Patrick and Fred Chat… sometimes about VoIP
The Asterisk team of Digium announced new versions of Asterisk in reference to a potential security issue. The release highlights best practices and hopes to raise awareness of some potential security issues and injection statments. The announcement follows:
The Asterisk Development Team has announced security releases for the following
versions of Asterisk: Read the rest of this entry »
Ty would be proud...
Are you ready? Tomorrow, Asterisk fans, fanatics, developers, users, and more will gather in Glendale, Arizona for AstriCon 2009. AstriCon, the official conference for Asterisk, runs from October 13 – 15.
This year, yours truly will speak (and very honored to do so) in a talk titled “Asterisk Applications – Unexpected Hurdles.” (summary below)
Just in time for AstriCon, Digium pulled a Ty Pennington on the ol’ Asterisk website. It looks amazing. Just a great way to start the conference!
I’m extremely excited to be heading West and cannot wait to share the information learned. Get ready for a great show!
Asterisk is free, open source software provided under the GNU General Public License (GPL). Asterisk is the most popular open source software available, with the Asterisk Community being the top influencer in VoIP.
Why free? It’s just how Digium rolls. They really take that GPL open source to heart.
For more information, please check out:
Summary of Fred’s talk:
With Asterisk AGI programming, almost anything is possible. From phone based payment systems to providing real-time information, Asterisk makes it possible to bring information to anyone with a phone. Sometimes, even the simplest applications can have unexpected consequences. Building a real-time Parking Garage availability application in Ann Arbor, Michigan was met with great appreciation by residents but blocked by government who didn’t understand how Asterisk gathered data — interpreting it instead as a Security risk. The talk would explain that when building even the simplest public application, the designers should be familiar with public access laws and be able to articulate how their application gathers data. Freedom of Information will also be discussed.
Hi, VoIP Tech Chat here introducing a BRAND NEW download from Digium, the company bringing you Asterisk. Are your Skype calls limiting you to sitting in front of your computer? Do you ever forget to plug in your microphone and lose audio? Well, Digium has the perfect product for you!
Skype for Asterisk Beta is a download that lets you integrate your Asterisk system with the Skype network.
With Skype for Asterisk, you can: Read the rest of this entry »
Note: You can play or download the MP3 audio of the “Telemarketer Torture” calls towards the end of the article.
When I first started working with VoIP, I began to hate telephony, and any and all things telephone related. This bothered me on many levels. You see, as a kid, I loved telephones. Growing up in the “big city,” pay phones seemed to be on every corner. Family stories talk about walking several blocks extra, just to avoid me seeing and wanting to play with a phone. But, as usual, I digress…
When I worked with an unnamed switch (let’s just say it rhymed with Broadmoft), I hated working with VoIP. I knew there had to be a better way and started playing with Asterisk. Soon, my memories of playing with phones started coming back and my love rekindled. Now, I look forward to working with phone systems, only because I truly feel that the use of a phone can only be limited by your imagination. And with companies like Twilio, Adhearsion, and Digium, the community of telephone developers seems only to grow.
With that long winded introduction, let’s discuss today’s topic — telemarketer torture. Read the rest of this entry »
John Todd (with Digium) sent a great email on SIP Security. Although written towards the Asterisk audience, this email provides a very good guideline towards increasing your VoIP SIP Security. It’s a must read and reprinted here for your easy viewing.
In case any of you were wondering why there has been a fairly notable upswing in the attacks happening on SIP endpoints, the answer is “script kiddies.” In the last few months, a number of new tools have made it easy for knuckle-draggers to attack and defraud SIP endpoints, Asterisk-based systems included. There are easily-available tools that scan networks looking for SIP hosts, and then scan hosts looking for valid extensions, and then scan valid extensions looking for passwords. You can take steps, NOW, to eliminate many of these problems. I think the community is interested in coming up with an integrated Asterisk-based solution that is much wider in scope for dynamic protection (community-shared blacklists is the current thinking) but that doesn’t mean you should wait for some new tool to defend your systems. You can IMMEDIATELY take fairly common-sense measures to protect your Asterisk server from the bulk of the scans and attacks that are on the increase. The methods and tools for protection already exists – just apply them, and you’ll be able to sleep more soundly at night.
Seven Easy Steps to Better SIP Security on Asterisk: Read the rest of this entry »
Note: There’s an intro, the DDA response, and Fred’s response in this article. Jump to the end to read Fred’s response.
A few months back, we posted a nice little article on using Asterisk to get Parking Space Availability from Ann Arbor garages. The response from the VoIP community was fantastic! We received great comments and feedback from people like Jason Goecke, Dug Song, Dave Michels, Evan Cooke, and more! People not only responded, they even showed different ways of providing access to this information. And everyone shared their work in an open forum — truly a great example of open source coding inspiring innovation (albeit with Parking Spaces).
