[lang]

Present Perfect

Personal
Projects
Packages
Patches
Presents
Linux

Picture Gallery
Present Perfect

catching up

Filed under: Fluendo,GStreamer — Thomas @ 14:17

2008-06-16
14:17

on some old slashdot headlines - I never make any more time for this these days.

But this snippet (from this article) was awesome to read:

Marlin says that that CoreCodec has established a new internal process for handling intellectual property issues so that they won't improperly use the DMCA again in the future. CoreCodec will also be assisting Nisota with his ongoing development efforts to ensure that coreavc-for-linux users can continue buying and using the CoreAVC codec. In the long-term CoreCodec also hopes to release a GStreamer-based CoreAVC codec so that they can officially support Linux users.

Or to put it in Catherine Wheel terms - I've finally arrived. It's awesome to see codec companies equate "officially supporting Linux users" with "release a GStreamer codec".

Videofeet

Filed under: Music,Spain — Thomas @ 23:21

2008-06-15
23:21

Last Thursday I went to the Daydream festival here in Barcelona. Basically, it was built around Radiohead performing here. Now, I rarely miss an opportunity to go see Radiohead play if they stop close by, so this wasn't going to be an exception. Radiohead is one of the few artists to always lay down a solid live set, and usually enough surprises in it. Through the years I must have seen them a dozen times, starting with the triple-priced tickets I paid to see them play to 500 people when I was 18 (I paid a double-priced tscalper ticket and half of a friend's who was going to not go in because of the price - imagine that) I stayed an extra day in Barcelona, and got a combi ticket to this festival and Summercase, and - as usual - looked for music by bands that were going to play that day and created a Rhythmbox playlist at work.

On the whole, though, the festival was a bit of a let down (no pun intended). I really liked Bat For Lashes on album, but live they weren't very convincing. Again I tried to give Liars a chance - they seem the kind of band I should have every reason to like, from having weird album titles, the indie aesthetic, the direction changes, and the uncompromising approach, to having a band leader that "hit it off" with Karen O (Yeah Yeah Yeahs) - who strangely featured in a rather erotic dream I had, even though she's not really my kind of girl - in the end all their uncompromisingness just ends up being really really boring to sit through. Drum's not dead, as an example, just doesn't grab me.

By far the biggest problem with Spanish festivals I've been to (most of which have been at the Forum) is the terrible sound. The speaker towers they set up just do not have the power to bring a festival to life. I was standing somewhere on the 15th row during Radiohead and it was as if I was watching YouTube. None of the dynamics that make their songs stand out made it through the sound mix. It was truly painful to watch.

It might be that this is because, as I've been told, electricity at the Forum comes from solar panels. So maybe they just don't have enough juice. Or, maybe it's because Radiohead makes a cool 1 million euro out of this concert (so I've been told, just as I've been told that Movistar really really wanted them there and paid the 1 million euro without being sure they would be recouping their investment - my money is on them losing money on it). And I guess it's also no dumb luck that most big bands travel the world with a Belgian company handling their stage and sound. But either way, it's depressing to pay 70 euros to see Radiohead then walk off in the middle of their set just because drinks seem more interesting than the band on stage.

It's been a while since I've seen them play anything off Pablo Honey, and this time was no exception. But they did surprise me by playing The Bends and Planet Telex (possibly my least-liked song off The Bends, though I might have to reconsider, and in hindsight it's the missing link to OK Computer, sharing much of its dynamics with Airbag). Though, again, with the sound setup they were barely limping along.

Rematch at Werchter, guys ? I have my 4 day ticket in my wallet, and my age forbids me from camping, so I hope to score a journalist's parking card, but I am ready. I hope you are too. And now all I need is to find at least four friends and convince them to go one out of four days!

apache security

Filed under: Hacking,Question,sysadmin — Thomas @ 21:06

2008-06-10
21:06

I had a long discussion today with Arek about file permissions and security. We ended up trying to figure out how the default install of Apache works on Fedora and Debian, and if that is the most secure solution.

So, here's my understanding of the default config on these two distros in a nutshell:

  • apache starts as root and then drops to a specific user(httpd on Fedora or www-data on Debian)
  • config files are owned root:root with 0644 permissions
  • the default config is secure (doesn't contain important secrets
  • because of this, it's not a big deal that any user that can log in to the system can read the config files

So, imagine you want to protect part of your site. You add a configuration parameter to specify which htpasswd file to use, and you make this htpasswd file be owned by root:apache and with 0640 permissions. This way, no one else than root and the apache group can read this file. So far, so good - logged on users cannot read the file and run a cracker on it to guess plaintext passwords of all your users.

So, imagine you now want to add LDAP authentication, and you need to put the plaintext password for your LDAP proxy user. The config hints that you should do something special to protect this:

A bind password to use in conjunction with the bind DN. Note that the bind password is probably sensitive data, and should be properly protected

.

I read this as "make sure that your normal users on your machine can't read the file that contains this information". So apache should be able to read it, and (possibly but not necessarily) root, but no one else. So, a logical way for me is to put an include statement in the apache config for a file that is root:apache and 0640, which contains the bind password.

Which got me to thinking - Why is the default apache config not root:apache and 0640 to begin with ?

Arek's reasoning was that it's fine for the default config to be more open, and you should know what you are doing (which implies, changing ownership and permissions if you put this password in the main config file). My argument is that it would be more helpful to have the default setup be locked down more, so that putting this plaintext password in that config - a reasonable thing to do when you want to do some more advanced config - does not suddenly make your setup a lot less secure.

So, I'm sure there is a reason why apache (and other daemons) have their config as root:root and 0644 instead of root:$(daemonuser) and 0640. Anyone care to share their opinion on the subject ?

office humour

Filed under: Work — Thomas @ 16:58

16:58

Mariette, our office manager ad interim (our previous one left to go translate) has gone on holiday. She left instructions for the new temporary office manager - three pages of information.

One of the paragraphs reads "Every morning process the mails. Open and read everything except bank documents addressed to Thomas Vander Stichele". Apparently I am the only person who considers it wrong and impolite to have my private mail opened. But I find it highly amusing that I warrant special mention in this document...

consume

Filed under: Life,Music — Thomas @ 21:15

2008-06-09
21:15

Sometimes I buy like a depressed woman. Today I went out to buy Spiritualized's highly anticipated (at least, in this body) "Songs in A&E". I came back home with 7 CD's and 2 DVD's:

  • A tribute to Spacemen 3: It was relatively cheap and it has Arab Strap, Mogwai and Low on it
  • Death Cab For Cutie - Narrow Stairs: as Seth said, don't knock the Death Cab
  • Broken Social Scene - Feel Good Lost: hey, it was less than 6 euros!
  • Spiritualized - Songs in A&E: I ended up finding it at the FNAC
  • Sloan - Never Hear The End Of It: 30 songs for 6.95!!!
  • Pet Shop Boys - Discography: I've always liked a few of their tunes, and this was less than 6 euros again
  • Coldplay - X&Y: I never bought it when it came out because it was copy-protected - this version doesn't seem to be thus encumbered, and I cannot resist songs like Fix You and Talk
  • Radiohead - The Best Of (DVD): Radiohead has some truly excellent videos, it's worth getting this
  • Pixies - Live at the Paradise in Boston: The Paradise is such a legendary place to me, even though I've never been there. This DVD was now 12 euros instead of 25 when it came out, so I couldn't let it just lie there

The jury is still out on whether this is a disease that needs curing... In addition, I got a dual festival ticket (Daydream - with Radiohead - this Thursday, and Summercase in July - 20% discount!)

« Previous PageNext Page »
picture