Asterisk

What is Asterisk?

Asterisk is an open source PBX (Personal Branch Exchange). A PBX is a phone system commonly found in office settings that allows you to make calls between cubicals just by dialing that extension. A PBX also allows things like Automated Attendant, which creates those annoying messages that say "Press 1 to talk to a human" or "Press 2 if you are willing to pay to talk to a human".

Asterisk however takes this to a new level by integrating the Internet into your PBX and allowing you to do Voice Over IP (VOIP). The big benefit of VOIP is now your office doesn't have to be located in one place. You can have phones ring is several places at the same time and who ever picks it up first gets the call.

You are not even confined to the same country. For instance, you can get a US based phone number and have it ring in Australia. As long as your phone can plug into the internet, you can make and receive phone calls as though you were in your office. If you are extension 1234 at work, just take your phone with you and when you plug it in to the Internet, you will still be extension 1234.

Because it is open source, it is quite a bit cheaper than most commerical PBX systems. 

Asterisk comes in two pieces: the PBX which is called asterisk and the hardware drivers for phones and phonelines called zaptel. You can use asterisk without any of the hardware drivers if you only need VOIP capabilities.

I've mostly used asterisk for voip and analog lines.  Analog lines come in two flavors: FXO and FXS. What kind of line it is depends on whether or not it has a dial tone. An FXO line can receive a dial tone and functions much like a computer modem. An FXS line generates a dial tone. For instance, a telephone handset and a computer modem are both FXO devices. Neither of them generates the dial tone. So, if you were to plug a telephone into the computer modem, you wouldn't get a dial tone. An FXS line emulates the incoming line from the telephone company.

If you attach a telephone to the FXS line in an Asterisk box, it will give you a dial tone and allow you to make outgoing calls. It then passes the digits you dial to an FXO line that is connected to the telephone company, thus completing your call. Asterisk can also make FXS to FXS calls, where one extension rings another internal extension off the same PBX.

FXS -> PBX -> FXO -- Make an outgoing call.
FXS -> PBX -> FXS -- Ring an internal Extension
FXO -> PBX -> FXS -- Incoming call passed to Extension

When you add VOIP in to the mix, the combinations become endless. But I think you get the picture.

Linux Days 2011 Call for Speakers

We are happy to announce to you the 13th Chemnitz' Linux Days[1]
in March, 2011. Linux Days are the most popular uncommercially
organised event regarding Linux and open source software in
Germany. The two-day event offers a wide lecture programme with
just about 90 lectures about basics, projects, workings, and
findings. Furthermore, we provide an exhibition space to present
a lot of projects to the public. As in previous years, more than
2.500 visitors were greatly impressed by the event in 2010.
Pictures and blog entries give an impression[2].

Chemnitz' Linux Days 2011, themed "Living Freedom", take place on
March 19 and 20, 2011. The Call for Lectures[3] and the Call for
Presentations[4] have already started. If you would like to
showcase your project as well, please sign up yourself and do not
forget to enter a convincing description. All speakers,
exhibitors and helpers get free entry, full board, and a free
ticket for the evening event on saturday. In case of open
queries, please do not hesitate to contact live@linux-tage.de
related to the exhibition or vortraege@linux-tage.de related to
lectures and workshops.

Kind regards from Chemnitz

[1] http://www.linux-tage.de/
[2] http://chemnitzer.linux-tage.de/2010/info/bilder.html
[3] http://chemnitzer.linux-tage.de/2011/vortraege/call_form
[4] http://chemnitzer.linux-tage.de/2011/live/call_form

Interview with Henning Brauer of OpenBSD

OpenBSD Journal has an interview with Henning Brauer:

Henning started using OpenBSD around the 2.7 Release; a very popular release for many developers. At around the same time but after having spent four years as a software developer, he started his own ISP. Not long after starting this new venture, he was hit with a nasty attack on one of his Linux servers. He then turned to the other BSDs for options. He replayed the same attack on FreeBSD and OpenBSD, with the latter handling the attack much better. It didn't take him too long to realize that OpenBSD was a better fit for his needs.

