News from Industry

cpio: cap_set_file error when installing httpd RPM inside an LXC container

TXLAB - Thu, 04/27/2017 - 01:04

My physical machine runs Debian Jessie, and it has several LXC containers (mostly Debian and Ubuntu). Now I needed to test some software under CentOS, and I bumped into the following error when installing Apache HTTP server:

Downloading packages: httpd-2.4.6-45.el7.centos.4.x86_64.rpm                                                                        | 2.7 MB  00:00:00      Running transaction check Running transaction test Transaction test succeeded Running transaction   Installing : httpd-2.4.6-45.el7.centos.4.x86_64                                                                                1/1 Error unpacking rpm package httpd-2.4.6-45.el7.centos.4.x86_64 error: unpacking of archive failed on file /usr/sbin/suexec;590112cd: cpio: cap_set_file   Verifying  : httpd-2.4.6-45.el7.centos.4.x86_64                                                                                1/1 Failed:   httpd.x86_64 0:2.4.6-45.el7.centos.4

The thing is, that by default “/usr/share/lxc/config/centos.common.conf” defines the following capability drops:

lxc.cap.drop = mac_admin mac_override setfcap setpcap lxc.cap.drop = sys_module sys_nice sys_pacct lxc.cap.drop = sys_rawio sys_time

So, setfcap capability is required in order to install Apache. Use the following lines in your “/var/lib/lxc/NAME/config” to drop previously defined drops and set up a new list:

# flush all defined drops and define a new list lxc.cap.drop = lxc.cap.drop = mac_admin mac_override setpcap lxc.cap.drop = sys_module sys_nice sys_pacct lxc.cap.drop = sys_rawio sys_time

then restart the container, and “yum install httpd” should run as expected.


Filed under: Networking Tagged: debian, hosting, linux

Should Browser Vendors be Responsible for their User’s WebRTC Actions?

bloggeek - Mon, 04/24/2017 - 12:00

Security is… complex. Even with WebRTC.

I’ve always been one to praise the security measures placed in  WebRTC.

While WebRTC is a secure protocol by nature, it seems that browsers take different approaches to who needs to take responsibility of any additional means of security.

The gist of it:

  • WebRTC is secure by default
  • Whenever a developer’s mistake can be thwarted by tweaking WebRTC – it gets tweaked
  • Whenever a security hole is found, it gets fixed and deployed by the browser vendors faster than most other companies in the industry can even perceive the notion of a threat

Seriously – what’s not to like?

Recently though, I started thinking about it. How do browser vendors think about security? How much do they take it upon themselves to be the guardians of their users? His trusted guide in the big bad world that is the Internet?

Which brings me to the big one –

Are browser vendors responsible to the actions of their users when it comes to WebRTC?

It seems that they have different approaches and concepts to this one.

Google Chrome

Moto: Users are stupid and should be protected

That’s how I’d put their mindset to words.

getUserMedia

Chrome has long been one to clamp down on where and when can WebRTC be used.

They started off with voice and video working on HTTP and HTTPS, while HTTP access granting to the camera and microphone were forgotten, and required a user’s approval each and every time.

They shifted towards HTTPS only. You can’t access the microphone or the camera in an HTTP page.

Persistence

The decision a user made is persistent. If you granted a domain access to your microphone or camera – Chrome remembers it – for eternity. Your only way of revoking that is by clicking the camera icon on the address bar (if you can even notice it):

Oh, and for persistency – Chrome offers you two choices:

  1. Ask when there’s a need (and Chrome will remember the answer for that domain for you)
  2. Never ever share your device

No middle-ground here.

Screen sharing

You can share your screen with Chrome.

But it will ask the user each time for his permission.

And to enable screen sharing, you will first need to create a Chrome Extension for your web app and have the user install it. Not a biggie, but a hurdle.

Now, to publish a Chrome Extension on the Chrome Web Store, you’ll need to pay a small $5 fee.

Why? Fraud – obviously:

You see, screen sharing is considered by Google (and most other browsers) as more of a security threat than camera and microphone access.

By forcing the Chrome Extension, Google raises the bar against abuse, and can theoretically remove any abusive accounts and extensions with better tracability to their source.

The only real downside of it? I have over 10 icons on my toolbar now in Chrome, and most of them are for screen sharing on different services. Once a move I remove a few of them to declutter my browser. Yuck.

Mozilla Firefox

Moto: Users are intelligent

Maybe. But not all of humanity. Or even the billion or two that use browsers.

getUserMedia

In Firefox, getUserMedia will work in HTTP.

Not sure if persistence can be configured for Firefox for HTTP websites. I guess it is akin to herd immunity in vaccination. Since Chrome is THE browser, developers make sure their WebRTC service works on Chrome (lets call it Chrome first?) so their service starts by running only on HTTPS anyway.

Persistence

Anyways, Philipp Hancke wrote a great post about getUserMedia and timing with browsers. Here’s how timing looks for appear.in from the moment getUserMedia is called and until it is completed:

Firefox tend to take longer to complete its getUserMedia calls. Philipp attributes it to this little UI design in Firefox:

In Firefox, if you want to decision (allow/disallow) to be persisted, you need to opt in for it. And for appear.in, most people don’t opt in.

