This site exists because someone on Hacker News decided to be unhelpful.
What Happened
I had an old WordPress site at mickdarling.com that I hadn’t touched in years. It was a placeholder, nothing more. At some point, the ad network got compromised. One of those fake “MacOS Security Center” malware popups that everyone’s seen before.
Did the person who found it send me a note? No. They posted it publicly on HN as a gotcha. Not “hey, your site has a problem.” Just a drive-by to try to make me look bad.
I don’t know if they found it that way or made it that way. I have no evidence either direction. But responsible disclosure is a well-established practice in the security community: you notify the owner privately and give them a chance to fix it before going public. That’s basic courtesy. Posting a screenshot of a compromised site as a “gotcha” in an unrelated thread? That’s not how good community members behave. And it certainly doesn’t help the case that they weren’t responsible for the compromise in the first place.
Whatever. I saw it, and instead of spending time cleaning up a WordPress site I didn’t care about, I built this. That was yesterday.
Built in a Day
Today this entire site, from zero to deployed, took less than a day using Claude Code, Hugo, and GitHub Pages. No WordPress. No databases. No ad networks. No attack surface.
The stack:
- Hugo with the PaperMod theme, running in Docker
- GitHub Pages for hosting
- Decap CMS for local content editing (never deployed to production)
- GitHub Actions for automated builds
It’s the same toolchain I use for everything else: Claude Code with DollhouseMCP handling the AI customization layer.
Building My Own CMS
The interesting part is what comes next. I’m building out a folder-based publishing workflow:
drafts/ → review/ → scheduled/ → published/No database, no admin panel exposed to the internet. Just files and git. I’ve got a list of automations I’m building: scheduled publishing, auto-commits, preview deploys, OG image generation, and more.
It’s a nice side project. Building my own lightweight CMS using the same tools I use for Merview and DollhouseMCP. Every piece I build here is something I can reuse elsewhere.
One thing I’m looking forward to: pulling the rendering and styling from Merview into this site. Code block styling, Mermaid diagram rendering. I built all of that already. I’m breaking Merview’s tools into library components I can integrate anywhere. Already doing it with another project, a simple IDE. This site will get the same treatment.
The Point
I can’t control whether someone on Hacker News or Reddit or anywhere else decides to be a good actor or a bad one. What I can control is what I build and deploy.
If someone had just sent me an email saying “hey, your old site is compromised,” I’d have fixed it or taken it down. Instead, they tried to score points.
To paraphrase Churchill: Yesterday my site may have been broken, but today it is fixed. He will likely remain a jerk.
I choose to fix the things I can and ignore the things I can’t.