Read More

BSD at FOSDEM 2011 - Call for speakers

Marius Nünnerich has put out a call for speakers.

FOSDEM 2011 will take place February 5-6, 2011 in Brussels, Belgium.
We want to continue the great success of the last years and again we
have a booth and a devroom.

Please submit your proposal to me asap. We have a devroom on
saturday this time. Talks will be 45 minutes including discussion (feel
free to ask if you want to have a longer/shorter slot).

Every talk is welcome, from internal hacker discussion to real-world
examples and presentations about new and shiny features. The talk
committee consists of Daniel Seuffert and me.

Please submit your proposals to:

marius@nuenneri.ch

and include the following information:

* Your name
* The title of your talk (please be descriptive, as titles will be
listed with ~250 from other projects)
* A short abstract of one to two paragraphs
* A short biography introducing yourself
* Links to related websites/blogs etc.

The deadline for submissions is 20th December 2010. The proposals will
be considered by committee. If your proposal has been accepted, you
will be informed by email within one week of the submission deadline.

Best regards,

Marius

Sleeping Beauty - NetBSD on Modern Laptops, Jörg Sonnenberger

Modern laptops don't have APM support, just ACPI.  One way to handle suspending is to suspend-to-RAM of the live system.  The more long term suspend requires suspending to disk.

PMF is the new power management system for NetBSD.  It does device power management in layers.   This allows the system and hardware devices to be shutdown in a logical order and properly bail out if a problem is encountered.

It also powers down optional hardware that supports power save or turning off.

It polls devices like audio devices, network devices, etc to capture their state and restore the state on resume.

It implements an event interface that allows you to send event notifications to specific devices or the whole system.  Events that are already implemented include things like lid close/open, etc.

Much of the ACPI code in NetBSD was rewritten to support PMF.  The ACPI Embedded Controller code was rewritten to use a dedicated kernel thread for handling SCIs.

You can see all the slides here:
http://www.netbsd.org/gallery/presentations/joerg/asiabsdcon2008/powermanagement.html

Old Fashioned Peer-to-Peer Networking

In the movies, you often see visitors (Space aliens, foreign exchange students, mermaids, etc) learn our language by watching TV. Having learned a foreign language, I wondered if this was really possible. I remember all the hard work I put in to study and learn all the vocabulary, grammar, and characters. Any of you who know me will remember that while I am a native English speaker, I do a fair job of speaking Korean. I thought it would be fun to brush up on it by watching TV in Korean. However, like most Americans in rural America it's absolutely impossible to find TV in a foreign language other than Spanish.

So, I turned to the Internet. It didn't take me long to discover that there is a huge underground exchange of TV shows that have been "Fan Subbed" into English, with the audio still in the native language. The quality of both the video and the translation varies markedly.

You will find everything you would normally find on a peer-to-peer sharing network and a whole lot you wouldn't. What I am explaining is really nothing new and actually from the technology being utilized, I expect it pre-dates most "peer-to-peer" sharing software. The forum is one we all know and love, IRC.

I ran into six issues in this arena that made things a bit difficult. Three of them technical, and the rest just a result of the chaos that is IRC.

