Why Pelican

During my JavaScript Learning Challenge I decided to move this blog over from Wordpress to Pelilcan. Not only was it "Great Moments in Procrastination" (the cleanest my house will ever be is directly proportional to the amount of stuff I don't want to work on) but it was also driven by some things that have bugged me about Wordpress for a while.

A while ago I decided that I wanted to use Markdown for creating my blog posts. The reasons are pretty self-evident: clean editing of posts in a text editor, ease of including code samples, etc. Github uses Markdown so that's as good a reason as any to use it. And Wordpress supports Markdown.

Sort of.

There are a few ways to add Markdown to Wordpress. One way is to use their Jetpack plugin. This gives you a kitchen sink of items you can include with your Wordpress site, including Markdown support. Unfortunately it also requires you to conneect your blog to Wordpress.com as some of those features require Wordpress.com to run. Which is somewhat understandable, save for it requires access to xmlrpc.php.

xmlrpc.php is a way to access a Wordpress site using XMl over RPC. It's quite powerful and provides ways to update and control your Wordpress site. It also has been used many times for trying to crack into Wordpress sites and to perform Denial of Service attacks. After seeing a bunch of failed xmlrpc.php attempts in my logs I decided I'd be better off disabling xmlrpc.php at the HTTP server and leave it turned off.

Here's some log files that I have which show a server probing for my (now removed) xmlrpc.php file:

  • 2015/06/12 02:02:01 [error] 11295#0: *60671 open() "/srv/www/decafbad/public_html/wp-login.php" failed (2: No such file or +directory), client:, server: decafbad.net, request: "POST /wp-login.php HTTP/1.0", host: "decafbad.net"
  • 2015/06/12 03:02:01 [error] 11294#0: *73360 open() "/srv/www/decafbad/public_html/wp-login.php" failed (2: No such file or +directory), client:, server: decafbad.net, request: "POST /wp-login.php HTTP/1.0", host: "decafbad.net"

Unfortunately Wordpress.com uses xmlrpc to communicate with the remote site. Which meant in order to use Jetpack I needed to remove my restrictions on xmlrpc.php and leave myself more vulnerable just so I could use Markdown. True, I'd get some other features that I could use, but I'm already leery of running PHP on my machine, and having a known vector for attack left open was too high of a price.

So in order to use Markdown I had to use another plugin. After finding a few which claimed to be the Markdown Editor from Jetpack minus the other bits I realized another problem: Wordpress is not a Markdown blog. Every time I edited a post it came back in some mix of HTML, Markdown, and God-knows-what-else.

That sucked.

So my reasons were starting to crystalize: I hated Wordpress' Markdown support, and I hated how Wordpress handled Markdown. Was that enough to get me to switch?

One of the programs I use is Tagspaces. Tagspaces allows me to write using Markdown and will render it pretty well. I use vim and it too has Markdown support. Drafts is a program I can use on my tablet to jot down ideas and put them into Markdown. My current workflow supports Markdown very well. So the switch was closer but there were a few more pieces needed.

I'm a developer. Most of the time I develop using Python. I know enough PHP to get by but I don't particularly enjoy programming in it, and I feel like every time I add something to PHP I'm adding something that can be exploited later on by someone more clever than I am. This is not something hypothetical: I've actually added unintentional exploits to code. Maybe I'll talk about this later on, but suffice to say I'm not comfortable programming in PHP. It scares me.

Static pages are difficult to exploit.

Pelican is written in Python using Jinja2 templates. I'm very familiar with Python and don't feel threatened by modifying the code or the templates to get what I want. I can fire up an instance of a server on my machine and look at the results. I can tinker with things. As a coder that is liberating. I can do what I want and have reasonable expectations that it will work and I will understand it. I've even modified the templates on this site to make the more my own. Under Wordpress I'm not as willing to make such changes unless pressed to do so.

Plus I can post code samples as desired on this blog. Which is what I want being a coder with a blog. I can share away.

So to recap:

  • Pelican is Python, and generates static pages based on Jinja2 templates.
  • Pelican supports Markdown, which is supported by all of my editors.
  • Pelican can create a development server to preview pages.
  • Pelican allows me to write pages using SSH.
  • Pelican does not require me to open up known problem code on my server in order to function better.
  • Pelican has plugins that are run on the local machine, not on the server.
  • The workflow for Pelican can be scripted.

The only regret I have is not moving to Pelican sooner. I'm actually enjoying blogging again. :)