Stuck in Houston

So I was supposed to leave today and quite anxious to as well but I find myself stuck in Houston. The Air France pilots went on strike this weekend and it seems like there are no possibilities for me to reach home before Monday. Air France sent me an e-mail during the middle of the night with a changed reservation to Monday afternoon.

Oh! Well, this sucks but its just a cumulation of just bad events in the disaster that my life is right now. I wish I could say better things but with all the trouble I've been having these past years plus while I was a way a bunch of stuff went down at home that's going to be expensive.

Well gives me two more days to do some last minute shopping... Thinking I might just as well get that MacBook to give myself a nice pill.

Despite Best Effort

The weeks have been long and tedious and despite best efforts, I was just not energetic enough to be able to do somethings I wanted to. Did not have time to do any serious tech stuff or do any gaming. I think the disappointing tech shopping, in ability to exchange some travelers checks and the hesitation to buy a MacBook has not helped.

I think things would actually be different if my job didn't depress me as much and if thinks for me were working better ( crap happened at home that's just hitting the pocket book even more now). I basically know what I need to do to get out of the rut but at the moment the mental energy required to achieve it is not there.

Anyway things are as they are...

Tech Shopping Disappointment

So with this trip to Houston, I was hoping to get some much needed tech. I need a few upgrades for the home PC as well as some portable storage.Unfortunately the selection was not as good as I would have hoped. I did manage to get a few things at a good price including a 6 pack of 4gb thumb drives & a Seagate 750gb sata drive.
Did spend a few bucks on cheap HD-DVDs & large selection of DVDs. As well as managing to pre-order Warth of the Lich King (so I'll be able to jump to Northend as soon as I get home).
What's left, well I am still not sure about getting a motherboard and new CPU however the total would quickly rack up & it's not that much cheaper than buying back home besides think I would rather put the money into a MacBook.

Back to Houston...

As I write this, the plane is somewhere over north america - gotta luv wordpress for the Touch. Yep, on the way back to Houston, TX. This should be am interesting but dull trip.
Interesting because I will be living live one of the potentially most drastic US presidential elections ( and I hate politics) personally hoping myself and for the world that the candidate for Change (Obama) win! Above that though because I will be able to connect up with a few friends and colleagues that I enjoy bantering and ranting with. And there is also the fact that I can do some good tech shopping including potentially a MacBook Pro.
On the other hand, I have dreaded the advent of this trip work wise since September (the original trip was cancelled 'cause of Ike). This has to be potentially the least productivity two week business trip I am on in quite awhile. I don't expect to gain or learn much in this hand-over activity I am doing for some of my new objectives & responsibilities.Unfortunately , the work is not & will not challenge me in anyway. Let's face it even the job description that was forwarded to me lists the position to require a person with an experience that's one third of mine.
One other thing I will try to achieve as well is to get a little better and more rhythm on the lifehacking stuff(back into blogging, kyteTV, etc). Let's see what happens...

Microsoft Days - Enterprise Management

Spent the day at a special Microsoft [MS] presentation focused on enterprise management solutions. The following is an on-the fly thoughts and impressions post (got love my iPod touch)! Some stuff on my Brightkite stream.

Session 1: application virtualization (originally Gridsoft) called App-V is presented by Microsoft and Intel as a solution to make image deployment and support easier. The idea being that the virtual apps as well as virtual environments are deployed centrally and made available to the user via either streaming or local virtual image push. The idea being that the apps no longer need to be installed locally and versioning is controlled centrally. As the apps are deployed in a virtual configuration they are also no longer dependent in the underlying OS (eg. run windows XP apps over Vista or Windows 7) when you include MED-V (ex. KIDARO). Security is also in theory improved by the use of encryption as well as a form of sandboxing.

Session 2: Deploying and benefits of App-V. Key points include streaming key code packages and centralized updates; easy application maintenance; co-existence of multiple versions of applications and supporting different middleware & libraries versions; workstation independence (environment becomes virtual); new delivery mechanisms that includes a light infrastructure and an offline distribution.

Session 3: Hyper-V in depth. Intel optimized the VT-x technology to fully support Hyper-V both from CPU to Network. Based on a microkernel hypervisor (this is alot like VMWare GDx or ESx). Some versions of newer MS OS has code optimizations for when they are running in as a guest OS also requires you to install new drivers, etc. The network component now supports switch virtualisation for VLAN.q supp

Plenary Session with S.Ballmer focused extensively on what MS is doing for what is more generally known as ubiquitius & cloud computing. The vision is to bring an Internet rich user environment based on .Net, Silverlight, Browsers & Vista (as a base) in all forms of devices supported by Services+Software (SAAS) built on MS core platform Windows Server 2008,Hyper-V,SQL2008 & the collaboration suite. Oh! And did I mention MS will be offering it's platform on a host device (Live everything ;-)).
This was also the official launch of MS Hyper-V technology and their Virtualization-360 (i.e. virtualize everything if possible) which covers server, desktop OS and applications.

Why Can't the HDD Industry Publish True Size of Disk?

Why can't the Hard Disk industry publish the true size of the disks they are selling? This is the big question! I recently purchased two drives from Seagate from their Momentus series of laptop 2.5 7200 rpm line. To be specific, I have the Momentus 7200.2 in 160Gb and the Momentus 7200.3 in 320Gb. From the product title you would expect to be getting 160Gb and 320Gb respectively from the drives.

However this isn't exactly true. I don't know what the number represents but it's not the size of the drive once you plug it into your machine. I only get 149Gb from the former and 298Gb from the latter, which on the latter is a significant loss of space (close to 10% but more like 8%). It goes to say that this is beyond annoying! When you buy a hard disk, you buy it based on advertised size (hoping to get that maximum space possible) at least that's the general idea. If you advertise the size of something it should be the real size you will see when you start to use it! Not the theoretical size based on platters and cluster sizes!! BTW this is true for almost every hard disk vendor not just the one mentioned here.

Don't get me wrong the drives are fantastic. I bought them for that reason, they perform extremely well and have some interesting laptop usage safe guards. I am just feed up of expecting something and getting a different value in return... For crying out loud! Change your attitude, the industry needs to change its methodology and start giving us the real sizes - didn't this happen with TV to!

