Fosscomm 2011 – My review

Generic comments
I just got back home from Fosscomm 2011 and I must admit it has been one of the best organized events of this kind I’ve seen in Greece ever. The single most important fact was that presentations and workshops were always _on time_. They started on time, they finished on time. The organizers had to face even a power cut by the national energy company but they still managed not to fall behind on schedule. My only remark would be about the selection of the presentations that took place in the big room (called BA). Most of them gathered far less people than other presentations which took place in smaller rooms (B3 for example) and those rooms got extremely crowded from time to time. Maybe the organizers thought that generic open source presentations would attract more people than the technical ones but, unfortunately for them, and fortunately for “the greater good”, they were very wrong. This doesn’t reduce their achievement though. Another thing I would like to see on the next Fosscomm is less material given out to participants and instead spend this money on paying for travel expenses of people coming to speak on Fosscomm from abroad. Giving one (or even more) of the phones that HTC kindly provided to the voted by the participants best talk/presentation/workshop would also be very nice. My sincere congratulations to the organizing committee.

My IPv6 workshop
On my application to Fosscomm I had asked for one presentation and a separate workshop. This unfortunately wasn’t accepted, probably due to the large amount of other presentations/workshops, so I was given the first workshop on the very first day of Fosscomm, about “Using IPv6”- on Linux. Since I only had one hour, my original plans were to do a quick 15 min introductory presentation on IPv6 and then a 45 min hands-on lab. Since University of Patras could not provide IPv6 connectivity to the Lab, my other option was to have some remote VMs that would have upstream IPv6 connectivity and people on the Lab would ssh to. These VMs were kindly provided to us by Grnet and I have to publicly thank them one more time. My planning was bad though, people had far more questions about introductory IPv6 issues than I expected and the intro presentation was not finished until more than 35 mins had passed. This lead to the unfortunate result that the workshop could not be completed as I had planned. I am glad though that almost everyone logged into the VMs and had the chance to at least set up an IPv6 IP manually as well as an IPv6 default route. They also had their first ping6s. Some got even further by setting up ip6tables rules…What I definitely wanted to have shown during the workshop, and I didn’t have enough time to, was auto-configuration (SLAAC) which I consider to be one of the most intriguing features of IPv6. Next time I am doing either a presentation or a hands-on workshop, definitely not both in one session. Lesson learned.

Presentation/Workshop material:
Quick Intro to IPv6
Using IPv6 on Linux (workshop notes)

Talks I attended
All the talks I attended were very interesting, I probably did a very good job picking them 🙂 The ones I attended were:
Saturday
a) “A unified user account manager using LDAP/KRB5/CIFS” by Giorgos Mamalakis, Chariton Karamitas
b) “Network Exploitation with Ncrack” by Fotis Chatzis
c) “Wargames” by Patroklos Argyroudis, Fotis Chatzis, Chariton Karamitas
Sunday
a) “Intro to Arduino” by Pierros Papadeas, Kostas Antonakoglou
b) “Φωνή VoIPόντως εν τη ερήμω” by Effie Mouzeli
c) “Bright side of the Darknets” by Athanasios Kostopoulos
d) “Automated Testing Framework” by Giorgos Keramidas
e) “Performing Digital Forensics with Open Source tools” by Dimitrios Glynos
f) “Patras Heap Massacre” by Chariton Karamitas, Patroklos Argyroudis

I consider the most well presented one being: “Performing Digital Forensics with Open Source tools” while the one with the best slides was definitely: “Patras Heap Massacre”. If you weren’t there to see them, definitely try and find at least the slides if not the video.