This is great, especially for the Don’t Allow option (it is quite a hassle to remove that restriction from Chrome once you decided not to allow such access in a session).

Screen sharing

For screen sharing, Firefox used to have a whitelist of domains you had to register on to get screen sharing to work.

From Firefox 52, this restriction has been removed. Mozilla wrote a post about it, explaining their millions of users around the world about the dangers.

I am not sure about you, but I’ve learned early on as a developer catering to developers that other developers are stupid (if you are a developer, then I am sorry, but bear with me – and read this one while you’re at it). So when I wrote code for developers, I made sure that if they screw things up, we crash spectacularly. The reasoning was, the sooner we crash the faster our customers (who are developers) will fix their bugs – and do that during development – so they won’t get into deadlocks or weird crashes in production that are way harder to find. These were the good old days of C programming.

Now… if developers are stupid, then what would mere users do about their understanding of security and threats?

In Firefox, they need to read and understand that yellowish warning when all they want to do is share their screen now – after all – people are waiting for them to do so in the session already.

With such a warning… I am not sure I am going to be in a trusting mood no matter the site.

While I mostly prefer Firefox approach for getUserMedia permissions, I think Chrome does a better job at it with the extensions mechanism.

Microsoft Edge

Microsoft Edge has started to support WebRTC (finally).

While I a, in the process of installing my Creators update (where I am promised proper support for WebRTC), this will take more time than I have to get some nice screenshots of what Edge is doing.

So I asked Philipp Hancke (like I do about these things).

Here’s what I got:

  • Edge enable persistence for getUserMedia
  • It has a model similar to Firefox – you need to opt-in for persistency
  • It doesn’t support screen sharing yet

Download the WebRTC Device Cheat Sheet to learn more on how to get WebRTC to as many devices and environments as possible.

Are Browser Vendors Responsible for Our WebRTC Actions?

Yes they are.

In the same approach that browser vendors are taking in HTTPS everywhere, removing Flash from the web, protecting against known phishing sites, etc; they need to also protect users from the abuse of WebRTC.

The first step is by not allowing developers to do stupid (by forcing encryption and DTLS-SRTP for example). The second one and just as important is by not allowing users to do stupid.

 

The post Should Browser Vendors be Responsible for their User’s WebRTC Actions? appeared first on BlogGeek.me.

Kamailio World 2017 – Student Grants

miconda - Fri, 04/21/2017 - 18:51
With a bit of delay, given that had to accommodate and accept some requests from the last year queue, I am glad to announces that we can offer two more seats at Kamailio World Conference, May 8-10, 2017, in Berlin.Therefore we are continuing the program from last years, based on the roots and the tight relation of Kamailio project with the academic environment, the eligible people being students enrolled in universities or research institutes (both bachelor and PhD programs qualify) as well as people from underrepresented groups.If you think you are eligible and want to participate, email to <registration [at] kamailio.org> . Participation to all the content of the event (workshops, conference and social event) is free, but you will have to take care of expenses for traveling and accommodation. Write a short description about your interest in real time communications and, when it is the case what is the university or the research institute you are affiliate to.Also, if you are not a student, but you are in touch with some or have access to students forums/mailing lists, it will be very appreciated if you forward these details.Time is short, we already received few requests based on my remark in a message sent out few weeks ago, therefore in a matter of days we will do the selection, so you have to hurry up a bit.More information about Kamailio World is available on the web site:Many thanks to the event sponsors that allowed to continue this program, respectively: FhG Fokus, Asipto, Flowroute, Telnyx, Sipwise, Sipgate, Simwood, Obihai, NG-Voice, Evariste Systems, Digium, VoiceTel, Pascom and Core Network Dynamics.Expect a full house event! Looking forward to meeting many of you in Berlin!

New Kamailio Developer: Guillaume Bour

miconda - Thu, 04/20/2017 - 18:49
We would like to announce that Guillaume Bour (https://github.com/gbour) has now developer privileges on Kamailio’s gihub project. He has contributed recently a new module named keepalive – more about it at:There is also a pull request from him waiting to be merge to drouting module, adding capability of detecting active/inactive gateways used by the module.Thanks for the contributions so far and looking forward to collaborate in the future!

Kamailio Development IRC Meeting On April 20, 2017

miconda - Tue, 04/18/2017 - 22:50
A new IRC devel meeting to is planned in order to discuss the current major issues and the logistics around the project as well as the plans for next Kamailio releases.The date is Thursday, April 20, 2017, at 14:00UTC (16:00 in Berlin, Madrid, Paris; 15:00 in London; 10:00 in New York, …).A wiki page has been created for it, with more details about how to join the discussions and a draft agenda:Everyone is welcome to participate, you just need an IRC client or a modern web browser.You are encouraged to add there the topics that you want to be discussed and your intention to join the session in order to plan the schedule properly and estimate more accurately the duration.Thanks for flying Kamailio!

How to find (or create) WebRTC Developers?

bloggeek - Mon, 04/17/2017 - 12:00

And I have a couple of bonuses waiting for you in this WebRTC course launch.

