samedi 13 décembre 2008
Julien Doré à la coopé
Et ben, le public etait moins jeune que pour The Hoosiers (ben oui Dep !)
Pas trop rock au début, beaucoup mieux à la fin.
Mais pour le coup, le public semblait s'ennuyer !
On s'est même fait engueuler parce qu'on était debout !! Incroyable...
Sinon, la reprise "SS in Uruguay" en live est très bonne !
Pour en avoir reparlé avec d'autres, il semble que le côté provoc' de JD a été mal ressentie. C'est vrai qu'il a envoyé quelques vannes au public "limites".
mercredi 26 novembre 2008
Video, Video and Video
It is very interesting. If you are interested in, check Wowza Media server ( as a Flash Server (well, for openSource gurus, check Red5 :-) )
More to come ....
vendredi 14 novembre 2008
The Hoosiers à la coopé
Pas par le groupe, ils envoient du bois sur scéne...
Plutot très energiques, reprise et nouveaux morceaux au programme .. bref que du bon.
Mais putain, pourquoi le son était aussi fort (la voix du chanteur saturait ... je parle pas des autres instruments) ...
Franchement, le crie des ados boutonneux suffisaient à me déchirer les tympans ...
Dommage, parce que à 3 metres du groupe, dans une petite salle (la petite coopé), j'aurais plus apprécié avec moins de Db ...
mercredi 22 octobre 2008
That is really fun (and scary)
lundi 6 octobre 2008
New job, new life
I spent more than three years driving security projects. I am now using things I developped.
Things are sometimes funny ....
lundi 22 septembre 2008
J'ai essayé M0n0wall l'autre jour. Pas mal un système qui tiens moins de 10Mo sur une CF.
Par contre, une première approche montre une dégradation des perfs sérieuses entre mon PC et Internet. Bon, c'est pas non plus optimal, j'ai mon PC <-> m0n0wall <-> freebox (en mode routeur).
La prise en main est plutôt simple, l'interface www est simple, jolie, efficace. Manque une aide tooltip ou lien vers aide en ligne (ou alors, je ne l'ai pas vu).
La configuration de la NAT n'est pas triviale, d'ailleurs, je ne suis pas sur qu'elle fonctionne ... Je ne sais pas trop non plus si ca marche avec de l'IPv6.
Bref, c'est plutot pas mal, je pense que ca marche en terme de sécurité, mais ca manque de doc et de "tools" pour avoir une vue plus précise de ce qui se passe.
Ceci dit, avec une image disque de 5Mo on ne peut pas demander la lune. Ca marche quand même du premier coup.
Je vais continuer mes essais quand j'aurais le temps.
vendredi 25 juillet 2008
About phones
Hi all.
Using SJPhone, I have found a serious drawback. It is not capable of using my SIP account through a nat'ed router. Too bad.
Last week, my SIP hard phone failed to get a carrier. I used my soft phone to make calls. X-Lite works like a charm using my freebox in router mode. SJPhone not.
I am not sure it is only a SJPhone problem, because it works with voxalot, So ?
In fact, the only thing I am sure, it is that you always must test any VoIP equipment (phone, router, SBC, firewall, ...) deeply before adopting it.
The VoIP protocols are so complex that between two architecture, there is probably something that is not supported :-)
lundi 30 juin 2008
Pour paraphraser Gary Lineker
Le rugby est un jeu pas trés simple, où 30 joueurs courent après un ballon, et à la fin, c'est l'ASM qui perd.
no comments.
mercredi 25 juin 2008
VoIP is so exciting
Back to VoIP testing.
I (re)tested SJPhone 1.65 at home. It is a very good softphone.
But it has a annoying drawback: it can only register to one account at a time. I currently have, VoXaLot (eu), and FreeWorldDialup account. I only can register one !
So, I cannot use my enum number if I am always (almost always) registered through FWD. Too bad.
I tried gtalk, but it cannot send Video (works fine with audio, but my friends tell audio quality is worst than skype).
The solution is a Linux one (but I have not tested it yet): Ekiga. Multiple account registration, video, audio, SIP+H323 ! wonderful. But I do not use Linux at home (FreeBSD or Windows ...)
So, the ultimate solution is an Asterisk SOHO box dedicated to VoIP management.
