sip5060.net / en es

RSS Atom

Planet SIP

June 15, 2021

• Digium Connecting with Customers and Co-Workers in Today and Tomorrow’s Reality: Part 2

  Why is communicating with customers and co-workers different? Let’s start with connecting with co-workers. In a work environment, we all have the same tools, so it’s easy to chat / instant message, go to the Intranet, or place calls. Indeed, we’ve all been on a lot of video calls.

  You can say video calls have replaced what we used to call “conference calls.” It’s to the point where setting up video calls in meeting invites is now de rigueur. Also, you can quickly start conversations with chat that might seamlessly switch to video calls because we’re so used to it now. We’ve been on so many video calls lexicon such as “video meeting fatigue” has entered everyday usage.

  With customers, it’s very different.

  Customers don’t have the same connected tools as you do and aren’t behind your firewalls anyway. So, a click on the same tool is not so easy. Connecting with customers is more varied.

  Many customers just want to make an appointment, call about an issue, or find out what time you are open (or even if you are open). As such, with customers, the name of the game is to offer as much self-help as possible and be available in real-time when needed. Thus, we see what at one time were genuine innovations such as phone apps, websites, and IVRs now become centerpieces of today’s customer communication.

  But there is also a need for real-time communications, and we see the need for multi-modal forms of real-time communications such as texting, chat, and apps, in addition to voice. In this case, video is part of the overall picture but not nearly as front and center as intra-company communication. As such, real-time business communication is pretty nuanced, and video is not the centerpiece. In next week’s blog, we’ll examine why video not being the centerpiece of customer communications could present a problem if you choose a video-centric business communication system.

  The post Connecting with Customers and Co-Workers in Today and Tomorrow’s Reality: Part 2 appeared first on Sangoma.

June 14, 2021

• WebRTC Hacks FaceTime finally faces WebRTC – implementation deep dive

  Deep dive analysis on how FaceTime for Web uses WebRTC. Philipp "Fippo" Hancke uses webrtc-internals, Wireshark, and reviews the JavaScript implementation to expose Apple's implementation details.

  The post FaceTime finally faces WebRTC – implementation deep dive appeared first on webrtcHacks.

June 11, 2021

• FreeSWITCH The Remote Work Revolution is Here

  In a post-COVID world, what’s going to happen to all those office jobs that went remote last year? In mid-2021, as vaccines roll out across the globe, more and more companies are having to grapple with this question. It’s estimated there’s been an 87% increase in remote work from pre-pandemic levels. Now that more workers than ever have had a taste of what it means to work remotely, will they give it up without a fight? Will they even have to? 

  The FreeSWITCH project and SignalWire have been staffed with fully remote employees since the beginning. For tech jobs in particular, this isn’t as uncommon as it is in some other fields. And those that work in tech love their remote jobs – recently, in a survey by Hackajob, 86% of tech professionals disclosed they never want to go back to the office full-time. Many employees are open to the idea of a hybrid work environment, where they might go to the office a few days a week, but not being able to work from home at all is becoming a huge deal breaker as the world slowly opens back up.

  The benefits of working remotely are undeniable, for employees and employers alike. Many surveys and polls have been conducted over the past year to provide some data and clarity on the situation. Certainly, COVID being the driving force of working remotely complicated things a little bit – being forced to stay at home in unusual situations, stuck with rowdy children or not being able to leave or see another person for days at a time, aren’t situations that accurately represent the typical state of the world or working remotely.

  In spite of these challenges, working remotely has been viewed positively by most who have tried it. And many benefits were provided to workers without losing productivity! In a survey by Mercer, 94% of employers said productivity was the same or higher than before the pandemic. As many as 30% of workers believe that they’re even more productive working from home than in an office. And is this really surprising? Remote workers have no commute, less or no small office talk, and more time for family and exercise during the day, leading to a higher quality of life and better work-life balance. A survey report by Owl Labs showed that remote workers are 22% happier than workers always on site in an office. And why wouldn’t a less exhausted, happier employee be more productive and enthusiastic about work? 

  This same survey by Owl Labs collected a few snippets of data to highlight the benefits of remote work. Employees save both time and money leaving the traditional commute behind: an average of 40 minutes per day, and an estimated $6000 per year. On top of that, 20-25% of companies are paying at least part of the cost for equipment and furniture. And monetary benefits extend to employers too! It’s estimated that companies can save up to $11,000 per year per employee when ditching the office from a combination of reduced office costs, increased worker productivity, and less turnover. Not to mention attracting top talent – 59% of those surveyed said they would be more likely to choose an employer that offered remote work over one that did not. 

  When talking about worker benefits from working remotely, it’s impossible not to zoom in on the lack of commute a little bit more closely. It is consistently listed as being the best quality of remote work, far ahead of factors like flexible childcare, hanging out with pets during the day or wearing sweatpants to meetings. In the U.S. in particular, 2019 time spent stuck in traffic was as much as 70-120 hours per year for the typical commuter – a number that dropped to a national average of 23 hours in 2020. Collectively, people saved 3.4 billion hours in commute time, according to a report by Automotive News. The benefits extend beyond individual workers to the planet as a whole when 28% of greenhouse gas emissions come from cars and 86% of U.S. workers drive a private vehicle. When time spent on the road is cut significantly, a positive impact on the environment is the direct result.

  All these benefits are clearly no small thing. They upgrade quality of life in almost every way imaginable, and employees are prepared to quit instead of giving them up. A Bloomberg poll asserts that 39% of workers would quit before going back to the office. And that number rises to 49% for Gen-Z and Millennials. Remote work is so desirable it even undercuts monetary considerations – 23% of those surveyed said they would take a 10% pay cut in order to keep working remotely permanently. 

  Some executives, however, are pushing the importance of working in person, claiming remote work diminishes collaboration and company culture. As many as 29% of executives surveyed by PwC believe at least 3 days per week in the office are required to maintain company culture, and 21% believe 5 full days are needed. The number that believe no days at all are necessary was a measly 5%. 44% of companies still don’t allow remote work, and a mere 16% of companies hire remote-only workers. So will companies be able to keep up with worker demand for more remote jobs?

  It’s difficult to know where this is all heading; at the moment, less than 30% of workers are back in the office. In spite of this, it’s been estimated the percentage of employees working remotely full time could nearly double in 2021 from last year. And none of this is even to mention that many employees still have concerns about unvaccinated colleagues and COVID precautions. Let’s not forget that though things are getting better in some places, the pandemic rages on. But pandemic or not, if everyone is saving money and time, is happier and more productive, why shouldn’t we embrace working remotely as a common fact of modern life?

  The post The Remote Work Revolution is Here appeared first on FreeSWITCH.

• François Marier Using a Let's Encrypt TLS certificate with Asterisk 16.2

  In order to fix the following error after setting up SIP TLS in Asterisk 16.2:

  asterisk[8691]: ERROR[8691]: tcptls.c:966 in __ssl_setup: TLS/SSL error loading cert file. <asterisk.pem>
  

  I created a Let's Encrypt certificate using certbot:

  apt install certbot
  certbot certonly --standalone -d hostname.example.com
  

  To enable the asterisk user to load the certificate successfuly (it doesn't have permission to access the certificates under /etc/letsencrypt/), I copied it to the right directory:

  cp /etc/letsencrypt/live/hostname.example.com/privkey.pem /etc/asterisk/asterisk.key
  cp /etc/letsencrypt/live/hostname.example.com/fullchain.pem /etc/asterisk/asterisk.cert
  chown asterisk:asterisk /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
  chmod go-rwx /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
  

  Then I set the following variables in /etc/asterisk/sip.conf:

  tlscertfile=/etc/asterisk/asterisk.cert
  tlsprivatekey=/etc/asterisk/asterisk.key
  

  Automatic renewal

  The machine on which I run asterisk has a tricky Apache setup:

  • a webserver is running on port 80
  • port 80 is restricted to the local network

  This meant that the certbot domain ownership checks would get blocked by the firewall, and I couldn't open that port without exposing the private webserver to the Internet.

  So I ended up disabling the built-in certbot renewal mechanism:

  systemctl disable certbot.timer certbot.service
  systemctl stop certbot.timer certbot.service
  

  and then writing my own script in /etc/cron.daily/certbot-francois:

  #!/bin/bash
  TEMPFILE=`mktemp`
  
  # Stop Apache and backup firewall.
  /bin/systemctl stop apache2.service
  /usr/sbin/iptables-save > $TEMPFILE
  
  # Open up port 80 to the whole world.
  /usr/sbin/iptables -D INPUT -j LOGDROP
  /usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
  /usr/sbin/iptables -A INPUT -j LOGDROP
  
  # Renew all certs.
  /usr/bin/certbot renew --quiet
  
  # Restore firewall and restart Apache.
  /usr/sbin/iptables -D INPUT -p tcp --dport 80 -j ACCEPT
  /usr/sbin/iptables-restore < $TEMPFILE
  /bin/systemctl start apache2.service
  
  # Copy certificate into asterisk.
  cp /etc/letsencrypt/live/hostname.example.com/privkey.pem /etc/asterisk/asterisk.key
  cp /etc/letsencrypt/live/hostname.example.com/fullchain.pem /etc/asterisk/asterisk.cert
  chown asterisk:asterisk /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
  chmod go-rwx /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
  /bin/systemctl restart asterisk.service
  
  # Commit changes to etckeeper.
  pushd /etc/ > /dev/null
  /usr/bin/git add letsencrypt asterisk
  DIFFSTAT="$(/usr/bin/git diff --cached --stat)"
  if [ -n "$DIFFSTAT" ] ; then
      /usr/bin/git commit --quiet -m "Renewed letsencrypt certs." letsencrypt asterisk
      echo "$DIFFSTAT"
  fi
  popd > /dev/null
  

• François Marier SIP Encryption on VoIP.ms

  My VoIP provider recently added support for TLS/SRTP-based call encryption. Here's what I did to enable this feature on my Asterisk server.

  First of all, I changed the registration line in /etc/asterisk/sip.conf to use the "tls" scheme:

  [general]
  register => tls://mydid:mypassword@servername.voip.ms
  

  then I enabled incoming TCP connections:

  tcpenable=yes
  

  and TLS:

  tlsenable=yes
  tlscapath=/etc/ssl/certs/
  

  Finally, I changed my provider entry in the same file to:

  [voipms]
  type=friend
  host=servername.voip.ms
  secret=mypassword
  username=mydid
  context=from-voipms
  allow=ulaw
  allow=g729
  insecure=port,invite
  transport=tls
  encryption=yes
  

  (Note the last two lines.)

  The dialplan didn't change and so I still have the following in /etc/asterisk/extensions.conf:

  [pstn-voipms]
  exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551234567>)
  exten => _1NXXNXXXXXX,n,Dial(SIP/voipms/${EXTEN})
  exten => _1NXXNXXXXXX,n,Hangup()
  exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551234567>)
  exten => _NXXNXXXXXX,n,Dial(SIP/voipms/1${EXTEN})
  exten => _NXXNXXXXXX,n,Hangup()
  exten => _011X.,1,Set(CALLERID(all)=Francois Marier <5551234567>)
  exten => _011X.,n,Authenticate(1234) ; require password for international calls
  exten => _011X.,n,Dial(SIP/voipms/${EXTEN})
  exten => _011X.,n,Hangup(16)
  

  Server certificate

  After setting everything up, I saw the following error in my logs:

  asterisk[8691]: ERROR[8691]: tcptls.c:966 in __ssl_setup: TLS/SSL error loading cert file. <asterisk.pem>
  

  due to the fact that I didn't set tlscertfile in /etc/asterisk/sip.conf and that it's using its default value of asterisk.pem, a non-existent file.

  I initially thought that since my Asterisk server is only acting as a TLS client, and not a TLS server, there's probably no harm in not having a certificate. In practice however, my TLS connection was a little unreliable and it would regularly fail with the following TLS errors:

  asterisk[534775]: ERROR[534879]: iostream.c:538 in ast_iostream_close: SSL_shutdown() failed: error:00000005:lib(0):func(0):DH lib, Underlying BIO error: Broken pipe
  asterisk[534775]: ERROR[610289]: tcptls.c:553 in ast_tcptls_client_start: Unable to connect SIP socket to w.x.y.z:5061: Connection refused
  asterisk[534775]: ERROR[610289]: tcptls.c:553 in ast_tcptls_client_start: Unable to connect SIP socket to w.x.y.z:5061: Connection reset by peer
  

  I therefore decided to setup a Let's Encrypt certificate in Asterisk to eliminate the original error.

  Firewall

  This originally appeared not to be necessary, but I found that I ran into a number of intermittent connection errors such as:

  asterisk[1280841]: ERROR[1537920]: tcptls.c:553 in ast_tcptls_client_start: Unable to connect SIP socket to w.x.y.z:5061: Connection reset by peer
  

  and so I put the official firewall recommendations in /etc/network/iptables.up.rules:

  # SIP and RTP on TCP/UDP (servername.voip.ms)
  -A INPUT -s w.x.y.z/32 -p tcp --dport 5061 -j ACCEPT
  -A INPUT -s w.x.y.z/32 -p udp --sport 5004:5005 --dport 10001:20000 -j ACCEPT
  

  where w.x.y.z is the IP address of servername.voip.ms as returned by dig +short servername.voip.ms.

• François Marier Making SIP calls to VoIP.ms subscribers without using the PSTN

  If you want to reach a VoIP.ms subscriber from Asterisk without using the PSTN, there is a way to do so via SIP URIs.

  Here's what I added to my /etc/asterisk/extensions.conf:

  exten => 1234,1,Set(CALLERID(all)=Francois Marier <5555551234>)
  exten => 1234,n,Dial(SIP/sip.voip.ms/5555556789)
  

• François Marier Encrypted connection between SIP phones using Asterisk

  Here is the setup I put together to have two SIP phones connect together over an encrypted channel. Since the two phones do not support encryption, I used Asterisk to provide the encrypted channel over the Internet.

  Installing Asterisk

  First of all, each VoIP phone is in a different physical location and so I installed an Asterisk server in each house.

  One of the server is a Debian stretch machine and the other runs Ubuntu bionic 18.04. Regardless, I used a fairly standard configuration and simply installed the asterisk package on both machines:

  apt install asterisk
  

  SIP phones

  The two phones, both Snom 300, connect to their local asterisk server on its local IP address and use the same details as I have put in /etc/asterisk/sip.conf:

  [1000]
  type=friend
  qualify=yes
  secret=password1
  encryption=no
  context=internal
  host=dynamic
  nat=no
  canreinvite=yes
  mailbox=1000@internal
  vmexten=707
  dtmfmode=rfc2833
  call-limit=2
  disallow=all
  allow=g722
  allow=ulaw
  

  Dialplan and voicemail

  The extension number above (1000) maps to the following configuration blurb in /etc/asterisk/extensions.conf:

  [home]
  exten => 1000,1,Dial(SIP/1000,20)
  exten => 1000,n,Goto(in1000-${DIALSTATUS},1)
  exten => 1000,n,Hangup
  exten => in1000-BUSY,1,Hangup(17)
  exten => in1000-CONGESTION,1,Hangup(3)
  exten => in1000-CHANUNAVAIL,1,VoiceMail(1000@mailboxes,su)
  exten => in1000-CHANUNAVAIL,n,Hangup(3)
  exten => in1000-NOANSWER,1,VoiceMail(1000@mailboxes,su)
  exten => in1000-NOANSWER,n,Hangup(16)
  exten => _in1000-.,1,Hangup(16)
  

  the internal context maps to the following blurb in /etc/asterisk/extensions.conf:

  [internal]
  include => home
  include => iax2users
  exten => 707,1,VoiceMailMain(1000@mailboxes)
  

  and 1000@mailboxes maps to the following entry in /etc/asterisk/voicemail.conf:

  [mailboxes]
  1000 => 1234,home,person@email.com
  

  (with 1234 being the voicemail PIN).

