Disruptive Telephony

In a few short hours, I will be catching a plane heading out to Fort Huachuca, Arizona, to swim in an alphabet soup of very different acronyms and jargon than my normal work - the "OSD-Sponsored, JITC-Hosted DOD Telecommunications Services Information Conference".  As noted on the page:

The purpose of the conference is to provide an open forum where DOD and vendor representatives can discuss issues related to interoperability of systems providing DOD Telecommunications Switched Services.

The conference will present the current program and discuss ongoing developments to the interoperability certification and information assurance procedures and test documentation. Other topics for discussion include emerging technologies, standards and their integration into the systems providing DOD Telecommunications Services.

I attended last year as well and it's definitely an interesting experience.  The US DoD is really doing some intriguing things with how they make use of VoIP / IP Telephony.  Obviously security is rather important.  They are also driving IPv6 adoption into their infrastructure and so, with the June 2008 mandate only a year away, it will be quite interesting to hear where they are with regard to IPv6 adoption.  Obviously, their huge size and buying power is of strong interest, so the number of vendors will no doubt be high.  Also, and I would think "obviously", I won't exactly be writing about things that I hear or learn there.

If any of you reading this happen to be out there at the conference, do drop me a note as I'm always interested in meeting readers or listeners.

Over on the Voice of VOIPSA weblog, I just posted "Ready or not... here come the IRC-controlled SIP/VoIP attack bots!" Given the sheer number of VoIP security tools out there, I think I and most others involved with VOIPSA figured it was only a matter of time before someone automated the attacks.  Did I hope that the creation of "bots" could have held off for a bit longer?  Definitely... but we have to play with the cards we are dealt.

I tried in the article not to hype the threat... that we are aware of, there are not massive botnets out there waiting to attack VoIP systems.  But there is now a proof-of-concept "bot" out there and those of us dealing with VoIP security have to look at how that could impact us.

And it's definitely a sign that we as an industry really have to get security locked down on SIP systems!

I do have to hand it to the Skype marketing folks... it's certainly a cute move on their part to offer Skype users in the US and Canada a full day of free calls to landlines and cell phones around the world.   With Mother's Day being one of the highest days of phone usage, it's a natural day to pick for a gimmick. 

There are limits, though, and the terms and conditions were interesting to read.  I'm not sure how to read #9 where users are limited to 200 minutes per call:

Skype asks that you enjoy this offer fairly and sensibly, for your personal and non-commercial purposes. Calls are limited to 200 minutes per computer during the offer period. If you make excessive, systematic or intentional misuse of the offer, Skype reserves the right to terminate your access to your account immediately.

So is that 200 minutes, total?  Or is that per call?  i.e., if you've been talking to someone for over 3 hours on the same call you have to hang up and initiate a new call?  Either way, it's a good amount of time to spend on the "phone".

I also enjoyed this part:

Skype reminds users of the nature and limitations of the Internet and is not responsible for any hardware or software problems, any technical malfunctions of any communications network, online system or computer hardware or software that may affect access to the offer. Skype is also not responsible for any fraudulent, incomplete, garbled, or delayed computer transmissions or inaccurate transcription of information, whether caused by Skype, its users or by any of the equipment or programming associated with or utilized in this offer by any technical or human error which may occur in the processing of the offer which may damage a user's system or limit a participant's ability to participate in the offer.

So if you can't understand your mom (or whomever else you call), it's not Skype's responsibility!  :-)

Ah, well... kudos to them for coming up with a cute marketing gimmick.  If it get's some more people to try out consumer VoIP, all the better for us all.

I will call my Mom on Mother's Day, but odds are that I'll just be using the regular old landline.  We'll see.  It's tempting to call other people in other parts of the world that day, but: a) it's a Sunday and for most folks I know overseas it's a weekend and they like to spend that time with their family; and b) *I* will be spending that day with my family.

P.S. Also quite interesting to see that Intel is a co-sponsor of this marketing campaign.

Over on Skype Journal, Phil Wolff has posted his "26 Wishlist Items for Enterprise Skype", which makes for interesting reading.  Basically his list of what Skype needs to work in the enterprise.  It's a good list with many good ideas for VoIP in general, not just Skype.  The list isn't prioritized but my 2 cents would be that the #1 thing Skype needs is the network edge proxy server that Phil mentions... some kind of choke point that IT Security managers can use to monitor/block/allow/deny Skype access.  The reality is that I think most IT security folks just plain don't trust Skype. 

What do you think of the list?

P.S. Phil also has previously come up with the very cool image/logo to the right that I think all of us VoIP bloggers who write about Skype Enterprise really must use.  And if you don't understand the significance of the logo or the play on words, well, your geek credentials are seriously in doubt. (Hint)

Those of you with an interest in Skype may wish to read my post over on Disruptive Conversations about VoIP blogger Jan Geirnaert ceasing the use of his skype-watch.com and skype-gadgets.com domains for his blog.  I've included there links from a number of the other VoIP bloggers who have covered this issue in more detail.

Last week Skype came out with a Developer Program newsletter that provided a bit more insight into the Call Transfer capability now available in the recently released Mac version 2.6. In the full version of the article, Skype technical project manager Morné van Dalen answers some questions about what the Call Transfer API is all about.  It's interesting to see the discussion here of Group transfer, specifically in this list:

• Skype to Skype (P2P)
• Skype to SkypeOut (P2P to SipOut)
• SkypeIn to Skype (SipIn to P2P)
• SkypeIn to SkypeOut (SipIn to SipOut)
• Skype to Group
• SkypeIn to Group

It's quite curious, though, that transfer to SkypeIn and SkypeOut will only be available to Skype Pro customers, which of course is not available in North America!  Seems a rather puzzling disconnect.

