Siemens Gigaset uses LGPL!

This caught me by surprise…

Your Gigaset S685/S675 IP’s firmware includes free software that is licensed under the GNU Lesser General Public License.

And there’s a link to the source code http://gigaset.siemens.com/shc/0,1935,hq_en_0_121785_rArNrNrNrN,00.html

Hmmm, now this might open up some possibilities… As it is LGPL, it indicates that there is probably some non-GPL code too, but it is very encouraging :-)

April 30th, 2008 | Alan Lord | Tags: , .
Categories: FLOSS in the news | Comments: No Comments

S685IP and the VCard format

Last night my wife harangued me about not having her phone directory installed on our new handsets so she can see who is calling.

She sent me a spreadsheet with all the contacts and their respective numbers. The manual for the S685IP is a little unintuitive regarding the formatting and options for the vcard format so I started doing some digging about.

Firstly, I created a dummy entry in my handset using all the fields I could find. Then I turned on Bluetooth and transferred it to my laptop so I could see what it looked like. The Bluetooth link worked great. I could have got the vcard from the handset via the web interface, but I just wanted to test the Bluetooth functionality. Here it is:

BEGIN:VCARD
VERSION:2.1
N:Lord;Alan
TEL;HOME:XXXX79XXXX
TEL;WORK:XXXX27XXXX
TEL;CELL:XXXX457XXXX
EMAIL:test@testingcentre.com
BDAY:1900-11-01T00:00
END:VCARD

I didn’t find a perfect csv to vcard converter for this structure, although this online one worked pretty well and only needed a bit of local massaging to import correctly. I also tried a rather old but still useful ruby project from sourceforge here, that also worked but left out the vital VERSION:X.X line altogether.

Anyway, as you should be able to see from above, the name field N: takes two parameters separated by a semicolon and does not use the discreet FN: and LN: format. Note that it is last name first.

The rest should be obvious. If you don’t have data for a field, leave the entire field out. I didn’t try sending a blank field to the handset, but leaving the fields out entirely worked just fine.

The only other “gotcha” is that the file containing your vcard data needs to be DOS formatted and not Unix formatted: CR+LF vs LF. If you are on Windows then you won’t have a problem but Linux users will need to use the tofrodos package (Ubuntu users just do sudo apt-get install tofrodos) and run the file through the unix2dos command before sending it to the handset. If you don’t, the transfer fails.

Once you have the format right, using the Web interface on the base station to upload the directory seemed to work absolutely fine. I was able to send a directory containing 70 entries to each handset. It isn’t blisteringly fast (I guess it took about 2 minutes/handset), but it’s a whole lot quicker than typing the entries in by hand!

April 30th, 2008 | Alan Lord | Tags: , , , .
Categories: Runes and tales | Comments: 7 Comments

Vista UAC: Faux Security or What?

I came across this article via slashdot.

If you are a sysadmin or have just fought to get Vista installed because of it’s much-vaunted security model based around UAC, read this and weep.

… Perhaps most importantly though, is the fact that Windows Vista’s newly-implemented security limitations are artificial at best, easy to code around, and only there to give the impression of security. Any program that UAC blocks from starting up “for good security reasons” can be coded to work around these limitations with (relative) ease. The “architectural redesign” of Vista’s security framework isn’t so much a rebuilt system as much as it is a makeover, intended to give the false impression of a more secure OS.

Oh dear.

Basically, it seems, by writing a two part application and an inter-process API – any hacker can circumvent UAC with relative ease.

It’s just as we always thought – Vista is just XP wearing an imitation fur coat.

Now where did I put that Ubuntu 8.04 CD?

April 28th, 2008 | Alan Lord | Tags: , .
Categories: FLOSS in the news | Comments: 2 Comments

Siemens Gigaset 685IP Phones and Asterisk Review

[Update and Introduction: This article was originally posted on the 27th April 2008. I am still using the phones and am very happy with them indeed. I have had no operational problems to speak of. I make this updated comment because this is still a very popular article and new visitors read this daily but the date is only shown at the bottom.]

Last week I purchased a triple set of the brand new Siemens S685IP telephones. This is a DECT home telephone system with support for both PSTN and VOIP services. I’d spent quite some time looking for a decent replacement for our aging and now unreliable existing DECT handsets.