  Encrypted IAX links

  In order to create a virtual link between the two servers using the IAX protocol, I created user credentials on each server in /etc/asterisk/iax.conf:

  [iaxuser]
  type=user
  auth=md5
  secret=password2
  context=iax2users
  allow=g722
  allow=speex
  encryption=aes128
  trunk=no
  

  then I created an entry for the other server in the same file:

  [server2]
  type=peer
  host=server2.dyn.fmarier.org
  auth=md5
  secret=password2
  username=iaxuser
  allow=g722
  allow=speex
  encryption=yes
  forceencrypt=yes
  trunk=no
  qualify=yes
  

  The second machine contains the same configuration with the exception of the server name (server1 instead of server2) and hostname (server1.dyn.fmarier.org instead of server2.dyn.fmarier.org).

  Speed dial for the other phone

  Finally, to allow each phone to ring one another by dialing 2000, I put the following in /etc/asterisk/extensions.conf:

  [iax2users]
  include => home
  exten => 2000,1,Set(CALLERID(all)=Francois Marier <2000>)
  exten => 2000,2,Dial(IAX2/server1/1000)
  

  and of course a similar blurb on the other machine:

  [iax2users]
  include => home
  exten => 2000,1,Set(CALLERID(all)=Other Person <2000>)
  exten => 2000,2,Dial(IAX2/server2/1000)
  

  Firewall rules

  Since we are using the IAX protocol instead of SIP, there is only one port to open in /etc/network/iptables.up.rules for the remote server:

  # IAX2 protocol
  -A INPUT -s x.x.x.x/y -p udp --dport 4569 -j ACCEPT
  

  where x.x.x.x/y is the IP range allocated to the ISP that the other machine is behind.

  If you want to restrict traffic on the local network as well, then these ports need to be open for the SIP phone to be able to connect to its local server:

  # VoIP phones (internal)
  -A INPUT -s 192.168.1.3/32 -p udp --dport 5060 -j ACCEPT
  -A INPUT -s 192.168.1.3/32 -p udp --dport 10000:20000 -j ACCEPT
  

  where 192.168.1.3 is the static IP address allocated to the SIP phone.

• François Marier Connecting a VoIP phone directly to an Asterisk server

  On my Asterisk server, I happen to have two on-board ethernet boards. Since I only used one of these, I decided to move my VoIP phone from the local network switch to being connected directly to the Asterisk server.

  The main advantage is that this phone, running proprietary software of unknown quality, is no longer available on my general home network. Most importantly though, it no longer has access to the Internet, without my having to firewall it manually.

  Here's how I configured everything.

  Private network configuration

  On the server, I started by giving the second network interface a static IP address in /etc/network/interfaces:

  auto eth1
  iface eth1 inet static
      address 192.168.2.2
      netmask 255.255.255.0
  

  On the VoIP phone itself, I set the static IP address to 192.168.2.3 and the DNS server to 192.168.2.2. I then updated the SIP registrar IP address to 192.168.2.2.

  The DNS server actually refers to an unbound daemon running on the Asterisk server. The only configuration change I had to make was to listen on the second interface and allow the VoIP phone in:

  server:
      interface: 127.0.0.1
      interface: 192.168.2.2
      access-control: 0.0.0.0/0 refuse
      access-control: 127.0.0.1/32 allow
      access-control: 192.168.2.3/32 allow
  

  Finally, I opened the right ports on the server's firewall in /etc/network/iptables.up.rules:

  -A INPUT -s 192.168.2.3/32 -p udp --dport 5060 -j ACCEPT
  -A INPUT -s 192.168.2.3/32 -p tcp --dport 5060 -j ACCEPT
  -A INPUT -s 192.168.2.3/32 -p udp --dport 10000:20000 -j ACCEPT
  

  Network time synchronization

  In order for the phone to update its clock automatically using NTP, I installed chrony on the Asterisk server:

  apt install chrony
  

  then I configured it to listen on the private network interface and allow access from the VoIP phone by adding the following to /etc/chrony/chrony.conf:

  bindaddress 192.168.2.2
  allow 192.168.2.3
  

  Finally, I opened the right firewall port by adding a new rule to /etc/network/iptables.up.rules:

  -A INPUT -s 192.168.2.3 -p udp --dport 123 -j ACCEPT
  

  Accessing the admin page

  Now that the VoIP phone is no longer available on the local network, it's not possible to access its admin page. That's a good thing from a security point of view, but it's somewhat inconvenient.

  Therefore I put the following in my ~/.ssh/config to make the admin page available on http://localhost:8081 after I connect to the Asterisk server via ssh:

  Host asterisk
      LocalForward 8081 192.168.2.3:80
  

  Allowing calls between local SIP devices

  Because this local device is not connected to the local network (192.168.1.0/24), it's unable to negotiate a direct media connection to any other local (i.e. one connected to the same Asterisk server) SIP device. What this means is that while calls might get connected successfully, by default, there will not be any audio in a call.

  In order for the two local SIP devices to be able to hear one another, we must enforce that all media be routed via Asterisk instead of going directly from one device to the other. This can be done using the directmedia directive (formerly canreinvite) in sip.conf:

  [1234]
  directmedia=no
  

  where 1234 is the extension of the phone.

• François Marier Mysterious 'everybody is busy/congested at this time' error in Asterisk

  I was trying to figure out why I was getting a BUSY signal from Asterisk while trying to ring a SIP phone even though that phone was not in use.

  My asterisk setup looks like this:

  phone 1 <--SIP--> asterisk 1 <==IAX2==> asterisk 2 <--SIP--> phone 2
  

  While I couldn't call SIP phone #2 from SIP phone #1, the reverse was working fine (ringing #1 from #2). So it's not a network/firewall problem. The two SIP phones can talk to one another through their respective Asterisk servers.

  This is the error message I could see on the second asterisk server:

  $ asterisk -r
  ...
    == Using SIP RTP TOS bits 184
    == Using SIP RTP CoS mark 5
      -- Called SIP/12345
      -- SIP/12345-00000002 redirecting info has changed, passing it to IAX2/iaxuser-6347
      -- SIP/12345-00000002 is busy
    == Everyone is busy/congested at this time (1:1/0/0)
      -- Executing [12345@local:2] Goto("IAX2/iaxuser-6347", "in12345-BUSY,1") in new stack
      -- Goto (local,in12345-BUSY,1)
      -- Executing [in12345-BUSY@local:1] Hangup("IAX2/iaxuser-6347", "17") in new stack
    == Spawn extension (local, in12345-BUSY, 1) exited non-zero on 'IAX2/iaxuser-6347'
      -- Hungup 'IAX2/iaxuser-6347'
  

  where:

  • 12345 is the extension of SIP phone #2 on Asterisk server #2
  • iaxuser is the user account on server #2 that server #1 uses
  • local is the context that for incoming IAX calls on server #1

  This Everyone is busy/congested at this time (1:1/0/0) was surprising since looking at each SIP channel on that server showed nobody as busy:

  asterisk2*CLI> sip show inuse
  * Peer name               In use          Limit           
  12345                     0/0/0           2               
  

  So I enabled the raw SIP debug output and got the following (edited for clarity):

  asterisk2*CLI> sip set debug on
  SIP Debugging enabled
  
    == Using SIP RTP TOS bits 184
    == Using SIP RTP CoS mark 5
  
  INVITE sip:12345@192.168.0.4:2048;line=m2vlbuoc SIP/2.0
  Via: SIP/2.0/UDP 192.168.0.2:5060
  From: "Francois Marier" <sip:67890@192.168.0.2>
  To: <sip:12345@192.168.0.4:2048;line=m2vlbuoc>
  CSeq: 102 INVITE
  User-Agent: Asterisk PBX
  Contact: <sip:67890@192.168.0.2:5060>
  Content-Length: 274
  
      -- Called SIP/12345
  
  <--- SIP read from UDP:192.168.0.4:2048 --->
  SIP/2.0 100 Trying
  Via: SIP/2.0/UDP 192.168.0.2:5060
  From: "Francois Marier" <sip:67890@192.168.0.2>
  To: <sip:12345@192.168.0.4:2048;line=m2vlbuoc>
  CSeq: 102 INVITE
  User-Agent: snom300
  Contact: <sip:12345@192.168.0.4:2048;line=m2vlbuoc>
  Content-Length: 0
  
  <------------->
  --- (9 headers 0 lines) ---
  
  <--- SIP read from UDP:192.168.0.4:2048 --->
  SIP/2.0 480 Do Not Disturb
  Via: SIP/2.0/UDP 192.168.0.2:5060
  From: "Francois Marier" <sip:67890@192.168.0.2>
  To: <sip:12345@192.168.0.4:2048;line=m2vlbuoc>
  CSeq: 102 INVITE
  User-Agent: snom300
  Contact: <sip:12345@192.168.0.4:2048;line=m2vlbuoc>
  Content-Length: 0
  

  where:

  • 12345 is the extension of SIP phone #2 on Asterisk server #2
  • 67890 is the extension of SIP phone #1 on Asterisk server #2
  • 192.168.0.4 is the IP address of SIP phone #2
  • 192.168.0.1 is the IP address of Asterisk server #2

  From there, I can see that SIP phone #2 is returning a status of 408 Do Not Disturb. That's what the problem was: the phone itself was in DnD mode and set to reject all incoming calls.

June 10, 2021

• Digium Why is Switchvox the Best Business Phone System for SMB Customers and Resellers?

  You might be a small business owner looking to upgrade your phone system, or perhaps an IT administrator tired of dealing with the headaches of maintaining an outdated legacy phone system. Or perhaps you’re a Unified Communications vendor looking for a solution that will help set you apart from the competition.

  No matter the case, Switchvox is the best business phone system for small business owners looking to upgrade their communications set-up, and the perfect fit for vendors searching for a new competitive advantage.

  Switchvox offers three key benefits that make it a perfect fit for both users and UC resellers:

  #1: No à la carte business phone system pricing – all features are included for every user

  One of the great benefits of Switchvox for both users and partners is that Switchvox features an all-inclusive pricing model. Traditionally phone systems would require individual feature licenses for major applications like voicemail, faxing, and IVRs, but with Switchvox you get mobile apps, call recording, desktop faxing, call routing, presence, and much more all at one affordable price. This is especially helpful for those who are new to the world of VoIP telephony and Unified Communications for business.

  Sometimes it can be overwhelming trying to figure out all the features your business may or may not need in a phone system. Fortunately, with an all features included pricing model you get the freedom to choose the functionality you want and not have to worry about paying for add ons and additional licensing for features you may need down the road.

  Switchvox’s all features included pricing model not only makes buying a new business phone system less stressful but also simplifies the purchase process. Instead of worrying about how much it’ll cost to add on something like call center functionality, all you have to do is choose which deployment (on-premise or Cloud) best fits your requirements and how many users and phones you’ll need. And this means no more lengthy line item quotes, which makes quoting super easy for resellers.

  #2: Switchvox is both a scalable and flexible Unified Communications platform

  Another benefit of Switchvox is that it offers flexibility to both users and partners. Sangoma recognizes that businesses come in all shapes and sizes, and that you need a phone system that can adapt as your business grows.

  In order to accommodate a variety of businesses, Switchvox can be deployed as an on-premise phone system or as a hosted cloud phone system. This gives both users and partners plenty of options in terms of cost and phone system management. With an on-premise phone system deployment, businesses can pay for Switchvox as a capital expenditure and manage their phone system using their own IT staff.

  Alternatively, if you’re not looking to pay an upfront capital expenditure and don’t feel comfortable managing your phone system, a hosted phone system deployment allows you to simply pay a monthly subscription and the vendor will manage your system in the Cloud.

  If choosing between a cloud or on-premise deployment seems like uncharted territory for you, you’re in luck. Switchvox is not restricted to either an on-premise or cloud deployment. Fortunately, if you decide your company has outgrown a hosted deployment, you can move seamlessly from Switchvox Cloud to an on-premise solution with no set-up and no change to your user experience. Or, if you started out with a Switchvox on-premise system and down the road determined that a cloud system better fits your needs then you can easily switch and the interface and behavior of Switchvox will remain the same.

  Choosing between on-premise and cloud isn’t the only aspect of the flexibility offered by Switchvox and Sangoma. Sangoma offers all of our own UC devices and network connectivity that you will need — including SBCs, SIP trunking, phones, headsets, and gateways. So, if you want to upgrade your phone system and utilize existing infrastructure, you still have options and compatibility. With the help of Sangoma gateways, you can avoid going through a third party vendor and use Switchvox while keeping your existing analog/PRI lines.

  Plus, with Sangoma handling all your UC surround, you don’t have to worry about calling three different technical support teams for any issues or troubleshooting. It’s as simple as calling one number for all your support needs.

  #3: Switchvox offers advanced business phone system features and is easy to use

  Part of what makes Switchvox a great solution for users and resellers is the fact that it offers advanced phone system features and functionality without sacrificing ease of use. Oftentimes people are hesitant to get a new phone system because they don’t want to deal with a cumbersome installation process or the headache of learning how to use a new phone system.

  Fortunately, Switchvox is easy to deploy and can be scaled up or down with our pre-provisioned phones. This means you don’t have to worry about contacting us or your Sangoma reseller for help adding a new user or moving an employee from one office to another. It’s as simple as plugging in your new phone or unplugging your existing phone and moving it to another office. However, if you do have any trouble setting up or using your phone system, we have a dedicated support team to ensure you receive the support and installation services you need.

  Once you’ve got Switchvox set-up, we make it easy to learn your new phone system. Sangoma offers lots of free training available to both our users and partners so that you don’t have to spend weeks trying to learn your new phone system. In addition to our free training and demo center, we offer in-depth online and classroom training courses available to our partners and customers through Sangoma University.

  ---

   
  These are just a few of the many features and benefits that Switchvox offers to both users and resellers. If you’re interested in learning more about Switchvox, phone system deployment options, or partnering with Sangoma be sure to check out these links below:

  • What is a Switchvox Phone System?
  • Hosted vs. On-Premise UC: Which is right for you?
  • Why Partner with Sangoma?

  The post Why is Switchvox the Best Business Phone System for SMB Customers and Resellers? appeared first on Sangoma.

• Enable Security Abusing SIP for Cross-Site Scripting? Most definitely!
  Executive summary (TL;DR) SIP can be used as an attack vector for AppSec vulnerabilities such as cross-site scripting (XSS), potentially leading to unauthenticated remote compromise of critical systems. VoIPmonitor GUI had one such vulnerability which highlights this attack vector exceptionally well. The following writeup explores how persistent backdoor administrative access can be obtained by sending malicious SIP messages. This vulnerability was reported by Enable Security and fixed in VoIPmonitor GUI back in February 2021, using standard cross-site scripting protection mechanisms.

June 08, 2021

• Digium Connecting with Customers and Co-Workers in Today and Tomorrow’s Reality: Part 1

  In 2020, we all utilized new and potentially innovative ways to connect with co-workers and customers. And if we didn’t already use Unified Communication phone systems, we quickly learned that a key tenet of Unified Communication systems was the mobile and desktop clients, enabling your work phone number to be used (calling in, calling out) from these clients. As such, you could take your work remotely. Perfect for 2020.

  And video literally entered the picture and became a primary connection mechanism. The fact that technology and today’s excellent broadband networks enabled video calls to happen enabled many businesses to continue operating and continue operating at a high rate. However, while video (rightly) garnered all the headlines, we should not forget about the other tried and true communication types because they are well “tried and true.” We have to remember that connecting with customers and co-workers is different. What works for co-workers likely does not work with customers. Let’s examine this more in next week’s blog.

  The post Connecting with Customers and Co-Workers in Today and Tomorrow’s Reality: Part 1 appeared first on Sangoma.

June 02, 2021

• Enable Security SIPVicious OSS v0.3.4 released with exit codes and automation features
  We just made SIPVicious OSS v0.3.4 available, so go get it! Or install it via pip: pip install sipvicious --upgrade What’s new? Two main things: Exit codes, just like SIPVicious PRO’s Integration with Github Actions This release makes it much easier to use SIPVicious OSS within your CI/CD pipelines and other automation systems. One should, of course, read the documentation on automation for more information. But here’s an example script to get the idea of what can be done:

June 01, 2021

• Digium Telecom APIs Move to the Next Phase – Packaged Applets

  Telecom APIs in the form of CPaaS (access to telecom functions that reside in the cloud, paid for as you use them) have spurred much innovation and disruption in the communications industry. Developers can easily incorporate these functions to enhance an application (maybe voice enable or text enable an existing application) or create a voice centric communications application from scratch.

