visitor maps

Translation-Traduction

Tuesday, December 11, 2007

Sécurité 2007


Preatoni suspecté d'espionnage:

Figure du monde de la sécurité, Roberto Preatoni, a été arrêté par la police dans le cadre d'une enquête sur une affaire d'espionnage. D'après les médias italiens, il lui est reproché des accès non-autorisés à des systèmes informatiques et des écoutes illégales.
Roberto Preatoni est le fondateur d'un site d'enchères sur lequel se monnaye des failles de sécurité : WabiSabiLabi. Mais si cette place de marché a été vivement critiquée, les faits reprochés à l'expert sont antérieur à sa création. En outre, il reste présumé innocent..


Gouvernator confronté aux virus:
Un site gouvernemental californien a été utilisé pour rediriger les internautes vers un site pirate sur lequel un ActiveX ou un faux codec était employé pour installer le cheval de Troie Zolob ou un prétendu antispyware.
Pour l'état de Californie, il ne s'agit toutefois pas d'une première. En octobre dernier, les sites Web gouvernementaux et de messagerie avaient dû être déconnectés suite au piratage d'un site, exploité ensuite pour diffuser des contenus pornographiques.


Excuses d'état pour un défaut de chiffrement:

25 millions de personnes concernées : la perte de fichiers informatiques contenant notamment des coordonnées bancaires a contraint le premier ministre britannique Gordon Brown à présenter des excuses.
Ces informations, plutôt que de suivre le circuit sécurisé habituel ont été acheminées par un transporteur routier classique… et égarées. Les CDroms n'étaient protégés que par un simple mot de passe. L'opposition conservatrice parle déjà de discogate.


Une Playstation pour casser du mot de passe:
Une console de jeux dans les mains d'un expert en sécurité permet de jouer autrement, comme par exemple jouer à casser des mots de passe. Nick Breese, néo-zélandais et possesseur d'une Playstation 3 s'est livré à quelques expériences.
La puissance de calcul de l'engin lui permettrait de venir à bout, par force brute, de mots de passe bien plus rapidement qu'en utilisant une carte graphique de PC, méthode également employée. L'explication : sa rapidité de calcul en principe utilisée pour modéliser des environnements 3D.


Porte dérobée ou paranoïa aigue ?

Deux cryptanalistes ont donné de la voix : Adi Shamir, un père de l'algorithme RSA et Bruce Schneier, un expert du chiffrement. Tous deux voient un risque d'introduction de portes de dérobée pour contourner le chiffrement.
Adi Shamir, via des erreurs, qui pourraient être volontaires, dans les processeurs de PC permettant de récupérer une clef privée. Bruce Schneier soupçonne les services de surveillance américains, la NSA, d'avoir glissé une backdoor dans un standard du NIST. Un vrai climat de confiance.


Les antivirus se font taper sur les doigts :


En première ligne, les antivirus seraient aussi fiables que la ligne Maginot. Thierry Zoller, déjà reconnu pour avoir démontrer les failles des antivirus face aux fichiers compressés, signe une nouvelle enquête critique. A vouloir en faire trop (de multiples protocoles à lorgner), ces logiciels finiraient par mal travailler.
Associer plusieurs antivirus différents n'est pas une solution, bien au contraire. Cela ne fait qu'additionner les bugs et donc accroître la vulnérabilité. Fin commercial, Zoller présentera bientôt ParsingSafe pour protéger ces logiciels. Ouf.


Et de deux pour Monster.com:


Nouveaux déboires pour le site d'emploi qui a essuyé une seconde attaque, moins critique toutefois que celle d'août dernier et qui avait exposé les informations personnelles de 1,3 million de membres inscrits. C'est cette fois une attaque iFrame qui a été appliquée.
Des pages vulnérables ont ainsi été utilisées pour insérer du code redirigeant les internautes vers des serveurs hébergeant des programmes malveillants. Ce jour-là, il ne faisait pas bon postuler chez Toyota Financial.


Gare aux bases de données :


La marotte du chercheur David Litchfield, c'est les bases de données, et plus particulièrement leur sécurité. Après avoir chatouillé plus d'un million d'adresses IP sur un port réservé à la base de données (Oracle ou SQL Server), il a eu une épiphanie.
Bilan : 368,000 serveurs de base de données Microsoft SQL Servers étaient accessibles depuis Internet, et 124,000 estampillés Oracle, certains n'étant pas même à l'abri derrière un pare-feu. Un ver lancé sur Internet ferait un carnage prévient Litchfield. Rassurant.


