Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Linux-Based Phone System Phones Home

kdawson posted more than 6 years ago | from the hard-to-keep-secrets-when-they-can-read-the-code dept.

Privacy 164

An anonymous reader writes to let us know that users of Trixbox, a PBX based on Asterisk, recently discovered that the software has been phoning home with statistics about their installations. It's easy enough to disable, and not particularly steathy (beyond encrypting the data sent back), but customers in the forum are annoyed at not having been informed of the reporting. Trixbox is owned by Fonality, which makes customized PBXs (again based on Asterisk) for paying customers.

cancel ×

164 comments

Sorry! There are no comments related to the filter you selected.

Linus is right (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21721460)

I am with Linus on this one.
His position is very clear and makes a lot of sense.

So I asked this girl out... (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21722022)

...to the company christmas party...
 
  REJECTED!
 
I'm going to ask her out again, greg, just watch. And I'll get my whopping $32 for the MMIC.

First Paul! (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21721480)

Donate to Ron Paul today. 3.5 hours left.

Re:First Paul! (-1, Offtopic)

Harmonious Botch (921977) | more than 6 years ago | (#21721518)

Donate to Ron Paul today. 3.5 hours left.
Actually, there are more hours than that left. Due to time zones they are counting several hours either side of Sunday EST. So it will still be tea party day in Hawaii for another 6.5 hours.

Re:First Paul! (1)

mrscorpio (265337) | more than 6 years ago | (#21721898)

You're actually wrong. They're only counting from 12:00am EST to 11:59pm EST.

Re:First Paul! (0, Flamebait)

professional_troll (1178701) | more than 6 years ago | (#21721566)

Fuck Ron Paul!!!
You fucking christian fundametnalists, you republican conservative fucks. You FCC loving, free speech hating, gun masturbating, gaz guzzling fucks.

Re:First Paul! (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21721848)

I can't wait until my gun cums on your face.

ET... (1, Funny)

kcbanner (929309) | more than 6 years ago | (#21721484)

...phone home!

Re:ET... (1)

CaptainPatent (1087643) | more than 6 years ago | (#21721780)

ET phone home!
Don't you mean:

TB [trixbox.org] phone home!?

Re:ET... (1)

Beastmouth (1144447) | more than 6 years ago | (#21722338)

How is this modded redundant? It's the first post with any content!

Re:ET... (0, Offtopic)

kcbanner (929309) | more than 6 years ago | (#21722804)

I know, I have "Bad" karma lately, I've been making all these funny, interesting, and generally awesome posts, yet my Karma hasn't improved. I just don't understand it!

Trick Box (5, Funny)

Deathanatos (811514) | more than 6 years ago | (#21721488)

A product named Trixbox is really a box of tricks...

Re:Trick Box (2, Funny)

Tuoqui (1091447) | more than 6 years ago | (#21721522)

Silly Rabbit, Trix are for Kids.

Re:Trick Box (1)

kcbanner (929309) | more than 6 years ago | (#21721554)

I don't think they should have stolen his Trix. I think they should have shared. I cried.

Re:Trick Box (1)

the_humeister (922869) | more than 6 years ago | (#21721608)

*Asian Trix rabbit after brutally killing those kids*: "You share!"

Re:Trick Box (2, Funny)

Gilmoure (18428) | more than 6 years ago | (#21722160)

Silly Rabbi, kicks are for Trids!

Silly Rabbit (-1, Redundant)

Anonymous Coward | more than 6 years ago | (#21721648)

Trix are for kids.

Re:Trick Box (5, Informative)

Anonymous Coward | more than 6 years ago | (#21721684)

I tried out Trixbox Pro not that long ago but was really turned off by their premise that you must have Internet access to properly configure your server (my VoIP server is NOT on the Internet nor will I do so for privacy and security reasons!). And their appliance is expensive and still needs Internet connectivity. While their old-school Trixbox CE product doesn't have this limitation development on it has slowed down despite their claims of "it's still in development, really!".

AsteriskNOW isn't ready for prime-time yet, though it shows promise long-term.

If you don't want to compile Asterisk yourself and yet you still want to use FreePBX (and you really should!), I highly recommend you check out Nerd Vittles, http://www.nerdvittles.com/ [nerdvittles.com] instead -- everything that Trixbox CE could have been.

Re:Trick Box (2, Informative)

Power_Pentode (1123285) | more than 6 years ago | (#21721796)

"If you don't want to compile Asterisk yourself..."
If you wish, you can use Asterisk without compiling it yourself; several distros have versions of Asterisk in their repositories. I'm pretty much a Linux n00b but once I read which modules are prerequisites, Asterisk compiled easily with the usual ./configure, etc. Thanks for the tip on FreePBX.

