Linux-Based Phone System Phones Home

An anonymous reader writes to let us know that users of Trixbox, a PBX based on Asterisk, recently discovered that the software has been phoning home with statistics about their installations. It's easy enough to disable, and not particularly steathy (beyond encrypting the data sent back), but customers in the forum are annoyed at not having been informed of the reporting. Trixbox is owned by Fonality, which makes customized PBXs (again based on Asterisk) for paying customers.

Trick Box

[Deathanatos]

A product named Trixbox is really a box of tricks...

Re:

[Tuoqui]

Silly Rabbit, Trix are for Kids.

Re:

[the_humeister]

*Asian Trix rabbit after brutally killing those kids*: "You share!"

Re:

[Gilmoure]

Silly Rabbi, kicks are for Trids!

Re:Trick Box

[Anonymous Coward]

I tried out Trixbox Pro not that long ago but was really turned off by their premise that you must have Internet access to properly configure your server (my VoIP server is NOT on the Internet nor will I do so for privacy and security reasons!). And their appliance is expensive and still needs Internet connectivity. While their old-school Trixbox CE product doesn't have this limitation development on it has slowed down despite their claims of "it's still in development, really!".

AsteriskNOW isn't ready for prime-time yet, though it shows promise long-term.

If you don't want to compile Asterisk yourself and yet you still want to use FreePBX (and you really should!), I highly recommend you check out Nerd Vittles, http://www.nerdvittles.com/ [nerdvittles.com] instead -- everything that Trixbox CE could have been.

Re:

[Power_Pentode]

"If you don't want to compile Asterisk yourself..."

If you wish, you can use Asterisk without compiling it yourself; several distros have versions of Asterisk in their repositories. I'm pretty much a Linux n00b but once I read which modules are prerequisites, Asterisk compiled easily with the usual ./configure, etc. Thanks for the tip on FreePBX.

Re:

[SpzToid]

I highly recommend you check out Nerd Vittles

Me too! Those guys wanted to work with Trixbox devs, and finally gave up and rolled their own, which is the new PBX-in-Flash voip server. The true open-source devs have released a truely wonderful and solid server. They asked for donations to fund a server, and I'm so impressed with my phone server, humming away for a few weeks already, of course I'm donating; I want more good stuff in the future, and want these PBX-in-Flash devs to stay motivated. Great stuff g

Re:

[Windowser]

If you don't want to compile Asterisk yourself and yet you still want to use FreePBX

You can download http://centpbx.org/ [centpbx.org]

Re:

[jberryman]

*robotic laugh* AH-AH-AH. Humor Acknowledged.

So?

[brad-x]

The initial setup at the web GUI makes it apparent that it wants to send stats back to home-base. How this can take people by surprise is baffling.

Re:

[irtza]

Well, I have always found it interesting that people get up in arms over these types of things (with open source software). If people are that pissed, let them maintain their own distribution. I can understand if someone had paid for something that they may be mad about this sort of behavior, but people should be happy that someone has put together a great product for their use. I am running a trixbox at my office and may use this info to disable to call home; however, I have no problem with the company

Re:

[the_humeister]

How do you know it's not malicious? Being open source doesn't necessarily mean the right people are looking.

Re:

[wizardforce]

How do you know it's not malicious? Being open source doesn't necessarily mean the right people are looking.

being opensource means that the source can be reviewed, that's a hell of a lot better than impossible to be reviewed now isn't it? now aside from that, there's the fact that there are people looking at the code, a lot of them- especially slashdotters that make a hell of a noise over things like this.

Re:

[ppc_digger]

It doesn't even have to be reviewed. Imagine what happens if someone looks at the code and finds something malicious. No one will ever trust that program's developer again. If it's open source, it's harmless, unless the developer is crazy.

Re:

[Mathinker]

I have a strange feeling that as open-source gets more and more mainstream use, we will start to see things like open-source projects where released compiled binaries are compilations of modified versions of the released source code, which contain malware. No amount of code review is going to catch that.

I wonder if to counter-act this, open-source projects will start to release, in addition to the source, all of the compilation settings, etc. which were used to create their released binaries, so that anyone

Re:

[mikiN]

On providing build parameters: I'm afraid the compilation process isn't deterministic enough to guarantee that identical build parameters and identical sources will result in identical binaries when built on different hosts. What we need is a tamper-proof way of storing a digital signature of the source code and build parameters in the binaries themselves.

