Sekiur My Thoughts

Working on multiple iPhone application projects and shortly looking at the iPad for other development opportunities, I found an excellent step by step guide on creating a development provisioning profile on http://devclinic.com by Kuix, that I thought I should share.

As simple as it may, I thought i’d contribute and write a tutorial on how to get your development application onto your testing device. Due to the exponential speed and memory differences between your development computer and an actual mobile device, it is very important for you to test your application on a mobile device.

Step 1: Certify
This is the hardest step, so please follow the steps closely.
Open Keychain Access application, inside your Application->Utilities folder. Click on Keychain Access->Certificate Assistant->Request a certificate from a certificate Authority… Enter your email, your name, and for CA Email i used my email again(the last one don’t really matter, for these purposes, but it’s required). Choose Saved to disk and click continue. It will then, by default save to your desktop.

Open up Apple Developer Connection inside your browser and login. Go to the Program Portal section and click on Certificates. Choose add certificate. The page will basically tell you to do what i just told u. scroll all the way to the bottom, where you will upload and submit that new certificate, from your desktop. Now your certificate needs to be approved by you/administrator. Simply click on approve, where your certificate is pending. Now, you will have the option of downloading your approved certificate. Download that, and the WWDR intermediate certificate, linked below your certificate. double click on both downloaded certificates to install them into your Keychain. Use login, instead of System, for both.

Once that is done, move on.

Step 2: Device
Now click on Devices. Here you will get your mobile device recognized as a development device. You can develop your app on either an iPhone or an iPod Touch. Open xCode, and go to Window->Organizer Here you will see the device that is currently connected to your computer. notice the long ass identifier key for Identifier:. now inside your program portal, click on Add Devices. you will make up a device name and then copy past that identifier value, you stole from the xCode organizer. Submit.

Step 3: App IDs
Next step: click on the link App IDs from the left hand side, then New App Id. The Description is for your sake, so you know what the ID is for. Choose Generate New, and for Bundle Identifier, it’s like writing an URL backwards.
com.yourCompanyName.AppName then submit that.

Step 4: Provisioning Profile
Almost done! Go to Provisioning page, then New Profile.Choose a memorable profile name. check the box for your approved certificate. Choose your App ID, created from step 3. check the box for your development device. Submit. Now you can download your provisioning profile. Go back to your xCode organizer and add your provisioning profile into the Provision section, under Devices.

Step 5: Load it!
In your app, go to Resources->appName-info.plist Where it says Bundle identifier, change the value to what you entered for your app ID:com.yourCompanyName.AppName.

On the top left hand corner, in the drop down menu, choose Device – 3.0 (if you’re running 3.0 firmware). Build and Go.
If you’ve done everythign correctly, it will build successfully, and your app will be now on your mobile device!

I know it’s a lot of writing, but every step is pertinent. Good luck, guys=)

~Kuix

In just under a minute I migrated a couple of GrandCentral account to Google Voice and I am very exited to see a transcript of a voicemail show up in my Inbox.

I will definitely miss the GrandCentral interface as its much more intuitive than the new Google Voice GUI.

A limitation currently in place on both platforms is the capability to have 2 different accounts ring one same number. I particularly like this to have a personal and a business number both ring my cell and landlines. The workaround for the moment is leaving an account with GrandCentral and on one Google Voice. Lets see how long that lasts.!

One thing that I have seen more and more recently is my GrandCentral dropping calls on me. Maybe its Google’s way of getting users migrated.

Related articles by Zemanta

• Google Voice Emerges from GrandCentral, Transcribes Voicemail (lifehacker.com)
• Google Voice: Bells, Whistles, and Voicemail Transcripts (blippitt.com)
• Google Voice: A New Approach to Voice Communications (littlegreenfootballs.com)
• Google Launching GrandCentral As Google Voice (searchenginewatch.com)

Twenty years ago my parents knew where I was and who I was with or so they thought.

Well maybe not but basically it was much easier for parents to keep their kids on the straight and narrow and away from trouble.  It basically consisted of keeping an eye on dubious VHS/Betamax tapes and password protecting satellite channels as well as keeping tabs on friends.