Re:Trick Box (2, Informative)

SpzToid (869795) | more than 6 years ago | (#21723064)

I highly recommend you check out Nerd Vittles

Me too! Those guys wanted to work with Trixbox devs, and finally gave up and rolled their own, which is the new PBX-in-Flash voip server. The true open-source devs have released a truely wonderful and solid server. They asked for donations to fund a server, and I'm so impressed with my phone server, humming away for a few weeks already, of course I'm donating; I want more good stuff in the future, and want these PBX-in-Flash devs to stay motivated. Great stuff guys!


Note that the PBX-in-a-Flash devs had no choice, Trixbox/Fonality locked them out of the build process completely. So yeah, they went and rolled their own; and did a great job at that.

Re:Trick Box (2, Funny)

jberryman (1175517) | more than 6 years ago | (#21721704)

*robotic laugh* AH-AH-AH. Humor Acknowledged.

So? (3, Informative)

brad-x (566807) | more than 6 years ago | (#21721512)

The initial setup at the web GUI makes it apparent that it wants to send stats back to home-base. How this can take people by surprise is baffling.

Re:So? (2, Insightful)

irtza (893217) | more than 6 years ago | (#21721562)

Well, I have always found it interesting that people get up in arms over these types of things (with open source software). If people are that pissed, let them maintain their own distribution. I can understand if someone had paid for something that they may be mad about this sort of behavior, but people should be happy that someone has put together a great product for their use. I am running a trixbox at my office and may use this info to disable to call home; however, I have no problem with the company taking this measure. I just can't complain about free software.

Re:So? (1)

the_humeister (922869) | more than 6 years ago | (#21721708)

How do you know it's not malicious? Being open source doesn't necessarily mean the right people are looking.

Re:So? (1)

wizardforce (1005805) | more than 6 years ago | (#21721936)

How do you know it's not malicious? Being open source doesn't necessarily mean the right people are looking.
being opensource means that the source can be reviewed, that's a hell of a lot better than impossible to be reviewed now isn't it? now aside from that, there's the fact that there are people looking at the code, a lot of them- especially slashdotters that make a hell of a noise over things like this.

Re:So? (1)

irtza (893217) | more than 6 years ago | (#21721960)

yeah... I thought of that a few seconds after clicking "Submit". Very valid point - I should have said open and transparent. I.E. the software functions as stated. I do believe there is an obligation to inform people that data is being gathered - my point was that if someone said "I am giving out this software that does X, but I will be gathering your IP address and browsing habits." I wouldn't complain about it. I may not run the software or may attempt to hack it to no longer do that, but I wouldn't complain about the offering. Malicious or intentionally misleading works - open or closed source - are entirely different matters.

So?-OSS or Bust. (1, Funny)

Anonymous Coward | more than 6 years ago | (#21721916)

"I just can't complain about free software."

Damn! There goes all the FreeBSD battles.

Stats are useful (1)

EmbeddedJanitor (597831) | more than 6 years ago | (#21721604)

Many companies collect usage stats for many products. These are very useful for the ongoing design of the product or assessing impact of changes etc. By knowing typical usage patterns the engineers can better formulate optimisations or prioritise development tasks.

So what if anonymous stats are collected?

Re:Stats are useful (4, Insightful)

ScrewMaster (602015) | more than 6 years ago | (#21721710)

Nah ... it's just that people don't bother to read what's in front of them. Had there been a big blurb during the software install that proclaimed "we collect anonymous usage statistics" nobody would have cared, but because it wasn't made sufficiently obvious people think there's something devious going on.

Re:Stats are useful (0)

Anonymous Coward | more than 6 years ago | (#21722980)

because it wasn't made sufficiently obvious

It's not that it "wasn't made sufficiently obvious" - there was no disclosure whatsoever. Even Microsoft tells you that they're collecting data, and lets you opt out.

I've been using Trixbox for some time, and haven't liked the direction the project has gone since Fonality bought it. This is the last straw. I'll be migrating my production boxen to PBX in a Flash because of this, and I'm going to stop recommending Trixbox to my clients.

Fonality says that this was just a bad judgement call, and maybe it was, but they're going to be feeling the impact of this extremely bad business decision for some time. Trust is earned, and they just lost all that they had banked with a LOT of people.

Re:So? (3, Insightful)

syousef (465911) | more than 6 years ago | (#21721778)

The initial setup at the web GUI makes it apparent that it wants to send stats back to home-base. How this can take people by surprise is baffling. ...because of course you have read every word of every screen of every version of every installer you've ever used, and never just glossed over any detail. What's baffling is that comments like this get modded up.

Re:So? (4, Informative)

QuantumG (50515) | more than 6 years ago | (#21721812)

Well that's your own stupid fault then isn't it?

Re:So? (1)

John Hasler (414242) | more than 6 years ago | (#21721860)

> ...because of course you have read every word of every screen of every version of every
> installer you've ever used, and never just glossed over any detail.