I bought these from a UK based on-line telephone vendor DSTelecom and their service and price was very good. I’d been waiting for this model to become available for a couple of months and they were offering the best price and the were first to get them in stock too!

There were a few reasons I selected these Siemens phones, but the main one is their ability to act as a basic telephone switch between handsets and incoming services. The Base unit can support up to 8 incoming services: 1 x PSTN, 1 x Gigaset VOIP Network, and 6 further VOIP (SIP) services.

This is the latest release and the handsets support very high quality voice between each other and on compatible networks. They also support Bluetooth so you can use a wireless headset and upload/download your mobile phone’s address book etc.

Here’s my personal review of these new phones for use in our home network. (Just click on the thumbnails for bigger images)

My initial impressions: Nice packaging and a good looking handset.

S685IP Box The S685IP Contents S685IP Handset

There are very easy to follow 1st time instructions that get the system installed and running. Once I’d plugged the phones in and got them charging, and base station in to the LAN, the phone started showing me the weather forecast in Lisbon! :-)

Once the physical install is done, you can do almost everything else from the web based interface of the base station. I’ll cover that in detail in a minute.

But first the handsets. When you get them you need to do a first time charge and discharge cycle. The batteries are supplied (a pair of AAA rechargeables). The first full charge took between 3 and 5 hours depending on the handset. To discharge them all, I made internal calls between the phones and put them all on handsfree. It took a good 8-10 hours for them to get fully discharged. So talk-time is excellent.

The first thing my wife commented on when we were talking internally was the voice quality. She said it was brilliant! And having now just had a conversation with her somewhat hard-of-hearing father, he also attested to the much better sound than our previous telephones. So that’s good!

They have a nice big colour screen where you can – apparently although I haven’t done this yet – add pictures to your directory so the phone shows the caller’s face or avatar when ringing.

Anyway, all-in-all my initial impressions of the system was very positive indeed. Now let’s look at how the whole DECT/VOIP thing is configured and what really makes these stand out for a home phone…

Accessing the Web based user interface was easy. Here’s the login screen you first see:

Login Screen

Due to the way I have our home network set-up, I used a static IP address for the base unit. It also supports DHCP however.

IP Configuration

Next is to configure some VOIP service providers. For me it’s my Asterisk server… Only one change seemed to be needed to get the registration to work: Add subscribemwi=yes to your sip.conf. I’m not actually sure if this made any difference, as I think I didn’t click the “Active” box first time round. But apparently this setting is needed to get the message waiting light working properly when you are using Asterisk’s voice-mail anyway.

The Connection Screen

You configure the details for each service by clicking the “Edit” button. Here’s a default screen showing most of the options.

Creating and Editing Connections

The next section allows you to select the codecs you’d like each service to support and their priority. As you can see again, it’s a simple, clean and easy-to-understand interface.

After that, you are ready to choose which handsets work with what services. I configured my handsets first to give them meaningful names: “Alan’s, Helen’s and Kitchen”. Note also you can upload/download your handset’s directory from here too. The directory needs to be in vcard format. I haven’t done this yet but I can’t see any major obstacles apart from the time it will take to get a csv spreadsheet into vcard.

Configuring Handsets Assigning Numbers to Handsets

This is, for me at least, the coolest feature. From this screen, you can choose which handset rings depending on the service it is coming in on. And you can decide which calls use the built-in answer machine and which do not. It’s basic switch functionality and when you stick Asterisk behind this you have a really flexible solution to handling multiple incoming lines and different types of users.

My wife and I both run our respective businesses from our home offices. Now we have individual incoming VOIP lines into Asterisk plus the home PSTN service. Calls for my business ring, my phone and the kitchen phone. Calls for Helen’s ring her phone and the kitchen phone. Neither uses the Siemens Answer machine but the features of Asterisk’s voice-mail system. Calls for the family ring all three phones and use the built-in answering machine. You can configure this any way you wish basically.

Now we have a basic phone system set-up there are various add-on features to play with ;-)

Here is the call forwarding screen where for each service you can decide what to do under certain conditions: “When Busy, No Reply or Always”. Simple but this is a home telephone system.

