Flutterby™! : status update 2010-12-29 00:36:09.752186+00

status update

2010-12-29 00:36:09.752186+00 by Dan Lyke 11 comments

Spent the last few hours mucking about with Joomla. There's promise there, but...

#Comment Re: made: 2010-12-29 01:54:39.933636+00 by: meuon [edit history]

It's religious. You have to go to the temple, take a leap of faith and ignore the ideas you know were stolen (badly) from other religions. The Priests of Joomla and such bad MVC/CMS ideologies make it work for the masses. Geeks typically pick Drupal over Joomla, web monkeys pick Joomla over Drupal, mostly for the myriad of themes and plugins available.

I ended up using Drupal for Asha's site ages ago. I'm afraid to upgrade because I hacked the PHP code to center her logo on the page. It was non-trivial. Not possible in CSS.

I've been staving off an upgrade hoping that Google Sites would improve to the point where I could just do her sites there. But it's not possible for it not to be obvious that you are using Google Sites when you use Google Sites.

Maybe I need to revisit the latest version of Joomla and Drupal. But I think there is room on the web for a truly killer CMS - especially for small businesses like Asha's where she needs about 10 static pages she can edit in the browser (preferably WYSIWIG in Internet Explorer), host PDF files, have a contact form and a photo album. Extra bonus points if the system integrates a mailing list manager like PHPlist.

I'm putting together a Joomla site now. The learning curve is pretty steep, and the way various elements are named seems kind of haphazard, but it's going to work, I think. The availability of thousands of free themes and plugins is a major plus.

I have used the Zencart shopping cart program as a mini-CMS for sites like the one ebradway describes.

#Comment Re: made: 2010-12-29 11:17:28.993629+00 by: meuon [edit history]

Having created N+1 CMS's. Each has targeted a specific type of website. E-Commerce/Shopping Cart, Non-Profit Associations, Online Learning/Education..(SCORM, AICC and 508 compliant), Publishing.. The hard stuff is done with a little real knowledge of HTML/CSS/JavaScript and PHP/MySQL. Each has the same underlying idea: PHP + MySQL + GUI Editor (optional) + CSS creates a content management system. But the structures and logic of the data are very very different as well as the code.

Joomla/Drupal/Etc.. all seem to attempt to be "I can do it all" CMS's, but all have a bias towards a specific kind of project. Then there are the "$dieties" whome make it the hammer for all kinds of nails, and often make it work very well. But what you are really doing is leveraging the gazillions of hours everyone else has put into a project for a web site. With all of their respective inherited points of view. As many of them are not "real programmers", some of that family tree is atrocious.

If there is $$ in a project, it might be worth custom building a CMS, but in reality the trick is either finding the right existing CMS for the project, or the right $diety of a CMS that knows the arcane magic incantations to control the beast and make it perform. Find both and you win the game.

#Comment Re: made: 2010-12-29 22:12:25.020329+00 by: Jack William Bell

You know, Joomla and Drupal get a lot of attention and seem to be the default when someone wants a CMS. But I've looked at both of them and, frankly, they are complex overengineered messes with a bad case of featuritus. Seriously.

This reminds me of Microsoft Word. Tons of features no one uses (and many of which are difficult to use), but people buy it based on feature lists.

My opinion? If you need a CMS, see if Wordpress will do what you want before going with something more complicated. As a CMS it meets the 80/20 rule for features. As an Open Source application it is well supported, with plenty of free and paid third-party options. It is faster to set up, easier to customize, and cheaper to run than Joomla or Drupal.

I'm willing to bet Wordpress (plus appropriate plug-ins) could meet about ninety percent or more of the use cases people have for a CMS.

Jack: Good point. I need to give Wordpress another visit the next time I'm working on the wife's site. One of the things I definitely don't need: user management. My wife's site has two users: her and myself. And we're happy sharing the password. I also don't need any kind of editorial release mechanism. I rarely use "preview" and, instead, just "publish". That way my wife can monitor the changes on her laptop across the room rather than hovering over my shoulder.

#Comment Re: made: 2010-12-30 00:35:02.1203+00 by: Jack William Bell

ebradway: For what it's worth, Wordpress has all those features you say you don't need, but they are easy to ignore and/or bypass if you don't need them.

Plus, if your primary use of Wordpress is as a CMS, you don't have to actually use it as a blog or have the blog on the 'home' page. It is flexible enough out of the box to support putting the blog under a separate tab and having a 'static' page at 'home' or you can have no blog at all. Moreover, you can use different templates for different pages, just like the big-boy CMS's. Except everything is a lot simpler to set up and manage.

Basically Wordpress hits the 80% 'sweet spot' of features with a fairly simple UI. Something a computer savvy person can pick up in a day or so (including the administration features).

But isn't Wordpress a security nightmare if you don't upgrade every twenty minutes? (Really, how hard can it be? I've been using my own blog engine for ten years now without one security incident---must be all those plugins and widgets and crap that people use)

spc476: I don't know how to respond to what you just said quickly without being a prat. As Thomas Jefferson once said "Sorry this letter wasn't shorter, but I didn't have time."

