Present Perfect

Last Thursday I went to the Daydream festival here in Barcelona. Basically, it was built around Radiohead performing here. Now, I rarely miss an opportunity to go see Radiohead play if they stop close by, so this wasn't going to be an exception. Radiohead is one of the few artists to always lay down a solid live set, and usually enough surprises in it. Through the years I must have seen them a dozen times, starting with the triple-priced tickets I paid to see them play to 500 people when I was 18 (I paid a double-priced tscalper ticket and half of a friend's who was going to not go in because of the price - imagine that) I stayed an extra day in Barcelona, and got a combi ticket to this festival and Summercase, and - as usual - looked for music by bands that were going to play that day and created a Rhythmbox playlist at work.

On the whole, though, the festival was a bit of a let down (no pun intended). I really liked Bat For Lashes on album, but live they weren't very convincing. Again I tried to give Liars a chance - they seem the kind of band I should have every reason to like, from having weird album titles, the indie aesthetic, the direction changes, and the uncompromising approach, to having a band leader that "hit it off" with Karen O (Yeah Yeah Yeahs) - who strangely featured in a rather erotic dream I had, even though she's not really my kind of girl - in the end all their uncompromisingness just ends up being really really boring to sit through. Drum's not dead, as an example, just doesn't grab me.

By far the biggest problem with Spanish festivals I've been to (most of which have been at the Forum) is the terrible sound. The speaker towers they set up just do not have the power to bring a festival to life. I was standing somewhere on the 15th row during Radiohead and it was as if I was watching YouTube. None of the dynamics that make their songs stand out made it through the sound mix. It was truly painful to watch.

It might be that this is because, as I've been told, electricity at the Forum comes from solar panels. So maybe they just don't have enough juice. Or, maybe it's because Radiohead makes a cool 1 million euro out of this concert (so I've been told, just as I've been told that Movistar really really wanted them there and paid the 1 million euro without being sure they would be recouping their investment - my money is on them losing money on it). And I guess it's also no dumb luck that most big bands travel the world with a Belgian company handling their stage and sound. But either way, it's depressing to pay 70 euros to see Radiohead then walk off in the middle of their set just because drinks seem more interesting than the band on stage.

It's been a while since I've seen them play anything off Pablo Honey, and this time was no exception. But they did surprise me by playing The Bends and Planet Telex (possibly my least-liked song off The Bends, though I might have to reconsider, and in hindsight it's the missing link to OK Computer, sharing much of its dynamics with Airbag). Though, again, with the sound setup they were barely limping along.

Rematch at Werchter, guys ? I have my 4 day ticket in my wallet, and my age forbids me from camping, so I hope to score a journalist's parking card, but I am ready. I hope you are too. And now all I need is to find at least four friends and convince them to go one out of four days!

Last Thursday I went to the Daydream festival here in Barcelona. Basically, it was built around Radiohead performing here. Now, I rarely miss an opportunity to go see Radiohead play...

I had a long discussion today with Arek about file permissions and security. We ended up trying to figure out how the default install of Apache works on Fedora and Debian, and if that is the most secure solution.

So, here's my understanding of the default config on these two distros in a nutshell:

• apache starts as root and then drops to a specific user(httpd on Fedora or www-data on Debian)
• config files are owned root:root with 0644 permissions
• the default config is secure (doesn't contain important secrets
• because of this, it's not a big deal that any user that can log in to the system can read the config files

So, imagine you want to protect part of your site. You add a configuration parameter to specify which htpasswd file to use, and you make this htpasswd file be owned by root:apache and with 0640 permissions. This way, no one else than root and the apache group can read this file. So far, so good - logged on users cannot read the file and run a cracker on it to guess plaintext passwords of all your users.

So, imagine you now want to add LDAP authentication, and you need to put the plaintext password for your LDAP proxy user. The config hints that you should do something special to protect this:

A bind password to use in conjunction with the bind DN. Note that the bind password is probably sensitive data, and should be properly protected

.

I read this as "make sure that your normal users on your machine can't read the file that contains this information". So apache should be able to read it, and (possibly but not necessarily) root, but no one else. So, a logical way for me is to put an include statement in the apache config for a file that is root:apache and 0640, which contains the bind password.

Which got me to thinking - Why is the default apache config not root:apache and 0640 to begin with ?

Arek's reasoning was that it's fine for the default config to be more open, and you should know what you are doing (which implies, changing ownership and permissions if you put this password in the main config file). My argument is that it would be more helpful to have the default setup be locked down more, so that putting this plaintext password in that config - a reasonable thing to do when you want to do some more advanced config - does not suddenly make your setup a lot less secure.

So, I'm sure there is a reason why apache (and other daemons) have their config as root:root and 0644 instead of root:$(daemonuser) and 0640. Anyone care to share their opinion on the subject ?

I had a long discussion today with Arek about file permissions and security. We ended up trying to figure out how the default install of Apache works on Fedora and...

Mariette, our office manager ad interim (our previous one left to go translate) has gone on holiday. She left instructions for the new temporary office manager - three pages of information.

One of the paragraphs reads "Every morning process the mails. Open and read everything except bank documents addressed to Thomas Vander Stichele". Apparently I am the only person who considers it wrong and impolite to have my private mail opened. But I find it highly amusing that I warrant special mention in this document...

Mariette, our office manager ad interim (our previous one left to go translate) has gone on holiday. She left instructions for the new temporary office manager - three pages of...

Sometimes I buy like a depressed woman. Today I went out to buy Spiritualized's highly anticipated (at least, in this body) "Songs in A&E". I came back home with 7 CD's and 2 DVD's:

• A tribute to Spacemen 3: It was relatively cheap and it has Arab Strap, Mogwai and Low on it
• Death Cab For Cutie - Narrow Stairs: as Seth said, don't knock the Death Cab
• Broken Social Scene - Feel Good Lost: hey, it was less than 6 euros!
• Spiritualized - Songs in A&E: I ended up finding it at the FNAC
• Sloan - Never Hear The End Of It: 30 songs for 6.95!!!
• Pet Shop Boys - Discography: I've always liked a few of their tunes, and this was less than 6 euros again
• Coldplay - X&Y: I never bought it when it came out because it was copy-protected - this version doesn't seem to be thus encumbered, and I cannot resist songs like Fix You and Talk
• Radiohead - The Best Of (DVD): Radiohead has some truly excellent videos, it's worth getting this
• Pixies - Live at the Paradise in Boston: The Paradise is such a legendary place to me, even though I've never been there. This DVD was now 12 euros instead of 25 when it came out, so I couldn't let it just lie there

The jury is still out on whether this is a disease that needs curing... In addition, I got a dual festival ticket (Daydream - with Radiohead - this Thursday, and Summercase in July - 20% discount!)

Sometimes I buy like a depressed woman. Today I went out to buy Spiritualized's highly anticipated (at least, in this body) "Songs in A&E". I came back home with 7...

is a great feature for my home computer, where Kristien uses it when I'm not there.

But the applet insists on taking up 20% of my top bar just because there is no way to have it not display my full name. I'm pretty sure this used to be configurable somewhere and I could ask to only show the pictures - really, that's quite enough for the two of us, Kristien can tell the difference between me and her from the picture.

But even besides that, who the hell needs their name in the panel ??? If it were to change as often as the time did, I could see the logic. But. It's. My. Name. If I ever get to forgetting it, I'm sure I' ll be more busy wondering why I am holding an oval object with buttons in my right hand, and banging my head against the rectangle with knobs because I've forgotten how to type.

is a great feature for my home computer, where Kristien uses it when I'm not there. But the applet insists on taking up 20% of my top bar just because...