ode - a simple personal publishing platform for the web

New to Ode? You may want walk through this short (29 slide) intro presentation.

The presentation includes just 29 slides and attempts to answer the first questions you might have about Ode (from the basics to design goals).

Note: The presentation is running through Ode by taking advantage of the S5 standard, which is based entirely on XHTML, CSS, Javascript. Not only is it a nice introduction to what Ode is all about, but it's also a good demonstration of just how flexible Ode's simple themes are. The entire presentation consists of a post and a theme (just like this one).

Intro to Ode presentation

Do we need another publishing platform? You might guess that my answer to that question is, "Yes! At least I think we need this one."

Let's start by talking about what Ode isn't. It's not antoher WordPress. I think the people responsible for that platform are doing just about as good a job with it as is possible.

If you're looking for something with a relational database management system like MySQL at the backend and 4+ MB worth of PHP, Javascript and CSS then you really should check out that project. I'm not being insincere or cynical I really do think WordPress is pretty fantastic, but Ode is something different.

That package (and many others) do more than Ode at the moment but as I've already said, Ode is different.

Different how? Ode is simple.

• Ode itself is a single Perl script.
• Content are simple plain-text files.
• The look at layout of an Ode site is determined by a theme that is nothing more than standard (X)HTML and CSS.

Is that all there is to it?

Are Legos just interconnectable plastic blocks?
No, that's just the beginning...

Because posts are plain-text files you're free to use any editor you like. That's a big deal. There are many fantastic editors available, many of the best are open source apps and of course there are also some great commercial applications.

These editors are as varied as the people who use them and the jobs they're asked to do. If you were to ask enough people, the answer to the question, "Which is the best editor?" is likely to result in nearly as many answers as the total number of choices. One thing is for sure, editors, as a class, are some of the most mature, subtlety brilliant software applications available. Why then, when it comes to writing online, are we asked to abandon these finely honed tools in favor of the blunt instrument that is the HTML form? Even with all of the new spiffy 'Ajax-ified' features that have come to define the new wave of web apps, the best web-based option is a poor substitute for even a mediocre standalone editor.

Ahh, but being able to write in a browser is so much more convenient. I agree... Ode's simple posts allows us to do both :) (More on web-based posting later.)

Next (Simple Writing)

The purpose of XHTML and CSS is two-fold.

Firstly, to allow the developer or designer to control the structure and layout of a site, and secondly to style or format content.

The structural bit is the responsibility of XHTML and the job of formatting and style falls to CSS.

The past several years have seen a lot of work in this area. From those efforts we have the emergence of standards based on CSS and the formalization of HTML as an application of XML. Combined, these technologies make a solid architecture for publication, they're terrible authoring or writing tools. They're just not simple enough for the job.

• The syntax is (necessarily) formal which results in a lot of overhead. Far too much for efficient writing.
• While complexity helps a markup language to be expressive and precise it leads to a laborious and error-prone writing experience.
• Syntax errors break the interpretation of the markup and detract from content.
• The burden of slogging through syntax discourages content creation.
• Mistakes in syntax with XHTML tend to cascade through documents in odd ways causing unexpected and often difficult to diagnose problems.
• Noisy markup distracts from and complicates writing and editing. Working with XHTML directly, it is not unusual for the amount of syntax to exceed the content itself!

For these reasons various lightweight markup languages have been developed for the purpose of presenting a minimal syntax intended to facilitate a more natural style of writing. These languages are typically implemented as both a syntax and a program capable of translating between its own grammar and XHTML.

These are intended to address many of the problems associated with writing on the web by:

• Simplifying plain-text formatted (source) documents so that they are as readable as possible, even without being converted.
• Encouraging the appropriate use of formatting to improve the readability of the resulting XHTML as displayed in the browser.
• Avoiding the problem of mistakes cascading through a document. Broken syntax simply does not translate and does not disturb the rest of the document.

