white and green electronic device
Photo by Eran Menashri / Unsplash

PHP sucks

If you didn't know, PHP sucks. This is especially true with my infosec background. There are a lot of posts and essays on exactly why PHP sucks. The data supporting its suckiness abounds.

Suffice to say, I will avoid it like the sewer that it is.

Compound that with the fact that WordPress also tends to be severely insecure, and there is no chance I'll use WordPress for my blog or any other application.

Dynamically generated sites expose more risk

Any time you have a site dynamically generated, you not only consume more resources than a static site but you also expose yourself to an array of potential vulnerabilities (including zero-days) that could impact your site or application.

I'm going to avoid this except as needed, and lock it down whenever I use APIs or microservice architecture for my applications.

Static site generators (SSGs)

Static web sites tend to have the lowest security risk profile. With effective caching and DoS protections (e.g., as provided by a CDN), your site should weather any storm or attack.

My plan is to build and maintain my first application site using a static site generator (SSG) platform. While there are compelling alternatives like server side rendering (SSR) solutions, I feel the benefits and drawbacks of each still has SSG taking the win for me - at least for now.

SSGs lend themselves to a variety of CDN and hosting solutions - even things like IPFS hosting. SSGs are very secure, unless hosting account (including DNS services) are hacked and except insofar as dynamic services are integrated.

Dynamic sites and more technical skills

I actually have no problem making Flask, Django, or even Java application services. I've run a variety of databases, from Postgres through a variety of NoSQL flavors. The backend and infrastructure side of web/mobile application development is actually more familiar to me at this point than the front-end, interface side of building. Media aspects.

I'll want to become an expert not just with React (and other frameworks), but also CSS, HTML5, and tools like Figma, Canva, etc. I'm just starting with React because it seems foundational at this point and I can practice with the other areas as I'm building and working with React-based projects.

Ghost

I'll write a separate article about why I'm using hosted Ghost as a CMS, but the tldr is I just wanted to get going with something and it was the most cost effective (in terms of both time and money) solution that also is very aligned with my design and architecture preferences.

--

'nuff sed about that.

Reasons for my current and future stack