Moving from a “blog service” to a static site generator has been great:
- Hosting static content is pretty easy
- It’s backed by git, so I get all the benefits that brings: history, branches, diffs, etc.
- Security-wise, the attack surface is much smaller - the production site is just static HTML/CSS/JS, so there are entire classes of vulnerabilities and threats that I don’t have to worry about
However, it’s possibly come with a little complacency - I looked back recently to find I’d not actually updated the framework itself since my very first commit ~6 years ago. Slightly embarrassing (as someone who regularly talks about the benefits and importance of regular incremental updates) but not exactly surprising: “the cobbler’s children have the worst shoes” after all…