Posts tagged: piaf

Firewalls and Internet Security: Separating FUD and Fiction in the VoIP World

Some of us have spent years developing secure VoIP solutions for Asterisk® that protect your phone bill while bringing Cloud-based solutions within reach of virtually anyone. So it’s particularly disappointing when a hardware manufacturer spreads fear, uncertainty, and doubt in order to peddle their hardware. In this case, it happens to be Session Border Controllers (SBCs). We want you to watch this latest “infomercial” for yourself:

To hear Sangoma tell it, every VoIP server protected by merely a firewall is vulnerable to endless SIP attacks unless, of course, you purchase an SBC. And since implementation of Cloud-based servers traditionally limits the ability to deploy an SBC, most Cloud-based VoIP solutions would become vulnerable to SIP attacks. In the words of Sangoma:

And with telecom fraud and PBX hacking on the rise, it’s important to keep your network secure. For most enterprises, it’s not a matter of if-but-when their [sic] network experiences an attack, potentially costing you valuable time and money.

For the benefit of those of you considering a VoIP deployment either locally or in the Cloud using Asterisk, let’s cut to the chase and directly address some of the FUD that’s been thrown out there.

FUD #1: Internet SIP Access Exposes Asterisk to Attack

False. What is true is that unrestricted SIP access to your server from the Internet without a properly secured firewall may expose Asterisk to attack. Perhaps it’s mere coincidence but the only major Asterisk aggregation that still installs Asterisk with an unsecured firewall and no accompanying script, tutorial, or even recommendation to properly lock it down and protect against SIP attacks happens to be from the same company that now wants you to buy a session border controller.

FUD #2: Firewalls Aren’t Designed to Protect Asterisk from SIP Attacks

False. What is true is that the base firewall installation provided in the FreePBX® Distro does not protect against any attacks. In a Cloud-based environment or with local deployments directly exposed to the Internet, that could very well spell disaster. And it has on a number of occasions. The Linux IPtables firewall is perfectly capable of insulating your Asterisk server from SIP attacks when properly configured. With PBX in a Flash and its open source Travelin’ Man 3 script, anonymous SIP access is completely eliminated. The same is true using the tools provided in the latest Elastix servers. And, Incredible PBX servers have always included a secured firewall with simple tools to manage it. Of course, with local VoIP hardware and a hardware-based firewall, any Asterisk server can be totally insulated from SIP attacks whether IPtables is deployed or not. Just don’t open any ports in your firewall and register your trunks with your SIP providers. Simple as that.

FUD #3: SIP Provider Access to Asterisk Compromises Your Firewall

False. Registering a server with SIP or IAX trunk providers is all that is required to provide secure VoIP communications. Calls can flow in and out of your Asterisk PBX without compromising your server or communications in any way. Contrary to what is depicted in the infomercial, there is no need to poke a hole in your firewall to expose SIP traffic. In fact, we know of only one SIP provider that requires firewall changes in order to use their services. Simple answer: use a different provider. Consider how you access Internet sites with a browser from behind a firewall. The connection from your browser to web sites on the Internet can be totally secure without any port exposure in your firewall configuration. Registering a SIP trunk with a SIP provider accomplishes much the same thing. All modern firewalls and routers will automatically handle the opening and closing of ports to accommodate the SIP or IAX communications traffic.

FUD #4: Remote Users Can’t Access Asterisk Without SIP Exposure

False. Over the past several years, we have written about a number of methodologies which allow remote users to securely access an Asterisk server. That’s what Virtual Private Networks and Port Knocking and Remote Firewall Management are all about. All of these solutions provide access without exposing your server to any SIP vulnerabilities! We hope the authors of this infomercial will give these open source tools a careful look before tarnishing the VoIP brand by suggesting vulnerabilities which any prudent VoIP deployment can easily avoid without additional cost. Just use the right products!

