08 May, 2008
WordPress has a loyal following in the blogosphere and
is used to power thousands of websites and blogs, and several books have been written about it.
A compelling measure of WordPress popularity is the number of
downloadable themes that can provide an easily deployed
and consistent look and feel to WordPress sites. So, when I was looking to update the presentation
of the cipherdyne.org site, it seemed a natural step to consider a WordPress theme.
I've updated cipherdyne.org to use a slightly modified version of the
Daleri Selection (v1.0) Theme
by
Andreas Viklund, but
with a twist: I don't run actually Word Press. All of that PHP code and MySQL database backend
is throwing a lot of complex code (and associated potential security vulnerabilities) at a problem
that (in my case) can be solved in a simpler way. That is, I just want to provide an outlet for my
software and
publications,
and maintain a
blog for my corner of the security technology landscape.
For this, I just need a themed website in plain HTML and CSS along with
RSS and
Atom feeds, and I need an effective
way to manage all of the pages and create new blog posts. This is where perl, rsync, and
subversion comes in.
The cipherdyne.org website and blog is managed by a set of custom perl scripts that
perform each the following tasks:
- Provide a way to create new blog posts and link them into the cipherdyne.org blog hierarchy. For
example, the forward and backward links at the end of each post (such as
this one)
are auto-generated based on the posting date, and the permanent blog links
are created from each post by the blog post title. The number of blog posts is summarized by
date and organized into categories that can be browsed via the
blog archives, and updates to the RSS and Atom feeds are automatically
generated.
- Validate HTML and XML page structure. This is exceeding easy through the use of the
perl XML::Simple module. But, using the W3C HTML validator
is more thorough, so I periodically use it as well to spot check various pages on cipherdyne.org.
- Validate software release MD5 digests and GnuPG signatures (see the fwknop
download page for example), and automatically correct if any
digest is invalid.
- Search through the entire cipherdyne.org website and flag any broken links (parsing the
output of a recursive wget against the cipherdyne.org staging server make this easy).
- Send blog pings out via the XMLRPC::Lite module to various blog aggregation services
such as FeedBurner and Technorati.
- Drive the entire cipherdyne.org site via Subversion for source control, and deploy
with rsync to separate staging and production servers. When it comes to deploying a more
complex piece of software for visualizing changes to the source code for any of the
cipherdyne.org projects, my first choice is Trac, but
when it comes to the main cipherdyne.org site, a set of HTML pages maintained by a consistent
WordPress theme is sufficient.
Sean Wilkerson convinced me to
join Twitter as a way to help increase
the exposure that the Cipherdyne projects have on the Internet, and also to
interact more with peers in the security community. After having used Twitter now
for a couple of weeks, I can see some benefit in its ability to rapidly broadcast
updates (140 characters at a time) and to make it easy to see what others are
working on (subject to what they choose to reveal of course). Further, it seems
plausible that Twitter's flexibility and speed would make it easier to acquire
answers to questions than trying to contact people directly via email. Sean also
had mentioned that after a recent talk he gave at
DojoSec (hopefully video of it will be posted soon) he noticed that people are
using Twitter during security talks as a way to organize the audience around the
topic at hand. This provides a way for the audience to converge on challenging
questions and bring participation to a higher level. Finally, as a measure of its
success, it might be worth noting that Twitter has also been in the news recently
as a mechanism for organizing a
revolution in the former-Soviet republic of Moldova.