Yes, of course.

Re:So? (3, Insightful)

insertwackynamehere (891357) | more than 6 years ago | (#21722014)

If it really bothers you this much when usage stats are collected, then you can't really gloss over things like the TOS and EULA... you can't have it both ways.

Re:So? (1)

syousef (465911) | more than 6 years ago | (#21722124)

If you install sufficient software it simply isn't possible to read all the EULAs. Anyone who says they do either doesn't install much, is paid to do little else, or is a liar.

Yes you can (1)

Rix (54095) | more than 6 years ago | (#21722202)

No one reads those things, and no one is intended to. If they were intended to convey information, rather than obscure it, they would be no longer than a paragraph and in plain English.

Re:Yes you can (1)

rubycodez (864176) | more than 6 years ago | (#21722332)

Even Microsoft's EULAs are very short. They are in what was high school level english 30 years ago, can't speak to the abilities of today's younger generations. Yes, you are intended to read them; I do.

Re:Yes you can (1)

syousef (465911) | more than 6 years ago | (#21722982)

I simply don't believe you read all your EULAs. Skim perhaps, even then I doubt you do that rigorously.

They are not in highschool English. They're in legalize that often has a very specific meaning that does not match common usage meaning.

So? A thousand - one. (0)

Anonymous Coward | more than 6 years ago | (#21722642)

An interesting position to take on a forum who's development mantra is "a thousand eyes makes bugs shallow".

Re:So? (1)

ZOMGPONIEZ111 (1193105) | more than 6 years ago | (#21722042)

There is a major difference between software talking to its vendor in order to be more effective and spyware that sends your personal info to spammers / advertisers / con artists. With the source, it is possible to verify that they were telling the truth about what is collected, or, if they're not, then just fork it with that part deleted.

Steathy? (-1, Redundant)

Anonymous Coward | more than 6 years ago | (#21721550)

Anyone know what "steathy" means?

Re:Steathy? (0)

Anonymous Coward | more than 6 years ago | (#21721596)

http://www.justfuckinggoogleit.com/ [justfuckinggoogleit.com]
 

Is Microsoft Invading Slashdot? (1)

arotenbe (1203922) | more than 6 years ago | (#21721572)

from the hard-to-keep-secrets-when-they-can-read-the-code dept.
It sounds like Slashdot is advocating security through obscurity...

Re:Is Microsoft Invading Slashdot? (0)

Anonymous Coward | more than 6 years ago | (#21721614)

Read the summary, douche.

Re:Is Microsoft Invading Slashdot? (1)

whatevah (1130459) | more than 6 years ago | (#21721906)

errr... the point of reading the code(see OSS) is to not have secrets from the end users. In this case
it has nothing to do with how secure the software is. So your point... was????

Re:Is Microsoft Invading Slashdot? (1)

renegadesx (977007) | more than 6 years ago | (#21721932)

cp /home/arotenbe/stupid_comment /dev/null

Re:Is Microsoft Invading Slashdot? (0)

Anonymous Coward | more than 6 years ago | (#21722618)

I think you mean

sudo rm -rf /home/arotenbe
sudo vim /etc/passwd /arotenbe $ b R false :wq

There's no reason to keep cruft around.

Re:Is Microsoft Invading Slashdot? (1)

thegrassyknowl (762218) | more than 6 years ago | (#21722878)

It sounds like Slashdot is advocating security through obscurity...


Why not? Almost every IT "professional" I have to deal with on a daily basis advocates the same. It seems that since every n00b and his dog is advocating it then it must work!

and so it begins (-1, Flamebait)

FudRucker (866063) | more than 6 years ago | (#21721580)

now that Linux is becoming more popular i knew spyware and other malware will start encroaching in...

the countdown to my switch to FreeBSD started today,,,

Re:and so it begins (0)

Anonymous Coward | more than 6 years ago | (#21721680)

This is not Linux-specific, nor does it have anything to do with spyware. It's simply a matter of software reporting home with statistics. Another poster has said that the Web-based setup GUI for the software makes this clear.

Re:and so it begins (0)

Anonymous Coward | more than 6 years ago | (#21721854)

FreeBSD lol

. . .wait, you're serious?

Re:and so it begins (2, Insightful)

Aetuneo (1130295) | more than 6 years ago | (#21721902)

So the fact that software installed on Linux will do what it is programmed to do is a reason to migrate away from Linux? I will consider migrating to something else when there are known and exploited holes in the security which allow websites to arbitrarily install software without user permission. Until that, you just have to research what software does to stay safe, or only install software from known and trusted sources. But if you really want to migrate away, don't claim that you are doing it to stay secure: you are doing it because you cannot understand the details of problems, or because you can but just want to move away from Linux, since it is too popular for you.
And please, whatever you do, don't claim that "spyware and other malware" is beginning to show up on Linux - or, if you do want to tell people that, please remember to say that it is stuff which the user has to choose to install, not something which can be installed just be going to an infected website.

