….::: VOX POPULI :::….

The Answer to Government XP Woes

Posted by Mark Headd under Linux, Open Source

Government Technology Magazine is reporting on the reaction of state and local government IT officials to the recent decision of Microsoft to discontinue support for Windows XP and Office 2003:

Microsoft dropped free support this week for Windows XP and Office 2003, leaving state and local governments wondering when they’ll be forced to move computers to a newer operating system.

Lisa Moorehead, the director of management information systems in the Massachusetts Department of Public Utilities, said her department doesn’t have the budget to pay for repeated incident-report calls.

“That is going to pose huge problems to us and force us to potentially go to an operating system we don’t want to go to,” said Moorhead, who isn’t thrilled with one of her other options: the newer Windows Vista operating system.

So, what other options to state and local IT officials have? Let me spell it out for you:

U B U N T U !

‘Nuff said.

Shoring up Asterisk Security

Posted by Mark Headd under Asterisk, Linux, Open Source

Found out today that an external host had been scanning my Asterisk server looking for valid SIP extensions. Turned out the IP belonged to some German hacking site that was probably using some brute force tools to scan my server (and lots of others) for valid SIP extensions. The ultimate goal was more than likely to try and exploit any live extensions for some free phone calls.

Fortunately, in anticipation of moving my in-house Asterisk server out to the cloud I had recently done some work to become better educated on Asterisk security and to shore up the security of the CentOS machine my Asterisk instance is running on. As a result, my intrusion detection system slammed the door to the external scans pretty quick, and I’ve since added the IP address to my iptables rule set to to drop any requests from the IP used for the scan.

It was a little unnerving to find out that my box was getting scanned, but I’m glad I took the time recently to get things working more securely. This incident reminds me that one can never be too careful about security, and that there is always more to learn about running Asterisk more securely. To underscore this last point, here are some great links I’ve come across lately for Asterisk and Linux security:

• Weak Passwords on Extensions Equals Hacked Box
• John Todd’s Security List
• Avoiding the $100,000 Phone Bill: A Primer on Asterisk Security

Some general Linux security reading:

• An iptables Guide and Tutorial
• Advanced SSH security tips and tricks

Happy reading!

VoiceGlue Up And Running

Posted by Mark Headd under Asterisk, Development Tools, Linux

I now have VoiceGlue up and running on Ubuntu 8.10. (Actually, the Ubuntu server is running as a virtual machine under Sun’s VirtualBox 2.1.)

For those that don’t know, VoiceGlue is an open source project that links Asterisk (the open source PBX) with OpenVXI (an open source VoiceXML platform currently under the stewardship of Vocalocity). VoiceGlue makes it possible for Asterisk users to deploy a completely open source VoiceXML platform for building IVRs and other useful applications.

The VoiceGlue install on Ubuntu 8.10 went smoothly — I did run into an issue with one of the services not starting, but that was easily identified and fixed thanks to a speedy response from the VoiceGlue folks. (This issue was really my own fault — use the pgrep command to make sure you have specific services running. And when in doubt, check the logs people!)

Based on my experience with the install and my initial testing I am extremely impressed with VoiceGlue. Its well documented and there is an active community of users offering tips and troubleshooting advice.

Hats off to the people behind VoiceGlue — Doug Campbell and Steve Smith. Well done!

Ubuntu Asterisk Oddness

Posted by Mark Headd under Asterisk, Linux, Open Source

I have a virtual machine running Ubuntu 8.10 Server and I’ve been meaning to give VoiceGlue a try to see if I could set up my own completely open source VoiceXML platform,

I found that I was able to run sudo apt-get install asterisk at the command line, and I started to get excited. This was going to be the easiest Asterisk install yet. I was very soon disabused of this foolish notion.

The Asterisk install seemed to go smoothly, as did the basic set up and config. Just to make sure I was doing things by the numbers I set up a couple of extensions and a quick test to have Festival read something back to me. So far, so good. Next it was on to the VoiceGlue install.

Following the instructions in the VoiceGlue Wiki, the install went smoothly. All three VoiceGlue-related services started just fine (the voiceglue service itself barked at me because I had not yet set up call routing in /etc/voiceglue.conf - once I did this, it started up just fine.)

That’s when things got weird. The VoiceGlue Wiki says:

Phoneglue also needs to be contacted via FastAGI for all calls that it will handle, and it needs to use a particular context, extension, and priority to send calls to itself.

OK, no worries there. I set up a new context in /etc/asterisk/extensions.conf and then reloaded the dialplan from the Asterisk console. So far so good. Then, the oddness set in.

I kept seeing an error in the Asterisk logs saying:

res_agi.c:229 launch_netscript: Connect to 'agi://localhost' failed: Connection refused

After banging my head against the wall trying to figure it out I decided to check and see if anything was listening on port 4573 (the default port for FastAGI). No dice.