Originally published: Thursday, April 23, 2015



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for Incredible PBX users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For Incredible PBX users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

The Gotcha-Free PBX: Simon Telephonics New SIP Gateway for Google Voice

We promised you that free Google Voice calling in the U.S. and Canada would soon be available on every Asterisk® platform whether the platform supported Asterisk Motif or not. And this week we’re covering the second SIP gateway offering for Google Voice. We introduced Bill Simon’s first Google Voice gateway back in June of 2012. This time around the latest iteration features secure OAUTH authentication so there’s no need to divulge your Google Voice credentials. Once you’ve set up your account on the Simonics Google Voice Gateway site,1 you simply create a standard SIP trunk on your Asterisk server or SIP device of choice, and PRESTO! You get secure authentication to Google Voice without worrying whether Google will drop support for insecure authentication methods such as Asterisk Motif down the road. And you can set all of it up for a one-time setup fee. For Nerd Vittles readers, you get $1 off the current $5.99 fee by using this link. Unlike last week’s GVsip offering, the new Simonics service includes free CallerID name lookups plus the ability to connect multiple devices at multiple sites and communicate between the devices using some clever SIP magic. You also can map incoming calls to any SIP URI rather than just the destination from which you register a Google Voice account. This new gateway is a real winner!

Why do this? There are several reasons aside from the free calls and free phone number. First, Google has warned for years that insecure authentication to Google Voice is going away. It hasn’t yet which is the reason Asterisk Motif logins still work. When Google finally pulls the plug (and they will), your Google Voice days are over using the Asterisk platform. Second, some of the Asterisk aggregations such as Elastix® never supported Google Motif. Hence, free Google Voice calling wasn’t available at all to those using the Elastix platform. That limitation is now a thing of the past. You can create a simple SIP trunk and begin enjoying free Google Voice calling in the U.S. and Canada just like some of the rest of us have been doing for years. Third, Google Voice support was the sole reason that many have stuck with the FreePBX® GUI despite the gotchas. Now you have a choice. Any Incredible PBX™ or Asterisk-GUI™ server now supports Google Voice without your having to worry about constant changes to the Asterisk Motif driver to support refinements at the Google Voice end. Now it’s a pure SIP trunk using pure SIP technology as far as Asterisk is concerned. The only limitation is the one imposed by Google. You need to reside in the United States to use Google Voice even though free calling is available to the U.S. and Canada.

If you have difficulty finding the Google Chat option after setting up a new Google Voice account, follow this tutorial.

1. Using your favorite browser, log in to the Google Voice account you wish to associate with the Simonics SIP gateway. Be sure that you’ve enabled Google Chat in your Google Voice setup.

2. Using a separate tab of your browser, connect to the Simonics Google Voice Gateway site.

3. Go through the steps to register your Google Voice account with the Simonics Google Voice gateway and obtain your credentials.

4a. For those using FreePBX or Elastix, use another tab of your browser to open the GUI interface and create a new SIP trunk using your new SIP login credentials. Replace 8005551212 with your actual Google Voice number and YOUR-SIP-PW with your actual Simonics SIP password in BOTH the PEER Details and Registration String. Add your Google Voice number to the end of the Registration String like this: GV18005551212:YOUR-SIP-PW@gvgw.simonics.com/8005551212

4b. For those using Incredible PBX for Asterisk-GUI, simply download and run our One-Click Installer. You’ll need your Simonics SIP account name and password plus a two-digit dialing prefix to use for outbound calls. It’s that simple!

cd /root
wget http://incrediblepbx.com/simonics-addon.tar.gz
tar zxvf simonics-addon.tar.gz
rm -f simonics-addon.tar.gz
./simonics-addon.sh

Once you’ve finished running the script, your trunk will be up and running. There’s no requirement for steps #5 and #6 with Asterisk-GUI. If desired, jump to Step #7 to set up a SIP URI for your incoming calls.

5. Create an Inbound Route for your incoming calls using the 10-digit number you entered at the end of the Registration String in step #4a.

6. Create an Outbound Route for outgoing calls that should be handled by your Google Voice trunk. The CallerID number will be your Google Voice number. You cannot change it.

7. If you’d prefer to send incoming calls to a designated SIP URI instead of the server that registered with the Simonics gateway, enter the address in the format: pbx@myserver.xyz. For additional details, read our previous article on SIP URIs.

8. Repeat this setup procedure for as many Google Voice accounts as you wish to activate using the steps above. If you’re using Incredible PBX for Asterisk-GUI, remember to edit the script and change the TRUNK=simonics entry to something like TRUNK=simonics2. Also use a unique two-digit dialing prefix for each trunk. Be sure to logout of your previous Google account before repeating the drill. Enjoy!


