The good news? Somebody wants to use my blogging engine. The bad news? Somebody wants to use my blogging engine

Over the 23 year history of mod_blog [1], I've given up on the notion of anyone other than me using it. There was only one other person who used it for just a few months before deciding blogging wasn't for him and that was way back in 2002. So it was completely by surprise that I recently received a bug report [2] on it.

Oh my … someone else is trying to use it.

I never did fully document it. And there are, as I'm finding, an amazing number of things I'm assuming about the environment, such as:

• That it's running under Apache [3]. I do make use of the environment variable $DOCUMENT_ROOT, which technically is Apache specific (per the CGI (Common Gateway Interface) RFC “The Comman Gateway Interface Version 1.1 [4]” as it's not documented there) and, as I found out over the years, the variables $REDIRECT_REMOTE_USER and $REDIRECT_BLOG_CONFIG. Other web servers might not define those, or might work differently. I don't know, I only have ever used mod_blog with Apache.
• How to configure Apache to run mod_blog. I wanted to hide the fact that I'm running a CGI program to drive my blog, not for “security-through-obscurity” reasons, but for “easy to understand and modify the URL (Uniform Resource Locator)” reasons. I think URLs like https://boston.conman.org/2023/01/19.1 looks much nicer than https://boston.conman.org/boston.cgi?2023/01/19.1 (and nevermind the hideousness of https://boston.conman.org/cgi-bin/boston.cgi?year=2023&month=1&day=19&entry=1 that it could have been). The other benefit is that if I ever do get around to making mod_blog an actual Apache module (which was my original intent) links won't break [5].
• As such, I use Apache's RewriteRule [6] to map all requests through mod_blog. The code base also assumes this as it relies upon the environment variable $PATH_INFO always being set, which isn't a given, depending upon how a CGI program is referenced via the web.
• The environment variable $BLOG_CONFIG is set to the configuration file. The configuration file can be either specified via the command line or stored in the environment variable. I added the environment to avoid having to embed the location in the executable or to expose the location in the query portion of a URL. And again, this comes back to the previous point—how to configure this under Apache (SetEnv [7] is the answer). I also have it set in my own environment (command line) as it makes it easy to test. It also makes it easy to fix spelling mistakes on the server as I can directly edit the files, which leads into the next point.
• All the files used by mod_blog are readable and writable by the program. My blog is, as far as I can tell, unique in that I can send in posts via email, in addition to a web page. Email support, for me, was non-negotiable. I get to use my preferred editor for writing, and by posting it via email, everything is handled automatically. I'm not aware of any other blogging system set up this way, and this is only viable because I run my own email server on the same box as my webserver.
• The issue becomes one of permissions. The web server runs as its own user. Email is delivered as the user of the recipient. Both can add new posts. I solved that issue my making mod_blog always run under my userid (it's “setuid” for the technically proficient). This means I don't have to make a bunch of files world writable on my server. I can make edits on the files directly as me. I can add entries via the web, email, or as a file from the command line (which mod_blog also supports).

And that's just off the top of my head. There's probably more assumptions made that I'm just not thinking of. It's issues like these where one can spend 90% of the time writing 90% of the code, and then spend another 90% of the time writing the final 10% of the code and documentation.

I'm also amused by the timing. Back in August, I removed a ton of optional code that I never used, and because no one else was using mod_blog, it was just sitting there untested. And now someone wants to use the code.

Heh.

But also, gulp! I've got 23 years of experience with the code, so I know all the ins and outs of using it. Documenting this? So someone else can use this? Good lord!

[1] https://github.com/spc476/mod_blog

[2] https://github.com/spc476/mod_blog/issues/1

[3] https://httpd.apache.org/

[4] https://www.ietf.org/rfc/rfc3875.txt

[5] https://www.w3.org/Provider/Style/URI.html

[6] https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewriterule

[7] https://httpd.apache.org/docs/2.4/mod/mod_env.html#setenv

Gemini Mention this post

Contact the author