1. IRC Client -- You need an IRC client that will handle DCC chat and DCC file receive. Not really an issue as most any irc client you use will have this function. My favorite is xChat.
2. dccserver -- This is a feature of mIRC that isn't readily available in any other IRC client. mIRC uses dccserver to share files and it uses port 59, which on Unix is in the restricted range and you have to be root to access it. However, some coders have gone through the trouble of creating an open source version of dccserver that will handle the features needed to download files. It's a command line application, so it will operate independent of your irc client.
3. Video Player -- Because of the wide variety of video codecs and the randomness of who decides to record and "fansub" a TV show, you never know which video codec you will need to watch the show you download. I do most of my video watching on my Mac OS X laptop and Quicktime just doesn't do the job. First, it never seems to have the right codecs and 2nd, you have to pay for the pro version to watch things in full screen mode. Recently I discovered an open source video player called Video Lan Client. It claimed to have BSD and Linux versions, but it also had a native Mac OS X version. And the best part is that is has never complained of not having a video codec and it does full screen mode without me paying a dime.
4. Its IRC. Things aren't organized at all. Its also very hard to find anything. There are more IRC networks than you can count on both your fingers and toes. To solve this problem, I found IRC search engines. It's an IRC search engine that spiders the different channels on IRC and does what it can to organize them into a searchable database so you can find the channel you want. Finding the right IRC network and channel makes all the difference. I went looking for Inu Yasha, a Japanese anime that had been playing on late night Cartoon Network and found it on irc.aniverse.com #inuyasha
5. Knowing what things are -- If you know what you are looking for, this is a very easy forum to find stuff. A bit of searching and you end up on a channel with people interested in the same stuff. The hard part is figuring out what shows you want to watch. The most obvious way is to just start downloading stuff and see if it is what you want. Usually, each show will have a website explaining what it is, however many I have found are only in the foreign language and difficult to decipher if you aren't fluent. My only advice on this topic is to do your research and ask your friends.
6. Learning the channel rules and commands -- Every channel has its own set of rules and rule breakers are quickly banned from the channel, hopefully not permanently. Usually the quickest way to make friends on these channels is to setup your own file server and start sharing files.

I found what I was looking for, access to Korean TV dramas that I can't find here in the States. I expect that all the same legalities apply to this forum as apply to most peer-to-peer sharing networks and I expect all of you will be using it for educational purposes only. ;-) I've watched the last 100 episodes of Inu Yasha already and I think my Japanese vocabulary has grown by at least 10 words.

bsdtalk202 - DragonFlyBSD 2.8 with Matthew Dillon

Also Available via Phone: +1 (210) 957-5481

This is an interview from day 2 of MeetBSD California.  He interviews Matthew Dillon about the recent Dragonfly BSD 2.8 release.

New Features include:

• Linux LVM (most of it)
• NetBSD DM ( Disk Manager / Storage Manager) which includes striping and crypto
• GUI release image working for this release
• A lot of stability work.
• A lot of Multi-Processor improvements
• Simplified the kernel framework to use kqueue everywhere
• Hammer Filesystem is doing well.
• swap cache improvements.

A GSoc project for dedupe for hammer is going into the code this week.
Software crypto was only using a single CPU, but in this release they did a bunch of work on the opencrypto in the kernel to make it Multi-Processor aware.

Crypto options for the installer are going into the codebase shortly.  The entire Hammer partition will be able to be encrypted.  Some VM adjustments after the release fix a heavily loaded machine working in low memory.  They just went it to the code.

Clustered Single Instance System
This is still a goal but they have backed off the SSI system for now. What they are doing is the clustered, multi-master filesystem and cache coherency.  This is a much more doable goal.  The focus recently has been on Multi-Processor work.  They are almost done removing the Giant Lock.  Nearly the entire backend is MP safe.  All the network stack, the entire IO path is MP safe through Hammer.  The front end is using token locks.  About half of them are actually still getting locks.  

The removal of the locks from the back end has improved performance a lot.  The system is no longer single threaded.

NFS

They fixed a lot of issues with NFS.  The RPCs are now asynchronous.  The OS now dedicates 2 kernel threads.  One for reading and one for writing.  Performance has been very good.

Hammer

They now have a catastrophic recovery tool.  It can't recover in place, but it can restore a hammer drive to another disk.  It requires almost no knowledge of the disk topography, but it handles it all automatically.  This utility was written because a user needed to recover a disk that had read errors and there were no backups.   A couple of the errors were right in the middle of the Hammer filesystem. An fsck tool was just impossible for Hammer, but a recovery tool was very simple.  It was written in just a couple of days.  The user was able to recover 99% of his files.