  Looking at it from a different perspective, if the application is connected to the internet (via mobile, WiFi, or wired), which means most applications these days, access to these APIs is available. That’s powerful and that’s why this model was disruptive. As such, if you have any idea, it is easy to test and try things this way, it is easy to roll them out, and it is scalable as well.

  And while there are a few stand-alone CPaaS companies out there (such as Twilio), a few UCaaS companies (such as Sangoma) have their own CPaaS platforms as well. Why is that? Well, for one thing, the customer is already accessing the UC application in the cloud and they are comfortable with cloud-based communications. And we can better enable our UC customers with enhancements they might want to do on top of our UC platforms.

  But have we entered another phase in CPaaS, possibly predictable even, where we see more broad industry needs and thus create a catalog of applets / applications that our UC customers can use? Certainly, we see that. So, we have started to create a category of “connected worker” applications, and the incorporation of text messaging for connectivity. And that’s important so we can help our customers service their customers better.

  Sangoma is committed to helping our customers service their customers better, so this model is important to us. Expect to see additional applets and applications like this as we see general needs emerge.

  The post Telecom APIs Move to the Next Phase – Packaged Applets appeared first on Sangoma.

May 27, 2021

• Digium Returning Back To Normal Part 3: Restaurants

  Throughout this series, we have been exploring the impact of COVID-19 on various industries, and how organizations are recovering.

  One sector that was hit particularly hard was the restaurant industry. To date, about 17% of U.S. restaurants have permanently shut down, and many more are struggling to profit due to ongoing restrictions.

  Even more troubling is the fact that most new restaurants that closed were not new establishments. On average, they had been in business for 16 years.

  Restaurants that have managed to hang on throughout the pandemic are now facing uncertain times, as returning back to normal continues to be a slow process. Many organizations would not be able to survive another prolonged shutdown or unstable conditions much longer without taking drastic measures.

  How Restaurants Are Returning Back To Normal With Cloud

  A growing number of restaurants are now using cloud communications solutions to improve operations and lower costs. Here are some of the ways restaurants are benefiting from cloud communications in the post-COVID era.

  Cost-effective Voice

  Budgets have always been tight for restaurants dealing with high rents, exorbitant food costs, and a variety of operational challenges. Today, budgets are tighter than ever leaving less room for excess spending.

  Many businesses are switching to cloud communications systems that use VoIP, to lower costs while maintaining open lines with customers, team members, corporate partners, and vendors. Switching to a cloud-based phone system is an easy way to cut monthly communications costs.

  Improved Communication & Collaboration

  Restaurant owners and managers can’t always be on-site to deal with questions and problems when they arise, like social distancing issues and health restrictions. However, running a restaurant can be very challenging due to the variety of restrictions that businesses are now facing.

  A growing number of businesses are now using mobile communication and collaboration apps to help team members work together and maintain operations. Team members can connect over one app for voice, SMS, and even image and video sharing. This type of system can provide a great framework for solving problems keeping restaurants running smoothly.

  Curbside Service

  One of the most popular cloud technologies to emerge during the pandemic was curbside service. In fact, curbside service kept many businesses running throughout the pandemic, enabling them to process orders and distribute them safely to customers.

  Curbside service comes ready to use, guaranteeing easy deployment and management. Deploying curbside service can enable easy SMS and web interactions, with flexible, automated workflows for employees.

  The post Returning Back To Normal Part 3: Restaurants appeared first on Sangoma.

May 25, 2021

• Digium Voice in a Video World – A Webinar with Omdia

  On June 9th, Omdia will be hosting a webinar titled ”Making Sure Voice Is Heard In a Video World.” If you want to register, please go here. Omdia’s Diane Myers (Chief Analyst, Collaboration) will talk with myself and David Portnowitz of Star2Star, A Sangoma Company about this topic.

  

  So, what are we going to discuss? As we all know, in 2020, we all got real familiar with video calling and collaboration platforms. And that’s great for internal communications and some partner and customer communications.

  But, is that the way forward in the world, especially as related to actual paying customers? Because customers use different methods to connect real-time with your business, the most common is voice calls. We’ll explore why a voice-centric platform that also does video, chat, and SMS is the way forward because of the call control and call routing features in such platforms and because of the tight integration with phones these platforms can provide. In other words, why a Unified Communication platform that has time-tested voice functionality is an excellent choice for today and tomorrow.

  Please register here for the webinar.

  The post Voice in a Video World – A Webinar with Omdia appeared first on Sangoma.

• Enable Security DEMO - An overview of the VoIP and RTC offensive security toolset, SIPVicious PRO
  We pushed out a video that introduces the basics of SIPVicious PRO by demonstrating some of the attack tools and showing the building blocks for automating security testing of VoIP and WebRTC applications and infrastructure. What follows is a transcript of the video. Introduction Hello, I’m Sandro Gauci from Enable Security. In this video, I’d like to show you what we have been working on, SIPVicious PRO! Let’s start by introducing the tools.
• Enable Security An overview of the VoIP and RTC offensive security toolset, SIPVicious PRO
  We pushed out a video that introduces the basics of SIPVicious PRO by demonstrating some of the attack tools and showing the building blocks for automating security testing of VoIP and WebRTC applications and infrastructure. What follows is a transcript of the video. Introduction Hello, I’m Sandro Gauci from Enable Security. In this video, I’d like to show you what we have been working on, SIPVicious PRO! Let’s start by introducing the tools.
• WebRTC Hacks How to Leverage the AWS WebSocket API for Serverless WebRTC signaling

  How to use the AWS API Gateway WebSocket API functionality with Lamdba functions to implement a serverless WebRTC signaling architecture

  The post How to Leverage the AWS WebSocket API for Serverless WebRTC signaling appeared first on webrtcHacks.

May 24, 2021

• FreeSWITCH What to expect from our first Hybrid ClueCon!

  Join us in Chicago or online October 25th-28th, 2021!

  The world of events changed for everybody in 2020. Usually, every August would mark the time for our annual developers’ conference in Chicago, ClueCon, which has been around for 17 years. Because of the COVID-19 pandemic, August 2020 instead brought about an experiment for the ClueCon team – we hosted ClueCon completely virtually, with almost everything that makes the conference what it is: our Coder Games hack-a-thon, networking opportunities, and the informative presentations and workshops that make the conference an educational opportunity for our community.

  ClueCon Deconstructed turned out to be a huge success, and served as a useful experience for launching SignalWire Events and the SignalWire Work platform. Since then we have greatly improved how we host virtual events. We now have an extremely skilled team that works specifically in the world of online events, and with the help of this team and a much more structured process, in February 2021 we held a mini-ClueCon to focus mainly on workshops and presentations.

  As the world slowly and hopefully changes for the better in 2021, we are looking forward to gathering together in Chicago this October at the beautiful Intercontinental Hotel on the Magnificent Mile. However, as everywhere in the world is on a different timeline in combatting the pandemic, for the first time we will be welcoming remote attendees to the party too! Using the improved platform and virtual events process we’ve built since ClueCon 2020, we’ll combine everything we know about hosting ClueCon virtually with the classic format of an in-person conference.

  The ClueCon team has already been fully vaccinated and we welcome anyone who is comfortable traveling during this time to join us on October 25-28, 2021. There will be plenty of masks and hand sanitizer available for all attendees to make sure everybody there feels comfortable and safe. The health of all the team members and attendees is our first priority, and we are only having the in-person conference as we feel it is safe to do so. That being said, we recognize it simply won’t be feasible for everyone to commit to coming to Chicago this year, and it’s difficult to know what the state of the world will look like over the next 5 months. Because of this, we’re doing everything we can to accommodate those who will be joining us virtually from anywhere in the world!

  Attendees joining us online will be able to partake in all parts of the conference – there will be screens all over the venue to allow those attending in-person to interact with those online, and you’ll even be able to join us for networking events like the classic Gigabit Reception. So grab some snacks and your favorite drink! Nothing will be off-limits to remote attendees; join us for each presentation, workshop, our Coder Games hack-a-thon, and all the networking events!

  Additionally, we will have some of our speakers with us in Chicago, and other speakers will be calling in virtually from other parts of the world. We’ll be integrating the virtual conference as best we can with the in-person conference, so you’ll still be able to interact with speakers, other guests, and the ClueCon team no matter how you choose to participate! This is our plan to slowly bring more people together during this uncertain time, and we hope you’ll join us either in Chicago or from the comfort of your own home. We’re confident that the tech we’ve built, along with the events team we’ve curated, will make this experimental hybrid event a success. 

  If you want to explore Chicago and you feel comfortable doing so, we highly recommend joining us at the Intercontinental Hotel! Unfortunately, virtually we won’t be able to provide you with the tasty meals and experience of the city – so if that’s a priority for you, do consider joining us in-person!

  Over the next few months we will have more details available, including a list of speakers and a week-long schedule of the event. In the meantime, you can take advantage of early-bird pricing. Registration is open at cluecon.com/register.

  We can’t wait to see you there!

  The post What to expect from our first Hybrid ClueCon! appeared first on FreeSWITCH.

May 20, 2021

• Enable Security SIPVicious PRO 6.0.0-beta.4 getting close to take-off!
  This one’s a bit of a boring update for SIPVicious PRO. That’s because we’re getting to a stable place where flag names and values do not change too often. Which means, we’re getting out of beta rather soon! However, it is still a major update because we made a significant number of internal changes. For example, we standardized a number of flags to be the same across all tools. We discovered that we can minimize each tool’s flagset by making use of config flags such as --auth-config that allows you to configure behaviours specific to how SIPVicious handles authentication (e.

May 19, 2021

• Digium Sangoma Launches Value-based IP Phones

  Many companies are upgrading their communication equipment to improve productivity and make offices more attractive to workers who are returning to desks.

  Finding the right IP phone, depending on business needs, can be challenging: every additional feature, which you may not require on a phone, brings up the cost significantly, especially on large-scale deployments.

  Today, Sangoma is launching entry-level value phones designed with the specific features you need, with maximum functionality and performance, at a budget price.

  Introducing the P310 & P315 IP Phones

  These phones can be deployed in just about any setting, with a focus on three customer segments in mind.

  • Manufacturing: Manufacturing plants require rugged and durable phones that can withstand harsh environments. Sangoma’s new value-based IP phones are durable and reliable enough to keep job sites connected and communicating throughout the day.
  • Education: Schools today are challenged to offer high-quality communications without going over budget. Sangoma’s new phones are an affordable option for teachers and administrators, offering the full functionality of a desk phone at a budget price.
  • Retail: Retailers require phones that are easy to deploy and use. Sangoma’s phones can be easily deployed with minimal training, making them perfect for retailers of all sizes — from small businesses to large enterprises.

  Sangoma’s P310 & P315 IP Phones Details

  The P310 and P315 desk IP phones come with simple plug-and-play deployment, enabling them to seamlessly work with Sangoma’s unified communications portfolio, including Switchvox, PBXact and FreePBX.

  Both phones offer high-definition call quality, two VoIP lines, and built-in Electronic Hook Switch (EHS) support for wireless headset compatibility. They also come with critical security capabilities, including TLS, SRTP, and VLAN support, while supporting six phone applications, including contacts, call logging, status, call parking, call forward, and hot-desking (for Switchvox >= 7.8).

  Key Differences: P310 vs. P315

  The P310 and P315 are similar models. Both phones come with 2.4-inch 320 x 240-pixel backlit color LCDs, four feature keys and four context-sensitive soft keys, and six-way key navigation.

  The difference between the two is that the P310 supports two switched 10/100 Mbps Ethernet connections, and the P315 supports two switched 10/100/1000 Mbps (Gigabit) connections.

  A phone that supports Gigabit connectivity becomes very enticing in those scenarios where only one network connection is available at the user’s workstation. With the P315, users will connect their network cable connection into one of the Gigabit ports on the phone, then connect another cable from the second Gigabit port to their workstation, effectively delivering full-speed network access to the laptop/desktop computer through the phone.

  “I was very impressed with the P315, and at an amazing price point,” explained Darin Gull from TRACI.net. “Feature-rich, two gigabit Ethernet ports, color display, headset & EHS port, and it integrates beautifully with our Switchvox solutions for $79 purchase price. Great phone for entry-level workers, patient rooms, lobbies, call center desks, etc. Well done, Sangoma!”

  For complete product specifications, visit sangoma.com/value-based-phones/.

  The post Sangoma Launches Value-based IP Phones appeared first on Sangoma.

May 18, 2021

• Digium Integrating Video Into our Future Business Communications

  I’ve been writing a lot about video lately, because I’ve been thinking a lot about video lately. As many people get vaccinated, we’re starting to see some businesses coming back to “working in the office”. I took my first business trip in a long time recently to our site in Huntsville, Alabama and had the pleasure of actually interacting with many of our folks face to face.

  And it got me thinking even more about video. Given video has been the ‘de facto’ way to hold a meeting, even a 1:1 meeting for over a year, how will we integrate video into our business communications going forward?

  I mean, think about meetings two years ago. Likely there were many people in a room and also likely there were 1 or 2 people calling in remotely. And let’s say someone went up to a whiteboard to draw something. If you were a remote person, you were lucky if someone remembered to even try to explain what people were talking about. This wasn’t a problem during the past year because everyone truly was equal – everyone was remote and everyone saw whatever everyone else saw, or if someone was sharing.

  Will everyone now, even those in the actual room, automatically go to video so everyone is still “equal”? It’s hard to know. That did happen with me when I went on that trip, with a group meeting where one other person was in the room, but we’re all still in our video phase now. Still very aware. But it was bizarre being in a room and people were all staring at their laptops.

  I’m guessing the meetings will occur on video, and people will be more aware. But we’ll start to turn cameras off, and we’ll use the video for collaboration purposes. We’ll see. I’ll visit this topic one year from now. Should be interesting!

  The post Integrating Video Into our Future Business Communications appeared first on Sangoma.

• Enable Security TADSummit Asia 2021 talk about SIPVicious Pro and the Demo Server
  TADSummit is a great event where people from different backgrounds that are somehow involved in communications, contribute in various ways. I, personally, always look forward to see what’s coming up in the next TADSummit event. At the moment, TADSummit Asia presentations are currently being released on a daily basis on the main site. And last week, the presentation that I prepared was published! In the previous TADSummit, I had presented about why we need to bring an offensive approach to RTC security.

May 14, 2021

• Jitsi Who won over the classroom?

  As you may know we have worked with the European Commission on a hackathon focused on Jitsi for education. The awards ceremony tool place this past Monday. You may watch it here:

  

  Now that we’ve had some time to reflect, let’s take a look at the winners!

  5th prize: Autoscaling Kubernetes Operator

  When it comes to deploying software to Kubernetes there are many ways to skin a cat. Community members Pierre Ozoux, Hugo Renard and Timothée Gosselin decided to implement a Kubernetes Operator which would allow anyone with an existing Kubernetes cluster to deploy an autoscaling Jitsi Meet with ease. You can check it out in this repository.

  

  4th prize: Jitas, the Jitsi Assistant

  A long time community member Emrah surprised us with a very creative submission. Jitas is at its core a cloud VM you can easily drop into a meeting. In a similar fashion to Jibri, Jitas can join a meeting and facilitate collaboration by injecting basically anything into the meeting, thanks to the screen being shared as video, plus the sound output. It’s basically a multimedia swiss army knife for Jitsi meetings! You can check it out in this repository.

  

  3rd prize: Breakout Rooms

  By far the most requested Jitsi Meet feature. A number of external solutions existed, but we proposed integrating breakout rooms into Jitsi Meet as a challenge because delivering the breakout rooms experience fully integrating it into Jitsi Meet can provide a much better experience. Werner Fleischer took on this challenge, solo. His project also made use of the new participants pane as a central point for coordinating breakout rooms. Not only he surprised us a with a great execution, but he has continued working on it after the hackathon ended, and as of right now it even has mobile support! We are very excited to work with Werner and see this one merged. You can follow the progress in this pull request.

  

  2nd prize: Ordered Raised Hands list

  Another highly requested feature to complement the raised hands feature is the ability to know “who is next”, that is, to keep an order. Isaac Marco, Ruben Teijeiro and Vassilis Kritharakis took on this challenge and executed it brilliantly. The raised hands information is available at a glance in the (new!) participants pane. We look forward to seeing this feature in Jitsi Meet! You can follow the progress in this pull request.

