I use rsync to keep an iPhoto library mirrored between two macs. It's the easiest and fastest method I've run across. I did have to make a symbolic link to the library using a name without spaces but it "just works."
It's worse than that, actually. Cisco 7960's are pretty brain dead. They pull their configs off tftp based on the mac address. Flip the phone over and write down some digits and you're halfway there. Keys to the kingdom on the bottom of the phone.
I've actually checked out FreeSWITCH quite thoroughly. I believe I said before that I've used the app?
There were many of Diego's comments that I agreed with. I don't hate him. I never said I hate him. I think the strongest thing I said was "I'm beginning to think you are just a jerk." As far as i'm concerned, he is. In all honesty you can't behave like an idiot and expect to get your bugs looked at with any seriousness. You can't go onto public communities and rant completely off-topic without expecting some sort of backlash. Is it my fault that googling for Diego Viola turns up rampant lunacy? I think not.
I just think he acts like a troll and I fell for his bait so I felt the need to apologize to a community I feel a certain kinship with. I feel like I let Slashdot down yesterday by feeding the troll after contributing here for almost a decade.
There's no denying the fact that Diego acts like a jerk and posts pro-FreeSWITCH comments all over the internet. He's even admitted so. I don't really think any of my comments were out of line. In fact, I gave him the benefit of the doubt having not run into him on the internet before.
It didn't take too long to see through the agenda. He's a fanboi. Fanbois are annoying.
Nothing he has said here has really given anything positive or helpful to this discussion... Which, let me remind everyone, is about Asterisk and "Vishing" and has nothing to do with FS. Really, though, the problem is with shitty passwords and default settings which is an issue that plagues EVERY app when administered by an idiot.
I'm neither for or against FS for fucks sakes. Can I just drop out of this bullshit conversation now? I tried it and Asterisk serves my needs far better than FS does. Like I said before, we hack the code into smithereens in our labs and for us Asterisk just works. As a matter of fact, my original post in this thread-- http://tech.slashdot.org/comments.pl?sid=1421913&cid=29898993 --had many negative things to say about Asterisk's security model. Diego missed my point regarding "BADministrators" completely and launched into his FreeSWITCH agenda. I agreed with many of his comments regarding security models.
I'm through with this. Last post in this thread for me. None of this is really about Asterisk, FreeSWITCH or any VoIP platform. Even the quoted guy is pissed off about the comments being taken out of context. This is just stupid now. It's Mac vs. PC vs. Linux with the names changed to protect the innocent. All of you need to take your Asterisk vs. FreeSWITCH hate-on's back to Kindergarten where behaviour like that belongs. I've honestly never experienced any problems with either the Asterisk or FreeSWITCH community until yesterday.
If people don't like being called jerks then they probably shouldn't be acting like jerks. THE END.
It is but it's so flexible. I have a lot of fun emulating carrier's broken VoIP calls into our network with Asterisk.
No scalability, drops calls during a reboot, causes alarms on SBCs, no HA, load balancing requires a session director (perhaps another asterisk) of some sort.
The code is not pretty. Asterisk and sipP make a pretty good testbed, though. The T.30 to T.38 passthrough in 1.6.1 with the digium plugin is pretty cool.
Hi Slashdot. I'm very sorry, but I fed the troll and I'll try not to do it again.
I've done a bit of research into this Diego fellow and I'd just like to apologize publicly for feeding the troll. You would think with a six-digit ID I'd been around long enough to recognize someone poking through the cage bars but Diego's agenda was well hidden at first and I fell hook, line and sinker.
Evidently, he got pissed off at some Asterisk developers back in the day and he's had a hate on ever since. He's now a Freeswitch fanboi and his lunacy outweighs that of any PC vs. Mac user.
He classifies himself as a FreeSWITCH engineer in job boards but I can't see how this could be helpful to his career in any way based on the way he presents himself in a public forum.
At any rate, even the FreeSWITCH people don't really like him so I'm going to ignore him from now on.
Again, sorry... I'll be more careful in the future.
Have you looked at http://packages.digium.com/ or maybe about checking out the svn branch for the version you are using?
You didn't say what distro you use but if it's YUM-capable that might be an option.
Personally, I'm against precompiled binaries for Asterisk. Asterisk source doesn't have any configs all other than samples. It's up to the admin to correctly configure the server. I like sticking to SVN as it allows me to make changes and also stay up to date. It's not perfect and I highly advise regression testing the code if you go that route as svn does sometimes break. Just stay out of the bleeding-edge branches.