So HDD Industry wake-up, smell the coffee and stop lying to us about the size of your products! Gives us the real size...

Change of Plans

So, I was supposed to be in Houston right now but the damage caused by hurricane Ike has put a hold on that. Now the thing is I was hoping to get some tech shopping in ( before all my Euros are gobbled up by the tax collector) while over there giving me a significant savings. Maybe this will happen next month!

So in the mean time, I am thinking of passing the time by either getting a Dell Inspirion mini9 or upgrading my home PC a bit with the following components:

• ARCTIC COOLING Freezer 7 Pro - 45 CFM
  
• ASUS P5Q Deluxe - Chipset Intel P45 / ICH10R
• CRUCIAL Ballistix - 4 Go ( 2*2G ) - PC6400 - 800MHz
• INTEL ® Core™2 Duo E8500 3.16GHz FSB 1333MHz 6Mo cache socket 775
  

This upgrade would give a nice all purpose machine good enough for some good gaming. Money wise, this would cost roughly the same.

What's your vote?

Update 20080921: Looks like if I buy the kit in the US I'd be saving anywhere between 20% to 30% - so going to wait.

Integrating Web2.0 Solutions in the Corporate Env. A Challenge for Innovation!

I was in a very interesting discussion with a colleague responsible for the IT Innovation process in our company today.

The company, where I work, has for awhile now had a big focus on bringing Web 2.0 type solutions into the corporate infrastructure via the innovation process . Some current projects include looking at integrating internal social networking (ala facebook, dopplr and similar) or microblogging (ala twitter). There are many reasons behind these ideas and a lot them have to do with attracting young blood into the company & keeping them interested.

There are however a number of fundamental issues behind this logic, a primary one being that these types of solutions can be easily adopted into the user's daily business workflow to bring him/her added benefit and ease to complete their professional goals. Even more difficult in a company like ours which is not an IT focused company. Another important issue being that a majority of new recruits are indeed heavily involved in the use of such solutions! Let's face it there have not been that many studies that indicate that a majority of university graduates expect to see such tools in the work place. Yes! They want access to the solutions but at a more global and personal level - a primary goal being to be able to keep in touch with friends and acquaintances as well as continue to exist in the webosphere as they did before.

There is in fact a macro versus micro distinction that needs to be made in this domain. An internal corporate social network or microblog actually only serves a microcosm of users that already have the primary means to achieve essentially the same things with e-mail, corporate directory & IM. In a more than typical internal business environment you already communicate and share information with your colleagues and don't necessarily need to push or publish information via a web based application. Think about it what additional information is a social network going to allow you to serve more than a corporate directory or sending e-mails. One theory is to stay that in a large 50k employee company, it will allow you to discover or facilitate contacting people when you travel to a different site. I question this! As how is different than looking up the colleagues you need to visit or are based in the site you are visiting? Will a social network really bring additional benefit in that sense?

For me a lot of these Internet level solutions function and provide benefit as they permit disperse people the ability to keep in touch without requiring a formal linkage (such as sharing of e-mail or IM) as well as bringing a platform to meet new people outside of your usual domain of influence. I think the whole point here is the ability or drive to expand you domain of influence however in your work environment you already basically have the recognition and access to your domain of influence based on your experience and responsibilities. Microblogging is another good example of this and can be seen as the summum of this ability by allowing you to broadcast updates and thoughts to all your followers in a quick and dirty interface. But how does this fit into a typical business day workflow.

I am in IT and for the moment, I don't quite see it. To be honest, I already have trouble juggling my job responsibilities and keeping my Internet presence up-to-date. And this is for me and more importantly and as mentionned before the key factor: how do you fit these tools into your daily job workflow. Honestly, I don't have the answer and I still fail to see the business benefit. I am open to suggestion and hope this post will open the floor for discussion...

Why We Need Google Chrome

On Sept. 1 2008, Google announced their plans to release a new intiative in the web browser market ( of course it will be free - sort of) called Chrome. Some of the technical reasoning behind the browser was laid out in a home brewed web-comic. I have no intention of re-commenting this as plenty before me have [Google it!].

My apropos on this subject has to do with the fundemental reasons I think that a new browser paradigm or technology is deeply required!

Browsers today are stagnating in the form of a monolithic giant that are required to perform too much in order to support everything from scripting to multimedia to web2.0 & beyond. The problem is that the main contenders today have been adding and adding features forgetting that to keep performance you also need to optimize! This holds true even for the more recent versions of FF3 & IE8. Unfortunately performance has not gotten significantly better and this is a fundamental quagmire...

Let's face it the web is getting slower and slower and I am not inclined to accept the blocked tubes excuse. A fair bit of the slowness is coming from the iffy responsiveness of the browsers. I've seen this too many times even when trying to load local web pages (i.e. on the same LAN). Now this is a core problem because the web applications are becoming more and more complex as providers start to bring services that encompass more features. I, personally, feel like I spend more time waiting for the pages to load and respond to my request than actually using the features provided by the application.

Believe or not, this situation has already been seen when mobile operators started pushing the mobile web and the WAP standard and simplified web pages had to be developed. Look at the iPhone, despite its «full featured» browser, it still prefers to have special formatted web pages. This is equivalent to a tacit recognition that current solutions are not responding in a user-acceptable manner to expectations and something needs to change - we need the features but with the performance that makes them useable.

Chrome wants to try and resolve this issue by bettering the performance of the browser, a good start! But is this really enough, is there a need to look at changing the way these applications are delivered? I think this will remain a very open question until someone re-invents the web2.0/web3.0 paradigm!

Update 2008-09-08: So I've been using Chrome for 6 days now! It's fast... brings back the punch on web sites! However I am going to stop using it until Google fixes a number of security flaws that have been discovered since launch [IMHO some of them are inexcusable considering they had already been identified in the webkit platform]

B'Day Equals Gamerific!

