I'm doing considerable work in Movable Type with our big-time installation that serves up hundreds of blogs, many of which actually have more than a few readers.

So I figure I should be able to set up my own server on a local network with the open-source version of Movable Type. That way I'll have a better feel for what's going on at the server level. I've already fooled around a bit with Apache in OpenBSD and Debian. I had no problem getting a static Web site up and running.

To run Movable Type, besides Apache, you need MySQL ... and you need to configure everything. Apache must be set up to run CGI scripts. A MySQL database needs to be created. Everything has to be in a certain place, with certain permissions and certain users.

I'll just put it right out there: Movable Type doesn't have anything even remotely approaching the amount of documentation needed to get an installation up and running. The fact that they dump you off to the Apache Web site for that part of the install, then send you to MySQL for that part, and to the PHP site for that part of the installation.

I guess the implication is that you need to get your shit together as far as the server goes, then you can layer Movable Type on top of it.

And just what is Movable Type, anyway? Yes, it's a blogging application, but it's not a monolithic executable file. You don't download a different version for Linux, Unix or Windows. What?

It looks like Movable Type is a whole bunch of HTML coding and other various scripts that draw their real power from the Web server, database and other scripting languages on the system.

This isn't much of a revelation for those of you who know what you're doing, but the whole point of this blog, for me anyway, is to actually try to learn something. Lots of somethings, really.

For some reason I thought that Movable Type would be able to walk me through all the various tasks I would have to do to go from nothing to a full blogging platform. Not so much.

So how did I do? I already had Apache 2.2 on a fresh Debian Etch install. I used Synaptic to get MySQL. I downloaded the Movable Type files.

Here's my problem. I just don't know enough about Apache. And I'm not all that crazy about the documentation on the Apache site. I needed to move the DocumentRoot. I'd already done so once before, and I finally was able to do it again.

As far as setting up CGI, I had all the scripts ready to execute with chmod 755, and I tried to get Apache to let me run them. I just couldn't make it happen. I had a cgi-bin directory, and I pointed to it with ScriptAlias ... but I just couldn't get a script to run.

Part of the confusion, for me anyway, is that I don't know why there's both apache2.conf and httpd.conf. And with httpd.conf being pretty much empty, I'm wondering why both of these files exist and which one should contain which configuration information. I swapped stuff between them, starting and stopping Apache in the interim to test the cgi scripts. (I did apache2ctl stop and apache2ctl start).

I had already created a database. I barely know how I did it. I'll use phpMyAdmin next time to make it all easier.

What I really need is a good LAMP server book to walk me through all this.

I'm not giving up. I will start from scratch next week, starting with a fresh Linux install and doing things in a somewhat more methodical manner: install Apache, get CGI working, install MySQL, create database (hopefully I'll get that right), install PHP, install Movable Type files. Hopefully with CGI working I'll be able to actually set the damn thing up.

Clearly I need a book that covers Apache 2.2, PHP and MySQL.

Posted by Steven Rosenberg at 5:00 AM | Permalink | Comments (2)

I've made a few changes in my spam-fighting techniques for Movable Type 4. I had the spam filter set at +3, but just about every "legitimate" comment was ending up in the spam file.

I changed the spam-filter setting to +2, and now I'm getting only a few obvious spam comments per day in the "non-spam" comment area (none of them are published until I do so manually, so it's not like all the effort behind sending out this large volume of spam is doing anything for those foisting it upon me).

And I think I figured out why some legitimate comments are ending up marked as spam: fake e-mail addresses. I'm not sure why Movable Type asks you for your e-mail address and Web site (as if every one of us even has a Web site ...), but the system appears to check whether or not the e-mail address supplied by a commenter is legitimate. If it's not, you can guess what happens (the comment is marked as spam).

So all those commenters who think they're being clever by not providing their real e-mail address -- NOBODY but me sees it, by the way -- all it does is get your comment routed to the spam file, where I can usually recover it before it gets automatically deleted. But still ...

Anyhow, since I'm habitually checking the spam comments for legitimate comments that are stuck in there, I started DELETING the spam comments after I check them. I was running up 2,000 spam comments per five days (the length of time I have them set to remain in the system). Since it's so easy and quick to erase ALL spam comments (there's a button for it -- and did I forget to say it's fast?), I've been getting rid of the spam as soon as I check it. It makes it way, way easier to check the spam the next time -- and it takes a load off of the system as well.

So in a nutshell, I've "weakened" the spam filter slightly, but I'm also zapping the spam myself instead of letting the system do it automatically. Less spam means plucking your comment out of said spam, should it land there, is much easier.

So far, this is working for me. ... I'll probably have the whole thing nailed down by the time we go to Movable Type logins for commenters.

Posted by Steven Rosenberg at 5:00 PM | Permalink | Comments (0)

Remember yesterday (I remember it like it was yesterday, which it was) when I I thought I had the spam problem in Movable Type 4 under control? Well, today I find about five obvious spam messages -- with URLs and everything -- in the non-spam comments.

And worse, a comment from an AUTHENTICATED TYPEKEY USER was marked as spam? If anything, a Typekey comment should post immediately -- that's how I have the system set. I immediately marked the commenter as "trusted," which means his future comments should have no problem getting posted.

But how could the MT spam filter let me down that way? A Typekey comment? I repeat: A TYPEKEY COMMENT. Unbelievable.

Obviously, I'll need to keep an eye on the situation.

Posted by Steven Rosenberg at 12:00 PM | Permalink | Comments (0)

We currently have comments on most of the Daily News blogs set to accept both "anonymous" comments -- meaning from just about anybody -- as well as Typekey-authenticated comments. And we haven't yet made the move to Movable Type-authenticated comments (see -- you have a lot of choices in MT 4 ... and while confusing, it's nice to have options), but that's where it's going, I'm told.