The unofficial but preferred syntax for Ode is Markdown. There are a few alternatives, most prominent among them, Textile, which is another very nice implementation of a lightweight language.

So why Markdown?

Because more than the others, Markdown emphasizes readability of the plain-text document and that seems very much in agreement with Ode.

The other reason to choose Markdown is that it is written first in Perl and Ode is itself a Perl app.

Is this a big deal? Are we limited only to Perl when working with Ode?

No, but keeping as much of what is distributed with Ode in Perl will simplify things for new developers (more on development later).

I'll let the author of Markdown explain its advantages and raison d'être:

Markdown is a text-to-HTML conversion tool for web writers. Markdown allows you to write using an easy-to-read, easy-to-write plain text format, then convert it to structurally valid XHTML (or HTML).

Thus, “Markdown” is two things: (1) a plain text formatting syntax; and (2) a software tool, written in Perl, that converts the plain text formatting to HTML. See the Syntax page for details pertaining to Markdown’s formatting syntax. You can try it out, right now, using the online Dingus.

The overriding design goal for Markdown’s formatting syntax is to make it as readable as possible. The idea is that a Markdown-formatted document should be publishable as-is, as plain text, without looking like it’s been marked up with tags or formatting instructions. While Markdown’s syntax has been influenced by several existing text-to-HTML filters, the single biggest source of inspiration for Markdown’s syntax is the format of plain text email.

Does that mean that you're stuck with Markdown?

No, Markdown is implemented as an addin. You're free to replace it with some other syntax using Ode's addin architecture (more on addins and development later).

It does mean that Markdown will always be distributed with Ode, that you should expect Markdown to work, and discussion of Markdown is considered relevant to this project.

In addition to Markdown, posts support HTML. Just keep in mind that they are contained within a larger page structure. So for example a body tag () should never find its way into your posts.

Next (Simple Content Management)

We've already hinted that Ode uses the filesystem as a content database, which of course is different than saying that there is no content database. Decades worth of effort speak to the effectiveness of filesystems at storing and organizing files and the data they contain. Modern filesystems are made to handle the rigors and requirements of modern operating systems and include numerous features designed to ensure the scalability, security, integrity, and availability of data. That's good enough for me.

Sure a filesystem is different than a relational database and we need to take advantage of its strengths rather than railing against its limitations. For example, filesystems are strongly hierarchical so we should take advantage of that organization.

Posts are organized hierarchically according to a topic-based categorization scheme. For example, the root of the weblog may contain any number of folders, which are categories, such as 'Technology', 'Politics', 'Music', 'School', etc. Each of these categories may contain any number of posts as well as subcategories (i.e. subdirectories). For example, 'School' may contain subdirectories for each of a number of different courses. Within each of these subcategories there may be more posts and additional categories.

As long as we are willing to organize posts hierarchically the advantages of using the file system as content database are numerous.

If you know how to manage and organize other types of files then you already know how to manage your Ode site (simple, right?). Even if you're new to computing, the skills you develop working with Ode are applicable to just about everything else you'll do with a computer.

That's just one aspect of simple content management. Here are some others:

Adding, editing, and deleting posts - your operating system's file manager and/or your editor are all you need.

Importing and exporting content - because posts are discrete text files, there are no distinct import/export procedures. With plain-text files you are in great shape to migrate your data to any other platform and if you are using something else now, at the very least you should be able to recover your content as text. You do not need to worry about being locked into Ode or losing access to your data.

Backing up and restoring - your posts are dicrete files which, as far as your operating system and backup routines are concerned, are no different than the other files on your computer. In fact the same thing goes for the rest of your Ode installation (not just your content). You can continue to use whatever backup mechanism you're using now. What's more your site can be backed up and restored incrementally at the level of a single post.

If your're not backing up your files currently, you really should start. In this case Ode doesn't complicate the decision about how to manage it or limit your range of options.

