Disruptive Telephony

I have to admit that I laughed a good bit when reading Om Malik's post about "ShadowNumber" last week, which actually turns out to be an alter-ego for VoIP startup TalkPlus.   The point appears to be that you can preserve a degree of anonymity through giving out essentially a disposable phone number.  It's just interesting to see what companies will do to differentiate themselves.  And I completely agree with Om's statement:

Many new technologies — like VHS and DVDs, and more recently Video over the Internet — owe no small part of their early success to adult entertainment, which spurred people to jump through technological hoops they might not have otherwise.

Adult "entertainment" and gaming are two areas that have pushed technology in many areas and yet have not always been credited with doing so.

As to ShadowNumber, their pitch doesn't appeal to me at all (I'm with Om in finding it a bit distasteful), but it's at least something a bit novel.  It will be interesting to see if it works out for them.

I love it when I see the collision of a variety of my interests.  Here O'Reilly combines VoIP, open source and social media (a wiki in this case) all in one effort: Bruce Stewart is looking for people to "Help Create the Asterisk Cookbook".  Here's his request:

We’re looking for two kinds of contributions. First, we’re looking for problems you’d like to see solved in the book. If you need to make Asterisk do something and just can’t figure out how, let us know. We’ll try to solve the problem for you. Second, we’re looking for more advanced Asterisk users to contribute solutions to problems that they’ve faced.

And Bruce has a wiki set up for people to use to contribute.  This is interesting on a couple of different levels.  First, it's a major publisher going out to a community to directly involve them in writing a book. Second, they are using a wiki for all the collaboration. (And yes, other authors have reached out to communities and have used wikis for public collaboration, so this isn't necessarily a new idea.)  And third, the topic being Asterisk, I'm sure they'll wind up getting recipes from a ton of people who have scratched their various itches and solved peculiar problems using Asterisk.  In fact, it will probably could have been titled "The Itch-Scratcher's Guide to VoIP."

I'll be intrigued to see the result, not only of how the collaborative process works for O'Reilly, but also for the actual book.  The fascinating and fun part about Asterisk is that because the code is wide open for anyone to tweak to their heart's content, people can scratch itches and solve problems that are so particular to them that no commercial vendor in their right mind would ever spend the time or resources to address the issue. There's just no real market for it beyond that one company/organization. But that entity can turn to Asterisk and either program it themselves or pay someone to develop the feature or fix for them.  If they make their code public, it might just turn out that there are some others out there who might have the same or a similar itch.  And the itch-scratching continues...

So it will be fun to see what recipes emerge.

Right before the holidays I had sent in to Alan Shimel a contribution for a special episode 26 of his "Still Secure After All These Years" podcast.  In this episode, he asked a number of us in security field to give their thoughts on major issues of 2006 and predictions for 2007.  Mine were predictably about VoIP....  but many others ran across the whole field of information security.

Kudos to Alan for pulling it all together and producing the episode.  Makes for interesting listening.

Dean Elwood over at VoIPUser.org put up a post yesterday entitled "How to Build a VoIP Network" in which he goes into precisely what is needed to set yourself up as a VoIP Service Provider (or "Internet Telephony Service Provider" (ISTP)).  Given that Dean's been involved with this through VoIPuser.org, he's definitely got some credibility.  As he says, he wrote the piece because:

We see a lot of threads on VoIP User from people who want to be the next Niklas Zennstrom (and fair enough, we hope you succeed) asking what is required to build a VoIP network.

Often these questions are from users who have a basic technical understanding of how it all works, but no real experience of building networks, or telcoms experience with the good old PSTN.

He goes on to offer these seven rules:

1. if you're a marketing genius, you have a greater chance of success with your new VoIP company than if you are a technical genius.

2. Using the internet to route calls does not mean that everything in the VoIP world runs on Intel *nix.

3. It is going to break at some point. Ensure you have redundancy.

4. The transition from voice 1.0 to voice 2.0 will be managed at the cloud edge.

5. Network considerations made at design stage must include Quality of Service, audio path length and NAT traversal

6. Choose your hosting according to needs of each individual server, not the entire network. A Layer 5 network, such as a SIP network, can be distributed geographically.

7. Don't bet the house on it.

You really need to read the full article to understand Dean's rules and also enjoy his wit.  For those seriously interested, he goes into what the costs would be to get set up.  (I'd tell you, but it's best to read Dean's article for the context.)

Now, there are certainly other costs, as Dean indicates, but the net of it is that it really isn't all that much for someone to get into business.   The ease and low cost is bringing a whole host of new entrants... most of whom, on a side note, are not thinking about security as they rush to market (leading to my repeated prediction over on Blue Box that it is only a matter of time until one of them gets hacked).

