Using MovableType? 55
piecewise asks: "Everyone seems to be using a Webblog these days and I'm interested in getting my company into it in a big way. We have three web servers and use Akamai to keep the website cached and happy. How many Slashdot readers are webloggers? Have you used MovableType, on a large scale? Are there any security issues? Security's very important. Is there a solution to the 'cache problem'? In other words, as people input messages, might the data running across the net become out-of-sync? Thanks for any thoughts/experiences."
Look at the requirements again (Score:5, Interesting)
(Implementing a weblog in Domino is pretty trivial. I've done it for myself.)
As it is, it sounds like you've found a Golden Hammer--you already know you want to use it as the solution, you just need to work out how to get it to fulfil those pesky requirements...
((Disclaimer: I work for IBM.))
I have no probs recommending it (Score:5, Interesting)
The advantage to MT is that it can store the info in one of 3 different databases (including a local file if you don't have SQL of some sort) and the only time the Perl application is accessed is when you're either adding a new entry to the blog or when someone is posting a comment. Everything is generated as HTML so when a user views the page, they're not calling any scripts. Keeps overheads down and allows for bigger sites on smaller servers.
Caching I found an issue. The HTML is static. So I quite often had to manually tell Squid to refresh the site if it was getting updated lots and I wanted to see those updates.
Multiple authors per blog is useful. Its pretty decent as far as permission system goes. I dislike the fact that a user can make certain changes (such as altering where on the file system their blog gets created) but this can be turned off simply enough with only minor loss of functionality to the end user themself. Then again, what they don't know they could've had, they won't miss.
Security isn't so bad. You can use HTTP authentication to stop the users getting in to the directory with the Perl app and then their username/passwd to access the prog itself. This gets complicated if you want to permit comments. However, Security concerns are few and far between. 2.64 takes care of all known bugs and when bugs are announced, a patch is pretty quickly released.
Remember, the average Joe doesn't need to even get near the Perl application if you disable comments. All they get is straight HTML.
People complain about the CSS and so on. I haven't had a problem with this myself. I found it pretty simple to modify the entire look and feel. The template structure is pretty straight forward and expandable. Adding something like a WAP
Hunt around, there are a heap of plugins for it. Including plugins that allow you to use WikiWord formatting and more.
While it was of use to me, it suited my purposes very well. Its very quick and scalable. I had about 30 blogs plus a news page running from the single install on a P200. Because the Joe is getting HTML and not running the Perl scripts to generate it every view, it doesn't need a major box.
Re:A security issue to watch for (Score:3, Interesting)
Here's the output of on the HTML directory of one of my blogs. The web server is apache running on a virtual server, so it runs as me:
drwxr-xr-x 3 hbo vuser 512 Jun 30 04:56
drwx--x--x 12 hbo vuser 4608 Jun 1 17:53
drwxr-xr-x 2 hbo vuser 512 Jun 30 04:56 archives/
-rw-r--r-- 1 hbo vuser 1890 Jun 30 04:53 archives.html
-rw-r--r-- 1 hbo vuser 48947 Jun 30 04:56 index.html
-rw-r--r-- 1 hbo vuser 8520 Jun 30 04:56 index.rdf
-rw-r--r-- 1 hbo vuser 5497 Jun 30 04:56 index.xml
-rw-r--r-- 1 hbo vuser 521 May 5 03:42 rsd.xml
-rw-r--r-- 1 hbo vuser 5105 May 8 11:43 styles-site.css