Permissions - Permissions for Ode are governed by the file and folder permissions and access controls dictated by your operating system. There's nothing special that you need to be conerned about. Even if you're not comfortable with permissions, for the vast majority of installations a simple permissions 'recipe', i.e. a straightforward set of rules is all you need. (See the documentation for more info.)

Interacting with a remote server - This is no more complicated than file transfer. Use sFTP/SSH/WebDAV/HTTP or any other file sharing protocol that works for you/your hosting provider/your environment.

File synchronization - Let's say that you want to run an instance of Ode locally on a laptop and also run a publically available server with the same content. For those times when you have your laptop but no internet access, you'd like to be able to create and edit posts locally. At other times, you may not have your laptop but you do have access to the internet from some other computer. You'd like to be able to sync the local and public sites.

This is the sort of thing that is very difficult to do with other packages and trivial with Ode. Taking advantage of best in class file synchonization utilities for your platform, you have the ability to mirror changes in either direction.

Well, that's probably enough of the simple content management shtick and there is so much more to discuss. Before moving on I want to point out that simple content management does not mean stupid content management. As simple as it is, we can do some clever things with Ode. Some examples:

In addition to the hierarchical categorization scheme that results naturally from the organization of files and directories, Ode is capable of interpreting date based requests.

For example:

(put in a table) sample.net/weblog/2007/ All posts created in 2007 sample.net/weblog/2007/01/ Posts from January 2007 sample.net/weblog/2007/01/02/ Only those posts dated January 2nd.

What's more we can combine the date and categorization schemes to limit posts in a given category by date, e.g.:

(put in a table) sample.net/weblog/Technology/Apple/MacOSX/2007/01/ Only posts in the MacOSX category created in January of 2007.

This scheme, which is ideal for date-based navigation and browsing, is built into Ode. Other schemes can be implemented using Ode's addin architecture. (More about addins later.)

Furthermore these date-based 'paths' make for perfect permalinks allowing you to reorganize your site at will without breaking links or violating one of the key tenants of the web, namely 'Cool URIs don't change'.

But that's not all. Because Ode sites are organized hierarchically (by date or category) they play nicely with search engines like Google. Just as simple posting means that we can write more efficiently, simple content management means that what we write can be shared and discovered by others more efficiently.

But we still haven't extracted all of the simple goodness.

Simple content management, in combination with Ode's themes, allows us to syndicate the entire site and every category separately. Maybe one of our visitors is interested in everything we write and another only in what we have to say about 'Technology', or just 'Technology/Apple'. Ode has the flexibility to do that, and without requiring that we make any special arrangements.

Next (Simple Themes)

Themes allow for customization of an Ode site.

The most remarkable thing about Ode's themes is that they're almost completely unremarkable. Themes are pure HTML and CSS. The look and layout of a page is described by a single file that looks like any other (X)HTML file to your text editor or web design and development app.

There is no need for you to change how you work with HTML/CSS for Ode. Repurposing your existing themes for use with Ode or reworking your Ode themes to work with any other package with a reasonable templating scheme should all be relatively straightforward.

Let's look at the complete structure of a typical Ode theme.

html-2011_0824/
    content_type.html
    date.html
    page.html
    page_no_posts.html
    logic.css

images/
    site_header.png
    ode_mascot110x50.png
    i_heart_validator_badge101x46.png

Of these, page.html and logic.css together are almost entirely responsible for the look and layout of the site.

'logic.css' is a CSS stylesheet, identical to any other you might see. There is nothing special about a stylesheet for an Ode theme. If you know how to use CSS to style a webpage then you already know how to style an Ode theme.

There is almost nothing Ode-specific 'page.html'. It starts with a doctype declaration and ends with the closing html tag. All nearly identical to a standard HTML document, except that it contains some Ode-specific variables that serve as placeholders. When run in response to a request from a web browser or some other UA (user agent), the script substitutes replaces the variables with appropriate values. These variables are powerful, but just as importantly they're simple to work with.

For example, nearly every theme will include the variable

$config::site_title

It should be obvious that this represents the site title. Just as importantly, it shows you that this is a user configurable variable that's set in Ode's config file.