I received an email (through sip-implementors ML) which announce pingtel opens a new SIP testing PBX gateway. Good thing. Not only for SIP implementors, but also for Security developer who needs to check that their control are not too rigorous. Good initiative.
jeudi 22 mai 2008
Centralized private music server
I was looking for a personal music server.
I have my own MP3 (ripped from MY CD). I wanted to listen from my work computer, or at home.
I searched for a simple solution... and I found it:
sockso. This little server has a web interface, with a flash embedded (or not) music player, and support for M3U playlists access.
I tried it for a week, and it works fine (unless some minor problems with UTF-8 and ISO8859-1 accent character in song filename).
jeudi 15 mai 2008
Web Review : 15/05/2008
25 years to fix a bug ?
yes it is possible:
A (french ?) postfix manager:
It looks good ! especially if you do not want to spend hours to configure manually postifx, fetchmail and so on.
I prefer my own configuration, but I admit that sometimes, 10 minutes setup is good ;-)
lundi 28 avril 2008
vendredi 25 avril 2008
FreeBSD tip
If you want to launch 'portsnap fetch' through an authenticated proxy, do not use:
but use
in your environment.
mercredi 16 avril 2008
Stop global warming
Great !!
(while reading my mailbox, i read that: Quarterly VoIP vulnerability summary
You may discover that:
- old Cisco 7940/7960 phones still have security issues
- recent phones (snom ...) still have big security issues ..
I am afraid by the situation ;-)
lundi 14 avril 2008
Web Review : 14/04/2008
So, what are the coolest project I have found:
- MathGL : something nice. It allows to generate nice graph, in 2D, 3D. The most interesting feature (well, not the most, but an interesting feature, sure) is the MGL scripting language, which allow a shell script to generate a JPG/EPS/SVG/PNG/anyOtherFormat graphic. []
- GreenSQL : it may be very interesting for security. It is a MySQL application level gateway. It does for MySQL what a web filtering proxy do for HTTP. I took a look at the demo. If it work as presented, It is a very interesting project ! []
- Because security is only a protection, you have to make backups. And if possible, automatic backup. This project seems to do the right job, local or network (through ssh).. zbackup-mysql []
- On a previous post, I talk about insecurity of VoIP clear voice stream. Give someone Dtmf2num, and dial your bank count access code with your prefered VoIP phone. You may be surprised ;-) dtmf2num
- Two of my friends will be very interested by the following: SMART []. This is a tool to manager security policy and its associated workflow. It looks cute ... (as long as security is cute ...)
- For those who are developing cross application (by cross, I mean Linux/Window*), check that: I'm a cross .... You should enjoy this one !
That's all folks !!
lundi 31 mars 2008
Renan Luce en concert à la coopé
Je suis allé samedi soir à la coopé de Clermont, 1500 personnes (complet), et bien, Renan Luce en concert, "ca envoie du bois".
Très bon concert, vraiment. Le personnage ressemble à son album: la première écoute est étonnante, ensuite on découvre un univers et un humour hors du commun.
La première partie était étonnante, mais vraiment bien. Nous avons eu droit à "Gitan de paname", de Balbino (Medellin).
Difficile de dire en plus... "Allez voir les artistes en Live, ce n'est que du bonheur (c)".
jeudi 27 mars 2008
Remote access
I reinstalled completely my system.
I used to access my system through several vpns and DMZ: an IPsec to a DMZ server, from which I connect to my system through an SSH tunnel (encapsulated into the IPSec one).
I tried X11 forwarding through SSH, works fine ...
But I tried today NX server (from NoMachine). Incredible. Almost local speed screen...
Yeah !
Through SSH ...
This is not very simple to install (DO NOT INSTALL IT THROUGH SUDO !), but once installed, it works fine, and quick !
For teleworkers on Unix station, this is definitely a MUST HAVE...
mardi 25 mars 2008
Planification de projet
Je vous en conseille la lecture. C'est instructif et plutot bien écrit.
Voila pour ce petit post. Sinon, en passant, un site sympa:, qui offre des articles de bonne qualité, et un fork de phprojekt: toutateam. Allez... google is your friend !
jeudi 13 mars 2008
Web Review : 13/03/2008
Very simple, a real ease of use. Next step for me is to try the creation of a new template... Not easy ? not sure ... I will keep you informed. The link =>
Try the Scenari Discovery application.