  

  1st prize: Simple Polls

  We’ve had this feature requested many times over. For one reason or another it never achieved the required amount of completeness / maturity to incorporate it into Jitsi Meet. That’s why we were so excited to see the work that the team (Fabien Zucchet, Jade Guiton and Antoine Marras) had done. It ticked all the boxes and we’ll be working close with them to make sure this time it lands in Jitsi Meet! You can follow the progress in this pull request.

  

  Some final words

  There were a total of over 150 participants from around 50 different countries who ended up submitting a total of 21 projects. We were very surprised by the high quality of many of them, and this made the judging process very hard!

  We are incredibly thankful to the European Commission ISA2 initiative for choosing Jitsi and sponsoring this hackathon, it certainly created many solutions to problems Jitsi was facing in the classroom.

   

  The post Who won over the classroom? appeared first on Jitsi.

May 13, 2021

• Digium VoIP Innovations Awarded ISO 27001 Certification Solidifying Commitment to Information Security

  Commitment to our customer’s information security has always been a high priority at VoIP Innovations. As a result, we have always been looking toward security compliance like CPNI, PCI, GDPR, CCPA; now we have a new set of letters to add, ISO-27001.

  The VoIP Innovations team is proud to announce we have been awarded ISO 27001:2013 certification!

  What is ISO 27001?

  ISO/IEC 27001:2013 is a widely recognized standard for information security, run by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The purpose of ISO 27001 is to outline best practices and standards surrounding an Information Security Management System (ISMS) to ensure confidentiality, integrity, and availability (CIA) of customer data. The certification process has strengthened existing security practices that we have been doing and created new methods to protect all the customer data. We are excited to continue to improve and show our commitment to our customers. After a (long) formal audit done by PECB MS, the certificate was issued by an independent certification body.

  We implemented the management system during the last two quarters of 2020 and performed a complete internal audit on our organization. Following our internal audit, we invited an external auditor to start the two-stage auditing process.

  In the third week of Feb 2021, we had a successful external audit that PECB-MS performed. This same company also completed the second part of the audit in mid-April 2021. After the April audit, they informed us that we are fully ISO 27001 certified, with a certificate issued on April 21, 2021.

  What does this mean for you as a customer?

  This certification means that we take the security of your information seriously and have implemented proper security measures to safeguard it. We want our customers to have complete trust in our technology and services.

  The ISO 27001 certificate is proof that we manage all risks related to information security using our robust Information Security Management System( ISMS) and protect our information assets by implementing and following well-defined processes and procedures.

  Our Security Manager at VoIP Innovations, Bhawna Gaba, had a lot to say to me about the certification:

  “Receiving the ISO 27001 certification is a momentous accomplishment for VoIP Innovations. The rigorous audit undertaken for certification substantiates that we have proper technical controls and formalized IT security policies and procedures to protect customer data and that our teams are diligent and well trained in complying with the best practices of the ISO 27001 Standards.

  This demanding process has not only strengthened our infrastructure and benefited our internal systems but also further streamlined our day-to-day processes and procedures. We are now well prepared for emergencies, natural disasters, and any event that could impact our business.”

  The scope of the certification itself includes all the people, processes, and facilities that handle customer information and include things ranging from physical location security, personnel accessing customer information, and disk encryption.

  Our mission to security does not end here. Information security is an ongoing process, and we will keep working hard to maintain and exceed our standards to protect both company and customer data. An external auditor will perform yearly audits to attest to our continuous compliance as we continue developing and growing our business.

  From a Product Management standpoint, knowing that our customer data is protected and understanding the different processes and procedures implemented to ensure confidentiality, integrity, and access to that customer data is very exciting. I am excited for us to continue to improve the things that our customers can see and interact with and make sure that they don’t need to worry about their data.

  Reach out to your CSM to request a copy of the certificate or learn more by chatting with us.

  The post VoIP Innovations Awarded ISO 27001 Certification Solidifying Commitment to Information Security appeared first on Sangoma.

May 11, 2021

• Digium The Quality of Our Calls

  We’ve all been on more than our fair share of video calls the past 14 months. And we’ve probably used all the different video calling platforms (including Sangoma Meet). Sometimes, we get some video quality issues such as the frames freezing or blocking out due to bandwidth reasons, especially when sharing documents. We’ve learned to live with the occasional problem. To me, this shows just how far IP communications have come in such a short period. What a long way from the early VoIP days in 1998. Even back then, we had visions of video and voice on the same call.

  I’m sure we’ve all been on a call with over 50 video users with unbelievable video and voice and file sharing quality! Even just a couple of years ago, we couldn’t have proceeded like we’ve proceeded the past 14 months.

  But the other day on a call was the first time I’ve experienced voice quality issues on such a call. These days, due to HD codecs and adaptive codecs, voice has stayed sounding consistently good. Really, voice sounds better than PSTN calls on all these video calls (if anyone even remembers what a PSTN call over G.711 sounded like anymore).

  On this call, I was talking from my house to someone at one of our offices. I have 1 Gig at my home, and I’m usually pretty good with quality. And obviously, we have good internet going into an office. It turned out the office was experiencing some wifi issue in the building, so it had nothing to do with the video calling platform I was using (Sangoma Meet). And I have to say; even when the video went black, the voice kept going. It got wonky and such, but it kept on going. That’s because voice requires much less bandwidth. Voice will continue to be essential.

  The post The Quality of Our Calls appeared first on Sangoma.

May 06, 2021

• Digium Returning Back To Normal: Part Two – How The Cloud Is Enabling Retail

  In part one of this series, we covered how organizations are now looking ahead to the next phase of the pandemic. Many changes are taking place, with more companies starting to roll out permanent hybrid and remote work models.

  One industry that’s going through significant post-COVID transformation is retail, a sector that was hit very hard by the pandemic.

  Retailers that are still standing after last year are now looking for new ways to improve resiliency, maximize profits, streamline operations, and reduce risk. In doing so, many are turning to cloud technologies to bolster themselves.

  Let’s take a closer look at the role that the cloud is playing in this new era of retail.

  Enabling Communication & Collaboration

  Communication is critical for success in the post-COVID era. This is especially important for large retailers with hundreds or thousands of branches that are spread across different regions.

  There needs to be a clear and open line of communication between corporate administrators and store managers to keep operations running smoothly and maintain compliance.

  As such, many retailers are using cloud-based unified communications as a service (UCaaS) platforms to provide real-time updates, answer questions, and keep a closer eye on what stores are doing on a daily basis.

  This is also proving to be useful for on-site employees, especially those who are working short-staffed or in hybrid environments.

  Managing Supply Chains

  The early days of the pandemic presented many logistical issues, resulting in widespread supply chain inefficiency and product shortages.

  Now, retailers are streamlining their supply chains with cloud-based technologies that make it faster and easier to exchange data, provide updates, and strategize.

  Lower Costs

  The pandemic is forcing retailers to rethink their technology spend and look for ways to reduce backend costs.

  Cloud communications technologies can help companies operate leaner and more efficiently. Switching to the cloud can lower monthly voice costs, while also making it easier to scale up or down depending on need.

  Improve Customer Service

  Retailers are also getting creative about how they connect with customers.

  For example, a growing number of companies are using cloud-based curbside service apps to communicate with customers, process orders, and answer questions. A curbside service app can serve as a one-stop-shop for customer communication and order management.

  The post Returning Back To Normal: Part Two – How The Cloud Is Enabling Retail appeared first on Sangoma.

May 04, 2021

• Digium The Bill Wignall TalkingHeadz Podcast

  In late March, once the Star2Star deal closed, Sangoma’s CEO, Bill Wignall, did a podcast with Dave Michels and Evan Kirstel. According to Dave, “You may not be that familiar with Bill or Sangoma, but both are industry giants that have outperformed their peers and the broader industry. Bill has guided Sangoma through tremendous growth and transformation, largely through acquisitions”. You can listen to the TalkingHeadz Podcast here. It’s a pretty all-encompassing discussion about Sangoma, but in particular, you can hear Bill riff on:

  • Telecom divestiture
  • Bill’s life on social media
  • M&A in general and M&A for Sangoma
  • Why he felt this deal with Star2Star was truly transformational for Sangoma
  • How are we going to go about integration
  • Why Sangoma has been “under the radar,” even though now we are by all accounts a top 10 player in UCaaS. With well over 2M UC seats, including our prem solutions.
  • What Sangoma provides that is different than our competition. Note: It’s about overall value, providing an end-to-end solution, having both Prem and Cloud, and caring immensely about our channel. And we also offer an entire Communication as a Service Portfolio (UCaaS, TaaS, FaaS, CPaaS, VMaaS, Desktop as a Service, CCaaS, ACaaS).
  • Bill also talks about our vision of seeing the PBX / UC platform as basically the hub of business real-time communications, not just limited to voice or video. And why we’re getting into the Access Control market and other IoT innovations going forward.

  It’s a good listen if you want to understand more about Bill and Sangoma.

  The post The Bill Wignall TalkingHeadz Podcast appeared first on Sangoma.

April 29, 2021

• FreeSWITCH Google wins API copyright victory: What does this mean for developers?

  APIs are a hot topic in the U.S. right now, where Oracle took Google to court over fair use of code. This all actually started ten years ago, when Oracle argued that Google had infringed on copyright by copying the structure and sequence of 37 Java APIs into Android operating systems. This year, the U.S. Supreme Court issued a formal ruling in favor of Google: these APIs are protected under fair use doctrine.

  For reference, U.S. copyright law is meant to protect original works of authorship that are creative in nature – such as literary, musical, and artistic works, and sometimes, code – from unauthorized copying. But as the court noted, any original piece of literature or art is going to necessarily use things that have been used before. So where is that copyright line drawn? Meanwhile, fair use provisions allow certain copyrighted materials to be used in certain circumstances without permission.

  Back in 2012, a court in California ruled that APIs are not subject to copyright, but just a couple of years later, Oracle appealed this ruling and won, leading to Java APIs becoming copyrightable. In 2016, a jury decided Google’s use of Java APIs was fair use, but Oracle appealed again, and by 2018 the Federal Circuit reversed this jury’s decision. This newest ruling at the highest level of the U.S. court system reverses the Federal Circuit’s opinion, determining that use of these Java APIs is legal under fair use provisions of copyright law. 

  Oracle’s software code in question was 11,000 lines – less than 1% of the total Java SE program – that Google used to build Android operating systems. In this case, the court said Google “included only those lines of code that were needed to allow programmers to put their accrued talents to work in a new and transformative program.” This is a key ruling in clarifying how the law applies to APIs specifically. It’s not impossible for code to be protected under copyright any longer – the decision concluded that indeed, the code could be copyrightable, but was inextricably linked with uncopyrightable features, like the use of specific programming commands.

  Google argued that this type of code is often used by developers freely, and that even if the code is copyrightable, that it should be covered by fair use provisions. When something serves a functional purpose, does it really make sense to let copyright prevent others from using it in the same functional method? Oracle and the dissent argued that the code was copyrightable and that the company should have been compensated for Google’s use of it. Even if certain standard bits of code would be exempt from this law, this Java code is anything but standard, and Google’s use of it was anything but fair. While the likes of Apple and Microsoft created their own rival products without Oracle’s “declaring code,” Google simply copied the API.

  So which was the side of innovation? Well, both sides claimed to be. Google argued that stringent copyright laws would make things impossible for developers who would otherwise build new programs using shared code, slowing the creation of new products, and minimizing the utility of products they already own. Oracle argued a Google victory would discourage programmers from investing in software development because the resulting code could be used by anybody else without compensation.  Additionally, since Google is a tech giant, Oracle argued the company could have afforded to pay in order to use the Java APIs and simply refused. Ironically, back in the 90’s, Oracle had stated that APIs shouldn’t be covered by copyright at all, and then accused Google of stealing chunks of Java code developed by Sun Microsystems, a company later acquired by Oracle. 

  The court emphasized the public benefits of creativity and competition that come from using code that’s already been produced. Many computer programs, particularly in the world of open source, are developed by recreating the functionality of APIs to allow for interoperability between different platforms. Legal experts had concerns about the implications of an Oracle victory, like the possibility of many developers and startups buckling under the threat of legal sanctions, as copyright holders would be able to use that copyright to prevent interoperability. Bad actors could have potentially picked up the rights to old software and filed claims against companies who built their software on what were assumed to be open standards. This ruling, however, sets precedent that APIs can be used freely to enable programs to work together. 

  The win was cited as a win for open source and free software. The ruling on fair use sided with the long-standing position of the free software movement that overall, APIs should be subject to fair use under copyright restrictions. In the end, pretty much everyone who wasn’t Oracle agreed with the ruling in favor of Google, even the guy who developed Java in the first place, James Gosling, who described the ruling as sanity prevailing. In a tweet, Gosling wrote, “It’s astonishing that this case even got started, much less that it ground on for more than a decade.” In any case, the court’s decision gives legal clarity to the next generation of developers.

  So now Google is free to use Java APIs. The news is good for all developers: you won’t be hit with a copyright lawsuit by a company over using code in this way. Under fair use, you just can’t stop people from using APIs to build new programs. Current trends in software development which focus on improving interoperability will be allowed to continue.  

  If you’re interested in reading about what exactly the courts had to say about copyright and APIs, you can check out the public pdf released by the Supreme Court on the case.  

  The post Google wins API copyright victory: What does this mean for developers? appeared first on FreeSWITCH.

• Digium DPMA SSL Certification Reminder

  The Digium Phone Module for Asterisk or DPMA for short is an Asterisk software module that provides a secure communications channel between D-Series phones and Asterisk. This secure channel is used to ensure an easy installation process and offers direct integration with many Asterisk capabilities, including presence, voicemail, call parking, and call recording. The DPMA is utilized in stand-alone Asterisk systems, in FreePBX systems, and Switchvox systems.

  The D-Series telephones possess an embedded root certificate used to encrypt communications between the D-phone and the DPMA. This certificate was created during the initial development of the D-Series phones in 2011 and had a ten-year lifetime.

  As a result, the certificate will expire and become invalid on Friday, May 28, 2021, at 4:45 pm Eastern Daylight Time.
  The effect of this certificate expiring is that after May 28, any D-phones already in use will experience application loading errors, which affects voicemail, status, parking, and queues. Any new D-phones that are started anew or rebooted will be unable to connect to and provision. The D-phone will attempt to “contact proxy,” and it will never succeed.

  However, we do know how to fix it.
  Sangoma has produced new versions of DPMA, Proxy, D-Series telephone firmware, and Switchvox mobile softphone that remediate the problem. Administrators (except Switchvox Cloud and PBXact UCC) MUST take action before the expiration date. For Switchvox users on 7.x, the new firmware is included in Switchvox version 7.6.2. For Switchvox users on 6.x or 5.x, the latest releases are 6.8 and 5.12, respectively.

  Steps to take…
  Sangoma has developed quick to implement and future-proof solutions. Please visit the resource page for complete information on how to resolve the issue.

  Since the certification expires on May 28, 2021, this is a time-sensitive issue that requires immediate action to be taken. Please visit the resource page for complete information on how to resolve this issue.

  The post DPMA SSL Certification Reminder appeared first on Sangoma.

April 27, 2021

• Digium You’re “Always” Starting a Call with Video, Really?

  Two weeks ago, I wrote a blog about video calling and starting calls with video. I got a few questions and comments about that, some saying “The future is all video all the time!” while some agreed with my point of view of “That’s not going to happen all the time”. So, let me write a little more about this.

  First, in that blog, I did talk about differentiation of use case. In the case of a calendared meeting, where a link can go into your calendar, many meetings we’ve all been on in the last 12 months start this way. You click on the link; you go to the video meeting. You have a nice shirt on but maybe shorts or PJs, not that I’ve done that. But these are internal meetings, or meetings with partners and even key customers, and many people forget this is NOT the entirety of communications in a business. These are simply meetings where 3 years ago, we’d calendar a “conference call”. They are important parts of your communication plan but not the only way to communicate.

  People also said, “Hey I use video when I talk through my collaboration client”. Presumably these are to other employees, or to key partners. I remember “in the old days” I’d use Skype to talk to some of my partners in Europe. But you start with presence / instant message and then you move to a call. Many times the call is still voice, and sometimes it’s also video. I guess it depends on the person. But in any of these use case scenarios, you are not leading with video!

