Slashdot Mirror
GNU Free Call Announced, SIP-based VoIP
andrea.sartori sent in the "development plan for GNU Free Call, an open source VoIP service based on the SIP protocol. According to the announcement, it 'aims to be as ubiquitous and usable as the proprietary Skype VOIP service.'"
So this has no relation to the two previous articles? http://mobile.slashdot.org/story/11/03/15/0432226/Richard-Stallman-Cell-Phones-Are-Stalins-Dream http://it.slashdot.org/story/11/03/15/1513257/Encrypted-VoIP-Meets-Traffic-Analysis
I hate to upset RMS again, but dropping the GNU and just calling it FreeCall would be fine.
In case you're not aware, Ekiga already exists and is a free-software SIP client implementation. See http://ekiga.org/ . At best this should be an extension for Ekiga, not an entirely new project.
-molo
Ekiga is a softphone client, not secure self-organized communication services.
This project aims to implement the entire VOIP network back-end, vaguely similar to how Skype does it (largely P2P).
"Work is the curse of the drinking classes." -Oscar Wilde
"This project’s definition of secure media is similar to Zimmermann’s work on ZRTP, in that we assure there is no forwarding knowledge by using uniquely generated keys for each communication session. Furthermore, we will use GNU Privacy Guard (GPG) to fully automate session validation. This will be done by extending the SIP protocol to exchange public keys for establishing secure media sessions that will be created by each instance of SIP Witch operating at the end points on behalf of local SIP user agents, and then verifying there is no man-in-the-middle by exchanging GPG signed hashes of the session keys that were visible at each end."
So there are encryption measures in hand. Even vanilla VoIP has SIP over TLS and SRTP to work with. ZRTP is reasonably well supported too. It also employs a Skype-style P2P routing system, which should help provide a comparable degree of anonymisation: "Our goal is to make GNU Free Call ubiquitous in a manner and level of usability similar to Skype, that is, usable on all platforms, and directly by the general public for all manner of secure communication between known and anonymous parties, but without requiring a central service provider to register with, without using insecure source secret binary protocols that may have back-doors, and without having network control points of any kind that can be exploited or abused by external parties. By doing so as a self organizing meshed calling network, we further eliminate potential service control points such as through explicit routing peers even if networks are isolated in civil emergencies."
So, which is preferable, transparency wise, a technology provided by a publicly traded company, or an open-source technology which can be administered by the end users if they so wish?
Empathy, Ekiga, Twinkle... the list goes on. Even pidgin has SIP plugins. Why is this project special or needed?
It'll probably be a command line tool or library that nobody will use in its pure form; instead, they'll use a GUI frontend with a completely different name. I expect it'll eventually be built into Pidgin and other chat programs.
Of course, I didn't read the article so it's all a mystery! I love surprises.
When people started using websites and home routers
SIP doesn't even traverse NAT firewalls without help from outside, and even then, barely.
SIP is also too verbose, and therefore it's hard to tweak the network to avoid jitter. (This is a huge problem currently)
A large reason why Skype became so popular is, that it didn't have the same problems as SIP.
IAX2 has none of these problems, supports multiple line trunking, and, it's already supported by lots of software and hardware.
IAX2 was developed out of a need for an efficient call trunking protocol for the free PBX called Asterisk.
In the beginning, the author clearly stated IAX shouldn't be used by others (moving target), but since it's clearly being used already, it's become a sort of de-facto standard since nothing else works as well.
audacity is not GNU, linux is not GNU, VLC is not GNU. hell even gcc isn't much GNU, and hasn't been for a long time. I don't know what's filezilla and can't be bothered to google it, but judging by the name I can safely say that it isn't GNU either.
Oooo. Wire tapping. Waste as many CPU cycles as you want intercepting my calls about grocery shopping, how your day went and what time we're meeting at the bar.
If I *really* wanted to kill the president, start thermonuclear war, blow up dirty bomb in New York City, funnel money to Al Qaeda, etc. I'd find much better means of communication.
There are dozens of 'free image sharing' websites. Pair that up with craigslist, steganography and some pgp and best of luck tracking all of that. If for nothing else the noise ratio is way too high.
So I plan on blowing something up. I take a stock photograph of a car and dump a pgp message into it. I post it to craigslist under something that doesn't exist. Like "Rare 1963 Ford Mustang" My friends know what to look for and maybe an area.
For example this image: http://img842.imageshack.us/img842/5563/steghide.jpg
Download, then run it through:
steghide --extract -sf steghide.jpg -xf message.txt -p bomb
Or there's python-stepic. http://img687.imageshack.us/img687/4907/stepic.png
stepic -d -i stepic.png -o jnk
And you can embed more than just short messages. I tested out a 20 paragraph ipsum.
http://img153.imageshack.us/img153/4911/ipsum.jpg
steghide, password 'slashdot'.