Re:and so it begins (1)

insertwackynamehere (891357) | more than 6 years ago | (#21722036)

a) This isn't malware and b) FreeBSD can run Linux apps for the most part so once malware encroaches Linux, a lot of *nix systems will be in potential trouble.

Re:and so it begins (1)

whatevah (1130459) | more than 6 years ago | (#21722366)

Malware doesn't necessarily have to do with binary compatibility, rather with the places "key" configuration files
and commands reside. Taking into consideration that most Linux distros have already different ways of setting up
key aspects of the OS(thus making malware difficult to be cross-distro), I could most definitelyassume that your point about BSD is not valid. And no I don't use BSD.

That's why in Linux we have stayed clean from viruses. It is very hard for them to spread, not that it is
impossible to write one. Heck, I can't even write a decent shell script that is cross distro. Maybe to support
a couple of them, but all? No way.

Re:and so it begins (0)

Anonymous Coward | more than 6 years ago | (#21722066)

Please tell me you're sitting in a corner right now (in the fetal position, preferably) mumbling things like "they're all out to get me."

Just allow me that one dream...

Re:and so it begins (1)

secolactico (519805) | more than 6 years ago | (#21722170)

now that Linux is becoming more popular [...] the countdown to my switch to FreeBSD started today,,,


Indie Rock Pete? [dieselsweeties.com] Is that you? ;-)

Re:and so it begins (1)

mrchaotica (681592) | more than 6 years ago | (#21722634)

Indie Rock Pete would use Plan 9.

eh? (3, Insightful)

LingNoi (1066278) | more than 6 years ago | (#21721594)

So what does it actually do? Let me explain. We are only looking at the number of phones (and types) that are connected to a system.
So it's sending back some generic data with no personal information so they can do a best estimate of where they need to be spending their time.

What's the problem here?

Re:eh? (1)

FudRucker (866063) | more than 6 years ago | (#21721644)

if the data is encrypted then only those that know how to decrypt the data can read it, everyone else has no idea what that data is, then if it is generic data about phone types and numbers of phones then why bother to encrypt the data, i have 3 phones of various brand names (Bell, AT&T and GE) (now everybody knows)...

Re:eh? (1)

xouumalperxe (815707) | more than 6 years ago | (#21721996)

if the data is encrypted then only those that know how to decrypt the data can read it, everyone else has no idea what that data is

Not completely true. Once you dive into the source, you can verify whether the information that's being packaged is indeed the information they say they're collecting. Their EULA (apparently) says they're collecting the information, so you know they have it. But what of anybody who intercepts it? Granted, it's not particularly useful information, but it's good standard procedure to encrypt this sort of thing anyway, especially when the client has the benefit of the transparency of OSS.

Re:eh? (1)

slugstone (307678) | more than 6 years ago | (#21722684)

Great you have three brands of phones. But what if there is a explode in your Bell phone?

Re:eh? (1)

Fnord666 (889225) | more than 6 years ago | (#21721662)

So it's sending back some generic data with no personal information so they can do a best estimate of where they need to be spending their time. What's the problem here? - LingNoi

While it is pretty trivial for anyone with basic linux knowledge to disable it, the issue is that a) we didnt inform people well and b) we didn't make it easy to turn off. - kerryg

The problem is that they forgot basic civility and politeness. They didn't ask for permission to collect information about my installation. I may chose to participate, I may not. It should be my choice though.

Re:eh? (2, Interesting)

bcdm (1031268) | more than 6 years ago | (#21721690)

H'm. Let's count the problems together: 1) They did not inform or ask their members that they would be collecting this information. Even the eeeeeeeeevil Microsoft/Apple/whoever we hate today notifies us that generic data is being collected. People tolerate generic data collecting; they don't tolerate duplicity all that well. 2) The data is encrypted, so there's absolutely no way to tell if what they're saying is true or not. 3) They've been doing this for months without anyone noticing it (and letting others know), and now they're acting surprised that people are upset. So they're either stunned beyond all reason or flat-out liars. Pretty good reasons to be pissed, I'd say.

Re:eh? (5, Insightful)

arth1 (260657) | more than 6 years ago | (#21721706)

So it's sending back some generic data with no personal information so they can do a best estimate of where they need to be spending their time.

What's the problem here?


First of all, your claim isn't true. Here's what it currently sends back the output of:

/usr/bin/perl /var/adm/bin/recognition.pl
/bin/uname -r
/bin/rpm -q -a
/sbin/lspci -vn
/usr/sbin/dmidecode
/usr/sbin/wanrouter version
/usr/sbin/wanrouter hwprobe verbose
/usr/sbin/asterisk -V
/bin/cat /etc/redhat-release
/bin/cat /etc/trixbox/trixbox-version
/bin/cat /etc/trixbox/.regData
Note that it sends the registration data on every request. Which means the other data isn't anonymous.