IMHO the biggest mistake someone can make with Asterisk and security is downloading the source and doing the "make install samples" portion of the install. It seems like often those are the generic confs I've run across when looking at a pre-existing repo version.
Hand-tuned confs don't load needless modules and also eliminate a lot of security holes. Running asterisk -c over and over again until you get things working does actually suck but in the end is worth the effort. I wonder how many installs out there still have the stupid demo cruft in their production dialplans?
I've personally had great experiences with Asterisk but we're using it in a completely nonstandard (if there is such a thing) way.
We do a lot of code hacking to emulate customer troubles with presentation, etc.
For us, it's great and filled our needs way better than a commercial offering that would have done the same but with a boatload of cash.
We don't deploy Asterisk as a vendor to clients so I can't comment on production viability.
(Ironically, I just got pinged by some of our security people regarding the latest exploit and now have some code to update.)
Oh yeah: The views expressed in this post (and any other post I've made in this thread) are mine alone and do not necessarily reflect the views of my employer.
I work in engineering design for an ILEC and admin Asterisk on a day-to-day basis within our test facilities.
I completely agree that Asterisk is not carrier-grade but that doesn't negate the fact that it's being used for carrier-grade applications by many operators.
Hell, most linux distros aren't carrier grade. We're not arguing that point. I agree completely.
To me, Asterisk is a perfect drop-in replacement for a legacy pbx when serving in-house sip clients. Perhaps saying the app is enterprise-class is a bit lofty?
Errors in terminology aside... We're on the same side.
FreeSwitch is nice but doesn't fix the bad admin issue which is really what the original article is about.
Agreed. Couple that fact with the fact that a lot of the repos I've seen are built off of older iterations of the Asterisk code and it's a recipe for disaster. For example, Ubuntu has Asterisk 1.4.21.2 in the repository right now. This is directly exploitable:
That's a really decent idea. I work for an ILEC. Technically, I'm in translations design but as a matter of need I've been hacking Asterisk code and building really locked-down carrier-grade debian and Ubuntu internal versions. Everything I do is completely outside of my job description and I've been trying to figure out a way to document my experience when my manager doesn't even really understand what it is that I actually do anymore.
I have some familiarity with SRD/IPRD and I have to say that I'm not very impressed with Nominum.
Single-user root admin in our deployment and a hideous java/windows front end for end-users... One which is so crappy we don't deploy.
Their training is USAstyle puppy mill powerpoint demos running on virtual machines.
Couple that with the fact that they were subject to the same DNS exploits as some of the "vendors" they are trashing in the article and I just think...
Man, what a bunch of ass hats spinning market droid fluff. Somehow, I'm not surprised.
(The views expressed in this post are mine alone and do not necessarily reflect the views of my employer.)
Like on cheques and the back of credit cards and everything legal? People don't give you pause? I think the only time I use cursive is when I sign my name and it annoys me every time I do because I have to stop and remember how to make the letters.
One of my co-workers has the same "problem" with his CPAP. It's really fun when we travel together because even without his CPAP together we are a technology armada.
He travels with his CPAP, a cell phone, work laptop, a personal DVD player and a few odd PCMCIA cards.
I usually travel with two work laptops, a personal laptop, a wireless router, a switch, two cell phones, two iPods, CAT-5 and serial cables and all the assorted dongles and bits that go with all that crap.
He always gets his CPAP inspected. By inspected I mean grilled on what the device is, what it does and why he didn't check it as baggage.
"You know this should be checked baggage." "No, it's too valuable." "This will need to be checked planeside." But I need this to breathe." (so on and so on)
I almost always get hassled on the other side of the screening area for picking up more than one laptop as if I am stealing people's PC's.
"Sir, are you sure you didn't make a mistake. Would you mind stepping over here? Three laptops? Are you sure? Isn't that a lot of computers? These are all yours?"
On top of all this I have a nice laptop bag designed to hold three laptops but not all that other shit so I put some of it in my luggage and some of it on my person. Every now and then my luggage gets picked up on the "radar" and I have to go watch it get hand inspected because of all of the wires in the bag.
The really sad part is we're usually flying between Vancouver and Calgary which is roughly an hour in the air. I'm seriously considering piling up in my truck and making the drive next time.
My point is that "I cannot get rid of the iDisk link in the connect to menu item" is completely wrong and shows a lack of understanding of OS X. Unlike Microsoft's bury every setting in registry hell concept, Apple provides free tools to edit Menu.xib(s) graphically with just a basic understanding of program directory structure. I've customized many of the menus on my system with Interface Builder.