Anyway, it's good info and definitely worth a read.

Earlier this week I uploaded Blue Box Podcast #48, where Jonathan and I go beyond just talking about the news to also review the "top VoIP security news stories of 2006" and also get into our predictions for 2007. My prediction #1 will be fairly obvious for anyone who has listened to the show for a while. We also cover the typical range of VoIP security stories, talk about OpenID for caller authentication and many more things.

This was a bit frustrating of a show to post-produce. Post-production is always a somewhat lengthy process, anyway, because I want the enhanced audio that you get from a wideband codec, which means that we use Skype. However, Skype creates its own challenges with voice that will simply fade away or get garbled. It's fairly routine that we have to disconnect and reconnect a time or two within the space of the hour in which we are recording the show. (That's actually apparent in this show where Jonathan's voice is at a lower level and then suddenly is much louder. After the reconnect, he wound up with more volume.) If I could get the audio quality in a softphone without the fade outs, I'd probably drop my post-production time by a good bit.

However, this week I couldn't blame Skype. I record the show in Audacity and it appears that because I had been previously editing a file located over on a USB hard drive, Audacity started writing its files for the new episode over on that hard drive. As anyone using Audacity will know, it writes a huge number of files to disk. Basically many, many little files with small pieces of audio in them. What seems to have happened is that periodically parts of the audio didn't get written. Or the files got destroyed. Or who knows what. Perhaps I had too many other apps running on the older computer I'm using for recording and Audacity couldn't keep up with what was being sent to it. Perhaps there was too much latency going to the USB hard drive. I don't know, but the end result was that there were gaps in the audio that got worse as the show went on. Just missing pieces of audio.

Unfortunately, I discovered it after the holidays were already underway and I couldn't really reconnect with Jonathan to rerecord. And also unfortunately, I wasn't running a backup record as I have in the past.

Given that my goal is high-quality audio production, this was a rather disappointing turn of events, but in the end I did put it out there with a big caveat in the show notes.

We just recorded show #49 today and I made sure to have nothing else running on the PC, to be writing to the main hard drive and to have a backup recorder. Hopefully I'll not experience the issue again.

Technorati Tags: security, skype, skype security, openid, voip, voip security, voipsa, voipsecurity

As I noted in my Voice of VOIPSA post today, Mark Collier (of hackingvoip.com fame) took some time in December to give www.voipsecurityblog.com a graphical makeover. He's got a cute new header image and an updated picture of himself. Although, Mark, I really have to say... you are violating the security "code of dress"! Don't you know that all good security people are supposed to wear black? Preferably a black turtleneck? Come on, now, you're going against the motif!

Ah, well... in any event, if you haven't checked out Mark's blog, it's a good one... even if he is wearing white. :-)

Technorati Tags: security, mark collier, voip, voip security, voipsa, voipsecurity

As I wrote over at Voice of VOIPSA, I was quoted in an article out today at VoIP News: How Secure Are Your VoIP Calls? The Voice of VOIPSA post has my (generally positive) reaction.

Technorati Tags: voip, voip security, voipsa, voipsecurity

One of the things I love about startups is the fact that they don't have any real constraints around what they can do for marketing, promotion, etc., etc. Witness this collision between VoIP and social media... Truphone's seasons greetings message sent out via YouTube:

I love it... even if I can't understand all of it! Just the kind of fun, cheeky kind of thing that you can do as a startup... kudos to you all, Truphone... and do keep it up, it's fun to see!

Technorati Tags: social media, truphone, voip, youtube

If you don't follow Jan Geirnaert's weblog, which he is now branding as www.skype-gadgets.com, it's worth checking out. He's a Belgian living in Malaysia and he mixes in commentary on Skype and VoIP hardware along with interesting notes about Malaysia, Hong Kong and that whole part of the world. Living on almost the other side of the globe from him, I find many of those posts quite interesting.

And he's often finding interesting news out about Skype... and pointing us to interesting gadgets. Take today's post on the "Cat-iq" phone from the ITU fair/trade show he's attending in Hong Kong. He has this picture and another, both of which you can click to see larger views. He doesn't yet provide more details or links... but it's interesting to see a glimpse into some of what people are coming up with over there. (And I'm guessing from the fact that it says "Wahlen" that this is perhaps from a German manufacturer.)

Anyway, do check out Jan's blog as he's often got interesting information.

Blue Box Podcast #47 is now available for download. In this show, Jonathan and I talk about some of the recent articles and reports hyping VoIP security, recent comments from SANS about the need for better VoIP security training, moves by the Indian government to block Skype and other VoIP services and much, much more. Tons of listener comments in this show... probably the most we've ever had. See the show notes for all the links and info.

Technorati Tags: skype, voipsecurity, voip, voip security, voipsa