source .JDN 2007 , +mes modifs

Monday, December 10, 2007

AAA AND Network Security for Mobile Access

Preface

In today’s world, where computer viruses and security threats are common themes in
anything from Hollywood movies and TV advertisements to political discussions, it seems
unthinkable to ignore security considerations in the design and implementation of any
network. However, it is only in the past 4–5 years that talkative security experts have been
invited to the design table from the start. The common thinking only 5 years ago was either:
this is somebody else’s problem or let us design the major functionalities first, then bring in a
cryptographer to secure it! This treatment of security as an add-on feature typically led either
to design delays, overheads and extra costs when the “feature” had to be included, or to
ignored security provisioning when the “feature” was not a must. The problem, of course,
stemmed from the fact that security “features” have rarely been revenue-makers. As we all
know, many political, social and economic events in the last half decade have forced the
designers, regulators and businessmen to adjust their attitudes towards security considerations.
People realized that although security measures are not revenue-makers, their lack is
indeed a deal breaker, to say the least, or has catastrophic aftermaths, at worst.
The Internet Engineering Task Force (IETF) has also played an important role in establishing
the aforementioned trend by making a few bold moves. The rejection of some very
high profile specifications due to the lack of proper security considerations was a message to
the industry that security is not to be taken lightly. This was done in a dot.com era where the
Internet and its applications seemed to have no boundaries and security provisioning seemed
to be only a barrier rather than an enabler.
As a result of this trend, the field of network security gained a lot of attention. A profession
that seemed to belong only to a few mathematically blessed brains opened up to a community
of practitioners dealing with a variety of networking and computing applications. Many standards,
such as 802.1X, IPsec and TLS, were developed to apply cryptographic concepts and
algorithms to networking problems. Many books were written on the topics of security and
cryptography, bringing the dark and difficult secrets of fields such as public key cryptography
to a public that typically was far less mathematically savvy than the original inventors.
Many protocols and procedures were designed to realize infrastructures such as PKIs to bring
these difficult concepts to life. Still, cryptographic algorithms or security protocols such as
IPsec are not enough alone to operate a network that needs to generate services and revenues
or to protect its constituency. Access to the network needs to be controlled. Users and devices
need to be authorized for a variety of services and functions and often must pay for their
usage. This is where the AAA protocols came in. In its simpler form a AAA protocol such as
xviii Preface
a base RADIUS protocol only provides authentication-based access control. A few service
types are also included in the authorization signaling. RADIUS was later augmented with
accounting procedures. Diameter as a newer protocol was only standardized less than 2 years ago.
Both RADIUS and Diameter are still evolving at the time of writing. This evolution is to
enable AAA mechanisms and protocols to provide powerful functions to manage many
complicated tasks ranging from what is described above to managing resources and mobility
functions based on a variety of policies. In the near future the networks need to allow the
user through a variety of interfaces, devices and technologies to gain access to the network.
The user will require to be mobile and yet connected. The provision of the connection may
at times have to be aided by third parties. The interaction between AAA and security procedures
with entities providing mobility and roaming capabilities is a very complicated one and
is still not completely understood. Despite this complexity, there seem to be very few books
on the market that discuss more than a single topic (either security, or mobility or wireless
technology). The topic of AAA is largely untouched. Very little text in the way of published
literature is available on AAA protocols, let alone describing the interaction of these
protocols with security, mobility and key management protocols.
The idea for writing this book started from an innocent joke by the IETF operation and
management area director during an IETF lunch break a few years ago. When we asked
about the relations between the use of EAP for authentication and Mobile IP-AAA signaling,
the answer was “Maybe you should write a book about the subject”. Even though this was
considered a joke at a time, as we started to work on deploying AAA infrastructure for
Mobile IP and EAP support, the need for easy-to-understand overview material was felt so
strongly that the joke now sounded like black humor. We had to write a book on AAA as a
community service!
The book is geared towards people who have a basic understanding of Internet Protocol
(IP) and TCP/IP stack layering concepts. Except for the above, most of the other IP-related
concepts are explained in the text. Thus, the book is suitable for managers, engineers,
researchers and students who are interested in the topic of network security and AAA but do
not possess in-depth IP routing and security knowledge. We aimed at providing an overview
of IP mobility (Mobile IP) and security (IPsec) to help the reader who is not familiar with
these concepts so that the rest of the material in the book can be understood. However, the
reader may feel that the material quickly jumps from a simple overview of Mobile IP or IPsec
to sophisticated topics such as bootstrapping for IP mobility or key exchange for IP security.
Our reasoning here was that we felt that there are a number of excellently written books on
the topics of Mobile IP and IPsec, to which the reader may refer, so it would not be fair to fill
this book with redundant information. Instead, the book provides just enough material on
those topics to quickly guide the reader into the topics that are more relevant to the rest of the
material in this book. The book may also serve as a reference or introduction depending on the
reader’s need and background, but it is not intended as a complete implementation reference
book. The tables listing the protocol attributes are intentionally not exhaustive to avoid
distractions. Most of the time, only subsets that pertain to the discussions within the related
text are provided to enable the reader to understand the principles behind the design of these
attributes. At the same time, references to full standards specifications are provided for
readers interested in implementation of the complete feature sets.
Chapter 1 of this book provides an overview of what AAA is and stands for. It provides
thorough descriptions of both authorization and accounting mechanisms. Unfortunately the
field and standardization on authorization mechanisms is in the infancy stage at this point and
Preface xix
accounting, compared to authentication, has received far less attention in the research and
standards community due to its operator-specific nature. Due to the enormous amount of
research done on authentication, we devote Chapter 2 entirely to authentication concepts and
mechanisms and also provide a rather unique classification (from IAB) of authentication
mechanisms in that chapter. We will come back to the topic of authentication and describe
more sophisticated EAP-based authentications in Chapter 10, but after Chapter 2, we go
through the concepts of key management in Chapter 3 to lay the groundwork for most of the
security and key management discussions in Chapter 4 and the rest of the book. Chapter 4
discusses IPsec and TLS briefly, but provides a thorough discussion on IKE as an important
example of a key management and security association negotiation protocol. As mentioned
earlier, the aim of that chapter is not to describe IPsec or TLS thoroughly. Both these protocols
are provided for completeness and to provide the background for the later discussion of
security topics. Chapter 5 discusses mobility protocols for IP networks. It describes basic
Mobile IP procedures and quickly goes through the latest complementary work in IETF, such
as bootstrapping. This chapter also describes two IETF seamless mobility protocols, context
transfer and candidate access router discovery, which may be required to achieve seamless
handovers. This chapter also describes the security procedures for Mobile IPv4 and lays the
groundwork for Mobile IP-AAA discussions in Chapter 8. Chapters 6 and 7 describe the two
most important AAA protocols, namely RADIUS and Diameter and their applications for
authentication and accounting. Many of the specifications that are considered work in
progress in IETF are covered here.
Chapter 8 finally covers the topic discussed in the IETF joke we mentioned earlier: Mobile
IP-AAA signaling to provide authentication and key management for Mobile IP signaling.
Chapter 9 goes on to provide a description of public key infrastructures (PKI) and the
issues and concerns with management of PKIs, certificates and their revocation.
Chapter 10 describes the EAP authentication framework, EAP signaling transport and the
structure for a generic EAP-XXX mechanism. It also provides overviews of a variety of EAP
authentication methods, such as EAP-TLS, EAP-TTLS, EAP-SIM, and so on.
Finally, Chapter 11 makes a humble attempt at describing the overall problem of AAA and
identity management in a multi-operator environment and discusses various architectural
models to tackle the problem. This chapter also provides an overview of the Liberty Alliance.
We wish the readers a joyful read.
Acknowledgements
Finally, it is the time to give acknowledgement to the people who have provided help,
encouragement and support. First, we would like to thank Mike Needham of Motorola Labs
for showing enormous enthusiasm and full confidence when we broached the idea of writing
a book at a time when we were not fully confident ourselves that this was a task we could
tackle. We would like to specially thank Dorsa Mirazandjani for acting as our test audience,
reading and providing comments and corrections on many chapters of this book, despite her
busy work and graduate school schedule. We would also like to thank Jeff Kraus for taking
the time and reading through Chapter 8 and providing technical and editorial feedback.
A special thanks you goes to Mana Mirazanjani for the first draft of the beautiful cover design.
Another very special thank you goes to Charlie Perkins who despite his very busy schedule
took the time and wrote a generous foreword for this book. We would like to thank the IETF for
xx Preface
providing open standards and specifications, without which the material for this book would
have been very hard to find. We would also like to thank the Liberty Alliance for accommodations
they made in the process of writing Chapter 11.
Finally, we want to thank the John Wiley publishing team, especially Birgit Gruber and
Joanna Tootill for their kindness, patience, encouragement and support throughout the
project.