I’ve been thinking lately on how to make this course available throughout the year, but still “launch” it as a live program once or twice every year. The idea here is to get as many people as possible into the course and improve our current market state (which is rather abysmal):

I always say that WebRTC sits between Web and VoIP, but I guess this says it best.

You can find a million people whose profile contain either “VoIP” or “HTML5”. If you go into specifics, you’ll have hundred of thousands of people with either “SIP” or “Node.js”. But “WebRTC”? Only 11,874 righteous people. We’re a pretty small industry. And those with enough understanding and knowledge of WebRTC? Probably less than that.

What are people challenged with?

The request that comes up almost every time someone contacts me through the blog? It is about finding an experienced WebRTC developer. Here are a few “sound bites” from these emails I am getting:

if we were to hire someone to build our own platform – what qualifications in a programmer would I need to look for?!!

 

We are needing to develop video chat and having a difficult time finding a qualified developer to create this

 

I am seeking a WebRTC engineer to do a peer review on a WebRTC app I had developed in oversees (west Russia.)

 

A couple of thoughts about this
  1. If you are a developer and you know WebRTC well, then your talents are in high demand – and if you aren’t conversant in WebRTC, this can be an opportunity for you to learn and grow
  2. If you are an employer and you need someone to build a real time comms product, you’re going to be hard pressed to find good talent. Your three best choices are:
    1. Outsource the whole project to a company who is skilled in WebRTC
    2. Hire a freelancer to help your team with the WebRTC parts
    3. Grow your in-house team to make them skilled with WebRTC
  3. If you are an outsourcing vendor and you have WebRTC talent, then you’ve got a different set of challenges:
    1. The more projects you take, the more WebRTC talent you need, which means you are back to the hiring challenge as anyone else
    2. Your best WebRTC talent is always on high demand outside, getting job proposals and needing to think how happy are they (so you have a retention issue in your hands, which gets worse due to the high demands of the skillset you are nurturing)

And since the market is so slim on resources (around 12,000 people know WebRTC out of a million who know VoIP – when all VoIP projects are adding WebRTC these days), demand and supply don’t match.

My WebRTC course and its bonuses

Tomorrow, my Advanced WebRTC Architecture course officially launches. If you haven’t enrolled already, then you should seriously consider doing so.

The previous round had almost 100 students going through it with some very positive feedback.

There are going to be a few bonus materials that I will be giving for anyone who enrolls today (or already enrolled):

#1 – 2 live lessons

There are going to be 2 special live lessons taking place. They will be recorded for those who can’t join live. But the lessons as well as the recordings will only be available as part of the course bonuses.

LIVE Lesson 1: Philipp Hancke – Video Quality in WebRTC: The audio and video quality WebRTC provides is amazing. Well, most of the time at least. Sometimes, the video gets pixelated and audio starts dropping out even. What is going on here and why is bandwidth estimation still a problem?

LIVE Lesson 2: Bradley T. Hughes – How to deploy TURN on AWS? TURN servers are boring. They do nothing but relay data. However, they are necessary in WebRTC. Here’s how appear.in’s global TURN infrastructure works – and how you should think of when deploying your own.

So…

2 live lessons.

With top industry experts.

Recorded and available only for you.

#2 – The Perfect WebRTC Developer Profile ebook

Recently I’ve been asked multiple times about CVs and profiles and stuff. It goes both ways:

  1. Recruiters want to know what experience to look for in order to find experienced WebRTC developers
  2. Developers want to know what to learn and put in their CV to be attractive

I had my own thoughts about it, but decided to take a different route on this one. I went and asked top developers and “recruiters” who work with WebRTC for quite some time now. I asked them about the ideal WebRTC developer and what they’d look for in a CV. Collected the answers and created an ebook out of it:

Who’s in there? Amir Zmora, Arin Sime, Chad Hart, Emil Ivov, Gustavo García, Iñaki Baz Castillo and Philipp Hancke.

You’ll get to see what they think about WebRTC developers and what it means to be a WebRTC professional.

#3 – WebRTC Course FAQ

There are a lot of popular questions out there about WebRTC. You can find them lurking on webrtc-discuss forum, stackoverflow, Quora and elsewhere. But what are the answers? And how should you go about finding them?

What I did in the past few weeks was collect questions and map them to the course lessons. To these questions I provided short and clear answers for you, packaging it all in a neat document.

Now, you can use these questions to tackle specific issues you bump into – or to check how much you understood of the lessons of the course. Hell – if you need to recruit someone – you might as well use it as some good questions to ask to gauge experience.

What if you are not sure?

Besides looking at the testimonials from previous students, I can suggest checking out two things:

  1. My free WebRTC server side mini-course. You can expect this kind of content in the course itself, just on a deeper level, on a lot more WebRTC related topics AND with the option of asking questions on the online course forum or during the live Office Hours
  2. Join me for the WebRTC Course AMA on Wednesday this week. I will be answering any questions related to WebRTC or the course, so you can make your decision about enrolling to the course (or just get some free advice for your current project)
What if you wait and don’t enroll today?

Bonuses will go away in 48 hours.