Wargames
I had never participated before in any wargames because I considered that to be out of my league. That’s the reason I had not even registered for Fosscomm’s wargame called “fosswar”. I was curious though about what it’s like, so me and 3-4 more friends decided to stand in line and enter the room among the other people. The Lab room was crowded, really crowded. At first I thought that one reason for this would be the prize for the winner, an Android phone donated by HTC. I was later proven wrong though. Fosswar started and the organizers presented us with the 5 challenges. Two of those had to do something with networking…so I said to my self that I would be lucky even if I understood what one of those asked. Another challenge had to do with steganography, another one with exploiting a vulnerability in C and the last one was about reverse engineering. While this game could only have one winner, since me and my friends were not actually interested about the prize we decided to work as a team and see whether we can solve anything. Me and a friend looked at the first challenge, another 1 was looking at the third while 2 more were each looking at the fourth and fifth. During the wargame HTC asked for the names of people that wanted to take part in the competition, there nobody actually wanted to give his name. Most of them were there “just for the kicks”. That was even more exciting! HTC then told us that if nobody wanted to give his name the phone would be given on a lottery…so 10-15 people decided to give our names so the phone would “stay” at the fosswar. After solving the first challenge we got so excited that we just had to try the others, we couldn’t give up. So, after 3 hours of thinking and coding, the result was that our team managed to solve 3 of the five challenges, the details on what the challenges were and how we dealt with them will follow in a separate blog post, and we ended up being the winners because no other team had solved more than two. Yes, we had won! We had managed to solve the two networking challenges and the steganography one. That was soooo unexpected!

Pictures
My pictures from Fosscomm 2011 are at: https://picasaweb.google.com/kargig/2011050720110508Fosscomm2011#

My conclusion
Fosscomm this year definitely showed a trend. People don’t need generic presentations about open source any more, they know what it is, they believe in it, they use it. People really ask for technical presentations, and we need more of them.

Whoever couldn’t manage to attend Fosscomm 2011, should definitely attend Fosscomm 2012. I am certainly looking forward to it!

SIP Express router, mysql and utf8

Description:
There’s a small problem when using SIP Express Router (net-misc/ser on Gentoo) with mysql support and your mysql server uses utf8 as a default character set (gentoo’s latest versions use utf8 by default).

The problem:
One of ser’s scripts (ser_mysql.sh) can’t handle utf8 tables.
# ser_mysql.sh create
MySql password for root:
Domain (realm) for the default user 'admin': foobar
creating database ser ...
ERROR 1071 (42000) at line 100: Specified key was too long; max key length is 1000 bytes

Solution 1 (remove utf8):
Change the character set to latin1.
The specified error can easily be “fixed” by editing /usr/sbin/ser_mysql.sh. Inside that script you will find a line like this (line 38):
TABLE_TYPE="TYPE=MyISAM"

replace it with:

TABLE_TYPE="TYPE=MyISAM,DEFAULT CHARACTER SET latin1"

The result:
# ser_mysql.sh create
MySql password for root:
Domain (realm) for the default user 'admin': foobar
creating database ser ...

Solution 2 (reduce some column sizes):
The following solution makes the script run but I have not personally tested if ser STILL works ok after the changes. Feel free to experiment and comment back on this:
# sed -i 's|domain varchar(128|domain varchar(100|g' /usr/sbin/ser_mysql.sh
# sed -i 's|contact varchar(255|contact varchar(128|g' /usr/sbin/ser_mysql.sh

intracom netroute, asterisk and sipdiscount

I own a netroute2 and I have an asterisk at home to serve me as a pbx. I use it primarily for testing, and I only have a working sipdiscount trunk on it so far. What I wanted to do was plug a normal phone on the netroute and set it up so that I can call land lines in Greece for free through asterisk, using a sip trunk with sipdiscount.

  • Asterisk configuration
  • add to your /etc/asterisk/sip.conf

    [sipdiscount]
    type=peer
    host=sip1.sipdiscount.com
    dtmfmode=inband
    ;allow-g726
    canreinvite=no
    fromdomain=stun.sipdiscount.com
    username=USERNAME
    fromuser=USERNAME
    secret=PASSWORD
    ;qualify=yes
    [5000]
    ; netroute
    type=friend
    regexten=5000
    callerid="netroute2" <5000>
    host=dynamic ; This device needs to register
    secret=PASSWORD
    allow=ulaw
    allow=alaw

    add to your /etc/asterisk/extensions.conf

    exten => 5000,1,Dial(SIP/5000,30,rm)
    exten => _7.,1,Dial(SIP/${EXTEN:1}@sipdiscount,30,rm)
    exten => _7.,2,Congestion
    exten => _7.,3,Busy

  • Netroute Configuration
  • Netroute is more complicated than asterisk. Why ? because there is no documentation at all. So it’s a trial and error kind of thing. My current working solution IS very very crude and NOT thoroughly tested.