I'm an xnu user who also uses gnu and win32 and I can tell you from personal experience that your comparison of editing XML to editing the registry is like comparing.... um... apples to oranges. *groan* No easy way out of that one, is there?
Ever edit.bashrc?.xinitrc?.profile?/etc/$FOO?
Removing the link to iDisk is even way easier than editing.kde or.gnome settings by hand. I'm sure NO ONE ever does that. Manually editing configuration files is a common practice on unix systems so let's flip the script: what's YOUR point? Why is it akin to editing the registry for Leopard to have this ability?
My second point is that complaining about a free version of a product that has ads for a pro version in the menus is like complaining about the ad on tv when the remote is right in front of you but you're too lazy to get off the couch. Change the fucking channel.
Slashdot Mirror
Agreed...
I use rsync to keep an iPhoto library mirrored between two macs. It's the easiest and fastest method I've run across. I did have to make a symbolic link to the library using a name without spaces but it "just works."
Doomed? The PolicyKit API isn't even stable yet. Doomed might not be a strong enough word.
Jackass decisions like this is why I left DeadRat in the dust a decade ago.
You know... That's a really good idea.
Signed IP swapping somehow... Reverify those IP addresses as valid.
It would only require transferring them to a host processing site.
Then, they could be removed from block lists and be reallocated.
It would be a fuck load of record updates, though.
The idea is...
Once you learn to type this one cryptic password it's pretty secure and hard to forget. Typing it becomes second nature.
1 \/\/r4p 411 my p455w0rdz 1n d07z 4nd u53 13375p34k.
I pick a meaningful word to myself. Perhaps something like "Pathfinder," which is one of my favourite Vox amps.
This becomes: .p47hf1nd3r.
It's worse than that, actually. Cisco 7960's are pretty brain dead. They pull their configs off tftp based on the mac address. Flip the phone over and write down some digits and you're halfway there. Keys to the kingdom on the bottom of the phone.
I've actually checked out FreeSWITCH quite thoroughly. I believe I said before that I've used the app?
There were many of Diego's comments that I agreed with. I don't hate him. I never said I hate him. I think the strongest thing I said was "I'm beginning to think you are just a jerk." As far as i'm concerned, he is. In all honesty you can't behave like an idiot and expect to get your bugs looked at with any seriousness. You can't go onto public communities and rant completely off-topic without expecting some sort of backlash. Is it my fault that googling for Diego Viola turns up rampant lunacy? I think not.
I just think he acts like a troll and I fell for his bait so I felt the need to apologize to a community I feel a certain kinship with. I feel like I let Slashdot down yesterday by feeding the troll after contributing here for almost a decade.
There's no denying the fact that Diego acts like a jerk and posts pro-FreeSWITCH comments all over the internet. He's even admitted so. I don't really think any of my comments were out of line. In fact, I gave him the benefit of the doubt having not run into him on the internet before.
It didn't take too long to see through the agenda. He's a fanboi. Fanbois are annoying.
Nothing he has said here has really given anything positive or helpful to this discussion... Which, let me remind everyone, is about Asterisk and "Vishing" and has nothing to do with FS. Really, though, the problem is with shitty passwords and default settings which is an issue that plagues EVERY app when administered by an idiot.
I'm neither for or against FS for fucks sakes. Can I just drop out of this bullshit conversation now? I tried it and Asterisk serves my needs far better than FS does. Like I said before, we hack the code into smithereens in our labs and for us Asterisk just works. As a matter of fact, my original post in this thread-- http://tech.slashdot.org/comments.pl?sid=1421913&cid=29898993 --had many negative things to say about Asterisk's security model. Diego missed my point regarding "BADministrators" completely and launched into his FreeSWITCH agenda. I agreed with many of his comments regarding security models.
I'm through with this. Last post in this thread for me. None of this is really about Asterisk, FreeSWITCH or any VoIP platform. Even the quoted guy is pissed off about the comments being taken out of context. This is just stupid now. It's Mac vs. PC vs. Linux with the names changed to protect the innocent. All of you need to take your Asterisk vs. FreeSWITCH hate-on's back to Kindergarten where behaviour like that belongs. I've honestly never experienced any problems with either the Asterisk or FreeSWITCH community until yesterday.
If people don't like being called jerks then they probably shouldn't be acting like jerks. THE END.
It is but it's so flexible. I have a lot of fun emulating carrier's broken VoIP calls into our network with Asterisk.
