For the past three years I have run this blog off of the Ghost CMS platform, and it has been good to me. I backed Ghost on Kickstarter way back in its infancy, I stuck with it through the good times and the bad, sadly however my time with the platform has come to an end. But why?
No matter what CMS you pick they all have one thing in common, they need care and feeding, as do their components. When you commit to a CMS you take on a bunch of responsibilities, the CMS itself, the underpinning technologies, the database, all of these things need attention to keep them running smoothly.
I also used a custom theme, which meant that every release I was having to tweak my code to keep it compatible with Ghost. Did I have to use a custom theme? Of course not, but I wanted to and that meant a lot of time hacking in fixes to account for new features I would never use anyway.
By switching to a static site I was greatly reducing the number of dependencies I had to manage as well as reducing the amount of tinkering required to keep my site current.
The vast majority of modern web site security issues can be boiled down to two main culprits. The first is that people dont keep things up to date, and in the world of the CMS we have a lot of moving parts that need to be patched, not least of which is the CMS itself. With my new static site all I have to do is keep the core OS up to date along with a single extra package, the web server.
The second culprit is the trend towards interactivity. Back in The Good Old Days (tm) web sites were simple delivery mechanisms much like this one. Now it is percieved that we must accept user input in some way, be that a login, comments, or more complex web application functionality. Wherever we accept input however that input can be exploited by malicious actors for nefarious means. By returning to a static platform I have negated a whole slew of potential security issues in a single move.
For Ghost I operated a fairly minimal custom theme, this was designed to help the environment a little with each page load by forgoing the fancy bells and whistles of many sites and the CPU cycles needed to render them. Whilst this project will likely die with this move to static content you can read more about it here.
The CMS and associated infrastructure was still absorbing more natural resources than strictly necessary however, and by waving it goodbye I can save even more CPU cycles than ever before.
So this is goodbye Ghost, but hello Jekyll. I will likely do a later post on why I selected Jekyll over the large number of other trendy site generators out there, but for now welcome to our brave new world!