The Answer to Government XP Woes

Government Technology Magazine is reporting on the reaction of state and local government IT officials to the recent decision of Microsoft to discontinue support for Windows XP and Office 2003:

Microsoft dropped free support this week for Windows XP and Office 2003, leaving state and local governments wondering when they’ll be forced to move computers to a newer operating system.

Lisa Moorehead, the director of management information systems in the Massachusetts Department of Public Utilities, said her department doesn’t have the budget to pay for repeated incident-report calls.

“That is going to pose huge problems to us and force us to potentially go to an operating system we don’t want to go to,” said Moorhead, who isn’t thrilled with one of her other options: the newer Windows Vista operating system.

So, what other options to state and local IT officials have? Let me spell it out for you:

U B U N T U !

‘Nuff said.


Shoring up Asterisk Security

Found out today that an external host had been scanning my Asterisk server looking for valid SIP extensions. Turned out the IP belonged to some German hacking site that was probably using some brute force tools to scan my server (and lots of others) for valid SIP extensions. The ultimate goal was more than likely to try and exploit any live extensions for some free phone calls.

Fortunately, in anticipation of moving my in-house Asterisk server out to the cloud I had recently done some work to become better educated on Asterisk security and to shore up the security of the CentOS machine my Asterisk instance is running on. As a result, my intrusion detection system slammed the door to the external scans pretty quick, and I’ve since added the IP address to my iptables rule set to to drop any requests from the IP used for the scan.

It was a little unnerving to find out that my box was getting scanned, but I’m glad I took the time recently to get things working more securely. This incident reminds me that one can never be too careful about security, and that there is always more to learn about running Asterisk more securely. To underscore this last point, here are some great links I’ve come across lately for Asterisk and Linux security:

Some general Linux security reading:

Happy reading!

VoiceGlue Up And Running

I now have VoiceGlue up and running on Ubuntu 8.10. (Actually, the Ubuntu server is running as a virtual machine under Sun’s VirtualBox 2.1.)

For those that don’t know, VoiceGlue is an open source project that links Asterisk (the open source PBX) with OpenVXI (an open source VoiceXML platform currently under the stewardship of Vocalocity). VoiceGlue makes it possible for Asterisk users to deploy a completely open source VoiceXML platform for building IVRs and other useful applications.

The VoiceGlue install on Ubuntu 8.10 went smoothly — I did run into an issue with one of the services not starting, but that was easily identified and fixed thanks to a speedy response from the VoiceGlue folks. (This issue was really my own fault — use the pgrep command to make sure you have specific services running. And when in doubt, check the logs people!)

Based on my experience with the install and my initial testing I am extremely impressed with VoiceGlue. Its well documented and there is an active community of users offering tips and troubleshooting advice.

Hats off to the people behind VoiceGlue — Doug Campbell and Steve Smith. Well done!

Ubuntu Asterisk Oddness

I have a virtual machine running Ubuntu 8.10 Server and I’ve been meaning to give VoiceGlue a try to see if I could set up my own completely open source VoiceXML platform,

I found that I was able to run sudo apt-get install asterisk at the command line, and I started to get excited. This was going to be the easiest Asterisk install yet. I was very soon disabused of this foolish notion.

The Asterisk install seemed to go smoothly, as did the basic set up and config. Just to make sure I was doing things by the numbers I set up a couple of extensions and a quick test to have Festival read something back to me. So far, so good. Next it was on to the VoiceGlue install.

Following the instructions in the VoiceGlue Wiki, the install went smoothly. All three VoiceGlue-related services started just fine (the voiceglue service itself barked at me because I had not yet set up call routing in /etc/voiceglue.conf – once I did this, it started up just fine.)

That’s when things got weird. The VoiceGlue Wiki says:

Phoneglue also needs to be contacted via FastAGI for all calls that it will handle, and it needs to use a particular context, extension, and priority to send calls to itself.

OK, no worries there. I set up a new context in /etc/asterisk/extensions.conf and then reloaded the dialplan from the Asterisk console. So far so good. Then, the oddness set in.

I kept seeing an error in the Asterisk logs saying:

res_agi.c:229 launch_netscript: Connect to 'agi://localhost' failed: Connection refused

After banging my head against the wall trying to figure it out I decided to check and see if anything was listening on port 4573 (the default port for FastAGI). No dice.

I tried running the test AGI script comes with Asterisk (agi-test.agi). Again, no dice. In fact, it doesn’t look like there are any directories containing AGI scripts anywhere.

Ubuntu Asterisk seems to be looking in /usr/share/asterisk/agi-bin/ – it doesn’t exist. Neither does the usual directory for AGI scripts (/var/lib/asterisk/agi-bin/). Nor does another common directory – /var/spool/asterisk/outgoing.

Why is all of this missing from the Ubuntu version of Asterisk? Anyone have any thoughts? Did I miss something obvious during the install?

I’m still eager to try VoiceGlue, so it looks like I’ll be building Asterisk from scratch.

Behold the Power of the Command Line

After finding the unbelievingly cool and useful Command-line fu website, I have been consumed with finding and using powerful command line tools. Here are some of the tools I’ve been playing with recently:

xmlstarletxmlstarlet is a powerful tool set for using and manipulating XML from the command line. Anyone that interacts regularly with REST-based APIs should give this a look.

curl – I did a separate post on curl and explained how to use it to interact with the Twitter API. Things get cool fast when you start to combine these tools by piping output from one command to another. For example, using curl and xmlstarlet, you can get your Tweets from the command line (you can change the count parameter in the call to the Twitter API to get a different number of Tweets back):

curl -s -u user:password '' | xmlstarlet sel -t -m '//status' -v 'user/screen_name' -o ': ' -v 'text' -n

festival – why read text when you can have your computer speak to you? I’m now getting my daily horoscope via curl, xmlstarlet, festival and cron:

curl -s '' | xmlstarlet sel -t -m '//horoscope' -v 'horoscope' | festival --tts

When you’ve got tools like this, the command line is where its at!

The Penguin Loves Obama

Will he love the penguin back?

That’s the hope of a number of prominent open source advocates who have written an open letter to President Obama encouraging greater use of open source software in the federal government:

Mr. President, we believe the open-source industry is changing the world of software development in many of the ways you have promised to change American politics. The values of open source mirror those you promoted in your campaign: hope, change, and openness. We, the undersigned, sincerely hope that you will make the use of open-source software a key component of every new technology initiative the United States government enters into during your presidency.

Here’s hoping that President Obama sees the connection between his campaign’s call for change and embracing better ideas for our future, and the principles of open source software development.

Command Line Twitter

Just when I thought it couldn’t get any easier to send out a Tweet, I lucked out and found Command-line Fu.

While browsing some very cool command line tricks, I happened upon a command to send out a Tweet using curl from the command line. I’ve seen this kind of example before – there may even be something similar in the Twitter API Wiki – but for some reason it resonated with me this morning. After playing around with it a bit, I’ve tweaked it to my liking:

curl -s -u user:password -d status="$1" > /dev/null

You can drop this into a file using your favorite editor. Save it and make sure the file is executable (chmod u+x fileName). You can execute this file at the command line like this:

$ ./fileName "This is the text of my Tweet."

I’ve opted to redirect the output returned by executing the curl command (Twitter will respond to the request with an XML document) to the bit bucket. I’ve also opted to turn off the normal progress indicator used by curl by invoking the -s flag. Feel free to tweak this to your heart’s desire.

I’ll definitely be sending out more Tweets from the command line, and I’ll definitely be going back over to Command-line Fu for some more command line tricks.