Comments are opened
Good reading and posting.
jeudi 28 février 2008
Web Review : 28/02/2008
But (for me) the most important new today is "FreeBSD 7.0 RELEASED" !!
jeudi 21 février 2008
Web Review : 21/02/2008
lundi 18 février 2008
Web Review : 18/02/2008
The link :
Another good thing to try: MysqlFS, a FUSE Mysql filesystem backend. Take a look at: For those how installed apache webservers, It worth reading that.
mercredi 13 février 2008
Yes, it is a kind of security
Web Review : 13/02/2008
For me, I consider that M.J. Ranum is the father of firewalling as we know it today.
I have worked for 7 years on *-gw proxies, then on *-pdk (for those who know). I rewrote smap/smapd, improved http-pdk and so on.
Until now, I am still working on a firewall software editor, and MJ Ranum concepts are still up to date. I do not say that other were not doing security, but who could say "packet filtering module is a firewall module" ?
Using authentication daemon of TIS you can add a usefull value to security: "who is doing what ?"
Today, firewalling, as I can see, is not as good as it could be.
The ultimate firewall solution should be a description not of host using ports, but users using services.
It is easier to tell: "allow Alice to contact Bob over XMPP" than "allow from to bob.domain.tld port 5222 keep-state"
NuFW/EdenWall seems great for this. It is not a finished project yet, compared with some great closed products, but the right idea is here.
During my web review, I have seen the following announce: SignServer project 4.0 is released. It looks very interesting. And it shows me that apache project as its own mail server ?! James ... googlize it !
(Last week was very rich !!)
This is a interesting post about FreeBSD 4->5->6->7 releases, and why some of Linux gurus are telling "FreeBSD sucks". Well, I do not want to say that "FreeBSD is better than Linux" or "Linux is a *BSD killer" (but it is not :-). Take a look at Truth on FreeBSD 5.x releases". I am very proud of FreeBSD developers, because I love FreeBSD, much more than the hundreds of Linux distros. And Explanations given here are the real world on project management. I encountered almost every day at my own job !
Some fun:
VoIP security news:
Sipera 5 threats in 2008: VoIP Security Threat Predictions
Let's see....
samedi 26 janvier 2008
VoIP security
Bonne introduction aux problèmes VoIP. Je rappelle que le doc cité dans un billet précédent est plus interessant pour les concepts, mais ce billet est plus pragmatique, voire terre à terre. Bref, ca vaut le coup d'oeil.
mercredi 16 janvier 2008
mardi 15 janvier 2008
Web Review : 15/01/2008
- the thee questions in standup meetings:
lundi 14 janvier 2008
Web Review : 14/01/2008
[French] Good information PDF, with pro/cons for each virtualization techno : or, direct download
- Simcity is now Opensource.. Great thing. I love this kind of game. I read few years ago a ppt about C++ development written by Maxis guys. I was very interesting. If anyone is interested, post a comment .
- Who are Free Software Users ? An answer is here :
Power of jails
Because security is not only resolved by virtualization, you can use jails on FreeBSD. Take a look at:
Scrum and XP
I could simplify saying Scrum is for project manager what is extreme programming to developers: an agile method based on best project management practices.
A french introduction of Scrum can be found here: scrum ou xp scrum et xp
It is a very good blog. The agile part is
Some of the posts I have read (all in French, sorry English guys :-)
le wannabisme agile : It explains why projects can fail. And it spots that not only a project manager is responsible of setting Agile project management..
off-shoring agile: c'est difficile mais ça marche : Another good post of this blog is about agile method and offshoring.
Some agile tips:
Agile Tip n° 1: comment aborder un projet en difficulte avec agilite
Agile Tip n° 2: les 15 commandements pour 15 minutes cruciales
Agile Tip n° 4: criteres de vigilance
I have found something fun to work with: (See wikipedia why it is interesting )
Here are some (pretty) fun remarks: humeur cynique
samedi 12 janvier 2008
As usual, I know 90% of what is written.
But, I didn't know how easy is to find information about VoIP system
installed in corporate networks.
Thank you google ! I really was impressed by "inurl:" power in requests !
SANS VoIP vulnerability on VOIPSA list:
White Page Syndrom
So This is my first post about the future web review. Interesting things I am looking for are:
- VoIP
- System administration
- FreeBSD (my prefered System)
- and network security (my job)