I was about to turn off anonymous comments, but then I got a sweet Distrowatch link about a week ago, bringing quadruple to quintuple the usual traffic, and I didn't want to shut potential commenters out.

I realize that many people might not want to sign up with Typekey, and entering a comment while logged into the Typekey system is confusing (the name, e-mail address and url boxes remain after you're logged in, but they SHOULDN'T BE filled out), and I'm pretty much waiting for the Web-biggies here to get the Movable Type login comments working.

So I decided to try adjusting the spam filter once again. Under Preferences -- Blog Settings, click on Spam, and see what your spam filter is set at. All of ours default to 0. I started with +4, but that caught too many legitimate comments, and I finally settled on +3. That flags most of the spam as spam, which I have set to delete when it gets 5 days old. That way I can quickly scan the spam to see if any legitimate entries got caught in the filter. But I don't have to do anything to the 99.99 percent of spam comments that I don't want on the system -- they just go away when they reach the age of 5 days.

So far, the only spam to get through has been these weird Obama entries that don't have a URL embedded in the comment (unlike 99.999 percent of the other spam). I suppose that the only problem is that "real" commenters who include URLs of any kind in their comments might not make it past the filter, but that's why I quickly scan the spam (Under Manage -- Comments, click on Spam Comments on the right side of the screen to see them -- and make sure you have your "view" set up for 100 rows with "action" buttons enabled on top and bottom, so you can restore/delete at the top or bottom of the long list).

And anybody who absolutely, positively must put URLs in their comment can sign up with Typekey and leave an "authenticated" comment. Right now, those go right through (though that parameter is also modifiable in MT 4).

I no longer spend a considerable chunk of time marking comments in "nonspam comments" as the spam they truly are. The easy change in spam-filter from 0 to +3 has taken care of it for me.

Posted by Steven Rosenberg at 3:00 PM | Permalink | Comments (0)

Not so great, but not totally unmanageable. Still, that's a lot of spam, I might consider Typekey-only comments in the very near future ... until we implement Movable Type registration.

Posted by Steven Rosenberg at 10:30 PM | Permalink | Comments (2)

The fact that a tutorial is needed speaks friggin' volumes. It took me all of yesterday (and about 10 unneeded rebuilds of this blog) to figure it out. Basically, if you are signed up and logged into Typekey, you shouldn't enter name, e-mail address and URL. Then the system will accept your comment as "authenticated" by Typekey. And if you appear to be logged in but the confirmation screen says you need to fill in the name and other fields, just go backward, log out and log in again, and it will work.

Needless to say, we're moving away from Typekey and toward the new Movable Type comment verification system (which is currently in use on our most popular Daily News blog, Inside USC).

Posted by Steven Rosenberg at 10:00 PM | Permalink | Comments (0)

Los Angeles Newspaper Group guru Josh Kleinbaum got the comments flowing once again to Click, but the spam is hitting pretty hard, too, so who knows what will happen.

The biggest change in the insidesocal.com blogs is the removal of the IP block that shut all of Europe out of these blogs; not a good thing when you write about Linux and other free, open-source software, which I've learned is way bigger in Europe than it is here.

In any event, I'd like to welcome back the many European readers who can now see these entries. I apologize for the blackout and hope it's the last time something that drastic will ever happen again.

I'm hoping that the blog administrator(s) will be beefing up the comment security, possibly with CAPTCHAs ("word-verification," as Blogger calls it; or "squiggly words" as most normal people know it).

Two things against CAPTCHA -- the blind hate it, and there are clever spammers who get unwitting people to type in the CAPTCHAs for them by showing free porn and requiring the porn-watchers to type in CAPTCHAs of other blogs that are funneled to their screens in order to, ahem, keep the porn flowing. It's ingenious; I don't know how easy it is to do this, or if it's anything more than a myth, but it would be sad to lose yet another way to keep comments spam-free, although it's a very clever (yet malicious) hack just the same. Here are some articles on it:

Boingboing: Solving and creating captchas with free porn

ZDnet UK: Spammers use free porn to bypass Hotmail protection
Sitepoint: The end of CAPTCHA?

Posted by Steven Rosenberg at 4:00 PM | Permalink | Comments (0)

I have to confess, I didn't understand half of what Dana Blankenhorn is saying in this ZDNet blog entry, Has Movable Type Gone Open Source Too Late?

I get that just about everybody things WordPress is better, and I've had plenty of my own problems with Movable Type. And I get that Google's Blogger product isn't getting the heat and light that's both warming and shining on WordPress, but I think all three platforms are pretty darn healthy at the moment.

I use all three services. Google has done a whole lot to improve Blogger -- setting up the blog the way you want it is easier than ever. I'm enjoying WordPress, especially the built-in stats, which I think Blogger should add immediately. (And no, I haven't tried Google Analytics; they should integrate it with Blogger if that's what they want you to use).

And as I've said, Movable Type 4.01 represents a huge leap over the old version. There are plenty of big companies beating the shit out of it -- we've got so much blog content on MT, it's dizzying. And MT must've really had something to offer to get BoingBoing to move to their system instead of WordPress. I'd like to find out the real story behind that.

I guess what I'm saying is that there are no losers in this game ... among the big 3. I'm sure Yahoo and AOL have blogging services, but who's even heard of them in the past few years?

And we can't count out the blogging functionality inherent in MySpace and Facebook. That's huge, to be sure.

So here's my take: Blogging has so jumped the shark that now we can focus on what it brings to human discourse: the best way yet to create, organize and present information on the Internet.

There, I've said it. Or can I just say "I blogged it"?

Posted by Steven Rosenberg at 12:00 PM | Permalink | Comments (0)