The Answer to Government XP Woes

Government Technology Magazine is reporting on the reaction of state and local government IT officials to the recent decision of Microsoft to discontinue support for Windows XP and Office 2003:

Microsoft dropped free support this week for Windows XP and Office 2003, leaving state and local governments wondering when they’ll be forced to move computers to a newer operating system.

Lisa Moorehead, the director of management information systems in the Massachusetts Department of Public Utilities, said her department doesn’t have the budget to pay for repeated incident-report calls.

“That is going to pose huge problems to us and force us to potentially go to an operating system we don’t want to go to,” said Moorhead, who isn’t thrilled with one of her other options: the newer Windows Vista operating system.

So, what other options to state and local IT officials have? Let me spell it out for you:

U B U N T U !

‘Nuff said.

Shoring up Asterisk Security

Found out today that an external host had been scanning my Asterisk server looking for valid SIP extensions. Turned out the IP belonged to some German hacking site that was probably using some brute force tools to scan my server (and lots of others) for valid SIP extensions. The ultimate goal was more than likely to try and exploit any live extensions for some free phone calls.

Fortunately, in anticipation of moving my in-house Asterisk server out to the cloud I had recently done some work to become better educated on Asterisk security and to shore up the security of the CentOS machine my Asterisk instance is running on. As a result, my intrusion detection system slammed the door to the external scans pretty quick, and I’ve since added the IP address to my iptables rule set to to drop any requests from the IP used for the scan.

It was a little unnerving to find out that my box was getting scanned, but I’m glad I took the time recently to get things working more securely. This incident reminds me that one can never be too careful about security, and that there is always more to learn about running Asterisk more securely. To underscore this last point, here are some great links I’ve come across lately for Asterisk and Linux security:

Some general Linux security reading:

Happy reading!

Book Review: AGI 1.4 and 1.6 Programming

Have you been working with Asterisk for a bit and want to use it to build some more sophisticated applications? Are you looking to build and IVR solution, but are a bit wary of what you will be able to accomplish with the Asterisk dialplan alone? Are you comfortable on the Linux command line and with using PHP-based scripts in a Linux environment?

If you answered yes to any of these questions, then you will want to check out the book “Asterisk Gateway Interface 1.4 and 1.6 Programming” by Nir Simionovich. There is a lot to like in this book for Asterisk programmers.

One of my favorite quotes from this book is:

Many IVR developers do not regard themselves as programmers. That is a shame as programming an efficient IVR environment using any type of telephony engine requires skill, and when done right can be regarded as a work of art.

Truer words were never spoken. I personally have never suffered from the affliction of thinking that voice applications developers are not “programmers” – voice application developers are programming Rocks Stars, pure and simple. So if you are a Rock Star (or aspire to be one), you should check this book out.

I like that this book spends some time talking about developing IVRs using the Asterisk dialplan, even though the limitations of building IVRs using the dialplan itself is probably what leads most developers to explore alternatives like PHPAGI or Adhearsion.

There is a great section in this book outlining the “ten rules of AGI development” – things every developer should know before starting AGI programming of any flavor. This book starts with the basics and moves quickly (but comfortably) on to advanced topics.

If you are an Asterisk guru, or a hobbiest that is just getting started, this book is worth having in your collection. My copy is on my bookshelf, within arms reach, right next to my dogeared copy of O’Reilly’s “Asterisk: The Future of Telephony.”

Now, if only they’d put IVR development into the next edition of Guitar Hero

Voxeo Announces New Tropo Hotness: COBOL!

Several weeks ago, Voxeo rocked the voice application development world by introducing Tropo, a new platform that allows developers to build voice applications in a variety of different languages.

Tropo lets developers build voice applications in JavaScript, Ruby, Python, PHP and more. I mentioned Tropo briefly in my last post, where I describe a voice application I built using VoiceXML/PHP — I’ll be porting this app to Tropo shortly so that it will be close to 100% PHP and running on the Tropo platform.

Voxeo announced today that they are adding support for yet another development language to Tropo — COBOL. This is big – it brings the total number of languages supported to a half dozen. I can’t wait to see what Voxeo has in store for Tropo next!

Let me tell you something – you go into a bar and drop some hints that you are coding your Tropo app in COBOL and you will not be leaving alone.

I guarantee it!