VoIP, Linux, Security & much more fun
If you need any help regarding these subjects do not hesitate about sending me a text

In this economic, certifications have been a useful weapon to prof others your skills. There is not doubt about that. Certifications are also useful to get your dreamed work (if you know how to play well that card) but not everybody plays fair.

When looking for a job you will see many posts asking for certified people, if you are lucky you will be contacted back asking for more details and to show the certifications you are claiming. However, not everybody is fair; some employers just need your certificate to show them in a call for proposal to win a bid. So this is a problem, how you as a professional can show your credentials without being fooled. Here it is where the digital badges are useful.

Before I forget this, today I had an emergency call from one of my dearest customers and friends. This conference room was having choppy sound, but strange it was, it only happened when the call came from the PSTN network (through an external profile), all local registered endpoints were okay. His scenario was the following:

  • Bare metal server with 8 Xeon This email address is being protected from spambots. You need JavaScript enabled to view it.
  • 8 GB of RAM
  • 16 GB of Swap, only 2kB used
  • FreeSWITCH 1.6.8
  • FusionPBX 4.1 (devel branch)

For those who don't know, conference room are very handy. They allow to talk among many endpoints at the same time, it is like being in the same room. 

So here it is how I fixed it.

Network Operation is a pretty area where you can get a lot of experience, and one topic that comes to my mind right away is the prioritizing issue. Prioritizing will be always a topic to talk about, especially if staff is overloaded and requests never stop arriving. One of the things you will face are big fishes (aka VIP) asking to get their things done right away versus what sometimes it really matters. In all my experience, I remember a very particular moment dealing with what it needs to be prioritized versus a VIP request. It was in 2009 and we were managing a huge network: 5000 users for a federal government entity, the SAT (the Mexican Revenue Agency, the one who collects taxes).

Today I have published in OKay's RPM repository RPMs for FreeSWITCH 1.6.9. FreeSWITCH is a complete VoIP switch that works on many platforms, including Centos 6 and Centos 7. This is one of the biggest packages I have ever done; there are more than 1720 hours of work behind to make it work. When updating, you will notice it will download many libraries, most part of them not available anywhere.

The big difference on my RPM's is there are more sub-packages, for example, you can install only freeswitch-cli if you only need fs_cli command; Centos 6 RPMS for 32 and 64 bits are available with video support; I have imported a patch that fixes mod_nibblebill, in some situations leg b won't hang up and it will produce money losses. I have been updating some other dependencies such as VLC and MPG123 with latest stable if you were using my RPM's you will notice more updates as well.

Because libyuv is now part of the core, these RPMs  are compiled with video support. Yes, you read it well, both Centos 6 and 7 with video support.

For those asking about FreeSWITCH changelog, this is the list published by them:

New features that were added:

  • FS-9079 [mod_callcenter] Add ring-progressively strategy which is a way to ring every agent similarly to a top-down strategy but without canceling the previous calls.
  • FS-9248 [mod_callcenter] Adding truncate-tiers-on-load and truncate-agents-on-load options
  • FS-9216 [mod_sofia] Add Cisco SPA30X and Grandstream GXP user agents to send UPDATE
  • FS-9225 [mod_sofia] Allow to force SIP REGISTER Expires: to be within configured range instead of specific value
  • FS-9188 [mod_sofia] Added a channel variable to suppress auto-answer notify
  • FS-8652 [mod_sofia] Add a optional parameter “early-only” to replaces header parsing and only intercept the call if it is not bridged if this parameter is set to true
  • FS-9124 [mod_avmd] Extend XML config
  • FS-9142 [mod_avmd] Dynamic settings addition of checking of per session settings with locking synced on avmd session mutex
  • FS-9207 [core] Add ignore_sdp_ice=true to ignore ICE when parsing an SDP
  • FS-9157 [verto] Added the possibility to create dedicated audio/video tags for each dialog in verto
  • FS-9249 [verto_communicator] Close the settings panel if the user clicks outside the element
  • FS-9184 [mod_commands] Allow show calls to be filtered by accountcode
  • FS-8979 [mod_imagick] Added “lazy load” functionality to speed up the rendering of the first page of a PDF while continuing to load the following pages in the background
  • FS-9199 [scripts] Small change to make memory allocation tracing of ALL allocations easier and a script to analyze logs

