modified: Wednesday 27 January 2016
Meta: Grand site unveiling
Welcome to my sinister alternate reality. Avoid squishing the cockroaches, they're unionising.
I wanted to put stuff up on the web. For years I've posted things on forums, but I wanted a bit more structure and centrality to some of the things I publish. A blog seemed like a good solution.
I considered using free blogging platforms such as blogger, but I didn't feel comfortable with the idea.
One of my biggest fears is lack of control. Google will only keep services such as blogger running as long as they are profitable. I've seen many free hosting sites disappear over the years, taking their content with them. These days we have luxuries such as the internet archive but still things like images and video files are often not mirrored. I should not rely on other people to keep my mess online anyway.
I used to use free hosting platforms to upload mods for games. I'm never going to see those mods (or many of those games) again. Too many things I love have been lost in the dark ages of the internet.
We're still in the dark ages. Many programs I used to use only a few years ago no longer exist or are broken. Many modern website platforms and backends are extremely complex systems with hundreds of dependancies. In a few years time it will be a large challenge to get many of them working again.
I decided that I should have more control over what I want to host. I can't afford to host a website with my own hardware (Australian internet is very expensive) but I can atleast run my own site on someone else's hardware. That way I have full control over the backend and can keep full backups of the site in a useful and working way.
The first few backends I played with really disenchanted me. Even the backends that appear to be really simple still drag in many dependancies. One example is ikiwiki, which looks really simple until you are trying to get it working on a remote host with a different perl stack. Several hundred megabytes of perl packages later I gave up. This was not control
I really questioned why I needed a 'backend' anyway. Static HTML is a wonderful thing. Unfortunately it does not allow discussion: commenting is a big step away from static HTML, as you need to implement a whole stack of things (such as registration and rate limiting) to avoid it being abused.
Services such as Disqus can provide remote comment hosting for you, but this is just as bad as using a service like Blogger in my mind. The comments are part of what makes a page useful. If they go, valuable information goes too.
The only solution I saw was to write my own site backend. About half a year ago, hidden in a remote mountain village in Greece, I started.
'Darksleep' is the name I've given the backend I have written for this site. It weighs in at less than a thousand raw lines of code, which is still much larger than I wanted, but it's far simpler than most things I looked at.
It handles comments, registration, throttling and page generation. Pages are generated as html files that the webserver serves statically. If the cgi scripts are disabled then the website still functions fine, but new comments and signups cannot be made.
The biggest selling point (atleast to me) is the list of dependancies:
- a webserver that can handle CGI
- a working filesystem
That's it. No SQL, no thousands of perl packages, no fancy new languages, nothing that you won't find on a decade old *nix system.
It won't be the fastest or most efficient website ever written, but I don't care. When speed becomes a problem I might rewrite some of the backend in something faster than bash, or consider a relational database, but I will fight to avoid that.
Code style is a difficult topic for shell languages, especially since there are so many slightly obscure things that need to be done to for security. I don't have a clue if other people can read my shell scripts :)
Once things are a bit more stable I'll throw the backend's source online and write instructions for its usage (and troubleshooting, because all backends break). Hopefully someone other than me will like it.
User information is stored in a simple filesystem-based database, where filenames are keys and their contents are the data. Passwords are hashed & salted and a few other precautions are made, but I won't be promising data security.
This particular website runs on a shared hosting platform and does not (yet) use https.
My favourite web-browser key shortcut is to disable CSS. Magically websites that try to hide their information (or display it in a fancy animated way) work better.
A big experiment is the login process: there is none. Every request you make (eg posting a comment) requires a copy of your usename and password. Most web-browsers autofill these so it's no different from the user's point of view than a login cookie, however some users may not have password autofilling available. I'll have to see how things go.
Posts about things I repair and break. The end of civilisation.
Fixes to the backend too :)