Thursday, January 19, 2023
The good news? Somebody wants to use my blogging engine. The bad news? Somebody wants to use my blogging engine
Over the 23 year history of mod_blog,
I've given up on the notion of anyone other than me using it.
There was only one other person who used it for just a few months before deciding blogging wasn't for him and that was way back in 2002.
So it was completely by surprise that I recently received a bug report on it.
Oh my … someone else is trying to use it.
I never did fully document it. And there are, as I'm finding, an amazing number of things I'm assuming about the environment, such as:
That it's running under Apache. I do make use of the environment variable
$DOCUMENT_ROOT, which technically is Apache specific (per the CGI RFC “The Comman Gateway Interface Version 1.1” as it's not documented there) and, as I found out over the years, the variables$REDIRECT_REMOTE_USERand$REDIRECT_BLOG_CONFIG. Other web servers might not define those, or might work differently. I don't know, I only have ever usedmod_blogwith Apache.How to configure Apache to run
mod_blog. I wanted to hide the fact that I'm running a CGI program to drive my blog, not for “security-through-obscurity” reasons, but for “easy to understand and modify the URL” reasons. I think URLs likehttps://boston.conman.org/2023/01/19.1looks much nicer thanhttps://boston.conman.org/boston.cgi?2023/01/19.1(and nevermind the hideousness ofhttps://boston.conman.org/cgi-bin/boston.cgi?year=2023&month=1&day=19&entry=1that it could have been). The other benefit is that if I ever do get around to makingmod_blogan actual Apache module (which was my original intent) links won't break.As such, I use Apache's
RewriteRuleto map all requests throughmod_blog. The code base also assumes this as it relies upon the environment variable$PATH_INFOalways being set, which isn't a given, depending upon how a CGI program is referenced via the web.The environment variable
$BLOG_CONFIGis set to the configuration file. The configuration file can be either specified via the command line or stored in the environment variable. I added the environment to avoid having to embed the location in the executable or to expose the location in the query portion of a URL. And again, this comes back to the previous point—how to configure this under Apache (SetEnvis the answer). I also have it set in my own environment (command line) as it makes it easy to test. It also makes it easy to fix spelling mistakes on the server as I can directly edit the files, which leads into the next point.All the files used by
mod_blogare readable and writable by the program. My blog is, as far as I can tell, unique in that I can send in posts via email, in addition to a web page. Email support, for me, was non-negotiable. I get to use my preferred editor for writing, and by posting it via email, everything is handled automatically. I'm not aware of any other blogging system set up this way, and this is only viable because I run my own email server on the same box as my webserver.The issue becomes one of permissions. The web server runs as its own user. Email is delivered as the user of the recipient. Both can add new posts. I solved that issue my making
mod_blogalways run under my userid (it's “setuid” for the technically proficient). This means I don't have to make a bunch of files world writable on my server. I can make edits on the files directly as me. I can add entries via the web, email, or as a file from the command line (whichmod_blogalso supports).
And that's just off the top of my head. There's probably more assumptions made that I'm just not thinking of. It's issues like these where one can spend 90% of the time writing 90% of the code, and then spend another 90% of the time writing the final 10% of the code and documentation.
I'm also amused by the timing.
Back in August,
I removed a ton of optional code that I never used,
and because no one else was using mod_blog,
it was just sitting there untested.
And now someone wants to use the code.
Heh.
But also, gulp! I've got 23 years of experience with the code, so I know all the ins and outs of using it. Documenting this? So someone else can use this? Good lord!