But, and this is much more alarming, it also can execute arbitrary commands. It connects to the remote server, asks it what to execute, and then executes it. That's VERY scary, no matter what is currently collected. Imagine a hacker getting access to the server customers connect to.

Re:eh? (1)

cp.tar (871488) | more than 6 years ago | (#21721768)

But, and this is much more alarming, it also can execute arbitrary commands. It connects to the remote server, asks it what to execute, and then executes it. That's VERY scary, no matter what is currently collected. Imagine a hacker getting access to the server customers connect to.

Does this software run setuid root?

Of course, even if it is not, this is a huge issue.

Re:eh? (1)

grolschie (610666) | more than 6 years ago | (#21722572)

But, and this is much more alarming, it also can execute arbitrary commands. It connects to the remote server, asks it what to execute, and then executes it. That's VERY scary, no matter what is currently collected. Imagine a hacker getting access to the server customers connect to.
That's about as scary as a hacker getting complete access to the WindowsUpdate.com servers or some popular Linux distribution update servers, right?

Re:eh? (2, Interesting)

MadCat (796) | more than 6 years ago | (#21722852)

That's about as scary as a hacker getting complete access to the WindowsUpdate.com servers or some popular Linux distribution update servers, right?

Just the fact that the trixbox developers have shown a serious lack of understanding when it comes to security makes it a lot more likely that a hacker can gain access to the webserver that's being hit on by all the installed trixboxes. All you do then is tell it to go download and install some tasty rootkit.

Presto. Instant botnet for some script kiddie to play with.

Even then, suppose some organisation is using trixbox. You know they're using it, because you've managed to ferret that out. Now all you need to do is figure out who supplies their internet connectivity, do some DNS poisoning, and you've just owned yourself their phone system. Which means you can potentially record all incoming and outgoing calls, and use the phone box as a nice jump-off into the rest of the organisation's network. Industrial spy's wet dream right there.

Re:eh? (1)

Rakishi (759894) | more than 6 years ago | (#21722948)

No, it's much much worse because:
1. I KNOW update services get back executables and I can take the expected precautions. Something which is supposed to simply send data back I do not ASSUME also executes random commands from a server, that's just utterly baffling and stupid and counter-intuitive.
2. I either run update programs manually or I have them only automatically tell me there are updates. Updates are NOT installed automatically and it is unlikely that I would miss a hack of the windows servers.
3. Update systems likely have many precautions in place to prevent them being hacked from causing a big problem. Someone who writes this sort of idiotic user tracking system I don't expect to bother with such things.

Security Vuln (5, Informative)

Anonymous Coward | more than 6 years ago | (#21721600)

The issue here is not just the fact that it is phoning home - it is the method in which it is done. This has been reported as a security vulnerability to the voipsec mailing list. http://voipsa.org/pipermail/voipsec_voipsa.org/2007-December/002522.html [voipsa.org]

Mod parent up (5, Informative)

Fnord666 (889225) | more than 6 years ago | (#21721754)

This is a key point. A cron entry runs a process on the PBX every 24 hours that connects out to trixbox and picks up an arbitrary list of commands. It executes those commands (under whatever authorities it wss installed with) and returns the results. Sure hope their server is up to date on patches. That assumes DNS sent back the right server to begin with and not a spoofed site with a "different" set of commands.
In what universe does this seem like a good idea?

Re:Mod parent up (0)

Anonymous Coward | more than 6 years ago | (#21721774)

In Fonality's.

Re:Mod parent up (3, Informative)

grcumb (781340) | more than 6 years ago | (#21721910)

This is a key point. A cron entry runs a process on the PBX every 24 hours that connects out to trixbox and picks up an arbitrary list of commands. It executes those commands (under whatever authorities it wss installed with) and returns the results.

What a terrible design! I worked for a couple of years on a FOSS product whose commercial version phoned home by design. It was a small server that allowed remote configuration changes via our NOC. The idea was to provide basic systems admin functionality for multiple geographically dispersed servers. Man-in-the-middle attacks - in either direction - were one of the primary concerns, second only to the privacy of the customer.

We vetted every byte, incoming or outgoing; we worried constantly about both sides of the the authentication process, addressed DNS poisoning and coped properly with pwned clients as well. We never ever passed anything but text between the server and the NOC. Even anti-virus signature updates were performed out-of-band with the 'phone-home' process.

Allowing execution of arbitrarily defined scripts is a disaster in the making. The trust model is entirely wrong, for one thing. I understand now why the manufacturer didn't want to talk about, because no sysadmin in his right mind[*] would accept that someone outside the organisation should ever have the right to run arbitrary code on their boxes without prior vetting.

