This was definetely not what I was planning to write about! We have had a lot of things happening lately, but they all have to wait in order to make room for this article that I found through Twitter!

Just when you thought it couldn’t get any worse in the world of software patents, a reliable source sent me this response from Steve Jobs about a patent pool that’s forming and aiming to nail the open source codecs projects. It’s enough to make the weak at heart go weak in the knees and stop working on open source projects.

Here is Steve Jobs’ response to the letter from Hugo Roy:

From: Steve Jobs
To: Hugo Roy
Subject: Re: Open letter to Steve Jobs: Thoughts on Flash
Date: Fri, 30 Apr 2010 06:21:17 -0700
All video codecs are covered by patents. A patent pool is being assembled to go after Theora and other “open source” codecs now. Unfortunately, just because something is open source, it doesn’t mean or guarantee that it doesn’t infringe on others patents. An open standard is different from being royalty free or open source.

Sent from my iPad

You can read the story here!

Original letter sent to Steve Jobs

Knowledge, Licensing, Open Source; Good Business or Dangerous Adventure?

And for once I am not talking about the size around my waist! The last couple of months I have been working on a new concept, a network of Partners all over the world. As a small company you meet all kinds of problems such as high prices, costly freight, none or very limited influence on the products that you are marketing. While the large corporations have the resources to develop fancy equipment carrying their name and logo the small companies is left with the rest. But guess what, we are about to change that! With the support of a lean organization handling both ordering as well as shipment to the various Partners we are able to cut cost and grow influence. We still need more members in order to have a real impact, at the moment we have Partners in Norway, the Netherlands, United Kingdom, France and USA (east coast). And another four companies is going to join within a week or so. I believe there is strength in numbers, and we will use our strength to the benefit of our customers.

UPDATE: We have decided to participate at AstriEurop together with our  French Partner Analytel. For details please click here.

For inquiries about our global network of Retailers and Partners please go here.

Open Source; Good Business or Dangerous Adventure?, The Past and the Present

For the last three years I have been looking for parts, those very special parts that would permit me to built a very special line of PBX’s. My requirements was tough; two basic appliances should cover at least ten different models, the PBX should have the capability of growing more powerful and with more features when the need arise, quality should be as good as the BIG manufacturers, it should be based on Open Source software and last but not least, High Value For Money! Guess what! The first prototype was running this afternoon!

The prototype is a 2U appliance with dual redundant power supplies and with the capacity of 4 PBX Blades and one Server Blade. Each PBX blade has a tested capacity of more than 50 concurrent VoIP calls, and we have Blades with E1/T1, Analogue and BRI technology. The PBX can operate with or without the Server Blade and with any combination of the PBX Blades. And more Blades are currently under development.

The initial release will be with 1 to 4 separate PBX Blades in the 2U cabinet, but we are working on a solution that will make it possible to combine the power of all blades to a whopping 200+ concurrent calls. And this is only the beginning, a 4U appliance with a much higher capacity is in the works as well.

As everybody with children know, finding a good name for the last member of the family is a lot more difficult than the creation itself. But I think we finally got it;
VoIPtel X Series Communication Appliance, or VoIP X for short. Cute name for a great future! ;o)

More info and pictures will be posted in the near future.

Knowledge, Open Source; Good Business or Dangerous Adventure?, PBX stuff, Unified Communications

We have been using different types of Asterisk based IP PBX’s for almost three years now, and with the exceptions of problems created by our ISP, VoIP provider or our own staff it has been smooth sailing. But just over a week ago I was really %¤##”& off; I was invited to attend a conference with the CEO of a reputable Canadian company and their UK based EMEA manager. Everything was prepared, I dialed the UK number to attend the conference and got busy line! Tried again, same result. OK, breath slowly, I had a US number for the same conference. BUSY LINE! Try again, same result, what the ¤%#& was going on?? A couple of emails later the conference was rescheduled for next day, hopefully the problems with the conference server would be solved by then.

New day, new chances. I dialed the UK number again and got … BUSY LINE! US number, same result! This couldn’t be right, I decided that we better check our own equipment before we attempted to attend the conference once more! A new conference was scheduled after the weekend, at least we would have enough time to find out what was going on.

Bruce logged in to our PBX and checked the config after which he tried to call an international number, do I need to mention that he got busy line? He tried another number watching the progress of the call and discovered that the call appeared to be denied by our VoIP supplier! Strange, to my knowledge all our bills was paid, was there really any reason why a VoIP provider would block international calls from a corporate customer?

We called up their support department and explained the problem, I prefer not to describe my reaction when I was informed that they had indeed blocked our international access! The reason; we were using Asterisk and one of their customers using a very old Asterisk distribution had been hacked and his account abused for more than $30 000. And our provider had forgotten to include a statement leaving the responsibility for such incidents with the subscriber. Needless to say they panicked, closed down international calls for all Asterisk users and “forgot” to inform their customers leaving us all in the dark! It took some time to convince them that our PBX was secure, but finally we were able to get full functionality restored.

I can understand their reaction (no, not their “customer support”, it sucks!), so I have decided to point your attention to a blog post titled Seven Steps to Better SIP Security with Asterisk. Please visit it and read it all, I have only published the seven steps here:

Seven Easy Steps to Better SIP Security on Asterisk:

1) Don’t accept SIP authentication requests from all IP addresses. Use the “permit=” and “deny=” lines in sip.conf to only allow a reasonable subset of IP addresess to reach each listed extension/user in your sip.conf file. Even if you accept inbound calls from “anywhere” (via [default]) don’t let those users reach authenticated elements!

