On a more serious note though, anyone have any idea why web has become so complicated? When I'm programming for web, I honestly rarely ever enjoy myself because it just seems overly-complicated. I feel like it's more battling with tools/frameworks than actual solving programming problems.
At a guess I'd say that people invent new frameworks to address problems with old frameworks, but actually end up writing something with most of the same old problems and some new ones to boot. Then others write frameworks to address those problems.
Nobody actually goes back to first principles, doing a clean rethink. That's something I want to address with the HMNv2 codebase. It'll provide the necessary FCGI interfaces, robust string handling primitives, threading, hot reloading and a few other bits and bobs.
One of the ways to bake security in from the start is to have data tagged so we can do taint propagation analysis. That's normally a bit expensive, but we can do things much more efficiently in C than in Python or PHP. So, at the end of the day we can implement all of the same logic while tracking where data comes from and where it goes to, and still come out on top.
This means for example you can have an assert fire if you give a string formatting (for templating) procedure some data that hasn't been cleaned yet. If you can run it in debug without asserts firing, you have pretty good idea data isn't going where it shouldn't.
You can even extend this idea by tagging pieces of data with access requirements. When you retrieve a post for example, the IP address could be tagged as being for admins only. Try formatting it for output to a regular visitor, an assert hits. Essentially you can bake part of your policy into the low-level primitives you use to manipulate data, making it really hard to do something unsafe.
Taking that a bit further still, one could imagine that if you can track data through the application and know which user permissions are needed to access it, template caching could be a whole lot smarter.
Anyway, it remains to be seen if that taint propagation stuff will actually pay off, or if it'll end up getting in the way so much we'll end up ditching it. Point being we'll be implementing just the basics you need for any web application. From there it's just backend programming just like any other C program, and the scaffolding is in place to cheaply try things that are actually new and might be useful. If an existing framework has a good idea we can of course reimplement it in C.
TL;DR: Do we want to implement things just because they're in existing frameworks, maybe make them a bit nicer to use, or do we first want to examine whether it's a good idea to begin with?