The config file is a plain text file you can edit in your favorite editor, or other app of choice, in the exact same way you create content for your site, and design your themes.

If you look at that plain text file, you'll find quite a few settings. All of them extensively annotated, so you exactly what each of them does, and what sort of value is expected.

Site title is the fifth setting in the file. And as is described in detail by the annotations included in the file itself, you set the site title by replacing the string on this line:

$site_title = "My brand new Ode site";

This tells us that by default the title of every Ode site is:

My brand new Ode site

If you wanted to change that, which of course you will, you'd just change the text between the double-quotes, like so:

$site_title = "ode - a simple personal publishing platform for the web";

Hopefully you'll agree that's pretty easy to understand.

$config::site_title is the title of the site and is set in the config file.

Other variables serve different purposes, but they all work in the same way.

Do these variables 'play well' with standard HTML and CSS? Yes, they do!

For example, to style the site title (as well as incorporate it into the site structure) we could just wrap it in a header (an h1 seems appropriate for the site title.) Take would look like:

<h1>$site_title</h1>

And when the script substitutes the value for the variable, we get

<h1>My brand new Ode site</h1>

There is nothing at all non standard about that.

Everything you know about HTML and CSS applies. There is nothing new to learn. What's more, there's no need to hop around among dozens of files inserting bits of HTML here and there (being careful not to disturb sections of PHP and Javascript).

Not only is this beneficial for users new to HTML and CSS, but experienced designers and developers can quickly build an Ode theme using the same workflow and reusing HTML code they already have on hand, work out the kinks, and then repurpose it for any other platform - without rolling back a lot of Ode specific elements (there aren't any).

Simple doesn't mean limited. You can have any number of themes with Ode and switch among them at will. You can display any page using any installed theme without changing the configuration of your site. You can apply a different default theme for any category or subcategory on your site. (Themes associated with a category carry through to all subcategories but can be easily overridden.) Using nothing more than your browser's address bar, or standard link, have different looks for pages on your site, and even present multiple views of the same page.

Hopefully this little introduction has you excited about what's possible with Ode's themes. Future posts will explore themes in greater detail - from installing themes, to a list of variables available for use in themes. We'll also look briefly at the other required theme files that I didn't discuss here.

So for example, you can establish a default theme for the entire site simply by associating one with the root category. If we want a consistent look for the entire site then that's all there is to it. However, if the 'Technology' and 'Music' categories should have different themes we can easily override the default for those two without affecting the rest of the site.

How does this work?

Each category can contain a 'Themes' directory. Each 'Themes' directory can contain any number of individual themes, each of which is contained in its own folder along with all of the associated files.

When a visitor requests an address, that request specifies one of either:

the root of the weblog (ode-is-simple.com/weblog/),

some subcategory (ode-is-simple.com/weblog/meta/),

or an individual post (ode-is-simple.com/weblog/meta/hello_world).

Ode determines which theme to use by starting at the most specific path to the request and working back toward the root. As soon as it finds a theme that matches the request (or a default if no specific theme was specified), it stops looking.

Themes are flexible enough that we can create any look we might want.

Bundled with Ode you will find one, two, and three column themes as well as several specialty themes including:

print theme text page theme (suitable for longer posts) RSS 2.0 theme presentation theme (compliant with the S5 standard)

All of these themes are standards compliant (XHTML 1.0 Strict).

What's more, care has been taken to insure that the themes are logically organized and as simple as possible. Working from these you should be able to create a site of your own design with a minimum amount of fuss.

Next (Simple Enhancements)

Upgrading Ode involves replacing a single file. Because configuration details are kept out of the script itself (and your content, themes, and addins are unaffected by an upgrade) all that's required is replacing the current version of the script with the new one.

Simple Configuration

There is a single configuration file. A default config file is available for download (and included in the bundles and XAMPP packages). All of the configuration options are well documented and include sample settings to help resolve any ambiguity in the description of what these options do and how they should be set.