With the Internet, social networks and cell phones; you as a parent basically have no insight on who your children interact with, what they see and what shenanigans they might tumble into.

The morals of spying on your kids is beyond the scope of this post, but I start on the premise that involvement in your children’s lives greatly reduces the probability of them getting into shady situations.

The Internet posed the first challenge for parents to unwanted content most of which was porn. Placing the computer in a common area and restricting access to it sufficed. With the widespread use of Instant Messaging it became harder to just restrict access to the computer and once filtering software surfaced the new challenge of unmonitored communications emerged.

Now what makes online communications so much different from phone conversations we could have had 20 years ago with a friend? Its a fact that the anonymity of the Internet may serve as a dis-inhibitor prompting kids to do things they would not have done while just talking on the phone. Chatting log applications emerged to serve this market.

As instant messaging converted to the web from applications running on the PC at home, it has become more difficult to see what’s happening on social networks and with the wide-spread adoption of smart phones by teenagers and young kids, the methods at home for filtering and monitoring communications no longer work.

Schools have put in place measures to ensure that students don’t have access to questionable content but these are useless when students arrive at school with high-bandwidth enabled iPhones.

As every sword has a double edge so does technology. Even though these devices present a new challenge for parents, it also offers unheard of possibilities 20 years ago like the capability to see where your kids are at.

Google Latitude allows a mobile phone user to allow certain other people on his or her Gmail contact list to track where he or she is. This application requires that the user share their location when Google Maps opens on a mobile phone whether using the on-board GPS or triangulation of cell towers. It will however ask the user to continue sharing their location when you exit the application so its not what you would call stealthy.

Moostrax however does run behind the scene running quietly on the options menu on Blackberries, sending location information at regular intervals to a website. Apart from live tracking on Google Maps, it offers additional nifty features like historical tracking that can be exported to a Google Earth format, GeoFences allowing someone to be notified via e-mail when the phone enters or leaves a certain pre-determined area, Location Tagging allowing the tagging of your favorite locations, and a developer API to integrated other applications.

Ronald Reagan once said: “Trust But Verify” when discussing relations with the Soviet Union

Related articles by Zemanta

• How To Trace a Mobile Phone Location with Google Latitude (makeuseof.com)
• Satnav seeks integrated solution (guardian.co.uk)
• Publish Your Location to Your Blog or Gmail Chat with Google Latitude (blippitt.com)
• Your Favorite Location-Based Mobile Apps (readwriteweb.com)
• Top 6 iPhone 3.0 Apps to Watch (mashable.com)

With the iPhone Apps store closing in on the 1 billion download mark, its hard to argue that it hasn’t been a huge success and even with the numerous applications available to do just about anything you can think of, there is still room for innovation as long as you keep an open mind and hold on to your imagination.

Standford has made available a course on iTunes that will have you creating your very own application in no time.

http://www.stanford.edu/class/cs193p/cgi-bin/index.php

Related articles by Zemanta

• iPhone 3.0 Gets Copy and Paste and Then Some (smarterware.org)
• Apple Is Approaching a Defining Moment (gigaom.com)
• Five in Finance for iPhone (paul.kedrosky.com)

Last week I deployed a PBX in a Flash system using SIPConnect from CBeyond. It was so successful that I will start using PIAF in lieu of Trixbox from now on for all future deployments of this type and will replace my home PBX to take advantage of Skype and Google Voice integration.

In this case I used the Aastra 53i (English edition) VoIP phones which when connected to the network, retrieved an IP from the DHCP server, contacted the PBX using mDNSResponse, checked and downloaded the most recent firmware available on the PBX, and downloaded the default configuration which prompts for a user to login. After login in the phone created a config file on the PBX for future restarts.

These Aastra phones come in 2 editions (The English/American edition and the European edition). The power supply for the European edition has different connectors and the display had symbols instead of words. Apart from that they appeared to be identical but getting the European edition to automatically connect to the PBX and configure itself was very painful, having to reset the phone to factory defaults and erase the local configuration multiple times and finally having to define on the phone the TFTP server (PBX) IP address for it to download the configuration.

Two thumbs up for the PBX in a Flash (PIAF) developers who have done a superb job with this distribution holding up the ideals of the original Asterisk@home open source project.