Today, August 30th, is my son's birthday. Both he and I really look forward to this period as it's a damn good excuse for dad to go crazy on the new games (Christmas is also a good excuse).
This year it's: one PSP game - Naruto2; one xbox360 - Soul Caliber IV; three Wii - Ski, Boom Blox & Smash Bros Brawl.
I'm satisfied with the general game play and am quite enjoying the fast paced & quick to pick up action gaming that both SC4 & Smash Bros is providing. I was to a certain extent impressed with the graphics and overall customizablity of both games. These were games that were quick and easy to jump into and get a lot of fun out of
I still need to try out the other three fully but so far my son's has been having a good time and doesn't seem to want to put down Naruto. The Family Ski on Wii was especially fun with the Wii Board. Its a much more interesting ski simulation than the default one on Wii Fit. Boom Blox was fun as well, and remind me of long evening hours of playing jenga with friends while on vacation,
Maybe more on this crop of recently obtained games in future posts!

It's Been Awhile, Again

Well it has been awhile since I took the time to blog anything! To be honest, I've had a few drafts in the works but never enough personal energy to complete them. I thought that migrating my iPod Touch to version 2.0 and using the wordpress applet would help but I've been having other issues with the iPod Touch (will have to be the subject of a different post).
Once again, I find myself torn between personal issues and work related emptiness which has driven me into a relunctant on effectiveness. Hence my inability to get my stuff together and try to do sensible things.
To be honest it's almost a form of depression and I don't think things will change until I hit The Deepest Rock Bottom possible...
Meanwhile I think that trying to get those drafts and new articles finished will be the only way to try and fight this effectively. Maybe even using my blog(s) as a venting ground might help.

Let's see what happens. ;-)

We Say Goodbye to Princess

After 15 years of sweetness, we unfortunately had to say goodbye to our cat Princess. A number of months ago, she was diagnosed with cancer. The first time, we had the vets remove the cancer but it quickly came back and there was not much more we could do. Over the past few days, she had stop eating and was starting to have problem moving around. Her physical state was getting hard to bear and she was not herself.
Princess joined the family some 15 years ago when she grabbed my wife's hat through the cage as we walked passed her in the pet store. My wife knew at that time that the cat was «supposed» to come with us! Princess was a gentle and sweet little lady but was very shy. She will be missed. More picture of her on this Flickr page and in my Picasa web album (look for Princess the tri-colour persian)

Xoopit Enhancing Gmail's Media Capabilities

Following an article on this blog about Xobni, I was recently invited to try out Xoopit. Xoopit provides a tool to quickly access the multimedia stored in your Google Mail (Gmail) account through a number of ways including either via a Firefox plug-in (it needs an equivalent on IE7 I tend to use both so it is helpful), in your iGoogle page or through their own web interface. Disclaimer: The contents of this post reflects my experience with Xoopit as it occured from May to end June. Therefore some of the information present here may have evolved over that time with fixes and improvements. Also, this post was reviewed by one of the Xoopit co-founders before publication!

Xoopit essentially indexes and copies your Gmail contents via an IMAP interface (for more information check-out this Xoopit blog post ) and it seems to target the e-mails containing pictures, videos and files. The service starts by indexing the context of your account and after a few hours started to present the indexed media it had found. After what seemed like 2 days worth of indexing (my impression based on the increasing count of media index), the power of Xoopit began to reveal itself and that was when I realized what Xoopit is in fact providing. Xoopit gives you a nice interface for quickly viewing, downloading or re-sharing all your media be it by what you have recently received, by association to whom sent it to you or from which platform (i.e. flickr, youTube, ...) or by file type. The index even pulls references to pictures and videos from URLs which was quite interesting: it for example highlighted a flickr picture and youTube video in the May 15th Bruce Schneier Crypto-Gram and if your are subscribed you know that he tends to use tinyurls and references to articles not directly to video or pictures.

Overall my impressions and thoughts on Xoopit are mixed. I really like the ability to quickly view, locate and manipulate media that has been sent to me or referenced to me via e-mail. I was even more appreciative as I am able to link my different Gmail addresses to it (I use one for personal comms and one for mailing-lists, etc). This made it even more useful as I can now quickly locate things from one place instead of having to check multiple accounts. It was also interesting to use for sharing pictures and videos with my different contacts but I admit that I tried the sharing feature to test/try it and I am not sure how often I would get to use it my day-to-day e-mail activity(I'll explain later). Here are some of my other remarks about the tool:

• You can quickly share videos and pictures, files however are not shareable on their own. To share them you need still need to forward the whole e-mail. I didn't quite understand this part;
• The ability to locate media sent by contacts is neat, however some of my closets contacts have multiple e-mail addresses and in the Xoopit interface this shows up as multiple contacts... I think that the system needs to try and be more intelligent and match multiple contacts by name as well as e-mail;
• The plug-in interacts with the Gmail search and shows a search bar along side your search results. So for instance if you search for a contact, the Xoopit plug-in gives you asidebar with all the media relate to that search query;
  
• The plug-in works quite well and gives you an easy instant access to the media directly from your Gmail inbox, however one thing that confuses me is that the plug-in pulls the Xoopit copy of the e-mail instead of accessing the Gmail version. My thoughts are that this could be done better if the Xoopit used some form of indexing/referencing instead of creating a copy of the e-mails;
  
• There are some other things I would like to see like: statistics, threading or relationships between media/e-mails, and maybe versioning or similar on files.
  

However & overall, I don't think I am getting the most out of the tool. There is a simple reason for this, I usually don't manage my e-mail contact workflow associated to media. I rarely look for a piece of media that was sent to me by one person or another. When it comes to media, I usually view & process it but then I file it away by putting it in another location (photo album, file server, ...). When I re-share media I receive via e-mail, it is usually then and there so to speak - at the time I first read it. I then rarely come back to that e-mail. The exception to this might be file attachments which I might need to refer back to but again this is a rare occurrence. Xoopit will be a very useful tool for a person spending a lot of time dealing with multimedia e-mail processing which is just not my case.

I admit my e-mail workflow is very much focused on processing via subject, keyword (I use labeling or subject line tagging for this) or even sender. When I am referring to or searching for existing e-mail conversations I typical look for it via subject matter or via the original sender (this is in fact where Xobni is quite useful). Hence my low and in frequent need to access a tool like Xoopit whose primary focus is the media.

