This goes beyond anything I thought Kerry was capable of doing I can not believe someone with his statue would do something so deceiving. It makes you wonder who all those accounts on Trixbox that defend his every move really is. Thanks for bringing this to our attention.

First, let me say that I'm not 100% up to speed on the whole forking business I saw reported the other day. I just haven't had the time to read all about it..

License ethics aside, what Kerry Garrison appears to be doing is just flat out wrong. It certainly looks to me as if it's him. That IP resolves to a Cox cable modem customer, so it's unlikely to be a large network with dozens or hundreds of users behind a single IP. That certainly seems to point the finger at Kerry employing multiple accounts for the purposes described above.

I'm a bit torn. I've enjoyed the benefits of Kerry's advice & tutorials published in various locations over the past couple of years. For that, I'm extremely grateful. However, all the gratitude in the world for such things doesn't justify obvious and overt attempts at such deception. Rules are rules. We're all big boys && girls here, so let's all act like adults, and abide by the rules. You want to ban one or both accounts? You're certainly within your rights. You want to offer a measure of grace, tempered with a warning to not do it ever again (or face a permanent ban)? That would certainly be reasonable as well. As parents, we (hopefully!) teach our kids that there are consequences for our actions. Sometimes, adults need a reminder of that, as well as a dose of our own medicine.

In the end, while the forums exist for the user community, they exist because of those involved in the project. Ultimately, the decision lies with you, Philippe, et al.

Ok, there is no possible way that someone can visit from one IP and have it display as another. IP just doesn't work that way. If what you're saying is true, that means that the logs have been manipulated, and that would either be an inside job, someone hacked your system, or someone has hacked the FreePBX server.

If the last is the case the case, then I suspect there would be more problems than just this incident.

If the first is the case, I would be appalled. I can't imagine anyone on the FreePBX team doing such a thing, although I can't rule it out as a possibility (however remote I think this might be.) Fonality has done enough to harm its own reputation, and does not need any outside "help" in that respect.

Unfortunately, though, based on evidence I've seen with my own eyes, I can believe that Fonality would do such a thing as has been suggested, and Occam's Razor tells me that the most likely explanation is that someone logged in as kgarrison, physically located at that IP address that maps to Irvine, CA on Cox cable, logged off and then logged on as GPLLaw. If you're telling the truth, Kerry, then you should be going over your system(s) with a fine-toothed comb for any back doors or trojans. I would suggest just reloading from scratch, just to be sure.

Regardless:

If Fonality follows through on this it will do a lot to redeem past slights (perceived or otherwise.) This is all some of us have been asking for: community cooperation.

it is not hard to spoof an IP address, a simple google search will tell you how to do it and even software programs to do it for you. Anyone here could easily do it following some basic instructions. My real concern is the fear that my accounts were compromised. I am in a major panic mode trying to change every password on every system to something unique. We are going to do exactly what we said we are going to do and work on bug fixes and features and provide those back to the community. The first handful aren't real major problems but we are taking our time between our own projects and and freepbx code changes and needed to come up to speed on the code base for some easy wins.

While spoofing IPs in HTTP headers is easy, IP spoofing at the TCP/IP level, while still being able to receive packets is nearly impossible without physical access to the network layer. So, it can work for DDoS attacks, but can't work if you need to interact with packets (ie. browsing a web page and posting content). It would be interesting to see any raw router or firewall logs because those won't lie where HTTP headers could be forged.

Regardless, if the account was hijacked there is probably a really good chance that your entire system was compromised. This spells bad news for Fonality customers. If I were Fonality, I would be making a preemptive press release detailing how you have instituted your security audit as a result of this and reassure your customers that their information is safe. Otherwise, if any Fonality customers were to be compromised (think healthcare and government), you aren't trying to explain how you knew about the possible threat and did nothing.

This is just one reason why I have been saying the Fonality hybrid hosted model for PBXs is flawed. When you have all this sensitive customer data centralized, all a person needs to do is hack one account that has access to the centralized servers and they own it all. Given Trixbox Pro and it's utilization of the underlying PBXtra infrastructure, I would find it hard to believe that Kerry didn't have access to the hybrid hosted server banks, CRM systems,and other sensitive data stores.