Their documentation was almost flawless although it was difficult trying to find the most recent version of instructions as they are all layed out in bits and pieces across a blog. In pursuit of a perfect install I narrowed down the install to running the iso install, going through the online download and compilation of asterisk and running the update/fix scripts. Now before upgrading/installing any module or OS updates, I downloaded and installed the files necessary to deploy the Aastra phones which is also done by a script and then I proceeded to install/update the software via the FreePBX module admin and finally the OS updates.

Below is the trunk configuration for connecting via SIPConnect to CBeyond from PBX in a Flash:

Outbound caller ID: 5551231234
Never overrride caller ID: checked
Maximum Channels: 6

Outbound Settings

trunk name=cbeyond

allow=ulaw&alaw&gsm&ilbc&g726&adpcm
context=from-trunk
disallow=all
dtmfmode=auto
fromdomain=sipconnect.dal0.cbeyond.net
host=sipconnect.dal0.cbeyond.net
insecure=very
outboundproxy=sip-proxy.dal0.cbeyond.net
qualify=250
secret=[secret-password]
type=peer
username=5551231234

Regitration String: 5551231234:secret-password@cbeyond/5551231234

Note: Notice there is no inbound settings required. DID incoming configuration will determine were each channel from the trunk will ring.

Related articles by Zemanta

• AUDIT: Small Minn. agencies need better computer security (5 Eyewitness News St. Paul) (slumpedoverkeyboarddead.com)
• Call Skype From Any Phone Through OpenSky (mashable.com)
• Skype for SIP == Skype for Asterisk DOA? (skypejournal.com)
• Skype For SIP: Big Money, Skypeless, Brand Destroyer (skypejournal.com)

I-Movix SprintCam v3 NAB 2009 showreel from David Coiffier on Vimeo.

Here is the first SprintCam v3 showreel, made for NAB 2009 exhibition.
Mostly 1000FPS shots, made during a recent rubgy competition in the Stade de France, Paris.

Over the last several months I have been hard at work on a migration which has been in the works for several years.

The goal is to move video conferencing transmissions from ISDN 128kbps bonded calls to 384kbps IP calls, in order to improve the quality of the video and cut long-distance phone costs.

Over 20 hours a week classes are transmitted from a lecture hall in Fort Worth, Texas to 20 sites across the United States. The equipment in place is a Polycom VS-4000 video conferencing unit which has input from multiple cameras, an Accord MGC-100 video conferencing bridge and 2 PRI lines coming into the bridge.

Tandberg and Polycom 128 units at the remote site dial bonded 64Kbps channels to achieve a 128kbps call.

The original plan called for fractional T1 circuits at every remote site all furbished by a single ISP in order to be able to assure quality of service from point to point. A fractional 512kbps T1 would provide sufficient bandwidth for a 384kbps call plus the overhead and the bridge would be connected to a fractional DS3 circuit (around 12Mbps).

The scope of the project grew and for one reason or another the remote site circuits became a full T1 (1.544 Mbps) circuit and the host became a full DS3 (45Mbps) circuit.

To complicate things further wireless network/Internet access, routed back to the hosting site would be provided for all the remote sites for future exam taking.

Network wise the host site will have a Cisco 7204VXR with a channelized DS3 card and each site would have a Cisco 1841 with T1-DSU card and a 4-port Ethernet card.

Quality of service would prioritize h323, rtp, rtsp and sip traffic over any other and wireless access points (Aruba Network AP-65) are every site would tunnel encrypted traffic back to a Aruba Network MMC-6000 Controller.

H323 traffic has always been tricky with firewalls and I anticipated that the problems encountered would be in that area as years of experience had taught me. I was pleasantly surprised this wasn’t the case.

The Aruba Wireless controller at the host site builds IPSec tunnels to all the network access points at the remote sites, allowing students to access resources at the host site securely while at the same time preventing ad-hoc users from having access.

Technical challenges actually came from this area of the project were the site routers provided the access points with DHCP options 60 with the value “ArubaAP” and option 43 with the value of the IP address belonging to the Aruba Controller.