Even better was the local response in Ann Arbor. Edward Vielmetti and Fred Posner were interviewed in the local papers, appeared on a radio show, and even rode the teeter totter. Everyone loved the idea of being able to check on parking space availability… everyone except for the DDA (insert scary music).
The DDA (Ann Arbor Downtown Development Authority), funded by tax dollars, “provides a diversity of transportation and parking options to meet downtown’s [Ann Arbor’s] ever-changing needs.” The DDA does not like us making information of parking spaces available to the public via phone. Instead, the DDA wants to control this information. Seriously, they want to control parking space availability information.
Tyler Erickson helped Edward Vielmetti and Fred make this project even more fascinating by tracking parking space availability over time. The plan was to provide predictability of availability. For example, “We’re sorry, the lot at 4th and Washington is currently filled, we predict the parking lot will be available in 7 minutes. Press 1 to be notified…”
Wouldn’t that be neat? We thought so… The DDA’s response was to block Tyler’s access. Of course, since it was using Google Apps, it blocked Google, but that’s another story. We inquired as to why this blockage occurred and… well enter Susan Pollay. Susan Pollay is Executive Director of the DDA. She told us (and remember, this is a tax funded organization): Read the rest of this entry »
Digium’s John Todd announced an amazing little contest — The Asterisk S-Prize. Asterisk, the open source VoIP telephony software from Digium, finds itself in small / medium businesses routinely. But more and more, large businesses and enterprises are switching to Asterisk to fulfill their telecommunication needs. With this in mind, Digium announces the S-Prize — geared at designing a single system capable of processing 10,000 call legs.
Here’s the information, directly from the source: Read the rest of this entry »
What you VoIPing 'bout Willis?
Yes, you guessed it correctly. In today’s article, Diff’rent Strokes will be used as a metaphor for VoIP. Why? The correct question is “Why Not?” And the answer… well that’s simple — Diff’rent Strokes is the perfect metaphor. Take for example these classic lines from the show’s theme song:
Now, the world don’t move to the beat of just one drum,
What might be right for you, may not be right for some.
Classic. Pausing for Trivia… do you know which 80’s sitcom star wrote these lyrics? If you said Growing Pains actor and Canadian sensation Alan Thicke, you’d be right… but, as usual, we digress.
Those working within VoIP, and contrary to many medical reports there are people still working in the industry, have many flavors and styles of VoIP products to choose from. Although opinions vary, there really is no “right” or “wrong” product line. Selecting your VoIP implementation is an individual choice that is determined simply by what works best for you. Read the rest of this entry »
Note: For information on Ann Arbor DDA blocking this application, click here.
VoIP is Fun
Patrick and Fred eat, breathe, and live telecommunication. So, when the chance to make fun little phone applications come around, we like to jump on it. Recently, while discussing parking issues with Ann Arbor’s Edward Vielmetti, and idea came to mind. Mr. Vielmetti is active within the Ann Arbor community and among the many hats he wears, one seeks to provide access to accurate information concerning downtown transportation and parking (wow that was a mouthful). While discussing the lack of accurate bus information in Ann Arbor, the conversation took a tangent (yes, how odd that conversations with Fred or Patrick take tangents) on the area of parking.
The parking garages in Ann Arbor provide nice signs in front displaying in brightly lit numbers, the amount of available spaces remaining. Ann Arbor also posts this information on the web at the A2DDA website. An idea came to mind that basically, you can tell the available spots either from the website or right when you reach the garage — but what if you wanted to know while driving to the garage?
So, with that long introduction, we present “using asterisk, cepstral, and perl to get parking and weather updates.” Ok, for the non-techs, don’t panic! We’ll talk about the techie stuff in a little bit. The bottom line is using Asterisk, Cepstral, and Perl, you can check the internet for the spaces available and let the caller know — all in real time. For a working example, call +1 (212) 937-7844 and press 6 +1 (734) 272-0909 (this is not a toll-free number).
What? Where?
On Sunday December 29th, Level3 Communications, one of the largest IP transit networks in North America and Europe, suffered an outage affecting sites such as ESPN, Amazon, and CNN. Noticeable missing from Level3? Any official acknowledgment or discussion of the incident; and an outage that disrupts ESPN on a Sunday will definitely be noticed.
When one of the largest internet backbones shows trouble, there are two ways to handle the situation (after fixing the issue of course). The first would be what we here call the “Duck and Cover” method (sometimes referred to as the Vinnie Barbarino approach). In this method, the company either makes no mention of the incident or does a classic Vinnie impersonation… such as:
Concerned User: I think there’s an outage.
Level3: What? Where?
Concerned User: I think there’s a problem with the network.
Level3: I’m So Confused.
(mugs to the camera and audience goes crazy)
Recent Podcasts