After that, the only price plan available for the course will be the Plus price plan and it will only include the Office Hours for the initial duration of this course.

My suggestion?

Enroll now to the Advanced WebRTC Course

The post How to find (or create) WebRTC Developers? appeared first on BlogGeek.me.

FriendlyElec NanoPi NEO2, a better sub-$20 Linux computer

TXLAB - Mon, 04/17/2017 - 00:29

NanoPi NEO2 by FriendlyElec is a new sub-$20  Linux microcomputer, built on Allwinner H5 SoC, providing a Gigabit Ethernet and USB 2.0 interface. Also additional interfaces are possible via expansion headers (needs some soldering work). The board is equipped with 512MB DDR3 RAM.

It is highly recommended to buy the heatsink alongside with the board. The CPU is heating up quite significantly, and it needs cooling. With “stress -c 4” CPU load test, “armbianmonitor -m” shows the core temperature rising up to 75C. The board sustains long-term load under such conditions. But with a fan, the core temperature drops below 40C, and the power consumption drops significantly too.

The plastic 3D-printed enclosure is of little use. First, it’s quite easy to break when you insert the board. Also it does not fixate the heatsink properly.

So, I ended up in using the original cardboard packaging as a base for the board, just to avoid extra touching of electronic circuits, and to fixate the USB power cable:

Armbian nightly image booted without problems. Up to now, I noticed the following minor problems with it:

  1. it does not come up after reboot;
  2. “cpufreq-info” complains about unknown driver.

Network traffic tests with tcpkali (debs, deb build scripts) demonstrated that the CPU is able to saturate the Gigabit Ethernet port with TCP traffic, reaching above 900Mbps throughput.

All in all, this board looks much more reliable than Orange Pi Zero: it can work for long hours with an  USB Wifi dongle, whereas OPI0 was hanging up after few minutes of work (using the same USB power cable and power source and the dongle).

 


Filed under: Networking Tagged: arm, iot, linux, networking

Kamailio - New Developer: Mikko Lehto

miconda - Wed, 04/12/2017 - 22:48
Mikko Lehto has joined the developers group on Kamailio gihub project. He has made a lot of good pull requests over the time, specially to documentation and unit tests that could have been just committed directly without delay on waiting for a review, saving also time from the other developers.Taking time to express my thanks for all his contributions so far and reviving those unit tests, and I am looking forward to future collaboration!Thank you for flying Kamailio!

Kamailio Lists sr-users And sr-dev Migrated To lists.kamailio.org

miconda - Tue, 04/11/2017 - 15:54
All the mailing lists related to the Kamailio project are using now lists.kamailio.org as primary domain, including sr-dev and sr-users.From now on, the emails to these mailing lists should be addressed to:The previously used domain (lists.sip-router.org) should still work, being redirected to lists.kamailio.org, so existing mailing list discussions can go on as usual.If anyone is encountering any problems or notices some information on kamailio.org that needs to be updated, do not hesitate to contact us.In addition, the mailing lists URLs should use now HTTPS, browsing the archive with plain HTTP being redirected to HTTPS URLs.

My Advanced WebRTC Architecture Course is back with an AMA

bloggeek - Tue, 04/11/2017 - 12:00

Have questions about my course? Here’s a WebRTC Course AMA for you.

Later this week, I will be opening my Advanced WebRTC Architecture course for enrollment again.

Last year, I decided to launch a course to teach WebRTC. Something different than just going through the WebRTC APIs or explaining the network specification. The end result? A 100 people enrolled and when through the course (!) And more than that – people seemed to be genuinely satisfied with it (!!)

It was fun, so it is time to do it again.

While I am changing and adding stuff to the course, the baseline material is going to stay the same – most of it is “timeless” anyway.

I am adding to this round a couple of things, and this one I want to mention two of them:

#1 – Corporate Plans

The course now has a corporate plan, for larger teams who need to use WebRTC. I’ve got a couple of companies already enrolled to it, which is great.

Corporate plans include a private Slack forum for Q&As alongside the course’ forum. They also include a corporate badge that you can use on your own site, along with their logo on my own site as Corporate Partners.

If you want to learn more about the corporate plans, check out the course syllabus (PDF).

#2 – Course AMA

Philipp forced my hands on this one…

Really looking forward to @tsahil's #WebRTC architecture course: https://t.co/srDBNUuN46
We have a bet running if he can teach me things!

— Philipp Hancke (@HCornflower) April 7, 2017

Only thing left to do is…

But seriously.

I am trying to make this the best place for people to get their WebRTC education.

For those who aren’t sure yet, I’ll be hosting a WebRTC Course AMA, where you can Ask Me Anything. About the course. About WebRTC. About me. About the weather (though I know nothing interesting about the weather).

The WebRTC Course AMA is free to attend. It will be part webinar, part Q&A, but mostly fun.

Philipp – you are hereby cordially invited to join as well

Register to the WebRTC Course AMA – and even write down your questions on the event’s page right now – no need to wait until the 19th for that!

#3 – A few more launch bonuses

For those who end up enrolling early, I’ll have a few additional launch bonuses, but that’s for later.

