I’ve got ertw.com set up to accept SIP calls, so that if you dial sean@ this domain, it rings a phone here. But, how do you dial out?

It’s actually quite easy in theory, since you can Dial() any sort of address, but the trick is to integrate it with the dialplan.

A bit of research found this page which is good, but it assumes that everything gets forwarded to the SIP macro. Using part of his recipe:

exten => _[a-z].,1,Macro(uridial,${EXTEN}@${SIPDOMAIN})
exten => _[A-Z].,1,Macro(uridial,${EXTEN}@${SIPDOMAIN})

means that only those addresses that start with a letter will be dialed as SIP, which rules out numeric addresses (like 613@fwd.pulver.com for echo testing).

I like his idea, though, so I decided that I’d keep it, and prefix any numeric sip addresses with sip: so that the extension above would be caught. Then it was a matter of modifying his macro to look for sip: in front of a URI and strip it. The results are:

; Dials a SIP URI
[macro-uridial]

; First, assume it’s not a sip: type address
exten => s,1,Set(destination=${ARG1})
exten => s,n,NoOp(First 6 chars are ${ARG1:0:6})
; We see them as url encoded (ie : is really %3a)
; check to see if the first *six* chars match it then
exten => s,n,GotoIf($[“${ARG1:0:6}” != “sip%3a”]?nowdial|1)
; we fell through because there was a sip: at the beginning, so
; strip the digits and then dial
exten => s,n,Set(destination=${ARG1:6})
exten => s,n,GoTo(nowdial,1)
; At this point it’s a proper uri
exten => nowdial,1,NoOp(Calling remote SIP peer ${destination})
exten => nowdial,n,Dial(SIP/${destination},120,tr)
exten => nowdial,n,Congestion()

In the end it turned out to be an exercise in learning how Asterisk works more than anything else, ie the %3a translation, the implicit breaking up of the address into $EXTEN and $SIPDOMAIN, and also the format of GotoIf.

I’ve been looking forward to seeing Alton Brown’s new show, “Feasting on Asphalt”. Originally, it was because, “Hey, it’s Alton Brown. Even if it’s just a Rachael Ray type travel show it can’t be that bad”. 15 minutes into the first episode (watching on my computer because Food Network Canada doesn’t carry the show) I’m hooked.

The show is about him, and his crew of 5 (some on motorcycles, some in the van) crossing the United States, avoiding interstate highways and only eating at “road food” joints like diners, cafes, stands, etc. No national chains. The show has footage of them driving, their stops, the food, etc. Usually it’s just Alton, but the crew sometimes joins in. Often he’ll help in the kitchen of places he goes, so far he’s washed dishes, made fry-cakes, and help do prep work for a small town event.

The waxing poetic about road food gets tiring, and most of the interviews are pretty boring. But when he joins in the action or it’s just candid shots of him, it’s an amazing show. Think “Good Eats” hits reality TV. There’s even the requisite “And if I had a food historian handy… Hey, there’s one right there!” (though in that scene he seems to always be cutting her off, I’m not sure if she was boring or he was in a hurry).

There’s a good mix of history (including stuff you’d never guess about Duncan Hines), some travel, and full of the quirks you’d expect from AB (including a 6’ map of the US they carry with them)). It’s lightly edited and fairly unscripted. He’s got a quick wit about him, even though you can tell he’s got a sense of humour from watching Good Eats, when he’s interacting with people, especially in the kitchen, he’s really funny.

From his website I know the 4th episode has him break something in an accident. It was just posted to torrents so it’ll be a bit before I get to see it. Unfortunately the 4th is also the last. Maybe he’ll do it again, I can only hope.

A co-worker pointed me to (ISC)2’s rebuttal of my earlier article.

https://www.isc2.org/download/SearchSecurityArticleCounterpoints.pdf

I’m still not convinced by their arguments which are largely arguing semantics.