if you are interested in this book contact me

Saturday, December 8, 2007

P2P : la Sacem relèvera les adresses IP des pirates

Le Conseil d’Etat a tranché : finalement, la CNIL donner raison, mais pas totalement, à la Sacem, représentant les auteurs, pour surveiller les réseaux d’échanges de fichiers musicaux ou vidéo par peer-to-peer. Les des internautes pourront être enregistrées et transmises à la justice.

La Cnil (Commission nationale de et des libertés) vient de donner à moitié raison aux ayants droit des auteurs-compositeurs et les éditeurs, en l’occurrence la Sacem, suivie dans cette demande par la SCPP (Société civile des producteurs phonographiques), la SPPF (Société civile des producteurs de phonogrammes en France) et la SDRM (Société pour l'Administration du Droit de Reproduction Mécanique des Auteurs, Compositeurs et Editeurs).

La décision n’a cependant pas été évidente puisque la partie a duré deux ans. En 2005, la Cnil avait refusé une demande semblable formulée par la Sacem. Ces organismes entendaient traquer eux-mêmes les internautes mettant à disposition les musiques et les vidéos de leur Disque Dur. Mais la demande allait plus loin. Il s’agissait aussi de récupérer auprès des fournisseurs d’accès à Internet (FAI) le nom des internautes pratiquant les échanges par de fichiers par peer-to-peer ( et dont les adresses (numéro attribué lors de la connexion à Internet) étaient repérées. La Sacem souhaitait également pouvoir envoyer des messages aux internautes fraudeurs pour les prévenir et les dissuader de continuer.