It's only the dumb criminals/terrorists that get caught. If people WANT to hide messages, it's not that hard.
I'm not sure I agree, the GNU in the name commands seriousness, and dedication of the project.
Like the dedication to GNU/Hurd where they'll give up as soon as something better comes along?
It doesn't command seriousness or respect. gcc and linux both have gnu in their name, but most common users never see it. When I see GNU in a name, I don't think there are smart people are behind it because of the name, there are smart people behind plenty of non-gnu open source projects too, I just see shameless self promotion.
Frankly, outside of Free software communities, the GNU folks are acknowledged to do good work, but their brand is a bit of a laughingstock.
Of those, gdb and gcc are the only GNU ones. Since gdb and gcc went GPLv3, they've become a lot less ubiquitous - the main effect that I've seen from GCC going GPLv3 has been that LLVM and Clang have gained a lot more developer time. GDB is still probably the best hippyware debugger. PathDB is slowly getting there, and LLDB doesn't seem to have much non-Darwin-related activity.
I am TheRaven on Soylent News
That sounds like an apple problem, not an app store one. Surely an app store without such restrictions could exist.
It looks like what they're doing is using SIP Witch as a basis. As far as I can tell, SIP Witch just connects endpoints to each other, allowing those endpoints to negotiate a protocol for what they're streaming to each other independently. I think the new thing here is that it'll be able to route through a P2P/mesh type arrangement, for privacy and independence from a single central service provider -- but everything else is existing code. ... and SIP Witch has the GUI separated from the daemon, as any sane architect would.
That's what I gleaned from TFA and its comments. I could have misunderstood large parts of it. Feel free to correct me.
As others noted, it bears some remote resemblence to skype. I wonder why they chose GNU Free Call and decided to go the peer to peer route. I would think having a community hosted, distributed PBX would be a much better solution. I happen to really like SIPXECS at http://www.sipxecs.org./ It lends itself to distribution quite well. Plus, SIPXECS is quite mature as a platform. I cannot help but cast a somewhat dubious eye at GNU Sip Witch.
Well, there ya go.
More for other readers than for you, here's what TFA has to say about peer discovery.
Initially we will extend sipwitch to become aware of peer nodes by supporting host caches, and then support publishing of routes to connected peers. This work builds upon the already existing routing foundation in sipwitch itself. The use of host caches is a mechanism used in older p2p networks, it is generally well understood, it would meet the initial goals of establishing a self organized mesh network, and it is rather easy to initially implement to fully demonstrate the potential of sipwitch as a mesh calling system. More advanced methodologies can then be added later on.
Well, I can think of various technical solutions. For one, you only know the person on the other end based on their gpg public key, which is probably registered somewhere you reasonably trust if you want to accept the call. We could show you the registration info for the caller, and after answering you will find if the person on the other end claims to be the same person or organization. If the call turns out to be illegal spam (based on the national do-not-call list?), we could have buttons in the app to report the caller to both the registry where they published there public gpg key, and with federal authorities who may be able to look into major offenders.
Another part of the solution could be the whole web of trust thing, which is a great idea that never seemed to pan out. In theory, if you are trying to call me, some non-spammer I know should be able to vouch for you. Somewhere out there should be someone willing to identifying all real people on the net. In fact, maybe I would pay this organization a few bucks to somewhat verify that I'm a real person, and not a robot, someone unlikely to spread spam. If we automated black-listing spammers so fast that they didn't get to make many calls with that few bucks they paid to get white-listed, it wouldn't be profitable for them.
Another possibility is that for callers not on my white list, I demand some electronic cash for the call to go through, maybe something like a buck. If I accept the call and don't black list you afterwards, your white listed and your cash is refunded. If I blacklist you, I keep the buck. I'd love to do that one to my ex-wife if she ever calls :-)
Celebrate failure, and then learn from it - Nolan Bushnell
Or coming up with an actual fscking name. Why is this so difficult for OSS? Free Call is uninspired and reminiscent of both built-in Windows card games and, not coincidentally, "fecal." Here's a few alternatives off the top of my head:
VoCall, SyndiCall, CryptologiCall, UnequivoCall, etc...
Banter
Speakeasy
Clarity
Teleport
Switchboard
SPL (pronounced "spiel")
Freq. In/Out
Streaming Telephony Framing Utility
uPhone (greek mu, pronounced "microphone" by geeks; "you phone" by idiots; "lawsuit" by Apple)
Really though, there's endless possibilities...
https://www.eff.org/https-everywhere