Re:

[cayenne8]

Why not just move to the build (everything) from source paradigm, like Gentoo, and then, you don't have to worry about problems with pre-compiled binaries?

Re:

[WK2]

we will start to see things like open-source projects where released compiled binaries are compilations of modified versions of the released source code, which contain malware. No amount of code review is going to catch that.

Somebody will notice, if it is a popular project. They won't notice from looking at the source, but some people have nothing better to do than run arbitrary binaries in a debugger, looking for anomalies. If it is a network anomaly, such as phoning home, it is even easier, because it w

Re:

[petermgreen]

you can but there is no gaurantee you will end up with packages identical to those in the repositry. Changing versions of a packages build dependencies can easilly change the binaries that a source package will produce between the binaries uploaded to the repositries and your attempt at rebuilding.

a rouge debian developer could easilly upload a compromised binary to the archive without being noticed.

Re:

[irtza]

yeah... I thought of that a few seconds after clicking "Submit". Very valid point - I should have said open and transparent. I.E. the software functions as stated. I do believe there is an obligation to inform people that data is being gathered - my point was that if someone said "I am giving out this software that does X, but I will be gathering your IP address and browsing habits." I wouldn't complain about it. I may not run the software or may attempt to hack it to no longer do that, but I wouldn't

So?-OSS or Bust.

[Anonymous Coward]

"I just can't complain about free software."

Damn! There goes all the FreeBSD battles.

Re:

[gokalp]

Even the paid softwares call home without prior information http://yro.slashdot.org/article.pl?sid=06/06/08/0119253 [slashdot.org]. So what?
-----
http://www.internet.gen.tr

Re:

[irtza]

no, I was just commenting on the people that get pissy that some software doesn't work the way they want. I don't mean to say that one shouldn't express their opinion - only that there is a limit to reasonable expectations. Its one thing to pose the question - "is there a driver for printer X? Is anyone working on it?" and "Why is no one working on this printer driver?! Team X needs to do this now." I also distinguish between a request made to third parties - i.e. a hobbiest that got his printer workin

Stats are useful

[EmbeddedJanitor]

Many companies collect usage stats for many products. These are very useful for the ongoing design of the product or assessing impact of changes etc. By knowing typical usage patterns the engineers can better formulate optimisations or prioritise development tasks.

So what if anonymous stats are collected?

Re:Stats are useful

[ScrewMaster]

Nah ... it's just that people don't bother to read what's in front of them. Had there been a big blurb during the software install that proclaimed "we collect anonymous usage statistics" nobody would have cared, but because it wasn't made sufficiently obvious people think there's something devious going on.

Re:So?

[syousef]

The initial setup at the web GUI makes it apparent that it wants to send stats back to home-base. How this can take people by surprise is baffling. ...because of course you have read every word of every screen of every version of every installer you've ever used, and never just glossed over any detail. What's baffling is that comments like this get modded up.

Re:So?

[QuantumG]

Well that's your own stupid fault then isn't it?

Re:

[John Hasler]

> ...because of course you have read every word of every screen of every version of every
> installer you've ever used, and never just glossed over any detail.

Yes, of course.

Re:So?

[insertwackynamehere]

If it really bothers you this much when usage stats are collected, then you can't really gloss over things like the TOS and EULA... you can't have it both ways.

Re:

[syousef]

If you install sufficient software it simply isn't possible to read all the EULAs. Anyone who says they do either doesn't install much, is paid to do little else, or is a liar.

Yes you can

[Rix]

No one reads those things, and no one is intended to. If they were intended to convey information, rather than obscure it, they would be no longer than a paragraph and in plain English.

Re:

[rubycodez]

Even Microsoft's EULAs are very short. They are in what was high school level english 30 years ago, can't speak to the abilities of today's younger generations. Yes, you are intended to read them; I do.

Re:

[syousef]

I simply don't believe you read all your EULAs. Skim perhaps, even then I doubt you do that rigorously.

They are not in highschool English. They're in legalize that often has a very specific meaning that does not match common usage meaning.

an example- not so bad

[rubycodez]

It is part of my job to be aware of EULAs and other licensing in the solutions I propose to my clients. For some reason software companies keep their EULAs concise and to the point, as they'd rather not have anyone violate it.