La Cnil avait estimé que ces actions n’étaient pas du ressort des sociétés de gestion de droits d’auteurs et qu’elles impliquaient une collecte de données sur les individus. Elle jugeait également que les moyens demandés était « disproportionnés par rapport à la finalité poursuivie ».

Bientôt un gendarme des réseaux

Après le refus de la Cnil, la Sacem, la SCPP et la SPPF s’étaient tournées vers le Conseil d’Etat. Celui-ci vient de rendre son verdict. Il a donné raison à la Cnil sur un point : les sociétés de gestion des droits d’auteurs ne peuvent pas intenter elles-mêmes d’actions envers les internautes. Mais, sous réserve d’éliminer cette possibilité, le Conseil d’Etat a estimé que la demande était valide et, en particulier, que la possibilité de relever les infractions était bien « proportionnée » au préjudice causé. La Sacem a donc fait une nouvelle demande qui ne réclame plus le droit d’envoyer des messages avertissements aux internautes et la Cnil n’a pu qu’accepter.

Société privée, la Sacem aura donc le droit de surveiller les réseaux P2P, de relever les infractions, de noter les adresses IP, de comptabiliser les fichiers échangés, de noter les adresses IP et monter des dossiers qui seront transmis à un juge.

Dans le même temps, la commission Olivennes, réunissant pouvoirs publics, FAI et ayants droit, a planché sur le piratage et sur les moyens de le réprimer. Il a abouti à un accord qui prévoit la création d’une autorité indépendante et publique. Celle-ci aura, elle, le droit de remonter aux noms des internautes et devrait leur envoyer les messages d’avertissement dont la Sacem voulait s’occuper elle-même.

L’accord, qui n’a pas encore été traduit en une loi, prévoit une riposte graduée, avec, en cas de récidive, la résiliation de la ligne (une demande déjà formulée en 2004 par l’industrie du disque) et l’enregistrement sur une liste noire nationale. Cet accord prévoit aussi des obligations pour les FAI, qui seront tenus de collaborer, sous peine de sanctions. Ils devront aussi expérimenter le filtrage des connexions Internet de leurs abonnés.

La mise en pratique est encore loin mais la piste est tracée…

Top 10 IT Management Mistakes and How to Avoid Them

Working with IT managers on a regular basis allows me to see some great management styles and some really poor ones. There are ten major mistakes that I see IT managers make on a regular basis. Some of these errors have even cost some managers their jobs. Here they are:

1: Focusing on technology and not the business

The typical IT manager comes from a technical background in either infrastructure or development. Based on their technical roots, they tend to focus their efforts in their expertise when in fact they should be looking for ways to support, enable, and improve the business. In order to be successful, it is imperative that IT managers become a business leader and turn their focus and expertise on business issues and problems first.

2: Thinking "out of sight is out of mind"

It's important to remember that in IT, no news is not good news. IT managers tend to trudge along without ever looking at their progress. The most powerful task an IT manager could ever do is an assessment. There are several ways to do this. You can do a SWOT (Strengths, Weaknesses, Opportunities, and Threats) analysis, or you could do a full blown formal IT Assessment. You can even use a scorecard system to track where you are as a department. See: http://techrepublic.com.com/5138-1035_11-5670861.html for a scorecard developed specifically for this purpose.

3: Thinking that your team has it covered

In the TV show "The Apprentice," so many teams ended up in the boardroom because the leader delegated a job, but didn't follow up to make sure it was done right. Following up is not micromanagement. It's your job as a leader to ensure that the task gets done correctly.

4: Not inspecting what you expect

This mistake has its roots in mistake number 3, but can be carried forward into other aspects of IT. For instance, you could possibly expect great performance out of your servers, but may not have a system to make sure they're running at peak capacity. This ultimately leads to poor planning, budgeting, staffing, etc. If you want to avoid this common pitfall, make a comprehensive list of your expectations for your entire department. This could include critical projects, network and server performance, client satisfaction, etc. Double-check the list to make sure you are inspecting all expectations on a regular basis. Keep a checklist or develop a daily disciplines worksheet to follow everything that needs daily inspection.

5: Not creating a partnership with business management

I find a great deal of IT managers reporting to operations and finance personnel instead of presidents and CEOs. The only way IT can be an effective and strategic element to business is through partnership with business executives. You must lead and influence your reports, peers, and leaders to have a maximum impact on the organization. The quicker you can get on the leadership team, the quicker you will have the ability to execute on number 1.

6: Burning yourself out

I can't tell you how many IT managers I coach that have not had vacations in a year or longer and routinely work over 70 hours per week. This is not only a mistake, but it's a formula for disaster. Sometimes the thinking is that your business can't live without you. The truth is, your business cannot live with you burning yourself out. It only leads to lowered productivity and, eventually, your giving up or getting disgruntled. Do yourself, your business, your employees, and your family a favor and take some time off.