My other mixed impressions are due to my ingrained habit as an information security professional. When I look at the Xoopit service, a few things come to mind and they be NO means imply any weakness on the part of Xoopit:

• HTTPS compatibility in the plug-in: I use Gmail web interface using https for various reasons. When I first tried the Xoopit plug-in, it had a few glitches running under the https instance of theGmail - it would en fact rest the page to normal http. This seems to be corrected now in the latest versions and the plug-in also respect the https protocol when it fetchs data. There is also a setting under your Xoopit account to enforce the HTTPs protocol (nice!);
  

• Storage of the Gmail account and password information: this is tough and I realize that today and without a proper API or security key Xoopit really doesn't have much choice. This should not be an issue as long as the data is stored and used in a secure manner. Relatively though, it does want for concern as the Xoopit service uses an IMAP connection to pull the information fromGmail , if its implemented as IMAPS then things should be ok if not then your account information is being sent between both services in clear text;

• Xoopit shadows the e-mail on its own servers: while this is not really worrisome it does raise my eyebrow concerning data residency and security issues. In the same way that I implicitly trust Google with my e-mail, I need to implicitly trust Xoopit to safely and securely store my e-mail information. The initial thought that I have is that now I need to be additionally concerned as my e-mail information is stored in two separate locations therefore increasing the possible footprint for potential data leakage. It also troubles me personally as I am not inclined to see multiple copies of my e-mail stored outside of my direct control. I need to have total control over my e-mail storage as there certain e-mails that by nature I won't leave even in Gmail and thus I need to be sure that all copies are removed from any online storage. Of course my assumption is that Xoopit have taken necessary precautions to secure the duplicated data like encryption based on an individual account key (I know I would).
  <rant />My initial thoughts on the subject, was why store a copy? Would it not be more efficient and better to build an index of the messages instead, storing the index and references to the files then providing access back directly into Gmail. At least you would not have to duplicate and store the contents of the accounts.
  

I think that Xoopit however can only do a little more than what they are doing today in great part due to the limited API that is offered by Google for the Gmail service. Jonathan Katzman one of the co-founders of Xoopit confirmed this to me and indicated that they are working with Google to improve on the above:

on both those last points, we take security incredibly seriously and realize the trust users are explicitly or implicitly (depending on the user) putting on us. this is something we'll blog more about soon. suffice it to say we are taking every measure we can to keep data safe.

So despite my view of things, I appluad their solution and wish them the best of luck as they go on improving it. Let's also remember that this is still essentially a beta service (private invites only - I have some to give out). I'll continue to use the service as it is slowly proving to be worthy and useful and I might be a good extension into my e-mail workflow.

Jamais 2 sans 3

«Jamais deux sans trois» is a french expression that basically means that things always come in threes and in most cases you are talking about unlucky things!
Well, today July 3rd aka my birthday, falls right into this expression. If you remember and refer back to last year's post, you may be aware that my home network got electrically fried on my birthday! Well this year it wasn't my home network but it would seem that it was my laptop's turn.
Yep, this year for my birthday, my laptop fried... dead motherboard!
Can't wait till next year I wonder what will happen next!

Yet Another HDD Bites the Bucket

One of my drives (a 500gb USB WD Book less than 2 years old) just kicked the bucket! Unfortunately (or fortunately) it was the drive that only held videos and podcasts and open-source torrent downloads. So I am not losing much - except that I just lost a shit load of crap that took quite some time to download.
What gets me and continues to get me is that the drive in question was working very well until I rebooted the system it was on. This continues to be, IMHO, the plight of the HDD in today's day environment. Don't get me wrong I know why a working drive suddenly stops working on a reboot, but I just don't understand why we in the industry have not figured out how to combat this situation!
Why can't the drives detect they are failing and warn you before you reboot? Why should a stop/start command force the platters to stop and re-rev hence creating a die situation? Why? Why?
Oh, well! I know what the gadget purchase will be this month: new drive!

My Thoughts on Xobni

I've been using Xobni for a few weeks now even before the public beta. I must admit that so far I've only activated on my personal accounts [I'm still on medical leave and can only run it on the remote connection if I choose to enable it on the company Exchange solution] and I am finding it a good helpful utility.

Xobni is an Outlook plug-in that claims to be able to help you organize, search and navigate your e-mail and other outlook content in an easier way; more info. I've even seen some commentaries calling it a next step in social networking.

After a few weeks of usage, I am starting to find the tool indeed very useful. Some of the features that I am starting to appreciate: is the ability to see the frequency of e-mailing as well as the time statistics [most of e-mail activity is between 10:00-11:30 & around18:00] as it gives me an idea when the best time to contact a person is versus when I might get a reply; the tracking of all conversations stored in the account giving me the ability to quickly locate previous e-mails. The feature that I am starting to find of some interest (but more likely will be better in the work environment) is the contact network feature which gives you a crossed list of other contacts; it is of course limited to what is in the e-mail addresses in your accounts but still interesting.

I would, however, like to see this directly inside gMail and also maybe a Thunderbird plug-in... then I will truly be happy!

Visited the Surgeon Today...

I had an appointment with my surgeon today for a one month after check-up on my ankle area.

Although the swelling is still important everything is on track and mobility in my ankle is better. I must admit that in terms of pain the operation has helped to a certain extent. He has recommended a few more weeks of rest and keeping my ankle on ice (both metaphorically and literally).

I must admit however that I am still feeling a serious amount of discomfort especially if I am on my feet too much or sitting without the leg stretched. Don't even get me started on sleeping - my family Doctor has given me sleeping & anti-stress pills - yep its that troublesome!

So more time for some gaming, maybe I'll be able to get through CoD4 & Bioshock.

What Tech This Month?

No tech purchases last month mostly cause we had to buy a new oven [you should see the oven, its got a full computer to control cooking!] and eye glasses for the kid & wife.

