Open Source, Philanthropy and Asterisk

Tux, the Linux mascot

Image via Wikipedia

When I started using Open Source software, it seemed like all Open Source projects are driven by philanthropic agendas. We were all focused on “sticking it to the man” – showing all these would be software vendors that community driven projects can do just as well – if not better.

"When I was a child I spoke as a child I 
understood as a child I thought as a child; 
but when I became a man I put away childish 
things." - I Cor. xiii. 11.

Well, I’m not claiming that Open Source is childish – absolutely not, however, when you are a student you tend to look at things in one way, when you have a family to care for – you start looking at things differently. You remember these days in life when your dad said: “When you’ll have children you will understand” – well, now I do.

So, what am I rambling about exactly? I’ll tell you. The day before Passover I attended several meetings, which when I came back home had pissed me off immensely. I feel an urge to write all about these meetings, including who I met exactly, however – I won’t do that. However, I will give a rough idea of these.

Meeting 1 : A world recognized Mobile application player

I came into the meeting with this company, where the CTO of the company explained to me that they are looking to create an Asterisk based solution for their application’s users. My initial question was: how many users? what is your concurrency level? – The answer that I got was: “Oh, we don’t need something major, just a few lines of configurations in Asterisk config files in order to make this work”.

I left the meeting slightly pissed off, thinking to myself: “You bloody inconsiderate prick! You bring me to a meeting, spend my time – and then telling me that this is just a few lines of configuration. If it is that simple, why don’t you do it yourself? you have 20 developers in there, 4 IT people and god knows how many outsourced workers off-shore – if it was that simple, you would have done it already – so probably it isn’t – right?”

Meeting 2 : A well established IVR services vendor

The second meeting was with a well established IVR content vendor, this company runs around 16M minutes of inbound IVR traffic every month. They invited me in order to talk about expanding into new countries, wishing to get premium based access numbers in various countries. So, we started talking, and the guy indicates that he wants a certain kick-back payout, which I know is impossible – at least without charging the user more. Actually, the guy indicated that out of the interconnect fee, he wants to get almost 90% as a kick back.

Meeting 3 : A start up rendering IVR content

The third meeting was the most amazing one – these guys wanted to build an Asterisk system to server around 4000 concurrent channels – outsource the entire development to my company – and pay as a revenue share. When I asked for their business model, marketing plan, investors, profiles – I got a response of – we don’t yet have all of these, we only have an idea at this point that we want to implement.

Garage based companies are built by people who can do the work themselves, not the other way around.

Photograph of Mark Shuttleworth by Martin Schm...
Image via Wikipedia

At this point, you are probably asking yourself: “What does this have to do with the title?” – Well, all of these meetings had one thing in common. The people I met were under the impression that Open Source is some form of philanthropy. Or to be more exact, people who deal with the Open Source market are philanthropists. My question is this: “Why are we perceived as philanthropists? don’t we have families to care for? don’t we need to pay mortgages and bills just like everybody else?”. I guess when people read about the various Open Source entrepreneurs, such as Mark Shuttleworth – the immediately associate Open Source with Big Exists – this is not the case.

At some level, this is purely our fault – we educated people that Open Source is a highly economical methodology of solving technical challenges. No where along the way, had we educated the public that behind the model there are people, people who need to make a living.

If you are an Open Source consultant, developer, evangelist or just someone who may have an opinion on this, I’d love to read what you say.

Reblog this post [with Zemanta]

Winsows? Salsa? CheckPoint watching too much Seinfeld

Recently, I had to install the CheckPoint SecureClient on my notebook, which is currently running Windows 7 (ok, a linux guys running Windows 7 is something completely different, but let’s talk about that later). In any case, I’ve gone into the CheckPoint website, looking for SecureClient, and got a really funny Seinfeld flash-back:

winsows? Windows? you tell the differnece

This kinda reminded me of this:

Reblog this post [with Zemanta]

Why will proprietary software will eventually die?

Last night I met with a friend of mine, Mr. Doron Ofek. For those of you not familiar with the Open Source market in Israel, Doron is the one person most affiliated with RedHat in Israel, as Doron championed the adaptation of RedHat Linux servers in various enterprises and government offices in Israel. Doron is currently heavily involved in the OpenMoko project and its adaptation and promotion in Israel.

We spent a great deal of time last night, talking about the various aspects of Open Source training in Israel – as both us provide various training services to this market sector. While I’m mostly focused on Asterisk Training, Doron is focused on Linux and XEN training. Both of us have some our training routes knee deep in Israel’s computer/IT training companies, namely Matrix, Hi-Tech College and John Bryce. We both talked about our discontent with their inability to promote and market Open Source training courses, simply because they have no idea what these are.

For example, while Hi-Tech college were incapable of signing up a single person for an Asterisk Bootcamp course, I had signed up 10 people to a my first bootcamp – without any marketing or sales budget, simply by putting out the word in the right places. Now, Hi-Tech college has a list of over 5000 people who studied Linux and other Open Source and networking subjects in their college – should have they been able to gather up at least 10 people as well (less then 0.5% of their entire customer base)? the answer is a definite yes, why were they unable to do so? simply because they have no idea what Asterisk is, how it can be marketed, how it can sold and how the customer should be approached.

Doron had indicated a similar issue with both John Bryce and Matrix – however, due to other reasons. However, Doron had managed to sell quite a few training courses for Linux on his own – without any help from the big boys – how did that happen? how is it possible that Doron and I succeeded where the other colleges had failed? how can that be? – then we both realized why eventually, proprietary software will die and the Open Source movement, over the course of time, will simply negate the presence of proprietary software – simply because Open Source people provide for better marketing strategies and methodologies.

