I've been slacking too much on this but I finally devoted some time to publish some of the pictures we took during our trip to Barcelona in May 2006.

Barcelona is a gorgeous city. I think I fell in love with it and I am looking forward to visit it again. Next year hopefully...

[Funk] Qu'est-ce Qu'on En Fait ?, Sinclair
From the album Morphologique



The French prince of Funk is back at it! Since I included one of his songs in Wonderful Songs Aug'05, he has released a new album, Morphologique (French for Morphological), a few months ago. I really like his Music and this album is on a par with his talent. Qu'est Ce Qu'on En Fait ? is the most Funky song of the lot and Sinclair is very good in this register. He has an incredible sense of Groove and rhythm. And I also enjoy his voice. The album also features nice Pop songs.

Please give it a try.

Meta information:

• Rating: 4/5
  
• Label: Editions xtrasoul (self-produced)
  
• Release year: 2006
  
• Related Artists: -M-, Ben Ricour
  

Extra links :

• Artist's Website (contains sample music. Click on "L'album")
  

I wish you a merry Christmas full of happiness, joy and every good thing your heart may desire! And please, remember... "He Who Relieves The Poor Makes Ahura King"

[Jazz] Look The Lobis, Romano, Sclavis, Texier, Le Querrec
From the album African Flashback.


African Flashback is one of my favorite Jazz albums. Featuring Aldo Romano on drums, Louis Sclavis on clarinet, and Henri Texier on bass, it is the third and last album of this amazing European Jazz trio. The idea behind this trio was initiated in 1990 by Guy Le Querrec, a renowned French photographer. who went touring Central Africa for three weeks. They had been so enthralled by this experience that they decided to make Carnet de Routes in 1995. Featuring original compositions from each artist and about 50 photos of the trips, this first album met incredible success. In 1998, the four friends decided to go back to Africa. This time, they visited South and East Africa. As a result, a second album, Suite Africaine, was made. It also met great success. And I really love those two albums.



Later on, Le Querrec was asked to choose from the thousands of unreleased pictures he brought back from Africa and to give his selection to the musicians who would imagine stories behind these pictures that they will tell the listeners in Music. Released in 2005, African Flashback is the result of this work and it is simply superb! There's no other word to describe this jewel. The CD comes with an impressive booklet containing Le Querrec's selected pictures. It was very had to select one of the songs as I really love all of them (except Surreal Politik that isn't to my taste at all). After listening over and over to this masterpiece, I decided to give my preference to Look The Lobis for the incredible Bass play donned by Henri Texier and the very distinct Rock tone of the song.

I am very grateful to these musicians and all the other artists that create such amazing Art. I can't imagine how we could live without Music.

Meta information:

• Rating: 5/5
  
• Label: Label Bleu
  
• Release year: 2005
  

Extra links :

• Look The Lobis sample (30 seconds in Real Audio)
  

I've been to the groupe SUR monthly meeting in Paris (which I co-supervise with Hervé Schauer) this afternoon. As usual, there were two talks. While I gave the second talk with my friend Guillaume Arcas on Metasploit (the slides, in French, are online), the first was given by Marty Roesch, creator of Snort and founder of Sourcefire. The topic of his talk was The History and Future of Snort.

Marty started with the history of Snort. How it all started back in 1998 as an OSS pet project of his, how Snort gained momentum, how he started developing full-time and founded Sourcefire. I started playing with Snort on and off since version 1.5 and this part of the talk was quite nice. It helped understand how Snort got where it is now with version 2.6.1.2. But things started getting much interesting when Marty started speaking about the future of Snort and what features might be integrated in Snort 3.0, the next major version of this popular NIDS:

• Auto-tuning
  
• Auto anti-evasion (for layers 3 &4)
  
• Auto-prioritization of events
  
• No stopping to change configuration
  
• Taking advantage of multi-core processors
  

The three first features (auto-tuning, auto anti-evasion, and auto-prioritization) revolve around the same concept, called target-aware processing. Basically, if the NIDS can have confidence in what the attacked endpoint is (operating system, targeted application ...), it will be able to:

• Feed just the right policies (sets of detection rules) to the detection engine, thus eliminating unnecessary and often painful tuning (which is seldom done if any) and achieving the auto-tuning goal. Note that this is different from the current RNA (Real-time Network Awareness) product sold by Sourcefire. The detection engine in Snort 2.x is not aware of the RNA and all the intelligence (that is, the correlation of the NIDS and the RNA data) is done on the Defense Center, the central management software sold by Sourcefire.
  
• Model the target in such a way that the NIDS knows how to reassemble TCP packets or defragment IP packets and mimic the target. Marty said that evasion is a big issue and a very hard problem to solve. At least with knowledge gained on the target, Snort could become harder to evade in layers 3 & 4.
  
• Auto-prioritize events given knowledge on the target. Again, this is not RNA. The knowledge is gained somehow and fed right into the sensor so that when it sees an attack and it knows that the target might be vulnerable to it, it helps the analyst by giving that attack a higher priority that should be acted upon right away.
  