So time to do some catching up this month as if you remember, I decided this year to buy a tech gadget or game every month. The primary cause being the lack of commitment or want of my wife to quite smoking & I figure if she can «literally» burn @€150/month - I might as well give myself something.

So I have a dilemma this month between the following:

• WiiFit: not sure it will do my diet any but I really like the concept and it looks like a good change of pace;
• Mario Kart Wii;
• A XiNCOM Twin WAN Router: I am looking at this to be able to aggregate/load-balance my two DSL links or I could do this with a cheap PC, 3 network cards and a good linux distro;
• Logitech Squeezebox Duet: The interest here is to be able to stream all my digital music as well as access Internet Radio (French stations bore us, they talk too much and play the same songs every 2 hours). In theory the Squeezebox would allow me to do this directly to my stereo without having to use the computer.

Tough call. I could always but the money aside this month and prepare a small wad of cash to be able to buy some of the possible new Apple products to arrive around WWDC or summer. What do you think?

myPoV: Assassin's Creed

Yesterday evening, I finally finished Assassin's Creed (AC)! Yeah it took me awhile since I got it back in Nov'07, well to be fair I only started playing it about 2 weeks ago (2 to 3 hours a day). I wanted to write up my point of view (PoV) on the game as it has had mixed reviews from the different gaming sites.

In all fairness, I find AC a good play... it's not madly challenging that is true [honestly, I play but I am not a pro] but the game plays really well and keeps you enthralled in the story; seriously I wanted to get through to know the outcome. I enjoyed the game as the difficulty slowly builds up as you progress through an interesting storyline... which I won't reveal for those how've not played. Here are some of the points I found good:

• Storyline is simple but does keep you intrigued & I really want to know what's next; Ubisoft AC2 please ;-)
  
• Graphics are amazing! I was really caught by the visual effects when climbing the minarets & some even gave me the chills
• Combat is good and can be challenging but it never gets impossible [like some certain FPS on hard modes]
  

This game even allowed me to complete almost all the Xbox360 achievements. I am missing 2! the 1st because I didn't know you need to talk to the assistant between each memory slot; the 2nd because my dexterity ain't that great (timed sequence of button pressing).

Follow me on FriendFeed

If you want to follow me on FriendFeed go to http://friendfeed.com/fvter and subscribe.

I have been using this service for a month or so now and I am actually quite satisfied with it. The primary reason is that it provides me with a quick a dirty daily report of all my friend's posting as well as mine. A succinct timeline of what has been going on online...

if you are not aware, FriendFeed brings together about 35 different web sources such as Flickr, blogs, music sites and many other of the social networking stuff.

Ulla's Puppies

My parents have a wired-hair dachshund dog, named Ulla, who gave birth to 6 little puppies last night. 3 males and 3 females, a full litter!

Congratulations Ulla and her parents... ;-)

Pictures here!

Finally Installed the QNAP TS209

Back in February, I bough a QNAP TS209 NAS for my home network while in Houston. Since I came back, I have not had time to sit down buy drives for it (I got 2 1TB Samsung drives for >€400) and install it. I bought the QNAP because it gave me the most options! Seriously, you would be surprised; from backup software to web server to database server to download station to torrent client!

Installation at least for me was quite simple and reminded me to a certain extent of hooking up a small server. This may be a bit of a challenge for everyday user! The drives are hot-pluggable and install on drive bay trays loaded via the front and then covered up with a nice face plate; both drive trays & face plate are held on with thumb screws. This is good in case you need to open the sucker and replace a drive.

The system automatically picks up a DHCP address if you have available but you still need to do the first configuration with desktop client which auto-locates available devices and allows you to set the IP address and other minimal settings. Configuration [selection of pics and screen shots here] then switches to a web browser based interface. The set-up was quite easy and for your average joe there is a wizard type system.

The drives are configurable in RAID or as a whole set. I decided to go for a continuous 2TB drive format instead of RAID to get the most of storage space. I will get an external HD to do backups to; yes, the system supports a plug and backup option via an external drive.

As for the different server options, for the moment, I have only configured:

• the DLNA (Digital Living Network Alliance) with the Twonkyserver so that I can now play videos and music from things like my xBox360;
• the iTunes server for access to all my digital music;
• file server which is accessible from either the windows machines or the MacOS X machines on my network & there is a web version as well
• media server for web sharing of pictures (this will be useful once I get a WiFi enabled digital picture frame)

The next steps will be to look into the web server options and backup options of which the first step will be to hook up to TimeMachine on the Mac.

The device is responding as I wanted, except for one or two important points of which the most important is the lack of a more intelligent BitTorrent client. The download station on the system is in fact quite simple. It is missing a number of things like an RSS reader or a monitor folder option. I now need to figure out a work around to be able to get the system to auto-download bittorrents! Might need to do some fancy scripting.

I posted some of my wish list on the qnap forum.

Tibet, China & the Olympics [fvter.Rant]

I don't like to rant much on politics, but the recent world-wide noise about the upcoming Olympic games, Tibet and China has shaken my neurons a bit! Let's face it the issue is not that the athletes should boycott the games but more on how does the world protest strongly enough to make their disagreement known. Here are my thoughts! Let's get the audience to boycott watching the games and hit them where it hurts... the money through the publicity and sponsorships! The expected outcome is that hundreds of millions of viewers will watch the games and be attracted by the pitches from the sponsors; however and if only 10% of that viewership actually occurs than it will make the games a disaster and hurt both the CIO and China more!