No scalability, drops calls during a reboot, causes alarms on SBCs, no HA, load balancing requires a session director (perhaps another asterisk) of some sort.
The code is not pretty. Asterisk and sipP make a pretty good testbed, though. The T.30 to T.38 passthrough in 1.6.1 with the digium plugin is pretty cool.
Faxing from a web page to a land line is fun.
Hi Slashdot. I'm very sorry, but I fed the troll and I'll try not to do it again.
I've done a bit of research into this Diego fellow and I'd just like to apologize publicly for feeding the troll. You would think with a six-digit ID I'd been around long enough to recognize someone poking through the cage bars but Diego's agenda was well hidden at first and I fell hook, line and sinker.
Evidently, he got pissed off at some Asterisk developers back in the day and he's had a hate on ever since. He's now a Freeswitch fanboi and his lunacy outweighs that of any PC vs. Mac user.
He classifies himself as a FreeSWITCH engineer in job boards but I can't see how this could be helpful to his career in any way based on the way he presents himself in a public forum.
At any rate, even the FreeSWITCH people don't really like him so I'm going to ignore him from now on.
Again, sorry... I'll be more careful in the future.
I'm beginning to think you are just a jerk. Perhaps it's your interaction with devs that should be called into question?
Some of your bugs look like they got a lot of good attention despite the fact that your reports are terrible...
http://www.google.com/search?q=%22diego.viola%22+site%3Aissues.asterisk.org
Your bug reports are often not well documented or easily duplicated.
I've had excellent traction on bugs and issues from the asterisk dev teams.
I even go on IRC occasionally and ask really oddball what-if questions that get answered smartly.
Have you looked at http://packages.digium.com/ or maybe about checking out the svn branch for the version you are using?
You didn't say what distro you use but if it's YUM-capable that might be an option.
Personally, I'm against precompiled binaries for Asterisk. Asterisk source doesn't have any configs all other than samples. It's up to the admin to correctly configure the server. I like sticking to SVN as it allows me to make changes and also stay up to date. It's not perfect and I highly advise regression testing the code if you go that route as svn does sometimes break. Just stay out of the bleeding-edge branches.
IMHO the biggest mistake someone can make with Asterisk and security is downloading the source and doing the "make install samples" portion of the install. It seems like often those are the generic confs I've run across when looking at a pre-existing repo version.
Hand-tuned confs don't load needless modules and also eliminate a lot of security holes. Running asterisk -c over and over again until you get things working does actually suck but in the end is worth the effort. I wonder how many installs out there still have the stupid demo cruft in their production dialplans?
DISCLAIMER: I sometimes use ubuntu server so I can't really point any fingers re: CGL
Be careful, "ok for carrier-grade" isn't the same as being CGL 4.0 compliant. There are only a handful of certified CGL's.
http://www.linuxfoundation.org/collaborate/workgroups/cgl
I've personally had great experiences with Asterisk but we're using it in a completely nonstandard (if there is such a thing) way.
We do a lot of code hacking to emulate customer troubles with presentation, etc.
For us, it's great and filled our needs way better than a commercial offering that would have done the same but with a boatload of cash.
We don't deploy Asterisk as a vendor to clients so I can't comment on production viability.
(Ironically, I just got pinged by some of our security people regarding the latest exploit and now have some code to update.)
Oh yeah: The views expressed in this post (and any other post I've made in this thread) are mine alone and do not necessarily reflect the views of my employer.
I work in engineering design for an ILEC and admin Asterisk on a day-to-day basis within our test facilities.
I completely agree that Asterisk is not carrier-grade but that doesn't negate the fact that it's being used for carrier-grade applications by many operators.
Hell, most linux distros aren't carrier grade. We're not arguing that point. I agree completely.
To me, Asterisk is a perfect drop-in replacement for a legacy pbx when serving in-house sip clients. Perhaps saying the app is enterprise-class is a bit lofty?
Errors in terminology aside... We're on the same side.
FreeSwitch is nice but doesn't fix the bad admin issue which is really what the original article is about.
Agreed. Couple that fact with the fact that a lot of the repos I've seen are built off of older iterations of the Asterisk code and it's a recipe for disaster. For example, Ubuntu has Asterisk 1.4.21.2 in the repository right now. This is directly exploitable:
http://downloads.asterisk.org/pub/security/AST-2009-003.pdf
If you run code out of repos without understanding the risks that's still an admin fail, though. Not the fault of Asterisk, per se.
What a load of crap. Asterisk developers patch security holes relatively quickly. This isn't an Asterisk "endemic."
