Articles tagged: textpattern

#New project problems

2095 days ago

As I mentioned, I had the idea for CFFSW some six months ago. Part of what took me so long to make any progress was a giant amount of faffing about that can only come from knowing enough to be dangerous. In the end, I settled on Wordpress as a platform, knowing it was the one that I would be least tempted to divert my time from building the content to building the platform.

There are a few reasons for that. The first and most obvious being that Wordpress is extremely mature, thus making it far less likely that I should ever need to “go under the hood”. A second one is that it’s PHP, a language I have no desire to develop any competency in.

Something that made me lean away from Wordpress is my experience a couple of years ago, when Wordpress installs were getting exploited left right and centre (especially on Dreamhost). Trying to clean those up was a painful experience, but Dreamhost have made it a lot easier to upgrade Wordpress installs almost immediately (I either get an email with a link to click, or I get an email saying they’ve done it for me) which helps. I tidied up my Dreamhost practices a bit by having only one domain per user (here I mean unix user, I typically only deal with these when installing new things, thereafter most things have a web interface) and also enabling ‘Enhanced Security’ for each of those users (it boggled my mind to learn that this was not the case already). Although Dreamhost claim to enable this by default now, if you make a new user at the time of making a new domain (probably the most common use case) it’s not enabled. So much for that. I digress…

My first iteration of CFFSW actually involved a concerted effort in investigating various Python static-website generator options, and I even chose one (Nikola) and built a first draft. I was quite happy with, it was feature-enough-ful, looked shiny and new enough (thanks Bootstrap), the author/mailing list was responsive, I could write entries in Textile markup (same as Textpattern, which this blog uses) and hey, static sites do not get hacked! I thought I was golden.

But then… I put it down for four months, and when I picked it back up, a huge amount of development had passed. I discovered it is in fact possible for a project to be too active (or maybe, not yet stable enough).

And I remembered how annoying it is to install stuff from source on every computer I use in order to update a blog, which turns out to be at least four. Web interfaces do have their convenience.

However, I have an idea (which I haven’t tried out yet). Github lets you edit/add new files via the web interface, and they do a formatting preview for Textile and other markups. So I can basically use Github as my web interface to updating my blog. I just need to set up some mechanism that rebuilds/reuploads the pages when new commits arrive. (I can accept that requiring a src clone, because it should rarely need updating.) NB: if anyone can point me to some scripts/projects along this line, please do!

Finally, why not more Textpattern? I am quite used to it, but there are several factors against it:

  • Security: Requires more work to update, which means I’m more likely to leave it out of date for longer (FTPing files, Wordpress has spoiled me)
  • Far harder to change themes (which is why this blog still looks how I felt c2008)
  • PHP

If I use a Python static site generator I can do a little platform-building when I feel the urge. It never goes away completely. :)

tags: , , , , , ,

Comment [3]


Security 101: updating web-based software

3586 days ago

So I saw two talks at LCA about security: Joh Clarke’s Hackers, Crackers and Security Basics, and Mark Piper’s Web application security, OPEN style. I still remember seeing Joh’s So you want to be a sysadmin talk in Melbourne 2 years ago, and mainly just my jaw dropping open for the whole talk at how she casually just knew this amazing amount of stuff that I had barely even grazed against. It was equally scary and awesome, and both talks this year were the same way.

Anyway, I had good reason this week to think that is more than time that I started to pay more than the bare minimum attention to security. And I thought about all my installed web things (mainly Textpattern and Wordpress), and how I don’t have any way to keep them systematically updated, unlike my desktop. Thanks to Ubuntu’s Update Manager, I get annoying red warning icons until I bother to update my system packages. So I actually do it within like a day of them being released.

So I was thinking how can I get these notifications… maybe I need to write some Update Manager-like little program to give me a taskbar icon when a new release comes out. So I need to know something about daemons and some basic GUI thing…and how do I detect when a new release comes out? The Textpattern blog doesn’t have a category just for release announcements. So how about the code? Google Code has a bunch of project feeds, but none of them seem to be “new release”. Oh well, maybe I can pray the trunk is stable?

Hmm. Then I was thinking, hey, I can solve this at a higher-level… just make the code update itself. As long as my webhost has the same VCS as the project, and I checkout the code from the dev branch, and the projects have a commitment to a stable trunk, I should be fine. Just make a script that does an “svn up” and put it in cron. In fact Werdna set this up for the Wikimedia Australia MediaWiki installs with his Wikimedia sync script, although there it updates to the version that is live on Wikipedia, rather than the utter-most bleeding edge.

But sadly, is not as revealing as MediaWiki. In fact I can’t find any easy indication about which version it is running. So maybe that won’t work. OTOH, Wordpress has email & RSS notifications for new releases, and in the admin side a nice notification, which works well if you are updating it regularly, not so much for abandoned/finished sites.

Hm, Wordpress does have instructions for Updating WordPress with Subversion, including “Tracking stable versions”, but they don’t have an automatic method of telling when a new release is available. So close!

But wait… I just checked the Dreamhost panel and under one-click installs, they have an option for “Upgrade everything, now” and then “Automatically upgrade everything to the latest version”. Too good! That covers MediaWiki and Wordpress, but I guess I have to roll my own somethingorother for Textpattern.

Updating a-go-go…

tags: , , ,

Comment [1]


Techiturn is born

3949 days ago

Another day, another blog. Well — I’m not quite that bad. I have a livejournal, but I use that more for incoherent rants and Seekrits. I have All The Modern Things, my Wikimedia/wiki blog, but it has a very specific remit. I have a micro-blog, but, well, I don’t even need to explain the limitations of that. And I’m finding more and more that I would like to write up my explorations into programming and tech, so that’s what this is. Unashamedly geek central.

It’s not too surprising that I just returned from LCA. There’s nothing like a week of seriously geeking out to inspire you to finally get projects happening.

Setting up a new blog requires 4 initial decisions:

  1. Domain
  2. Name
  3. Platform
  4. Design.

(Oh and Purpose. But see above for that.)

Domain was easy since I had bought a while ago and not yet used it for much beyond my parents’ travel blog. The name is a (hopefully recognisable) play on the word taciturn. Already it has the ideas of technology and linguistics, so that’s a good start.

The platform was also pretty easy. Like All The Modern Things I used Textpattern. It’s easy to install, but not easy to install themes, but I know from experience that once the design is set up everything after that is easy. I could probably use Wordpress, but I am used to using markup instead of WYSIWYG etc.

Since design is not my forte, I spent some time scouting out FreeCSSTemplates and Open Source Web Design (FCT is better about having an explicit license than OSWD is, despite OSWD’s superior name). I went for one that is somehow “content centred”, that is there is very little to distract you from reading the main stuff. Although it is fixed-width rather than fluid/liquid which is a little disappointing, but sure makes a consistent look easier. Spent a while fiddling with the colour scheme, and voila. I do all this knowing that probably 99% of readers will never look at the site more than once, thanks to the wonders of RSS, but I will look at it, so I may as well make it something I can stand.

I still have a few things to set up, such as tags and an archive, but I can write stuff and it doesn’t look ridiculous, so yay.

Thus is born Techiturn. Coming soon… LCA reports.

tags: , ,