• You’ll note “Student” is in quotes. I’m not claiming it’s the official title.
• One of my arguments is that these new “(ISC)2 associates” will be confused with regular CISSPs. (ISC)2’s argument seems to be “but they aren’t CISSPs”

There are a few other things but it’s not worth my time getting into it.

My favourite responses to the article were along the lines of “But CISSP is already a joke!”. In furtherance, a couple of searches from Google:

Results 1 - 10 of about 136,000 for cissp fast pass.
Results 1 - 10 of about 241,000 for cissp braindump.
Results 1 - 10 of about 25,900 for cissp is a joke.

I also did a Podcast where I talked a bit more about the article. I thought I was going to get blasted – (ISC)2 was invited but refused to come – but there was an even stronger viewpoint on the panel than mine.

I wrote an article for SearchSecurity on the subject of certification related training in Universities, specifically the ISC(2)’s CISSP. I opted for the “against” viewpoint, mostly because I think the CISSP should be synonymous with experience, and partially because it made a for a great discussion.

The article: Opinion: ‘Student’ CISSPs put cert’s value in jeopardy

I must say, as far as article writing goes, this has been my favourite one so far. I was given freedom to take it anywhere I wanted, and my editor really did awesome work. I’m going to pay attention to that site and try and make some more contributions.

Apologies for the lack of posting, I’ve been quite busy with family, work, and more article writing. I have several Unix performance related articles up over on IBM developerWorks:

Searn Here

Update: I didn’t realize there’s a discussion forum on the SearchSecurity site, and there are a lot of opinions being posted, some for, some against, and even the odd personal attack! I’m impressed. Now just to find a more controversial topic.

The topic of ENUM came up last night at the Manitoba Asterisk User’s group meeting. I find the discussion interesting because there are a couple of people there who are involved with the ENUM efforts by CIRA. After discussing the problems and status of ENUM-Canada efforts, I started to wonder, “Do we really need ENUM?”

ENUM is a method for mapping PSTN style phone numbers to a URI, such as SIP or a mailto, through the global DNS. My office phone, 204.975.5987, would then become 7.8.9.5.5.7.9.4.0.2.1.e164.arpa by reversing the digits, adding the top level country code of 1, and looking within the e164.arpa zone. Simplifying greatly, the response might either be nothing, meaning I can’t be reached by IP, or it might be something like sip:seanwalberg@ceridian.ca, meaning that I can be reached via SIP through that address.

One consumer of this information would be telecos. Rather than paying my carrier (MTS/Allstream) for terminating the call, they could use the sip URI to call me over the Internet and pocket the difference. The other would be regular people who are replacing their phones with either computers or smarter IP phones, and want to make the query themselves to avoid paying long distance.

Almost two years ago I wrote Either you’ve got a SIP address, or you’re not worth talking to to point out that the eventual goal will be phasing out of PSTN style numbers in favour of SIP URIs, which are basically email addresses.

Since telephones with their 12 buttons aren’t too good at entering SIP URIs such as “seanwalberg@ceridian.ca”, ENUM is one transition mechanism. But involve telecos and large committees, and you get delay and disagreements. Already there are two types of ENUM being proposed, one for carriers, one for the public. And since DNS is delegated differently than PSTN numbers, how does a regular person like me update my records securely (while making sure that an evil person can’t update my records?)

So this led me to think, “Why do we even need ENUM?”. Why not put a SIP address on your business card along with all the other numbers people put there? (Don’t quote me, but I remember Nortel did this) People who want to use SIP will use SIP. People who can’t won’t.

From the carrier perspective, if they’re so interested in saving money by offloading calls to the Internet, why not let them come up with their own transition mechanism? They’ve done this before for toll free and local number portability.