Basic Call Forwarding

Next, you have a section for creating dialling plans. You have here, the ability to choose which service gets used for particular number sequences. So, for example, you could put in the international prefix for Australia and only allow numbers with that prefix to go via a particular VOIP service. You can also block certain number sequences completely too.

The Network Mailbox screen allows you to configure the voice-mail service for each provider. So for Asterisk that will be the numbers configured in voicemail.conf. This enables the service to work with the handsets so you get message waiting indications and access to the mailbox without needing to know the mailbox number.

Network Mailbox

Also in the Telephony section of the configuration tree is an “Advanced Settings” screen. This lets you configure the way DTMF tones are handled, SIP and RTP port numbering and a few other odds and sods.

Advanced Settings

That’s it for the telephony section. Comprehensive, easy-to-use and nicely laid out.

The next area is “Messaging”. The handsets support SMS type texting and there is an option to configure a jabber server (IM). The Siemens Gigaset VOIP network, which you get automatically subscribed too when you buy your phone is the default configuration, but you can change it to your favourite IM network should you wish. Not being a big user of either SMS or IM I haven’t used this. Maybe one of my kids will show me later!

Also under the Messaging section you can configure a POP3 email server. It is for the network, not per handset so I am not sure of it’s value. I suppose for a family who have a single email account it might be useful. But this feature doesn’t really do it for me. If it was per handset or per network service it would make far more sense.

After Messaging come the last few configuration pages.

The first is called “Info Services” and you can, via the Gigaset Network, configure a few somewhat limited network based information feeds. You can enter an RSS feed, or choose a weather forecasting service. The weather seemed more useful for me so I set it to show me the weather for London for the next three days.

The final screen is the ubiquitous “Miscellaneous” settings. Here you can update the firmware directly from Siemens or use a locally stored file. You also get to choose the NTP server for the clock and whether to automatically deal with daylight saving time changes.

Miscellaneous Settings

That’s the Siemens S685IP phone system. Having had them running for a few days now, I’m very pleased. Everything has worked, call quality is excellent, ease-of-use is superb.

I have come up with a couple of tricks I’d like Siemens to do that would really enhance the overall functionality however. Two are to do with time. And as there is an accurate and network-synchronised clock in the base station, I can’t see this being terribly hard to do to be honest.

  1. Use the in-built clock to allow you to configure different network connection settings. So, for example, after 6pm, If a call comes in my office number I might not want it to ring the other (our kitchen or family) phone. Perhaps during a weekend also.
  2. Ditto with call forwarding. After 6pm or during weekends forward calls to my mobile for example…
  3. Ditto with the dial plans. Being able to route certain type of call via different networks is great, but being able to choose to do it during certain hours would be even better…
  4. The email and IM features are nice but in my opinion they would be far more useful if it was configurable based on per handset or service basis rather than a single account for all devices.
  5. Also to do with the email feature; I’d like the option of IMAP as well as POP3.

I’m sure there will be some other ideas that will crop up have as we get used to them, but all-in-all my first impressions are that this is an absolutely cracking phone system for home and small business. When you use this with Asterisk of course, they get even better. Some of the time based features could possibly be got around by some fiddling with Asterisk. If I get chance to work something out I’ll write it up here.

April 27th, 2008 | Alan Lord | Tags: , , , .
Categories: Runes and tales | Comments: 159 Comments

The rise and rise of OpenOffice.org

I went to a party this Saturday evening for a friend’s 40th birthday.

Nothing remotely interesting about that in itself, but I was rather struck yesterday whilst remembering some of the conversations I’d had the previous night…

There were many people who I did not know at all or as only a “face” from the school run and such like. And it was a typical party with a wide mixture of individuals and couples from all sorts of backgrounds [i.e, NOT all in IT], and quite a few were from Australia. When the conversation turned to “what do you then?” and I told them, almost everyone of the replies included a comment along the lines of “Oh, you mean like Open Office?”.

I was questioned in-depth about Open Source in general, the business model(s) that surround and support it and on how one should go about getting or using it.

Another common thread to our chats was the: “There’s no reason to go out and spend hundreds of pounds of Microsoft’s Office. OpenOffice does more than enough and is free”.

