Quick feedback: Don't commit vendor packages to your repository, make use of Composer (http://getcomposer.org). Separate out your application core from the public folder, that way you don't need to rely on your web server for security: if someone uses nginx your set up leaves them vulnerable. Look into MVC, you have logic and display mixed together.

> Don't commit vendor packages to your repository, make use of Composer

But make sure you have a complete package for enduser (if you believe it's ready). This is very important esp. for PHP audience: download, unzip, upload, see "Hello World".

Automate this early, it will pay off fast.

You are right. The application does not belong to public folder. My goal is to make installation as easy as possible. Just copy the code and start to blog. Another reason is, that you can't easily run the application in subdirectory for example /blog/ if put the application code behind public folder.

Composer is a good Idea, but with first version we wanted to deliver one single package for the end users. We would use composer for the next releases.

If you absolutely cannot separate out the public portion of the application from the core -- which should be possible because even the worst shared hosts allow for folders above public_html -- then you'll need to use a PHP solution for protection the files. For example if you define a constant in index.php and then check for that constant in included files you can prevent access, eg:

    defined('BASEPATH') OR exit('No direct script access allowed');

From https://github.com/EllisLab/CodeIgniter/blob/develop/applica...

You are right again. But I will complicate the installation. The PHP files are secure, they are classes ore arrays. if you execute them nothing happens. We have an .htaccess file in core applications folder. The .htacces file rejects all requests.

We would provide security tips also for nginx users. Just to repeat all files except index.php are classes ore arrays and and they don't execute any code.

By our first post on HN some users criticized us that we call Ospari open source but no one can see our code or download Ospari. We worked hard and released the first version today.

Could you post few screenshots of the admin panel? A functional demo of admin panel would be even better.

Here is a quick screen short http://awesomescreenshot.com/04e2brbo81 We a basic and clean admin interface. Ospari uses Markdown. You have a live preview as you type and everything is auto saved.

Follow us on Twitter @Ospari for updates. We would post more detailed docs in the next days.

You need to write some documentation if you want to get anyone interested.

Tests would be good, too.

WordPress is doing pretty well with no tests!

WP has tests, they are not perfect but they exist.

http://unit-tests.svn.wordpress.org/trunk/ https://github.com/10up/wp_mock

Wordpress has zillion of tests.WP real problem is its architecture but since its authors want to support legacy PHP versions it's not going to change.

Thank you. Yes I would write detailed documentation.

Somebody explain why this is necessary. Ghost is open source. Why not just uses Ghost? It also uses Ghost themes.

To run Ghost, you need a server to host it on, and enough knowledge to set it up and manage it. You need some level of sysadmin skills just to understand the install instructions.

A PHP application can be dropped on any $2/month shared hosting account over FTP. That's the extent of the installation, and the host will support it for you. Even cheap unmanaged shared hosts will troubleshoot setting up PHP code for customers.

Ghost can only be set up by people that frequent sites like HN. A PHP app can be set up by anyone. That's why over 40 million people use WordPress where maybe 20k have used something like Jekyll.

Here's a site that offers a fully-managed Ghost hosting solution that's cloud-accessible via a Dropbox-style app and only costs $5 per month:

https://runkite.com/

For most people, I'm not sure that no FTP access is the dealbreaker it once was. I'm not saying that there's not validity in creating an alternative designed for PHP, but this criticism of Ghost doesn't ring particularly true to me for this reason: Ghost has had a total of four months on the market. Give it a year and see if the process is any easier. I'm going to say it might be.

While not quite the same as having FTP access Ghost do offer hosted blogs from only $5 per month. Anyone that can set up a WordPress.com blog should find Ghost just as easy.

Ok, but not everyone can pay Ghost hosting plan, since "$" is not the default and official currency in every country.

The Ghost Foundation is a UK organisation and I can assure you that USD is not the default currency here. If they're willing to make the effort to accept USD, I'm sure there are plenty of bloggers able to make the effort to pay using it.

Regardless, USD is the de facto standard for SAAS payments (whether this is good or bad is a discussion for another time). If you can't pay in USD then you'll find a substantial proportion of services unavailable to you.

I'm not sure if you're aware of it, but this is an example of toxic feedback - that's a comment of worse-than-neutral value for both the person who made something and the quality of the thread.

There are lots of reasons to make a piece of software. Necessity is only a part of it, but even arguing from the position of an effort being unnecessary is short-sighted at best and belligerent at worst. People will make software even though similar offerings exist in the same space, and for the most part that's a good thing.

I'm just genuinely curious. And the commenters here have come through with good answers. I think some explanations like this need to end up on the project's site and GitHub page now. I think there's a lot of value in this. I think saying "Ghost is a pain to run yourself but this is easy" is all that needs to be said to answer questions like mine.

It's difficult to judge intent on the internet - especially on a site that has a big international audience - so I apologize if I misunderstood your comment. The way it's been formulated suggested to me it's somehow not feasible to make this software. And we're doing this too often to people who come here to show their projects. We criticize their choice of programming language, their programming style, the validity of their ideas, and the audacity to even try to make something when there are obviously so many better alternatives already on the market. Your comment sounded to me like it was going to be one of those. Again, sorry for misunderstanding.

It's all good. I just wish that more of the READMEs out there would answer a few questions like "what is this", "why did you make it", and "who is it for".

There are no wrong answers to these questions. "my pet project", "i was bored", and "just for myself" are just as valid as "the greatest piece of software ever", "because everything else sucks and I can do it better", and "COBOL experts only". It just always helps to be clear.

I explained it in my last post. It is the ease of getting started. You can just copy Ospari on your server and start to blog. Installing Ghost is not easy. Second it is also about alternatives. Why Ycombinator started HN, although reddit existed?

Ghost and WordPress offer hosted blogs as well as source code. It's no longer necessary to worry about servers or FTP details just to get up and running. Creating a blog is now as easy as filling out a form on a website and clicking submit.

Your only other USP appears to be the ability to parse themes designed for a different engine. Is this going to be enough to distinguish Ospari from your competitors? Is it feasible for someone to write a WordPress plugin that achieves the same thing?

Ghost is great. Wordpress is not. Yes, currently our USP is parsing ghost themes. Ospari is faster than Wordpress and I would say even more secure than Wordpress. Not to mention the code quality ;-) and we have just released the first version.