  What I’m really talking about though is interaction with your customers or prospects. These are people that are going to call your business to schedule an appointment, get a service person to your house, etc. Sure, because of the internet and having web pages, over the last 25 years, there has been less voice interaction / calls with this group. But with this group, a real call control / call routing engine like exists in UC platforms is really required. There are incoming calls that need routing, there are external calls (or texts) that need scheduling. These cannot be done via scheduling a meeting on a calendar. You need a real IVR, you need contact center features, you need voice mail, you need find me / follow me. You get the picture.

  To run a business and interact with external customers, a video first platform just won’t cut it.

  A Unified Communication system that knows how to handle phone numbers, and texting, and all kinds of call control as is found in a “PBX” is required.

  The post You’re “Always” Starting a Call with Video, Really? appeared first on Sangoma.

April 22, 2021

• Digium What is WebRTC and What is it Good For?

  WebRTC is…everywhere. WebRTC (Web Real-Time Communication) is a technology that allows Web browsers to stream audio or video media, as well as to exchange useful data between browsers, mobile platforms, and IoT devices without requiring an intermediary such as a server.

  

  The Past

  The need to connect virtually and to have video conferences and communications via the web has been around for a while. In the past, you had to rely on plug-ins or an installable application on your PC – not just your web browser. This was very inconvenient as users were required to install additional, incompatible apps, and developers had to study complex stacks and protocols to make the magic happen.

  Photo: Swedish Prime Minister Tage Erlander uses an Ericsson video to speak with Lennart Hyland, a popular TV show host (1969). Image via Wikipedia.

  WebRTC Was Born

  Many of WebRTC technology’s underpinnings were first developed by Global IP Solutions (or GIPS), a company founded around 1999 in Sweden. In 2011, GIPS was acquired by Google, and the W3C started to work on a standard for WebRTC (real-time communication). WebTRC specifies a series of APIs for real-time communications (RTC) targeted at browsers. Since 2011, Google and other major players in the web-browser market, such as Mozilla and Opera, have been actively supporting WebRTC.

  Today companies trust WebRTC to offer them the leverage they need to deliver the user experience they strive for.

  Examples of WebTRC

  WebRTC is a set of plugin-free APIs that can be used in both desktop and mobile browsers. WebRTC does not need any native apps for audio and video communication as it allows peer-to-peer communication on the web pages. Some of the top companies like Amazon and Facebook are all leveraging this, but Google Meet (or more accurately, Hangouts) is probably one of the main reasons we have WebRTC today.

  Google had their own video conferencing service, working from Gmail, but it needed a plugin. Real-time video just wasn’t there in the browser, which is where and why WebRTC started.

  There are so many interesting use cases for WebRTC, but here are a few popular ones  you may not have considered:

  • Simple collaboration: How many times have you been invited to a meeting, and as soon as you clicked on the link, it asked you to sign up or download an app before you could join the call? It can be frustrating to open an account or download a platform to engage in a business meeting. WebRTC removes this barrier, providing a seamless, non-invasive way to connect and collaborate. Using WebRTC when communicating with colleagues, clients, and business partners is easier, simpler, and more convenient.
  • Contextual applications: You can use a third party API like OAuth to pull data from services like Facebook, LinkedIn, and Google. This API type makes it possible for customers to leverage their own social graph data to augment their experience within your websites and applications. You can then couple this data with WebRTC-powered features to enable rich contextual communications. This could enable easy sharing of the person’s Twitter handle, email address, or other public profile information, along with links to their most recent tweets or Facebook posts.
  • File sharing: Suppose you want to send a massive file to a colleague while working on a project. Instead of emailing the file or uploading it to a third-party cloud storage system (and waiting several minutes for the transfer to complete), you could send it directly through your web browser using WebRTC’s data channel, with very low-latency and the benefit of full encryption between the two endpoints.
  • Embedded endpoints: ATMs. Vending machines. Bus stops. Retail store kiosks. All of these endpoints can be embedded with WebRTC engines. It’s an easy way to connect customers with live agents while they are on-the-go.
  • Sales enablement: Websites and applications are key tools for sales enablement. Customers rarely make important purchases on impulse. Decisions are often made after speaking with a sales associate. Providing a website or application with a WebRTC audio or video contact channel is a great way to provide ongoing assistance throughout the purchasing process.
  • Emergency response: In some cases, WebRTC is being used to increase public safety. SaferMobility streamlines real-time interactions with authorities by enabling video, audio, and text communications while utilizing location-based awareness. This use of the WebRTC data channel allows responding personnel to have deeper insight and better information by circumventing previously existing communication barriers when responding to emergency calls.
  • Patient management: Many health clinics are now using WebRTC based solutions to reduce in-office patient visits. This can be helpful during a pandemic like what we are living right now when doctors can perform check-ups over Web browsers. This allows them to allocate more time to higher priority patients while staying safe. WebRTC is also a great way for clinic staff to communicate with patients in-between visits as all the patient needs is a web browser and a URL.
  • Enhanced audience participation: Tap to Speak recently developed a solution that turns smartphones into microphones during live events. The application was designed to improve communication between audience members and presenters, as it eliminates having to pass a traditional microphone around a room.

  In summary, pretty much any application that wants to share data or video between peers can use WebRTC. The reason for this massive adoption is that browser to browser communication is significantly cheaper than going through a server (up to 90% cheaper from Video Banking and the Economics of the Retail Business). Furthermore, users will no longer need to rely on dedicated hardware sets and applications to join a meeting and have a video conference call; browsers are always accessible to everyone!

  Sangoma Meet a Great Example of Adopting WebTRC

  Sangoma Meet was launched in early 2020 in response to the COVID-19 crisis to help everyone stay connected and get through this period. With WebTRC technology behind it, Sangoma Meet allows users to start a video call without downloading a plugin or installing an application. Unlike Zoom or GoToMeeting, where you have to install a plugin or an application, Sangoma Meet is simply using your browser to establish a connection with another peer.

  The ease of use and compatibility with common browsers like Chrome, Firefox, Opera makes it a great choice for different industries to adopt in different use cases, as mentioned earlier. Features like multiple participants video conferencing, 1:1 video calls, phone dial-in, screen sharing, recording the meeting (available on V3.0 and above), waiting room (coming soon), local chat, and moderation tools are all running on the web, and users can join the meetings from their mobile devices, laptop or simply from any device which supports web browsers.

  Have you tried Sangoma Meet yet? Check out this page and enjoy having a hassle-free call with your friends, family, and colleagues.

  The post What is WebRTC and What is it Good For? appeared first on Sangoma.

April 20, 2021

• Digium The Role of UC in Limiting Exposure for Essential Workers

  We all owe a great deal of debt to the frontline/essential workers who are not able to work from home for the past 13 months, as a way of limiting their Covid exposure. Technology, and Unified Communications, has played a role in the past 13 months in the able to work from home crowd, due to the mobility (desktop and smartphone) aspects of UC. But it has also helped in unexpected, if only sometimes small, ways in limiting the exposure of essential workers, even as this group went to work.

  Like many of you, I’ve experienced various new procedures for things I took for granted my whole life. For instance, when going to the dentist I now get a text messaging telling me to come in. The dentist has a small waiting room and doesn’t want patients and their employees getting bottled up together. There are now pretty sophisticated curbside pickup apps that I, and most likely you, have used. I’ve also shown video to contractors who needed to work on my house – they looked at things on the video so they didn’t have to come in contact with me and are able to give me quotes like that. I even did a service call over video (successfully!) when in my city the pandemic was at its worst. I’ve also gotten a text message about an ‘event’ cancellation, even if the ‘event’ was an outside dinner at a restaurant and they sent a mass notification to those who had reservations.

  But more importantly, I’ve also seen some of the workers in my neighborhood at other houses come armed with mobile apps, where they didn’t have them before. Seems there is more info for them on the app, from when the appointment was set up, which ultimately limited their interaction with the homeowner. Safer for both parties.

  These are all small examples. But every interaction to limit exposure is important. But will these kinds of procedures continue in the future? If it helps with reducing costs or becoming more efficient, I would say yes. For example, curbside pickup is great. Sometimes restaurants get crowded so sifting through all the people to go pick up your order takes time from both parties. I’d say yes. Also, anything to reduce a service call – so use of video – yes, I’d say that will continue if possible. It certainly saves time and money for the business. And the example of the service person having more complete info on the service app – for sure that will continue. It’s faster, and maybe even more accurate as well.

  Sangoma offers a variety of UC systems to help you work remotely. And with our recent acquisition of Star2Star we pick up some connected worker applications such as Curbside Pickup and Mass Notification.

  The post The Role of UC in Limiting Exposure for Essential Workers appeared first on Sangoma.

April 16, 2021

• Enable Security OpenSIPIt'01: Lessons learned, STIR/SHAKEN security testing and RFC 8760
  Executive summary (TL;DR) It was a great event, highly recommended if you’re a SIP developer. We developed new STIR/SHAKEN capabilities in SIPVicious PRO. And we found some vulnerabilities during the event that got fixed in the process. What was OpenSIPIt#01 about? This week the humble security researchers from Enable Security participated in OpenSIPIt#01, an online event run by the community to test interoperability across various independent open-source SIP implementations especially when it comes to new RFCs.

April 15, 2021

• Digium Returning Back To Normal: Part One

  It’s impossible to say for certain that the pandemic is winding down. At this point, health experts are still trying to reign in COVID-19 and distribute vaccines to the public. The return “back to normal” is in sight, but we’re still in the thick of it. And in this period of transition, there is considerable debate over what “normal” will look like.

  Most businesses are looking forward and forming strategies to safely resume some in-person operations. This two-part series will explore some of the structural changes that are taking place across various industries, as companies pivot to the “next” normal of the pandemic.

  Back To Normal With A Twist: Shifting To Hybrid Work

  Despite the rocky transition to remote work at the onset of the pandemic, feelings about the trend appear to be mostly positive across the board. In a recent benchmark survey from PwC, 83% of employers said the shift to remote work has been successful for their company, up from 73% in June 2020.

  Most companies have established at least base level remote connectivity and security, and are now in the process of upgrading their services and laying the groundwork for permanent remote work.

  That said, the future of remote work will most likely be much different. A gradual shift to hybrid work is already starting to take place, which is expected to accelerate in the coming months as more people get vaccinated. Eventually, hybrid work will be the new normal.

  Consider the fact that in PwC’s survey, only 13 percent of executives claimed they are ready to permanently ditch their offices. And 75 percent of executives believe at least half of their office employees will return to the office by June 2021.

  It’s clear that executives will need to tread lightly when asking employees to resume on-site operations though, or pushback will occur. PwC found that employees want to return back to normal more slowly than employers in regards to in-office operations, with 61% of employees expecting to spend half their time on-site by July. Hybrid work acceleration will largely depend on how the next few months pan out.

  Retrofitting Offices for Hybrid Work

  PwC also found that U.S. executives are planning many new investments to support hybrid work. Some of the top investments include tools for virtual collaboration (72%), IT infrastructure to secure virtual connectivity (70%) and training for managers to manage a more virtual workspace (64%). Additional investments include fitting conference rooms with enhanced virtual connectivity, and hoteling applications, among others.

  Many companies have been forced to retrofit their office environments to enable social distancing. The majority of companies will also be using scheduling systems to limit on-site workers and reduce the spread of germs.

  Further, social distancing requirements are increasing demand for mobile solutions that enable workers to move around throughout the day, instead of being tethered to their desks. Some companies are also implementing hardware with antimicrobial components to limit the spread of COVID-19 on shared surfaces.

  Surging Cloud Adoption

  The cloud is more important than ever, as companies prepare for the “work from anywhere” trend that has become a standard business requirement in getting back to normal.

  Two trends to watch include multi-cloud adoption, which increased by 70% year over year during COVID-19, and cloud native growth. Many organizations are embracing modern cloud architectures built with microservices, which make it easier and cost-effective to build and manage applications.

  In addition, there is skyrocketing demand for UCaaS, which keeps teams connected and secure regardless of their location. By implementing UCaaS, companies can achieve reliable communication at all times for both on-site and remote workers.

  Stay tuned for the next blog in this series, which will focus on cloud computing and the return of retail in the transition of returning back to normal.

  The post Returning Back To Normal: Part One appeared first on Sangoma.

April 13, 2021

• Digium Why Video Can’t Be Your Sole “Go-to” Communications Platform

  I’m sure we can all agree that the year 2020 changed all of us in different ways, and for many of us it changed the way we communicate. It’s not uncommon for me to have multiple video meetings every    single    day. We get those video meeting invites in our calendar and we just go to them. We start in video and end in video. While I used to be on many audio conference calls, those are becoming less frequent and a thing of the past. I am on our video meeting platform, Sangoma Meet, all the time. It’s now like my best friend. I know its personality.

  And since it’s so integral to communications these days, that is why we are incorporating our video meeting platform, Sangoma Meet, into our mobile and desktop client, Sangoma Connect. Sangoma Connect will incorporate a talk aspect, a collaborate aspect, and a video meeting aspect. You’ll be able to move seamlessly between all three and launch a video call from our collaborate app for instance. It’s critical that we offer our customers the ability to communicate via voice, chat, or video. And to have our customers choose which one they want to “start” with.

  To me, this is just an evolution of the PBX. While the PBX notion is very voice centric, as Unified Communication features started to get incorporated, such as mobility, and the ability for the office phone number to ring on your smartphone or desktop, the notion of a “PBX” became antiquated. Unified Communication systems are what this industry has evolved to. And if the UC vendors want to survive, the UC systems will continue to need to evolve. And that means integrating video and chat as if it is native voice. And that is what we are doing. You want voice. Check. You want chat. Check. You want video. Check.

  But what about this concept of “video first” that I described in the first paragraph? I think in some use cases, like I was describing above with internal employee team calls, or calls with your channel, sure video meetings are good, and you will start and end with that.

  But for many small businesses, their customers are people – someone wanting to make an appointment or order something or whatever. Calling is efficient, so they call, or maybe use a self-service portal and maybe text. And that’s why a company with a sole focus on video meetings or video calling won’t be able to service a small and medium business. A Unified Communication system, that knows how to handle phone numbers, and texting, and all kinds of call control as is found in a “PBX” is required.

  A Unified Communication platform, able to do true multi-modal communications, such as Switchvox, PBXact, or Star2Star Business Voice will be required.

  The post Why Video Can’t Be Your Sole “Go-to” Communications Platform appeared first on Sangoma.

April 09, 2021

• Digium 6 Tips For A Smooth Collaboration Migration

  Communication and collaboration platforms skyrocketed in use following the outbreak of Covid-19, among organizations across all verticals.

  For example, by March 2020, Microsoft Teams an integration option that Star2Star, A Sangoma Company offers shot up to 44 million users. By April 2020, Teams reached 75 million users. And by October, it climbed to 115 million — and remains one of the leading enterprise platforms for connecting users across remote locations. Organizations are also relying heavily on programs like Zoom, Slack and Webex to keep team members in touch and productive.

  At this point, your organization may be considering migrating to one of these platforms. Yet, there are some important considerations to keep in mind to ensure optimal results.

  1. Round Up Your Admins & Users

  Chances are your enterprise has a fragmented messaging framework in place, with teams utilizing a variety of platforms to communicate. This is a good time to do a gut check and determine what your organization is currently using, and where and if any of these solutions can be extended. For example, sales may be using Zoom for video, while customer support uses Microsoft Teams for chat collaboration, and you may have yet another solution for your voice communications. You may be able to leverage a full suite of communications and collaboration from these vendors versus single solutions once you understand the use cases. A proposed tool may or may not be the most cost-effective solution so it’s essential to understand how your business needs to communicate and collaborate.

  Bring your users and IT administrators together and form a deployment committee to determine where various platforms could make sense in the enterprise. You may find that some platforms perform better in certain environments and user groups than others.

  For example, some teams may be able to get by using a bare-bones platform with limited tools. Other teams may require advanced collaboration hubs for sharing files and notes and collaborating with each other.

  During this meeting, you should also outline potential friction points and technical considerations to ensure a smooth migration.

  2. Set Policies

  You may wind up with a situation where multiple teams can create and manage deployments. Set clear governance policies to avoid running into operational and security issues down the road.