    Edit your /etc/call_route.conf and comment out the line that says:
    plugin load gr

    Also, make sure your last lines of this file look like these:
    # default routes
    route_pattern add default/@ gr filt_last rl_rg_sip0
    # note: default route is required
    route_pattern add default/! default filt_last rl_rg_sip0

    Now go to the web interface of netroute and in the voip section add asterisk’s sip domain/realm and IP settings and the settings you entered in the section [5000] of asterisk’s sip.conf. You might even want to lower the registration interval, if netroute and asterisk is in the same lan the extra traffic is insignificant. Then go to dialplan configuration and click on “+Add pattern”. In the Pattern field add 7X and don’t tick any of the other boxes. In the Prefix field just add 7.
    When finished, do a
    /etc/init.d/checkpoint
    /etc/init.d/rc-voip restart

    Now pick up a handset plugged into the first netroute’s FXS port and dial a string such as: 700302101234567
    7 in the beggining is used by asterisk to send the call to sipdiscount trunk and 0030 is used by sipdiscount to call Greece. So in order to call 2101234567 we need to dial 700302101234567 from the netroute.
    If you just want to dial Greek land line though sipdiscount change

    exten => _7.,1,Dial(SIP/${EXTEN:1}@sipdiscount,30,rm)

    with

    exten => _7.,1,Dial(SIP/0030${EXTEN:1}@sipdiscount,30,rm)

    Then you would only need to call 72101234567 from netroute.

    Check asterisk’s log file for errors. A successful call should look like this:
    Executing Dial("SIP/5000-49ab", "SIP/00302101234567@sipdiscount|30|rm") in new stack

    🙂

    no progress…

    Since gcc 3.4 was marked stable on gentoo, I emerged it and even did an emerge -e world. It took me some time because there were more than 600 packages to rebuild. Anyway, mplayer still denies to work with some videos using -vo xv even after the recompilation with the new gcc.
    That’s the error message:

    X11 error: BadAlloc (insufficient resources for operation)?,?% 1 0 32%

    MPlayer interrupted by signal 6 in module: vo_check_events

    I’ll keep trying…

    Btw, I read some rumours that Cisco is going to release callmanager 5 under linux. I hope that becomes a reality because the current callmanager 4.1(3) runs only on windows 2000 and there are times that the whole system freezes for no good reason, or times when IE crashes. The whole configuration of the callmanager is done through a web browser…in order to add a single device you need 10 clicky-clickies…I hope this changes too.

    ser/openser and Cisco ata 188

    I’ve recently installed a ser (SIP express router) in one of my machines (well, in fact it’s more like openser) mostly for self tutoring. The config file was quite a pain to tune. Many many options, many many modules which all look quite usefull, and you can get easily distracted from what you should be doing. Luckilly there are some HOWTO’s (but not complete) around the net.
    What I find about ser/openser VERY stupid and annoying, is that while it’s tools are mostly written in bash they have the default password that comes with the installation hardcoded inside. It would be much easier if the installation procedure asked you for a username/password instead of the defaults “ser/heslo”. Anyway…you can change them later quite easily…but it’s still annoying.
    A tool you might need is sipsak. It’s like a wrapper of some common commands a SIP administrator might frequently need.

    Installing Cisco ata 188 and making it work for ser/openser was trully easy. You have to download the latest sip image (ata_03_02_01_sip_050616_a.zip) for the ata adapter from cisco (you need a password for Cisco’s site) and upload it to your phone (instructions are inside the zip file’s readme file). Inside the zip file that contains the image and some readme’s there are a few other executables that can be used for debugging it. What’s interesting for us linux users? Cisco provides binaries for almost all those tools inside the zip! In fact I upgraded my ata from linux 🙂

    Then go to http://ip.of.ata.given.by.dhcp/dev and you get a very nice menu with quite a lot of options, and some monitors (ethernet, RTP stats) that did not exist in previous versions. Just fill in your username/password, display name and sip proxy server..and you are good to go. The device registers itself without any problems and I was able to make calls to ata 188 from/to Linphone, Kphone and Xten-Lite(both windows and Linux).

    Here’s my testing ata 188:

    cisco ata 188