Improvements in build system, cross platform support, and packaging:

  • FS-9070 [configuration] Fix build on 64-bit arm
  • FS-5936 [Debian] Add libesl-perl package containing and associated perl ESL bindings
  • FS-9075 [Debian] Additional tweaks to help ease upgrading freeswitch-all
  • FS-8788 [Debian] Fixed systemd error on Debian Jessie causing non enforcement of stack size limitation
  • FS-9174 [Debian] Fix installation of mod_png when installing via the -all packages
  • FS-8623 [build] Fix libvpx Solaris Studio build
  • FS-9158 [build] Add include for Solaris to changes to build
  • FS-9185 [build] Fixed the format of ifdefs for Solaris SPARC
  • FS-9152 [mod_avmd] Fixed warnings on FreeBSD
  • FS-9254 [mod_avmd] Fixed the windows build
  • FS-9155 [Centos] Fixed lang_es and lang_pt package to have the right language module
  • FS-9238 [mod_osp] Updated for OSP Toolkit 4.11.3.
  • FS-9134 [core] Tweaked fscore_pb to use new pastebin API
  • FS-9132 [mod_kazoo] Add more variables to default filter
  • FS-9164 [core] Add Session-Per-Sec-Last to heartbeat event
  • FS-9136 [core] Allow multiple instances of same video codec with different fmtp
  • FS-9106 [mod_vpx] Improve efficiency when using dedicated encoder mode in conference with vpx codecs

The following bugs were squashed:

  • FS-9131 [core] Improve validation of ice candidates to properly handle malformed candidates
  • FS-9135 [core] Handle incorrect uses of switch_core_media_set_sdp_codec_string function passing null sdp gracefully
  • FS-7783 [core] Properly handle NULL var_name for switch_play_and_get_digits
  • FS-9222 [core] Added a small tweak to freeswitch console to strip leading spaces from commands and added a fix for FreeSWITCH not sending binding response to VoIP client causing a one-way audio call
  • FS-9235 [core] Fix sending RTCP in switch_core_media
  • FS-9219 [core] Fixed an issue with Re-INVITE with no SDP by using bypass_media_after_bridge_oldschool=true to cause bypass_media_after_bridge to use a standard RE-INVITE with SDP, instead of the more reliable method of using 3pcc RE-INVITE
  • FS-9246 [core] Fixed an issue with no audio after transferring a call
  • FS-9244 [core] Fixed an issue where RFC2833 payload_type offered is ignored
  • FS-9115 [mod_av] Initial work toward support for audio only mp4 recording
  • FS-9151 [mod_av] Fixed playback a mp4 file on a session without video not ending
  • FS-8795 [mod_png] Fixed an issue with audio only call
  • FS-8584 [mod_callcenter] Request agents and tiers when reloading queue
  • FS-9153 [mod_commands][mod_event_socket] Fixed a uuid_bridge issue on ESL
  • FS-9034 [mod_sofia] Fixed register processing in a new thread
  • FS-9160 [mod_sofia] Tweak sip_invite_failure_* chan vars for properly reporting last outbound call failure when there are multiple bridge attempts on a single call
  • FS-9214 [mod_sofia] Fixed 3pcc behavior and call flow issues with 3pcc=true and 3pcc=proxy and interactions with sip_wait_for_aleg_ack removes passthrough of 183 on 3pcc=proxy (that was previously not functioning)
  • FS-9227 [sofia-sip] Fixed wrong byte order in HEP packet for source and destination ports
  • FS-9167 [mod_conference] Fixed an issue where playing a file when all video feeds are vmuted does not show file
  • FS-9150 [mod_conference] Force the video-bridge-first-two only function when there are only 2 members who can watch video to prevent flipping between video feeds when video muting
  • FS-9144 [mod_conference] Implement video-mute-exit-canvas and recording in personal-canvas mode to prevent users who video mute themselves missing feeds from their canvas
  • FS-9212 [mod_conference] Fix conference recording api when using default canvas number
  • FS-9198 [mod_skinny][mod_conference] Fixed small memory leaks
  • FS-9201 [mod_skinny] Fixed a leak in API call to list devices
  • FS-9202 [mod_skinny] Fixed a leak in speed dial
  • FS-9156 [mod_hiredis] Code Improvement for the non-interval increment when limit reached
  • FS-7397 [mod_translate] Fixed a segfault due to memory corruption on using app
  • FS-8979 [mod_imagick] Set it to fire an event when finished
  • FS-9250 [verto_communicator] Putting factory reset button back

RPM's are available for Centos 6 and 7. And you can find it if you type yum search freeswitch.