Let's look at an excerpt from an MS EULA: ...............
i.Distribution Restrictions. You may not
alter any copyright, trademark or patent notice in the Distributable Code;
use Microsoft's trademarks in your programs' names or in a way that suggests your programs come from or are endor

Re:

[mikiN]

distribute Distributable Code to run on a platform other than the Windows platform;

Doesn't this clause make it an EULA violation to run most software under WINE? Lots of Windows software contains one or more DLLs which I presume fall under that clause (msvcrtXX.dll comes to mind).

Re:

[funkatron]

Presumably its only a problem if you run software with this particular EULA under wine. Besides most of the really essential DLLs already have wine equivalents.

Re:

[Tim C]

No. The WINE guys aren't distributing any code covered by that EULA, so they're in the clear. The shop/website you buy/download/whatever your software from similarly isn't doing so so that you can run it under WINE. You yourself, in running the software under WINE, are not distributing it.

So, unless someone actually is distributing code covered by that EULA specifically for the purposes of running it under WINE, then I really don't see how anyone is violating it simply by using WINE.

Re:an example- TERRIBLE

[syousef]

It is part of my job to be aware of EULAs and other licensing in the solutions I propose to my clients. For some reason software companies keep their EULAs concise and to the point, as they'd rather not have anyone violate it

You must have a very different definition of the word concise.

You take a very small excerpt from a random MS EULA and point out that it can be understood. So what. Quote the other 20 pages and see how reasonable it is. But that sounds like an exaggeration so let me produce something sol

Re:

[syousef]

d; if one can read and discuss Shakespeare or Melville, one can read and discuss that EULA.

Oh and by the way reading Meliville and Shakespeare is called getting an education. It serves a purpose to learn about other times, other places, other language and about heritage. In contrast, reading a EULA is just a complete waste of time. If one does not understand the difference, then one's education has failed one miserably.

Re:

[ZOMGPONIEZ111]

There is a major difference between software talking to its vendor in order to be more effective and spyware that sends your personal info to spammers / advertisers / con artists. With the source, it is possible to verify that they were telling the truth about what is collected, or, if they're not, then just fork it with that part deleted.

Wrong

[DJCacophony]

The developers collect the information, and then sell it to advertisers to make a quick, easy buck off of their users.
Apparently selling a commercial version of their software doesn't give them enough money, they have to covertly do this as well.

The key mistake they made here is that they made it opt-out and difficult for an inexperienced user to opt-out.
The correct move would have been to provide a separate page during the install that said in big bold letters,
"WOULD YOU LIKE TO SUBMIT YOUR USAGE, HA

Re:

[Tony Hoyle]

How much of that data could be traced back to you anyway? Unless they're sending email and postal address..? They can't really avoid sending the IP address (short of bouncing the results through Tor or something) but may not actually store it at the other end (for example we make a point of never storing IPs, only country information) but installation statistics are useless on an individual basis - they simply indicate patterns when combined with the statistics of other users.

If they want to sell that inf

Re:

[rucs_hack]

The initial setup at the web GUI makes it apparent that it wants to send stats back to home-base. How this can take people by surprise is baffling

Without being cynical. Oh wait, I can't do it that way..

There's one reason, because it makes for a story that seems on first glance to be sensational, and thus survives the firehose.

Is Microsoft Invading Slashdot?

[arotenbe]

from the hard-to-keep-secrets-when-they-can-read-the-code dept.

It sounds like Slashdot is advocating security through obscurity...

Re:

[renegadesx]

cp /home/arotenbe/stupid_comment /dev/null

Re:

[thegrassyknowl]

It sounds like Slashdot is advocating security through obscurity...

Why not? Almost every IT "professional" I have to deal with on a daily basis advocates the same. It seems that since every n00b and his dog is advocating it then it must work!

Re:

[marcello_dl]

To me it seemed to be advocating getting hold of FOSS, whose unwanted features you can easily disable.

eh?

[LingNoi]

So what does it actually do? Let me explain. We are only looking at the number of phones (and types) that are connected to a system.

So it's sending back some generic data with no personal information so they can do a best estimate of where they need to be spending their time.

What's the problem here?

Re:

[FudRucker]

if the data is encrypted then only those that know how to decrypt the data can read it, everyone else has no idea what that data is, then if it is generic data about phone types and numbers of phones then why bother to encrypt the data, i have 3 phones of various brand names (Bell, AT&T and GE) (now everybody knows)...

