I've been a bit slow on getting this written. Lots of stuff going on that makes it harder to tease apart my thinking into clear and relevant topics of writing. I'm currently on leave from client work while waiting for my wife to go into labor. There is also a pandemic. So no real client work, but if you want to talk about July/August, get in touch. Or if you have some open source-related things you want to air, feel free to reach out.

Figuring out how I should spend my day-to-day is challenging as I don't actually have to work during this time. It is not hard on me, but it is difficult to do well and the metrics for success are incredibly vague. There are some housekeeping, handyman stuff and assorted other things to do. A mostly endless list if I look at it hard enough. But I'm also trying to make sure I'm well rested and in a good state of mind as we head into what should by all accounts be the sleep deprivation and insanity of having a baby.

Oh, paint and wallpaper is now done in my office. I cannot wait to have that place up and running. My very own room, out in the stables :)

Podcast recommendation: Elixir Wizards

Find the podcast here.

This podcast have been something I listen to off and on, it used to be called Smart Software but was somehow still specifically about Elixir. They've cleaned up their name now. Easier to know what they are about.. They've been good at picking out projects and personalities to feature. I especially enjoyed their recent Betweenisodes that featured brief conversations with a large number of more or less well-known people in the Elixir community. It touched on dev life in the pandemic and contributed to a sense of togetherness. It gave me an idea of what people are doing and are up to around the community. It would be an awesome feature even without a pandemic. I found it reassuring.

They've had Paul Schoenfelder and Hans Elias Josephsen on about Lumen. Justin Schneck and Frank Hunleth on Nerves. Brooklyn Zelenka on Witchcraft. That last one I recall to be very good listening for general insight into non-Elixir parts of functional programming as the host dared to be mostly ignorant on the topic and Brooklyn giving the lay of the land. She's great. I saw her talk at ElixirConf EU 2019, sadly that VOD was lost.

Can software be healthy?

Alternative title, why can't I find a CMS?

I've been trying to approach a topic that I find challenging. It is very easy to turn into a negative rant and I do not want to focus on that. If you enjoy any of the stacks I dismiss here, that is not a jab at you and your work. I have worked in these stacks and I've mostly transitioned away from them where they aren't necessary. They absolutely work and can be used. I believe my reasons are good, they don't have to be yours.

I recently worked with a WordPress site. I used to do a lot of work with WordPress and Drupal many years back and as someone in the open source end of the software development spectrum WordPress tends to pop up every now and then. A business I know might say: "We got a new website, it is a fresh new WordPress instead of the mess we had"

That's not my feeling when I hear that. I usually reserve my commentary because when I hear about it they are usually just about done and don't want to hear "you shouldn't have done it that way".

But that's my feeling. I don't find WordPress a healthy way of building a website or running a software development project. WordPress has a lot of things going for it. Dirt cheap hosting (often bad) with standard LAMP-stack hosts. Solid UI that any moderately adventurous user can handle by default. Easy to set up if you have some technical skills. Well-known, much loved, huge ecosystem. It is open source, it has respectable accessibility, these tick some serious boxes for many organizations.

So what's my problem?

There are hidden costs. No-one budgets for maintenance work. No-one plans for having access to a developer when the maintenance needs to happen. No-one knows that the PHP-version they are installed on may shift under their feet and kill their site whenever their host decides to upgrade. Most small orgs do not set up backups, all editing happens live on site.

There are incredibly inefficiencies there. WordPress does dynamic rendering by default, taxing CPU and IO for every single page load of what is usually entirely static content. There are tons of ways of caching WordPress. All of them have their own advantages and drawbacks, there are even ways of generating sites statically. But that's not by design, so expect some road-bumps. This dynamic nature is part of its simplicity, extensibility and generally how web applications were built in the 2000's. So even though hosting is cheap, it is usually unreliable, generally bad or has had its capacity overbooked. And it should be much cheaper.

Many CDNs offer free tiers that would be enough for almost any small org website. Their performance would be hilariously good. If their site was as static in tech as it is in content.