Don’t forget to List Yourself in Directory Assistance with your new IPkall PSTN number so everyone can find you by dialing 411. And be sure to add your new number to the Do Not Call Registry to block telemarketing calls.

Originally published: Monday, April 13, 2015


Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for Incredible PBX users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For Incredible PBX users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. In addition to substantial technical assistance, Simon Telephonics is also a financial contributor to the Nerd Vittles project. []

Where to Begin: A Comparison of Open Source Features in Asterisk Aggregations

We receive frequent inquiries requesting that we document the feature set in the open source Asterisk® distributions that Nerd Vittles writes about each week. So today we’re pleased to provide a Feature Matrix that we will attempt to keep current as we move forward. Just bookmark this page, and you can check back periodically to get a quick thumbnail sketch of what each of these distributions currently supports.1 A chart, of course, doesn’t tell the whole story. But it’s a good starting point.

Not covered this week are the Asterisk aggregations that are either non-GPL code or are produced by organizations whose primary focus is the sale of commercial hardware and/or software. But don’t despair. Nerd Vittles is weeks away from announcing a commercial solution with some surprises that may encourage non-hobbyists to reevaluate your options and to take a fresh look at commercial alternatives, some of which may soon be free. So… hold on to your checkbook a bit longer!

All of the Asterisk aggregations we’re covering today have several things in common. First, all of the products rely upon industry-standard operating system platforms including CentOS, Scientific Linux, Ubuntu, and Raspbian. Each has an enormous user base and technical support team to assure that your operating system remains stable, secure, and non-proprietary for the life of your PBX. All of today’s products also support open source, non-proprietary, and free fax solutions with installers customized to the various platforms. Unlike other alternatives, all of these aggregations compile Asterisk and the graphical user interface used to manage your PBX as part of the install process. That means your compiled code is tailored to your particular hardware, and the source code is always installed on your server to simplify the task of making changes or enhancements to the default install without spending hours scouring the Internet to track down dependencies and missing source components. Try finding 3-year-old source code of some of the other distributions (as the GPL requires), and you’ll appreciate our SourceForge repository which goes back almost 5 years. Last but not least, all of these aggregations support Google Voice directly with free calling and free faxing throughout the U.S. and Canada in just minutes.

Once you’ve identified the feature set that best meets your needs, the next step is finding a tutorial to get you started. Look no further than Nerd Vittles for step-by-step instructions tailored to your specific platform whether it’s dedicated hardware, a virtual machine, or a Cloud-based platform. You won’t find an equivalent resource anywhere else. And, of course, the most user-friendly forum on the planet stands ready to help should you ever hit a snag.

Originally published: Tuesday, February 17, 2015



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for Incredible PBX users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For Incredible PBX users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. Our special thanks to Captain Anonymous for the terrific code that made an HTML layout of this feature comparison chart possible. []
  2. RentPBX is a Platinum Sponsor of the PBX in a Flash project. Install PIAF in the Cloud for $15/mo. with Coupon Code: PIAF2015 []

We Have a Dream, Too: The Return of (Gotcha-free) Open Source VoIP Software

History repeats itself. That’s the timeless old saying, and we have a theory about that. The reason history repeats itself is because most folks never spent much time studying history so they didn’t learn from the mistakes and greed of those that preceded them. Here’s our brief history lesson on technology and what we’ve learned about choosing a pumpkin.

With a Single Pumpkin Provider, Expect to Take Home a Crappy Pumpkin!

Let’s turn back the clock 30 years, shall we? It was 1985. IBM had just introduced the PC/AT. Hewlett Packard was on the verge of releasing the LaserJet printer. The typical office had a dedicated word processing machine from one of a handful of very rich companies. The PC software world had their new Big Three: dBASE III, WordPerfect, and Lotus 1-2-3. Life was good! Copy-protection was still a sparkle in the eye of many software companies, and shrink-wrap licensing agreements were just beginning to keep law firms busy. You may recall that IBM introduced the IBM PC just four years earlier, and DOS 1.0 was released for $30 with the source code for the operating system in the loose leaf notebook. How quickly things would change. The cassette player adapter was no longer viewed as the storage device of choice. Meet the 20MB hard drive!