Swapcache

A lot of people don't understand how this works and how important it is.  It works with a single regular harddrive and a 20G SSD drive.  Even a small SSD creates major improvements to the original disk.

Help! Its Dark, I'm on the Command Line and I can Smell UNIX.

The Unix command line can be a daunting and scary place for the first time Unix user.  The first thing you need to do is assess your situation.  While all command prompts may look the same, and most act the same, they can be very different.  We are going to answer two questions.  Which operating system am I on and which shell am I using?

Which Operating System
Unix comes in many flavors.  The version you are using will make a difference in how you interact with the system and where the programs are located.  For example, Linux stores most additional applications in /opt/ directory where BSD stores the same programs in /usr/local/.  Mac OS X is also a flavor of Unix and it stores the applications in different locations as well.

To find out which operating system you are on, you will use the uname(1) command.  The (1) on the uname command refers to where it is found in the unix manual.  There may be two different sections that refer to this command, so we differentiate in documentation using (1)  to denote the section.    To use this command just type uname and press the return key.  You will get back the name of the operating system.

On my Mac OS X system, I get:
uname
  Darwin


On my work computers:
uname
FreeBSD

But that isn't all that it can do.  Lets try again with some options.  Actually, all the options, the -a implies all the options.

uname -a

Darwin admins-macbook-pro.local 10.4.0 Darwin Kernel Version 10.4.0: Fri Apr 23 18:28:53 PDT 2010; root:xnu-1504.7.4~1/RELEASE_I386 i386

You can see from this output I got that, I typed the command on a Mac OS X box.  Darwin is the Unix subsystem of Mac OS X.

Here it is again on my work computers.

uname -a

FreeBSD roadrunner.loonytunes.lan 7.3-RELEASE-p2 FreeBSD 7.3-RELEASE-p2 #0: Mon Jul 12 19:23:19 UTC 2010     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

There is a lot of information here.  The Operating System.  The host name, or the name of the computer. The operating system version, when it was compiled and by whom.  It also includes the platform or processor type.

Once you know which system you are on, its much easier to look up specific information about the commands you need to learn.

Which Shell

So far, we have discovered which operating system we are working on by typing in a single command to the command line.  The next thing we need to do if figure out which shell we are using.  The command line you are typing at is called a "shell".  It accepts your commands and does its best to carry them out.  The shell is set as a user preference.  You can switch shells without changing operating systems.  You can even use the same shell when switching to a new brand of Unix.

The most common shells are: bash, tcsh and zsh.  All shells have a common set of commands, but each shell has its own set of unique extended features that make life easier.  If you learn the bash shell on Linux, you can use the same shell on Mac OS X, or FreeBSD.  This makes transferring between operating systems much easier.

To figure out which shell you are on type:

ps -p $$


This is actually a pretty complex command that searches the running processes and finds the one that is your shell and prints out its name.



> ps -p $$
  PID  TT  STAT      TIME COMMAND
75196  p0  Ss     0:00.01 -tcsh (tcsh)

The > is the tcsh prompt that I typed the command at.  The rest is the output from the ps(1) command.  To determine your shell, all you really need to look at is what is at the end.

$ ps -p $$

  PID TTY           TIME CMD

 4729 ttys000    0:00.02 bash

For this one, the $ is the prompt that I typed at and bash is my shell.

Once you know where you are, it will make getting around much easier.

OpenBSD developer needs USB devices

Spotted over on the OpenBSD Journal:

Jacob Meuser (jakemsr@) recently asked for more USB gear on the want.html page. Jacob's been working on (USB) audio equipment for some time and is now expanding his work into the USB stack. He's already done some great work there (see for example here, here and here) but lacks some devices for testing. Please send him some USB gear, note that he specifically asks for network devices. Please read on for Jacob's message.

Looks like a lot of good work happening on USB.  Read more Here.

GraceTech builds human-friendly computer with wood and NetBSD

I found this news item over at Hubert's blog.  A wooden computer is just awesome.