7: Not testing your backup solution

I always tell my new IT managers that one of the most important aspects of their jobs is ensuring a reliable backup. Breakdowns in technology hardware are inevitable. The next best thing is fault tolerance, but I have even seen that fail. Don't think for a minute that if you have tapes and if everything looks OK in your system that everything is ok. Make sure you test backups regularly. Do test disasters and make sure you can recover.

8: Not asking for help

Too often I've seen costly mistakes made by managers and technicians who try to solve an issue alone without informing anyone or even reading the manual! This is a costly mistake. If you get in over your head, do the right thing and seek help. The key to successful IT management is not knowing the right answers; it's being able to find them and executing a solution as quickly and cost effectively as possible. Don't hesitate to bring in the experts where necessary.

9: Not devoting time to personal development

There's no excuse for this mistake. Personal development is not your company's responsibility -- it's yours. I can always tell a person's success potential by the last five books they've read and by the seminars they attend. Every IT manager should be devoting at least 30 minutes a day to personal development. The truly successful devote even more and, in some cases, in upwards of two hours or more per day. The most common excuse I usually hear is the lack of time or money. The answer lies in the successful management of money and time.

10: Not finding a mentor or coach

The quickest route to success is to find someone who has been there and emulate that person. The quickest road to pain, hardship, and failure is to go the journey alone. Whether you are in management or not, you should always have a mentor or coach and you should always be mentoring or coaching someone else. A coach will simply help you achieve more than you could by yourself by imparting wisdom, accountability, and crucial advice where necessary. By coaching or mentoring someone else, you're doing the same, but you're also solidifying your own concepts by teaching them to others.

Joey Smith

11/19/2007

Recrutez moins cher, mais mieux !

Le concept du low cost a permis à de nombreux consommateurs et
entreprises de bénéficier de prestations à coûts fortement réduits.
Mais ce principe, s’il a trouvé son public, se voit aujourd’hui
rattrapé par une nouvelle exigence, qui allie prix et qualité. Ainsi
sont apparues récemment (dans le secteur du transport aérien par
exemple), compagnies haut de gamme low cost, proposant des vols en
première classe Paris/New-York à des tarifs attractifs, et avec un réel
souci de confort. Elles démontrent que, si la qualité a un coût, il
n’est plus nécessaire de dépenser des fortunes pour parvenir à bon
port, dans des conditions équivalentes à celles des grandes compagnies.
Et cela marche ! Pour preuve, les exemples se multiplient dans de
nombreux secteurs : séjours touristiques, sociétés de location de parc
de véhicules, banque-assurance, fleuristes…

Respecter un double engagement

Le recrutement n’est pas en reste. En apportant un service efficace
au meilleur coût, se développent des sociétés capables de fournir aux
entreprises des prestations de recrutement haut de gamme, à un tarif
raisonnable. Tout comme les compagnies aériennes évoquées plus haut,
ces sociétés conservent l’essence même de leur métier, se focalisent
sur le cœur du service, et ont réussi à faire évoluer la profession. De
la même manière que les voyagistes proposaient à l’origine des offres
réservées à une population aisée, les cabinets de recrutement
orientaient les leurs vers des entreprises capables d’investir
fortement dans ce processus. L’arrivée d’Internet a révolutionné le
marché, en permettant une réduction des coûts de structure et une
gestion facilitée de l’offre. Les agences en ligne ont fleuri, et avec
elles les compagnies aériennes low cost.

Dans le recrutement également, l’essor des sites d’emploi a fait
changer la donne, et peu à peu démocratisé l’offre. Aujourd’hui, le
concept du haut de gamme low cost apporte l’assurance d’engagements
forts en terme de qualité, sur une équation alliant obligation de
résultat et obligation de moyen. Qu’on ne s’y trompe pas : pour ces
sociétés haut de gamme low cost, les outils, et les résultats, surtout,
sont les mêmes. Le pilote – responsable du recrutement - est
expérimenté, les avions – les principaux sites d’emploi – parfaitement
fiables, la promesse de destination – celle de présentation de
candidats –respectée, l’heure d’arrivée – la recherche effectuée en
temps – honorée.

Pour l’entreprise utilisatrice de ces services, l’intérêt de ces
prestations est le même que pour le consommateur : lui permettre de
bénéficier de prestations de qualité, et ce, même si ses moyens sont
limités. Le haut de gamme low cost en recrutement est un gage de valeur
ajoutée, au juste prix. Une belle occasion de combattre cette idée
selon laquelle seule une grosse facture est synonyme de beau voyage…

Eric Lecamus

Google Goes It Alone on 10 Gigabit Ethernet Switches

Datacenter managers face a dilemma: Should they write their own platform software, or farm it out? Different companies are taking different approaches to this problem.

Yahoo! Inc., which used to run an internally modified variation of FreeBSD, has since outsourced the job to the Red Hat Enterprise Linux team. Google, meanwhile, has been doing just the opposite — extensively customizing Linux and other open-source software for its own use, while generally refusing to contribute its work back to open-source projects. Google has also ordered custom motherboards from Intel Corp. that the search giant uses to build its own servers — a further indication of Google’s vertical integration.