Anti-fraude ou Fraude des Méthodes Peu Secure

sorry this post is in French as it concerns something that happened to me here in France. I'll post a quick translation in the comments.
-------
J’ai récemment été identifié par le système de FAI-NET pour une vérification ou contrôle, on va dire, d’identité bancaire. La société FAI-Net fournit un service de tiers de confiance a fin de sécurisé les achats sur Internet à la fois pour le commerçant et pour l’acheteur.
Donc en effet suite à un achat sur le site grosbill.com, j’ai reçu un e-mail de la part de FIA-NET me demandant de valider mon achat. C’est à ce moment que je commence à avoir des problèmes ! En lisant le message la première fois, j’étais très sceptique et je pensais que c’était un e-mail de type «phishing scam». D’autant plus que le même message m’a été renvoyé à renvoyer à plusieurs reprise.
En effet, ma casquette d’architecte sécurité en informatique a pris le dessus ! Le problème ? Eh bien l’e-mail en question avait plein d’inconsistance et avait les éléments douteux suivant :

• L’e-mail est émis par une adresse en fia-net.fr mais leur site et les conditions de vente sont tous attribuées à fia-net.com - dont on peut questionner la validité de l’émission de l’e-mail ;
• L’e-mail n’est pas certifié, c.a.d il n’y a aucune sécurité associé à cet e-mail, ce qui est important pour un e-mail demandant vos informations bancaire – de nos jours il n’est pas difficile d’envoyer un e-mail au moins signé !
• Ils disent avoir essayé de m’appeler par téléphone pour valider la commande – je n’ai jamais reçu d’appel téléphonique de leur part au moins pas sur les numéros inscrite dans ma commande sur grosbill.com ;
• L’e-mail me demande d’envoyer une copie de ma carte d’identité et mon RIB – attention ! il n’y aucun garantie que l’e-mail va vraiment à FIA-NET ou que l’e-mail ne sera pas intercepté ! Vous imaginez ce qui pourrait ce passez si …

J’ai donc décidé de faire connaître ma pensé sur cet e-mail et ma désapprobation de la méthode à FIA-NET. J’ai donc visité leur site. À fin de pouvoir communiquer avec FIA-NET, il faut d’abord s’inscrire. Et paf encore un problème : Après inscription, FIA-NET vous renvoie par e-mail votre nom d’utilisateur et puis votre mot-de-passe en clair ! Je dits NON ! Ce ne sont pas des pratiques dignes de nos jours avec touts les problèmes de sécurité associé à des pratiques telles que celles-ci !
Pour une société qui agit en temps que tiers de confiance et qui lutte contre la fraude sur Internet, il y a un sérieux manque de protocole et de sécurisation de leur méthodologies ! C’est tous que j’ai à dire !
J’ai finalement envoyé mes informations en PDF sécurisé (non copiable et non imprimable) avec les informations (signature, etc) importantes sécurisé par des dégradations d’image et watermarking. Ce qui m'a valu de recevoir mon achat avec une semaine de retard! Quel bordel...

Most Interesting Operation Yet!

Yesterday, Thursday 3rd April, was my operation day. I have been back in the hospital since Wednesday to have the hardware, that was put in Dec.06, removed from my left ankle area. The operation in itself turned out to be one of the coolest I have had in a long while. Note that this is my 10th or so operation on my left leg.

The operation started with a local anesthesia. I thought that like previous times, it would be an epidural too numb the lower half of my body. It was in fact a left leg nerve block. Nerve blocks are strange. They start by sticking an electrified needle into the main nerves in your backside and then upper calf. At that moment your leg starts to twitch and move by itself - a strange feeling- which is followed by the injection of the anesthetic. Your leg then slowly starts to become numb... you know that pins and needles feeling you get if you sit on your arm for a long time. They started operating when I could basically no longer move my leg as it felt like a ton of gold bars and I could no longer feel any sense of temperature (those where the tests they carried out to see if it was ready).

The surgeon then began to operate! I felt, smelt and heard everything that was going on! The nerve block in fact only kills the pain sensor...you still feel and touch, etc. I won't recount the whole operation as it was a long 2.5 hours but here are some of the highlights:

• They used a laser scalp to cut through the flesh - smelt the searing meat


• To remove the screws and plate, they had to chisel away and use a hammer to pry the screws loose


• They scrapped away some set-in arthritis and irrigated my ankle

The advantage of having had the operation this way was less down time as you don't suffer the secondary effects of the anesthetics from a GA.

Off to the Hospital

For those following my blog, you may remember that back in December 2006 I broke my left leg. Tomorrow I go back to the Hospital, to be precise the C.H.U Henri Mondor in Creteil.

My angle is still swollen and I am still in pain. The Doctor said that it might be a good idea to remove the screws and plate. He thinks that it will reduce my pain but it in most likelihood would not completely alleviate it. So as I said it is time to go back to the hospital and on thursday the doctor will take out the metal and wash out (irrigate) my angle (to reduce any arthritis that may be settling in).

I will keep you informed...

Moving to Geotagging & Auto-Publishing Flickr to Blog

Being on vacation this week in a very nice part of France (Savoie and the Tarentaise to be precise), I decided to delve a little deeper into geotagging my moblog photos. This is in fact very simple with the HTC P3600(Trinity) as the built-in camera can link itself to the GPS module effectively putting the exact GPS location information in the EXIF data of the photo.
My initial problem was trying to figure out how to get Flickr to auto-process this information and map the photos directly (with-out it, you need to manually place them on the map and of course the Flickr map interface doesn't search GPS coordinates... bahhhhh). This is possible through an option in the «Privacy & Permissions» section of Your Account. The results are available on my Flickr page or through this geoTag Flickr feed.
I also decided to see what would happen with the direct to blog option that is provided in the extend Flickr options. So expect to see some moblog entries here soon.
So what's next! Well as I use Shozu for uploading my photos from the mobile device, I want to see if I can play with more intelligent tagging before it ends up in Flickr.
I am also considering joining Twitxr which seems to be some form of geotagged moblog network...

HD-DVD is dead, yeah so...

So the news is out, Toshiba finally dropped out of the HD video disc format race... Of course the downfall which started at CES 2008, was exactly 2 days after I received my HD-DVD player for the X-Box360! [ed: just to add to my crappy year 2007...]
This is actually quite upsetting as IMHO the HD-DVD format was way more interesting than the Blu-Ray solution. Here are my 3 top rants regarding this subject:

• For one thing, HD-DVD were not region encoded which is a big plus (while Blu-Ray is)! I am so tired of not being able to buy the version (especially considering language) of the movies I want to add to my library!
• No competitors means that the technology rights will remain high & costly (Sony has to make back the money they spent buying the studios to jump onboard Blu-Ray somehow) which converts into a user expensive experience...
• Blu-Ray will only be really good once 2.0 and greater players start to come-out for the online updates and content additions!

