’s not perfect, but it’s helping me do a better job of administering the server.

Why do I mention it? Well, news of a Linux/BSD worm hit the usual websites over the last few days, and I have since had a look through my logs - sure enough, there were a lot of attempts by this worm on my system. The attempts were all foiled by my configuration of the server (and the fact that I don’t have any of the vulnerable packages installed) which is always nice. Pointing all ip based access to a “nobody home” empty web directory would have saved me anyway, since the worm is completely IP address based. The funny thing is that the logfile that has all the attempts in it typically contains a lot more attempts to exploit windows based servers.

Simpson’s quote of the day: “If something goes wrong…blame the guy who can’t speak English.” - Homer