I tried running the test AGI script comes with Asterisk (agi-test.agi). Again, no dice. In fact, it doesn’t look like there are any directories containing AGI scripts anywhere.

Ubuntu Asterisk seems to be looking in /usr/share/asterisk/agi-bin/ - it doesn’t exist. Neither does the usual directory for AGI scripts (/var/lib/asterisk/agi-bin/). Nor does another common directory - /var/spool/asterisk/outgoing.

Why is all of this missing from the Ubuntu version of Asterisk? Anyone have any thoughts? Did I miss something obvious during the install?

I’m still eager to try VoiceGlue, so it looks like I’ll be building Asterisk from scratch.

Behold the Power of the Command Line

Posted by Mark Headd under Development Tools, Linux, Open Source

After finding the unbelievingly cool and useful Command-line fu website, I have been consumed with finding and using powerful command line tools. Here are some of the tools I’ve been playing with recently:

xmlstarlet - xmlstarlet is a powerful tool set for using and manipulating XML from the command line. Anyone that interacts regularly with REST-based APIs should give this a look.

curl - I did a separate post on curl and explained how to use it to interact with the Twitter API. Things get cool fast when you start to combine these tools by piping output from one command to another. For example, using curl and xmlstarlet, you can get your Tweets from the command line (you can change the count parameter in the call to the Twitter API to get a different number of Tweets back):

curl -s -u user:password 'http://twitter.com/statuses/friends_timeline.xml?count=5' | xmlstarlet sel -t -m '//status' -v 'user/screen_name' -o ': ' -v 'text' -n

festival - why read text when you can have your computer speak to you? I’m now getting my daily horoscope via curl, xmlstarlet, festival and cron:

curl -s 'http://www.trynt.com/astrology-horoscope-api/v2/?m=2&d=23' | xmlstarlet sel -t -m '//horoscope' -v 'horoscope' | festival --tts

When you’ve got tools like this, the command line is where its at!

The Penguin Loves Obama

Posted by Mark Headd under Linux, Open Source, Standards

Will he love the penguin back?

That’s the hope of a number of prominent open source advocates who have written an open letter to President Obama encouraging greater use of open source software in the federal government:

Mr. President, we believe the open-source industry is changing the world of software development in many of the ways you have promised to change American politics. The values of open source mirror those you promoted in your campaign: hope, change, and openness. We, the undersigned, sincerely hope that you will make the use of open-source software a key component of every new technology initiative the United States government enters into during your presidency.

Here’s hoping that President Obama sees the connection between his campaign’s call for change and embracing better ideas for our future, and the principles of open source software development.

Command Line Twitter

Posted by Mark Headd under Linux, Tutorials, Twitter

Just when I thought it couldn’t get any easier to send out a Tweet, I lucked out and found Command-line Fu.

While browsing some very cool command line tricks, I happened upon a command to send out a Tweet using curl from the command line. I’ve seen this kind of example before - there may even be something similar in the Twitter API Wiki - but for some reason it resonated with me this morning. After playing around with it a bit, I’ve tweaked it to my liking:

curl -s -u user:password -d status="$1" http://twitter.com/statuses/update.xml > /dev/null

You can drop this into a file using your favorite editor. Save it and make sure the file is executable (chmod u+x fileName). You can execute this file at the command line like this:

$ ./fileName "This is the text of my Tweet."

I’ve opted to redirect the output returned by executing the curl command (Twitter will respond to the request with an XML document) to the bit bucket. I’ve also opted to turn off the normal progress indicator used by curl by invoking the -s flag. Feel free to tweak this to your heart’s desire.

I’ll definitely be sending out more Tweets from the command line, and I’ll definitely be going back over to Command-line Fu for some more command line tricks.

Wanted: One IM/VoIP Client That Does it All

Posted by Mark Headd under Linux, Standards, Twitter, VoIP

Vacancy Description:

There is an immediate opening in my life for a smart, fast, next-generation IM client that can integrate with multiple social networks, standard XMPP servers, email and POP accounts and VoIP services.

Candidates already evaluated:

Digsby: Digsby is an IM client that connects to AIM, MSN, Yahoo, ICQ, Google Talk, Jabber, and Facebook Chat.

Pros:

• Can be used to manage e-mail on different networks (Hotmail, Gmail, Yahoo Mail, AOL/AIM Mail, IMAP, and POP accounts).
• Integrates with social networks like Facebook (receive friend requests, etc.) and Twitter (change status).

Cons:

• Windows only (for now).
• Can’t use for VoIP phone / video calls.

WengoPhone: A SIP client that also integrates with IM networks such as Google and AIM.

Pros:

• Multi-platform (runs on Windows, Linux or Mac).
• Supports SIP.
• Support for AIM and Jabber IM accounts.