When something bad happens you never want to look for an answer where you are afraid to find it. While we used to do IP spoofing for google adsense, it doesn't seem to be as easy as it would seem to spoof a complete transaction. Based on feedback from Ethan and Tony I went back to look at the much more obvious answer which is someone actually on my home network. There were several people here on Friday that had access to multiple systems that I use to log into both trixbox.org and freepbx.org. I also found remote desktop enabled on my primary machine which I never have turned on as I use logmein. Its possible one of the guys that was here was posting on their own behalf or trying to screw with me, I am not 100% sure who did it but these are some friends so I don't want to think they meant to cause the problems that came up today. I will be making some phone calls soon to figure out if this is actually the case. I cannot be 100% certain this solves this but it makes much more sense and the opportunity was there. I apologize for jumping to conclusions early and expecting something more sinister.

In the end, all I want is the negativity to stop. Verify that I do everything I say I am going to do. Whether or not anyone cares about the bug fixes we started with or even if they never make it into the final code doesn't mean we aren't trying. We have to ramp up on the code in order to make more complex changes, it takes time. FreePBX is mentioned in our credits, its mentioned on our wiki, and I make posts refering to FreePBX. We want to move this entire segment forward and the constant infighting is damaging all sides. We are working on bug fixes, we are sponsoring bounties for freepbx features, it makes no sense at all that I would want to damage that at all.

One of the nice features of gMail is that you never have to delete your correspondence. After reading this thread, I couldn't help remembering that someone posing as gpllaw wrote me a long string of nasty emails accusing our development team of all sorts of GPL violations and illegal conduct shortly after PBX in a Flash was released last November. This was after we had blocked him from posting to our forums. Can't wait to compare the email address on my correspondence with that in Philippe's logs. Anyone want to place bets on whether they match? In the meantime, here's a little sample which you might want to compare to the post here complaining that his access had been blocked. Amazing coincidence, isn't it??

" > I am quite disappointed that my user account was banned from your
> forums and all references to your project not being in compliance with
> the GPL were removed. This shows a blatant disregard for the license
> to which you subscribe to. Your users have requested access to the
> source tree and per the license, you must have it available alongside
> the object code.For your reference I have included the relevant
> section from the GPL license in order that you will understand where
> you are failing to comply. A statement "we will comply" is not
> sufficient, especially after deleting the posts and banning my
> account. You now have been notified and I expect to see full
> compliance within 24 hours. I would not have put a timeframe on it
> except for the actions of banning my account and deleting the posts in
> order to hide the fact that you are not in compliance to your users.
> This is tantamount to fraud and will not be tolerated. I have never
> seen such callous behavior from the organizer of any other open source
> project."

Seriously, as if all this soap opera crap isn't bad enough, is there really the possibility of freepbx using patches from fonality? I mean I guess it's okay but i was really getting used to freepbx updates always working and not breaking my system. :(

Quote:
and we have a handful of patches we will be committing once we make sure they work properly.

I am pretty new around here, coming on to the scene last November, but it doesn't take much to feel the bad vibes from Kerry and trixbox. I appreciate the product, and helpful community, and really would be way behind in learning if it hadn't been for Ce, but...

Kerry, reading your posts is all I know of you, same for millions of others. We have not yet met, and I don't think you are a bad person, but some of the things you say and how you say them do NOT look good on you. Reading your accusations and rebuttal's to all the controversial crap is very telling. Whether you did or didn't, this time, is a joke. You have made some bad decisions, and / or let yourself get caught up in bad decisions with the Fonality crew, just like the hidden call home script. You have done enough to yourself under your own name.
Learn to accept responsibility, stop whining when you get caught, stop coming up with excuses, and get some backbone. Many people in all forums need to do the same, but there are fewer of us here, and as we network, we get to know somewhat of each other.
Good luck to you, seems like you have had a rough time the past 7 months and now it's even rougher.

Philippe, I respect your maturity and decision making skills not only in your software, but in how you handle the soap opera. Ethan that goes for you too.
Remember that old saying about actions speak louder than words. Leave or delete, they will hang themselves. And instead of responding and paying attention to idiot poster's, lets get back to work !