In order for this communication to take place, several ports needed to be allowed from the remote site to the host site. TFTP (UDP 69) for downloading configuration files, PAPI (UDP 8211) Aruba Management protocol, GRE for the IPSec tunnel, syslog (UDP 514) for sending logs, ntp (UDP 123) for keeping time and FTP (tcp 21) for downloading firmware.

Routing was carefully examined and firewall rules were put in place but nothing happened. The access points would not connect successfully with the controller so it was time to crack out the sniffer and start looking at the packets sequence from a successful connection between the controller and an on-site access point and what the packets looked like from a remote site.

Lots of cups of coffee later I found that the Aruba Wireless Controller was receiving packets from the Access Points looking for its configuration, but the controller was answering on a different IP address to the AP.

An additional rule on the firewall allowing traffic from that second IP address on the controller (not the management IP) to the network the wireless access point was at using PAPI (udp 8211) fixed the issue.

Success! A very satisfying feeling.

Enter quality of service management which I am sure will be the next opportunity to excel.

In today’s environment of mobile computing and the increasing integration of consumer electronics with the corporate network, it has become a necessity to plan accordingly in order to mitigate the risk this presents.

Whether it be an iPhone or guest laptop connecting via wireless or using an unused network port, brings new challenges to network administrators who need, not only be aware of what is on their network but also prevent an un-managed device from infecting other devices on the network.

The situation grows in complexity in higher education where the inherent open network environment becomes a juggling act balancing network security and open access. Students do not patch and fail to run current anti-virus.

Network Access Control, which is more commonly referred to by the acronym NAC, is the most hyped term in networking today. It’s also one of the least understood.

Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define & implement a policy that describes how to secure access to a network nodes by devices when they initially attempt to access the network^{[citation needed]}. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed.

The idea behind Network Access Control (NAC) is to implement a set of pre-admission rules and post-admission controls over where users can go and what they can do. Kind of like an in-versed firewall framework on steroids.

What’s important to understand is the Network Access Control (NAC) is not a device or appliance that is dropped in on the network, but rather a structure that needs to be deployed throughout the enterprise network.

The goals that Network Access Control aims to address can be distilled into three categories.

1. Identity Management – Which includes device registration, authentication and role based access.
2. Endpoint Compliance – The ability to prevent devices that lack anti-virus, patches or host prevention software from accessing the corporate network to prevent putting other computers at risk.
3. Policy Enforcement – Provides the ability to enforce company-specific policies in either block, notify or report mode and integration with other solutions to identify and disable unauthorized activities.

Different vendors take different approaches in order to accomplish these goals, were policies are enforced on a pre-admission vs. a post-admission basis, software clients are installed on the users computer vs. scanning those computers in an effort to gather information to automate decision making at the time the policy is enforced, and finally out-of-band vs. in-line solutions.

In 2005 I started experimenting with Network Access Control technology and came across an open-source solution called NetReg.

NetReg is an in-line, pre-admission, client-less Network Access Control solutions. The system sits between the users and the network. Identity management is accomplished by authenticating the user through a website against an LDAP server and storing in a database the username, the IP address assigned and the devices MAC address.

Endpoint compliance is achieved by 2 dynamic DHCP address pools; one for unregistered (unknown hosts) with non-routable IP addresses (network/Internet blocked) and the second for registered (known hosts) with routable IP addresses (network/Internet accessible). A bogus DNS server prevents users from accessing anything but certain websites where a user can download anti-virus and patches for remediation purposes.

Nessus vulnerability scanning software periodically scans devices to determine if these should be quarantined until they have met the established acceptable use policy. If a computer in the unregistered network is found to be non-compliant, it is notified and only when appropriate action has been taken will the computer be assigned a valid routable IP address. If the computer has already been assigned a valid IP address then it is blocked.

Some of the shortfalls of this approach were the inability to determine which patches were missing and firewalled clients are not checked.

Netreg which was originally developed by Southwestern University at Georgetown branched out into several versions and currently the only one being maintained is by Carnegie Mellon here.

Finally is important to note that there is no silver bullet when it comes to security and there are always ways to get around a system. A thought that came to mind was how these products deal with printers, VoIP phones, gaming consoles, etc, when it comes to registration and how by changing one’s MAC address to mimic a VoIP phone or printer vendor would bypass the authentication.