What's more, you won't find dozens or hundreds of options. Expect to spend no more than 5 - 10 minutes configuring Ode, the majority of it reading through the descriptions of the various settings. That time will save you potentially many hours trying to resolve problems due to misconfiguration.

Next (Simple security)

Ode implements an addin architecture. Addins are modules that extend or redefine how Ode operates. You may be familiar with other projects where this same sort of thing is referred to as an extension, module, addon, plugin, etc.

I chose the term addin because

1. 'add in' describes more accurately than the other terms how modules work with Ode, i.e. simply add them to your installation and you're done. The term 'addon' seems a little disparaging, as if the modules are of lesser importance. Moreover, because it's possible to replace core routines included in the script itself and not just 'add on' new functionality addon seems not entirely accurate.

2. addin is not as commonly used as some of the other terms. So it is less likely that references to Ode addins in documentation or tutorials will be confused with something else, for example Perl or Apache 'modules'.

Essentially addins allow anyone familiar with Perl and Ode to redefine just about any aspect of the script (by redefining key subroutines) or extend the functionality of Ode in an infinite number of ways by introducing entirely new routines (more on developement later).

To install an addin simply download and copy it to Ode's addins directory. Each addin is completely self-contained. No need to worry about becoming confused over which what goes where.

These individual addin directories are referred to as bundles.

Is there anything that makes Ode's addins simple? I'm glad you asked.

Addins are managed by directly manipulating corresponding files via the filesystem, in much the same way as posts.

Interacting with the addin files directly avoids the problems and confusion that can result from using a web form that deals with the state of addins on your behalf.

For example,

With Ode you will deal with addins in exactly the same way whether everything is running smoothly or you're having trouble.

With many other packages if a module malfunctions you may lose control over it from the administration interface, or what's worse a malfunctioning or misconfigured module may prevent the software from running at all, which means that you cannot access the admin interface, and in turn cannot fix or remove the problem module. Or at least you can't do these things in the way that you would normally manage the software.

With Ode you specify an absolute order in which installed addins are run. This simplifies interaction among addins and puts you in control. After all, no one else has exactly the same installation that you do.

Modules can be disabled without being moved or uninstalled.

Addins are disabled by appending a trailing underscore to the bundle name. The advantage here is that it's possible to see at a glance whether a module is enabled or disabled.

Disabled modules do not affect the behavior of Ode and do not impact performance.

Without talking too much about development here, I do want to make a couple of points about the philosophy of addin development under Ode.

Addins should be self-sufficient with a minimum of dependencies.

External dependencis are problematic because they add to the minimum requirements necessary to use the software, and while adding one or another library may not be a problem for some installations it may be very nearly impossible for others. Furthermore, external dependencies complicate installation, configuration, and documentation.

Internal dependencies among addins should also be avoided. Things get tricky when, as an end-user, I can install the module I want but not some other module it requires because of a conflict.

In the interest of minimizing internal dependencies, addins should be single purpose.

If, as an end user, I'm installing a module to pick up one feature, it can complicate things for me if a bunch of other (unwanted) routines come along for the ride.

Small, single purpose modules should mean faster, more reliable development and finer granularity of control for the end user over what's running on her site.

All addins should be made available here at ode-is-simple.com.

This means that we won't need to worry about hunting for these things all over the internet.

Let me qualify that, of course developers are free to create addins only for themselves or put them up at their own site rather than submitting them to ode-is-simple. But, in order to keep things simple (and safe), addins which are not submitted to and downloaded from ode-is-simple.com are considered outside of the scope of the project.

Obviously, all developers are encouraged to submit their addins.

The following addins are available with Ode immediately:

Indexette - indexes posts so that Ode doesn't need to completely traverse its content directory with every request. Instead, Ode discovers posts by examining the index.

Additionally, Indexette allows new posts to be included without rebuilding the entire index.

