Open Source has bad reputation in Israel!

The Open Source movement had been in existence since the 60’s, and we can surely find its roots somewhere along the hippie culture and movement. While Free-Love had transcended to Free-Code, or to be more exact – Free-Knowledge, the question of the sources for your Open Source is still questionable. Comparing it with the Sixties, it’s easy to compare the various “Free-Love” movements with the various “Open Source Paradigms” of today. While GPL, BSD, MPL, ZPL and others preach for Open Source adaptation – each one took a different path.

While the paths differ, but the end result is more or less the same, all suffer from a serious lack – a bad reputation. While in the early 2000, Open Source usually meant – highly stable, state of the art technology, increased ROI, lowered TCO and most importantly for many – COOL. Coming 2008, Open Source is starting to get a bad rep, due to the ever increasing simplicity of entering the Open Source world.

I started using Linux somewhere around 1994. My first Linux distribution was a Slackware, with a kernel of 1.0.28 – I needed 99 floppy disks in order to install the system, and it took me a few hours to do so. However, I can’t forget my amazement at seeing the X-Windows environment booting up, and more than that, being completely overwhelmed with the fact that I have a fully functional UNIX environment in my house, just like the one I had in my Army office. Now, I basically had no one to teach me this new environment, so, I had to take my UNIX skills (Solaris and AIX) and adopt to Slackware Linux – it took me a few weeks to get around, but I got around and stuck to it ever since.

Now, let’s jump 14 years forward in time. The year is 2008, a graphic based environment for Linux is no longer a myth and it is getting better and better by the day. People are starting to adopt Linux beyond the academic and the ISP market sectors, slowly integrating Linux based distributions (Mandriva, Ubutnu) on to their desktops and notebooks. Linux is become simple and appealing to everybody.

When something becomes easy to use, people make good use of it – a good example is the Asterisk project. Projects such as TrixBox (AKA: AsteriskAtHome), PBXinaFlash, AsteriskNOW and others had made Asterisk into a simple installation product, that can be installed and managed by any half-decent sysadmin. Problem is, while a half-decent sysadmin will do a fair job of maintaining the system, a shitty sysadmin will crap everything to hell. But hell, that is true for almost anything related to computers or technology – there’s nothing new here! Well, there is nothing new and everything is now new. People who were more or less selling shoes 3 years, then 2 years decided to sell ISP routers, then a year ago started selling IP phones, are now selling Asterisk based systems – using these distibutions, while having no idea what they are selling or promoting. For these people, Asterisk is nothing more beyond FreePBX – once encountering deeper issues, will simply abandon the customer – leaving the Open Source product with a bad rap with the, now disappointed, customer.

I want to believe that other places in the world are different, I want to believe that Israel will reach a point in time when this doesn’t happen – however, I guess that only time will tell and I surely hope this will change in Israel.

FBI Claims Asterisk is unsafe – what a load of bull

After seeing well too many movies about the US and after visiting the US for a few times, many people tend to disrespect the FBI in the USA. While I have much respect for most law enforcement agencies, wherever these are located in the world, I must admit, that the latest warning from the FBI regarding Asterisk borderlines pure hystria and complete misunderstanding of the actual issue.

On Dec 8th, the FBI had issued the following warning:

New Technique Utilizing Private Branch Exchange (PBX) Systems To Conduct Vishing Attacks

The FBI has received information concerning a new technique used to conduct vishingi attacks. The recent attacks were conducted by hackers exploiting a security vulnerability in Asterisk software. Asterisk is free and widely used software developed to integrate PBXii systems with Voice over Internet Protocol (VoIP), digital Internet voice calling services; however, early versions of the Asterisk software are known to have a vulnerability. The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour.

http://www.ic3.gov/media/2008/081205-2.aspx

Now, after a full weekend of frenzy trying to understand the cryptic warning the IC3 had issues, it was gathered that it is referring to an old time bug, related to Asterisk distributions prior to 1.4.18. Being familiar with the particular bug and the exploitation method – I can say this: They surely have no idea what they are talking about!

The exploitation of the bug requires several pre-requirements:

  • A certain IAX2 configuration has to be deployed
  • A certain version of Asterisk must be used
  • A certain form of dialplan has to be existing
  • You Asterisk server needs to be available on the Internet

Now, even when these 4 are met, the exploitation isn’t all that simple and that straight forward. So, in other words, if you are not utilizing any of the above, you can rest assured that your system is fine. In any case, any system is as secured as the dumbest user (in our case developer/sysamdin) who uses it.