In researching when writing this blog, I came across another open source solutions started in 2007 called PacketFence which I will take a closer look at.

Major Commercial Solutions:

• Bradford Networks
• Cisco
• ConSentry Networks
• Juniper Networks
• Sophos
• StillSecure
• Symantec

Open Source Solutions:

• FreeNAC
• NetReg
• PacketFence
  

Sources:

Wikipedia
Gartner Market Scope for NAC 2008

The more I research on the potential and possibilities of VoIP phone systems, the more companies I see trying to get a piece of the market.

Reminds me of a blog entry I read recently “Everything I Know About Business I Learned From Poker” and more specifically the quote: “If there are too many competitors (some irrational or inexperienced), even if you’re the best it’s a lot harder to win.” which definitely rings true here.

Below is a partial list of VoIP phone systems geared towards small businesses, meaning deployments of less than 50 phones. Although several of these systems can easily scale into the hundreds of phones.

1. PhoneBochs from Rochbochs, Inc. (Duluth, MN based Rochbochs builds appliances based on Linux ranging from firewalls, asterisk telephony, Zimbra Email Collaboration and Fax over IP.)
2. GXE502X from Grandstream. (Brookline, MA based Grandstream builds the GXE502x appliance, a powerful all-in-one voice + video + fax + data communication solution for the small to medium sized business)
3. Jazinga PBX from Jazinga. (Toronto based Jazinga integrates data networking, traditional telephone service and low-cost Voice-over-IP (VoIP) service into one simple solution for small business and homes)
4. Response Point from Microsoft. (Redmond, WA based Microsoft could not miss the action and introduced their next generation phone system for small businesses.)
5. Trixbox from Fonality. (Los Angeles, CA based Fonality who acquired Trixbox which itself was re-branded from the open source project Asterisk @Home brings both software and appliance offerings to the table going beyond the small business market.)
6. Switchvox IP PBX from Digium. (Huntsville, AL based Digium and the cradle of Asterisk brings forth their flagship product Switchvox which is probably one of the most popular offerings out there today.)
7. TalkSwitch from Centrepoint Technologies. (Canada based Centrepoint, now TalkSwitch provides telecommunications solutions ideal for small and multi-location businesses with up to 32 telephone users per office.)
8. PIKA WARP by PIKA Technologies. (Ontario, Canada based PIKA builds appliances focused on Asterisk and Linux solutions for small businesses.)
9. BYOB by yourself. (Locally based, you can “Build Your Own Box” using Sangoma or Digium hardware for POTS landlines and build your own VoIP phone system using any Asterisk distribution, including Trixbox®, Elastix, AsteriskNOW, Elastix, CentPBX, and PBX-in-a-Flash, or FreeSWITCH, or YATE.

Amongst the other options available are the hosted solution where you pay a fixed cost per device, and then there’s the Colo solution where you would have one of the options above hosted by someone else.

There are many variables that need to be taken into account and every business is different.

Small businesses are likely to have some type of broadband connectivity to the Internet, whether cable or DSL and not the more reliable T1 circuit. Although I have not had any problems with my broadband connection for over 3 years, I have seen businesses add redundant cable and/or DSL because they have to stay up when their service gets interrupted occasionally during a storm.

The amount of simultanous calls at any one time and the codec used will also play a role in deciding if the hosted solution is viable, since most broadband providers do not offer symmetrical upload and download speeds but rather assimetrical where the upload is usually much lower than the download speeds.

My rule of thumb for a business with more than 10 phones and 3 lines with heavy phone usage is to stay with the premises PBX and only use VoIP trunks as secondary circuits for savings.

Using VoIP lines to save on long distance and/or international calls is smart but real savings come in when you are able to dump your landline and go all the way with VoIP.

Over the years the technology has matured to the point where its possible to provide reliable phone service over the Internet. Vonage being a pioneer in this market and recently major telcos offering this service to their existing client base has begun to erode the excepticism on VoIP.

When migrating for landline to VoIP its very important for the service to just work. People expect the phone to have a dial tone when its picked up just as they expect the lights to come on when the switch is flipped. It has become a utility.