Gordon Haff, senior analyst at Illuminata, has blogged about this issue for CNET and for Internet Evolution, where he wrote that Google “already intensely customizes ‘off-the-shelf’ components to its own purposes.”

This may not be the normal course of the tech marketplace, which tends to outsource even uniquely customized widgets — Apple’s iPhone, for instance, was made by 30 companies across three continents. But trends don’t determine Google’s path, as it has shown numerous times. "We're about not ever accepting that the way something has been done in the past is necessarily the best way to do it today," Douglas Merrill, Google’s director of internal technology, said in 2006 to a gathering of CIOs.

When Google realized that commercially available 10GbE (10 Gigabit Ethernet) switches couldn’t meet its high standards for power consumption and cost, it decided to make its own as part of a “secret internal initiative,” according to Andrew Schmitt of Nyquist Capital, which could have an “enormous ... disruptive impact” on the 10GbE supply chain. Schmitt had been trying to account for shipments of 10GbE components he had seen moving about the marketplace. Through his sleuthing, he tracked them to Google’s doorstep, where he discovered the search engine giant was building its own switches to interconnect servers within its datacenters. The costs related to designing and building its own switches to its specific needs were apparently less than modifying off-the-shelf alternatives. Schmitt speculated that Google based its design on Broadcom’s 20-port 10GbE switch.

Om Malik, of GigaOm, was quick to follow up on Schmitt’s Google scoop, and discovered that “these are early days for this particular core switch project.” Not only did GigaOm confirm Schmitt’s story, the widely read tech blog furthered the story by adding: "This is not the only [core switch project]” at Google, and that Fulcrum Micro may provide some competition for Broadcom in the end. Although Google has kept silent on the issue, its job page speaks for itself.

Wednesday, December 5, 2007

F STORY Irresistible Force Creates Moveable Object


Irresistible Force Creates Moveable Object

What is it that's said about the irresistible force?

Anyone encountering an engineer named Yukihiko Yaguchi might just find out first hand, for he's an irresistible force that's created a highly movable object.

Yaguchi is a very convincing, compelling guy, but he's also quiet and self effacing. Once he gets hold of you, you not only can't help but like him, you can't help but want to help him accomplish whatever it is that he's up to.

Plenty of people have learned that lesson, and there's solid evidence to support it. The evidence sits on four fat, sticky tires. It's called the Lexus IS F.

In order to understand the IS F and its genesis, the first thing that you have to understand is that Yaguchi is an enthusiast, a performance hard case who loves to drive fine, responsive equipment.

For the 30 years he's been at Toyota, he's wanted to build a car he wanted to drive, a car he'd love to own. During his tenure at Lexus, Yaguchi has worked on the first and second iterations of the Lexus LS luxury sedan, the turbocharged Toyota Supra and the first Lexus GS sport sedan. But none of those cars, however excellent, scratched his peculiar performance itch.

For the past 15 years, he's been thinking in terms of nothing less than an all-wheel-drive supercar with huge horsepower, racetrack-inspired handling and enormous stopping power.

What he had in mind was a take-no-prisoners premium sport sedan that would offer comfort, sophistication and performance to equal or beat the best of the class from Europe.

Finally, he got tired of waiting. He decided that he'd just go ahead and figure out a way to build it.

Yaguchi was ideally placed to ramrod such a project, as he was working at TMC's Lexus Center in the Brand Strategy department in preparation for the Lexus brand to expand globally.

Lexus is of course a well-organized company with carefully proscribed procedures for getting things done. But Yaguchi, the irresistible force, turned procedure on its head.

To begin with, in Lexus' careful way, it's not the engineers who make the decisions to design and develop a vehicle. It's the Product Planning Department. The experts there want to be sure that there's actually a market for a proposed vehicle, and that the finished product will fill the needs of that market.

So instead of the Product Planning people going to Yaguchi and saying something like, "Look, Yaguchi-san, we think that the market is ready for a high-performance sport sedan," it was the other way around. Yaguchi pitched his concept to Product Planning. Incredibly, after much convincing, he received Product Planning's approval to proceed.

But just because the project got the green light from Product Planning, that didn't mean that it had resources and budget allocated to it. It didn't. But that wasn't enough to derail Yaguchi. He developed the IF S when he wasn't busy with his Brand Strategy responsibilities, working informally, on the side, beginning in 2004.

In other words, in the best tradition of the factory-based hotrod, Yaguchi recruited his own special "Skunk Works," an under-the-radar operation populated by a team of speed-crazy rogue engineers who, working in their spare time between their regular assignments, developed their own vision for a Lexus performance vehicle.

Most chief engineers, when they are tasked to develop a new Lexus model, typically have between 1,500 and 2,000 people on their development teams. That didn't happen here. Instead, Yaguchi had between 100 and 300 people at any given time on the IS F development team. He designed and built the IS F with a team that was a fraction of the size of the usual engineering and development staffs.