Re:

[xouumalperxe]

if the data is encrypted then only those that know how to decrypt the data can read it, everyone else has no idea what that data is

Not completely true. Once you dive into the source, you can verify whether the information that's being packaged is indeed the information they say they're collecting. Their EULA (apparently) says they're collecting the information, so you know they have it. But what of anybody who intercepts it? Granted, it's not particularly useful information, but it's good standard procedure to encrypt this sort of thing anyway, especially when the client has the benefit of the transparency of OSS.

Re:

[slugstone]

Great you have three brands of phones. But what if there is a explode in your Bell phone?

Re:

[Fnord666]

So it's sending back some generic data with no personal information so they can do a best estimate of where they need to be spending their time. What's the problem here? - LingNoi

While it is pretty trivial for anyone with basic linux knowledge to disable it, the issue is that a) we didnt inform people well and b) we didn't make it easy to turn off. - kerryg

The problem is that they forgot basic civility and politeness. They didn't ask for permission to collect information about my installation. I ma

Re:

[bcdm]

H'm. Let's count the problems together: 1) They did not inform or ask their members that they would be collecting this information. Even the eeeeeeeeevil Microsoft/Apple/whoever we hate today notifies us that generic data is being collected. People tolerate generic data collecting; they don't tolerate duplicity all that well. 2) The data is encrypted, so there's absolutely no way to tell if what they're saying is true or not. 3) They've been doing this for months without anyone noticing it (and letting o

Re:

[raju1kabir]

They did not inform or ask their members that they would be collecting this information.

Yes they did, in the user agreement. People just didn't read it.

I think that's a perfectly reasonable place to say that they will be collecting information. People say "but nobody reads those", but if you get vendors to start putting all those reminders somewhere else, then that new place will soon become thick with notifications and people will stop reading it too.

If you care enough to be upset about something like t

Re:

[Sancho]

Exactly. I'm pretty sick of long EULAs, myself, but at some point, you've got to ask where the responsibility lies. Would it be enough for the disclaimer to be in the software documentation? That's usually longer than the EULA, and while people may be more likely to read parts of it, few people read it all. They find the parts specific to their need, read it, apply the knowledge, and move on.

We're too much of a warning label society as it is. "Warning, about to connect to another VOIP phone." "Warning

Re:eh?

[arth1]

So it's sending back some generic data with no personal information so they can do a best estimate of where they need to be spending their time.

What's the problem here?

First of all, your claim isn't true. Here's what it currently sends back the output of:

/usr/bin/perl /var/adm/bin/recognition.pl
/bin/uname -r
/bin/rpm -q -a
/sbin/lspci -vn
/usr/sbin/dmidecode
/usr/sbin/wanrouter version
/usr/sbin/wanrouter hwprobe verbose
/usr/sbin/asterisk -V
/bin/cat /etc/redhat-release
/bin/cat /etc/trixbox/trixbox-version
/bin/cat /etc/trixbox/.regData

Note that it sends the registration data on every request. Which means the other data isn't anonymous.

But, and this is much more alarming, it also can execute arbitrary commands. It connects to the remote server, asks it what to execute, and then executes it. That's VERY scary, no matter what is currently collected. Imagine a hacker getting access to the server customers connect to.

Re:

[cp.tar]

But, and this is much more alarming, it also can execute arbitrary commands. It connects to the remote server, asks it what to execute, and then executes it. That's VERY scary, no matter what is currently collected. Imagine a hacker getting access to the server customers connect to.

Does this software run setuid root?

Of course, even if it is not, this is a huge issue.

Re:

[grolschie]

But, and this is much more alarming, it also can execute arbitrary commands. It connects to the remote server, asks it what to execute, and then executes it. That's VERY scary, no matter what is currently collected. Imagine a hacker getting access to the server customers connect to.

That's about as scary as a hacker getting complete access to the WindowsUpdate.com servers or some popular Linux distribution update servers, right?

Re:

[MadCat]

That's about as scary as a hacker getting complete access to the WindowsUpdate.com servers or some popular Linux distribution update servers, right?

Just the fact that the trixbox developers have shown a serious lack of understanding when it comes to security makes it a lot more likely that a hacker can gain access to the webserver that's being hit on by all the installed trixboxes. All you do then is tell it to go download and install some tasty rootkit.