Finally, Indexette helps to preserve the creation dates for posts. This is an important aspect of the addin. Without Indexette Ode considers the modification time of the file to be the post date. The trouble with this arrangement is that modification times may be updated when posts are edited and may change as a result of other actions. These 'other actions' are not always predictable or consistent from one installation to another (depending on various factors).

Indexette adds a tag to each post with the original modification time when the post is created. Post dates can be updated by manually changing the date and time recorded in the tag or by deleting the tag altogether (which causes indexette to add a new tag corresponding to the current modification time).

Taking this a step further, Indexette can be made to keep the modification time of the files in sync with the post date as recorded in the tag. This makes it possible to disable the Indexette addin without affecting the post dates or migrate posts to some other platform with the original modification times intact.

Everyone is encouraged to use Indexette.

Editedit - Pronounced 'Edited it', Editedit, in combination with the included edit theme allows posts to be added and updated using only a web browser.

The bundled edit theme includes a live preview of the post that understands Markdown (based on Showdown, a Javascript implementation). In other words, as you edit the text of the post, the addin provides a formatted preview.

Additionally, you can inspect the corresponding HTML markup and the previous revision of your post.

Editedit includes a basic password mechanism but because the password is transmitted as plain-text you should not use Editedit without taking additional security measures (more on security later).

Editedit is very convenient, but don't forget about your editor! Also, please be careful when posting this way because Editedit does not (yet) autosave. If you navigate away from the page while you are editing a post, close your browser window, or if your your browser or operating system malfunctions, you may lose any unsaved changes.

To be safe, if you want to use the web form and you have a long post, use a text editor and copy and paste the finished post to the Editedit form.

Markdown - Markdown has already been dicussed (see Simple Writing). The Markdown addin is nothing more than a wrapper around the Markdown script itself.

Exscape - Allows you to define various escape sequences, for example replacing special characters with corresponding HTML entity references. Keep in mind that some of this is handled by Markdown (See the Markdown syntax reference for more information about how Markdown handles escape sequences).

Many more addins are on the way. I'll shortly post a list of the addins I'm working on and invite other developers to do the same, i.e. start working on new addins and post a list of addins they're working on and a 'best-estimate' timeframe so that other developers and end-users can anticipate work that is being done related to the project.

Note that Ode does not use a package manager (like CPAN). Why? Doing so adds an external dependency, potentially fractures support and maintenance issues between multiple projects, and complicates initial setup and configuration, especially for users new to both Ode and the package manager who must, at the outset, contend with multiple new projects.

Next (Simple upgrades)

Let's be honest, security isn't that simple. W can keep security simple for Ode by doing as little as possible. Anything we do in Ode itself is unlikely to improve the security outlook and in fact may introduce more risk. Instead, let's rely on some trusted friends: SSH, sFTP, SSL.

SSH is a network protocol that allows for secure data exchange between computers. SSH is a well tested, widely distributed, open standard and is very well regarded. What's more, SSH is very flexible, making possible a wide range of communications from remote administration through a secure console, file transfer, and tunneling of other protocols (whereby unsecure applications and there protocols are redirected through the SSH to a remote host over the encrypted SSH connection).

SFTP is a file transfer protocol which is typically implemented on top of SSH. Using SFTP is no more difficult than using FTP, in fact many people confuse confuse the two. Chances are that your file transfer client supports SFTP (if not it's time to get a new client).

Both SSH/SFTP are relatively easy to use. The details of how they work to establish and maintain a secure channel are actually quite complex. Support for SSH and SFTP is built into most modern mainstream operating systems, and available for every one. Furthermore, if you plan on hosting your site, you should expect your provider to support at least SFTP in addition to possibly other secure mechanisms for interacting with your site (all of which will work well with Ode). See the documentation for help enabling and using SSH and SFTP for Linux, Mac OS X, and Windows.

Last but not least there is TLS (Transport Layer Security)/SSL (Secure Sockets Layer). If you have heard of SSL but not TLS, it is an update to SSL intended to bring SSL into the fold as a standard internet protocol (under the auspices of the IETF) as well as introduce some new features and resolve outstanding issues with SSL.

