Disruptive Telephony

Too many conversations... that's the struggle here.   Just really great folks.  Very much enjoying the sessions so far.   Currently listening to the 5-minute lightening talks... tonight there is a "VoIP Blogger Dinner" organized by Andy Abramson... somehow I don't think I'll really be blogging about much of this until the plane trip home.  (I am finding that I am doing some "micro-blogging" about web sites over on Twitter at http://www.twitter.com/danyork/ )

Conference has been well organized.  Only issue I've really had is that the WiFi network has been of varying quality.  Sometimes it is working fantastically... sometimes it works for 20 minutes and then it dies... sometimes I just can't connect, even though I'm sitting in the exact same spot I was an hour earlier.  I realize it's really tough to do WiFi for a conference... the demands on the network are a bit unnatural... especially with a heavily laptop-enabled crowd like this one. 

I admit to really only very peripherally followed the growth of FreeSWITCH, so I was intrigued to attend the "FreeSWITCH Boot Camp" session this morning here at ETel.  It was a tough call given that Stowe Boyd was also speaking, but I wanted to understand what FreeSwitch was all about.  It was an interesting talk, although I'm left with the following observations:

• I'm still struggling to fully understand what problem the FreeSwitch community is trying to specifically solve versus what Asterisk, sipX, OpenSER, etc. are solving. 
• The answer from the FreeSwitch developers was that it is really complementary to those other projects and focus on scalability and stability.  It is NOT focused on the PBX space but really at the carrier space and looking at large-scale implementations.  Several people also mentioned using it as a Session Border Controller (SBC).
• So is it an open source SBC?
• One carrier representative involved with the project indicated that in their testing they are getting 2,000 to 3,000 simultaneous calls up with media streaming... and at least 10,000 simultaneous calls with point-to-point media.
• Perhaps that is the focus... but I would say that the FreeSwitch folks need to refine that message bit so that it's a bit easier to understand.
• Management is still pretty much all through config files.  Web GUI is still "in the works".
• Looks to have a pretty comprehensive list of protocols, codecs, application interfaces, etc.
• What was perhaps most interesting was their web-based interface to a conferencing system.  Pretty nicely done.

Overall, my impression was that it's an interesting toolkit to let folks play with telephony on potentially on a large scale.  It will be quite interesting to see what evolves out of the FreeSwitch developer community.  I'd be interested to know if anyone reading this is using FreeSwitch and what they are doing with.

Today starts the first day of ETel, a.k.a. O'Reilly's Emerging Telephony conference. ETel is not one of the giant conferences... unlike one of the VONs, Internet Telephony or VoiceCon there will probably only be 500-1000 people here.  But that is part of the charm, really (and this is only the second year)... it's a place for the VoIP alpha-geeks to network, promote their visions, combine their visions, socialize and otherwise just learn a heck of a lot from each other.   The schedule is packed with great info... the speaker roster is a veritable "Who's Who" of people playing in the "Voice 2.0" or "Telephony 2.0" (or <pick your cliche term>) space.  All in all, it's one conference I've been very much looking forward to.  Just in town last night, I've already run into Alec Saunders, Brad Templeton, Bruce Stewart, Surj Patel... had dinner with Blue Box podcast co-host Jonathan Zar and security researcher Shawn Merdinger...   I know Ken Camp is around, Andy Abramson, Om Malik and so many others... it should be a great and fun conference.

For my part, I am doing two sessions.  First, today at 1:30pm Pacific, Jonathan, Shawn and I will be doing a 90-minute workshop on VoIP security, primarily from an industry-wide VOIPSA point-of-view.  We'll go over the main issues around VoIPsecurity, talk about the threats, tools, best practices and more.  We're hoping to do it more as a fun conversation rather than a dry panel... you'll hopefully get to hear the results later yourself as I'll be recording the session for distribution as a Blue Box podcast.  O'Reilly has graciously given that permission again which is wonderful. (And I, of course, brought all my field recording gear.)

One of the things the three of us will also be doing is talking about a list of VoIP security tools that VOIPSA has been developing... stay tuned for more on that.

Then on Thursday I have my "general session"... my "15 minutes of fame" (or infamy) from 11-11:15am in front of the entired assembled crowd... where I will attempt to digest into that brief time the salient points about VoIP security.