Presto. Instant botnet for some script kiddie to

Re:

[Rakishi]

No, it's much much worse because:
1. I KNOW update services get back executables and I can take the expected precautions. Something which is supposed to simply send data back I do not ASSUME also executes random commands from a server, that's just utterly baffling and stupid and counter-intuitive.
2. I either run update programs manually or I have them only automatically tell me there are updates. Updates are NOT installed automatically and it is unlikely that I would miss a hack of the windows servers.
3. Upd

Re:

[petermgreen]

That's about as scary as a hacker getting complete access to the WindowsUpdate.com servers or some popular Linux distribution update servers, right?
This is why linux distros have moved towards digitally signing thier repositries and if MS has any sense then they will have done the same for windows update.

Of course if the master key and the distribution network are both comprimised then it gets about this nasty but I would imagine they take quite substantial precautions to stop this happening.

Re:

[Bryansix]

Imagine a hacker getting access to the server customers connect to.

Well that would suck donkeyballs. You know what would suck even more? If you were a Fonality Customer. The same company also runs Fonality (PBXtra) and with that service all changes are made on their servers first and then their servers change the settings in Asterisk on your phone server. I used this service and it worked well for almost everything we wanted it to do. They had 24 hour service if the phone system ever went down. I've call

Re:

[Bryansix]

Ya, I think they told me that if I wanted to change an extension I had to change it to something else and then change it to what I wanted it to be in order for it to take. I almost died laughing. Needless to say we don't use them anymore.

Re:

[Minupla]

Whats wrong from a technical POV is that the code does the following:

Connects to the servers at home and DOWNLOADS a list of commands to execute as root.

From the comments on the file:

# This file is design to be executed regularly by an external controller such as cron.
# It retrieves a list of commands to be executed from the specified URI and executes them, saving the output
# and returning it to the webserver as an encrypted string.

So a quick and dirty analysis shows the following:

If someone poisons your DN

Security Vuln

[Anonymous Coward]

The issue here is not just the fact that it is phoning home - it is the method in which it is done. This has been reported as a security vulnerability to the voipsec mailing list. http://voipsa.org/pipermail/voipsec_voipsa.org/2007-December/002522.html [voipsa.org]

Mod parent up

[Fnord666]

This is a key point. A cron entry runs a process on the PBX every 24 hours that connects out to trixbox and picks up an arbitrary list of commands. It executes those commands (under whatever authorities it wss installed with) and returns the results. Sure hope their server is up to date on patches. That assumes DNS sent back the right server to begin with and not a spoofed site with a "different" set of commands.
In what universe does this seem like a good idea?

Re:Mod parent up

[grcumb]

This is a key point. A cron entry runs a process on the PBX every 24 hours that connects out to trixbox and picks up an arbitrary list of commands. It executes those commands (under whatever authorities it wss installed with) and returns the results.

What a terrible design! I worked for a couple of years on a FOSS product whose commercial version phoned home by design. It was a small server that allowed remote configuration changes via our NOC. The idea was to provide basic systems admin functionality for multiple geographically dispersed servers. Man-in-the-middle attacks - in either direction - were one of the primary concerns, second only to the privacy of the customer.

We vetted every byte, incoming or outgoing; we worried constantly about both sides of the the authentication process, addressed DNS poisoning and coped properly with pwned clients as well. We never ever passed anything but text between the server and the NOC. Even anti-virus signature updates were performed out-of-band with the 'phone-home' process.

Allowing execution of arbitrarily defined scripts is a disaster in the making. The trust model is entirely wrong, for one thing. I understand now why the manufacturer didn't want to talk about, because no sysadmin in his right mind[*] would accept that someone outside the organisation should ever have the right to run arbitrary code on their boxes without prior vetting.

*****

[*] Unfortunately, 'sysadmins in their right mind' is a far-too-small subset of all sysadmins....

Re:

[sholden]

Allowing execution of arbitrarily defined scripts is a disaster in the making. The trust model is entirely wrong, for one thing. I understand now why the manufacturer didn't want to talk about, because no sysadmin in his right mind[*] would accept that someone outside the organisation should ever have the right to run arbitrary code on their boxes without prior vetting.

Of course if said software was installed in the first place then the vetting process is obviously completely worthless anyway...

Re:

[Sancho]

Abstracted as it is, it's not such a terrible design. It's only if key elements are left out (using SSL to verify that both sides are talking to the right host, for example) that you hit snags.

Do you disagree with the usage of software like CFEngine and Puppet? They work in an identical fashion. The key difference is who controls the server which issues the updates, however even then, most people blindly take updates to their OS, so the same trust issues apply there.