Brute forced passwords are a bad administrator "endemic."
If your password policy is so stupid that you can be wordlisted then the issue may just be a PICNIC problem and not a fault of an application.
Asterisk isn't a security application. It's an enterprise-grade VoIP server and PBX.
Connecting Asterisk to a public network without some sort of border control is just stupid.
You know what? It's about time Microsoft got something right? What is this? Ten versions or so?
Ubuntu wasn't really decent until around 8.
Mac? 10.6
They're just over par, I suppose.
That's a really decent idea. I work for an ILEC. Technically, I'm in translations design but as a matter of need I've been hacking Asterisk code and building really locked-down carrier-grade debian and Ubuntu internal versions. Everything I do is completely outside of my job description and I've been trying to figure out a way to document my experience when my manager doesn't even really understand what it is that I actually do anymore.
Wow, an in-context reply with a "Nazi" comparison that doesn't invoke Godwin's Law. I am impressed.
See kids? This is how it's done. Now get off my lawn.
Excellent comment, but very hard to read. Fail.
I'm being facetious... I have to wonder, though. Will the robots consider carriage returns?
I have some familiarity with SRD/IPRD and I have to say that I'm not very impressed with Nominum.
Single-user root admin in our deployment and a hideous java/windows front end for end-users... One which is so crappy we don't deploy.
Their training is USAstyle puppy mill powerpoint demos running on virtual machines.
Couple that with the fact that they were subject to the same DNS exploits as some of the "vendors" they are trashing in the article and I just think...
Man, what a bunch of ass hats spinning market droid fluff. Somehow, I'm not surprised.
(The views expressed in this post are mine alone and do not necessarily reflect the views of my employer.)
Like on cheques and the back of credit cards and everything legal? People don't give you pause? I think the only time I use cursive is when I sign my name and it annoys me every time I do because I have to stop and remember how to make the letters.
Well at least they weren't SCSI drives.
One of my co-workers has the same "problem" with his CPAP. It's really fun when we travel together because even without his CPAP together we are a technology armada.
He travels with his CPAP, a cell phone, work laptop, a personal DVD player and a few odd PCMCIA cards.
I usually travel with two work laptops, a personal laptop, a wireless router, a switch, two cell phones, two iPods, CAT-5 and serial cables and all the assorted dongles and bits that go with all that crap.
He always gets his CPAP inspected. By inspected I mean grilled on what the device is, what it does and why he didn't check it as baggage.
"You know this should be checked baggage." "No, it's too valuable." "This will need to be checked planeside." But I need this to breathe." (so on and so on)
I almost always get hassled on the other side of the screening area for picking up more than one laptop as if I am stealing people's PC's.
"Sir, are you sure you didn't make a mistake. Would you mind stepping over here? Three laptops? Are you sure? Isn't that a lot of computers? These are all yours?"
On top of all this I have a nice laptop bag designed to hold three laptops but not all that other shit so I put some of it in my luggage and some of it on my person. Every now and then my luggage gets picked up on the "radar" and I have to go watch it get hand inspected because of all of the wires in the bag.
The really sad part is we're usually flying between Vancouver and Calgary which is roughly an hour in the air. I'm seriously considering piling up in my truck and making the drive next time.
My point is that "I cannot get rid of the iDisk link in the connect to menu item" is completely wrong and shows a lack of understanding of OS X. Unlike Microsoft's bury every setting in registry hell concept, Apple provides free tools to edit Menu.xib(s) graphically with just a basic understanding of program directory structure. I've customized many of the menus on my system with Interface Builder.
.bashrc? .xinitrc? .profile? /etc/$FOO?
.kde or .gnome settings by hand. I'm sure NO ONE ever does that. Manually editing configuration files is a common practice on unix systems so let's flip the script: what's YOUR point? Why is it akin to editing the registry for Leopard to have this ability?
I'm an xnu user who also uses gnu and win32 and I can tell you from personal experience that your comparison of editing XML to editing the registry is like comparing.... um... apples to oranges. *groan* No easy way out of that one, is there?
Ever edit
Removing the link to iDisk is even way easier than editing
My second point is that complaining about a free version of a product that has ads for a pro version in the menus is like complaining about the ad on tv when the remote is right in front of you but you're too lazy to get off the couch. Change the fucking channel.
Open Terminal.app (substitute your native language as appropriate) Use Interface builder to remove definitions for iDisk.
Save file to desktop.
Delete the old directory or Menus.nib and copy the edited file back into the Finder resources tree.
Turn off iDisk in the Finder sidebar preferences.