I am actually VERY much looking forward to this session because I've done my presentation in a completely different style from any other presentation that I've given publicly.  I'm going to tell a story... and do so in a way that should be both fun and entertaining... and will also get the points across.    I'll say little else... except perhaps to dangle the tease that it comes in at over 200 slides yet clocks in at only about 11 minutes right now. (have to leave time for questions, eh?)    Like I said, completely different style from other presos I've given... but I'm very much looking forward to it.

Will I succeed?  Or will I fall flat on my face before several hundred of my peers?  Stay tuned...  ;-)

Phil Wolff asked if he could republish my review of Skype 3.1 and SkypeFind over on Skype Journal and with the re-pub including a link back I was perfectly okay about that... so there it is.  My premiere as a guest blogger on Skype Journal... :-)

Welcome to anyone who landed here after visiting Skype Journal.  You'll find I do talk about Skype here, although it's just one of the many topics.  If you find my writing useful or helpful, feel free to subscribe via RSS or email through the right sidebar.  Thanks for stopping by!

Noticed today that Tom Keating has a review up on "pbxnsip", which has the interesting twist of being a low-cost PBX solution running on Microsoft Windows.   Most other inexpensive or open-source software-only PBX solutions tend to run on Linux, and indeed, pbxnsip does have Linux versions (and apparently NetBSD although they are not listed... perhaps they just run the Linux version).  I first actually learned of pbxnsip some time ago at one of the various VoIP tradeshows when I was struck by the fact that they were advertising security as the main point in big letters on the background to their booth. In fact, security is #2 on their list of "reasons to buy":

It addresses security. The pbxnsip PBX uses https, sips, SRTP and sdes to make the communication to your PBX secure. Using sdes-capable devices, your voice calls will stay as secure as your https traffic.

Well, gee, given my background, it's not hard to imagine that any vendor that basically leads with security gets some extra points in my book.  (Especially since doing so has the potential to paint a big red target on your back to all the attackers out there who like to debunk claims about security.)  I've not played with it myself, but Tom's review does indeed make it sound interesting.

I guess I'll have to add it to the (huge) list of things to check out...

Thanks, Tom, for as usual providing your very thorough reviews - you definitely help a lot of the rest of us.

UPDATE: I knew there was another reason I knew of pbxnsip... CEO Christian Stredicke has been on the VOIPSEC mailing list for quite some time, although I recall hearing from him primarily when he was with snom technology.

Skype today released a new "3.1" beta for Windows (you can get it here) with a number of minor tweaks - and a brand new component called "SkypeFind".  As you can see in the picture to the right, there's a new tab added... and is the entrance of Skype into the game already being played by GoogleMaps, Yahoo!Local  and Microsoft's Windows Live Local...  namely... providing an easily searchable directory of businesses. 

It's not stated, but it's pretty clear the ultimate goal is to control the directory you use to initiate calls.  Think about it, Google is aiming to do this with their "click-to-call" in Google Maps.  Find an entry (in the US, anyway) and simply click "call" and your regular phone rings.  It's simple and easy.  Google controls the directory and the initiation of calls.  It's even more logical for Skype to do this.  Find a business in the directory, click the phone number and you're dialling away using Skype/SkypeOut...

Of course, Skype aims to be more than simply yet another business directory.  As the Skype blog entry states:

SkypeFind is one of the most interesting features that we’ve done in quite a while now. We call it “Local businesses you like”, and that’s what it is - a collection of businesses, with reviews and comments, built by everyone using Skype.

So it's really a mashup of a business directory, a ratings service... and a social networking service.  The other interesting aspect is that the directory is basically empty!  It started out this morning basically with only a few entries.  Tonight it's now up to "318 listings in 49 countries by 83 people".  (Of course, you'd have to find out about the beta and then have the time to experiment.  I actually learned of it because I've stayed logged into the Skype Journal public chat and conversation popped up there this morning.)  Now I find it interesting that Skype didn't work with someone else to pre-load the database, but: a) this is still in beta; and b) the major local databases are in the hands of Skype competitors who have very little reason to work with Skype.

As you can see in the image on the left (click image for larger view), when you go into the SkypeFind tab, you wind up being able to search within a country, region, etc.  There's also recommendations from people in your contact list shown on the bottom of the panel.   You can switch to a different region.