Re:

[grasshoppa]

It's possibly worth noting here that there is precidence for this. I know of at least 1 large financial package ( which Cities use ) that does this in TSQL.

Yes, that's right. This is the same software that pays my checks AND takes payments for city services. And the company wants to have our servers here connect up over http ( not https ) to pull sql scripts to run.

This about says it all

[sjames]

From the forum:

The point is that people should have been given a means to easily opt-out of the data collection process which is something we totally overlooked and in seeing the reaction we realize that this was a big mistake on our part. While it is pretty trivial for anyone with basic linux knowledge to disable it, the issue is that a) we didnt inform people well and b) we didn't make it easy to turn off. We thank you for your support on this but anytime there is a more than a few people complaining about something it means we missed the mark on it. So, as a team and a company we fix it and learn from it. -- Kerry Garrison trixbox Community Director

I used to be the lead developer..

[Rob from RPI]

And I'm somewhat annoyed by KerryG's assertion that "Both trixbox and FreePBX have phone-home mechanisms in them." Now, admittedly, I relinquished FreePBX at the beginning of this year due to personal commitments, but I have ALWAYS been dead against 'phone home' information. We DID have a rough idea of how many machines were actively being maintained by the 'hits' on the modules.xml file that contains the current version of all the modules and download links for it. That's it.

The only other slightly information-divulging bit of information was the built-in IRC client did a 'uname -n' and specified what distro the client was running. It broadcast that in a 'notice' to the FreePBX channel. This was highlighted on the IRC page, with exactly what would be sent.

FreePBX has NEVER 'phoned home'. I would be amazingly upset if it was doing so now. Trixbox, on the other hand, may do that, but please do NOT link the FreePBX project with it.

--Rob

Re:I used to be the lead developer..

[Rob from RPI]

Note for those who may have missed the point of my post: Trixbox is Centos + Asterisk + FreePBX + a couple of other things. It's just a bundle of various open source applications on a CD. The main parts of Trixbox are Asterisk and FreePBX, with CentOS as the OS and kernel.

So, when someone mistakenly says 'trixbox does...' they usually mean 'freepbx does...' as FreePBX is the GUI Trixbox uses to configure Asterisk.

--Rob

Make your own Linux-based PBX system

[compumike]

We did it ourselves and saved >$100/month for a small business. Just use Asterisk [asterisk.org] (free and open source), buy some inexpensive but full-featured phones like the Grandstream GXP-2000 [grandstream.com] (about $80 each), and get a termination provider like VoicePulse Connect for Asterisk [voicepulse.com] ($11/month for four simultaneous channels, free incoming, and below $0.01/min for most outgoing). It took some work to get it all set up and working properly, but now is actually more reliable than the analog phones ever were. (We had phone company issues every few months... just awful.)

--
Educational microcontroller kits for the digital generation. [nerdkits.com]

Re:

[heelios]

And I recommend that you do NOT get Grandstream phones.

They're pieces of crap. Do yourself a favor and get yourselves phones intended for real business use.

Cisco and Polycom make the later.

Re:

[mpeg4codec]

I had similar experiences with Grandstream phones, they're complete and utter trash. The software actually wasn't too bad, and they had nice things like tools for provisioning centralised provisioning. However, the hardware was really terrible. We got complaints of echo (and yes, we tried all the usual software solutions on the PBX) and inexplicable humming all the time. In the end we went with Snom 360 handets and couldn't have been happier. They were more expensive, but certainly cheaper than the Nortel p

Kerry already addressed this in his blog

[Anonymous Coward]

Kerry has already addressed this in his blog:

http://www.trixbox.org/trixboxs-new-hardware-audting-tool [trixbox.org]

Opt-OUT?

[Paul Neubauer]

Ok, points for admitting the problem and for taking some corrective action. But opt-out? Why not fix it completely and have it opt-in? It's what people hope for or demand for many things. They might not expect or get it, but it is what is desired.

