Pi Wars T-54: Meta-blog
A quick diversion from the robot news to look at the machine that's bringing you all the news about what's going on.
I'm a habitual reinventer of wheels, and given that we're entering a competition about hacking on Rapberry Pis, having a blog hosted on someone else's computer seemed like a bit of a cop-out. I've played with web hosting on the Pi before, so I figured how hard could it be to host a simple blog?
Well... a bit.
In the olden days, websites were made by hand-writing HTML. This is extremely tedious and prone to errors, so some bright spark invented the Content Management System (CMS) - a handy dandy program which takes written content as input and generates HTML pages from it. These range from the extremely simple to the extremely complex, with a tradeoff between how much hassle it is to install, customise and use. Most CMSes use a scripting language and a database: content is saved to the database, then the scripting language builds various HTML pages from that content.
I've tried full-fat CMSes like Wordpress on the Pi before, but as all I need is a simple blog I wanted to go with something a little more lightweight. I eventually settled on Pico, a "no database" CMS which just uses files in directories for its content, has a gallery of some nice looking styles and enough plugins that I figured I could make it host a blog with an XML feed. Now I just needed something to host it on.
As a good Pi hacker I had a handful of Pies not doing anything, including a Zero W, which seemed like a good candidate for a machine which had to do nothing but connect to the internet. It's super low power, runs silently because it doesn't have a cooling fan, and has Wifi hardware onboard. I installed Pico and the blog and XML plugins, picked a nice template style, and plugged the phone charger into an unused socket under my bed.
It's currently been running in that exact location for...
165 days, at current count.
But where are the comments?
For any machine running 24/7 on my home network and exposed to the wider internet, security is a concern. The common CMSes are big targets for hackers because they often have ways for users of the website to enter data, which is a source of vulnerabilities. To avoid this fairly significant headache, after taking the recommended steps to lock down the Pi, I decided not to have anything hosted on the website that would take user input. There are no comments on the blog entries, and no admin interface (the login-protected page a CMS will host that lets the blog admin submit new posts without messing around with the content database directly).
As a result of this slight paranoia, when I want to publish a new blog post I write the content, add links and pictures to it, then shuffle the whole lot onto the Pi server over Samba and move it into the content directory. Didn't I say I like reinventing wheels?
- -PKM *