2015 is starting off with lots of surprises for the VoIP community so let’s get right to it. Sangoma Technologies has purchased Schmooze Com with all its assets including FreePBX® on January 1. You can read all about it here and here. Please do. The bottom line is the ownership of FreePBX has changed, but the development staff and presumably the future direction of the project have not. As usual, there is more than a little bad mouthing of Fonality for the direction it took the trixbox project while promising to be "different" with this acquisition. We hope so. Keep reading for the rest of the story…
We’ve known the original developers of FreePBX since the Asterisk Management Portal days. And the same goes for the Asterisk@Home and trixbox project team as well as the current FreePBX development team. When we began the PBX in a Flash project, the very first financial backer of our project was Sangoma, and their support of the open source community has been unwavering. What follows is a wakeup call that all is not well in the FreePBX community, and now Sangoma is in a position to fix it. We hope they will… and soon!
When Schmooze Com decided to discontinue its commercial PBX offering and roll it into commercial modules for FreePBX, we were one of the early testers and supporters of those modules and the new approach. We also had an ongoing discussion with Tony Lewis regarding patents, copyrights, commingling of commercial modules with open source code, and numerous other topics. The objective for us and for Tony was to develop a long-term strategy for Schmooze Com that would assure commercial viability while protecting the open source character of FreePBX. In exchange for including commercial module support in the PBX in a Flash offerings, Schmooze Com agreed to build a web site that could detect the platform of the user so that a portion of the proceeds of the commercial purchases could be returned to our project to fund our development efforts. We never saw a dime!
During this same period, we also were seeking a commercial VoIP provider to provide commercial-quality technical support for PBX in a Flash users whenever the need arose. Schmooze Com seemed like a natural fit given our joint development efforts. In May of 2012, we entered into a partnership arrangement with Schmooze Com, a copy of which is reproduced below:
Support and commercial module development continued uneventfully through the end of 2012 with checks to the PBX in a Flash project tallying up to less than $1,000. That just meant our users didn’t have many problems, or so we thought. On January 10, 2013, we received the following email from Tony… but no check:
We have been tracking down some weird issues with a few modules in PBXiaF and have it tracked down that your sysadmin RPM is really old.
Because that RPM is always changing we have created a new REPO that only contains the 3 needed RPMS for commercial module support.
Can you include this repo in your upgrade scripts and next build instead of relying on updating your repos when we change the RPMS
We will always keep this repo updated with the RPMS needed for commercial modules
A week later, we received a follow up email… but no check:
We now have our Portal setup to track Commercial Modules on a per system type basis so we can start paying you a commission on PBXiaF systems.
We seem to keep having issues with PBXiaF users not having updated RPMs such as sysadmin.
We have setup a repo that we would like you to include that way they are pulling the needed RPMs from our repo. Its [sic] the same repo we are now using in FreePBX and Asterisk Now is now also using.
We made the necessary changes to PBX in a Flash and incorporated the Schmooze commercial repo based upon the assurance that it would only "contain the 3 needed RPMS for commercial module support." This is critically important from a security standpoint since any repo activated on a Linux server basically gets a blank check with root privileges to modify virtually anything on that server. Keep reading! It gets worse.
In February, 2013, Schmooze Com acquired FreePBX from Bandwidth.com. Perhaps not coincidentally, that also marked the end of the money trail from Schmooze Com to the PBX in a Flash project. Shortly thereafter, we began receiving reports from various PIAF users that their (paid) call for commercial technical support was more of a sales pitch urging them to switch to the FreePBX Distro for "better support." Compare that advice to Section 5 of the Memorandum of Understanding we have reproduced above.
In 2014, our relationship with Schmooze Com went from bad to worse as the company began squeezing other contributors to the PBX in a Flash project for money. One provider of SIP services developed an add-on open source module which end-users could download and install into FreePBX to facilitate configuration of their SIP credentials. This provider, who also happened to be a competitor of Schmooze Com’s SipStation, received a threatening email in March of 2014 which included the following:
We also see you have a FreePBX module that is used to manage and configure your trunks which violates our Copyright Policy on using the FreePBX Framework and module system. As stated on our trademark page.
"FreePBX provides a module system to allow plugging in 3rd party modules into your FreePBX system. Any module that uses the FreePBX Module, Framework or GUI system must be released as GPL and use of the module must be for controlling or managing other GPL or open source software. Schmooze Com, Inc as the copyright holder does reserve the right to release modules that are not GPL and under a different license under a dual license model."
Since you [sic] modules sole purpose is to configure and manage your trunking service this would be in violation of FreePBX usage policy.
Imagine the reaction from Sangoma if Digium had ever announced that Asterisk modules to support analog cards from suppliers other than Digium could not be used with Asterisk because it would violate Digium’s "Copyright Policy on using the [Asterisk] Framework and module system."
Shortly thereafter, a number of cloud service providers contacted us indicating that Schmooze Com was demanding royalties for use of the open source FreePBX product in cloud offerings of the open source PBX in a Flash product line. Never mind that Schmooze Com uses hundreds of open source products commercially including Asterisk, Apache, PHP, and MySQL without payment of any license fees.
Get the picture? Now mere use of the open source FreePBX product in a commercial offering was prohibited without payment of a Schmooze Com "trademark and copyright fee." Now tell me again that yarn about Fonality being a lousy steward of the trixbox project. They never pulled a stunt like this! And then, of course, there’s the plain language of the FreePBX GPL license:
1. You may copy and distribute verbatim copies of the Program’s source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.
You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)
The final straw (as if we needed one) was the recent declaration that FreePBX commercial modules "are not Open Source GPL and are only designed to work with the FreePBX Distro." This, of course, is long after many PBX in a Flash users had purchased commercial modules on the frequent recommendation of Schmooze Com employee postings on the PIAF Forum.
And to start the new year off with a bang, Schmooze Com quietly added additional (non-commercial) components to their commercial repository which immediately broke the Fail2Ban security module used by PBX in a Flash. Through the commercial module repo, we now have a backdoor security issue because Schmooze Com is no longer honoring their agreement to restrict the Schmooze Com commercial repo to "the 3 needed RPMS for commercial module support."
We will fix it shortly… and permanently.
Ultimately you, our readers, get to judge whether Schmooze Com’s stewardship of the FreePBX project has been a model for the open source community. From our vantage point, it has been anything but that. Sangoma has enormous good will in the open source community. We trust they will take the necessary steps to correct these abuses for the benefit of the open source FreePBX project and those who continue to develop and use it.
Originally published: Monday, January 12, 2015
Need help with Asterisk? Visit the PBX in a Flash Forum.
Some Recent Nerd Vittles Articles of Interest…