On a personal note, today is Passover here in Israel.  If I seemed somewhat “off” in the past couple of days (or will seem like that in the coming days), then it probably has to do with me eating too much food and spending some time with my family.

 

The post My Advanced WebRTC Architecture Course is back with an AMA appeared first on BlogGeek.me.

Maintenance Work On Kamailio Mailing Lists Server

miconda - Tue, 04/11/2017 - 11:41
Today, Apr 11, 2017,  maintenance work is scheduled to be done on the mailing lists server, including the shifting from lists.sip-router.org to lists.kamailio.org as primary domain.It is expected to not have any relevant downtime, but one never knows. Maybe the archive won’t be available for short time due to changes needs to be done to the web server after mailing lists server is upgraded.

Kamailio World 2017 – Four Weeks Before

miconda - Mon, 04/10/2017 - 19:00
Getting closer and closer to the Kamailio World Conference 2017 – the 5th edition is just four weeks away!The schedule has been published, with some adjustments still expected to happen. The event starts like the past edition with a half a day of technical workshops, followed by two full conference days.Thanks a consistent group of speakers the agenda is filled with topics that cover many of the interesting aspects of real time communications, from security and scalability to WebRTC and VoLTE, touching Kamailio and other open source projects like Asterisk or FreeSwitch. We will enjoy again the two sessions that never missed a Kamailio World edition: VUC Visions (open discussions panel) and Dangerous Demos (demo your crazy RTC idea in less than 5 minute and win one of the prizes in the game).More details can be found on the website of the event:We expect to fill again the capacity of the conference room, if you haven’t registered yet and plan to attend, do it as soon as possible to secure your seat!Many thanks to our sponsors that made possible this event: FhG Fokus, Asipto, Flowroute, Telnyx, Sipwise, Sipgate, Obihai, Simwood, Evariste Systems, NG Voice, Digium, VoiceTel, Core Network Dynamics, Pascom.Thank you for flying Kamailio and looking forward to meeting many of you at Kamailio World 2017!

Kamailio v5.0.1 Released

miconda - Wed, 04/05/2017 - 22:46
Kamailio SIP Server v5.0.1 stable is out – a minor release including fixes in code and documentation since v5.0.0. The configuration file and database schema compatibility is preserved, which means you don’t have to change anything to update.Kamailio v5.0.1 is based on the latest version of GIT branch 5.0. We recommend those running previous 5.0.x or older versions to upgrade. There is no change that has to be done to configuration file or database structure comparing with the previous release of the v5.0 branch.Resources for Kamailio version 5.0.1Source tarballs are available at:Detailed changelog:Download via GIT: # git clone https://github.com/kamailio/kamailio kamailio
# cd kamailio
# git checkout -b 5.0 origin/5.0Relevant notes, binaries and packages will be uploaded at:Modules’ documentation:What is new in 5.0.x release series is summarized in the announcement of v5.0.0:We hope to meet many of you at the 5th edition of Kamailio World Conference, the project’s annual event, scheduled for May 8-10, 2017, in Berlin, Germany!Thanks for flying Kamailio!

Kamailio World 2017 – The Schedule

miconda - Tue, 04/04/2017 - 20:32
The first version of Kamailio World 2017 Schedule has been published:Two days and a half of sessions related to real time communications, covering Kamailio and other open source projects such as Asterisk or FreeSwitch and common use cases such as telephony services, WebRTC, IMS/VoLTE, next generation emergency services or OTT platforms. The first day afternoon is hosting the workshops, the sessions where to expect more hands on examples. The second and the third days continue with conference presentations and interactive panels. Like in the past edition, several companies will exhibit and show demos during the conference days,Many renowned people of the industry as well as community members are confirmed to participate, definitely an edition one must not miss! Don’t delay your registration, the capacity of the room is limited and we expect to be fully booked again! Register now!Looking forward to meeting many of you in Berlin!And thank you for flying Kamailio!

Why Doesn’t Google Provide a Free TURN Server?

bloggeek - Mon, 04/03/2017 - 12:00

No such thing as free lunch. Or a free TURN server.

It is now 2017 and WebRTC has been with us for over 5 years now. You’d think that by now people would know enough about WebRTC so that noob questions won’t be with us anymore. But that just isn’t the case.

Want to learn more about WebRTC server requirements and specifications? Enroll now to my 3-part video mini-course for free:
  • Email*
  • CommentsThis field is for validation purposes and should be left unchanged.
jQuery(document).bind('gform_post_render', function(event, formId, currentPage){if(formId == 18) {if(typeof Placeholders != 'undefined'){ Placeholders.enable(); }} } );jQuery(document).bind('gform_post_conditional_logic', function(event, formId, fields, isInit){} );jQuery(document).ready(function(){jQuery(document).trigger('gform_post_render', [18, 1]) } );

One question that comes up from time to time is why doesn’t Google (or anyone else for that matter) offer a free TURN server?

Besides the fact that you shouldn’t be using free STUN or TURN servers that are out there simply because you have zero way to control them when things go wrong, lets first understand what’s the difference between these two servers – or more accurately protocols, since STUN and TURN usually end up being deployed together.