  For example, Microsoft provides various governance tools for Teams, enabling you to control things like how Teams are named and classified, who can create Teams, and whether guests are allowed. Competitive solutions may offer greater or lesser capabilities, so it’s important to decide what kind of oversight you will need prior to evaluating tools.

  3. Optimize & Secure Your Cloud

  Next, you’ll want to analyze and optimize your overall cloud environment. Talk to your admins about where emails and files live — and consider correlating specific platforms with appropriate cloud systems. Make sure your new platform has the right supporting cloud environment. If you still have applications you are hosting in your own data center or in a third-party data center that require your employees to VPN to access, there may be a better way to enable their productivity.

  If this is the case you should consider using a desktop as a service (DaaS) solution to securely deliver your app to any location. This way, end-users can log into a secure portal and access apps and data instead of having them live on their machines or by leveraging complicated secure VPNs to access.

  4. Upgrade Your Voice Quality, Workflow Integrations & More

  Look for opportunities to enhance the platform for better results. For example, Microsoft makes it very easy to integrate additional services into Teams and there are hundreds of apps to explore. One thing to consider is that the platform doesn’t offer great native voice functionality, and users often complain about poor quality on calls. We’ve found that you can easily augment Teams by using third-party enterprise business voice services in conjunction with Microsoft’s infrastructure. In doing so, you can ensure crystal clear calls and achieve much greater flexibility.

  It’s also important to understand if you need any IoT integrations to manage your business. This could be anything from integration with overhead paging systems, to door strike/telephony integrations, or integration to older analog devices. While these may not come natively in a potential solution, if you need to support these, they can be managed by choosing a telephony partner that works with the solution you end up choosing.

  Connected worker apps may include urgent notifications, mass notifications, employee alerts, curbside service, and CRM integrations, and are designed to provide better control over your unique workflows via your communications. These applications are not necessarily natively supported in your solution of choice. However, by leveraging solutions from companies that work to integrate tools, you can further extend productivity and responsiveness for your business.

  5. Test Your Platform Before Deploying

  Before deploying a platform across the enterprise, it’s a good idea to test it in a small and controlled setting.

  Approach various user groups, and identify users that may benefit from the new platform. Have your IT department deploy it, and test the platform for quality and reliability.

  If the platform is a success and the users enjoy the experience, consider integrating the platform into that unit and move onto another one. This accomplishes a few things. First, it lets your IT team educate users and explain the reason for the migration and the benefits that the platform offers. It also gives administrators the ability to identify possible areas of friction and make changes to avoid potential disruptions.

  6. Deploy

  Once you’ve completed all of the above steps, the only thing left to do is deploy across your entire organization. Your employees will be more comfortable and productive when you take the time to migrate to a new collaboration solution according to these guidelines. And for the long term, you will have set up your business for ongoing success as remote work and team collaboration become even more critical to daily operations.

  Article originally featured on Forbes.com.

  The post 6 Tips For A Smooth Collaboration Migration appeared first on Sangoma.

April 08, 2021

• FreeSWITCH The Struggles of Real-Time Translation

  Communication technologies have come a long way over the last couple of decades. Some of the craziest innovations involve what AI is now capable of, like real-time translation.

  Imagine being able to speak to anybody on Earth despite language barriers, in real time. In a globally connected world, computational linguistics will have to build better tech that can actually serve a wider variety of people in this sort of way. Translation is going to play a huge role, since over half of internet content is supposedly in English, but only 20% of the world’s population have any English skills. And while there are some new products that are doing real-time translation, usually it’s for between 20-40 languages, which is such a small fraction of the more than 7,000 languages being spoken all over the world today. 

  Artificial intelligence and machine learning have been and will continue to be taking over all kinds of industries and processes. But the area of language and linguistics has always been a tricky one – human language is crazy complicated, even for computers. Meaning is constantly evolving, context shifting, and it can take a lot even for a computer to identify language patterns and logic. As Stanford University Professor John McCarthy put it, “natural language does not have a full set of rules of inference.” Data, data, and more data is how AI functions. But how can machines be built that fully understand all human language, when there are no strict rules in place, and what few rules there are vary across languages and even dialects? 

  Progress is happening fast. Just several years ago, AI struggled to understand the context of a full sentence, prohibiting language fluency. Early systems broke up sentences into chunks to interpret individual words, disconnecting meaning from them entirely. But the day of completely reliable real-time translation could still be further off than you might think.

  There are all kinds of bumps in the road that could mess up a computer’s ability to understand human language. Think different dialects of the same language – what if the technology fails to understand a thick regional accent? What happens when a single language has hundreds of dialects? If only some of those dialects are used to train the software, it can still be hard to use for people who speak the same language, just not in the same exact way. 

  Automatic speech recognition is a huge product of computational linguistics, and we all know it’s far from perfect at this point. Sometimes Alexa or Siri simply doesn’t understand you or can’t give you the answers you want. And it really depends on the specific technology for why this could be – biases in the data used to train the technology, the software’s interpretation of that data, or simply the difficulties around a computer not being as adaptable as a human on the fly. 

  Have you ever tried to change your flight, or contact your pharmacy, and you just can’t get a hold of a human person no matter how hard you try? And the IVR just won’t understand what you have to say no matter how many times you say it. Or you use a speech-to-text tool and it catches a string of funny words that are completely wrong. These are pretty inconsequential examples, but where AI is being used in more serious circumstances, some of these mistakes can be important and difficult to notice. AI is notorious for being bad at negation – and considering “did” and “didn’t” are opposites, it has to be able to identify the right one to get the meaning correct. Even if it’s hard for a human ear to pick up this difference, we make up for it with inferences on the context, tone, or other information. The human brain doesn’t really need the clearest set of data possible in order to understand something, and we still miscommunicate with each other all the time.

  When it comes to real-time translation, things can get even weirder. With phrases like idioms, often one-to-one translations are just not accurate. In English, if you’re talking about “getting cold feet” in reference to being nervous about something, how would an AI go about translating that to another language? The tech has to actually pick up the context of idioms and maybe even translate into equivalent idioms, if they even exist. The examples of weird idioms are endless, and so many of them make no sense based on words alone; you just know them from speaking a language for a while. And what happens if you’re actually talking about your feet being cold, in the literal sense? How would an AI understand that context to know you mean it idiomatically or literally? Translation models are sort of designed to pick up on it for the most part, but it doesn’t always work.

  The progress that translation technology has made in recent years is really impressive for casual use, especially on the internet. Google, Microsoft, Facebook – tech companies and social media have implemented translation tools for a long time now. But for serious legal or medical documentation, AI still isn’t good enough to be trusted just yet. Human translators are still doing it better. Some really weird stuff can happen when mistakes are made by AI – for example, recently, the name of Chinese leader Xi Jinping turned up as a curse word when posts were translated from Burmese to English on Facebook. The name was missing from the Burmese language database model, and in the system’s attempt to replace it with similar syllables, things went offensively wrong.

  As we all know, the more data, the better. There’s tons of knowledge shared by many people when it comes to English to Spanish translation, for example, so you can get fairly accurate results most of the time from common translation tools. But what if you’re trying to translate Burmese to Finnish? Well, that could go weirdly. Sometimes the systems are trained with an intermediary language like English to help make the process easier to understand for the computers, but this solution can really mess up meaning too.

  There are fields of computer science and linguistics designed to try and tackle these issues, such as Natural Language Processing. This area is ultimately devoted to getting computers to actually understand human language in a way that allows them to communicate more closely to how humans do. This is accomplished by using huge amounts of language data with all of its complexities. NLP includes simple tasks like a short command, or highly complex tasks like getting a computer to actually comprehend an entire text like a poem. This field has been studied for half a century now, and there are still so many problems to solve. As it turns out, learning language is hard, for everyone from children, to adult learners of a second language, to scientists, to literal computers.

  One area of computational linguistics in which it seems AI can beat humans is in the study of dead languages. Studying and comprehending a dead language is a difficult process for many reasons – minimal records, a lack of relative languages to be compared to, or an entirely different structure (think something like a lack of spaces between words). In 2020 MIT’s Computer Science and Artificial Intelligence Laboratory made major progress in developing an AI that can decipher a lost language without having to understand anything about related languages in advance. The system is also capable of determining the relationship between two languages. This tech so far exceeds human capabilities to interpret lost languages that it will open many doors for academics studying relics of ancient communication, and hopefully speed up these processes. 

  Some languages take human linguists decades to figure out. We still haven’t determined where certain languages even came from. But if AI can be programmed to pinpoint what a dead language is related to or what it’s saying, maybe it’s not crazy to think real-time translation will also evolve in the not-too-distant future to become smarter than humans. Although, it tends to be believed that by that point, literally everyone from doctors to lawyers will be replaced with AI as well. Human language, and how we communicate, is seriously that complicated!

  The post The Struggles of Real-Time Translation appeared first on FreeSWITCH.

April 07, 2021

• Jitsi Winning over the classroom with Jitsi

  Hey there Fellow Jitsters! Today we are very excited to announce we are launching an education themed hackathon together with the European Commission. The ultimate goal is to improve Jitsi for education usage, which has seen incredible growth in the past year, as you can imagine. Come and join us in this new hackathon, running from the 26th of April until the 3rd of May.

  

  Checkout the press release after the jump!

  ---

  We are calling out developers to attend the “Winning over the classroom with Jitsi” Hackathon online from 26 of April to 03 of May 2021. The event is being organised by Tipik, the event partner for the European Commission’s Open Source Initiative under ISA2 Sharing and Reuse action.

  The hackathon will bring together Jitsi (Core Team) members and Advanced users from across Europe and around the world. The plan is to propose new features for Jitsi focused on education. On our Hackathon page, you can see suggestions of challenges to solve during the event but you are welcome to add your own ideas to this evolving list.

  If you feel qualified to do this work and wish to contribute, you are invited to fill out the registration form.
  Do not miss this rare opportunity to meet key Jitsi committers, like-minded colleagues and staff from the European institutions, and shape the future of Education with Jitsi. Register now.
  Should you have any questions, please feel free to get in touch with us anytime.

   

  About the Open Source Initiative under ISA2 Sharing and Reuse Action

  This hackathon is an ISA² sponsored component of the Sharing and Re-use action (2016.31), which aim to bring together European Public Services on the subject of open source. The action has four areas of focus:

  • Inventory: Creating an initial, first cut, inventory of open source software used by European Public Services
  • Funding: Studying the need for a European Open Source Funding Mechanism, and then defining how it could work
  • Security: running bug bounties on software selected from consulting multiple public administrations
  • Hackathons: Holding events/hackathons to tackle common issues in open source that the European Public Services may be facing.

   

  Timings:

  Start Time: 16:00 pm CET on Monday 26 of April

  End Time: 16:00 pm CET on Monday 03 of May

  Award Ceremony: 16:00 on  Monday 10 of May

  The post Winning over the classroom with Jitsi appeared first on Jitsi.

April 06, 2021

• Digium Sangoma Completes Acquisition of Star2Star

  On January 29th, Sangoma announced a definitive agreement to acquire Star2Star, a cloud-based Communications as a Service provider with a leading UCaaS offer. We’re pleased that the deal closed last week.

  So, why did we do this deal? First off, Star2Star targets medium and large enterprise and managed service providers, with channels that don’t really overlap with Sangoma, so the “fit” is very nice. Star2Star has almost 10,000 business customers with tens of thousands of locations. We feel like now we can confidently go after and win the full spectrum of UC prospects, from small business to large enterprise.

  Together, we will have increased scale, and given both of us are profitable, we will remain a profitable entity with approximately 70% recurring revenue. As a Channel Partner or end-customer, you shouldn’t have to worry about whether we’ll be around in the future. Whatever side you come from, the transaction represents a very positive development for the future of the new Sangoma (the combined company) since there will be benefits from the improved scale/financial stability, a broader portfolio of products, expanded global services, and a continued commitment to invest in innovation.

  We feel we’ll have the most complete UC portfolio in the market: From on-premises to Cloud UC that can work in businesses of all sizes, with our own phones, headsets, gateways, SBCs and SIP Trunking. As such, a business would be able to deploy Sangoma products across their entire enterprise, avoiding any interoperability “finger pointing” which crops up sometimes. Additionally, we’ll have a full suite of Communication as a Service offers, from UCaaS to Video Meetings to Collaboration to Wholesale Voice Services to Access Control. Truly all that a business needs from a single vendor, obviating the need to put all kinds of different communication products into your enterprise network.

  During the past few months, when we were not yet closed, we understandably received questions about the future of the different UC platforms. Yes, we understand them. We got the same ones when Sangoma merged with Digium and we said both Switchvox and PBXact would remain. And both have remained. So we certainly understand. And all UC platforms will remain now.

  As I intimated above, the target market overlap was not that great. Switchvox and PBXact predominantly served the SMB. And both are also on-premise products in addition to cloud products. And Star2Star predominately services the mid-size enterprise to MSP market, with a cloud offer. Because of that, all platforms with remain as long as there is market demand for them. We may choose to do work to consolidate to a single mobile and desktop client, like we have done with Sangoma Connect for Switchvox and PBXact, and other similar things, but there are no plans to announce any of that in the short term.

  And Sangoma plans to continue to sell, develop and support our hardware business including phones, cards, gateways, SBCs, and UC appliance businesses. And we also plan to continue to be the stewards of Asterisk and FreePBX. So, no big changes.

  Right now, we need to integrate the teams and that will take some time. Customers on both sides will continue to receive the same products, quality and service they have come to expect from both companies.

  If you are a partner, we are looking forward to growing with you. If you are a prospect or customer, we look forward to serving you in the future!

  The post Sangoma Completes Acquisition of Star2Star appeared first on Sangoma.

• WebRTC Hacks How Go-based Pion attracted WebRTC Mass – Q&A with Sean Dubois

  Pion seemingly came out of nowhere to become one of the biggest and most active WebRTC communities. Pion is a Go-based set of WebRTC projects. Golang is an interesting language, but it is not among the most popular programming languages out there, so what is so special about Pion? Why are there so many developers […]

  The post How Go-based Pion attracted WebRTC Mass – Q&A with Sean Dubois appeared first on webrtcHacks.

March 30, 2021

• Digium Wrapping Up Women in Tech Month Podcast Series

  Throughout March, we conducted a weekly “Women in Tech” podcast with four different women in Sangoma, ranging from engineering to product management to general manager to lawyer. Each of these women told interesting stories and gave excellent advice.

  Advice, I might add, pertinent to everyone in the workforce, not just women. Their stories are interesting and powerful.

  Setareh Nezami (Product Management) talked about “Leading Without Authority,” important for anyone who needs to get other organizations to execute.

  Michelle Fleming (Legal) talked about the need to speak up.

  Bhawna Gaba (Engineering) talked about needing to be confident, taking a chance, and finding a mentor.

  Paula Griffo (General Manager) talked about loving the fast-paced tech industry and needing resilience.

  To listen to their stories, please go here.

  I would recommend taking the time to listen. It’s well worth it.

  The post Wrapping Up Women in Tech Month Podcast Series appeared first on Sangoma.

March 25, 2021

• Jitsi March update: virtual backgrounds, new toolbar UI and more!

  Hey there Fellow Jitsters!

  You might have noticed some changes on meet.jit.si. We rolled out a new release yesterday and we want to tell you all about it!

  New web toolbar UI

  The toolbar is one of the first things you see as a Jitsi Meet user. It needs to have the buttons you need, just when you need them. We have redesigned it to give it a more polished aesthetic while improving its usefulness.

  

  New toolbar!

  The toolbar is now responsive and will show the actions you may need on a single click front an center, while the rest are part of the overflow menu.

  

  Responsive toolbar

   

  The overflow menu also got a fresh coat of paint and now it’s now mobile friendly.

  

  Redesigned overflow menu

  Virtual backgrounds

  We know you wanted them, so here they are! In order to properly implement virtual backgrounds we had to completely reimplement our background blur feature with a better segmentation model. Instead of using TensorFlow with the BodyPix segmentation model we are using TFLite with the MediaPipe Meet Segmentation model as outlined in their blog post. This, paired with WebAssembly SIMD instructions provided the performance boost we needed to improve blur and implement virtual backgrounds in a way that works well in Jitsi Meet.