Anyway, it will continue to be interesting to watch these capabilities evolve...

Yesterday after the close of the market, my employer, Mitel, announced an agreement to acquire Inter-Tel.   There's not much I can say beyond what's in the news release... but I can say that I am quite excited by the news!

It's a school vacation week here in my part of the USA and I'm planning to be offline for the remainder of the week.  Getting outside with my family... going on some day trips, doing some landscaping and otherwise enjoying the beautiful weather we are having right now.  I expect to be back posting here on Monday, April 30th.  See you then.

I posted Blue Box Podcast #56 tonight and with it Jonathan and I are beginning a series of mini-tutorials on subjects related to VoIP security.  In this show, we talked about voice encryption. In the next show (already recorded) we will talk about signaling encryption.  The idea is to cover some basic ground so that people not familiar with the area can have a basic understanding.

Just glad to get that one up - tomorrow I'm going to work on #57 to see if I can get it online for Wednesday.  We're trying hard to get back on a weekly schedule.  (#56 was intended to go up last week.)

We've all undoubtedly seen the chain-letter email messages that circulate around telling you that by forwarding the email you will make money or receive gifts and most people with half a clue understand that this kind of thing is pretty much impossible.  So it was with a whole lot of skepticism that I first greeted Microsoft's "i'm" campaign because the premise is: for every IM conversation you have with Windows Live Messenger, we'll donate some money to the nonprofit of your choice (from among nine choices).  To me, it sounded just a wee bit fishy.   In reading the "About" page you do learn a bit more.  First:

Every time you start a conversation using i’m, Microsoft shares a portion of the program's advertising revenue with some of the world's most effective organizations dedicated to social causes. We've set no cap on the amount we'll donate to each organization. The sky's the limit. There's no charge, so join now and put our money where your mouth is.

and then this:

Once you've signed up, every ad you see in your message window contributes to the grand total we send to the causes.

So it's all about a portion of the advertising revenue that is generated from use of Windows Live Messenger (formerly "MSN Messenger").  But this second piece I find interesting... it sounds like Microsoft must be being paid on a pay-per-view basis versus pay-per-click.  The advertisers pay MS based on the number of times that their ad is displayed.  Ergo... the more IM conversations there are, the more times the ads are displayed... the more money goes to Microsoft.... and the more can be distributed to the nonprofits.  I was a bit surprised as I would have expected it to be more like pay-per-click - and undoubtedly it still is, i.e. for a view an advertiser pays $X and if someone clicks through an advertiser pays $X + $Y.

Digging into the Press area, there was the FAQ that explained a bit more:

Q: How much money goes to the organization from each conversation?
A: Although the donation amount from each user is small, the power of the Windows Live Messenger network makes this donation significant. For competitive reasons, we can’t share the per-conversation amount of advertising revenue that we will contribute, but every new conversation you have will lead to money being donated to the cause you select. Each organization is guaranteed a minimum of $100,000 for its involvement.

So ultimately it will amount to at least $900,000 in money being given out to these nonprofit organizations... certainly nothing to dismiss!  There was also this little piece of curiousity:

Q: Can everyone participate in this initiative?
A: The i’m Initiative is available to everyone in the 50 United States and the District of
Columbia.

Huh?  I first learned of it from a friend in the UK who signed up for the initiative.  How would Microsoft even know, anyway?  Last I knew you didn't really have to divulge geographic details to sign up for WLM... and even if you did those could be bogus... and people move all over the world anyway.  Strikes me as quite odd.

Regardless, kudos to Microsoft for finding a fun way to make donations to some worthy organizations.  I'm not so naive as to think Microsoft is doing this entirely out of the goodness of their hearts - I do realize that they hope to: a) attract more users to WLM; and b) increase the number of views of their advertisers ads.  I assume they hope that it will incent people who use multiple IM services to have more conversations on WLM because those conversations will count for $$$. Probably not a bad idea.  For me, WLM happens to be one of the two primary consumer IM services I use (the other being Skype) and for whatever reason the sets of people I communicate with are pretty separate.  So it won't really change my behavior, but I could see that potential where people have more overlap between their contact/buddy lists.

To go back to the beginning, why is this "real" when the email scams aren't?  Remember that the major consumer IM services (WLM, Yahoo!Messenger, AIM, Skype) are all "walled gardens" and in the server-based services (WLM, AIM, Yahoo) the companies controlling the servers know precisely how many conversations are going on, who is having them (and in fact what is being said).  In contrast, with email the network of servers is completely distributed with no one controlling them all.  As long as the walls remain, the companies controlling the servers have all that data.  (Skype is a wee bit different, being peer-to-peer.)

In any event, it's an interesting initiative and it's great to see companies trying out new things that do benefit nonprofit organizations trying to bring about change in the world.  Kudos to Microsoft - and if you are a WLM user, check out the initiative... it's very simple... if you already have WLM 8.1, just add a text string to your display name.  If you don't have WLM 8.1, you'll need to upgrade. (Hmmm... which might be a third benefit for Microsoft - encourage people to move to the latest version.)