Ludicrous Software

Switching to Octopress

Yesterday I migrated over to Octopress from WordPress. On the weekend, I stumbled across the fact that my site had suffered a spam injection attack. This isn’t the first time it’s happened - I found out a couple months ago that this had happened, and spent a good chunk of time finding the source of the problem and cleaning up the site. All seemed well. Then I noticed a few weeks ago that the same thing had happened; again, time spent dealing with the problem. This past weekend’s realization was the last straw. After I mentioned on Twitter what happened, I was pointed to Octopress, and after spending a couple of hours getting it all set up, I realized that it would be perfect for my needs.

Octopress, if you’re not already familiar with it, is a framework for Jekyll. If you’re not familiar with Jekyll, it’s a Static Site Generator. Instead of querying a database every time somebody requests a particular web page and building it on the fly, it pre-generates all of the pages on the site, and then rsync (or whatever you like) is used to sync the local build with the remote server. The result is nothing but plain old html, etc. on the site. Certainly, that doesn’t make my site hack-proof, but it has eliminated the primary attack vector, and that’s a good thing.

I liked using WordPress, and I’m glad that I can set up and configure a WP-based site if I need to. But in the long run, for my own needs, it’s overkill. The extensibility via plug-ins makes it attracting, but is probably also a significant cause of my problems.I run another WP-based site that has no plugins installed, and it’s clean of spam at the moment (correlation does not equal causation and all that, I know). I’ve no doubt that it’s entirely possible to run a WP-based site and keep it entirely clean of spam, etc.

However, since I’m not a frequent blogger, I’m sure that my WP install is out-of-date more often than it should be, which opens me up to attacks. I could and should have been more vigilant, and this isn’t a criticism of WordPress, it’s more the realization that WordPress isn’t the tool that fits my needs (if I chop off my hand because I’m using a chainsaw to slice bread, it’s not the chainsaw’s fault). In my personal battle against spam on this site, as a very smart computer once said, “the only winning move is not to play.”

So, all that said, here are some notes/comments on the migration process and my experience so far. A lot of this is me stumbling down a sometimes not terribly well-lit path, so you may have an easier time of it:

  • The installation process uses Ruby and installs a bunch of stuff via gems. I’ve fiddled around with Ruby and gem installation before while doing some client work, but my use of the phrase “bunch of stuff” should be a pretty clear indication that I’m not a Ruby developer. Following the instructions went reasonably well. I still need to (figure out how to) upgrade my Ruby installation, and at some point I installed something via `sudo` when I shouldn’t have, so I need to use `sudo` to run the rake tasks.
  • Installing Octopress requires installing RVM, which is I think where I hit my `sudo` issues before. Having tried the reinstall as root, I’ve hit some confusing points. The install notes for RVM recommend installing Ruby 1.7.2, but then when it comes time to review the `.rvmrc` file for the site, I’m told I need to install 1.9.2. This is easily fixed by following the instructions in the install notes and just substituting the higher version number, but it would be nice if this were all a little clearer from the get-go.
  • Even after that was done, I still get prompted to trust the `.rvmrc` file every time I switch into that directory.
  • The instructions say to do `bundle install` but the bundler gem isn’t installed. I installed it as root, but that doesn’t seem to be helping. Installing it via `sudo` seems to work, so I’m not sure why installing it as `root` didn’t. But at least it works!
  • For importing my existing WordPress posts, I exported an xml file from WordPress and then used this script to get the data out. The script doesn’t import absolutely everything - I’ve lost comments, categories, and various other metadata-y bits. This isn’t a big deal because a) my blog doesn’t get a lot of (non-spam) comments, and b) it’s possible that the spam injection affected the database itself, so I’m inclined to think it’s best to leave some of that information in the db where it can’t do any more harm. One other note if you use that script: you need to change the value for ‘layout’ from ‘blog_post’ to just ‘post’.
  • Related to the above point, the support for Octopress is fabulous. I hit the blog_post/post issue, and went to the Octopress support page, which is essentially a chat application, and Brandon Mathis seems to always be there. My question on the above was answered in about two minutes, and some additional helpful information was offered along the way.
  • One thing I’m still figuring out is where Octopress stops and Jekyll starts, so to speak. For example, I’ve hit an issue where the older posts aren’t getting rendered properly because Jekyll by default uses a particular template for those pages. I’ve already bothered Brandon about this, but as I kept looking into it, it seems like it’s an issue with Jekyll, not with Octopress, per se.
  • The documentation for various Jekyll-related things could be, um, a little better, let’s say.
  • There are other import methods, including extracting data directly from your WordPress database. I wasn’t too concerned about getting absolutely everything out of the db, so I didn’t really mess around with these too much.
  • The posts didn’t need to be cleaned up overly much at that point. Fixing a few paths for image tags, and changing the formatting of code snippets to use the built-in method, but that was all relatively quick.
  • I’m not entirely sold on markdown just yet. Seems great for some things, but there are some things that it just doesn’t handle. I know that I can always fall back on writing actual HTML, so it’s not really an issue.
  • Since Jekyll is the blogging framework behind Github, its support for code snippets is excellent as you’d expect. Equal or better the WordPress plugins that I’d tried before.

Overall, was this harder than setting up a WordPress install? I’d say a little bit, although I don’t really remember how long it took me to set up WordPress the very first time, for what that’s worth. And while writing this post, I took some time to set up another blog - I’m planning to start blogging at my old domain one of these days - and that went much more smoothly than the first time. Learning curves and all that. Overall, for a site with about 135 posts and a handful of pages, I’d say that the whole process of installing Octopress, importing and cleaning up the data, skinning the site to resemble the WordPress version, and going live took about eight hours. I’m considering that time very well spent.