Present Perfect

Looks like I caught part of the flu my Barcelonan flat mate was having. It started - as these things usually do - on Friday evening. My psyche knows when it's the weekend and when I want to relax, and schedules diseases breaking out accordingly. I'd feel guilty about getting ill on working days, I'm sure.

We had a BBQ planned on Sunday with our old sport club - our yearly meeting. A simple flu wouldn't stop me from having it, even though we took over organizing it from the original instigator (and used Doodle to do so - do yourself a favor and use it every time you're planning something with friends to avoid fifteen thousand mails going "I can't on that date, how about that date" - I wish I had thought of that site)

BBQ was excellent, save for the fact that the ten-year-old-but-still-in-a-box-deluxe-barbecook was missing a whole bag of nuts and bolts. Peter to the rescue by going to the hardware store and getting some basics to at least allow us to have the BBQ itself working. And affected as I was by the flu apparently I didn't bring home charcoal but vineyard branches - not a good fit for the barbecook.

But all was well after a short wait and the meat was excellent, as was the company. And we even got some sports done.

Today being San Joan in Barcelona - my least favourite holiday, 6 year old kids running around at night shooting off fireworks without regards for their own or my life - I decided to stay home this week. I'm happy I decided to stay here because it's no fun travelling while ill. This also allows me to focus on setting up our new virtualized development platform at work, because we're working on a near-seamless migration from our old platform code to the new version. Flipping the big red switch just isn't a responsible way of migrating customers anymore.

Kristien took advantage of me staying to work from home this week and went out yesterday to get a new kitten. His name's Tonie (staying with the cat meme we started with Lunya), he's mostly black but with white paws, a white jaw, and a bit of white across his face. As far as kittens go, this is one of the more active I've seen - up and about and trying to break free from his temporary "get-used-to-a-new-place" area in two hours. Usually a kitten takes about a day hiding behind some couch in a corner to adjust. Also, this kitten hardly made a peep while Kristien drove him home - an hour car ride and only six meows. Lunya would wail like a baby the whole drive.

Anyway, I'm sure you all know kittens are cute and heartbreaking. This one's up and about and alternating between discovering this new place and resting on my lap.

In the end I've decided not to go to GUADEC this year, and go to Europython instead. It's not really a very calculated or well-thought out decision - I was hung up on deciding ever since I realized they were on at the same time. I probably would have booked for both months ago if they had been separate.

It's not that I don't want to go to Istanbul - I do, but holy shit, is it expensive - and it's not that I don't want to see all my GNOME friends again. I'm interested in the debate our dear rabble rouser has started, though I doubt people will get anywhere on that.

Maybe it's simply fatigue - I have to agree with some people that there isn't that much variety compared to other years looking at the schedule. Possibly it's also the fact that I haven't contributed much of anything at all to GNOME over the last year. I'm sure that's largely due to my focus having changed a lot. My involvement in GStreamer as well has waned over the last year, for various reasons I'll save for a possible other post.

Europython was fun last year, it's nice to see a different community interact once in a while. Breaks the entrenchment one gets into. It's also more work-related - we're looking for people with Python skills, so it makes more sense to go to Europython.

In the end, it wasn't a single thing that made me decide, it's really just a flip of a coin decision, and I'm sure I'll regret it somewhere down the line. Chosing is losing.

So, with my birthday coming up (and now having decided to have it in Vilnius) I've cleaned up my Amazon wish lists and ordered myself some goodies off of it already. Which leads me to wonder two things related to Amazon.

First of all, why does Amazon even *have* different frontend sites for different regions ? And why do these sites not interact in any way at all ? Every link on the web to an amazon item are always to the US version, so I always end up having a US wish list, though it is weird to order stuff from the US if it's also available on any of their regional sites.

Which leads me to point two - how is it still possible that ordering the same stuff from the US just comes out huge chunks cheaper than ordering it from the .uk or .fr sites ? And that's even when I choose priority air shipping. Shouldn't it be a hell of a lot cheaper to ship from their European warehouses ? Is this just the weak dollar ? Should I delete my UK wish list entirely anyway (which I only started for DVD's because of region coding and PAL vs NTSC) ?

Anyway, enough influenced posting for today. Time to do some non-work work.

Looks like I caught part of the flu my Barcelonan flat mate was having. It started - as these things usually do - on Friday evening. My psyche knows when...

I don't ask enough programming questions, so here goes one.