How STUN works

The illustration below should give you the gist of how STUN works:

When STUN is used, the browser or any other WebRTC enabled device sends out a message to the STUN server asking him “who am I?”. The idea here that STUN is used to find out your public IP address. This is something your machine doesn’t know on its own as this “allocation” happens by the NAT you are behind (and you will almost always be behind a NAT). That information is also dynamic in nature – you can’t really rely on the same answer being received each time – or that the pinhole generated by the query itself will stay open.

This is a simple question that the STUN can provide a single answer for. Furthermore, this takes place over UDP, making it lightweight and quick – not even requiring establishing a longstanding connection or having context in place.

Once the browser has the answer, he can share it, and if all else works as expected, he will be receiving media directly.

The STUN’s role here was limited to this single question at the beginning.

How TURN works

Here’s how TURN works:

When it comes to TURN, we start with a request for binding – our browser is practically asking the TURN server if he can be used as a relay point. And if the TURN server obliges, then it can now be used to receive all media from the other device on the session and relay that to our own browser.

While the initial binding request isn’t taxing (though still more expensive on our TURN server than the query sent to the STUN server), the real issue is the media that gets relayed.

If you take a simple WebRTC video session that gets limited to 500kbps or so, then a 15 minute session will end up eating…

That ends up being over 50MB in traffic. Assuming we do only 10 sessions an hour on average on that TURN server, we end up with 360GB in traffic per month. And that for quite a small service. It isn’t really expensive, but it does if you scale it up: use more bandwidth per session, have more sessions per hour on average – and you’re going to end up with lots of data traffic.

Here’s how a recent stress run we’ve had on testRTC ended up:

For a stress test with 500 participants, split into group of 5 browsers per multiparty call, running for only 6.5 minutes, we ended up with 52Gb of media traffic in each direction. Less than 10 minutes.

Now think what happens if all that traffic need to go through a TURN server. And that TURN server is free for all.

Putting it all together

STUN and TURN are drastically different from each other. We need both in real production WebRTC services. And we usually think of them of a single server entity deployed in the backend – for STUN we simply don’t fret about the resource needs it has and focus on what we need to get TURN running in scale and in multiple geographical locations.

It is also standard practice to clamp down on your TURN server and have credentials configured for it. For WebRTC, these credentials need to be ephemeral in nature – created per session on demand and not per user (as often is the case in SIP).

So…

  • If you are wondering why there are no free TURN server out there, or good code on github that has TURN already configured for it that works – don’t. It makes no sense for anyone to give that for free
  • If you happen to bump into a TURN server with user/password credentials that work, then please don’t make use of them – someone ends up footing the bill for you – and he is probably doing it without even knowing (he wasn’t aware of the abuse potential I am assuming)
  • And if you still end up using that TURN server (nasty you) – expect that person to find that out at some point and just shut you out of his server – not something you want happening if you have users for your service
Want to learn more about WebRTC servers?

Tomorrow, I will be launching a free video mini-course. This course explains what servers you will need to deploy for your WebRTC product, what are their machine specifications and what are the tools that are out there to assist you developing them faster.

Want to learn more about WebRTC server requirements and specifications? Enroll now to my 3-part video mini-course for free:
  • Email*
  • CommentsThis field is for validation purposes and should be left unchanged.
jQuery(document).bind('gform_post_render', function(event, formId, currentPage){if(formId == 18) {if(typeof Placeholders != 'undefined'){ Placeholders.enable(); }} } );jQuery(document).bind('gform_post_conditional_logic', function(event, formId, fields, isInit){} );jQuery(document).ready(function(){jQuery(document).trigger('gform_post_render', [18, 1]) } );

The post Why Doesn’t Google Provide a Free TURN Server? appeared first on BlogGeek.me.

Kamailio 2016 Awards

miconda - Thu, 03/30/2017 - 22:38
Here we are, the 10th edition of Kamailio Awards granted for the activity related to Kamailio and Real Time Communications during the previous year, respectively 2016. Continuing the tradition, there are two winners for each category, also past winners were skipped from initial selection.



As a side remark, this edition was a bit postponed as I was considering to do a different kind of awards as last year Kamailio project celebrated 15 years of development and this is the 10th edition of the awards, but finally went for the classic module, leaving the special edition for another occasion in the near future.

The 2016 was filled with plenty of important events, from the release of Kamailio v4.4.x series in March 2016, to Kamailio World 2016 in May and the celebration of 15 years of Kamailio development in September, along with the participation to other world wide events such as Mobile World Congress, Fosdem, Astricon or Cluecon.

The 2017 is keeping up very well so far, the major release series for Kamailio 5.0.x is out, Kamailio World Conference 2017 is like a month and a bit away. The next major release series, respectively v5.1.x, looks very good so far, after one month of development there are three new modules, and another one waiting for merge in the review process of a pull request. Definitely keep an eye on Kamailio project during this year, a lot of new stuff is cooking right now!

Back to the awards, here are the categories and the winners!