Google News pointed me at Austrian company Gracetech today, founded by a long-time visionaire and NetBSD user Raphael Langerhorst. The website is currently only available in German language, but the product in focus here is announced under the label "Unified Computing". It unifies hardware, operating system and the user environment in a unique experience. This is implemented with a hardware that's built of a wooden(!) case around an ARM CPU running the NetBSD operating system. The user environment is built by GraceTech's own G Universe system. See the flyer for more information. 

Managing Filesystems: fstab

Understanding how the BSD filesystem manages disk space is critical to successfully managing a BSD server or workstation. However, this topic is generally overlooked since it is rarely used outside of installation and upgrades. It is also a very simple topic and most people assume you understand how it all works.

This article gives a quick synopsis on filesystem layout and tries to briefly explain how to understand /etc/fstab. The fstab(5) man pages, while good, do little to teach the basics to new sysadmins.

The first thing to realize when dealing with the Unix filesystem is that everything can be addressed as a file. Even system hardware has a file representation that is used to access it. Those special files live in /dev.

The second thing to understand is the starting location for all these files is / and pronounced "root". Those are the two points of Unix doctrine that everyone expects you to already understand before even thinking about trying BSD.

But what does that mean to me? First, if you have used a Microsoft operating system, you will notice there is no "C:" drive or any other drive letters. Unix has no concept of the drive letter mentality. With Unix all things exist in one directory structure. This may seem very unusual at first given the way you may be used to dealing with removable media. Instead of assigning a drive letter to removable media, you must find a place in the existing file structure to attach it.

Think of it like docking a module on to a very large space station. You find an empty docking station, connect the module. While the module is connected, the entire contents of the module are accessible for storage or removal by authorized personnel.

bsdtalk201 - PC-BSD 9 Alpha with Kris Moore

Also Available via Phone: +1 (210) 957-5481

This is an interview of Kris Moore of PC-BSD. This Interview is from MeetBSD. All the exciting new changes are going to be in PC-BSD 9. (Which means its based on FreeBSD 9)

The biggest change is the addition of new window environments. They are no longer KDE centric. Before there was some choice of window managers, but now there is a big change to the back end with the addition of PC-BSD meta packages so you can manage the parts of your desktop that you want.

Some of the features from FBSD that they are most excited about is softupdates with journaling and USB 3.0.

The 2nd biggest PC-BSD change is a re-implementation of the PBI package infrastructure. Its now shell driven instead of QT4. The new QT4 gui sits on top of that, so you won't notice the changes much.

They also reduce disk space by sharing libraries. PBIs are now signed from the build server. They have added binary patches and they store binary diffs. This will reduce upgrade time, especially for slow connections.

They have added pbi -r features to remotely get pbi format packages.

First PC-BSD 9.0 Alpha Snapshot Available for Testing

Kris Moore has just announced that the first testing snapshot is available for download (both 32 and 64 bit versions). You can help us make 9.0 an awesome release by trying out the snapshots (there will be many between now and the first beta some time next spring) and providing feedback about any bugs you find. Since these are testing snapshots, it is recommended that you try them out on a spare system or using a virtual environment such as VirtualBox. If you're planning on trying out all of the new desktop environments, you should use a virtual machine of at least 20 GB. 



You can read the rest here.

CloudSigma launches FreeBSD 8.1 & ZFS in the Cloud

CloudSigma AG  announcea the addition of FreeBSD and by extension ZFS to its cloud computing platform. A FreeBSD 8.1 pre-installed cloud server is now available for instant deployment from CloudSigma's public drives library.

Patrick Baillie, CEO commented 'We've had many requests for FreeBSD over the last few months so I'm very happy to be able to offer its latest iteration directly from our drives library. We are continuing our strategy of keeping an open software layer and expanding the number of ready cloud server choices we offer over time.'