Ed Macri

I am glad that I was not the only one to notice my post get deleted from the trixbox forums. Not that I didn't expect it, just the same I didn't violate their terms of use.... Making things just bit more fishy, Kerry PM'ed me several times to "ask" if I knew who did it? or who had the skills and motivation? I told him that I knew of no one, all the while feeling baited to offer up some plausible explanation as to how his account got hacked. If I actually thought someone did hijack his account and/or had knowledge of any activities I would have told him as much.

Honestly, it would be non-trivial to hack his account. That, and someone with that skill set would not have behaved in the manor exhibited. It would have been much worse.

I know a great deal about how the FreePBX project is ran and the personalities in front (and behind) the scenes. These are a great bunch of folks here and FreePBX is brought forward in an extremely democratic manor.

So, to answer your question Greg, I have enjoyed contributing here and I suspect you would too.

Robert Keller

First, I applaud Philippe and the crew for not censoring or blocking the account. Kudo's to you guys because that had to be a decision that torked you off, but the right thing to do.

We are all participating in a disruptive technology. This technology will disrupt phone service as it is today. Every time I call my buddy in Macon, Georgia for free, I appreciate what we are doing here. The same when I call a customer in another area using Dundi. This technology is still in its infancy and we, like it or not, are the family raising it.

The true foe here is conventional telephony. That market is large enough that, when we crack it, there will be plenty to go around. If Fonality truly give backs to the FreePBX project, it will benefit the entire disruptive movement, which will bring benefits to all players including Fonality. My challenge to Kerry and everyone else at Fonality it to participate as a community and give it back.

Years ago I had lunch with a man that owned over 100 single family homes in the Columbus, Ohio area. He was teaching others how to do what he had done, in other words, teaching his competitors. I asked him why he did it. His answer:

"You cannot give it away fast enough."

John Mullinix
sip://17066323343@qth.cohutta.org
1-706-632-3343

I don't know. The money thing might be debatable. It may not be so much the money as the influence that money brings. Look at the Mozilla Foundation, arguably the most successful open source initiative ever. That organization was seeded with a couple mil from AOL, who probably just wanted to get rid of all the cost associated with Netscape but not kill the product itself. Now we have the Firefox browser than is 1000% times better and almost everyone uses now in lieu of IE (even quite a few novices). It wasn't until it was set off on it's own that it really took off. I think there is more to the equation of successful open source. I suspect a large part of their success is actually having the money to have a real organization with management and professional developers, and project managers but that would just be speculation. It would be really interesting to put a good amount of research the most successful open source projects and come up with some templates for an organization structure, processes, etc should anything big be attempted.

Not a kgarrision comment but a Fonality comment. I have seen them do some shaddy stuff with their PBXtra product. They would spam forums under various handles praising the company and the product. It's kind of easy to spot if your googling their product and see similar grammar on various websites. I don't know what the exact term is for doing this but it's a marketing technique some companies are employing. You can even hire marketing firms that specialize in this. They probably have people in India that sit around all day spamming message boards.

I am encouraged that many posts share my sentiment in that we can, as a community, publicly work to smooth out the rough spots and work collectively. Personally, I am a bit conflicted about calling out poor behavior vs. only responding to assist and be assisted in any venue. In that I posted a link in trixbox forums pointing back to this thread... This leans towards the poisonous side, I guess.

My post was deleted and I was censored. I just have to let it go. After all, the whole bit is somewhat humorous.
My gut is telling me that the outcome will be that many disparate players are going to become less disparate and a stronger Asterisk community will emerge.

Robert

I don't know if you remember, but I was having a problem with incompatibility between 4 TE110p's and our Server of choice, a Dell SC-440, and you went out of your way to help me resolve that problem and get replacements for them with TE120p's - I was (and still am) REALLY impressed with Digium as a company, and with Asterisk.

I think the Asterisk community as a whole is actually very healthy - what is bumming me out is how quickly and badly things have changed over at Trixbox - it used to be a fun place, it was VERY educational, and was very helpful - in the last 8 months, that has changed radically, and for me, this latest fiasco is the last straw.