Working outside the confines of Lexus' usual carefully planned corporate program, Yaguchi cherry-picked the very best people, folks he thought might want to have a hand in creating this special car. Because it wasn't possible to get them assigned full-time to his team, he convinced them to contribute their ideas and skills in their spare time, when they weren't working on their regular projects.

This approach didn't just apply to individuals. Yaguchi worked his wiles on whole departments. For example, a corporate subsidiary called Toyota Technocraft, among many of its special projects, builds packages for police cars and also builds the aero kits used on some Toyota models. Yaguchi reasoned that Toyota Technocraft would be perfect to help with the many specialized modifications of the standard Lexus IS that this car would require.

He pitched the idea to the division's leadership, and they went for it. The result is an engineering marvel with special aerodynamics, an 8-speed Sport Direct Shift transmission with paddle shifters and its own special performance profile, Brembo disc brakes that feature huge, 14.2-inch cross-drilled discs and six pistons per caliper up front, 19-inch wheels [4] and a specially tuned suspension system. Indeed, Technocraft's participation in the IS F project marks the first time the division has worked on the design of an entire production car.

But Yaguchi's determination didn't end there. He went so far, in fact, as to take his requests for help outside the company's confines. He knew that the IS F was going to require a really spectacular engine. So he went to Yamaha, which has a history of making engine components for Toyota and Lexus. He didn't go to just anyone, he asked his old friend Mr. Kimura, who worked on Yamaha's Formula One engine program and then general manager of the aftermarket project division, to help out. As a result of that request, Yamaha did most of the development on the IS F's DOHC 5.0L V8, making sure to pack it with more than 416 horsepower [1], enough to blast the IS F to 60 mph in 4.6 seconds[1] [5].

Eventually, none of this was done in secret. So well known did the project become, and so legendary was Yaguchi's persuasiveness, that the whole experience came to be known as Yaguchi-Go. In Japanese, today "go" is a suffix referring to a car, but originally it characterized a ship, the equivalent of a vessel making its unstoppable way forward. So this was Yaguchi and his project cutting a swath, and leaving a wake, through Toyota and Lexus. In this way, "Yaguchi-go" constitutes recognition of his leadership of, and ownership of, the IS F project.

To be certain they got the IS F exactly right, Yaguchi and his team tested the IS F at racetracks that count, at tracks that have challenge and heritage. Those test tracks include the legendary Nurburgring Nordschleife, in Germany's Eiffel Mountains; Circuit Paul Ricard, in the South of France; Circuit Zolder, in Belgium; Laguna Seca Raceway, in California; and Fuji Speedway, in Japan.

In fact, Fuji Speedway is the IS F's home circuit and its many turns the inspiration for the F-logo design.

In fact, by the time testing was concluded, there'd never been a Toyota or a Lexus production car that had been so heavily tested at race tracks all around the world.

The result of all this, of course, will be available to the public beginning in early 2008. And that means that Yaguchi can stop thinking about exactly the car he'd most like to drive. He can actually begin driving it... and so can every other enthusiast.

Saturday, November 17, 2007

FRANCE - MAROC (AMICAL) Pressés par de superbes Marocains, les Tricolores n’ont pas été à la fête


Les Marocains n’étaient pas venus en touristes. Non contents d’ouvrir le score, ils posèrent ensuite d’énormes problèmes aux Bleus dans le jeu avec leur flamme et leurs qualités techniques. Govou, puis Nasri eurent beau marquer, les Lions de l’Atlas vivaient toujours !

Attendant de pouvoir avancer sur le dossier ukrainien qui, jusqu’à nouvel ordre, ne leur autorise aucun relâchement, et de situer précisément à travers le choc Écosse - Italie du jour leur marge de manoeuvre future en termes de chiffres, les Bleus ont bien couru, hier soir, sur le gazon un rien râpé du Stade de France. Il faut dire que les Marocains ne leur ont guère laissé de répit, tenant leur rôle de baroudeurs des espaces à la perfection et dévoilant même un magnifique potentiel technique et moral. Le hasard aura voulu que le déclic vienne en l’occurrence de deux erreurs de Mickaël Landreau et de Nadir Lamyaghri. Après quoi, la France dut user du bleu de chauffe pour garder le cap. Déchirures Pauvres gardiens dont les moindres écarts subissent l’impitoyable examen de la loupe, quand ils n’engendrent pas carrément la critique. En négociant mal un premier ballon chaud et en dégageant un autre du pied comme on tape dans un caillou, Landreau et son collègue marocain Lamyaghri avaient créé l’événement à leur façon. Deux buts « casquette » qui avaient lancé le match mais aussi livré une indication pas anodine du tout concernant la capacité de réaction d’une France bien calée dans ses responsabilités. En tout cas, sa réponse, même si elle résultait d’une grossière erreur adverse, avait de la consistance. Pour annihiler les entreprises débridées, mais souvent cohérentes, de leurs rivaux, les Bleus avaient dû user de deux armes essentielles : le sang froid et la maîtrise. Il fallait bien ça pour vivre dans une rencontre rythmée par les accès de fièvre d’un Maroc sans complexes. L’enthousiasme de l’un, la science de l’autre… En marquant en un éclair, Sektioui et Govou n’avaient fait, au fond, que traduire fidèlement les qualités respectives de leur équipe. Mais, dans l’histoire, les Français ne s’étaient pourtant pas vraiment rassurés.Forts dans leurs têtes et dans leurs jambes, les Marocains signèrent en effet une première mi-temps solide, jouant bien, pressant haut et ne laissant guère d’espaces à leur opposition. De quoi en somme mettre les Bleus sur le grill et leur rappeler que rien n’est jamais acquis. Le fait que Thuram ait dû très vite, en deuxième mi-temps, parer au plus pressé sous la pression adverse témoignait de l’emprise des Lions de l’Atlas, de leur irrépressible envie d’aller de l’avant, d’oser tout simplement. L’équation n’était pas simple à résoudre pour cette équipe de France sans cesse obligée de se battre pour exister, sans cesse en déséquilibre sur ses appuis. Bercés par la vague rouge des tribunes, les joueurs d’Henri Michel ne lâchèrent rien, même après que Nasri eut donné aux siens un avantage presque inespéré (2-1, 75e). L’égalisation de Mokhtari sonna d’ailleurs comme une juste récompense (2-2, 85e). Et jusqu’au bout, les charges rouges firent peser une très lourde menace sur les lignes françaises… • À SAINT-DENIS, PAR PIERRE DIÉVAL