All opt-out does (for anything, not just this) is tell me I'd *REALLY* want to turn it off, because someone figures the only way to get it switched on is to have it on by default and at least some will miss it or fear changing any default settings.

way out of proportion

[totalimpact]

"The whole story": this is not news and was actually publicized a long time ago, before it was actually put into use, however, several overly paranoid, overly dramatic people were only just made aware that it was happening, and all of a sudden it has become:

"my phone system is transmitting my credit card number to a multi-million dollar commercial entity who is only interested in robbing all the people who use its FREE software solution, because this established entity doesnt make any money on their commerc

Um

[Gordo_1]

Did anyone bother to notice that your mobile and landline phone companies know *WAY* more about you than this program could ever hope to collect? I mean, these guys bill you for every call you make, know exactly who you're calling and for how long, have been known to allow just about anyone in law enforcement to wiretap your line for even the flimsiest premise, yet the Slashdot crowd is more concerned with an open-source-based PBX collecting some high-level meta-data from users in an opt-out fashion?

Re:

[WK2]

Did anyone bother to notice that your mobile and landline phone companies know *WAY* more about you than this program could ever hope to collect ... yet the Slashdot crowd is more concerned with an open-source-based PBX collecting some high-level meta-data from users in an opt-out fashion?

It is possible for a person to be unhappy about two different things. And I don't recall anyone saying anything about the phone companies, including whether they were more or less upset about this or that.

Re:Um

[Minupla]

Hrm, last time I checked, my phone company was unable to open a tunnel from the internal side of my corporate firewall back to them. Since the script allows them to execute *any* command and most people put their PBX inside their most secure corporate network segment, this would prove to be an issue. Leaving beside for the moment the issues of DNS poisoning, and someone hijacking the script.

Min.

And now the obligitory MS Comment

[therealking]

If this were Microsoft or BLizzard you guys would be raising holy h3ll.
but since it's an "open source" tool it's
* not that big of a deal
* Shoulda been obvious to you n00b
* Duh Read the EULA

Hypocrites all

Linux needs something like Zone Alarm

[TractorBarry]

This doesn't suprise me in the least.

It's another example of why Linux needs something like the functionality that Zone Alarm provides whereby an interactive user is always prompted before a program is allowed to connect to the internet. I for one do not want any program whatsoever to be able to connect to the outside world before I have expressly given my permission.

Give the way companies like Sony & Microsoft have behaved in the past vis a vis "phoning home" & rootkits etc. I no trust any program

Re:

[cdrguru]

You're ignoring the basic tenets of open source here.

First off, you wouldn't use anything you didn't actually compile yourself, would you? While you're at it, you better look over the code for anything that someone submitted without completely checking also. There are thousands of users out there depending on YOU for the well-being of their systems. Be part of the team. Use (and verify) open source.

Assuming all users are going to do this is the first step in any open source venture. If you're not capab

Our bias

[Minupla]

OK folks, time to check our bias level here. If Sony installed a script that logged into their website and downloaded a list commands to execute on your system to "collect usage data" would we be impressed? I didn't think so. We were very much up in arms about the Sony Rootkit, and should be about this too.

So if an OSS project does the same why should be any less outraged? Its still a violation of any sort of professional ethics. It doesn't matter that the script is in clear text on the system, who here has the time to go through every script on a new installation of their favorite distribution?

We trust the package suppliers to disclose anything we need to know about. If that trust is breached we call them to task on it.

Well the trust has been breached in this case and the community needs to call the developer to task on it so that it's clear that this sort of behavior is unacceptable. I've read some comments that you're getting it for free. So it would be acceptable for Linus to start including arbitrary command execution backdoors into the kernel?

Remember the Trojan Horse didn't have a price tag attached either!

Min

Additional interesting articles about this issue

[Fnord666]

The folks at nerdvittles.com, an alternative asterisk distro, have weighed in on the subject with a blog post [nerdvittles.com] on how good of an idea this was. They provide a very succinct summary of their position in the following:

This clever software should have been reviewed by senior management before it ever saw the light of day. The episode gives all of us a golden opportunity to stop and think about what we're doing and what our fundamental obligations are to those who use our code. Hopefully, Fonality will turn this BOT off... permanently! The problem, of course, is that it's hard to unring a bell. This BOT is already in the wild. Luckily there's a very quick solution in this case. Here's the command that should be added to tomorrow morning's Fonality script: rm -f /var/adm/bin/registry.pl. We'll all sleep better.

The freePBX team has also commented [freepbx.org] on the issue. In short they want to make it clear that running arbitrary commands sent from the Fonality server is a trixbox/Fonality issue and has nothing to do with freePBX. FreePBX's "phone home" functionality is just a "check for updates" sort of thing.