These protocols provide for secure transactions between browser and server on the web, i.e. secure HTTP transactions. HTTP is the application protocol of the web and is itself is not secure. SSL is a secure lower level protocol whcih can be used to encrypt and transport HTTP data. Support for the protocol is included in all mainstream web browsers in such a way that it is easy to secure transactions between the brower and a web server using SSL. Like SSH and SFTP, SSL is easy to use. Unlike SSH and SFTP the web server must be configured properly to use SSL. Configuring your web server to use SSL is not necessary difficult to do but it is not trivial either.

If you are hosting your site, your provider may be able to help you configure your website to use SSL (they will probably charge you a fee for this service). If you are hosting your own server you can configure your server to use SSL on your own. See the documentation for help setting up SSL for Apache.

Do you need to use SSL? It depends. If you are sending sensitive information between your web browser and a web server then yes, you really should use SSL. OK, well do I need to do that then? Normally no, but there is an exception.

The rule

Typically the information you transmit between your computer and your web browser is not secure. The whole idea of having a public web server is to share information. If anyone is free to browse the content of your site there is little point in encrypting and otherwise securing that same content as it is en route. You should never store information you do not intend to make public on a public web server unless you are absolutely confident you know what you're doing.

The exception

The Editedit addin allows you to post to your site through a browser. Presumably the post is intended to be public so as discussed above we don't necessary care about encrypting the post. However, so that not just anyone can edit your posts, Editedit includes a basic password mechanism. When the option to use a password is enabled, the correct password must be specified to add or edit content on the site. Without SSL, this password will be transmitted as clear text. Unlike the post, the password is sensitive because with the password anyone can edit your site. So you really should enable SSL to secure the password whenever you use the Editedit addin.

Generally speaking, it is not super difficult to configure SSL, though it is a bit of a pain. Unfortunately, for those of you with a hosting provider, you are subject to their requirements, restrictions (and fees).

The final point I want to make about SSL. Typically setting up SSL involves creating a certificate, which is essentially an identifier and a key and having that certificate signed by a certificate authority, which a third party well known to be reputable and capable of verifying and endorsing the identity of the entity represented by the certificate.

If you don't know anything about cryptography its enough for the discussion here to know that a key is randomly generated string of sufficient length and complexity that they cannot be guessed or discovered through trial and error.

The Certificate Authority (CA) plays an integral role in guaranteeing the security of public key cryptography. Communication cannot be considered secure unless the authenticity of all entites involved can be established, i.e. there must be a guarentee that you know with whom you are communicating.

That having been said, if you are setting up SSL on your own server solely for your own use then you can forgo the CA and 'self-sign' your own certificate. You can know that the key is valid without the CA's validation. This may be sufficient for your Ode blog, as long as you are the only person who needs to trust that the certificate is valid. If on the other hand you are using Ode in such a way that visitors to use SSL, then please do work with a certificate authority in the process of setting up SSL. See the documentation for help setting up SSL for Apache.

Please do invest the reasonable amount of time and effort required to configure SSL. You'll only need to do it up once.

The final point I want to make about security has to do with passwords.

It is highly recommended that any password you use with Ode be different from any other password used on your system!

Otherwise, please be careful to choose a good password.

Some simple guidelines:

1. Password should be at least 6 characters long (preferrably 8 or more)
2. should not be included in any dictionary.
3. should use a combination of upper and lowercase alpha characters and digits
4. should not be associated with you in any way.
5. should not be based on a visual cue 'hidden' anywhere near your computer.

That's the end of this short introduction to Ode.

Check back for updates (or subscribe to the site's feed).

You will find more info at news.ode-is-simple.com/weblog, which is a new weblog dedicated to Ode, and topics relevant to the project.

Feel free to contact me if you have any questions or comments at rob @ ode-is-simple dot com.