*****

[*] Unfortunately, 'sysadmins in their right mind' is a far-too-small subset of all sysadmins....

Re:Mod parent up (1)

sholden (12227) | more than 6 years ago | (#21722522)

Allowing execution of arbitrarily defined scripts is a disaster in the making. The trust model is entirely wrong, for one thing. I understand now why the manufacturer didn't want to talk about, because no sysadmin in his right mind[*] would accept that someone outside the organisation should ever have the right to run arbitrary code on their boxes without prior vetting.

Of course if said software was installed in the first place then the vetting process is obviously completely worthless anyway...

Re:Mod parent up (1)

grasshoppa (657393) | more than 6 years ago | (#21722156)

It's possibly worth noting here that there is precidence for this. I know of at least 1 large financial package ( which Cities use ) that does this in TSQL.

Yes, that's right. This is the same software that pays my checks AND takes payments for city services. And the company wants to have our servers here connect up over http ( not https ) to pull sql scripts to run.

Give us a break. (0)

Anonymous Coward | more than 6 years ago | (#21721912)

You Linux people obviously are never satisfied with anything. How many times do we hear you all bitch about the MS monopoly? Well finally something comes along to oppose that, and you bitch?!?!? Talk about looking a gift horse in the mouth.

STOP BITCHING!!!! Stuff like this makes me dislike Linux, and tends to make me want MS to win.

The moral: if you want Linux to beat MS, stop bitching at anything Linux. EVER.

Linux based phone system phones home (0, Funny)

Anonymous Coward | more than 6 years ago | (#21721636)

From the title, my initial thought was...

Wow, they got one number working,
can't wait till they get the rest of them going too!

This about says it all (4, Informative)

sjames (1099) | more than 6 years ago | (#21721640)

From the forum:

The point is that people should have been given a means to easily opt-out of the data collection process which is something we totally overlooked and in seeing the reaction we realize that this was a big mistake on our part. While it is pretty trivial for anyone with basic linux knowledge to disable it, the issue is that a) we didnt inform people well and b) we didn't make it easy to turn off. We thank you for your support on this but anytime there is a more than a few people complaining about something it means we missed the mark on it. So, as a team and a company we fix it and learn from it. -- Kerry Garrison trixbox Community Director

I used to be the lead developer.. (5, Informative)

Rob from RPI (4309) | more than 6 years ago | (#21721642)

And I'm somewhat annoyed by KerryG's assertion that "Both trixbox and FreePBX have phone-home mechanisms in them." Now, admittedly, I relinquished FreePBX at the beginning of this year due to personal commitments, but I have ALWAYS been dead against 'phone home' information. We DID have a rough idea of how many machines were actively being maintained by the 'hits' on the modules.xml file that contains the current version of all the modules and download links for it. That's it.

The only other slightly information-divulging bit of information was the built-in IRC client did a 'uname -n' and specified what distro the client was running. It broadcast that in a 'notice' to the FreePBX channel. This was highlighted on the IRC page, with exactly what would be sent.

FreePBX has NEVER 'phoned home'. I would be amazingly upset if it was doing so now. Trixbox, on the other hand, may do that, but please do NOT link the FreePBX project with it.

--Rob

Re:I used to be the lead developer.. (4, Informative)

Rob from RPI (4309) | more than 6 years ago | (#21721658)

Note for those who may have missed the point of my post: Trixbox is Centos + Asterisk + FreePBX + a couple of other things. It's just a bundle of various open source applications on a CD. The main parts of Trixbox are Asterisk and FreePBX, with CentOS as the OS and kernel.

So, when someone mistakenly says 'trixbox does...' they usually mean 'freepbx does...' as FreePBX is the GUI Trixbox uses to configure Asterisk.

--Rob

Maybe the license is just too oppressive (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21721678)

Hello,

Consulting for several large companies, I'd always done my work on
Windows. Recently however, a top online investment firm asked us to do
some work using Linux. The concept of having access to source code was
very appealing to us, as we'd be able to modify the kernel to meet our
exacting standards which we're unable to do with Microsoft's products.

Although we met several technical challenges along the way
(specifically, Linux's lack of Token Ring support and the fact that we
were unable to defrag its ext2 file system), all in all the process
went smoothly. Everyone was very pleased with Linux, and we were
considering using it for a great deal of future internal projects.

So you can imagine our suprise when we were informed by a lawyer that
we would be required to publish our source code for others to use. It
was brought to our attention that Linux is copyrighted under something
called the GPL, or the Gnu Protective License. Part of this license
states that any changes to the kernel are to be made freely available.
Unfortunately for us, this meant that the great deal of time and money
we spent "touching up" Linux to work for this investment firm would
now be available at no cost to our competitors.