2) Set “alwaysauthreject=yes” in your sip.conf file. This option has been around for a while (since 1.2?) but the default is “no”, which allows extension information leakage. Setting this to “yes” will reject bad authentication requests on valid usernames with the same rejection information as with invalid usernames, denying remote attackers the ability to detect existing extensions with brute-force guessing attacks.

3) Use STRONG passwords for SIP entities. This is probably the most important step you can take. Don’t just concatenate two words together and suffix it with “1″ – if you’ve seen how sophisticated the tools are that guess passwords, you’d understand that trivial obfuscation like that is a minor hinderance to a modern CPU. Use symbols, numbers, and a mix of upper and lowercase letters at least 12 digits long.

4) Block your AMI manager ports. Use “permit=” and “deny=” lines in manager.conf to reduce inbound connections to known hosts only. Use strong passwords here, again at least 12 characters with a complex mix of symbols, numbers, and letters.

5) Allow only one or two calls at a time per SIP entity, where possible. At the worst, limiting your exposure to toll fraud is a wise thing to do. This also limits your exposure when legitimate password holders on your system lose control of their passphrase – writing it on the bottom of the SIP phone, for instance, which I’ve seen.

6) Make your SIP usernames different than your extensions. While it is convenient to have extension “1234″ map to SIP entry “1234″ which is also SIP user “1234″, this is an easy target for attackers to guess SIP authentication names. Use the MAC address of the device, or some sort of combination of a common phrase + extension MD5 hash (example: from a shell prompt, try “md5 -s ThePassword5000″)

7) Ensure your [default] context is secure. Don’t allow unauthenticated callers to reach any contexts that allow toll calls. Permit only a limited number of active calls through your default context (use the “GROUP” function as a counter.) Prohibit unauthenticated calls entirely (if you don’t want them) by setting “allowguest=no” in the [general] part of sip.conf.

Knowledge, Open Source; Good Business or Dangerous Adventure?, PBX stuff, VoIP Providers supporting Asterisk

We have received an unofficial feedback from a Digium representative regarding this matter. It was made clear that the following info was not necessarily that of the Board of Digium, just the personal opinion and understanding of the person speaking to us.

A lot of time and money has gone into the development, the license cost was to pay Skype, and Digium need to recover the cost of development. It made sense to release it for intel based systems first as this was the largest segment of the market and since their own Switchbox uses intel. They realize that the Blackfin systems are very popular and Switchbox was looking at all chipsets to produce green products. It was expected that a version for Backfin chipsets would be made available in the future.

In other words, Digium is not sleeping in class but are aware of the GREAT and GREEN potential of embedded PBX’s based on the Blackfin DSP. But I still believe that they need a little convincing, so please keep on sending mails telling how much we want to integrate Skype!

Knowledge, Open Source; Good Business or Dangerous Adventure?, PBX stuff

It has been five months since my last post about Skype for SIP, and I know that I speak for a huge number of people when I say that my patience is starting to run thin. Specially when you find out that Cisco and Shoretel have implemented it in their proprietary, very expensive products!

And what about Skype for Asterisk made available last month? Sorry, only available if you run anything else than an embedded, Blackfin based PBX. Digium’s own AA50 is an embedded PBX based on the Blackfin DSP, I would be quite surprised if users of the AA50 want Skype for Asterisk less than the rest of us!

I have registered once more with the Skype for SIP program, hopefully this time we will be included. But I need your help! Please send loads of mail to both Digium and Skype, ask them why the Blackfin based IPxx PBX is prevented from Skype integration! If we scream load enough maybe they’ll finally hear us!

Knowledge, Open Source; Good Business or Dangerous Adventure?, PBX stuff, The Past and the Present

For the last 16 months Bruce has spent almost all his time working on our contribution to Asterisk and the Open Source community. In the beginning he based his work on an early version of AsteriskNOW and the BAPS firmware made available by David Rowe, the father of the IP04 PBX. Most of the time Bruce had to work alone and look for bugs and bad programming in the original firmware, a fact that unfortunately contributed to a slow evolving firmware.

We received a large number of requests about making the firmware ready for use by small and medium size businesses, a request that we finally were able to accommodate with the release of Astfin based VoIPtel CE (Community Edition) and SE (Supported Edition). While CE is completely free of any cost the SE is linked to a Support Contract that even extends the warranty of the PBX to the expiration of the contract.

Even though it has been very expensive for our company to dedicate all this time and resources to this project it has in some ways been both rewarding and educational. We have met a large number of truly great people, and then we have bumped into the occasional person or company who take our work, remove all credentials and promote it as their own. Or copy material from our website without asking permission and with a total disregard for the Copyright statement.

Two weeks ago I received some promotional material from a company in Hong Kong. Upon reading the material I found that it was an exact copy of something I have written and posted on my website. I confronted the company who in turn blamed it on their supplier, a supplier that they refuse to reveal.

I am a bit confused about how I will deal with this case. I will gladly give my permission to most people who ask if they can use my work, and in most cases I will not even accept any compensation. But I really don’t like the kind of attitude put forward by this company. My options are to file a legal case, publish their name as well as our complete communications here, inform CeBIT and other fairs about their practise, and probably several more. What do you think? Please send your opinion and advice to feedback@voiptel.no , it will be greatly appreciated.

Licensing, Open Source; Good Business or Dangerous Adventure?