<metaname="twitter:description"content="Just a place to make stuff">
<metaname="twitter:image"content="http://blog.thebestjohn.com/images/default.jpg"><linkrel="icon"href="/images/logo.png"><linkrel="alternate"href="/atom.xml"type="application/atom+xml"title="TheBestJohn"></head><bodyitemscopeitemtype="https://schema.org/WebPage"><navclass="menu"id="menu"><divclass="menu-inner"><divclass="menu__left-area"><divclass="menu__item"><aclass="menu__item__link menu__item__link--brand"href="/"title="Home"rel="home"><imgclass="menu__item__link--brand__image"src="/images/logo.png"alt="TheBestJohn"><spanclass="menu__item__link--brand__label">TheBestJohn</span></a></div></div><divclass="menu__right-area"><divclass="menu__item"><aclass="menu__item__link"href="http://blog.thebestjohn.com/">Home</a></div><divclass="menu__item"><aclass="menu__item__link"href="http://blog.thebestjohn.com/about">About</a></div><divclass="menu__item"><aclass="menu__item__link"href="http://blog.thebestjohn.com/archives">Archives</a></div></div></div></nav><divclass="page-background"></div><divclass="content-container"><divclass="content-outer"><divclass="content-inner"itemscopeitemtype="https://schema.org/Blog"><articleclass="article"id="article"itemscopeitemtype="https://schema.org/BlogPosting"><h1class="article__title"itemprop="headline">about</h1><divclass="article__meta"><timeclass="article__meta__time"datetime="2018-04-26T13:54:48.000Z"itemprop="datePublished">2018-04-26 13:54:48</time></div><hr><divclass="article__contents"></div><divclass="article__author"itemscopeitemprop="author"itemtype="https://schema.org/Person"><imgclass="article__author__image"src="/images/avatar.jpg"alt="TheBestJohn"><aclass="article__author__link"title="About TheBestJohn"rel="author">TheBestJohn</a><pclass="article__author__desc">Just a place to make stuff</p><divclass="article__author__socials"><aclass="article__author__socials__item"href="/atom.xml"title="rss"target="_blank"><iclass="fa fa-rss"></i></a></div><metaitemprop="name"content="TheBestJohn"></div><divclass="sharer"id="sharer"><divclass="sharer-inner"><divclass="sharer__right"><buttonclass="sharer__item"id="sharer-facebook"><iclass="fa fa-facebook-official"></i></button><buttonclass="sharer__item"id="sharer-twitter"><iclass="fa fa-twitter"></i></button><buttonclass="sharer__item"id="sharer-pinterest"><iclass="fa fa-pinterest"></i></button><buttonclass="sharer__item"id="sharer-pocket"><iclass="fa fa-get-pocket"></i></button></div></div></div><!-- Disqus Code--><divid="disqus_thread"></div><script>(function(){
<metaname="twitter:image"content="http://blog.thebestjohn.com/images/default.jpg"><linkrel="icon"href="/images/icon.png"><linkrel="alternate"href="/atom.xml"type="application/atom+xml"title="TheBestJohn"></head><bodyitemscopeitemtype="https://schema.org/WebPage"><navclass="menu"id="menu"><divclass="menu-inner"><divclass="menu__left-area"><divclass="menu__item"><aclass="menu__item__link menu__item__link--brand"href="/"title="Home"rel="home"><imgclass="menu__item__link--brand__image"src="/images/icon.png"alt="TheBestJohn"><spanclass="menu__item__link--brand__label">TheBestJohn</span></a></div></div><divclass="menu__right-area"><divclass="menu__item"><aclass="menu__item__link"href="http://blog.thebestjohn.com/">Home</a></div><divclass="menu__item"><aclass="menu__item__link"href="http://blog.thebestjohn.com/about">About</a></div><divclass="menu__item"><aclass="menu__item__link"href="http://blog.thebestjohn.com/archives">Archives</a></div></div></div></nav><divclass="page-background"></div><divclass="content-container"><divclass="content-outer"><divclass="content-inner"itemscopeitemtype="https://schema.org/Blog"><articleclass="article"id="article"itemscopeitemtype="https://schema.org/BlogPosting"><h1class="article__title"itemprop="headline">about</h1><divclass="article__meta"><timeclass="article__meta__time"datetime="2018-04-26T13:54:48.000Z"itemprop="datePublished">2018-04-26 