FreeBSD has a number of key differentiating factors from competing Linux and Windows platforms and is not generally available for deployment from other leading cloud vendors. As with all cloud servers from CloudSigma, customers have full software level control and sole root access to their FreeBSD servers.

NYCBSDCon is getting close

NYCBSDCon is coming up very soon.  Knowing the caliber of people who are putting this on, it would and awesome conference to attend.  The price seems right too:

"As in years past, the admission fee is low. Very low. Early registration, which ends November 1st, is only $95 for an excellent technical conference packed with great presentations. And considering the price includes four meals in Manhattan, we are convinced the price is disturbingly low!"


They always seem to have the best parties after their events too.


I hope they post videos of the sessions.

OpenBSD 4.8 Released

Theo announced the release of OpenBSD 4.8.

The new version boasts many new enhancements and fixes.  Such as better suspend/resume for most machines with Intel/ATI video.  Improved hardware support and new tools like ldapd and iked.


Looks like an awesome new release that I'm going to have to stick on a machine and give it a test drive.

CDs are available for purchase and you can download it directly from one of the mirrors:

 As of Nov 1, 2010, the following ftp mirror sites have the 4.8 release:

ftp://ftp.eu.openbsd.org/pub/OpenBSD/4.8/ Stockholm, Sweden

ftp://ftp.bytemine.net/pub/OpenBSD/4.8/         Oldenburg, Germany

ftp://mirror.aarnet.edu.au/pub/OpenBSD/4.8/     Brisbane, Australia

ftp://ftp.wu-wien.ac.at/pub/OpenBSD/4.8/        Vienna, Austria

ftp://ftp.usa.openbsd.org/pub/OpenBSD/4.8/ CO, USA

ftp://ftp5.usa.openbsd.org/pub/OpenBSD/4.8/ CA, USA

ftp://obsd.cec.mtu.edu/pub/OpenBSD/4.8/         Michigan, USA

Hardening Apache

Your apache + PHP installation may not be as secure as you think it is.  I recently did some nessus scans on servers I was getting ready to deploy and found they weren't configured as securely out of the box as I had hoped.

Here are a few of the things I changed on them to make them more secure.  The first obvious thing I did was upgrade all the software to the latest version.


Backup CGIs shouldn't be downloadable
This problem includes files such as .old, .bak, files ending in ~ (an extension used by some backup programs), and .save, etc. These files are not being handled properly by apache to hide them from prying eyes and can be downloaded as source files, which may reveal sensitive information.  It also includes .svn or .cvs files that you may have unwittingly copied into a web directory that you keep under source control.  Just add this to the httpd.conf file.

<FilesMatch "(\.inc|.*sql|.*~|.*bk|.*sav|.*save|.*old|.*bak.php|.bk.php|.*bakup.php|.*bak|.*bakup|.*backup|.*backup.tgz|.*backup.tar.gz|.*backup.tar|.*backup.gz|.*backup.bz2|.*backup.zip)" >

Order allow,deny

Deny from all 
</FilesMatch>


<DirectoryMatch .*\.svn/.*>
Deny From All
</DirectoryMatch>


<DirectoryMatch .*\.cvs/.*>
Deny From All
</DirectoryMatch>

Disabling Trace
Trace can be used in cross site scripting attacks, so we need to turn it off.  This can be done in httpd.conf


TraceEnable off


Enable Strong Encryption
I use SSL certificates to encrypt access to some of my websites.  You want to be sure to remove the low encryption suites.  People who don't support encryption will then be limited to your unsecure sections.  This goes in the httpd.conf or included files.

SSLCipherSuite HIGH:MEDIUM

Remove Easter Eggs

I'm not that happy that people have allowed easter eggs into PHP source code.  It would be nice if the pkg_src/ports maintainers patched this code out as part of a security patch.  But for the mean time, we can disable expose_php in the php.ini file and it will suffice.

expose_php off

Remove Directory Indexes

Directory indexes allow people to see all of your files listed in a directory.

Remove Indexes from the Options directive in httpd.conf

These few things will make your web servers much more secure.