security

It's a good day when you get to create and use a variable called $misbegotten_children when patching a plugin to work with PHP5. Too bad the CSS is so hosed as to make it an unworkable plugin; a few tweaks here and there and we'll have threaded comments for everyone!

Time sure flies when you're buried under an avalanche of work. I'm trying out a new theme for June, called Tiga. I think it's pretty good looking, for a theme, and I like how it organizes the different blog sections.

Created November 27th, 2005

I've decided the Drupal experiment did not work out. I don't have enough time to absorb the complexity of Drupal, and it is irresponsible to tweak my security settings when I don't even understand how Drupal is interacting with them.

Wordpress is what I'm looking at now. It's a lot less complicated than Drupal and can do most of what I want it to. While I still have to tweak my security settings, the smaller number of files means that I can see why and understand what is going on between Apache and Wordpress when mod_sec throws an error (usually a 501).

I've been playing around with Drupal on this site (on the back-end, naturally). I really like its modularity. Amusingly, I'm running into security problems when trying to do various Drupal administrative tasks, indicating that my Apache app firewall's rather paranoid settings are finally coming back to bite me. I initially slapped together a config file for the security module that had no subtlety, intending to return to it to fine tune it.

I converted my entire site to PHP, which doesn't really mean much, since it'll render as XHTML to everyone who doesn't have access to my server. But aside from a couple of broken links, it worked straight off: dynamic navigation through a PHP-generated menu, content served from a separate html file, and I've enabled UTF-8 as the default charset in Apache, so my umlauts show up correctly.