Will I buy a Blu-Ray player, maybe once the prices come down and 2.0 players are more readily available... By that time, I may not need to! I am also tending to see (especially in France where high-speed broadband is readily available) that more and more HD content will more likely come from direct downloads or IPTV solutions!
At the end of the day, I don't regret my purchase and I will try to collect as many good HD-DVDs I can before they disappear...

HTC UMPC

The French distributor of HTC, Brightstore, was present at MS TechDays 2008. One of the devices presented was the UMPC. I won't discuss the UI as this is pretty standard as they are all based on Vista.
The hardware however is one of the best I have seen in this category. The overall frame is slightly bigger than the screen and has a nice rubbed plastic grip feel (easy to hold & feels right). The 7" screen is a good size, full tactil and good on the eyes. Keyboard is a slide under like the TyTN2 and it provides a full keyboard the length & width of the device. Best part however is the good tactile respons it provides.
This is definitely the best UMPC out there (I have tested the Samsung & Toshiba) so far!

gMail IMAP Weirdness

The other day after logging onto one of my gMail accounts via the IMAPS protocol, I noticed something strange in the folder hierarchy. A bin directory has appeared in the [Google Mail] folder hierarchy. Why is this significant? Well it highlights the fact that the IMAP solution they are using is in most likelihood a unix based platform. And it potentially also highlights a configuration error.

If it is a configuration error, the worry will be that a potential hole exists in the security and the system could eventually be hacked...

Apple! Oh How Ye Doth Disappoint...

The title says it all... I am currently in Houston, TX and as previously posted was thinking about buying a new MacBook even possibly the Air. The reason behind this is that one of my home laptops is dying its slow death!

Now, I visited the Apple store yesterday and decided to give the Air a rundown and I also took the opportunity to play some more with the iPod Touch and iPhone. Now I left the story disappointed and still hesitant (even more so when you see rumor articles like this) which is kind of a shame considering Apple's innovative approach and track history. Here is my problem, within a small 30minute period, I managed to find quirks and interface issues in all the new products.

First on the Air: I tried to use the multi-touch trackpad (which is only activated when you hold a key down) and found that in fact the applications don't respond very well. I couldn't even get it to work in iPhoto. When I did manage to get it to work, the zoom pinch function to reduce (after I had enlarged) was impossible to get working! I just could not reshrink the image. Could it be my fingers, maybe but...

Second on the Air: I heard some of the reports concerning the slow speeds but was thinking maybe it was just the reviewers. In the store, the Air was side by side with a pretty standard Macbook. I rebooted both at the same time... and the Macbook was up and running at the same-time if not faster than the Air! Ouch I was also very surprised that after only a few days of exposure, the unit was already showing signs of scratching and wear on the alu frame...

Third concerning the Touch & iPhone, I won't go back on some of previous comments regarding the missing features in some applications (like video, mms support, etc). To start, the display units are used by many people so they get quite dirty, believe it or not this makes it quite hard to get the multi-touch interface to respond properly. Your probably thinking, yeah so, a single person wouldn't dirt it up that much! But are you sure... my feeling on display units is that the passage of many people gives you a good impression of how resistant the device will be to prolonged usage and wear and tear.

Then I was playing with basic features like the music player and video player. During that time I also switched out to Home interface (tried to be a normal user). Then I ran into a problem, the audio got really loud (I think the following song was boosted)... It is there that I struggled, I couldn't for the world of me get a quick access to the audio controls and even in the player interface I struggled!

Believe it or not I left the store really stunned, in shock! Not the feeling I would have expected from visiting the Apple store hence my disappointment. I am still considering getting the iPod Touch though...

Kerviel/Societe Generale & Information Security & Insider Threat

The story of Jerome Kerviel and the Société Générale bank has made a lot of news in the past couple of weeks. Outside of the €4.9billion in losses, I was wondering if you were aware that the story has an information security twist.
So Kerviel was official charge this weekend and you may or may not be aware but he was charged on one interesting point: «introduction dans un système de traitement automatisé de données» which very basically translates to «hacking into a computer system».
In the story there are different things going on including whether or not the boss were aware of the situation and whether or not he did this himself. What has been quickly passed over in this story because of the large sums, are the following facts that as IT/IS security professional make me shiver:

• Kerviel was original hired in the back-office of the bank to do data process and in all probability was able to gain complete knowledge on how and what information is stored and processed concerning the validation of transactions
• He progressed in his job profile to a trader but the question is was his privileges to the systems revoked or changed to reflect his new profile?
• How did he hide all these transactions, the current assumption is that he used his knowledge of the systems to do this and seems to be corroborated with his statements to police!

What I find interesting is that this hacking charge reveals something that as security professionals, we all talk about but many business just do not know how to properly address from policies to procedures and how to protect the issue of Information Security as well as the Insider Threat.

There is a good article in the French newspaper "Le Monde" about the current situation from the 29th of January 2008 after his audience with the police - only in French (sorry). The article in fact quotes bits and pieces of the statement he made to the French police. One paragraph in particular relates to one of the methods that he used to obscure his fraudulent activities:

« J'ai alors fourni de faux justificatifs de saisie sur ces opérations, à savoir de faux mails. J'ai réalisé un faux mail en utilisant les possibilités qui me sont offertes par notre messagerie interne, à savoir une fonction qui me permet de réutiliser l'en-tête d'un mail qui m'est expédié en changeant le contenu du texte qui m'est envoyé. Il me suffisait alors de taper le texte que je souhaitais et le mail avait toute l'apparence d'un document original. »

Roughly translated, “At that point, I provided false reports and justifications on those financial operations, i.e. forged emails. I constructed a forged email by using features of our internal email system. It is indeed possible to re-use the header of an email I have received while changing the body. Then, I just had to type the body of the email I actually wanted and the email looked like a perfectly genuine one.”

Now as long as most e-mail correspondence between parties continues to remain in a non digitally signed manner, it is indeed trivial to alter its content before forwarding it - or even come up with a fake one from scratch.

