November 2007 Archives

A news story from a couple months ago, has been settled at least from the perspective of Creative Commons. Lawrence Lessig's blog has the update on the removal of Creative Commons from the lawsuit by the plaintiff. See below. This is a great bit of news as the Creative Commons is an incredibly important piece of adapting intellectual property licensing to the technologies available today.

From the Why-a-GC-from-Cravath-is-great Department: The lawsuit is over (Lessig Blog):

We received this happy missive in the mail yesterday: The plaintiffs in the lawsuit about Virgin using a CC-licensed photo have dismissed CC from the case. This is not a settlement. It is not the product of negotiation. It is the recognition by plaintiffs counsel that the laws of Texas and the United States give the plaintiffs no cause to sue Creative Commons.

As I said when I announced the lawsuit here, the fact that the laws of the United States don't make us liable for the misuse in this context doesn't mean that we're not working extremely hard to make sure misuse doesn't happen. It is always a problem (even if not a legal problem) when someone doesn't understand what our licenses do, or how they work. We need to work harder to make that clear. But the news today lets us go back to t

To plug both Professor Lessig and Penn State's own Symposium for Teaching and Learning with Technology, Professor Lessig was recently confirmed as the keynote speaker for the 2008 Symposium. As a plug for Creative Commons Licensing, my blog uses one variation of the flexible scheme.

One of the things that I deal with everyday is email. In my email, I see maybe a hundred or so junk messages know as spam. A few years ago, I gave up reviewing the Junk Mail folder entirely. I close my eyes and pitch. That means that if I know you, you are white-listed so that I receive your email for sure. If I don't know you, there is a strong possibility that your message will be heading to the great bit bucket in the sky without me ever reading it.

It isn't easy to let go that first time, but it is an awful lot like something my wife's grandmother has said. She always told us that she would never buy a gun, because she was afraid that shooting people would be a lot like getting the dead fish out of her aquarium. The first time you lose a fish, there is that "Awww, what a shame." You probably have a little funeral over the toilet before flushing the little buggar down the drain. The next one is, how do you say, "Not so hard." And so on; and so on. I think you get the idea.

Since I have never killed anyone (I've pwned a few, but that doesn't count!), I take that rather strange advice from our elders and apply it to email. If I were to read those 100+ emails per day, I would waste hours. Well, I typically work an 8 hour day, so that doesn't really leave a lot of time for junk mail sorting. Instead, I spend about 20 seconds managing junk mail.

That is easy to do, but what if the junk mail message were a junk voice mail? What do I do now? My voice mail only has one folder currently. I only get a handful of messages per week. I can only process one voice mail at a time. What would I do if I came to work and received 100 voice mails per day that were junk? Well, that is the subject of much debate and study, especially since many VoIP phone systems are starting to embrace the internet model of open connectivity.

SPIT, or Spam over Internet Telephony, is not yet out of control, but think about the possibilities of making millions of "free" calls that only require an internet connection to place. In the old Phone Company model, the PSTN or Public Switched Telephone Network, security doesn't really exist, but it costs money for each phone call that a spammer would want to make. That is why email is so appealing. That company could mail you an envelope with a bunch of junk offers, but that costs significantly more money to do.

I have recently read an interesting paper by some researchers at the College of Computing at Georgia Tech that explains one possible server side method for helping to prevent SPIT from getting out of hand. The method is called CallRank, and it relies upon Social Networks in VoIP networks. There are numerous algorithms that work with the Social Network (SN) data and compare that to the duration of telephone calls as well as a global reputation of a caller. If the credential check fails, so does the call before the phone can even ring. Like most security procedures, CallRank is not perfect. It is intended to be used as one layer of protection.

What do you think? Should we risk SPIT in favor of enhancing the voice and video communications here at Penn State, or should we continue with a lesser set of features in our walled garden? Personally, I vote for more functionality.

The latest Will It Blend? video is out. I thought the iPhone blending was impressive, but this one is just plain mean. Of course, despite the fact that I cried at the senseless destruction, I still really want one of those blenders. ;-) Enjoy and Happy Turkey Day!

While I was at VON 2007, I saw the Guitar Hero playing robot at one of the booths on the show floor. It was at this point that I realized that I really need a new cell phone because wouldn't it have been cool to capture what I saw. Luckily, Jeff Pulver posted some video of it to YouTube. Saved by "The Google" once again!

One of the workshops that I attended last week at VON was an OpenSER admin course presented by one of the founders of the OpenSER project, Daniel-Constantin Mierla. I have to admit that working directly with one of the software engineers who has helped to create this routing engine left me feeling a bit overwhelmed. OpenSER is a derivative work of the original SER project from iptel.org. While both applications perform the same fundamental task of routing communications, OpenSER has been building a large open source community thanks to its focus on feature updates instead of long release cycles.