New Contributions

  • ims_ocs - provides an implementation for Online Charging Server, which communicates via Diameter-Ro interface with ims_charging module, being developed by Carsten Bock. The IMS/VoLTE set of extensions in Kamailio keep growing.
  • rabbitmq - an AMQP connector for kamailio.cfg using RabbitMQ, developed by NG-Voice and  Stefan Mitittelu. The module allows to exchange messages with other RabbitMQ peers directly from kamailio.cfg.
Developer Remarks

  • Holger Freyther - he contributed the ss7ops module along with improvements to sipcapture and mysql modules. The ss7ops module can convert ss7 to json format, which can be then inspected inside kamailio.org via json or jansson modules
  • Spencer Thomason - he contributed a consistent set of patches for Solaris/Sparc architecture and portable endianness macros
Advocating

  • Sebastian Schumann - an early adopter of the project since more or less the SER times, Sebastian has been a promoter of open source technologies for RTC inside telecoms, highlighting the benefits at many events world wide, including Kamailio World 2016.
  • Werner Erkisen - trying to disrupt big telecoms from inside with Telenor Digital, Werner has been highlighting how open source projects, including Kamailio, can speed up the time to prototype and roll out new services in telecom market
Technical Support

Blogging

  • VoIP-News.gr - a news aggregator site, promoting most of Kamailio announcements and related blog posts. For someone with a busy agenda, the site is a good source for learning what's new in the VoIP space.
  • VoIPNow (4PSA) - an extensive number of articles about adding various features to kamailio.cfg or managing kamailio, mainly targeting the VoIPNow platform, but easily reusable for any other Kamailio deployment, among them: Fail2ban integration, TLS options, Sipcapture Integration, DoS detection, options to troubleshoot kamailio.cfg, etc.
Related Projects

  • CDR-Stats -  an open source CDR (Call Detail Record) mediation rating, analysis and reporting application for Kamailio as well as Asterisk or Freeswitch, working also for Sipwise SIP:Provider. The project is managed by one of Kamailio's old friends: Areski Belaid. 
  • ivozprovider - a multitenant solution for VoIP telephony providers designed for horizontal scaling and load balancing. It relies on Kamailio as a SIP routing server for security and scalability, and on Asterisk 13 with pjsip channel for media services.
Business Initiatives

  • Nimvelo - a UK-based internet phone service provider, the company is managed by Charles Chances, one of the very active Kamailio developers, with many contributions to distributed message queue, replication to hash tables and presence
  • VoIP Lab - a Berlin-based co-working space initiative managed by Dennis Kersten, targeting VoIP professionals, aiming to offer a place to meet the people with similar interest, create the premises for joining the efforts and collaborate on large RTC projects
Events

  • FUSECO Forum - an yearly event organized by Fraunhofer Fokus Research Institute about the new trends, developments and impacts of 5G/IIoT and related technologies, with the 7th edition in autumn of 2016.
  • TAD Summit - the Telecom Application Developer Summit (TADS) took place in Lisbon, by mid of November 2016, event coordinated by Alan Quayle. If working in telecom and not familiar yet with TAD events, you should just do it, the series of events where a lot of innovation in Telecoms is done.
Friends Of Kamailio

  • Allison Smith - known as the voice of Asterisk, being around the project from its first versions, a constant presence at various events around the world, more or less at each Astricon. Her collaboration from the early phase of VoIP with PBX integrators to provide the high quality voice prompts allowed them to expose a professional feel of the open source PBX solutions, especially at the times when open source in telecom was pretty much disregarded, which definitely helped to go into and disrupt this market. More over, although Kamailio doesn't handle media streams, Allison recorded a jingle for Kamailio back in 2008 when the project got the name.
  • Tim Panton - he has probably touched most of what can be done in real time communications, from serious use cases such as building scalable telecom API platforms to the funny side of interacting with toothbrushes (and other toys) via WebRTC. Seen very often at events such as Kamailio World, Astricon or Cluecon, Tim typically likes to expose how RTC concepts can help to innovate in unexplored/new fields such IoT/IoE.

This is it for 2016. If you want to check the previous turn of awards, visit:
    Looking forward to meeting many of you soon in Berlin, during May 8-10, 2017, at the 5th edition of Kamailio World Conference & Exhibition, an opportunity to discuss face to face with Kamailio Project developers.
    Note: I am solely selecting the winners, with no involvement of Kamailio project members, based on what I observed and has risen my interest during 2016.  Also, a rule that I try to enforce is that a winner of a category in the past will not be awarded again same category (a winner one time is a winner for ever).

    Kamailio - Over 25 000 Commits In Master Branch

    miconda - Wed, 03/29/2017 - 22:38
    While checking the last pull requests on Kamailio’s Github repository, I noticed that the number of commits to master branch has just surpassed 25 000 (not counting at all commits to stable releases or personal branches). They are counted from the very first day back in September 2001, the migration to Git few years ago converted the commits from old CVS and SVN times.While number of commits is not necessarily a metric of the quality of code, it does reveal a constant and consistent development effort performed during the past 15 years and a half, averaging over 1500 commits per year (n.r., last years with way more commits than the early one due to increase of the number of contributors).The growth of Kamailio development isn’t slowing down at all. The last major release, Kamailio v5.0.0, was out about one month ago and since then we have 3 new modules already part of the master (topos_redis, ims_diameter_server and call_obj modules) and one is pending to be merged being now a pull request (keepalive module).Many thanks to all developers and users that contributed to enhance the set of features, quality and stability of Kamailio over all these years!Should you want to meet face to face with many Kamailio developers, be sure you reserve in time a seat at Kamailio World Conference, Berlin, May 8-10, 2017!