  

  Choose a background, or upload yours!

  You can try it for yourself on meet.jit.si, but if you’d rather see a GIF…

  

  Look mom, we got backgrounds!

  More!

  Lots of improvements have also happened in the backend, including better bandwidth estimations and performance improvements in large conferences, stay tuned for more updates on this!

  ---

  We hope you enjoy these as much as we did while building them!

  — Your personal Jitsi meetings team.

  The post March update: virtual backgrounds, new toolbar UI and more! appeared first on Jitsi.

• Enable Security SIPVicious OSS 0.3.3 released with new STDIN and target URL specification
  Without further ado, please say hello to SIPVicious OSS 0.3.3! SIPVicious OSS 0.3.3 is out! To install or upgrade run pip install -U sipvicious. For more installation methods, see the wiki. What’s new? SIP extensions and passwords from standard input We have a new feature which seems so simple yet so powerful: STDIN for dictionary input! This works for both svwar and svcrack. It is similar to what we did with SIPVicious PRO, which (surprisingly) proved to be a very popular feature.

March 24, 2021

• Enable Security Get help by hiring us
  Our clients Service providers, telecom carriers, mobile operators Vendors of VoIP/IMS and WebRTC solutions CPaaS (communications platform as a service) Video conferencing platforms Contact center platforms What we do Penetration Testing Security analysis and consultancy Denial of service simulation (DoS) Fuzzing exercises and setup Configuration security review Secure code audit Experience Target Examples Session Border Controllers (SBCs) Kamailio, OpenSIPS, Audiocodes, Sonus SBC IP PBX servers Asterisk, FreeSWITCH, Avaya Aura, Cisco Unified Communications Media servers RTPEngine and proprietary solutions IM/Presence systems, XMPP servers Ejabberd, OpenFire and Prosody Telecom solutions and Unified Communications systems Broadworks (Cisco) Mobile softphones Cisco (Broadsoft) Communicator and custom solutions Customer premises equipment (CPE DSL, cable modems, SIP gateways Hardware phones and conference call equipment Proprietary solutions WebRTC media gateways Janus, proprietary solutions TURN server Coturn SMPP servers OpenSMPP, Kannel, Cloudhopper Protocols and Standard test cases SIP (RFC 3261, 3264, 3265, 3665, 4568, 5621, 8760) Call relaying / dialplan security bypass INVITE flood (INVITE of death) / REGISTER flooding (Denial of Service (DoS) testing) SIP extension enumeration SIP digest leak attacks on vulnerable SIP endpoints and SIP proxies SIP routing vulnerabilities SIP header injection / smuggling tests Caller-ID spoofing SIP online cracking / password bruteforce Injection tests, for SQL injection / other injection vectors introduced through SIP Authentication bypass testing RTP (RFC 3550, 3711, 5761) RTP Flooding (Denial of Service (DoS) testing), especially targeting recording systems Media encryption tests, especially related to SRTP, SDES and DTLS RTP bleed and RTP injection attacks Call interception, eavesdropping due to lack of media or signalling encryption DTLS (RFC 6347, 5763, 5764) DTLS denial of service Certificate handling Weak ciphers Information disclosure vulnerabilities XMPP (RFC 6120, 6121) XMPP attacks for several XEPs (XMPP protocol extensions) and XMPP servers SMPP (version 3.

March 23, 2021

• Ovidiu Sas Troubleshooting OpenSIPS encrypted SIP traffic

  Sometimes we need to have a quick way to troubleshoot encrypted SIP traffic. Using Homer is great, but if not setup yet, here’s how we can do it with sngrep.

  Setting up sngrep

  We will configure sngrep to accept and decode HEP/EEP version 3 packets. For this, we will create a configuration file for sngrep:

  cat <<EOF >> ~/.sngreprc
  set eep.listen on
  set eep.listen.version 3
  set eep.listen.address 127.0.0.1
  set eep.listen.port 5065
  EOF

  Note1: replace lo, 127.0.0.1 and 5065 with the network interface, IP and port that matches your local setup.

  Note2: sngrep can run on a different machine then opensips (example: use the local interface eth0 and local IP 10.10.10.10 as the capture device and the listening address).

  Setting up opensips

  Next step is to configure opensips as a HEP/EEP capture agent. For this we will load the following modules:

  • the proto_hep module
  • the tracer module

  socket=hep_udp:127.0.0.1:6060 use_workers 1
  ...
  loadmodule "proto_hep.so"
    modparam("proto_hep", "hep_id", "[sngrep_hep_id] 127.0.0.1:5065; transport=udp; version=3" )
  loadmodule "tracer.so"
    modparam("tracer", "trace_on", 0)
    modparam("tracer", "trace_id", "[sngrep_trace_id]uri=hep:sngrep_hep_id")

  Note: The IP and port in the “hep_id” proto_hep module parameter must match the IP and port in the sngrep config file. Same for version.

  At the beginning of the main route we trace all transactions:

  route {
    if (!has_totag()) {
      if(is_method("INVITE") ) {
        # We need to use the dialog module to have the outgoing ACK traced
        trace("sngrep_trace_id", "d", "sip");
      }
    }
    else {
      match_dialog();
    }
    if (!is_method("INVITE,ACK,BYE,PRACK")) {
      # Requests that are not part of an established dialog will be transaction base traced
      trace("hep_lo", "t", "sip");
    }
    trace("sngrep_trace_id", "t", "sip");
    ...
  }

  If we want to trace locally generated requests, we setup tracing in the local_route route:

  onreply_route[local_route_reply_handle] {
    trace("sngrep_trace_id", "m", "sip");
  }
  local_route {
    trace("sngrep_trace_id", "m", "sip");
    t_on_reply("local_route_reply_handle");
    ...
  }

  With the above code snippet, we can trace OPTIONS pings generated by the drouting module.

  Capturing

  Start opensips:

  sudo systemctl start opensips

  Start sngrep with dialog rotation:

  opensips-cli -x mi trace mode=on
  opensips-cli -x mi trace mode=on id=sngrep_hep_id
  sudo sngrep -l 4000 -R -Ludp:127.0.0.1:5065 port 5065
  opensips-cli -x mi trace mode=off id=sngrep_hep_id
  opensips-cli -x mi trace mode=off

  Start sngrep with dialog rotation and OPTIONS and REGISTER requests filtered out:

  opensips-cli -x mi trace mode=on
  opensips-cli -x mi trace mode=on id=sngrep_hep_id
  sudo sngrep -l 4000 -R -Ludp:127.0.0.1:5065 -v "OPTIONS\ sip|REGISTER\ sip" port 5065
  opensips-cli -x mi trace mode=off id=sngrep_hep_id
  opensips-cli -x mi trace mode=off

  Enjoy visualising SIP message flows in realtime! Based on this initial setup, more complex tracing scenarios can be implemented.

  Note1: ACKs related to a transaction that are leaving OpenSIPS are not traced if dialog tracing is not enabled.

  Note2: Locally generated requests don’t have the proper destination IP and port.

  Note3: sngrep is not able to export in pcap format packets captured in HEP/EEP format.

• Digium Video Interview: Catching Up with Rich Tehrani

  In January, I did a video interview with Rich Tehrani. Usually, we’re in Florida for the IT Expo / Tech Super Show at that time of the year, and we do an in-person video interview. I’ve been there so many times I’ve lost track of how many we’ve done together. When he first started doing video interviews, I believe at a show in Los Angeles, if I recall correctly, it was a very new thing, and I think I might have been the 3rd person he did it with. Yeah, Rich and I have known each other a long time, going back to 1998.

  We were just little kids then…

  And while I’ve talked to Rich multiple times in 2020, we decided to do another video interview like we usually do during this January time frame.

  We just did it remotely this time.

  We talked about a bunch of things, such as the Frost and Sullivan UC and Collaboration Competitive Strategy Leadership Award that we received just a few weeks before the interview. I won’t go over that here because I’ve written about that already.

  He also asked me how our integration of VoIP Innovations is coming along. It’s going well, and we’ve put investment into the wholesale services / SIP trunking business and CPaaS. We have introduced a service that is available now that helps address Caller ID spoofing. It is available both with our Wholesale SIP trunking but also can be used by other carriers, available via an API. It combines analytics, caller authentication, and verification to help address Caller ID spoofing now. We also introduced new fraud mitigation and E911 monitoring solutions in 2020.

  We’re also currently working on complying with STIR/SHAKEN.

  And he asked me about what’s next for Sangoma. Obviously, I could not talk about Star2Star at that time because it was not announced yet. Still, we did touch on our vision of continuing to see Sangoma adding to our suite of Communication-as-a-Service product portfolio. Beyond UCaaS, we also offer other “As a Service” offerings such as retail and wholesale SIP trunking, CPaaS, Fax, Video Meetings, and our soon-to-be-released access control solution. Similar in concept to our “End-to-end UC Solution” that I discussed when talking about the Frost and Sullivan award, we want to offer “End-to-end As a Service Communications.”

  As always, it was a pleasure talking to Rich. I am looking forward to doing it in person at some point, hopefully relatively soon. To watch the video interview, please go here.

  The post Video Interview: Catching Up with Rich Tehrani appeared first on Sangoma.

March 22, 2021

• Ovidiu Sas Troubleshooting Kamailio encrypted SIP traffic

  Sometimes we need to have a quick way to troubleshoot encrypted SIP traffic. Using Homer is great, but if not setup yet, here’s how we can do it with sngrep.

  Setting up sngrep

  We will configure sngrep to accept and decode HEP/EEP version 2 packets (HEP/EEP version 3 packets work only with sngrep 1.4.7 and above). For this, we will create a configuration file for sngrep:

  cat <<EOF >> ~/.sngrephep2rc
  set capture.device eth0
  set eep.listen on
  set eep.listen.version 2
  set eep.listen.address 10.10.10.10
  set eep.listen.port 5065
  EOF

  Note1: replace eth0, 10.10.10.10 and 5065 with the network interface, IP and port that matches your local setup.

  Note2: sngrep can run on the same machine as kamailio (use lo and 127.0.0.1 as the capture device and the listening address) or on a different machine.

  Setting up kamailio (easy way)

  Next step is to configure kamailio as a HEP/EEP capture agent. For this we will load the siptrace module:

  
  loadmodule "siptrace.so"
    modparam("siptrace", "trace_mode", 0)
    modparam("siptrace", "trace_to_database", 0)
    modparam("siptrace", "trace_on", 1)
    modparam("siptrace", "duplicate_uri", "sip:10.10.10.10:5065")
    modparam("siptrace", "hep_mode_on", 1)
    modparam("siptrace", "hep_version", 2)
    modparam("siptrace", "hep_capture_id", 1)

  Note: The IP and port in the “duplicate_uri” siptrace module parameter must match the IP and port in the sngrep config file. The version number in the “hep_version” siptrace module parameter must match the version in the sngrep config file.

  At the beginning of the main request_route we trace all transactions:

  request_route {
    sip_trace_mode("t");
    ...
  }

  We want to trace also relayed ACKs and we do that in the onsend_route:

  onsend_route {
    if (is_method("ACK")) {
      sip_trace();
    }
  }

  If we want to trace locally generated requests, we setup tracing in the tm:local-request route:

  onreply_route[local_request] {
    sip_trace();
  }
  event_route[tm:local-request] {
    t_on_reply("local_request");
    sip_trace();
  }

  With the above code snippet, we can trace OPTIONS pings generated by the dispatcher module.

  Setting up kamailio (easiest way)

  Next step is to configure kamailio as a HEP/EEP capture agent. For this we will load the siptrace module:

  loadmodule "siptrace.so"
    modparam("siptrace", "trace_mode", 1)
    modparam("siptrace", "trace_to_database", 0)
    modparam("siptrace", "trace_on", 1)
    modparam("siptrace", "duplicate_uri", "sip:10.10.10.10:5065")
    modparam("siptrace", "hep_mode_on", 1)
    modparam("siptrace", "hep_version", 2)
    modparam("siptrace", "hep_capture_id", 1)

  Note: The IP and port in the “duplicate_uri” siptrace module parameter must match the IP and port in the sngrep config file. The version number in the “hep_version” siptrace module parameter must match the version in the sngrep config file.

  Capturing

  Start sngrep:

  sudo sngrep -f ~/.sngrephep2rc

  Start kamailio:

  kamctl start

  Enjoy visualising SIP message flows in realtime! Based on one of this initial setups, more complex tracing scenarios can be implemented.

  Note: sngrep is not able to export in pcap format packets captured in HEP/EEP format.

March 19, 2021

• Digium The Rise of SMS and Unified Communications

  “Just text me”

  Those three words are being said now more than ever. It’s the perfect way to send a message without verbally interrupting a current conversation, meeting, class, ride – really anything. I even have some friends that, if they call me, I automatically assume something is wrong, because they never call… they just text.

  With gen-Zers and even young millennials thinking that a phone call is just “old fashioned” or “formal”, choosing to send a text over making a phone call truly is the new normal. Now, it’s becoming highly requested and, in some cases expected, in the business communication world.

  SMS stands for “Short Message Service”, and it’s basically a technical term for a text message. Business owners can now harness the immediacy and convenience of SMS messaging with many UC (Unified Communications) business phone systems. Imagine sitting in an Uber on your way to the airport, or sitting in a drive-thru on your lunch break. You have a simple question you want to ask your realtor/broker/child’s teacher/lawyer/insert profession here, and you don’t want to navigate the formalities or time of an actual phone call. Imagine being able to both call or text the exact same business phone number to ask that question. In my opinion, that’s a dream come true!

  SMS is getting business accomplished faster than ever. Companies can protect their employees by giving them a way to receive messages from customers or clients without having to give up their personal phone number. With an SMS-enabled business phone system, you can add “Call or Text” to your business cards, and potentially get more business than you would have if it involved an actual call. I’d rather send a quick text message to a company for a rough quote or set-up a meeting without having to dial and sit in an IVR waiting to speak with someone. And voicemails….don’t even get me started! Yes, they are a way to communicate a message, but a text – now that’s immediate! The industries that can benefit from this are virtually everywhere!

  Here are some examples of how customers and prospects can use SMS to communicate with a business:

  

  Here are some ways business owners and organizations can use SMS to offer better service and improve customer experience:

  

  I could go on and on. Minimally invasive yet effective and convenient ways to communicate will win every time. It’s not just sales departments that benefit: SMS is a great way for customer service teams to check-in with a customer, or for a small business to put a personal touch on recent orders. I personally text my hairdresser on her business number to see what she has available for a haircut next week.

  According to Forbes: “64% of consumers believe that businesses should use SMS messages to interact with customers more often than they currently do.”

  Texting is the most prominent form of communication in the industry today, and it deserves its place in day-to-day business communication. SMS gives businesses a way to stand out from their competitors and offer unmatched availability. It saves your company time, gets you feedback from customers faster, and helps you engage with your customers on a more personal level.

  Having been in the game for quite some time and listening to our customers and partners requests, Sangoma has implemented SMS capabilities with it’s UC phone systems. Tying in SIPStation Retail with Switchvox provides users the convenience of the “call and text” from the same number feature with messages coming straight to your desktop softphone.

  Not to mention that SIPStation is saving them money each month (up to 80%) from costly analog or PRI lines. Switchvox Cloud now has access to Sangoma Connect Mobile, SMS text messaging, an updated Switchvox Desktop Softphone, and more built right in. And as always, with Switchvox ALL features are included. Our Sales Team is standing by.

  The post The Rise of SMS and Unified Communications appeared first on Sangoma.

March 18, 2021

• Digium Choosing a Business Phone System Vendor: The Value in an End-To-End Unified Communications

  Are you using multiple communications vendors?

  If you’re using more than one Unified Communications vendor, that can be a problem – or at least a nuisance. Managing multiple tools, different training resources, and installations can take up your valuable time.

  Many organizations are opting to go with single-vendor Unified Communications solutions for their business phone system, IP phones, and video conferencing software.

  The Benefits of a Single Unified Communications Vendor

  Rather than emailing one vendor about your employee instant messaging platform, calling a different one for your IP phones, and reaching out to yet another about your video conferencing app, wouldn’t it be great if it all came from a single vendor?