It didn’t take long for most of these companies to forget what made them household names. With the notable exception of IBM and WordPerfect, it was all about copy protection, a concept that made it almost impossible for major companies and the government to deploy PCs. There was no Internet or Intranet, and there were no networks or email, just dial-up bulletin board systems using state-of-the-art 1200 baud Hayes modems. If you wanted to deploy software at multiple sites, you mailed floppy disks and crossed your fingers. Meet Sneakernet!

At the time, I was building a new PC-based case management system in Atlanta for the 95 bankruptcy courts that were scattered across hundreds of cities in the United States. These courts were literally buried in paperwork from lawyers. It was not uncommon to wait years before your case was scheduled for a hearing. The Administrative Office of U.S. Courts in Washington was deploying mainframe-based bankruptcy software to a handful of courts each year. Thanks to the IBM PC/AT and HP LaserJet printer, we revolutionized case processing in the bankruptcy courts in less than a year. Backlogs quickly disappeared as the bankruptcy courts spit out more paper than even the lawyers could handle.

The major wrinkle in rolling out a PC-based solution wasn’t the lack of hardware and tools. It was copy-protection. Luckily, there was The Lone Victor, a college-dropout whiz kid that worked for one of the big banks headquartered in Atlanta. Because his bank was a beta site for all of the major PC software, he typically cracked the copyright protection schemes and published the fixes on the local BBS the same day the software was released to the public. This meant DBMS software could be purchased and distributed by mail without having to visit hundreds of sites to manually install the basic software components needed to run application software. The courts were not yet following the business playbook so shrink-wrap licensing agreements were non-existent. The theory that violating a license agreement meant you were violating a copyright had not yet been concocted. And the Bigwigs in California were dumbfounded that their costly, (failsafe) copy protection schemes were cracked on Day 1 of each new software release. The identity of The Lone Victor was never exposed… until now. Just kidding!

It was also the beginning of the shareware era. People were tired of paying exorbitant prices for buggy, copy-protected PC software that was rushed to market to cash in on the PC Gold Rush. We were fortunate enough to be amongst several dozen developers that participated in the Association of Shareware Professionals and set some standards for this revolutionary new industry. Our dBASE III clone, WAMPUM, became an overnight hit thanks to an article in the 800-page tabloid of the time, Computer Shopper. I still remember driving home from a weekend trip to find our mailbox literally spilling over into the street with checks from people that had just discovered the magic of shareware. WAMPUM is still available by the way and runs swimmingly on VirtualBox.

The history lesson here could not be more clear. All of these commercial companies and banks viewed themselves as invulnerable because every one of them dominated a particular niche in the marketplace. Could life possibly get any better? Of course, you know the rest of the story. Not a single one remains in the PC business today. All the Big Banks of the 80’s and all the dedicated word processors and their larger-than-life corporate sponsors are pretty much gone as well.

If you have a teenage son or daughter, take a look at what they use today for messaging and communications. That’s a pretty big hint about the chances that today’s VoIP solutions will still be around even 10 years from now. It’s History 101.

As Grandma used to say, “Never get too big for your britches.” When you start resting on your laurels and believing you’re too big to fail, along comes another whiz kid to build a better mousetrap. Yes, we have a dream, too.

With a Single Pumpkin Provider, Expect to Take Home a Crappy Pumpkin!

Pardon our repetition! So what does all of this have to do with Asterisk® and 2015? Well, take another look at last week’s article. Asterisk has a strong open source competitor in FreeSwitch. Without FreeSwitch, we doubt you ever would have seen a product as ambitious as Asterisk 12. The competition has been healthy for both companies AND for those of us that actually use the software. But, in the GUI department, we’re back to the era in which a single product dominates this essential market category. Their way or the highway is the comment we hear over and over from frustrated users. We ended up in this predicament because Digium folded the tent on Asterisk-GUI because of the purchase of a (better) commercial GUI, Switchvox. It actually makes money for the company. Did it mean Asterisk-GUI was flawed? Not at all. In fact, our experimentation suggests quite the opposite. Asterisk-GUI is a better mousetrap in many ways, but development wasn’t generating revenue and was costing Digium manpower money that could be put to better use with a financial return on investment. In case you haven’t noticed, all of the major open source VoIP companies now have commercial VoIP hardware and software offerings. Invariably, open source offerings morph into loss leaders or marketing tools to channel customers to commercial products. That’s what most for-profit companies have had to do to stay afloat. But there’s a right way and a wrong way to go about it, and that’s what last week’s article was all about.