13:54:48</time></div><hr><divclass="article__contents"></div><divclass="article__author"itemscopeitemprop="author"itemtype="https://schema.org/Person"><imgclass="article__author__image"src="/images/avatar.jpg"alt="TheBestJohn"><aclass="article__author__link"title="About TheBestJohn"rel="author">TheBestJohn</a><pclass="article__author__desc">Just a place to make stuff</p><divclass="article__author__socials"><aclass="article__author__socials__item"href="/atom.xml"title="rss"target="_blank"><iclass="fa fa-rss"></i></a></div><metaitemprop="name"content="TheBestJohn"></div><divclass="sharer"id="sharer"><divclass="sharer-inner"><divclass="sharer__right"><buttonclass="sharer__item"id="sharer-facebook"><iclass="fa fa-facebook-official"></i></button><buttonclass="sharer__item"id="sharer-twitter"><iclass="fa fa-twitter"></i></button><buttonclass="sharer__item"id="sharer-pinterest"><iclass="fa fa-pinterest"></i></button><buttonclass="sharer__item"id="sharer-pocket"><iclass="fa fa-get-pocket"></i></button></div></div></div><!-- Disqus Code--><divid="disqus_thread"></div><script>(function(){
<metaname="twitter:title"content="Static Site what?!">
<metaname="twitter:description"content="Recently I’ve become disillusioned with most CMS options. They’re a pain to keep updated, plugins are constantly being abandoned, and…">
<metaname="twitter:image"content="http://blog.thebestjohn.com/images/default.jpg"><metaproperty="article:author"content="TheBestJohn"><metaproperty="twitter:label1"content="Published at"><metaproperty="twitter:data1"content="2018-04-27 17:40:00"><metaproperty="twitter:label2"content="Written by"><metaproperty="twitter:data2"content="TheBestJohn"><linkrel="icon"href="/images/logo.png"><linkrel="alternate"href="/atom.xml"type="application/atom+xml"title="TheBestJohn"></head><bodyitemscopeitemtype="https://schema.org/WebPage"><navclass="menu"id="menu"><divclass="menu-inner"><divclass="menu__left-area"><divclass="menu__item"><aclass="menu__item__link menu__item__link--brand"href="/"title="Home"rel="home"><imgclass="menu__item__link--brand__image"src="/images/logo.png"alt="TheBestJohn"><spanclass="menu__item__link--brand__label">TheBestJohn</span></a></div></div><divclass="menu__right-area"><divclass="menu__item"><aclass="menu__item__link"href="http://blog.thebestjohn.com/">Home</a></div><divclass="menu__item"><aclass="menu__item__link"href="http://blog.thebestjohn.com/about">About</a></div><divclass="menu__item"><aclass="menu__item__link"href="http://blog.thebestjohn.com/archives">Archives</a></div></div></div></nav><divclass="page-background"></div><divclass="content-container"><divclass="content-outer"><divclass="content-inner"itemscopeitemtype="https://schema.org/Blog"><articleclass="article"id="article"itemscopeitemtype="https://schema.org/BlogPosting"><h1class="article__title"itemprop="headline">Static Site what?!</h1><divclass="article__meta"><timeclass="article__meta__time"datetime="2018-04-27T17:40:00.000Z"itemprop="datePublished">2018-04-27 17:40:00</time><divclass="article__meta__categories"><aclass="article__meta__categories__item"href="/categories/Web-Dev/">Web Dev</a></div></div><hr><divclass="article__contents"><p>Recently I’ve become disillusioned with most CMS options. They’re a pain to keep updated, plugins are constantly being abandoned, and they’re so prevalent in sites that they make a very attractive target for exploitation. In fact the first time I lost control of my server it was because of a bug in a themes use of timthumb.php. Basically, the attacker sent it an “image” file from a hosting website that had a php eval script hidden in it’s data. When accessed normally it showed an image but if they accessed the cached file that timthumb made, then the server treated it as a php file. From there they were able to install a remote shell, and own my server.</p>