The fourth feature deals with the current necessity to stop Snort for changing the configuration. In Snort 3.0, you wouldn't need to stop the detection engine and lose context while doing so through the use of threads and data sources. A data source will implement data acquisition and decoding before handing the network data to the detection engine through an API which is implemented as a thread. If we need to change configuration, we would create a new thread and migrate the data source to it without context loss. As a beneficial side effect, it would be possible to have fail-over and load balancing between detection engines. A Snort daemon will be used as an interface between the administrator (who issues commands through a Cisco-like "shell" implemented in Lua) and the detection engine.

As for the fifth and last feature, Snort doesn't support currently the multi-core architecture of modern x86/x64 processors and Snort 3.0 needs to solve this.

All in all, it was a very interesting talk. Marty concluded by saying that many of these new features (such as threads and data sources) have been implemented in prototypes or are in the design phase. Since Snort 3.0 represents such a drastic change from the current Snort version, Sourcefire will be releasing subsystem alphas to the community for testing.

Edited to Add (20061213): On a side note, Guillaume Arcas and I will be giving a talk (in French) about the Bro IDS during the next groupe SUR monthly meeting (2007.01.16). Feel free to show up. Attendance is free. And we are also looking for a second talk for this meeting. If you are interested, drop me an email.

Edited to Add (20061218): According to Ureleet, IPv6 decoding will be native in Snort 3.0. Thanks for the update.

Les slides de la présentation Metasploit pour tous ou presque... effectuée cet après-midi dans le cadre de la réunion du groupe SUR (OSSIR), en collaboration avec Guillaume Arcas, sont disponibles au format PDF.

Guillaume Arcas, ami de longue date et consultant sécurité indépendant va effectuer avec moi une présentation intituée Metasploit pour tous ou presque... dans le cadre de la réunion du groupe SUR prévue demain mardi 12 décembre 2006 à partir de 14h00 à l'adresse suivante :

ENSAM (Ecole Nationale Supérieure des Arts et Métiers)
Salle L4/L5
151 Boulevard de l'Hôpital, 75013 Paris.
Métro : Place d'Italie (lignes 6 & 7) ou Campo Fermio (ligne 5).

Notre présentation débutera après la présentation de Marty Roesch, créateur de Snort et fondateur de Sourcefire, qui aura pour sujet Snort 3.x, la prochaine version de cet IDS.

L'objectif que nous recherchons à travers notre présentation est de sensibiliser le public du groupe SUR aux frameworks d'exploit et en particulier à Metasploit, démonstration à l'appui. Le sujet est abordé sous l'angle de l'administrateur sécurité désireux de tester la sécurité du S.I. sous sa responsabilité.

Les slides de la présentation seront mis à disposition après la réunion sur http://saad.docisland.org/docs/.

Je vous rappelle que la participation aux réunions de l'OSSIR est libre et gratuite.

Back in the nineties, I used the Koss PortaPro headphones my brother Aziz brought back with him from the U.S. when he visited the family in Morocco (that was in the summer of 1991 brother?), I started to be more stringent about the quality of headphones and earphones in general. At that time, as a student all what I was able to get was some open Sony headphones. While they didn't sound great in comparison to the Koss Porta Pro, they were better than the crap vendors keep bundling with their portable audio systems. The Sony headphones served me well during many years and I even brought them with me to France in 1997. With some of the money I earned in my student job, I got a closed Sennheiser model. While they sounded pretty good, they were pretty heavy to wear and I usually used them before going to sleep or when I was studying at the library.

Things started to get interesting when I got my first real job. I bought the Koss PortaPro and I was very satisfied with them for quite a few years. But as you nurture your mind with reading and mental exercing, you also nurture your ears with great Music. Mine became a bit discomforted with the bass-boosting Porta Pro. Moreover, since they were an open model, they weren't good at isolating external noise that prevented me from listening to Music in good conditions while commuting. The Paris metro and RER are extremely noisy. And inconsciously, I was raising the volume to compensate for the noise. I was damaging my ears. It was time to look for something else. Closed models are great but they aren't good for commuting. And I had troubles with earphones. The models I have tried wouldn't fit my ears correctly. And then Aziz told me about how nice the Sony Fontopia MDR-EX51LP earphones were. I decided to try them and indeed, they were nice. Moreover, their soft silicon earbuds fit perfectly in my ears. That was in 2001.