I had never heard the term Astroturfing before this, but I understand it now, and looking through the forums at Trixbox, it is rife with it - I feel somewhat silly that I didn't notice it before - I also learned a whole lot more about IP Geolocation when I was researching this for myself, which is why I don't believe Kerry's explanation(s).

Finally, Asterisk has changed my life - sounds a little dramatic to just come out and say it, but it's true - it really did, and the opportunities I see before me and my company now are fantastic. To everyone who has put time into Asterisk, FreePBX, Linux, et. all, THANKS!

Asterisk will survive - I just want another entry-level ISO-Based distribution for the newbies so that we can have more and more people who know how to work on Asterisk-Based systems - the proprietary market for Telephony is WAY overdue to be eliminated, and I can't wait to be one of the people eliminating these dinosaurs!

Greg

P.S. - Shameless Plug - just got my first two TE122b's in the mail from VoipSupply today - Brilliant! $730.00 for a Single-Span PRI Interface with Hardware Echo Cancellation that just works first try - no muss, no fuss - 90% of the systems we sell are single-span PRI's and to be able to get hardware echo cancellation at this price is fantastic - It's now our standard card!

What about me (joe user/newbe) where do we turn, who do we trust??
I like what has been done to trixbox (its easy to setup and use), but I have a major problem with what I have been reading here, ( and this is not the first time I have seen this kinda of stuff about tb). I have seen and been involved with posts beating newbe's question in the tb forums, I have asked questions that have gone unanswered for months( I guess I don't rate). and then i see this!!
I mean what do I do, do I dump tb for something else or do I stick it out with tb till they kill them self's (sorry about the spelling). I Love what is happening here with Asterisk and FreePBX, but I am not a coder so i do not have much to offer you all?
I am not a reseller, so I do not make any money off of all of your hard work, I love to play with new things like this, but what I see here hurts me to no end, just when I thought I found something pure (smack (with a dead fish)) this kinda of stuff happens. No matter what is said or not said this makes it hard for ANY project to survive, becuase it drives people like me away from it.

ALL of you have DONE SOME GREAT WORK!! and I hope you will continue.

As for me I don't know where to start looking now and who I can trust?!*
Can I Trust FreePBX?
Can I Trust Digium?
Can I Trust Fonality?
Can i Trust YOU?

This IS what it is coming to, can't you all see that, If We (joe user/Newbe)can not trust what we see or read, we are gone "."

Kerryg stand up and be a man.

PS
please forgive if this seem off base, been up 36strate fixing a Nortel system LOL!!

James, this whole issue is centered on poor business ethics, and it is 100% justified that they be called out for their own despicable actions (each & every time)... it is unreasonable to think nobody should voice this, I don't care if the end result is them making a gazillion bucks or not (technical term, I checked). Think of Fonality what you will, but on this side of the fence they have an extremely poor reputation, and it's been getting worse ever since their takeover. The ends NEVER justify the means, and Fonality has more than just a very real credibility problem.

Philippe, I guess people excel in what they know best!. Thank you for your excellent work..
Does the GPLLaw email have a time stamp? just curious.
Diordna for Sanpvoip.

Truly fascinating. So, in a loosely chronological manner the events took place in the following way:

Late 2007, someone registers as GPLLaw and immediately becomes hostile and is banned from PBX in a Flash forums...Resulting in angry email from user GPLLaw to Ward Mundy.

Early 2008, Kerry and Andrew are alleged to have telephoned Elastix personnel and made certain requests surrounding source codes and such. That Elastix better make all their code available. Which they did. Not really wondering to much about it until now.

05/06/2008, someone registered as FreePBX at the Elastix forums makes at least one post from IP 70.187.133.203.

That was at 19:20.

At 20:53 someone at IP 70.187.133.203, registered as GPLLaw makes at least one post. These posts were not nice and were similar in vein to the correspondence that Ward Mundy received.

05/31/2008, someone logs into the kgarrison account on the FreePBX forums from IP 70.187.133.203, later logs out and logs back in a GPLLaw from IP 70.187.133.203.