Since Burlington, VT, had no entries and I didn't feel like entering any, I switched to the UK and figured searching for "pub" in "London" ought to generate some listings.  It did, of course, and if you click on the image to the right to get the larger view, you'll see entries with reviews and ratings.  Skype is using a cute motif of a flower with petals being removed as the rating goes lower.  Note also the choices in the dropbox in the upper right corner:

• Most relevant
• Most called
• Highest rating
• A-Z

Most called?  Well, of course, if you are Skype you would have knowledge of how many times Skype users call that number.  Just an interesting twist that you wouldn't find, of course, in the other directories (although you would wonder if Google could add it with their click-to-call).

Another interesting twist is the "Ask your friends" for recommendations button seen at the bottom of the listing.  I've not played with this yet, but per the Skype blog entry, it will change your advisory/mood message to be a question and provide a link to a public chat where Skype-using friends can then join you (presumably with Skype 3.0 or later) and answer your questions (or at least chat with you).

Going into an entry shows the ratings and reviews and gives you the ability to add your own review.  But also notice the little link at the top?  It says:

Edit this listing

Yep... you can just click on it and go in and change the name, address, web site... basically any info except for the phone number and country which per the SkypeFind guide, Skype uses as a unique identifier.  Now being a security guy, I immediately wonder about this... I can put in any URL.  What's to prevent a spammer from going through all these pubs and entering the URL for some spam site? Or a competitor from changing the names around?  Or someone just making mischief?  Nothing, really.  Phil Wolff called it a "wiki" in the Skype Journal chat today and that is what it's like. You can view the editing history, so you can see who made the changes (or at least the SkypeID of who made the change)... but the changes have in fact been made.  It will be curious to see how much abuse this does or does not get.

So will SkypeFind ever have ads or premium listings?  It would seem to be the obvious thing to do (like Google's sponsored results) and Paul Kapustka writing over at Om Malik's GigaOm site has a review of SkypeFind that quotes Skype General Manager of E-Commerce Sten Tamkivi as saying that SkypeFind may include ads in the future.  The article also talks again about how recommendations from friends will help listings "bubble up"... we'll see... first there need to be listings before they can bubble up!  (I know, I know, it hasn't even been out for 24 hours....)

One curious omission, that I have to credit Phil Wolff for pointing out.  If you look at the larger view of the "Add a listing" screen to the right, you'll notice something fairly basic is missing... a place to enter a Skype ID!  It seems that for a business to be listed you must have a PSTN number.  Given that it's Skype, you might have thought there would be a way to enter the Skype ID and call the business over Skype!

Ah, well, it's still in beta... and only available on Windows, so Mac and Linux users have to wait to play.

Beyond SkypeFind, the release did have some other minor tweaks.  There is now a "Chats" menu on the menu bar that gives you easy access to your public and private chats. And the "eye candy" of this release is the cute way Skype finally provided the notification that the other user is typing.  Where AIM and MSN/WLM have text that says something like "User-so-and-so is typing...", Skype has a pencil icon that writes... and then in a cute move erases when you are deleting what you wrote.  You can see it inthis screen shot (upper right by the woman's picture) from Skype's blog.  It also shows up in chat windows (including public chats).  It's a cute way to meet and exceed what the other services have had for quite some time.

All in all an interesting evolutionary step for the Skype client... will be interesting to see how successful SkypeFind becomes as the directory becomes populated.  Given that Skype accounts are free, the security side of me just sees it as something wide open for abuse... but hopefully for Skype users I am wrong.  What do you all think?

P.S. Many thanks to the Skype Journal for continuing to run their public chat which countinues to be a source of great info about Skype...

Dean Elwood over at VoIPuser.org has taken up the question about Open ID with his post "Why SIP Doesn't Need OpenID".  Dean suggests that the problem really lies between servers:

The problem of identity authentication actually resides in the server to server realm in a peered environment. How does sip.fwd.com know for sure that a peered call request is really coming from sip.voipuser.org?

Good question... and one that Dean believes can be solved through the use of the already-standardized Open Settlement Protocol (OSP).

The conversation continues...