Cons:

• Can’t integrate with social networks like Facebook.
• Can’t be used to manage e-mail accounts

Meebo: A web-based service that integrates with a host of different IM and social networks, including Facebook and MySpace.

Pros:

• Web-based — no install required, and can be accessed from anywhere.
• Can connect to AIM, Yahoo, Google, MySpace, Facebook, Jabber and ICQ accounts

Cons:

• Can’t use for VoIP phone / video calls.
• Ad supported, so I get asked if I want to watch Miley Cyrus videos on occasion (who doesn’t though…)

This position will remain open until a suitable candidate has been found.

The Upside of the Downturn

Posted by Mark Headd under Linux, Open Source

If there is an upside to the economic downturn, some people think it will be the broader adoption of open source software:

In the last major economic downturn, Linux established itself as a widely-accepted enterprise operating system, benefiting a lively ecosystem of vendors such as Red Hat and Novell. The return of tough economic times puts the open source alternative again front and center, this time with focus on databases and higher-level software applications.

This is an area where governments should also look for cost savings an innovation opportunities but, sadly, it seems that few are. Several years ago, I was involved in an effort to create a software repository for governments, a place where governments could share software components with each other — sort of a Sourceforge for the public sector. This wasn’t an original idea — certainly there are other sites that are similar in focus — and initially there was great enthusiasm behind the idea, with a number of state governments (including the one I worked for) voicing early support.

Unfortunately because of a complete lack of vision in the IT leadership of my state, the decision was made not to sign on to the Government Open Code Collaborative project as a full member (an outcome that greatly contributed to my decision to leave state government). Even more unfortunate, the entire project seemed to wither and die after the departure of the State of Massachusetts CIO, Peter Quinn.

I still think the idea of a software repository for the public sector is a good idea. Unlike private sector entities, states and local governments — with rare exception — are not in direct competition. (It doesn’t seem likely that the Commonwealth of Pennsylvania will make a play to license the drivers of New York, or that the State of Indiana will try to undercut the State of Maryland’s authority to manage the Chesapeake Bay Watershed.) Governments can share software components in a way that private sector entities can not.

So why aren’t there any thriving public sector software repositories out there? I wish I knew.

Maybe the current economic downturn will focus the attention of governments on the potential of this idea. Here’s hoping…

My Favorite Linux Commands: find

Posted by Mark Headd under Linux

Over the next week or so (as time allows), I’ll attempt to write a short summary of my favorite Linux commands. These are commands that I use regularly and make my life a lot easier. Hopefully, they’ll make your life easier too. Up first, the find command.

Not surprisingly, you can use the find command to locate files (and other things ;-)). What is surprising is the large number of options that you can set to find exactly the file(s) that you are looking for, and take action on them.

Let’s say that I have a directory called “sale” with JPEG files in it that have differences in their file extension (i.e, some were saved as *.jpg, and some as *.JPG) and their permission settings. I’d like to know how many of each I have, and then I’d like to change the permissions on a subset of them, to make those that are currently not readable by the “other” group readable.

First, lets see how many files are in the directory:

$ find sale/ -type f -iname "*.jpg"
sale/P9130285.JPG
sale/P9130286.JPG
sale/P9130287.JPG
sale/P9130288.JPG
sale/P9130289.JPG
sale/P9130290.JPG
sale/P9130291.JPG
sale/phone_1.jpg
sale/phone_2.jpg
sale/phone_3.jpg
sale/phone_4.jpg
sale/phone_5.jpg

Like other Linux commands, you can direct the output of find into another command to get a summary count of all the files located:

$ find sale/ -type f -iname "*.jpg" | wc -l
12

In the above example, I use the -type option and the -iname option to list all files with a .jpg extension (regardless of case). Not surprisingly, using the -name option applies a similar, but case sensitive, pattern match on file names:

$ find sale/* -type f -name "*.jpg"
sale/phone_1.jpg
sale/phone_2.jpg
sale/phone_3.jpg
sale/phone_4.jpg
sale/phone_5.jpg

There are a large number of options that can be used, and the real power of this command comes from a thorough understanding of them. One of the most useful, in my opinion, is the -exec option. This option lets you do something specific with each file that is found. To change the permissions on all files with a case sensitive “.jpg” extension and make the files readable by the “other” group, you could use the following:

find sale/* -type f -name "*.jpg" -exec chmod o+r {} \;

The -exec option lets you specify another command that is run on each file found (represented by the {} argument). Note, you also need to end the command issued by -exec with an escaped semicolon. Using the find command in this way can be enormously helpful for doing things like clearing out old log files. I typically use find in a cron job that searches directories for log files older than a certain amount of time (using the -mtime option) and then deletes them from the directory:

find logs/ -type f -name "*log*" -mtime +30 -exec rm {} \;

If you’re like me you will probably have an arsenal of commands that you use on a regular basis, to quickly and easily do the things that you do almost every day. Having the find command in your arsenal can make life a lot easier.