The simple solution to fix market dominance is CHOICES. When you put all your eggs in one basket, we all know what happens. And it has. We’re working very hard to bring more choices and some new players and alternatives to the Asterisk community. We hope you’ll be reading about more of them here… soon. What would happen if there were an open source offering of a Switchvox-like product? What would happen if there were an open source offering of a drag-and-drop GUI for a realtime version of Asterisk? Do we have a crystal ball? Not at all. Do we like to dream of the possibilities and what they would mean to the future of Asterisk and the VoIP community? Absolutely.

In the meantime, do your part. Try out some alternatives. We’re doing our part by bringing them to you with Incredible PBX. It provides a compelling feature set of add-on applications and development tools for Asterisk including text-to-speech, voice recognition, Google Voice free calling and SMS messaging, free fax support, and simplified tools for configuration of Asterisk trunks, extensions, and dialplan code. Initially, the focus of Incredible PBX and PBX in a Flash was broadening the operating system platforms on which Asterisk could be run. In addition to CentOS, we released versions for Fedora, Scientific Linux, Ubuntu, and Debian. Next came virtual machine editions for the Cloud and even for Windows and Macs. Then we tackled tiny hardware platforms to make Asterisk more accessible to a much broader range of users. This included the Raspberry Pi, BeagleBone Black, CuBox-i, and even the PogoPlug. When you can run Asterisk reliably on a $15 to $50 piece of hardware, it’s a big deal.

And that brings us to 2015. Our focus this year is providing a CHOICE of options for actual configuration of Asterisk. We also want to broaden the base from English to support for other languages and countries. Not everyone in the world has a 10-digit phone number. And not everyone needs a product as complex as FreePBX® to set up a VoIP server for their home or business. If all you need is a secure VoIP phone system with SIP phones to make economical phone calls with a high-tech feature set of IVRs, auto-attendants, voicemail, email, SMS messaging, faxes, and smartphone integration, then there are numerous alternatives without the overhead of maintaining and managing a complex database management system, a mail server, a web server, a firewall, and literally hundreds of other Linux applications that many probably never knew were running on their server in the first place.

Does it mean we’re dropping support for FreePBX? Not at all. There’s still hope with new ownership. Does it mean you’re nuts to only consider an Asterisk-based server that includes FreePBX? Absolutely. So what’s out there?? Starting next week, we’ll begin introducing new versions of Incredible PBX for the Asterisk-GUI, for Elastix 3.0 Multi-Tenant, for Gemeinschaft, and…

The best is yet to come. Stay tuned!

Originally published: Monday, January 19, 2015



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

An Open Letter to Sangoma: Here’s to a New Beginning in 2015

2015 is starting off with lots of surprises for the VoIP community so let’s get right to it. Sangoma Technologies has purchased Schmooze Com with all its assets including FreePBX® on January 1. You can read all about it here and here. Please do. The bottom line is the ownership of FreePBX has changed, but the development staff and presumably the future direction of the project have not. As usual, there is more than a little bad mouthing of Fonality for the direction it took the trixbox project while promising to be “different” with this acquisition. We hope so. Keep reading for the rest of the story…

We’ve known the original developers of FreePBX since the Asterisk Management Portal days. And the same goes for the Asterisk@Home and trixbox project team as well as the current FreePBX development team. When we began the PBX in a Flash project, the very first financial backer of our project was Sangoma, and their support of the open source community has been unwavering. What follows is a wakeup call that all is not well in the FreePBX community, and now Sangoma is in a position to fix it. We hope they will… and soon!

When Schmooze Com decided to discontinue its commercial PBX offering and roll it into commercial modules for FreePBX, we were one of the early testers and supporters of those modules and the new approach. We also had an ongoing discussion with Tony Lewis regarding patents, copyrights, commingling of commercial modules with open source code, and numerous other topics. The objective for us and for Tony was to develop a long-term strategy for Schmooze Com that would assure commercial viability while protecting the open source character of FreePBX. In exchange for including commercial module support in the PBX in a Flash offerings, Schmooze Com agreed to build a web site that could detect the platform of the user so that a portion of the proceeds of the commercial purchases could be returned to our project to fund our development efforts. We never saw a dime!