If you visit the OpenSER project site, you will see that in the spirit of the open source movement, all the content of that course is freely available. While the telephony of Penn State relies upon the systems designed and sold by both Cisco and Avaya, OpenSER is one tool that could enable us to communicate and participate with a growing Internet2 community using these standards based solutions on a daily basis. SIP.EDU is one of these groups working to enable this type of communication.

If you are interested in enabling communications (voice, video, IM, etc.), please let us know. Would you like to place video, voice, or IM calls using something as basic as a username? Is this something that appeals to the Penn State Community?

I am sitting in Boston's Logan Airport at about 8am Friday morning. I don't have much to say today. "Therefore, since brevity is the soul of wit...I will be brief." I am glad to be going home. My brain hurts a little bit from all the information I have assimilated this week. Wow, that was Shakespeare and the Borg all in one paragraph! I am tired, but I woke up at 4am since I am excited to be seeing my family in a few short hours. The cab driver who brought me to the airport was from Ethiopia, and he only sees his family every 7 months. I guess 6 days isn't so long after all.

Today is the last day of VON 2007. The expo booths are being torn down, and we are left with smaller groups attending classes. Fortunately, there was an admin training course that ran all day covering OpenSER. I won't bore you with the details of this implementation of the SIP Express Router. It is only a means to an end for handling the potential volume of calls that our SoftPhone project may experience once it becomes an official psu.edu service. One interesting aspect has been that the course is being presented by one of the founders of this open source project, Daniel-Constantin Mierla.

In the afternoon, I attended a VoIP security strategy panel. The participants were Joshua Morin of Codenomicon, Aaron Sipper of Reef Point, and Dan York of the VoIP Security Alliance. Reactivity in security is unacceptable as a strategy.

There were two themes that ran through the discussion.

• There are great tools out there, but most people, carriers included, are not making use of them.
• Most security plans have not taken phones into consideration. User devices are moving toward the PC model, where these devices are intelligent and therefore exploitable.

As Penn State, we really need to take the proverbial bull by the horns, and be proactive in our security tactics. Port scanning is one tool;packet watching is another. The next time you plan a new service spend the design time on security auditing. Hack it yourself to evaluate the system. Ask a friend to hack it for you. If you get compromised, the you need to share that information with the rest of the Penn State community so that we can all learn from the experiences. I will now step off the soap box. ☺

Today made for a few more interesting speakers in the morning. The first speaker was Tero Ojanperä from Nokia. This meeting was something of a sales pitch, but the subject revolved around the new API toolset that Nokia is releasing called OVI. They seem to be genuinely interested in allowing users to create their own experiences. Thanks to Twitter ,Jaiku, and Pownce, the mobile internet appears to be opening up. At least for the 900 million Nokia phones that are out there somewhere.

The second speaker was Ali Tabassi from Sprint/Nextel. Xohm is the brand name of a new mobile internet service that will exist in the 2.5GHz spectrum. They have their sights on a change in buying style for mobile internet devices. Picture a model where you can buy a device and then choose a provider. Of course, this breaks free for them from the model of subsidizing devices.

The third and most interesting of the speakers was the CTO of Digium, Mark Spencer. Mark is the inventor of Asterisk, the open source PBX. Asterisk was voted the most influential entity in Voice over IP in 2006. It also happens to be one of the tools that we are piloting for the SoftPhone Project. SoftPhone is a way to extend Penn State communications beyond the closed networks of today. If you have ever used Skype, then you will understand what we are trying to create for Penn State use, but unlike Skype, we are building on open standards that allow others to work with us. His hope for open source telephony is that ways be found to use it that are interesting and different from the same old thing. The last element that made this particular event memorable, was that during questions and answers the fire alarm sounded forcing an evacuation of the entire conference center.

I also attended a panel discussion on the use of Asterisk and OpenSER in enterprise environments. One of the speakers was Deke Kassabian from the University of Pennsylvania. He discussed how Penn has been using SER and Asterisk to rollout 25,000 telephone devices on their campus. Penn State's own work with SER and Asterisk has been focusing on enabling user mobility rather than replacing our own relatively young VoIP infrastructure. I was lucky to have a conversation over lunch with Deke and one of his senior engineers, Steve Blair. It was great to hear the perspective of another EDU.

The last presentation that I attended was more for me than for Penn State. I really wanted to hear Jon "maddog" Hall speak about open source and Linux as well as its place in the world. If you ever have the opportunity to listen to one of his presentations, you should. He is intelligent and also very straight-forward. His willingness to cut to the chase is probably one small part of why his students gave him the nickname. His talk focused on how the world as a whole needs open source because the solutions that are required can't be done by a few software companies. He also suggested that for IT to survive, the stagnation of the U.S. and Western Europe needs the development that can come from the rest of the world. Go Tux!