    Debugging VP8 is more fun than it used to be

    webrtchacks - Tue, 03/28/2017 - 14:00

      Editor Note: Fippo uses a lot of advanced WebRTC terms below – if you are a regular reader of this blog then don’t let that scare  you. Wireshark is a great tool for diagnosing media issues and inspecting signaling packets even if you’re not building a media server. {“editor”, “chad hart“}   Stuff breaks all […]

    The post Debugging VP8 is more fun than it used to be appeared first on webrtcHacks.

    Orange Pi Zero, a sub-$20 Linux computer

    TXLAB - Mon, 03/27/2017 - 23:38

    Orange Pi Zero with 512MB RAM, expansion board and black case is sold for sub-$20, including postal costs, and it is so far the cheapest Linux device you can buy.

    Armbian project provides a dedicated image for this board. The nightly build is quite stable, and there’s also legacy kernel which works well.

    The computer is equipped with a 100/10 Ethernet NIC, and the top throughput that I could achieve was about 90Mbps.

    The on-board WiFi adapter is of very poor quality: regardless of the antenna attached, it gives about 6Mbps connection speed and excessive packet loss (up to 20% lost pings). It’s useless for any practical application, and it’s easier to disable it completely.

    The two USB ports on the expansion board are not enabled by default in the legacy kernel. You need to add the following line to /boot/armbianEnv.txt file, and reboot the box:

    overlays=usbhost2 usbhost3

    In order to disable the onboard WiFi, comment the top line, and add another line in /etc/modprobe.d/xradio_wlan.conf:

    #options xradio_wlan macaddr=DC:44:6D:1F:3C:14 blacklist xradio_wlan

    Then, run the following commands to update the kernel boot parameters:

    depmod -ae update-initramfs -u

    The onboard USB ports are not extremely fast: with an GigE or Wifi USB adapter, the maximum speed that I could achieve was about 40Mbps. But at least you get a stable and reliable connection.

    The micro-USB OTG port is used for powering the device, and the board can freeze if the power consumption on USB ports is too big. For example, an external USB drive is very likely to knock the whole thing off.

    Network Manager is installed by default by Armbian, and that allows easy plug-and-play WiFi configuration, adding new SSID and passwords from “nmcli” command-line interface.

    All in all, it’s still quite a pretty device in a small enclosure. It can be used as a low-cost or throw-away network agent or VPN gateway for remote access. Also it can act as a measurement agent for all kinds of network testing, especially if you need a massive deployment and price difference is important.


    Filed under: Networking Tagged: arm, linux, networking, wifi

    Kamailio 5.0 – Embedded JavaScript Execution

    miconda - Mon, 03/27/2017 - 15:48
    It is today one month since the release of a new major version for Kamailio SIP server, respectively v5.0.0, one with a consistent set of new features and enhancements:Among its brand new features is the ability to execute JavaScript (ECMAScript) code embedded inside kamailio.cfg script — this is possible via app_jsdt module. The module relies on DukTape JavaScript engine, which is imported in the Kamailio source code, therefore it has no external library dependency.It is also possible to use JavaScript to write entirely the SIP routing blocks for kamailio.cfg via KEMI framework, offering a more extensive language to control how next hop is selected. Next are the links showing such example:Among app_jsdt module features:
    • can reload the routing functions without kamailio restart via an RPC command
    • execute inline JavaScript within a native kamailio.cfg or write entire SIP routing blocks in JavaScript
    • no external dependencies, it compiles with same tools and libraries as Kamailio core
    • access to full scripting language constructs, expressions and statements, with extensive documentation, for building SIP routing language
    More about configuration file engines for Kamailio 5.0 will be presented at the next Kamailio World Conference, May 8-10, 2017, in Berlin, Germany. See you there!

    Pages

    Subscribe to OpenTelecom.IT aggregator

    Using the greatness of Parallax

    Phosfluorescently utilize future-proof scenarios whereas timely leadership skills. Seamlessly administrate maintainable quality vectors whereas proactive mindshare.

    Dramatically plagiarize visionary internal or "organic" sources via process-centric. Compellingly exploit worldwide communities for high standards in growth strategies.

    Get free trial

    Wow, this most certainly is a great a theme.

    John Smith
    Company name

    Yet more available pages

    Responsive grid

    Donec sed odio dui. Nulla vitae elit libero, a pharetra augue. Nullam id dolor id nibh ultricies vehicula ut id elit. Integer posuere erat a ante venenatis dapibus posuere velit aliquet.

    More »

    Typography

    Donec sed odio dui. Nulla vitae elit libero, a pharetra augue. Nullam id dolor id nibh ultricies vehicula ut id elit. Integer posuere erat a ante venenatis dapibus posuere velit aliquet.

    More »

    Startup Growth Lite is a free theme, contributed to the Drupal Community by More than Themes.