Hacking at 0300

nearlyfreespeech runs with safe mode and safe_mode_gid on, so you can't run shell scripts or other cool things. Usually that's not an issue, but if you do, they let you run CGI scripts, in any of a number of languages. You just have to treat it as a shell script, with a shebang notation of the proper language. There are a few caveats that took me a day to find out:

1. The correct program is /usr/local/bin/php-cgi (or whereever your server puts PHP), not /usr/local/bin/php. That is the command-line interpreter, which does not output the headers. You can manually do echo "Content-type: text/html\n" etc., followed by a blank line, but who wants to try to debug that?
2. The script has to be executable. You get a 500 Server Error otherwise. Do a chmod +x scriptname.cgi.
3. Scripts need the appropriate file and directory permissions to write to the server. Changing the permissions of the server directory is probably too insecure (though for safe mode it's the only way); it's better to set-uid the script, but then keep it under wraps.

So a sample CGI script would be:

#!/usr/local/bin/php-cgi
<?php echo "Hello, world"; ?>

in an executable file with a .cgi extension.

Note that FTP and SFTP can't set the setuid bit, so that if you upload the file (or edit it with an FTP-aware editor like Notepad++), you need to chmod 477 scriptname.cgi again.

I've learned some things about .htaccess, but mostly I've learned that programming it is deep black magic. The most important thing is "Don't use mod-rewrite unless you absolutely need to". All the fancy stuff is better off done by the PHP (or whatever language you're using) code.

Don't do:

RewriteEngine On
RewriteBase /
RewriteRule ^([^/\.]+)/$ /index.php?main=$1&part=$1 [QSA,L]
RewriteRule ^([^/\.]+)/([^/\.]+)$ /index.php?main=$1&part=$2 [QSA,L]

to map your site to your index page; do:

FallbackResource /index.php

And in index.php parse the $_SERVER['REQUEST_URI'] to get your page/subpage arguments. Much easier to debug!

And to use FallbackResource you need to be running Apache 2.2, so get a good web host.

I'm working on moving bililite.com to nearlyfreespeech.net; it's cheaper, more reliable and more hacker-friendly than 1&1. I'll write a post with my experiences and reasons later. But for now just the blog has moved to bililite.nfshost.com/blog, with the plan to move the domain registration for bililite.com to nearlyfreespeech when everything is working and then return the blog to bililite.com/blog. Moving it was straightforward, as I've done it before, but there are some subtleties: nearlyfreespeech runs with safe mode and safe_mode_gid on, so you have to watch file and directory permissions; SaraPin explains exactly how. WordPress loads with the group me and nearlyfreespeech's webserver runs with the group web, so you need to SSH into the account and change the WordPress directory with chgrp -R * web. The file permisssions should be 664 (writeable to self and group, readable to all) and the directory permissions should be 775 (writeable and executable to self and group, executable to all; under UNIX, getting a file from a directory is "executing" it), but the default WordPress installation does that.

If you don't know what that means, you probably shouldn't be using a d.i.y. host like nearlyfreespeech.

And now it works!

Almost. SexyBookmarks's images aren't loading when I use the new code, so I went back to the old version. It slows the page load down anyway, so I may take it off entirely.

And the rest of the bililite site is still at the old host, and some of the sample code (in /blog/blogfiles) uses that, so for now I have a line in my .htaccess to refer it back: RedirectMatch /blog/blogfiles(.*) http://bililite.com/blog/blogfiles$1.