Enjoy!

MPG123 1.23.4 is now available in OKay's RPM repository since today. The mpg123 distribution contains a real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1,2 and 3 (most commonly MPEG 1.0 layer 3 aka MP3), as well as re-usable decoding and output libraries. Among others, it works on GNU/Linux, MacOSX, the BSDs, Solaris, AIX, HPUX, SGI Irix, OS/2 and Cygwin or plain MS Windows.

Some changes from older releases are:

  • mpg123: Fix logic of prebuffering small bits for glitch-free start of playback. The logic as introduced in 1.23.0 actually introduced stuttering! The fix for this is really minimal and I urge everyone to at least include that one. It is the changeset of rev. 4041.
  • libout123:
    • Actually make OUT123_KEEP_PLAYING on by default, as documented.
    • Fix buffer logic with regard to draining, use common device writing code to handle resuming from pause. This fixes sdl output with buffer, possibly other sfifo-based outputs like CoreAudio (those were poorly tested with buffer, as the combination is indeed unusual, see bug 230).
    • Buffer pauses devices for prebuffering, to avoid underruns.
    • More reliable playback with SDL, Portaudio and CoreAudio outputs. This includes FIFO draining on close to avoid dropping of the end. It should fix parts of bug 230.
    • Fixed memory leaks with some outputs where a call to the deinit() function is necessary during available/working module checking.
  • mpg123, out123: Use the default output flags to get OUT123_KEEP_PLAYING. Without this, there is a good chance to abort on SIGSTOP/CONT while playing. This is a regression from 1.22 .
  • Build fixes (bugs 227 and 228) and some build system hackery. Gone are libc feature test macros in compat.h . This means always using our own strdup() implementation. Simpler than being bugged by feature test macros in strict compiler mode (when _DEFAULT_SOURCE is not defined).
  • ./configure --enable-nagging does something also without --enable-debug, explictly triggers -std=c89, too (hence the above).
  • Some fixup to make things work in pedantic C89 mode again. It really might be time to swich on some serious C99 for the next release, since there's a followup standard to _that_ which we can ignore now.
  • Update list of renamed internal symbols to reduce conflicts during static linking of libmpg123 or libout123.
  • Internal compatibility functions now handled via libtool convenience archives, avoiding the hackish code copies.

RPM's are available for Centos 6 and 7. And you can find it if you type yum search mpg123.

Enjoy!

Syncthing 0.13.7 RPMs for Mageia Cauldron (6) are now available since today. Syncthing is a complete synchronization, multi-platform solution to have same files in your devices. It is like a Peer-to-Peer.

Syncthing is an excellent option if you have at least one road warrior involved. Since there is no warranty of a public IP or even a static IP, Syncthing architecture allows clients to bypass NAT's and allow file exchange. The good thing of Syncthing is it is available not only on Linux and Windows but Android as well. You can have in sync important files in your mobile or tablet.

Syncthing 0.13.x is not compatible with 0.12.x. You must update all your devices. Backport for Mageia 5 is more difficult as it seems. I am not able to reproduce it in the build system. Mageia 5 has Golang 1.4 which it is not compatible with Syncthing 0.13.x.

As part of my commitment with Mageia, I will try to keep this package as updated as possible. The team from Syncthing are very responsive and they release new versions very often. At the time when writing this article, Mageia Cauldron 6 is in version freeze; this means we will need to wait for a little until the big system administrators let the new RPM in.

RPM's are available for Mageia Cauldron (6), I will be working to backport to Mageia 5 as soon as possible. You can install it if you type urpmi syncthing.

