Maui County Council, Boy Scouts Of America
Scouting In Paradise



About This Website: Technical Details

The Short Version: This site uses the Apache webserver to deliever content from a small number of static HTML files, and a mix of Perl and PHP CGIs. The CGIs are used to deliver a calendar, news, and a photo gallery. The photo gallery CGI uses MySQL 5 to store the data. The static pages and CGI HTML templates share a couple of cascading style sheets (CSS) to maintain a consistent format. The pages, templates, and CSS were all created using plain text editors such as vi and BBEdit. The site is hosted on a 2009 vintage Mac Mini(1) running OS X 10.6, situated on a 8/1.4MB DSL connection.

The Long Version: This website is mostly comprised of static pages written by our Scouts to fulfill a requirement of the Communications Merit Badge in 2004. It is served using Apache, a full featured web server that comes built into OS X. In 2007, the site was redesigned using cascading style sheets (CSS). This made the format of the static pages a bit easier to maintain and update. The use of CSS also enabled us to add a menu navigation feature without the need for JavaScript(2). A template page was created, which included the headers, menu code, and footers. This allowed the legacy Scout-created content to be cut and pasted into a new site design, and provided a starting point for any new pages we wanted to create, such as this one(2).

Eventually, keeping the Troop calendar, news, photo gallery, and address book manually updated became too unwieldy, and we resorted to off-the-shelf Common Gateway Interface (CGI) programs to handle these more dynamic pages. We use a suite from Fuzzy Monkey (My Calendar, My Address Book, and My Blog) which have the advantage of being relatively simple to configure, and - thusfar - secure(3). The photos are served by the GalleryProject CGI, and drawn from a MySQL 5 database.

We initially posted the Troop's email address on the site, with the result that it soon ended up on many a spammer's address list. We replaced it with a web form and the nms form mail CGI(4). This allowed us to hide the Troop's current email address.

The static pages and CGI templates were originally written manually, using whichever text editor suited the author of a particular page. The webmaster favors vi and BBEdit. BBEdit includes HTML templating abilities that we'll be making more use of in the future, if only to simplify updating the CSS menus on all of the static pages.

Pages can now be created and edited on-line via the CGIs editpage.cgi (slightly modified to only create new pages), and HTML-On-The-Web (HOW), respectively.

Security: A number of pages are private to the Troop, including the address book, and the administrative portions of the calendar, photo gallery, and blog. A conventional .htaccess/.htpasswd security system is used, which enforces a username/password. Administration of the usernames/passwords is handled using htedit, which is no longer available. At some point, the administrative access will be tunneled through SSL.

Performance: The site is linked via an ADSL connection using a static address. Although the static portions of the site and the visitor portions of the CGIs worked well on older PowerPC Macs, performance within the administrative portions of the CGIs wasn't very satisfactory(5) until the site was rehosted on a used Mac Mini (2GHz Core 2 Duo, 8GB RAM). The web host recently relocated, and this site is currently served from Australia. Whether the increased packet latency will noticably affect the user (or administrator) experience remains to be seen.

Footnotes:

(1) The site has been hosted on a series of used Macs: a PowerMac 6100 running Linux, a PowerBook G3, a iMac G3, a dual 500MHz G4 tower, a Core Solo Mac Mini, and currently a Core 2 Duo Mac Mini.

(2) Menus can make a site easier to navigate, at the expense of making the web pages' HTML more complex. However, the CSS-based menus are no more complex than the simpliest JavaScript menus, don't depend on a user having JavaScript enabled, and degrade gracefully if the user's browser doesn't support CSS.

(3) My Blog allows comments, but lacking a moderation feature, is susceptable to comment spam. However, it includes an administration interface which makes it easy to delete a comment. In We previous hosted photos using My Gallery, but we discovered a security hole, and the lack of comment spam handling finally moved us to rehost using the Gallery Project CGI.

(4) The nms formmail cgi can be configured to forward mail to one or more addresses hardcoded into the CGI, which saves a lot of hassle when a spammer eventually detects your email contact page. nms formmail was designed as a replacement for the very common - and very insecure - FormMail CGI from Matt's Script Archive. Do Not Use Matt's FormMail on a public webserver. Trust us when we say that it will be discovered, and used to relay spam.

(5) Particularly the Gallery Project, which leans heavily on GraphicsMagick for photo resizing and rotations.