Furthermore, after reviewing this GPL our lawyers advised us that any
products compiled with GPL'ed tools - such as gcc - would also have to
its source code released. This was simply unacceptable.

Although we had planned for no one outside of this company to ever
use, let alone see the source code, we were now put in a difficult
position. We could either give away our hard work, or come up with
another solution. Although it was tought to do, there really was no
option: We had to rewrite the code, from scratch, for Windows 2000.

I think the biggest thing keeping Linux from being truly competitive
with Microsoft is this GPL. Its draconian requirements virtually
guarentee that no business will ever be able to use it. After my
experience with Linux, I won't be recommending it to any of my
associates. I may reconsider if Linux switches its license to
something a little more fair, such as Microsoft's "Shared Source".
Until then its attempts to socialize the software market will insure
it remains only a bit player.

Thank you for your time.

Re:Maybe the license is just too oppressive (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#21721762)

I can only agree with what your saying, I feel like I almost wrote this. The GPL is just too oppressive for my development team to even think about touching any software license under something I would have sworn Josef Stalin wrote. Seriously, Linux might be good for those pot-smoking hippies who live in their parent basement, but in the real world, Linux just isn't viable. Microsoft may not be the best company in the world, but at least they don't hold a gun to my head when I code. I hope your post truly inspires the Slashdot community, and opens their eyes to make them see just how oppressed they really are.

Re:Maybe the license is just too oppressive (0)

Anonymous Coward | more than 6 years ago | (#21721838)

Microsoft may not be the best company in the world, but at least they don't hold a gun to my head when I code.

No, but they hold a gun to your customers head.

BTW, also suspect your code sucks. Sucks bad. Never met a good MS fan-boy coder yet. Maybe see you serving burger yet again some day...MCSE, McDonald's Certified Sanitary Engineer. Wash your hands before flipping next time.

Re:Maybe the license is just too oppressive (1)

dltaylor (7510) | more than 6 years ago | (#21722720)

Every time Microsoft decides to generate more revenue, they rob you just as if they had you at gunpoint.

Happy with 2k, which works pretty well? Sorry, we're moving everyone to XP, so we'll strong-arm the hardware vendors into XP-only drivers (which precludes the victim from buying new hardware WITHOUT buying XP), and, of course, the latest licenses for applications code will be XP-only, and, although it is quite illegal, we'll require you to use an MS-Windows OS to fetch updates, even for applications.

Happy with XP? Here comes Vista (not quite to the Vista-drivers-only stage, but it will happen).

Re:Maybe the license is just too oppressive (0)

Anonymous Coward | more than 6 years ago | (#21721830)

Your lawyer must have been looking at the GPL 3 revision. Linux is released under the GPL 2 which *does not* require releasing source code for internal changes. GPL 3 only requires you to release source code for internal changes if the computer is accessible outside your intranet (eg, if you run a public webserver or ftp daemon).

GPL 3 is confusing, I can see why your lawyer gave you bad advice. Better safe than sorry!

back to the censored format eh robbIE? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21721700)

what a surprise? now the corepiate nazi FUDgepackers (robbIE's income) can blame linus when their phone is tapped, &/or the FraUDuleNT stock markup goes pottIE? phewww

the creators will prevail. as it has always been.

corepirate nazi execrable costs outweigh benefits
(Score:-)mynuts won, the king is a fink)
by ourselves on everyday 24/7

as there are no benefits, just more&more death/debt & disruption.

fortunately there's an 'army' of light bringers, coming yOUR way

do not be afraid/dismayed, it is the way it was meant to be.

the little ones/innocents must/will be protected.

after the big flash, ALL of yOUR imaginary 'borders' may blur a bit?

for each of the creators' innocents harmed in any way, there is a debt that must/will be repaid by you/us, as the perpetrators/minions of unprecedented evile, will not be available.

beware the illusionary smoke&mirrors.con

all is not lost/forgotten.

no need to fret (unless you're associated/joined at the hype with, unprecedented evile), it's all just a part of the creators' wwwildly popular, newclear powered, planet/population rescue initiative/mandate.

or, is it (literally) ground hog (as in dead ment) day, again? many of US are obviously not interested in/aware of how we appear (which is whoreabull) from the other side of the 'lens', or even from across the oceans.

vote with (what's left in) yOUR wallet. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi glowbull warmongering execrable.

some of US should consider ourselves very fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate.

it's right in the manual, 'world without end', etc....

as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis.

concern about the course of events that will occur should the life0cidal execrable fail to be intervened upon is in order.

'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

Make your own Linux-based PBX system (4, Insightful)

compumike (454538) | more than 6 years ago | (#21721782)

We did it ourselves and saved >$100/month for a small business. Just use Asterisk [asterisk.org] (free and open source), buy some inexpensive but full-featured phones like the Grandstream GXP-2000 [grandstream.com] (about $80 each), and get a termination provider like VoicePulse Connect for Asterisk [voicepulse.com] ($11/month for four simultaneous channels, free incoming, and below $0.01/min for most outgoing). It took some work to get it all set up and working properly, but now is actually more reliable than the analog phones ever were. (We had phone company issues every few months... just awful.)

