Genuine Asterisk
beelinebill December 22nd, 2007
The past few days demonstrate the risk associated with people using “non-Genuine Asterisk” products. Open Source can be a wide reaching tool but when it’s not supported by the right reputable company, there can be risk associated it. The concept of “phoning home” was dissected by forum members and slashdot over the past few days. The topic is deeper than a pure phone home to Fonality issue and is far reaching to many users. We agree with the concept of opt-in/opt-out; our open source Asterisk is totally free and AsteriskNOW free with optional opt-in registration. These Genuine Asterisk open source products from Digium do not have phone home tricks. If you care to read for yourself, here are a couple of links:
Linux-Based Phone System Phones Home
Just Say No: Hidden BOTs and Asterisk Don’t Mix
Randy Resnick’s VoIP Uses Conference on Talkshoe (www.talkshoe.com) today also had a pretty good open conference about the details of what occurred and Fonality/trixbox’s response (Voip Users Live Conference/Podcast).
There were questions about funding for open source projects, opt-in and opt-out concepts, lots of talk about monetization of open source projects, people asked about Digium developing internal monitoring tools so all the usage details can be accumulated from all Asterisk versions if its in core code. We’d like to hear your input and ideas there. We do not have any projects that address this concept as we are sticking with open source as “open” and not requiring data collection from the user. Our Commercial business allows us track users from subscription registrations. Let us know what you think about this very sensitive topic!
This is funny because you really DONT have a true open source model for Asterisk. Your dual licensing model allows you to sell changes to one company but does not require them to push changes back. Until you change to a TRUE open model you have no place to bad mouth anyone.
The dual licensing model has nothing to do with the issue being discussed. If you don’t like it, you can make your modifications and as long as you ship your source code (if you redistribute) and make it available you can comply with the GPL. The issue being discussed is the method of collecting information about a live server/system and pushing out and collecting inbound statistics from the server. It was the manner in which it was implemented that was the problem and it exposed security vulnerabilities and was perceived by some as sneaky even if was not the intent. We have a true open source model and sounds like you choose to ignore the part that is truly open source. Digium totally complies with the GPL. My final point here is that we do not attempt to collect personal information from any users without notification and choice to opt-in. Perhaps we’ll just have to disagree on philosophy.
Hmmm…your answer seems to have evaded the overall point. The point was that Digium (and you via your “no tricks” posting) are hiding quite a bit of closed source code yourself. So your claims to be pure open source and not have any tricks are pretty transparent. Question: can you truly walk this walk when you have two two totally complete commercial distros of Asterisk? Let’s review the facts.
1. GPL Asterisk - yep its open. One point for the “good guys”. You are doing good.
2. OK, now want to get your actual code into Asterisk? Well, you will have to sign your code over to Digium to get it into your commercial distro of Asterisk. This signing is a legal contract which allows Digium to sell that code to anyone and the buyer wouldn’t have to give the changes back to the community. That doesn’t sound so open. And if one doesn’t want to sign the code over to your commercial distro. Answer: their changes will never get picked up into the main GPL distro. Hmmm…don’t sign the commercial license and you can’t get into the GPL? Oops.
3. Switchvox - Your newly acquired 100% closed commercial Asterisk distro. Also, encrypted so we have no clue what it does. Could call home all day for all we know. Double Oops.
Wait, are you really open source anymore or is that story getting a little thinner than it used to? Isn’t this a case of the very dark cat calling the somewhat dark kettle “black”?