I doubt you are a newb or a tyro (I don't know you) and the fact you have coded your own blog engine indicates otherwise, but if you are aware of security issues and are a decent coder I am sure you are also aware that the number of security holes found in a system is at least partially a function of the number of people using it. This is why there are so many worms and viruses for Windows and so few for OSX (for example). In other words, OSX isn't intrinsically more secure than Windows 7 (really, it isn't) -- but less effort goes into cracking OSX because it has an order of magnitude less users. (FWIW: I am a Mac user. I am also a realist.)

Now, to your point, using a hand-built custom engine is one way to create something that does exactly what you want and, if it has a user base of one, it is probably pretty secure because it isn't much of a target. I will grant you both of these claims. How many users does your blog engine have? I trust I don't need to belabor this point any more and, even should you take exception to it, I won't. Take it up with Bruce Schneier.

Looking at the problem from the other side: Wordpress is an Open Source project with lots of eyes on the code and lots of people fixing issues. This means that, if you do keep up with the updates, you are pretty damn safe. Safer, in the case of some cracker that specifically wants to get at you, then if you are running a blog engine with one developer. Add to this the fact updating Wordpress is pretty much a push-button operation (unless you are running on a locked down web host that doesn't let scripts update executable files) and your objection boils down to "I don't want to do updates." I trust you do not apply the same thinking to your OS.

My original point was that Joomla and Drupal require far too much effort (and related cost) for someone who just needs the CMS features provided by Wordpress. I extend that point to the claim that 90%+ of real-world CMS use cases do not require more than those features. In other words, your point about security is orthogonal to mine. If I extend my point to include creating a custom blog engine, then we are talking even more effort (and related cost) than using Joomla or Drupal and therefore a custom engine is even less useful to the large majority of people who just needs a small CMS for the least effort and cost.

So, unless you now claim that Joomla and Drupal are far, far more secure than Wordpress, I will refrain from further comment about security.

Final note: I am a software engineer and architect with more than twenty five years experience in everything from mainframes to embedded systems. I learned a long time ago that the best answer in the real world isn't always the best answer in theory and vice versa. For your average user with your average resources, custom code is a bad thing. I state that uncategorically.

I work on the CM side of CMSs and wish more were like Movable Type or WordPress. Drupal and similar systems are nightmares to deal with. I need multiple environments, workflows, versioning together *AND* be user friendly. For the costs, I'd rather take something out of the box, like WordPress, use a plugin for the functionality, etc instead of building something custom. It's just not worth the cash. I know of a few companies who use ExpressionEngine, there are costs involved but it's actually good at what it does.

On the Enterprise CM side IBM/Lotus' WCM is a mess, Vermeer is something else now, Teamsite is still good but you have to invest time and money into setup, training, etc.

#Comment Re: made: 2010-12-30 21:12:41.856271+00 by: spc476 [edit history]

Jack: your objection boils down to "I don't want to do updates." I trust you do not apply the same thinking to your OS.

Actually, it does, and I do. "If it ain't broke, don't fix it." I only upgrade under two circumstances: if there's a feature I absolutely can't live without, and if there's a security hole that realistically can affect me. That's it. Otherwise, I loathe the whole "you MUST update every twenty minutes" mindset that seems endemic in the computer industry. Perhaps it's just me, but I prefer a stable base to work upon, not shifting sand beds.

In fact, the only time I got horribly compromised to the point where the machine was wiped, wasn't because of my apparent lackadaisical approach to security but because it was an inside job. The failure there, was apparently HR.

I also won't claim that Joomla or Drupal are more secure then Wordpress, but I do see more advisories and stories about hacked Wordpress sites than Joomla or Drupal (I've had to work with Drupal and for what we used it for was total overkill since a static site would have been easier and much safer but I wasn't the one in charge; I've also played around with Wordpress and wasn't all that impressed with it, and both appear to have miserable performance, compared to what I'm used to).

I also find it sad to see programmers who have written their own blogging engine drop it and use something like Wordpress, just because they can't be arsed to maintain their own code. I also find it sad that work as pretty much stopped on CMS engines precisely because Wordpress, Drupal or Joomla exist and that's "good enough" (much like operating system research has falled off the face of the earth because Unix is "good enough"). I'm sure there are better approaches to web site construction out there, but will we ever find them? Nay, I say, Nay! Because we've hit a local maximum with the crap we have now (ooh, I think we've hit a button here) and why invest in finding better ways? (I also hate the attitude whereby programmers are yelled at for reinventing the wheel when there is <insert pet project of yeller here> that could use improvement; am I bad for maintaining my own blogging engine? Or for writing my own greylisting daemon? Or for reinventing syslogd? Or recreating that DNS resolution wheel? Eh, I feel I'm making a major digression and should stop at this point)