i’ve been using wordpress for the last decade or so. it’s been a great tool to host this blog, lots of features, lots of settings that could be tweaked and hacked. it’s a heck of a system. and yet…
…wordpress and i won’t be travelling together in future. it’s just become too much of a hassle to keep it updated and defend it from script kiddies trying to get into the server: wordpress is an active component, a web application running on top of a webserver (nginx in my case) and the PHP interpreter, generating the individual articles from a DB. as an active component it does and in fact must take input from whoever visits the xyzzyxyzzy.net blog:
- the URL must be parsed and the corresponding article fetched from the DB and rendered
- from time to time users might want to comment on articles
- i need to login as admin every so often to OK comments, write articles, update plugins or even update wordpress itself.
each input path is a potential weakness and a latent vulnerability. on top of that each plugin update can all of a sudden render the plugin a vulnerability or, worse, a trojan horse.
having observed this for the last couple of years — and seen a friend’s blog fall victim to an attack that in turn all but killed his company’s internet connection — i started looking for a blog system that would require less maintenance and be less susceptible to attacks, ideally, a setup that would be passive.
as xyzzyxyzzy.net has always been my own private “brain extension” for all things technical, i really don’t have any requirements to support multiple authors. also, i’m a markdown and emacs addict and had, in fact, used a plugin for wordpress to switch wordpress to markdown format. hence, i started looking for a setup that would allow me to write my blog in plain markdown format, process it offline, utilize [git] for version control, and upload it to the server from where it would be served as a set of purely static resources.
it turns out that there are a couple of these tools out there —octopress, hyde, hakyll, acrylamid, pelican, and others — so it came down to choosing which one to use. some of them are using languages that i don’t really like or grok (haskell? ruby?), so that narrowed it down somewhat. in the end i settled on pelican as it’s written in python (which i do grok and love) and has a rather well-endowed set of plugins to use.
so…here we are: xyzzyxyzzy.net switched over to pelican. not yet as finished as i’d like it to be (sidebars are not filled yet, comments need to be enabled again, page titles borked), but a first step. stay tuned :-)