--
Educational microcontroller kits for the digital generation. [nerdkits.com]

Make your own Geico-based PBX system (0)

Anonymous Coward | more than 6 years ago | (#21721978)

"We did it ourselves and saved >$100/month for a small business."

Oh look! Another Geico commercial.

Re:Make your own Linux-based PBX system (2, Informative)

heelios (887437) | more than 6 years ago | (#21722312)

And I recommend that you do NOT get Grandstream phones.

They're pieces of crap. Do yourself a favor and get yourselves phones intended for real business use.

Cisco and Polycom make the later.

Re:Make your own Linux-based PBX system (1)

mpeg4codec (581587) | more than 6 years ago | (#21722654)

I had similar experiences with Grandstream phones, they're complete and utter trash. The software actually wasn't too bad, and they had nice things like tools for provisioning centralised provisioning. However, the hardware was really terrible. We got complaints of echo (and yes, we tried all the usual software solutions on the PBX) and inexplicable humming all the time. In the end we went with Snom 360 handets and couldn't have been happier. They were more expensive, but certainly cheaper than the Nortel phones they were replacing.

what? where's the rage? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21721868)

It's easy enough to disable, and not particularly steathy (beyond encrypting the data sent back), but customers in the forum are annoyed at not having been informed of the reporting.
 
i love how the slashfucks play this down. if this was ms we'd see endless posts modded +5 saying the same thing over and over
 
  THIS FEATURE SHOULD BE OFF BY DEFAULT. NO DEFAULT SHOULD EVER REPORT BACK EVAH!!!!ONEONE!!!
 
i love how you fags suck on the nutsack of linux so hard that you don't care when they beat you around with their dick. bunch of fucking hypocrites.

Re:what? where's the rage? (1)

MLease (652529) | more than 6 years ago | (#21723062)

Ok, IHBT and all that, but this has nothing to do with Linux. Linux just happens to be the OS the vendor chose for their product. I agree that this should be off by default, etc. (and several of the comments I've seen so far have said just that), but it's not the fault of Linux that Trixbox/Fonality designed their product that way. Nor would it be Microsoft's fault, had they chosen to use MS instead of Linux to build their system.

-Mike

Skype still works great (0)

Anonymous Coward | more than 6 years ago | (#21721982)

I've used skype for a solid year with only a couple days of outages. I found changing my number every three months eliminates this problem.

What happened to cities with free wireless?

System goes haywire (0)

Anonymous Coward | more than 6 years ago | (#21722000)

The system made over 5 million calls to the owner of this apartment [myminicity.com]

Been here too long (0)

Anonymous Coward | more than 6 years ago | (#21722064)

I saw "phoning" and I wondered "what connection does that have to phreaking or phishing?"

Kerry already addressed this in his blog (2, Informative)

Anonymous Coward | more than 6 years ago | (#21722142)

Kerry has already addressed this in his blog:

http://www.trixbox.org/trixboxs-new-hardware-audting-tool [trixbox.org]

Re:Kerry already addressed this in his blog (-1)

Anonymous Coward | more than 6 years ago | (#21722154)

Hi Kerry. BTW, you misspelled "auditing".

Opt-OUT? (1)

Paul Neubauer (86753) | more than 6 years ago | (#21722300)

Ok, points for admitting the problem and for taking some corrective action. But opt-out? Why not fix it completely and have it opt-in? It's what people hope for or demand for many things. They might not expect or get it, but it is what is desired.

All opt-out does (for anything, not just this) is tell me I'd *REALLY* want to turn it off, because someone figures the only way to get it switched on is to have it on by default and at least some will miss it or fear changing any default settings.

Re:Opt-OUT? (0)

Anonymous Coward | more than 6 years ago | (#21723094)

It's opt-in by default because of the same reason most software is opt-in: 90% of the people just don't care =)

I actually do opt-in (if I'm prompted to do so) for all anonymous reporting if I like the product a company provides. I know that this information was is useful to them - just as their software was useful to me.

I also trust that companies like Fonality don't want their customers (in this case non-paying customers) to leave them so they will try and make their software as secure as possible. A "DNS spoofing security flaw" can be minimized by authentication. I think Fonality already does this but I don't have the latest ISO of tb CE to check.

Re:Kerry already addressed this in his blog (0)

Anonymous Coward | more than 6 years ago | (#21722776)

Absolutely NO points for what is basically an after-the-fact, we-got-caught, CYA blog.

If they were really concerned about this, if they really had their customer's best interests at heart, it would be opt-in, not opt-out.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?