This shows some of the flaws that continue to be present and visible in the lack of information security how many authentication and authorization processes are obviously flawed in their implementations and aren't necessarily used for information protection.

Business are still very much in the dark on what type of information security they need to implement. This situation proves that companies are still in the dark on how to ensure the basic Ws over their information: Who, What, Why and When! Essentially being able to understand the actions, manipulations and access of critical or important information! Kind of shows that the weakest link for indepth security continues to be the protection of the information!

Update 31-Jan: Another article on the hacking: French trader accused of hacking.

2Buy | !(2Buy)

So, I am off to Houston(TX) next week and building a small shopping list. With the current Euro USD exchange rate might be worthwhile, but I will of course still compare before purchasing. The list of stuff right now stands at:

• MacBook or MacBook Air or MacBook Pro - not sure which to get still under serious consideration...
• DVR (digital video recorder) Camera, current suggestions are: ????
  
• A new Canon Powershot SD950IS, SD870IS or SD1100IS - probably depending on price vs. features
• There was something else but I forget...

So I am open to suggestions, hints and whatever your thoughts might be on this list... BTW, I already ordered a nice QNAP TS-209 NAS server!

Translation: To Buy or Not To Buy... ;-P

Now on IPv6...

One of my two ISPs (Free to be precise), recently started deploying IPv6 on its ADSL network. They recently enabled it in my area and I quickly jumped on the bandwagon.
I am now an IPv6 enable network, LOL! My address if your interested:

IP Address. . . . . . . . . . . . : 2a01:5d8:52e3:2b9d:e4ec:5a32:1c02:f9f2
IP Address. . . . . . . . . . . . : 2a01:5d8:52e3:2b9d:214:2aff:fe68:9181

And just to ensure you that these are real IPv6 address, this is the RIPE entry for the 2a01:5d8 subnet:

% Information related to '2a01:5d8::/32'   

inet6num:        2a01:5d8::/32
netname:         FR-PROXAD-20071108
descr:           Proxad, Internet Service Provider in France
country:         FR
org:             ORG-PISP1-RIPE
admin-c:         ACP23-RIPE
tech-c:          TCP8-RIPE
status:          ALLOCATED-BY-RIR
mnt-by:          RIPE-NCC-HM-MNT
mnt-lower:       PROXAD-MNT
mnt-routes:      PROXAD-MNT
source:          RIPE # Filtered

organisation:    ORG-PISP1-RIPE
org-name:        Proxad, Internet Service Provider in France
org-type:        LIR
address:         Free SAS

EeePC HSPDA Bundle for €199

Well it seems that the mobile operator I use here in France (SFR) is having a special deal to purchase the EeePC with an inclusive unlimited 3G+ account, see this Register HW post.

As tempting as it might seem, I have a number of qualms:

• It doesn't have integrated HSPDA (3G+), in fact the support for HSPDA is provided by an external USB key;
• It's actually a rebate if you agree to sign-up for a one or two year contract (see next);
• (see previous) I already have 3 SFR accounts in various forms... I would prefer to just upgrade one to the new contract;
• Finally, It's still not clear what they mean by unlimited 3G+ access (the terms and conditions on data download are sketchy - at least IMHO).

Anyway its not really an issue, they apparently are already sold out!

IR DoS: Wake Up!

A lot of virtual ink has flowed on the confession from Gizmodo regarding the stunt they pulled with TV-B-Gone utility with most of the articles appearing recently describing from unprofessional to a crime. Now before I continue, I would like to make a small disclaimer: «I don't condone what happened, don't approve it and certainly would not recommend this be done».

What Gizmodo pulled demonstrates a very basic DoS (denial of service) attack. The DoS is achievable because of the ease in which it is possible to obtain the right control codes. The prime issues are based on the fact that most of these systems work with «open» and well documented standards (e.g. many manufactures always use the same code for turning off their devices thus a controller from one manufacturer is able to turn off different devices from that same manufacturer) as well as a primal flaw in wireless communications protocols security. TV-B-Gone like a universal remote works on the premise that it is easy to learn, store and replay the remote controls IR sequences. These sequences are equal to the codes that control the target device.

So where is the problem: The receiving device does not validate the issuer... The receiver in fact is an open listen mode thus any IR sequence that is correctly formatted and contains the right code will active the associated command. There is in fact no handshaking or confirmation between the receiver and the emitter.

In their DoS Attack, Gizmodo demonstrated that this one way command issuance process is in fact a big security flaw and could be avoided by not using such an open unidirectional protocol. Manufacturer could in fact avoid openness through simple methods such as encrypting the protocol, using a handshake protocol, using a knocking protocol or some other form of authentication between the transmitter and the receiver.

Unfortunately this then becomes a debate between security, complexity, cost to produce and return on investment. This attack may actually wake manufacturers up and decide to actually address this flaw! To demonstrate how serious this can eventually get, it appears a kid in Poland managed to crash the trams with an IR hack.

Europe-Wide Online Content

Apple recently announced that it had settled with the EU commission regarding the pricing difference between it's iTunes UK store and the rest of Europe (Yahoo News Article). The EU is now looking at trying to enforce a European wide online-content model. This is a good thing for the users/customers despite what some people seem to think and are writing about (see this TechDirt post). Alot of this discussion rants around what business is allowed to do or wants to do! I say horse-manure... Business is trying to protect its single local market business model, trying to avoid having to negotiate regional/global business models to make this possible. There is no financial reason/restriction stopping business in one EU country to sell to a customer in another (or the world for that matter). This is the premise of the common market model! [Note: ok I over simplify but you know what I mean...]

Despite what some have been saying it is my opinion that Europeans are in fact enlightened and want to be able to purchase and access content from their neighbors (i.e. other countries in the EU). People are interested in seeing/listening to content from their neighbors... I know of a lot of people from France, Spain, Germany and Sweden for example that want access to British music and TV shows and because it is not available through official means, they obtain them through less than correct ways.

Or take some one like me or some of my colleagues who are international and have worked/lived in and out of these different EU countries... We would like to be able to have access to the content we grew up with and love!

I really don't see why these business don't want to do this.. it would provide them with a much large market for the content!