Last week while I was sending some emails, I realized that nobody was even answering the read acknowledge. It was very strange. After doing some tests with Hotmail I realized all emails was being flagged as SPAM. But no way It could be such garbage, there were handwritten emails. After a while of debugging, I realized that I was missing my SPF records in my DNS server.

What is an SPF Record?

SPF records are an anti-SPAM technique that allows mail servers to verify that the sender server is authorized to send emails using your domain name. For example, if you get a letter from Britney Spears with some free tickets, there is no way you can know if such tickets are coming from an official source by just having the envelope on your hands. SPF records allow you to know and verify that at least  the origin is authorized to send emails using a specific domain name.

If you check the image in this article, it will show you in a simple way how the verification takes place. This verification is done by the target server, not by your SMTP email server.

SPF records will help you to minimize your exposure to an impersonification attack. It is not a final solution as if you have a vulnerable email server or malware installed on your personal computer, the email sent using your email will seem to be a valid one in the eyes of the other target mail servers.

The ISO 27000 is a generic way to call a set of ISO standards about a security. In this article, I am going to describe how we did in one of my jobs to get the Certification for the Information Security Management System specified in the ISO 27001 (and it is closely linked with ISO 27002).

First, we need to describe and make clear what is a Management System. According to ISO, a Management System is a set of procedures an organization needs to follow in order to meet its objectives. The use of a well deployed Management Systems warrants that every request, incident, issue (or any name you want to put) will be processed always the same way with the same established quality. A Management System uses what it is called the Deming Cycle which it states a continuous improvement of all processes involved.

Another concept we need to establish before starting to tell this tale is what is a process. For me, a process is a sequence of interdependent and linked procedures which, at every stage, consume one or more resources (employee, time, energy, machines, money, etc) to convert inputs (data, material, parts, etc) into outputs. These outputs then serve as inputs for the next stage until a known goal or end result is reached. I won't cover in this article how to document a process, but don't lose the idea that you will need to document. The ISMS is all about documenting and keeping records, and not only the ISMS, any management system in general.

So, when you start defining your ISMS take in mind that you will need to back up all your statements. You will need the use of Security & Vulnerability Assessments or in the worst case a letter from the CEO accepting involved risks. The CEO is the ultimate responsible of the ISMS. We will talk about that later.

The asset is just another concept it comes to my mind. For me, an asset is anything that has a value to the business. An asset has a value property that will play a crucial role in this process. I will talk about that later.

Ah! before I forget. If you are pursuing the ISO 27001 certification, you must know that certification is given to an organization with a specific business process.

With this concepts, I will start telling what happened those glory days.

When you visit for the first time a website, your browser downloads many files (images, styles, javascript and much more) we are going to call objects. In a misconfigured website, any object will be downloaded again and again each time you visit a page on that site. If you think a little, this harms your SEO ranking. Google will reward faster websites.

Since a while, the modern web browser has what it is called the cache. A web browser cache is just space on your computer where you store your latest object if those objects are requested your computer won't need to download them again, instead, it gets from the cache; local storage will be always faster than downloading from the Internet. Now think on your website, and think on all the CSS, JS and image files you are using (GIF, JPEG, PNG, WEBP, etc.); imagine all the time that can be saved when your guesses visit the second page on your website.

Apache has a very nice feature (turned off by default), that compresses the content of the page. Instead of sending the raw HTML file, it does a gzip or deflate compression and it sends a smaller file. It is faster to load a 2 kB file than a 10 kB. And as a consequence, this improves your loading time.

Again, don't forget  that Google rewards fastest websites, in other words, it improves your SEO.

In this post, I'm going to show you how to configure the .htaccess file to maximize local cache utilization.

Syncthing 0.13.5 RPMs for Mageia Cauldron (6) are now available since today. Syncthing is a complete synchronization, multi-platform solution to have same files in your devices. It is like a Peer-to-Peer.

Syncthing is an excellent option if you have at least one road warrior involved. Since there is no warranty of a public IP or even a static IP, Syncthing architecture allows clients to bypass NAT's and allow file exchange. The good thing of Syncthing is it is available not only on Linux and Windows but Android as well. You can have in sync important files in your mobile or tablet.