<metaname="twitter:image"content="http://blog.thebestjohn.com/images/default.jpg"><metaproperty="article:author"content="TheBestJohn"><metaproperty="twitter:label1"content="Published at"><metaproperty="twitter:data1"content="2018-04-27 17:40:00"><metaproperty="twitter:label2"content="Written by"><metaproperty="twitter:data2"content="TheBestJohn"><linkrel="icon"href="/images/icon.png"><linkrel="alternate"href="/atom.xml"type="application/atom+xml"title="TheBestJohn"></head><bodyitemscopeitemtype="https://schema.org/WebPage"><navclass="menu"id="menu"><divclass="menu-inner"><divclass="menu__left-area"><divclass="menu__item"><aclass="menu__item__link menu__item__link--brand"href="/"title="Home"rel="home"><imgclass="menu__item__link--brand__image"src="/images/icon.png"alt="TheBestJohn"><spanclass="menu__item__link--brand__label">TheBestJohn</span></a></div></div><divclass="menu__right-area"><divclass="menu__item"><aclass="menu__item__link"href="http://blog.thebestjohn.com/">Home</a></div><divclass="menu__item"><aclass="menu__item__link"href="http://blog.thebestjohn.com/about">About</a></div><divclass="menu__item"><aclass="menu__item__link"href="http://blog.thebestjohn.com/archives">Archives</a></div></div></div></nav><divclass="page-background"></div><divclass="content-container"><divclass="content-outer"><divclass="content-inner"itemscopeitemtype="https://schema.org/Blog"><articleclass="article"id="article"itemscopeitemtype="https://schema.org/BlogPosting"><h1class="article__title"itemprop="headline">Static Site what?!</h1><divclass="article__meta"><timeclass="article__meta__time"datetime="2018-04-27T17:40:00.000Z"itemprop="datePublished">2018-04-27 17:40:00</time><divclass="article__meta__categories"><aclass="article__meta__categories__item"href="/categories/Web-Dev/">Web Dev</a></div></div><hr><divclass="article__contents"><p>Recently I’ve become disillusioned with most CMS options. They’re a pain to keep updated, plugins are constantly being abandoned, and they’re so prevalent in sites that they make a very attractive target for exploitation. In fact the first time I lost control of my server it was because of a bug in a themes use of timthumb.php. Basically, the attacker sent it an “image” file from a hosting website that had a php eval script hidden in it’s data. When accessed normally it showed an image but if they accessed the cached file that timthumb made, then the server treated it as a php file. From there they were able to install a remote shell, and own my server.</p>
<h3id="Static-site-generators"><ahref="#Static-site-generators"class="headerlink"title="Static site generators"></a>Static site generators</h3><p>While the timthumb exploit was a pain in the ass, it was very interesting to me and made me seriously consider how I secure my systems. To that end I started reading into static site generators. Static site generators take your posts, usually formatted in some sort of markup, put them through a templating engine that outputs <code>.html</code> files, which you can then serve via the usual methods.</p>
<h3id="Why-tho"><ahref="#Why-tho"class="headerlink"title="Why tho?"></a>Why tho?</h3><p>The idea is that <em>most</em> sites don’t actually need to use dynamic code. Their content is, for the most, part static. Users aren’t interacting with the content (other than the comments sections and forms but we’ll talk about that later). They are, instead, just reading it. The only person who seems to be interacting with it is the person that owns the site. Even then, the owner isn’t actively interacting. They are writing a post, or updating a page. After that, everything stays the same.</p>
<p>All this is a “face-value” reason to move over to a static site. I have an even deeper reason for wanting to use a static site, portability. Static sites allow you to use a generic format for your posts. I write all my posts in markdown, a very common and widely used format. With this I can move from generator to generator without much change. If I were to make my blog in something like Wordpress, my post information would be locked into a <em>very</em> specific database format. If I, for some reason or another, decided I no longer wanted to use wordpress it would be a lot of work modifying all my posts to be compatible with the new platform.</p>