Being frustrated with soooo many security vulnerabilities of my current blogging engine, I decided to find a replacement. Here’s a list of requirements I came up with:
- Not written in PHP
- No known security vulnerabilities.
- Supports customization – I would like to have a Tadek’s theme on it.
- Can import my current blog content.
- Supports markdown (or a similar syntax. The only thing I hate more than writing html, are bad UIs for generating it).
Since I already have a server, I didn’t want to go for a hosted solution (though I may change my mind on this one, as I did with my e-mail). I quickly discovered that excluding PHP, there’s little out there. Also, I didn’t want to jump to a full-bodied CMS for my puny website.
The more I thought about it, the more I realized I wanted have something very much like WordPress (willing to compromise on some bells and whistles like WYSIWYG editor I personally hate) that is not-Wordpress. Knowing what I to look for, I quickly came across Zine, which is exactly what I was looking for:
- It’s written in Python. Yay!
- It’s seems pretty nicely written and haven’t seen any mentions of security vulnerabilities (given, it’s a niche product).
- It’s really nice – I ported Tadek’s theme in no time. I also really liked the templating language.
- I managed to import my blog content in 2 min (I spent another 100 trying to identify two records-of-death).
- It has a markdown plugin. Yay!
While playing with Zine, I realized that PHP, with all its drawbacks and issues, has one big advantage: most programs are simple drag-n-drop and modules are very well supported on Debian I run. Having gone through a mixture of obsolete Python modules and easy_install, I started to appreciate simplicity. Ah, did I mention that my swigged psql module would crash apache workers with SEGV at random times?
It sounded like a challenge and, after two evenings, I actually do have a running Zine-powered WordPress replica in Python (I even started implementing some missing functions like adding counts to post categories and search function). The admin UI is awesome and I really like it. With a few days of evening hacking, I would have a really awesome blog in Python. It was only that when I realized that… the Zine and Python are slow. Not just slow, but it’s excruciatingly slow. My server is not the most powerful machine and having to wait almost 10s for the initial page load was way more than I could handle (to give justice, you can enable mamcache/file based caching). This is when I decided to grind my teeth, upgrade the WordPress blog one more time and give another try.
As of now, I am still not writing Zine off, but WordPress is to stay for now (well, at least till I get really annoyed).
T.
PS. I still cannot comprehend why getting WordPress behind SSL (under a different path) is sooooo hard. There used to be a plugin that did this but it since stopped working. But then WordPress’s security track record shows that maybe there’s more to worry about than somebody sniffing your password – just don’t reuse it 
PPS. WordPress Android app is awesome and just works. I can share photos I took with just a few clicks.