Sierra AirCard 880E and Mandriva Linux

As you probably already learned from a previous post, I’ve switched to Mandriva from my previous FedoraCore distro, running on my home PC and my old ThinkPad T42 notebook.

Recently, I’ve signed up with Cellcom, an Israeli cellular provider for data connection only. I’ve received a Sierra AirCard 880E, which installs easily on Windows and on MacOSX, however, Linux was a little tricky. While reading several sources around the internet, dealing mainly with some shell based scripts – Mandriva is different – simply requires a bit to know the Mandriva framework in order to get it working right.

Step 1: Know where your AirCard is

As the AirCard is inserted to the computer, Mandriva will automatically load the respected kernel module and will automatically assign the /dev/ttyUSB0 device to it.

Step 2: Mandriva Control Center

In the Mandriva control center, launch the network configuartion tool for creating a new connection. Here’s the trick, you need to create a “POTS” connection, not a 3G/EDGE connection. The reason is that the EDGE/3G functionality is maintained by the AirCard itself, Linux has nothing to do it.

Step 3: Configure your connection

I named my connection as Cellcom and setup the following as my dial-in number: *99# – this is very important. Select PAP/CHAP as your login type and set both the username and password to be “cellcom”.

From this point onwards, you should be just fine and up on the network in no time :-)

Zip up, Slim down, let the heads roll…

Like most of the world, I’ve been following the recent market turmoil with a great burden on my shoulder. When you think about it, I’m not a stock broker, nor am I a multi-billionaire that has his funds invested in various stocks and bonds, that a single 0.1% shift in the NASDAQ translates to millions of dollars. I’m a software developer, a freelance one, dealing in the Open Source – and like anybody else, I’m worried about how this crisis immediately affects me.

Today, I came across two items, post on www.themarker.com – Israel’s topmost Internet based financial/business daily. The two items dealt with how three of the better known VC’s in Israel had started instructing their investees to start cutting down costs – mainly, firing people. The three VC’s that I’m talking about are: Carmel Ventures, Benchmark Israel and Sequoia Capital. You are probably wondering why is this interesting? the VC’s in the item had directly instructed their investees to cut down people, costs, operational costs, loose dead weight – in other words, find ways to reduce your costs. Sequoia even out did Carmel and Benchmark, by inviting the investees to a meeting called: “RIP: Good Times”!

Shortly after I finished reading the two items, I got a phone call from a friend working at one of Sequoia’s companies (a well known one in Israel) asking me if he can come work for me. I was surprised, this is the first time I’ve ever read something in the news, and was directly affected by it. As far as I gathered, his company basically took a team of 8 people and reduced it to 2. Now, I completely understand tightening up, but running an operation on a 25% man power is stupid! Running at 50% is manageable, but 25% is down right crazy. For 2 people to do the work of 8, they would need to eat, drink, sleep, live, do everything within the office – I know, I’ve been there. During the year 2003, m-Wise was more or less in the shit. In the year 2002 I had a team that consisted of another SysAdmin and 3 more support techs. In 2003 I was left alone, and I basically did everything myself! – how crazy is that. But again, I decided that I’m not going to have a life for a certain period of time – that is all, not everybody is willing to make that sacrifice.

Now, this case goes hand in hand with my previous post – the migration to Open Source technologies is no longer a myth or a “nice-to-have” issue, it is a matter of business continuity and good expense management. Think about it, the company that fired 75% of their team, could have easily replaced part of their server infrastructure from Windows to Linux, migrate their Oracle database to PostgreSQL and save thousands and thousands of dollars a year, and maybe even save a job or two in the process.

Now, here’s what I think (and I know for fact I’m gonna get slammed here): Hey, VC’s, stop telling the companies to let go people. Sure, get rid of dead weight – no one needs those M$ based shitty, money grabbing, time consuming, hardware intensive environment. Wouldn’t it be better to not pay M$ a few ten’s of thousands of dollars a year, and maybe save a man’s job, or maybe even 2? M$ has enough money of their own, all you are doing is making sure they keep on making money, while the rest are fighting for their lives. Why don’t the VC’s hire Open Source consultants, to help them examine their investees and maybe, just maybe, they will find ways to invest their funds in a wiser way and help these companies to survive the current financial turmoil.