Did we learn how to do marketing on school? are we marketing people by nature? the answer is NO – we learned how to market our belief in the Open Source initiative over the course of time. We championed Open Source in various enterprises, events, public speakings and other places. We were the “soap box” speaker at Hide Park’s Speakers Corner, we were that crazy man on the street screaming: “The world is coming to an end, repent!” (well, you know what I mean) – but all in all, as time progressed we learned how to market the Open Source initiative and our belief – the large enterprises are stuck in their own belief and stagnant marketing strategies and plans. As time progressed, the various “champions” left the large enterprises, simply because they got fed up with the wrongful methodology of these and followed their own path – and doing so with moderate success.

In my belief, as time will progress, the large enterprises will surely migrate to the Open Source, and I won’t be surprised if within a period of 5-6 years Microsoft will be shipping out a version of Windows that is based on the Linux Kernel – or another Open Source distibution methodology. Call me crazy, call me chaotic, call me a dreamer – but mark my words – this will happen.

Open Source has bad reputation in Israel!

The Open Source movement had been in existence since the 60’s, and we can surely find its roots somewhere along the hippie culture and movement. While Free-Love had transcended to Free-Code, or to be more exact – Free-Knowledge, the question of the sources for your Open Source is still questionable. Comparing it with the Sixties, it’s easy to compare the various “Free-Love” movements with the various “Open Source Paradigms” of today. While GPL, BSD, MPL, ZPL and others preach for Open Source adaptation – each one took a different path.

While the paths differ, but the end result is more or less the same, all suffer from a serious lack – a bad reputation. While in the early 2000, Open Source usually meant – highly stable, state of the art technology, increased ROI, lowered TCO and most importantly for many – COOL. Coming 2008, Open Source is starting to get a bad rep, due to the ever increasing simplicity of entering the Open Source world.

I started using Linux somewhere around 1994. My first Linux distribution was a Slackware, with a kernel of 1.0.28 – I needed 99 floppy disks in order to install the system, and it took me a few hours to do so. However, I can’t forget my amazement at seeing the X-Windows environment booting up, and more than that, being completely overwhelmed with the fact that I have a fully functional UNIX environment in my house, just like the one I had in my Army office. Now, I basically had no one to teach me this new environment, so, I had to take my UNIX skills (Solaris and AIX) and adopt to Slackware Linux – it took me a few weeks to get around, but I got around and stuck to it ever since.

Now, let’s jump 14 years forward in time. The year is 2008, a graphic based environment for Linux is no longer a myth and it is getting better and better by the day. People are starting to adopt Linux beyond the academic and the ISP market sectors, slowly integrating Linux based distributions (Mandriva, Ubutnu) on to their desktops and notebooks. Linux is become simple and appealing to everybody.

When something becomes easy to use, people make good use of it – a good example is the Asterisk project. Projects such as TrixBox (AKA: AsteriskAtHome), PBXinaFlash, AsteriskNOW and others had made Asterisk into a simple installation product, that can be installed and managed by any half-decent sysadmin. Problem is, while a half-decent sysadmin will do a fair job of maintaining the system, a shitty sysadmin will crap everything to hell. But hell, that is true for almost anything related to computers or technology – there’s nothing new here! Well, there is nothing new and everything is now new. People who were more or less selling shoes 3 years, then 2 years decided to sell ISP routers, then a year ago started selling IP phones, are now selling Asterisk based systems – using these distibutions, while having no idea what they are selling or promoting. For these people, Asterisk is nothing more beyond FreePBX – once encountering deeper issues, will simply abandon the customer – leaving the Open Source product with a bad rap with the, now disappointed, customer.

I want to believe that other places in the world are different, I want to believe that Israel will reach a point in time when this doesn’t happen – however, I guess that only time will tell and I surely hope this will change in Israel.

FBI Claims Asterisk is unsafe – what a load of bull

After seeing well too many movies about the US and after visiting the US for a few times, many people tend to disrespect the FBI in the USA. While I have much respect for most law enforcement agencies, wherever these are located in the world, I must admit, that the latest warning from the FBI regarding Asterisk borderlines pure hystria and complete misunderstanding of the actual issue.

On Dec 8th, the FBI had issued the following warning:

New Technique Utilizing Private Branch Exchange (PBX) Systems To Conduct Vishing Attacks

The FBI has received information concerning a new technique used to conduct vishingi attacks. The recent attacks were conducted by hackers exploiting a security vulnerability in Asterisk software. Asterisk is free and widely used software developed to integrate PBXii systems with Voice over Internet Protocol (VoIP), digital Internet voice calling services; however, early versions of the Asterisk software are known to have a vulnerability. The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour.

http://www.ic3.gov/media/2008/081205-2.aspx

Now, after a full weekend of frenzy trying to understand the cryptic warning the IC3 had issues, it was gathered that it is referring to an old time bug, related to Asterisk distributions prior to 1.4.18. Being familiar with the particular bug and the exploitation method – I can say this: They surely have no idea what they are talking about!

The exploitation of the bug requires several pre-requirements:

  • A certain IAX2 configuration has to be deployed
  • A certain version of Asterisk must be used
  • A certain form of dialplan has to be existing
  • You Asterisk server needs to be available on the Internet

Now, even when these 4 are met, the exploitation isn’t all that simple and that straight forward. So, in other words, if you are not utilizing any of the above, you can rest assured that your system is fine. In any case, any system is as secured as the dumbest user (in our case developer/sysamdin) who uses it.