I have a glade file with a vtable with 3 rows, and each row contains another table, with 2 columns and a bunch of rows. It shows key-value pairs. I've put them in a table so that I can hide table #2 or table #3 in certain conditions.

Now, the second column of each of these tables is not aligned with the other second columns of these tables. Instead, I would like to follow the HIG and "Minimize the number of alignment points in your window" the way is done in this example with "General" and "Action" lining up, or the top 4 dropdown/entry boxes and the icon entry box.

Anyone know how to do this while still allowing me to have 3 separate tables to group my key/values ?

Update: somehow I forgot about GtkSizeGroup (shows me right for hacking at 7 in the morning) and people put me in my place. So, it doesn't look like glade-2 supports this. Anyone know why ? Do I need to write code to read my glade file and put each label in the size group ?

I don't ask enough programming questions, so here goes one. I have a glade file with a vtable with 3 rows, and each row contains another table, with 2 columns...

on some old slashdot headlines - I never make any more time for this these days.

But this snippet (from this article) was awesome to read:

Marlin says that that CoreCodec has established a new internal process for handling intellectual property issues so that they won't improperly use the DMCA again in the future. CoreCodec will also be assisting Nisota with his ongoing development efforts to ensure that coreavc-for-linux users can continue buying and using the CoreAVC codec. In the long-term CoreCodec also hopes to release a GStreamer-based CoreAVC codec so that they can officially support Linux users.

Or to put it in Catherine Wheel terms - I've finally arrived. It's awesome to see codec companies equate "officially supporting Linux users" with "release a GStreamer codec".

on some old slashdot headlines - I never make any more time for this these days. But this snippet (from this article) was awesome to read: Marlin says that that...

I had a long discussion today with Arek about file permissions and security. We ended up trying to figure out how the default install of Apache works on Fedora and Debian, and if that is the most secure solution.

So, here's my understanding of the default config on these two distros in a nutshell:

• apache starts as root and then drops to a specific user(httpd on Fedora or www-data on Debian)
• config files are owned root:root with 0644 permissions
• the default config is secure (doesn't contain important secrets
• because of this, it's not a big deal that any user that can log in to the system can read the config files

So, imagine you want to protect part of your site. You add a configuration parameter to specify which htpasswd file to use, and you make this htpasswd file be owned by root:apache and with 0640 permissions. This way, no one else than root and the apache group can read this file. So far, so good - logged on users cannot read the file and run a cracker on it to guess plaintext passwords of all your users.

So, imagine you now want to add LDAP authentication, and you need to put the plaintext password for your LDAP proxy user. The config hints that you should do something special to protect this:

A bind password to use in conjunction with the bind DN. Note that the bind password is probably sensitive data, and should be properly protected

.

I read this as "make sure that your normal users on your machine can't read the file that contains this information". So apache should be able to read it, and (possibly but not necessarily) root, but no one else. So, a logical way for me is to put an include statement in the apache config for a file that is root:apache and 0640, which contains the bind password.

Which got me to thinking - Why is the default apache config not root:apache and 0640 to begin with ?

Arek's reasoning was that it's fine for the default config to be more open, and you should know what you are doing (which implies, changing ownership and permissions if you put this password in the main config file). My argument is that it would be more helpful to have the default setup be locked down more, so that putting this plaintext password in that config - a reasonable thing to do when you want to do some more advanced config - does not suddenly make your setup a lot less secure.

So, I'm sure there is a reason why apache (and other daemons) have their config as root:root and 0644 instead of root:$(daemonuser) and 0640. Anyone care to share their opinion on the subject ?

I had a long discussion today with Arek about file permissions and security. We ended up trying to figure out how the default install of Apache works on Fedora and...

is a great feature for my home computer, where Kristien uses it when I'm not there.

But the applet insists on taking up 20% of my top bar just because there is no way to have it not display my full name. I'm pretty sure this used to be configurable somewhere and I could ask to only show the pictures - really, that's quite enough for the two of us, Kristien can tell the difference between me and her from the picture.

But even besides that, who the hell needs their name in the panel ??? If it were to change as often as the time did, I could see the logic. But. It's. My. Name. If I ever get to forgetting it, I'm sure I' ll be more busy wondering why I am holding an oval object with buttons in my right hand, and banging my head against the rectangle with knobs because I've forgotten how to type.

is a great feature for my home computer, where Kristien uses it when I'm not there. But the applet insists on taking up 20% of my top bar just because...