Syncthing 0.13.x is not compatible with 0.12.x. You must update all your devices. Backport for Mageia 5 is more difficult as it seems. I am not able to reproduce it in the build system. Mageia 5 has Golang 1.4 which it is not compatible with Syncthing 0.13.x.

As part of my commitment with Mageia, I will try to keep this package as updated as possible. The team from Syncthing are very responsive and they release new versions very often. At the time when writing this article, Mageia Cauldron 6 is in version freeze; this means we will need to wait for a little until the big system administrators let the new RPM in.

RPM's are available for Mageia Cauldron (6), I will be working to backport to Mageia 5 as soon as possible. You can install it if you type urpmi syncthing.

Many Hostnames and Paths for the same Video

A conventional cache can not optimally store videos from sites like youtube or google video; the main reason is that this kind of sites use different server names to store the same cache (eg ak1.ad.youtube.com, ak2.ad.youtube.com, etc..) and this decreases the frequency of a URL avoiding early entry to the cache. There is no guarantee that two consecutive visits to the same contendo use the same address to access the object in the video. The following procedure describes how to tell Squid cache to perform online video.

This article is a translation and modification of the original article "Localizing content for better SEO" published in The Ultimate Guide to Web Design.

One of the known issues in the SEO and google is well known in the repetition of content. Google and other search engines penalize sites heavily identical contents. So international sites with multiple versions of the same content can be a challenge.

This text is a translation and paraphrase of the original text "Reduce your bounce rate" published in The SEO Handbook.

The initial question is how to make visitors stay longer once they have entered the site. Explains David Deutsch.

We all want our site is at the top of the list in Google searches. But that's only half the story of what happens when people have clicked on the link on our site? Do they stay in while on the website and read about offers or leave it and go? Obviously, we want the first pass, then, what should we do to make this occur?

When visitors do not find something interesting in the first impact site, they go away. This effect is known as abandonment, rebound or bounce rate (in English). A website with a high dropout rate with good quality sources is an indicator that the site is not meeting the expectations of visitors.

Voptech VI200X phones are very useful IP phones.

Sometimes, especially when recycling your phone, you do not have the password for the web console. However the phone is fully recoverable by following these steps:

  1. Login to POST phone mode. Disconnect the phone and press # while reconnecting.
  2. Enter the code * # 168
  3. Reset the phone. At the end of the process, access is admin / admin.

Syncthing 0.13.4 RPMs for Mageia Cauldron (6) are now available since today. Syncthing is a complete synchronization, multi-platform solution to have same files in your devices. It is like a Peer-to-Peer.

Syncthing is an excellent option if you have at least one road warrior involved. Since there is no warranty of a public IP or even a static IP, Syncthing architecture allows clients to bypass NAT's and allow file exchange. The good thing of Syncthing is it is available not only on Linux and Windows but Android as well. You can have in sync important files in your mobile or tablet.

Syncthing 0.13.x is not compatible with 0.12.x. You must update all your devices. Backport for Mageia 5 is more difficult as it seems. I am not able to reproduce it in the build system. Mageia 5 has Golang 1.4 which it is not compatible with Syncthing 0.13.x.

As part of my commitment with Mageia, I will try to keep this package as updated as possible. The team from Syncthing are very responsive and they release new versions very often. At the time when writing this article, Mageia Cauldron 6 is in version freeze; this means we will need to wait a little until the big system administrators let the new RPM in.

RPM's are available for Mageia Cauldron (6), I will be working to backport to Mageia 5 as soon as possible. You can install it if you type urpmi syncthing.

Enjoy!

Some mobiles wrongly do call forwarding and generate a 302 code that confuses Freeswitch. Then FreeSWITCH sends the call through the public context. The number is connected only if the destination number also belongs to the current PBX, which it is an error. The following workarround corrects this behavior.

Change the values to your needs.

<extension name="(\d+)" continue="false">
<condition field="context" expression="public"/>
<condition field="destination_number" expression="(\d )">
<action application="set" data="domain=1.1.1.1"/>
<action application="set" data="domain_name=1.1.1.1"/>
<action application="set" data="call_direction=inbound"/>
<action application="bridge" data="sofia/gateway/gwname/$1"/>
</condition>
</extension>

This dial plan must be placed at the end of all plans for incoming calls.

If you need more help than the free one provided here...