That's the question that both Alec Saunders and Ars Technica ask in regard to a news release out of "Digital Life America" entitled "BlackBerry Backlash? Americans Split on 'Always On' Culture" (PDF).   The release, timed to coincide with the 3GSM event in Barcelona last week, covers some of the group's research and includes this:

• 33% agreed with the statement “devices like BlackBerry chain you to work more than they liberate you.” 34% were neutral and the balance, 34%, disagreed.
• Surprisingly, among those who own a BlackBerry or a similar device, the results were not all that different: 34% agreed with the statement, 37% disagreed and 29% were neutral.

The news release went on to highlight other stats that BlackBerry owners do in fact work longer hours and have higher incomes... but both of these are kind of "duh!" statements to me.  Look at who are typically the ones with BB devices in any company (i.e. management, executives).  When was the last time any of us in those job roles (at most North American companies) worked a 40-hour week?  (I think I actually might have in January, but that was because we had a vacation day.)

As a BlackBerry user, I have to say that I'm in the 37% who disagree with the statement, i.e. for me the device is a tremendous liberating device.  That wasn't my initial thought.  I resisted requesting one for a couple of years when peers were doing so.  I watched some folks get into BB-driven email wars at 10pm on a Saturday night and just said "Don't those folks have a life?"  and "Why would anyone want to be that accessible?"

However, once I started using it, I rapidly flipped the other way. For me, it allows me to be connected wherever I want to - should I choose to do so! And I think that's really the key. As Mark Evans writes, it really is about how you use it and how to achieve that work/life balance.  For me, the primary reason I got a BB was for travelling where it has proved to be incredibly useful.  I can't even begin to count the number of airports I've been stuck in where having ready access to email was useful and in some cases necessary. 

Even locally, there are too many times to count when it proved to be useful.  I was driving home one morning from dropping our daughter off at school and thinking about the things I had to do as the morning got underway when one of the warning lights on our car went on.  Since I was about to go by the car dealership, I pulled in and had them check it out.  I just went to the waiting area and used the BB to work through email.  It gave me the freedom to do something like that.  And that freedom does indeed help with my own work/life balance...   but you do need to exercise that restraint and not let it interfere with non-work time. 

At the end of the day, the BlackBerry and other devices are tools that can be either liberating or enslaving.  It's all really in how you choose to use them.  (Or, I suppose, are required to use them... I could see some managers out there expecting/requiring employees to always be available.)

P.S. Sometime, though, I'll write the counterpoint argument about how absolutely annoying it is as a presenter when you have a room full of people surreptitiously (or not) sucked into their email...

As I continue to explore OpenID, one of my immediate concerns was... how do I choose an identity provider?  And if I do use an identity provider, what happens if they stop providing OpenID services?  Or what if they are bought by someone and I don't like the new owner?

Essentially - how do I create an "abstraction layer" that allows me to maintain control of my identity and not be beholden to the whims or policies (or circumstances) of a provider?

The answer is amazingly easy... just use your own domain name! As explained by Simon Willison, the process merely involves inserting two lines of code into the header of the HTML page at the URL you want to use.  So, for instance, I updated the page for www.danyork.com (which actually gets pointed to a page in a larger website) to have these two added lines:

<link rel="openid.server" href="http://www.livejournal.com/openid/server.bml">
<link rel="openid.delegate" href="http://dyork.livejournal.com/">

That's it.  Now on any website that allows OpenID logins, I simply use the OpenID of "http://www.danyork.com/" and I am briefly redirected to LiveJournal to approve the granting of access to my identity credentials.  Simple and easy.

The beautiful part about this is that I can switch Identity providers any time I like.  I used my LJ account here, but I actually like some of what ClaimID has to offer.  Perhaps I'll use them instead.

The net of it, though, is that it doesn't matter...   to the websites where I login, I login with the danyork.com id and all is good.  Who actually provides the request for the technical OpenID data is a different matter and should be - and is - separate from your actual identity.  Very cool to see... and nice to be able to be in control of my identity!

P.S. And thanks, Simon Willison, for writing up that tutorial... very helpful.

Scanning RSS feeds early this morning, I was pleased to see that Rich Tehrani will be speaking at our "Presence 2007" event in Costa Mesa, CA, today. I've known the tour was going on, but wasn't tracking who was speaking at the various stops.  Glad to see Rich there... I'm sure he'll give a great talk for whoever attends.  The good news for Rich, too, is that at least he was flying out of the New York area yesterday instead of the day before when the glorious storm played havoc with air travel all over the northeast.