In the above thread it is mentioned that FreePBX phone's home as well. Instead of splitting hairs over definitions, let me make it perfectly clear what FreePBX does. Most of you are aware of our Online Module Repository that provides easy updates to new versions of FreePBX and its modules (vs. pulling tarballs manually).

Of course if the modules are not digitally signed and verified, then a man in the middle attack is still possible and malicious versions of modules with a little "extra goodness" added could be sent to the pbx for automatic installation.

tribox is a bad deal from the getgo

[visionsofmcskill]

some of you might remember that trixbox started out as asterisk@home.

Ive run A@H 1 and 2 and even trixbox... and i must say... ever since KerryG and fonality took full control and essentially "killed" the A@H branding/identity/ethic/attitude the projec has gone seriously downhill.

Ive had run-ins with kerry before... and all ill say in this public forum is that the guy really isnt a positive influence.

The forking of the porject into CE and Commercial versions was only exacerbating the underlying shift towards an essentially exploitive distro. Requiring a internet connection to trixbox in order to configure your own box? requiring a user account on their site to configure what is obstensibly supposed to be open source based projects? Maybe these actions arent WRONG per say... but cetainly the ethics are questionable.

The truth is, ever since it went this way, ive actually decided NOT to upgrade my A@H 1.3 version. The bells and whistles arent really worth it.

Im hoping some other distro, or fork will come along that remains true to the principals they started with.

Its really sad to see, consdiering how excelent the work that went into A@H / trixbox is. These guys have done a wonderfull job packaging several complicated and time-consuming products together into an easy and accesable distro. However... somewhere along the way someone *cough* kerry *cough* fonality *cough* decided to push those efforts into LOCK-IN style profitability.

(theres nothing wrong with getting commercial support pacakges... but forcing people to sign up to your organization and forking a far less than active sub-version on your comomunity is an insult)

Re:

[CaptainPatent]

ET phone home!

Don't you mean:

TB [trixbox.org] phone home!?

Re:

[Beastmouth]

How is this modded redundant? It's the first post with any content!

Re:

[orcrist]

How is this modded redundant? It's the first post with any content!

Because the very meme "phone home" is a reference to that quote in the movie.

Re:

[mrscorpio]

You're actually wrong. They're only counting from 12:00am EST to 11:59pm EST.

Re:

[Aetuneo]

So the fact that software installed on Linux will do what it is programmed to do is a reason to migrate away from Linux? I will consider migrating to something else when there are known and exploited holes in the security which allow websites to arbitrarily install software without user permission. Until that, you just have to research what software does to stay safe, or only install software from known and trusted sources. But if you really want to migrate away, don't claim that you are doing it to stay se

Re:

[insertwackynamehere]

a) This isn't malware and b) FreeBSD can run Linux apps for the most part so once malware encroaches Linux, a lot of *nix systems will be in potential trouble.

Re:

[secolactico]

now that Linux is becoming more popular [...] the countdown to my switch to FreeBSD started today,,,

Indie Rock Pete? [dieselsweeties.com] Is that you? ;-)

Re:

[mrchaotica]

Indie Rock Pete would use Plan 9.

Re:

[moran]

There is no mention currently in the GUI regarding stats being collected it was only after this feature was discovery was made has the developers promised to add this to GUI setup and have an opt in/out option.

My main concern is the system is checking for any new commands off their server to execute this is disturbing kerry didnt mention this feature in his blog when he came clean about the stats collection.

Hopefully there will be options to still transmit some statistics but still be able to disable remote

Re:

[wish bot]

Nice work. Can I ask, do you get paid enough to live on for this?

Re:

[dltaylor]

Every time Microsoft decides to generate more revenue, they rob you just as if they had you at gunpoint.

Happy with 2k, which works pretty well? Sorry, we're moving everyone to XP, so we'll strong-arm the hardware vendors into XP-only drivers (which precludes the victim from buying new hardware WITHOUT buying XP), and, of course, the latest licenses for applications code will be XP-only, and, although it is quite illegal, we'll require you to use an MS-Windows OS to fetch updates, even for applications.

Happ

Re:

[MLease]

Ok, IHBT and all that, but this has nothing to do with Linux. Linux just happens to be the OS the vendor chose for their product. I agree that this should be off by default, etc. (and several of the comments I've seen so far have said just that), but it's not the fault of Linux that Trixbox/Fonality designed their product that way. Nor would it be Microsoft's fault, had they chosen to use MS instead of Linux to build their system.

-Mike