Ket's Site

Welcome to my little corner of the internet. It is essentially just a microblog.

If you wish to follow my ramblings you can sub via RSS, Twitter or Mastodon.

Viewing Post

Meta > Filesystem Blog: Hello Web

19/11/2019 22:00

A few weeks back the laptop that I had set up for programming died. I still had my ‘gaming’ laptop, however that has none of the tools I use for development on it, no ssh keys and so on. Deciding it would be more effort than its worth to set up my environment only to have my new (second hand) laptop arrive in the post once everything is configured to my liking, I chose to wait.
Well, computer games get boring quickly and I wanted to do something else, so I opened up notepad and I designed this little website, attempting to make something that looks like a pad of paper. I was rather pleased with how the simple look turned out so decided to publish it here. [img][/img]

Once my new laptop arrived I initially made a small site using PHP and SQL, however I have done this exercise many times before and it was a little boring. To make a change I decided to build a site that uses standard files and directories to store posts, comments and other information, rather than the normal database. At this point it may have just been wise to create a static site without the need for any PHP at all, but I wanted it to be a little more interactive with comments and maybe some other things in the future, so here we are; besides where is the fun in using something that just works when you can have the fun of putting it together? In the process of creating this site I learnt a couple of things as well, and also had to ask myself a few questions, such as:

Is this secure?
Whereas with an SQL database where I am used to using a product that has already had a lot of thought put into security, plus a community of people constantly reviewing, and fixing security holes. For instance fixing bugs giving users the ability of accessing data they shouldn’t have access to. I am a little concerned that my PHP script that just searches though a folder full of posts may give a hacker a means to request files outside of the ‘posts’ directory, maybe by requesting the URL, for example. To help alleviate this concern I strip all ‘.’ characters from URLs when I am processing them. I am also only reading files with the extensions ‘.post’ and ‘.comment’ so that even if somebody did find a way to escape my posts directory they would not be able to just read any file they please (in theory).

Is it fast enough?
With databases there has at least been some time and thought put into the optimal way to sort things so that they can be accessed nice and quickly. This site is very primitive, and scans every file in every subdirectory of the posts directory when a page is loaded to find the small handful that we need to display. This is, of course a pretty slow way of doing things, and it will only get worse as the site grows. At some point I will add some basic caches to speed things up a bit, but for now I am not really bothered about the speed of this silly personal site.

I have also learnt a frustrating lesson on filesystems. Before I made this site I was unaware that there is no simple uniform way of accessing file creation or ‘birth’ times on a standard Debian setup and an EXT4 filesystem. It would have been ideal for the script to take post creation and modified times straight from automatic data on the text files themselves, but this isn’t a huge issue or something to get hung up on, I have simply resorted to storing these dates in the file names instead.

The outcome of this little project can be found on GitHub, and anybody is free to modify, use and share it under the GPLv3 licence.


Leave a Comment



Email: (This will not be made public.)

Privacy Policy (For subdomain

This site does not use cookies.
We do not share any information from your time on this site with any 3rd parties.
If you comment on this site we store your name and email address (if provided). If you wish for your comment(s) to be removed please email ket AT from the email address you provided and we will be happy to comply.


Copyright (c) 2019 - 2021 Alexander Theulings
The copying and redistribution of this page and any images or additional content on it is not allowed unless explicitly stated by or on the resource or unless written consent is given.
A picture of Freki.