There are also no good ways of managing WordPress workflows for more serious projects where you might want some devops deployment procedures or the possibility for developers to work on some config and content while publishing happens on the production environment. Why? Because content and configuration are deeply intermingled in the database. Especially when using extensions, which is one of the large selling points. This boils down to maddening database merging or just re-doing the development work on the production environment when it is time to deploy.

So why do I think this hasn't been solved? Most of the WordPress ecosystem is not run on in-depth software development shops. It is mostly web agency level businesses. Their focus is usually not development workflow and I dare say that the average experience level is low enough that many do not see the problem. The pain isn't great enough in the short term either. First project effort is usually fine since there is nothing in production. Deliver to client, move on. Sustainability is not in the business model or just a minimal support deal.

So can we do something else? I don't know of a CMS that I can say is a valid replacement. Static site generators are great, but they are heavily on the nerd shit end of the spectrum. Great for devs. Iffy for others. Netlify with Netlify CMS has a good reputation, but it doesn't fit in the open source frame exactly and they don't exactly invite you to run it without their service.

There are a few CMS:es, the ones with most traction hit other reservations of mine. Craft and Cockpit seem to be more modern CMS:es in PHP. Cool, that's useful to use the existing infrastructure to try something more modern. The probably liveliest options, like Ghost or the headless Strapi are built with Node.js, in some ways the spiritual successor to PHP in web dev popularity.

PHP-based projects are just not particularly interesting to me because I don't really enjoy working with the language and I still find the execution model with files in folders to be a source of entire additional classes of security issues. WordPress, Drupal and Joomla have been enormously efficient sources for automatic compromise as security issues surface. If you can get a bad file upload through, you often have remote code execution. I'm sure some projects avoid this but from what I've seen it is still mostly the same model.

Node.js-based projects don't spark joy for me because of having had plenty of bad experiences maintaining projects that live with significant Node.js module dependencies. Angular 1, Cordova, Ionic. Any of those left alone for a few months or years are an iffy thing to get running well again. I can't in good faith mark Node high on health and sustainability. So while I might say "yeah, try one of those Node CMS:es" it would be because I can't find any options I can heartily endorse.

I like the ideas of the JAM stack, but I find the J to be over-represented. Javascript for frontend interactivity is fine and really the best option right now. I don't particularly like it for the backend. I don't think Node is necessary to manage the C10K problem. I don't find the event-driven single threaded approach compelling when I contrast it to Erlang, Elixir and OTP.

For most businesses, pay for something like Squarespace and be done with it. It'll probably be fine. You just need a working website, the website is not your work. But for some orgs having an open source stack is important, either ideologically, as a point of pride in openness or because they have a reason to avoid vendor lock-in.

The Open Source CMS is not a solved problem in my book. There is no choice that provides what I want. Perhaps I'm a bit niche in that I filter out on both PHP and Node.js but I don't believe I'm alone in that sentiment. I think WordPress won its market leader role on the basis of developer mind share. It was approachable and effective. It would do 90% use case and you could get at the innards and make it do what you needed. It provides a UI that your users will not complain about. And I can't get that with current solutions. They are either too clever and target developers at the detriment of end users or not built in a way I expect to hold up in the long term.

So what are my requirements:

• Sound technical stack with a good record in reliability and security
• Creates static sites primarily, that can be hosted elsewhere, for efficiency, security and reliability
• Supports implementing dynamic features in a JAM Stack manner, APIs, etc.
• Provides a fully online admin UI for managing the content of the site in a smooth way
• Implements a thought out way of working with both production editing and development processes
• Can be automated and devops:ed effectively
• Provides a decent ecosystem of at least themes, preferably extensions as well (always a function of traction and success to some extent)
• Sound approach to accessibility
• Open source

I am doing some investigating to see if I have a feasible approach to solving a lot of this. I need it to be as good and potentially powerful as WordPress in the CMS space. But I don't need it to reach the same critical mass. If it can't match WordPress in the big priorities it is not a good replacement in my eyes.

If I've missed some solution that you think I should consider, or if I'm wrong about something I wrote here, don't hesitate to write me back at lars@underjord.io. Always open to discuss it. It would be incredibly convenient to be wrong and not have this problem anymore.

Thank you for patiently reading, I appreciate it

- Lars Wikman