During this same period, we also were seeking a commercial VoIP provider to provide commercial-quality technical support for PBX in a Flash users whenever the need arose. Schmooze Com seemed like a natural fit given our joint development efforts. In May of 2012, we entered into a partnership arrangement with Schmooze Com, a copy of which is reproduced below:

Support and commercial module development continued uneventfully through the end of 2012 with checks to the PBX in a Flash project tallying up to less than $1,000. That just meant our users didn’t have many problems, or so we thought. On January 10, 2013, we received the following email from Tony… but no check:

We have been tracking down some weird issues with a few modules in PBXiaF and have it tracked down that your sysadmin RPM is really old.

Because that RPM is always changing we have created a new REPO that only contains the 3 needed RPMS for commercial module support.

Can you include this repo in your upgrade scripts and next build instead of relying on updating your repos when we change the RPMS

We will always keep this repo updated with the RPMS needed for commercial modules

A week later, we received a follow up email… but no check:

We now have our Portal setup to track Commercial Modules on a per system type basis so we can start paying you a commission on PBXiaF systems.

We seem to keep having issues with PBXiaF users not having updated RPMs such as sysadmin.

We have setup a repo that we would like you to include that way they are pulling the needed RPMs from our repo. Its [sic] the same repo we are now using in FreePBX and Asterisk Now is now also using.

We made the necessary changes to PBX in a Flash and incorporated the Schmooze commercial repo based upon the assurance that it would only “contain the 3 needed RPMS for commercial module support.” This is critically important from a security standpoint since any repo activated on a Linux server basically gets a blank check with root privileges to modify virtually anything on that server. Keep reading! It gets worse.

In February, 2013, Schmooze Com acquired FreePBX from Bandwidth.com. Perhaps not coincidentally, that also marked the end of the money trail from Schmooze Com to the PBX in a Flash project. Shortly thereafter, we began receiving reports from various PIAF users that their (paid) call for commercial technical support was more of a sales pitch urging them to switch to the FreePBX Distro for “better support.” Compare that advice to Section 5 of the Memorandum of Understanding we have reproduced above.

In 2014, our relationship with Schmooze Com went from bad to worse as the company began squeezing other contributors to the PBX in a Flash project for money. One provider of SIP services developed an add-on open source module which end-users could download and install into FreePBX to facilitate configuration of their SIP credentials. This provider, who also happened to be a competitor of Schmooze Com’s SipStation, received a threatening email in March of 2014 which included the following:

We also see you have a FreePBX module that is used to manage and configure your trunks which violates our Copyright Policy on using the FreePBX Framework and module system. As stated on our trademark page.

“FreePBX provides a module system to allow plugging in 3rd party modules into your FreePBX system. Any module that uses the FreePBX Module, Framework or GUI system must be released as GPL and use of the module must be for controlling or managing other GPL or open source software. Schmooze Com, Inc as the copyright holder does reserve the right to release modules that are not GPL and under a different license under a dual license model.”

Since you [sic] modules sole purpose is to configure and manage your trunking service this would be in violation of FreePBX usage policy.

Imagine the reaction from Sangoma if Digium had ever announced that Asterisk modules to support analog cards from suppliers other than Digium could not be used with Asterisk because it would violate Digium’s “Copyright Policy on using the [Asterisk] Framework and module system.”

Shortly thereafter, a number of cloud service providers contacted us indicating that Schmooze Com was demanding royalties for use of the open source FreePBX product in cloud offerings of the open source PBX in a Flash product line. Never mind that Schmooze Com uses hundreds of open source products commercially including Asterisk, Apache, PHP, and MySQL without payment of any license fees.

Get the picture? Now mere use of the open source FreePBX product in a commercial offering was prohibited without payment of a Schmooze Com “trademark and copyright fee.” Now tell me again that yarn about Fonality being a lousy steward of the trixbox project. They never pulled a stunt like this! And then, of course, there’s the plain language of the FreePBX GPL license:

1. You may copy and distribute verbatim copies of the Program’s source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.

