Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Reason #304 to be glad you use Txp
Heavens to Murgatroyd. To what degree Txp is inherently more secure than WP vs. simply being less of a target for exploits, I don’t know. But I know which I’d rather use :)
Code is topiary
Offline
Re: Reason #304 to be glad you use Txp
jsoo wrote:
To what degree Txp is inherently more secure than WP vs. simply being less of a target for exploits, I don’t know.
That’s a good question, would TxP be more vulnerable if it was used by more people?
That’s the same argument Microsoft has always used, since Windows is used by so many people, it’s a target of more exploits. But I’ve never bought that argument, because Windows was designed before the Internet age. Windows is secure if you never hook it up to the Net, where an operating system like Linux was designed with inter-connectivity in mind.
That’s the same problem Wordpress has, it’s a very easy system to use, would make a great Intranet tool, but it’s a disaster waiting to happen on the World Wide Web. How many people are running Wordpress not knowing what their theme is doing? They pick and choose a new look, but never bother to diagnose the code behind their site. Reminds me of MySpace, all that spam code developers would inject into their freely available layouts.
Textpattern on the other hand is a clean slate, you see exactly what’s going on in your Pages, Forms and Style tabs. There’s no raw PHP code in your site’s templates, just plain Textpattern Tags. I liken a new install of Textpattern to a base install of Debian, it just has what I need to run, and it’s rock solid.
Why is Textpattern not used by more people? Now that’s the question we should be addressing.
We Love TXP . TXP Themes . TXP Tags . TXP Planet . TXP Make
Offline
Re: Reason #304 to be glad you use Txp
hakre points to these two posts I read this morning when the news about WP304 started to spread:
- WordPress: a penetration test. Full analysis of little-known vulnerabilities hyped engine
- WordPress 0day vulnerabilities. Continue to hack popular engine
You may find this an interesting read, although most of their research is based upon WordPress before the ill-fated 2.8 series [de].
I concur that part of Textpattern’s stability is certainly attributable to the fact that it is a tinyer target not worth the effort, as long as there’s another system with a 10 per cent market share around.
Offline
Re: Reason #304 to be glad you use Txp
Wow, that hack seems like a pain to fix! There are probably many WP.org users who are making changes to their templates directly, without personal backups, too…
Why is Textpattern not used by more people? Now that’s the question we should be addressing.
I’m sure there are differing opinions on this, but Wordpress’ popularity among people who really aren’t even HTML/CSS-minded is probably a huge factor. I’ve noticed that the WP users complaining about Textpattern are largely disinterested in the process-oriented benefits of Textpattern: the “clean slate” approach, txp tags, and Textile. They see no friendly GUI-way to do common things, and they view it as a deficit. Process-oriented designers see no GUI and rejoice at all the time they will save.
I gave Textpattern a look years ago before I started using Joomla, but the things that stood out to me about Joomla at the time were the gigantic community and growing resource pool. You could build a small business off of free themes and free plugins, and start learning HTML and CSS as the occasion required (or as the forums let you down). I saw the same value in Wordpress, but even then, Wordpress security breaches seemed many times more likely than Joomla security breaches.
Textpattern seemed like it wasn’t going anywhere fast, in comparison. You had to learn a lot, and as a new user I just couldn’t discern how valuable it might be vs. Joomla or WP. Without such information, the mental comparison process becomes a raw numbers game. However, now I look back and wish I had known to use Textpattern instead of Joomla. I believe I could have saved myself hundreds of hours. Still, it would have been a difficult sell to me, because small businesses thrive on turn-key everything; learning curves are a liability.
My personal conclusion is that Textpattern is more of an upmarket FOSS CMS. The user community, over-represented at the high end of web skill sets, seems a good testament to this.
This would mean that Textpattern is competing for mindshare in a heavily-targeted market, though — high-end web designers. Competitors of all shapes and sizes are already marketing to this type, and are splintering to fill every gap in that web designer’s mind — use X CMS for larger sites, Y for small e-commerce, Z for smaller blogs, etc. Commercial? Proprietary? End-of-life? Not as much of a problem, since money, backups, and promising plan-b tools like ODBC alleviate those pains in many cases.
FOSS doesn’t have to compete, in theory, but the Textpattern community certainly seems interested in helping it compete by developing for the platform, soliciting donations for existing developers, writing tutorials, and so on. I appreciate the emphasis the MODx community have put on donations during the software download process, and I know that reminders to donate to the Textpattern devs are helpful. But to what degree money really drives Textpattern development, I know not. Perhaps there are more effective ways for the community to help push the platform forward and give it more influence.
Last edited by maruchan (2010-12-30 18:00:10)
Offline
Re: Reason #304 to be glad you use Txp
maruchan wrote:
But to what degree money really drives Textpattern development, I know not.
That’s a good question, and the developers have hinted the lack of in the past, on these forums and the mailing list. Yeah, if you plan on competing with the likes of Wordpress, money would come in handy, but I don’t think money is what Textpattern needs. What we need is more hands on deck, get more people involved. A few hours a week by 10 volunteer developers is more cost effective than funding 2 full-time developers.
Moving Textpattern to GitHub would start the process. It was brought up on the mailing list back in September and we had quite a few would-be developers offering their time if such a move happened.
Perhaps there are more effective ways for the community to help push the platform forward and give it more influence.
Make it more user-friendly comes to mind. Lower the barriers to entry so we can get more users on board.
We Love TXP . TXP Themes . TXP Tags . TXP Planet . TXP Make
Offline
Re: Reason #304 to be glad you use Txp
hcgtv wrote:
That’s a good question, would TxP be more vulnerable if it was used by more people?
More targeted, not necessarily more vulnerable nor it would make it more insecure than it is. Social engineering, malware plugins, mods, themes and such. More bad linking to TXP’s dynamic pages, playing with TXP’s URL modifiers, more targeted spoofing and phishing.
Offline