Even though VoIP has come a long way, its important to keep an eye on it. Because voice now travels the same path that data those, there is a wide variety of tools available to measure and monitor performance and availability.

The script below allows you to e-mail you the status of a SIP or IAX trunk on an asterisk based VoIP phone system. The script scheduled every 5 minutes would check the status of the registration status for the specific trunk.

We being by creating two files in the /etc/asterisk directory.

• trunkalerts_iax.txt
• trunkalerts_sip.txt

Each file contains the registration domain and port as shown when querying sip and iax registrations.

Example of trunkalerts_sip.txt

sip.broadvoice.com:5060

Script: (download here)

#!/usr/bin/perl

################################################## #############################
##################### ###########################
####
#### Trunk Alerts script written by Jim Hribnak Oct 7th 2007
#### if there is any questions please feel free to drop me an email at jimh at d
omain nucleus.com
#### Called using Cron job

################################################## #############################
##################### ###########################
####
#### Create the following 2 files in /etc/asterisk
####
#### in the files below add the hosts entry from asterisk -rx “sip show registry
” and
#### from asterisk -rx “iax2 show registry”.
####

open(IAXTRUNKS,”/etc/asterisk/trunkalerts_iax.txt”);
open(SIPTRUNKS,”/etc/asterisk/trunkalerts_sip.txt”);

################################################## #############################
##################### ###########################
####
#### SIP Related Code
####

#print “================================================= ===========\n”;
#print “SIP Trunk information\n”;
#print “================================================= ===========\n”;

while (<SIPTRUNKS>) {
chomp;
$siptrunks = `/usr/sbin/asterisk -rx “sip show registry” |grep \”$_\” | awk ‘{pr
int $4}’`;

#print “siptrunks = $siptrunks\n”;
if ($siptrunks =~ “Registered”) {
#print “$_ is up\n” ;

} else {
#print “We have a problem\n”;
print “$_ trunk is not registering\n”;
mailalert();

}
} #end of while loop (read SIP file)

################################################## #############################
##################### ###########################
####
#### IAX Related Code
####

#print “\n\n============================================= ===============\n”;
#print “IAX2 Trunk information\n”;
#print “================================================= ===========\n”;

while (<IAXTRUNKS>) {
chomp;
$iaxtrunks = `/usr/sbin/asterisk -rx “iax2 show registry” |/bin/grep \”$_\” | aw
k ‘{print $5}’`;

#print “iaxtrunks = $iaxtrunks\n”;

if ($iaxtrunks =~ “Registered”) {
#print “$_ is up\n” ;

} else {
mailalert();
print “We have a problem\n”;
print “$_ trunk is not registering\n”;
my $subject = “Subject: TRUNK $iaxtrunks is DOWN!!!!\n”;
my $content = “TRUNK $iaxtrunks is DOWN!!!!\n”;

}
} #end of while loop (read SIP file)

################################################## ########################
####
#### Email Subroutines
#### Change anywhere below where there is an email address an email addres
#### must have \@ as perl needs to escape the @ symbol
####
################################################## ########################

sub mailalert {

my $sendmail = “/usr/sbin/sendmail -t”;
my $from= “FROM: <pbx\@sekiur.com>\n”; #replace xxx with your FROM email ID
my $reply_to = “Reply-to: <support\@sekiur.com\n”;
my $subject = “Subject: $_ is DOWN!!!!\n”;
my $content = “TRUNK $_ is DOWN!!!!\n”;
my $send_to = “To:<support\@sekiur.com>\n”; #replace xxx with your TO email ID
open(SENDMAIL, “|$sendmail”) or die “Cannot open $sendmail: $!”;
print SENDMAIL $from;
print SENDMAIL $reply_to;
print SENDMAIL $subject;
print SENDMAIL $send_to;
print SENDMAIL $content;
close(SENDMAIL);

#log
my $logfile = “/var/log/asterisk/trunkfailure.log”;
my $date = localtime();
my $logmsg = “$date TRUNK $_ is down”;
open LOGFILE, “>>$logfile” or die “cannot open logfile $logfile for append: $!”;
print LOGFILE $logmsg, “\n”;
close LOGFILE;

print “An email has been sent!\n\n”;
}