You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:

a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)

The final straw (as if we needed one) was the recent declaration that FreePBX commercial modules “are not Open Source GPL and are only designed to work with the FreePBX Distro.” This, of course, is long after many PBX in a Flash users had purchased commercial modules on the frequent recommendation of Schmooze Com employee postings on the PIAF Forum.

And to start the new year off with a bang, Schmooze Com quietly added additional (non-commercial) components to their commercial repository which immediately broke the Fail2Ban security module used by PBX in a Flash. Through the commercial module repo, we now have a backdoor security issue because Schmooze Com is no longer honoring their agreement to restrict the Schmooze Com commercial repo to “the 3 needed RPMS for commercial module support.”

We will fix it shortly… and permanently.

Ultimately you, our readers, get to judge whether Schmooze Com’s stewardship of the FreePBX project has been a model for the open source community. From our vantage point, it has been anything but that. Sangoma has enormous good will in the open source community. We trust they will take the necessary steps to correct these abuses for the benefit of the open source FreePBX project and those who continue to develop and use it.

Continue reading Page 2…

Originally published: Monday, January 12, 2015



Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Some Recent Nerd Vittles Articles of Interest…

Lessons Learned: Getting Started in the Billion Dollar VoIP Business

So you’ve built a few VoIP PBXs for your neighbors and your friends’ small businesses. And now you want to make a living doing it full time. After all, it wasn’t that hard to get started since all of the VoIP software was practically free, and the hardware investment was only a few hundred bucks. But now your friends need a way to make reliable phone calls every day, and they want someone to call when the phones don’t work. Welcome to the VoIP Business! Our objective today is to paint you a picture of what actually lies ahead in the Asterisk® and FreePBX® business so that you don’t get blindsided.

Lesson #1. Asterisk is a business run by Digium to make money for the corporation. FreePBX is a business run by Schmooze Com to make money for the corporation. Both companies do this in several ways. They sell hardware. They sell commercial software. They sell hosted phone service. They sell phone trunks to make and receive phone calls. And they sell support. The lifeblood of these companies is paying customers, lots of them. There’s nothing necessarily sinister about any of this. It’s the way all corporations work.

Lesson #2. You can’t do it all. You may be a super salesman, a talented programmer, or a great customer service guy. But you’re probably not all three. And, if you have a family, the rest of them probably don’t want the phones ringing off the hook starting at dinner time until 2 a.m. every morning. There’s a reason corporations charge a pretty penny for support. Somebody has to be there during dinner time and at 2 a.m. to answer the phone calls and solve the problems.

Lesson #3. Your friends are cheap frugal. They’d prefer to pay nothing for their phone system, and they’d prefer to pay nothing when they need to call you to fix it. You’re a nice guy so you don’t want to leave your friends in the lurch when you decide to take that Christmas ski trip. What to do? Hire an outside company to provide your support. Heh! Keep reading.

Lesson #4. The stark reality at the corporate end of the VoIP business is RECURRING REVENUE. They can’t stay afloat just selling hardware and software. Once folks have bought it, the company either needs new paying customers or a way to keep existing customers paying to keep the lights on. There are three options: hosted phone service, phone trunks, and support.

If you’ve done your homework, you know that you can buy incoming phone lines for your PBXs at a monthly cost of a few bucks. Or you can stick with Ma Bell for incoming trunks and up the monthly cost by a factor of ten in exchange for reliability and support. Outgoing phone calls can be made for a penny or two a minute to all but the most exotic and remote areas of the world. Or you can use trunks provided by Ma Bell or Comcast or Time Warner for ten times the monthly cost. Then there are the so-called unlimited trunks from companies such as Digium and Schmooze Com. For $20+ to $25+ per month, you get the ability to make or receive several thousand minutes of calls each month so long as the calls arrive one at a time. If you want to make or receive multiple calls simultaneously, multiply the cost for each simultaneous call by twenty to twenty-five bucks depending upon your provider choice. All of a sudden, Ma Bell isn’t looking that expensive, is she?

Lesson #5. When you’ve grown your user base to the point that you don’t want to lose your customers, be careful in choosing a company to provide your support. If they happen to be in the same business as you (and they probably are), ask yourself this question. Would you send your girlfriend alone on a two-week cruise with any of your male buddies? Didn’t think so. Reread Lesson #1.

To be continued… Happy New Year!!

Originally published: Monday, December 29, 2014



Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Ringbinder theme by Themocracy