06/02/2008, Philippe blogged about the activities of GPLLaw on the FreePBX forums and from early that morning till who knows when, the story kept changing on how ( other than the obvious) this could have happened... From hijacked accounts and script kiddies to someone playing a mean joke...and most recently a friend who was over last weekend.

I think there may have been a few more reasons offered up. I lost track after the first three or four.

Reasons why it just can't be possible Kerry Garrison ever logged in as FreePBX, GPLLaw and kgarrison from the same IP address over time...

Also, on 06/02/2008 my post on trixbox.org forums pointing back to this thread was deleted. Censorship, yes. Small potatoes in the larger picture. Still, I did not violate their terms of use.

Very strange events.

I have to admit, i'm a big fan of trixbox. It helped us as an IT company start a completely new arm of our company. But tonight.... i'm working late and downloading elastix and piaf to check out my alternatives.. I'm positive there are many others out there doing this as well.

I think one thing I have to say I like about having freepbx at this point is that I can take a customer from a trixbox system and move them over to elastixx so easily..... This whole fork this has me worried from a customer support point of view.

Maybe this all resolve itself but for alot of us who have customers to worry about..... It's not impressive.

...nor has my computer been hacked.

I'm sure that this is just the tip of the iceberg for Fonality.

I used to be a Trixbox user, but then the "phone home" script came to light. The thought that a company would do something like that and not disclose it, just blew my mind.

Now this... it really makes you wonder what Fonality's real intentions are.

I've since switched to Elastix. They've done a Tremendous job so far. Another project I'm keeping an eye on is SipX. They're still missing some of the AMI and Dialplan features Asterisk has, but they show promise.

Over the course of the past 5 years, it has been clear that Fonality's actions are questionable at best, while at some times simply down illegal. However, judging from the various TrixBox resellers around the world (not all of them, at least the ones located in my area), it is clear that Fonality is simply reaping up the good work of entities like Digium, FreePBX, ARI and others. The existence of products like TrixBox, Elastix, PBX-In-A-Flash had been widely accepted as a step forward, one that would surely promote the usage of Asterisk and Open telecom solutions. Fonality's actions and obvious business track proves that their immediate concern is one: exploit as much as possible, mimic as much as possible - give back as little as possible.

Some would argue that Fonality gave us HUD - in my book - booohooo. The source of HUD isn't open sourced, it's a closed product. Other products exist, which do the exact same thing, and are open. If HUD would have been such a crucial element for the community, it would have been developed a long time ago.

Some of you may recognize my name, as I wrote the Packt Publishing book about AsteriskNOW, and while I do much work with AsteriskNOW - I admit, I do the same amount of work with FreePBX - which is a wonderful tool. Fonality's exploitation of FreePBX in such a brutal and misleading way is far beyond the border of being rude - it's down right insulting and deceitful. The FreePBX project had done wonders to the monetization of the TrixBox project, hell, without FreePBX - TrixBox, Elastix, PBX-in-a-Flash would not exist.

In Hebrew we have a saying: "You don't spit into the well of which you drink from" - Fonality had done that, more than once. I think it is due time
that the community starts pointing with its feet and simply: "Say NO to Fonality and TrixBox". I believe a world wide community action will most surely catch the eye of both Fonality, Digium and most importantly - the related press. Once the press, like TMCnet, gets a hold of an item like this, which shows the community's reaction to Fonality's/Kerry's actions, something is bound to happen.

All,
Having dealt with many of these same issues in a previous life in a completely unrelated industry, I believe that Philippe is doing the right thing. Hopefully the market will make it's choices based on this information. On the other hand, I personally have benefitted from all of the above mentioned projects, including trixbox, pbx in a flash, etc, which have all benefitted from the underlying asterisk, digium, freepbx, etc. developers.

Even if fonality does not lose market share, etc... there will be other, and better distros as time goes on. That's the benefit of OSS. My old company went out of business because they couldn't compete on price alone. It's just the nature of the free market. We do our best to educate people, and hope that they make favorable decisions. Tell your friends, your families, your customers what you like and don't like about the various offerings. Let the market decide.
Thanks so much for this community!
-Mike