Photos kooora Maroc

Sunday, November 11, 2007

Emportez vos logiciels avec vous

Dans la plupart des cas, une application installée sur un ordinateur est plus ou moins liée à celui ci : lors de l'installation, des fichiers systèmes indispensables au fonctionnement du logiciel sont copiés sur le disque. Si vous copiez le dossier de l'application sur un autre PC ou sur un disque externe, il y'a fort à parier qu'elle refusera de se lancer. Néanmoins, ce n'est pas le cas de tous les logiciels, et une autre catégorie existe : celle des applications qui se suffisent à elles mêmes. Il peut s'agit d'un simple exécutable, ou d'un dossier contenant tous les fichiers nécessaires et n'ayant absolument pas besoin de fichiers système copiés sur votre ordinateur. On parle alors d'applications « portables », car on peut ainsi les emporter partout avec soi, et notamment sur un disque externe ou une clé USB.


Article tiré de clubic.com

Friday, November 9, 2007

MySpace+ Google = OpenSocial( Vs Microsoft +Facebook)

Des rumeurs circulaient sur l’éventuelle implication de MySpace dans le projet “OpenSocial” de Google (visant à proposer un ensemble de standards de développement d’applications pour les réseaux sociaux), ces rumeurs viennent d’être confirmés officiellement par un communiqué de presse rédigé conjointement par les 2 entreprises:

MySpace, the world’s largest social network, and Google, Inc. (NASDAQ: GOOG) today announced that they are joining forces to launch OpenSocial— a set of common APIs for building social applications across the web. The partnership spearheads an initiative to standardize and simplify the development of social applications. Today’s announcement underscores MySpace’s commitment to supporting standards that foster innovation in an increasingly social Web.”

Les autres “founding partners” du projet incluent: Bebo, Engage.com, Friendster, hi5, Hyves, imeem, LinkedIn, Ning, Oracle, orkut, Plaxo, Salesforce.com, Six Apart, Tianji, Viadeo, XING.

Même si MySpace a été largement critiqué ces derniers mois au profit de Facebook et sa plateforme de développement, il semble que le “sleeping giant” préparait son réveil depuis pas mal de temps. Avec ce partenariat avec le géant Google pour le projet Open Social, MySpace est de retour en force dans le domaine du Social Networking !

La question est: Facebook va-t-il le rejoindre et faire partie du projet? où est-ce le début d’une guerre entre Facebook/Microsoft et MySpace/Google ? (Sachant qu’un porte parole de chez Google a déclaré avoir invité également Facebook, parmi les autres réseaux sociaux, à rejoindre cette alliance)

The most important principle about openness is that everyone is invited to join” a déclaré Eric Schmidt, CEO de Google

"Thursday 01 November 2007 by Aziz Haddad "

The Flow of Time & Money

Bonjour ,j'ai consulter ce livre sur le web il y a 6 mois et je viens juste de le commencer , je sais c'est pas vraiment joli mais j'avais autre chose a faire je vous laisse avec une petite présentation de son auteur et j'espere que vous alez le lire .
Bonne letcure
"How we spend our time and how we spend our money determines our quality of life. Invest your time in your health, education, relationships, and spiritual development, and you will have a full and fulfilling life. Invest your money in assets that produce capital gains and passive income, and you will have a prosperous life. In this book/seminar, I offer a unified framework for managing time and moey, with practical actions to lead you quickly along the path to financial independence and increased effectiveness in daily life, ultimately to make your highest contribution to the world. "

By Lloyd Watts

Link TO donwload

Clubic.com - Articles / Tests / Dossiers