Last year, when I went to the U.S. visiting Aziz and Mom, I read about the Shure E3C earphones on C|Net. They are quite pricey but I decided to get them anyway. They produce an awesome and crystal-clear sound. I am totally hooked. I use them for commuting and while at home before going to sleep with the foams which isolate superbly well from the external noise. At work, I use the PortaPro to be able to hear when people call me. Since then, Laurent (a coworker and friend of mine) bought a unit too and he feels the same about their quality. Mitch and Régis, two other coworkers and friends got the Shure E2C model and they told me that the noise isolating capability of these earphones also changed their life and gave them a new perspective of their musical experience as listeners. The E2C are less expensive than the E3C but I can't tell you which one to get. You will have to let your ears decide ;-)

[World] Tunga, Mamadou Diabaté
From the album Tunga. Available from eMusic



Tunga is the reason why I decided to post something about the Kora yesterday. Mamadou Diabaté plays this complex instrument masterfully. No doubt about that. I feel like crying out of joy when hearing this heavenly piece of Music. Truth is sometimes I do cry to let lose the emotions that are created by the beauty of Music. There are bad songs, average songs, good songs and songs that are so good that sometimes I have a hard time believing that a human just like you and me is capable of creating. Mamadou is one of those. And Tunga makes my eyes full of tears. To appreciate this kind (or any other) of Music, you need to be in a quiet environment or work around the ambient noise that besieges us with a very good, sound isolating, headphones. And then you are ready for a wonderful travel into the land of pure, great emotions.

When I first began to listen to songs featuring the Kora, I believed that in many songs there were two Kora players. But it was a mistake. With its 21+ strings, the Kora is capable of creating a wide range of sounds that give you the impression that there are two instruments being played. In fact, the player uses his right hand for accompaniment. I discovered that about 10 months ago when I bought Boulevard De l'Indépendance by Toumani Diabaté which featured a video sequence in which Toumani gives some hints about how wonderful the Kora is. Then I saw the guy playing live at Cabaret Sauvage and I was taken aback by the sounds that can be produced by a single Kora.

Meta information:

• Rating: 5/5
  
• Label: Alula Records
  
• Release year: 2000
  
• Related Artists: Ablaye Cissoko, Toumani Diabaté, Ballaké Sissoko, Kaouding Cissoko
  

Extra links :

• Artist Information
  

If you'd ask about my favorite musical instrument (as a listener), I will tell you with no hesitation at all: Kora. The Kora is an african instrument that can be likened to a harp and a lute combination. It produces a beautiful, heavenly sound that reaches very deep into my soul.



It is one of the most complex instruments of Africa. Played in the westernmost part of Africa in Senegal, Sierra Leone, Mali, Gambia, Guinea and Burkina Faso, it is crafted of half of a gourd calabash with the addition of a hardwood post that runs through it. 21 to 25 strings are attached to the post. A cowhide covers the open side of the half calabash and then it is left to dry in the Sun to hold the handposts in place. Crafting a Kora is very hard. It also takes a lot of practice to play right.

There are some amazing Kora players out there, among which I can cite : Ablaye Cissoko, Toumani Diabaté (considered to be the King of Kora), Kaouding Cissoko (may he rest in peace), Ballake Sissoko, and Mamadou Diabaté. I invite you to listen to some of their records and hear for yourself this amazing instrument. Some suggestions:

• Boulevard De L'indépendance, Toumani Diabate (you can listen to a few excerpts on World Circuit website)
  
• In The Heart Of The Moon, Ali Farka Touré with Toumani Diabaté (you can listen to a few excerpts on World Circuit website)
  
• Le Griot Rouge, Ablaye Cissoko (go to http://www.caplaser.fr/ma%2Dcase/fr/arti.html and click on "écouter un extrait..." under the artist's picture)
  
• Kora Revolution, Kaouding Cissoko (available from eMusic)
  
• Tomora, Ballaké Sissoko
  
• Tunga, Mamadou Diabaté (available from eMusic)
  
• New Ancient Strings, Toumani Diabaté and Ballaké Sissoko
  

Finally, DocIsland counts now 11 members with the addition of Gabriel Merlet (a.k.a. gab) who joined our small group about one week ago. It is always interesting to have fresh blood added to the team. Moreover, gab looks really like an interesting guy (Hey! He enjoys Jazz and Funk music among many other genres). We took some pictures (pretty bad quality though since they were taken with a phone builtin camera) during the dinner we had with gab.

If you are curious about how would one join DocIsland, the first thing you need to know about is What Is DocIsland? A new member needs necessarily to know one or more existing members, and know them pretty well. Then one of those DocIsland members will make arrangements to suggest the addition of that person to the team. Then we set up a meeting to see if we get along with that person. The meeting is informal of course. It is held around a dining table in one of the many excellent Paris restaurants we know of such as Galopins Nation. Then we vote. And that's it.

What the advantages of joining DocIsland you might ask besides sharing pretty regularly nice drinks and food and having lots of geeky fun? Well you get free access to the DocIsland infrastructure which offers mail, Web hosting, DNS hosting, shell accounts, storage space, backup and other nice services, all backed with a pretty nice bandwidth. Moreover, you can also take part in our internal discussions and idea sharing about differing miscellaneous subjects such as Music (you would expect that if you are following this blog), I.T. (with a focus on Computer Security and Open Source software).