The general interest level in Open Source and specific familiarity OpenOffice.org was very encouraging indeed.

On the downside, the evening was less like a party and more like a sales pitch… But hey – that’s fine by me ;-)

April 21st, 2008 | Alan Lord | Tags: , .
Categories: FLOSS in the news | Comments: No Comments

A shared “drop-box” using Samba [Updated]

Here’s a neat thing I managed to sort out the other day.

If you have read any of the “Untangle, Asterisk and File Server; All-in-One” series of posts before, then you will know that I’ve got a neat little VIA CN700 server for our home that is running all sorts of good stuff.

One of the things I have wanted to do for a while was to create a shared directory on the server so any family member can put stuff in there (like music files etc) but not be able to delete anything so as to prevent accidentally removing thousands of MP3s or irreplaceable digital pictures for example. This facility is apparently called a “drop-box”.

Hmmmm. Now let me think… Linux file permissions are rwx: Read Write eXecute. So, if you have write access, you can delete too. How can I fix this?

After some Googling and reading the Samba documentation it is actually pretty straightforward. Here’s how to make a drop-box on a Linux file server using Samba (CIFS) as the file sharing protocol and access mechanism.

  • Create a directory somewhere on your server and give it a sensible name: I called it “shared” and put it under the /home tree.
  • Create a Linux group for all users who you want to access the drop-box: I called the group “shared”. Then add your users to that group.
  • Using sudo or running as root, change the the directory settings as follows:
    • chmod 770 shared. This prevents access to the directory by anyone other than root, and the owner and group members.
    • chown nobody:shared shared. This changes the directory ownership to a user “nobody” and the group “shared”. It is important that you use a user who is NOT a member of the shared group. Any user will do, but it must be defined in/etc/passwd. I chose “nobody” as it has very minimal permissions and is unlikely to pose any sort of security hazard. On my server, the user nobody is configured thus:nobody:x:99:99:Unprivileged User:/dev/null:/bin/false
    • chmod g+s shared/. This sets the directory’s SGID bit so that any new files or directories created in our shared directory will have their group id set to that of the of the shared directory. This ensures all members of the shared group can read the contents.
    • chmod +t shared This sets the “sticky bit” of our shared directory. On Linux, setting the sticky bit, means items inside the directory can be renamed or deleted only by the item’s owner, the directory’s owner, or the superuser; without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of owner.
    • Here’s a listing of the directory showing how it should look now:drwxrws--T 3 nobody shared 62 2008-04-15 21:48 shared

Now we can set-up our share in Samba as follows:

[shared]
comment = Our Shared Data/Media
path = /home/shared/
read only = no
valid users = @shared
browseable = yes
inherit owner = yes

The valid users @shared line tells samba that only members of the “shared” group can access this share. And the line inherit owner = yes is what makes it all work. This tells samba to set the owner of any files created to the owner of the directory we are in. In this case the owner is “nobody”. As the sticky bit is set on this directory, only the user “nobody” or the superuser can remove files as their ownership is instantly changed by Samba when first created from the actual user to the user “nobody”.

After dropping a file into the shared directory over a samba connection the listing looks like this:

-rwxr--r-- 1 nobody shared 1272366 2008-04-17 14:17 14_-_Jubilee.mp3.

See how the file is owned by “nobody:shared” and only has group and other read set.

It might sound like a bit of a palaver, but it doesn’t take very long to set up. This is a very useful way of creating drop-boxes for many kinds of applications.

I hope someone finds this useful, and please leave a comment if you do!

[UPDATE]

A big thanks to Simbul who noted the obvious flaw in my suggestion. Although you could safely drop files into this folder, you couldn’t create directories which was a bit of a PITA to be honest. However Simbul made a simple addition to the [shared] section that fixes this issue (See the comments at the bottom of this post for details):

[shared]
comment = Our Shared Data/Media
path = /home/shared/
read only = no
valid users = @shared
browseable = yes
inherit owner = yes
Add the following two lines:
directory mode = 3770
force directory mode = 3770

And that’s it. Thanks Simbul. It works a treat.

April 17th, 2008 | Alan Lord | Tags: , , .
Categories: Runes and tales | Comments: 9 Comments

Next Page »