I suppose what I’m really saying is that the problem isn’t so much technical as it is marketing. How many people have some form of instant messaging client, or even several? What would it take people to move to a SIP based client? If people started using SIP based instant messaging, or even if it were supported under popular IM clients (didn’t MSN support it for a brief period), wouldn’t vendors have incentive to make hard phones capable of dialing SIP? (I pointed out last night that a small keypad was no impediment to the adoption of SMS messaging)

While I applaud the efforts of those involved with ENUM, I wonder if it wouldn’t be easier just to draw a line in the sand and not try and integrate the two networks. Instead, focus on promoting the SIP network, and let the benefits and features draw people in.

Every year I have to remember how to generate new SSL keys and remove the password.

Generate keys:

[root@sergeant conf]# cd /etc/httpd/conf
[root@sergeant conf]# make server.crt
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > server.key
Generating RSA private key, 1024 bit long modulus
……………….++++++
……………………………++++++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
umask 77 ; \
/usr/bin/openssl req -new -key server.key -x509 -days 365 -out server.crt
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:CA
State or Province Name (full name) [Berkshire]:Manitoba
Locality Name (eg, city) [Newbury]:Winnipeg
Organization Name (eg, company) [My Company Ltd]:ERTW
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:ertw.com
Email Address []:sean@ertw.com

Then copy the keys into the appropriate directories (backup the old ones first!)

[root@sergeant conf]# cp server.crt ssl.crt/
cp: overwrite `ssl.crt/server.crt’? y
[root@sergeant conf]# cp server.key ssl.key/server.key.pass
cp: overwrite `ssl.key/server.key.pass’? y

Then remove the password:
[root@sergeant ssl.key]# openssl rsa -in server.key.pass -out server.key
Enter pass phrase for server.key.pass:
writing RSA key

This assumes your /etc/httpd/conf.d/ssl.conf points to keys named “server”.

IBM has posted my article on Easy System Monitoring with SAR to their eServer site. I’ve got two more coming, one on monitoring web performance with RRDTool, and one on solving problems with application tracing (ie truss, strace, dtrace)

After watching the Waffle Truth I wanted to try Alton Brown’s Waffle recipe. Previously I’ve been using the one from the Joy of Cooking which is excellent, but having to use cake flour, sift it, and separate the eggs makes waffle making a pain.

AB’s recipe calls for a mix of all purpose and whole wheat flour, which will make my wife happy. But it didn’t turn out as well as the ones from the Joy of Cooking. My waffle iron is a paltry 650 Watts which worked perfectly for my other recipe, but these ones didn’t have the crispy exterior that are integral to waffles. The flavour was OK, with a nice element introduced by the buttermilk, but not as light and fluffy as I had hoped. I tried leaving the waffles in longer to take care of the crust, but it didn’t help.

I’m going to try this recipe again, but with all white flour instead of the 50/50 mix. This should reduce the density, and lead to fluffier waffles with a crispier crust. If I can get that to work this recipe will be a hit, since it’s much easier to put together than the recipe from the Joy of Cooking.

Sun’s looking to give away free Niagara servers to bloggers looking to review them.

I put my name in, not that this blog is a huge traffic source, but because I’m doing a series of articles for IBM on Unix performance tuning, and I think it would be sweet to use one of these boxes. I’ve also been doing some tuning and setup for b5media, and I’d love to compare mySQL and/or apache under the same load, assuming I can figure out a way to simulate it. I suppose given a fast connection (cough, like the one at work, cough), I could direct a portion of the requests that way, or just to write some code to replay the day’s transactions at it and compare it to the actual performance.

I haven’t been posting much even though a lot of things have crossed my mind that would be interesting to write about. I’ve been pretty busy with my family and some other projects. Notably, I’m writing a few articles for IBM DeveloperWorks on Unix performance monitoring which I’ll link to here once they go live.

Also, one project that I’m pretty excited about is the B5Media.com server move. They were originally running 120+ blogs on 2 servers that were falling over regularily. I helped out with the setting up and tuning of a dedicated database server and two web servers. I’m almost done handing it off, but it’s been a great learning experience. I hope to reflect some things I’ve learned in future articles here, and on other sites.