So, here I am blogging again. Huh.
My primary impetus this time around is that I want to write about my experiences teaching myself Flutter, Google’s new cross-platform mobile development framework. That led to my first big decision: what blogging platform will I use?
The last time I was blogging semi-regularly, it was on a self-hosted WordPress installation. I never felt good about that. WordPress is way too complicated. Worse, it suffers from an almost comical number of security flaws. Unless you’re willing to make blog maintenance your full-time job, it’s just a matter of time until you get hacked.
So, what does that leave? I could pay WordPress to host my blog for me, which presumably alleviates the security concerns. I find that option doesn’t spark a lot of joy for me. It’s still way too complicated. I know from experience that managing plugins is no fun. And now I’ve got another bill I have to pay every so often.
I suppose I could use Medium? If I had been making this decision a few years ago, I might seriously consider it. But like most centralized social media platforms, Medium seems to get a little bit worse every day, as they pursue “product-market fit.” They have so many troublesome gewgaws and popups. I would be annoying my readers way too much for me to feel good about it.
(Notably, Basecamp’s blog recently exited Medium. They went to WordPress, but presumably they have people who can devote substantial amounts of time to maintaining their web presense, while I’d really rather not.)
Since I follow developments in high-tech, I have recently been hearing a lot about static site generators. This would not have been an option I’d consider all that seriously, if not for the fact that all the alternatives are so bad.
The most popular one of the lot seems to be Jekyll, so I started reading the docs and tried it out on my Mac. To my surprise, it seems … not too bad?
I bought a theme, because I suck at design. Other than that, Jekyll works just fine with my cheap web hosting plan at Dreamhost, without any additional expenses. Because Jekyll performs all its magic on your local computer, and spits out a big pile of static files at the end, it will work with almost any sort of web hosting.
When using a static site generator, you don’t have to create or maintain any users, with yet another load of passwords. There is no database, with even more passwords. There also aren’t any PHP files for scammers to find security holes in. There is practically nothing for the bad guys to use as an attack surface.
The only way an attacker could compromise a statically-generated site is if they somehow get the credentials you use to access your web host to upload new files. Even if that happens, you can quickly recover: change your passwords and/or SSH keys, wipe absolutely everything off your web server, regenerate your site on your local computer, and upload all the files again.
Suppose you were running a self-hosted WordPress site, and it got hacked, which happens all the time. Assume you’ve been a good little girl or boy, and you have a recent backup, and the time and inclination to wipe everything and re-install. Just the thought of it strikes terror in my soul. Will the damn thing work again afterwards, or am I going to wind up with a bunch of cryptic database errors I have no idea how to fix? And what if the corruption is still there, preserved forever in my backups? WordPress is so complicated that I’d have no way of knowing if that happened or not.
The more I think about how static site generators work, with no moving parts on your web host, the more I like the idea. This is going to be my go-to option for creating new websites in the future. If for some reason Jekyll turns out to be less than ideal, there are a whole lot of similar things to choose from.
If I’ve convinced you to try going this route yourself, I have to level with you: maintaining a static site requires more technical knowledge than the average blog. You’re going to have to — gasp! — use the command line!
Having said that, it’s not any worse than any other sysadmin-type job. If you’re not all that technical, but you have a friend who is, she could probably set up a static site for you, write a shell script or two, and give you a cheat sheet with the two or three commands you’d need to maintain it. Once the initial setup is done, day-to-day maintenance is trivial.
And that’s all I have to say on that topic. Stay tuned for my next post, where I’ll be talking about where I’ve been all these years while I wasn’t blogging for you, Dear Reader.