* * * * *

    The good news? Somebody wants to use my blogging engine. The bad news?
                   Somebody wants to use my blogging engine

Over the 23 year history of mod_blog [1], I've given up on the notion of
anyone other than me using it. There was only one other person who used it
for just a few months before deciding blogging wasn't for him  and that was
way back in 2002. So it was completely by surprise that I recently received a
bug report [2] on it.

Oh my … someone else is trying to use it.

I never did fully document it. And there are, as I'm finding, an amazing
number of things I'm assuming about the environment, such as:

* That it's running under Apache [3]. I do make use of the environment
 variable $DOCUMENT_ROOT, which technically is Apache specific (per the CGI
 (Common Gateway Interface) RFC “The Comman Gateway Interface Version 1.1
 [4]” as it's not documented there) and, as I found out over the years, the
 variables $REDIRECT_REMOTE_USER and $REDIRECT_BLOG_CONFIG. Other web
 servers might not define those, or might work differently. I don't know, I
 only have ever used mod_blog with Apache.

* How to configure Apache to run mod_blog. I wanted to hide the fact that I'm
 running a CGI program to drive my blog, not for “security-through-
 obscurity” reasons, but for “easy to understand and modify the URL (Uniform
 Resource Locator)” reasons. I think URLs like
 https://boston.conman.org/2023/01/19.1 looks much nicer than
 https://boston.conman.org/boston.cgi?2023/01/19.1 (and nevermind the
 hideousness of https://boston.conman.org/cgi-
 bin/boston.cgi?year=2023&month=1&day=19&entry=1 that it could have been).
 The other benefit is that if I ever do get around to making mod_blog an
 actual Apache module (which was my original intent) links won't break [5].

* As such, I use Apache's RewriteRule [6] to map all requests through
 mod_blog. The code base also assumes this as it relies upon the environment
 variable $PATH_INFO always being set, which isn't a given, depending upon
 how a CGI program is referenced via the web.

* The environment variable $BLOG_CONFIG is set to the configuration file. The
 configuration file can be either specified via the command line or stored
 in the environment variable. I added the environment to avoid having to
 embed the location in the executable or to expose the location in the query
 portion of a URL. And again, this comes back to the previous point—how to
 configure this under Apache (SetEnv [7] is the answer). I also have it set
 in my own environment (command line) as it makes it easy to test. It also
 makes it easy to fix spelling mistakes on the server as I can directly edit
 the files, which leads into the next point.

* All the files used by mod_blog are readable and writable by the program. My
 blog is, as far as I can tell, unique in that I can send in posts via
 email, in addition to a web page. Email support, for me, was non-
 negotiable. I get to use my preferred editor for writing, and by posting it
 via email, everything is handled automatically. I'm not aware of any other
 blogging system set up this way, and this is only viable because I run my
 own email server on the same box as my webserver.

* The issue becomes one of permissions. The web server runs as its own user.
 Email is delivered as the user of the recipient. Both can add new posts. I
 solved that issue my making mod_blog always run under my userid (it's
 “setuid” for the technically proficient). This means I don't have to make a
 bunch of files world writable on my server. I can make edits on the files
 directly as me. I can add entries via the web, email, or as a file from the
 command line (which mod_blog also supports).


And that's just off the top of my head. There's probably more assumptions
made that I'm just not thinking of. It's issues like these where one can
spend 90% of the time writing 90% of the code, and then spend another 90% of
the time writing the final 10% of the code and documentation.

I'm also amused by the timing. Back in August, I removed a ton of optional
code that I never used, and because no one else was using mod_blog, it was
just sitting there untested. And now someone wants to use the code.

Heh.

But also, gulp! I've got 23 years of experience with the code, so I know all
the ins and outs of using it. Documenting this? So someone else can use this?
Good lord!

[1] https://github.com/spc476/mod_blog
[2] https://github.com/spc476/mod_blog/issues/1
[3] https://httpd.apache.org/
[4] https://www.ietf.org/rfc/rfc3875.txt
[5] https://www.w3.org/Provider/Style/URI.html
[6] https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewriterule
[7] https://httpd.apache.org/docs/2.4/mod/mod_env.html#setenv

Email author at [email protected]