  With an end-to-end UC vendor who is focused on their end customer, you can streamline the purchase of any telephony hardware, collaboration software, and support for all your communications needs. You should also be able to easily integrate your existing CRM and email platforms with your business phone system.

  According to Michael Brandenburg, Senior Analyst at Frost & Sullivan, “Sangoma ranks as one of the few remaining competitors in the unified communications market that delivers a complete portfolio of on-premise, hybrid, and cloud-based solutions. Both businesses and service providers appreciate Sangoma as a one-stop-shop partner that meets their diverse communications requirements.”

  Click here to download the full award report.

  Can your current phone system vendor offer necessary support?

  Need emergency support or some hardware upgrades? Looking to switch to a UCaaS solution? You might have even been wondering “What is UC?” in the first place. Being able to reach out to a single source to get these answers or services is immeasurable when running a business.

  Regardless of your current communications set-up, your vendor should be able to provide you with all the products and services you require. Unfortunately, not all vendors are up to the task.

  Sangoma – A Trusted UC Advisor

  Sangoma’s products and services include from video conferencing software, business phone systems, telephony cards, and everything in between. And with ‘all features included’ pricing on Sangoma’s Switchvox Unified Communications solution, you get a future-proof system without the fear of paying extra for robust functionality. You get to enjoy the full suite of features, so you never miss out on the many benefits of UC.

  The breadth of products and services offered and supported was an important factor in Sangoma receiving the 2020 North American Unified Communications and Collaboration Competitive Strategy Leadership Award from the industry experts Frost & Sullivan.

  Click here to download the full award report.

  The post Choosing a Business Phone System Vendor: The Value in an End-To-End Unified Communications appeared first on Sangoma.

March 16, 2021

• Digium Applications Enable Cloud Communications Services Customization

  A few weeks ago, I wrote a blog titled “Is CPaaS a channel opportunity?”. I got a few questions about CPaaS in general and why it might be important to “service providers” who offer cloud services.

  CPaaS is an important and easy way to add some kind of service to or augment an existing service already in your communication cloud offering. Since Sangoma offers cloud unified communication services, sometimes we have customers who want to do something more, something specific. And while CPaaS is typically historically talked about as a way for a developer to create an application or enhance an application, and that’s fine, a developer could easily be us. We could use our own CPaaS to enhance the cloud offer. And that’s important so we can help our customers service their customers better.

  So, it’s important to understand if your cloud communications provider has a CPaaS offer, not only for the developers out there but for themselves to use.

  The post Applications Enable Cloud Communications Services Customization appeared first on Sangoma.

• Enable Security Bug discovery diaries: Abusing VoIPmonitor for Remote Code Execution
  Executive summary (TL;DR) We fuzzed VoIPmonitor by using SIPVicious PRO and got a crash in the software’s live sniffer feature when it is switched on. We identified the cause of the crash by looking at the source code, which was a classic buffer overflow. Then we realized that was fully exploitable since the binaries distributed do not have any memory corruption protection. So we wrote exploit code using ROP gadgets to get remote code execution by just sending a SIP packet.

March 15, 2021

• Enable Security VoIPmonitor advisories: buffer overflow leading to RCE + XSS vulnerabilities
  VoIPmonitor released updates to both the sniffer component and the web application to address vulnerabilities that your favourite Enable Security researchers identified and reported. The sniffer component had a buffer overflow flaw that we actually abused to run arbitrary code (yes, in 2021!). The web application, on the other hand, was vulnerable to cross-site scripting introduced through SIP messages with XSS payloads - which is pretty bad. And so, we just released three advisories to provide further details so that organisations using this software can make better informed decisions.

March 09, 2021

• Digium One Year for .e4 in Sangoma and will Star2Star Impact our Open Source focus?

  It’s been a little over a year that Sangoma purchased .e4. At the time of purchase, we said, “This deal significantly strengthens Sangoma’s sales and support for both FreePBX and Asterisk, as well as further demonstrates Sangoma’s deep commitment to the open source market.” So I think it’s fair to ask if we have accomplished that goal.

  From my perspective, yes, we have. Mike White and the team have focused on the open source customer base like we wanted them to. We have more dialogue going with the community. The business we derive from the open source projects FreePBX and Asterisk, such as selling phones, SIP trunking and FreePBX modules, remains strong. We wanted Mike and his team to spearhead this. That was our plan, and that’s what’s happened.

  Coincident with the acquisition of .e4 was also putting dedicated open source marketing plans in place. You may have seen we refreshed the logo for FreePBX and created an Asterisk mascot. These are small examples of an increased marketing focus, but nonetheless important. We also ran a multi-day virtual AstriCon conference since we couldn’t do an in-person one. Frankly, this was more work than running an actual conference.

  We’ve also had a few questions about whether the pending acquisition of Star2Star will impact our focus on open source. It’s a natural question to ask – “As you grow, the percent of revenue coming in from the adjunct businesses that support open source changes.” Yes, it changes, but that doesn’t mean we don’t care about it. There are no plans to decrease the engineering, marketing or sales spend on open source. We’ve actually grown this total spend in 2020. We have a focus on it now, and that will continue. The teams will remain the same. And it’s important to remember open source to us is also about innovation and supporting innovation, and that commitment remains strong.

  I recently did a podcast with Mike, so if you want to listen to that, please go here.

  The post One Year for .e4 in Sangoma and will Star2Star Impact our Open Source focus? appeared first on Sangoma.

March 03, 2021

• Enable Security SIPVicious OSS 0.3.2 released with more IPv6 goodness!
  The free and opensource version of SIPVicious has been updated so that support for IPv6 is also available in svmap. If you can’t wait to try it out, you can get it at the official repository or by using pip3 install sipvicious --upgrade. So now, with svmap’s IPv6 support, you can do stuff like: sipvicious_svmap -6 -v 2a01:7e01::f03c:92ff:fecf:60a8 INFO:DrinkOrSip:trying to get self ip .. might take a while INFO:root:start your engines INFO:DrinkOrSip:-:61500 -> 2a01:7e01::f03c:92ff:fecf:60a8:5060 -> kamailio (5.

March 02, 2021

• Digium Appleton Harley Davidson and Switchvox

  I usually don’t write too many blogs about our success stories, but I wanted to write this one since the installation occurred within the past few months, during all these trying times we are in. And a shout-out to our partner in Appleton, Wisconsin, Unitel, who played a huge role in making this happen.

  Appleton Harley-Davidson was looking to upgrade from their existing old phone system. They wanted something modern, such as touch screen phones, something that would connect their campus easily, something that would save them money, something that would be easy to manage and most importantly something that would give them contact center functionality such as auto-attendant simply and easily. And they did not want any hidden costs. A Switchvox on-prem solution fit their needs perfectly.

  Remote / Online training enabled early learning, and Unitel also hosted in-person training, so that the installation would go smoothly. Given Harley-Davidson colors are black and orange, Unitel also supplied orange phone cords with the phones.

  It’s nice to see during these times how a new customer got going.

  To read the full case study, please go here.

  The post Appleton Harley Davidson and Switchvox appeared first on Sangoma.

March 01, 2021

• FreeSWITCH Communicating in Space and Exploring Mars in 2021

  February 2021 was a busy month for exploring Mars. Three separate projects that launched back in July 2020 have arrived at the red planet just this last month. The United States, China, and the United Arab Emirates now all have new vehicles orbiting the planet and investigating the surface. Each of these projects has its own set of goals to achieve, and all three are scheduled to last about one year on Mars, which is 687 days on Earth. 

  On February 18th, NASA’s Perseverance rover and its partner helicopter named Ingenuity successfully landed on Mars. Ingenuity is a technology demo with the goal of being the first vehicle on another planet to achieve rotor-powered flight and it will then map roads for future rovers. Meanwhile, Perseverance is tasked with searching for signs of past life on Mars. After landing, Perseverance snapped photos of the landing site and listened to the breeze, beaming this information back to Earth. 

  The team of engineers and scientists working on this project will now spend its next phase diligently testing all the functions and instruments before moving forward to send back higher quality photos of the landscape and sniff around water deposits in an area called the Jezero Crater. Once it’s good to go, the six-wheeled vehicle will start to look for signs of microbial life on the planet, collect dust samples from the Martian surface, and help us better understand the climate and geology of Mars. 

  High definition cameras captured the excitement of Perseverance’s landing last month (you can watch the footage here), giving Earth observers an unprecedented view of the descent. A few days later, on February 21st, NASA released a panoramic photo of the landing site, which is actually stitched together from 142 individual images. Perseverance is equipped with a Mastcam-Z, a dual camera system with capabilities to zoom and focus to take high definition photos, as well as provide panoramic color and 3D images. This powerful camera system can reveal details as small as 3 to 5 millimeters across nearby and as large as 2 to 3 meters across in the distance. 

  

  The Jezero Crater, where Perseverance will live for its 1-Martian-Year-Long mission, is located just north of the Mars equator and was once home to a river delta. The land is 3.6 billion years old and can help answer some serious questions about the past on Mars, with a long history of water in this area making it an ideal spot to search for past microbial life.

  Perseverance is about the size of a car and overall looks similar to its predecessor, Curiosity. Some of the science instruments the vehicle contains include the Mastcam-Z, a subsurface radar, laser micro-imager, weather station, x-ray spectrometer and an ultraviolet spectrometer named Sherloc (which stands for Scanning Habitable Environments with Raman & Luminescence for Organics & Chemicals) and its camera, affectionately named Watson. Sherloc is the main tool that will be hunting for life while its companion camera will take microscopic images of Mars. An instrument called Moxie will make oxygen from carbon dioxide in the atmosphere, an experiment designed to prepare humans to go to Mars, which is a feature unique to the Perseverance project.

  The rover is also equipped with microphones to send back audio samples of the red planet. Perseverance successfully recorded a snippet that features the whirring of its own fan, ended with a brief gust of wind. Though that’s maybe not the most exciting thing, these microphones will hear more wind, storms, and other movements on Mars, and sound can become a new tool in listening to the rover to diagnose problems. Unfortunately, members of the Perseverance team don’t know if (or when) the microphones will give out, due to extreme conditions like frigid temperatures and radiation. 

  Missions like that of Perseverance are possible thanks to the satellites of the Mars Relay Network allowing telecommunications through space, from Earth to Mars and back. Images and sound are transmitted through this network of several satellites, which includes all the NASA orbiters. The collaboration of the orbiters will be key in handling the tremendous amount of data Perseverance will transmit back home. These orbiters have telecommunications subsystems that are composed of a radio system operating in X-band microwave frequencies and ultra high frequencies. The X-band system is used for communication between Earth and the orbiter, while the ultra high frequency system is used for conversations between the orbiter and any rovers on Mars. Entry, descent, and landing data were all sent in near-real-time and the rover is currently communicating with Earthlings twice a day. Large, sophisticated satellites on Earth are also required for this communication, including NASA’s Deep Space Network, an international connection of antennas with locations in California, Spain, and Australia.

  Ingenuity, the helicopter, will continue to live under Perseverance for a month or two before it’s ready to be deployed in a suitable location. These two join some other NASA bots hanging out on Mars, including Curiosity and the InSight lander. Back in 2018, the Opportunity rover lost contact with home due to a dust storm, and Perseverance is designed to avoid suffering the same fate, running on a nuclear power source like Curiosity that won’t require sunlight to keep going. 

  Meanwhile, China’s Tianwen-1 entered Mars’ orbit on February 10th. Tianwen-1 contains an orbiting spacecraft, a lander, and a rover, and it will remain in orbit for the next couple of months before landing in May or June. Its ambitious landing goal is to orbit, land and release the rover on its first try while coordinating observations with the orbiter. The objectives of Tianwen-1 are to provide a global survey of the entire planet, as opposed to Perseverance, which will stay in one area. 

  The Chinese project will be investigating gravitational trends, the atmosphere and climate, analyzing soil and dust samples, and searching for water deposits. The orbiter will study the planet from above using a high resolution camera while the rover will hunt for pockets of water deep beneath the red dirt. For about 90 Martian days, the currently unnamed rover will explore, while the orbiter serves as the telecommunications relay and continues to observe the planet from above. Because this is China’s first interplanetary mission, one of its foremost goals is to validate the communication technologies for Mars exploration like those of the Chinese Deep Space Network.

  The United Arab Emirates’ orbiter, named Hope, made it to the red planet on February 9th. Equipped with a high resolution camera, infrared spectrometer and ultraviolet spectrometer, and giant unfolding solar panels to charge the onboard battery, Hope will study large scale atmospheric phenomena exclusively and won’t land on the ground. It contains no rover or lander, just an orbiter. Its goal is to investigate mysteries of Mars’ atmosphere and be the first probe able to give a full picture of the climate of Mars throughout the year.

  The pictures Hope has taken so far are out of this world, showing 3 giant volcanoes in a row from space, including the biggest volcano in our solar system, Olympus Mons. Mars orbiters typically work as telecommunication stations for rovers to contact Earth. But Hope will be busy studying neutral atoms of hydrogen and oxygen in the atmosphere to help add to the research on how Mars could have gone from a warm, wet planet to the cold red desert of today.

  

  About half of all missions to the red planet fail, so it’s impressive that so far all three projects survived the journey. The landing process is extremely risky, and in general there’s still plenty of room for some road bumps later in 2021. Assuming each project will survive the upcoming months, it’s going to be a big year for space exploration!

  The post Communicating in Space and Exploring Mars in 2021 appeared first on FreeSWITCH.

February 26, 2021

• Digium DPMA – SSL Certificate Expiration

  Overview

  D-Series telephones and the Switchvox Mobile Softphone possess an embedded certificate that is used to encrypt their communications with a Sangoma phone system server.  The certificate will expire on Friday, May 28, 2021 at 4:45:20pm EDT (GMT -5).  If this certificate is invalid, D-Series phones and the Switchvox Mobile softphone are unable to provision against any Switchvox or DPMA-equipped system.  There is no in-place mechanism for remotely forcing an update on a server that will provide remediation.

   What is Affected?

  • All released versions of Switchvox that support D-Series telephones and/or the Switchvox mobile softphone including versions 5.5 through 7.6.1.  
  • FreePBX and PBXact systems using the deprecated “Digium Phones Add-On for FreePBX”
  • FreePBX and PBXact systems using the “DPMA” option for Endpoint manager
  • All released versions of DPMA used with open source Asterisk. 

  Remediation Plan

  Sangoma has produced new versions of DPMA, Proxy, D-Series telephone firmware, and Switchvox mobile softphone that remediate the problem.  Administrators (except Switchvox Cloud and PBXact UCC) MUST take action prior to the expiration date.  For Switchvox users on 7.x, the new firmware is included in Switchvox version 7.6.2.  For Switchvox users on 6.x or 5.x, the new releases are 6.8 and 5.12 respectively.  

  Steps to Take

  Sangoma has developed quick to implement and future proof solutions. Please visit the resource page for complete information on how to resolve the issue.

  Action must be taken before May 28, 2021

  The post DPMA – SSL Certificate Expiration appeared first on Sangoma.

February 23, 2021

• Digium Is CPaaS a Channel Opportunity?

  I get asked every once in a while, “Is CPaaS a channel opportunity?”. It potentially can be, but CPaaS being a channel opportunity needs some context. CPaaS itself means essentially selling the use of APIs, which are typically charged by usage. Applications written with CPaaS access these APIs (and, in turn, specific functions the application has asked to do) during the execution of the application they’ve written. This application “goes and gets the resources” the API asks for via the cloud.

  CPaaS is a hot topic these days because using them is easy, and one can add in voice or SMS to an already existing application relatively inexpensively. For example, one might want to add text messaging to an appointment application from a dentist or hairdresser.

  When talking about CPaaS being a channel opportunity, we are really talking about the applications that run on CPaaS. So if you as a channel are already selling cloud services, and used to selling in a recurring revenue model, then yes, CPaaS could be a channel opportunity for you.

  As a channel partner, there wouldn’t be a “make a big deal” and get the revenue from the enterprise all at once, then sell maintenance contracts. It would be a revenue model based on continuous usage that could go on for years. That’s very different if you aren’t familiar with cloud.

  And you would either need a stable of applications to sell, likely from some kind of store the CPaaS provider would have or develop a couple of applications yourself.

  So yes, it could be.

  The post Is CPaaS a Channel Opportunity? appeared first on Sangoma.