Open Telephone Training Seminar Announcement

We are please to announce the first and only FreePBX® sponsored training seminar focused 100% on the FreePBX/Asterisk market. We have asked for your feedback and listened to your responses. We talked with many of you who have attended other related training seminars and designed ours to fill in the void where the others leave off. We have talked with many customers and resellers to learn what areas you can best benefit from in a training. The resulting program will teach advanced topics to market, sell, deploy, troubleshoot, customize and administer FreePBX/Asterisk systems.

We also heard many of you respond to the suggestion from Uncle Ward (Nerd Vittles) to offer our first training in his home town of Charleston, SC. Since this met the criteria of reasonable cost flights and hotel accommodations we have chosen to have the Nerd Vittles team as our resident host!

Where: Historic Charleston, SC
When: February 27-29th, 2008 (and evening reception February 26th)
More Info: Open Telephony Training Seminar Details

If you have had some initial exposure to FreePBX/Asterisk or can spend some time between now and the class to get the very basics down, then this class is for you. If you have taken previous trainings and are looking for the additional depth, the tricks and customization areas that only the developers of FreePBX can teach you then sign up. If you are looking to learn details of the PBX SMB market, and how to successfully sell, brand and, market this solution then come join us in Historic Charleston. If you are a successful reseller looking to gain that extra edge and learn how to work closer with the project and influence the development and direction, we would love to have you join us!

We are offering a great special for those of you who sign up in the first week so take advantage of this year’s budget and 2007 tax deductions. Starting January 1st we will offer a significant earlybird discount for a limited number of seats so sign up now and be part of the this sure-to-be-memorable first training with the FreePBX team. Uncle Ward and the Nerd Vittles crew has promised to make sure you receive the hospitality that the South is so well known for!

Get the details and sign up for the Open Source Telephone Seminar here.

For now, we hope you are having a great holiday season!

Philippe – On behalf of the FreePBX and Open Source Telephony Seminar teams!

Security Concerns with Trixbox

Trixbox is a popular platform that packages our PBX application on top of Asterisk on a CentOS based distribution. There has been some recent news concerning bad security practices and potential privacy issues. In the best interest of all of our installed base, it is our hope that Fonality, the sponsors of Trixbox, will actively contact their installed base to make them aware of this serious security issue which could significantly compromise customer systems if not addressed quickly.

The privacy issues that are being discussed are not the topic of our concern and are between Fonality and their customer base. Our concern is the mechanism that they have used to implement the [i]phone home[/i] solution. You can read details in [i][url=]this Trixbox thread[/url][/i] as well as other discussions on their forum and elsewhere.

The summary of the issue is they have installed a cron job which contacts the Fonality servers on a nightly basis, downloads a set of commands, executes those commands as root, and then sends data back to the their servers. In the wrong hands, this becomes a [i]trojan horse[/i] and the magnitude of disaster that it could create if their servers were compromised from outside or from disgruntled employees, or from compromised DNS servers (man in the middle) is immense.

In the above thread it is mentioned that FreePBX [i]phone’s home[/i] as well. Instead of splitting hairs over definitions, let me make it perfectly clear what FreePBX does. Most of you are aware of our [i]Online Module Repository[/i] that provides easy updates to new versions of FreePBX and its modules (vs. pulling tarballs manually). When you access our server, we transmit the following information: FreePBX and Asterisk version numbers and a unique identification number that is generated at installation time and can not be traced back to you. We generate this number by taking an md5sum hash of your MAC address. If you are running in a virtual environment such as a VMware or Xensource system we create the hash randomly. (We generate this so we don’t have to use IP addresses which can often be traced back to you, or when dynamic, doesn’t allow accurate information to be kept.) We use this information to properly serve your upgrades as we need to know what version of FreePBX you are running. In addition, we use this information to help us during beta programs. You may recall the [url=/news/2007-08-23/freepbx-2-3-0-and-new-website-simultaneously-released]statistics[/url] that I fed back to you during the FreePBX 2.3 Beta program that helped us gauge the level of beta and Asterisk 1.4 coverage. The Asterisk and FreePBX version statistics also helps us make good development decisions to serve our customer base.
This information is transmitted when you click on [i]Check for Updates Online[/i] or nightly if you have chosen to have updates checked for you. (The nightly checks execute the exact same code as the manual check, there is no difference).
If we ever wanted to obtain more detailed information about your system, it would be an opt-in only basis, the code would be there for you to see and we would never implement something that could pull arbitrary commands from a server just waiting to be compromised.

If there are any questions or concerns with FreePBX, please start the discussion in the Forum or contact me offline.

Philippe – On behalf of the FreePBX Team

2.4 Beta Program Launch – Early Holiday Gift to You

We’re excited to bring you the kickoff of the 2.4 beta program in time for all that down time you are preparing for during the holidays! Since donations have been down for a while, I have not had to take time bookkeeping so I’ve had time to crank out a lot of good stuff for 2.4. However, with the Holidays coming up, maybe no donations isn’t such a good thing, hint, hint…



The theme of 2.4 has been a focus on validation and integrity checking to help you catch errors like IVRs with destinations that no longer exist, or overlapping extension number (e.g. a user and a conference set to the same extension). These are hard to find errors and unfortunately it is more likely that your customer finds them then you! In addition here are plenty of other new features, some new modules and other functionality to make this release attractive. There’s too much to list but I’ll highlight the big changes below. You can take a look at the 2.4 Milestone on the development site for a list of all the enhancements as well as links to bugs, feature requests and other tickets that have made up this release.

Here is a run-down of Changes:

  • Extension and Destination Registry to provide integrity checking for configuration setup and block/detect various configuration errors.
  • Custom Apps Module to support registration of custom dialplan extensions and destinations so that they can be included in system integrity checks.
  • Changes to Zap Channel Routing – now treated just like other inbound routes by assigning DIDs to Zap channels (which means you can route on CIDs now).
  • Many fixes and changes to Device and User Mode to properly support adhoc devices and hints.
  • Paging & Intercom improvements, feature enhancements, support for more and custom phones.
  • Addition of Voice Mail Blast module to support group voicemail announcements.
  • Addition of Language Module to support language changes as part of module linking as well as language attribute to user extensions.
  • Support for "call confirmation" with hunt strategy in Ring Groups and Follow Me.

How to install the release?

During the initial testing phase you will have to download and use the standard "tarball" upgrade process to get going, which can be found here:

We will provide an upgrade ability through the Online Module Repository to go from 2.3 to 2.4 once we have received enough testing as part of the Beta program. We do not want to provide that ability too early, as we do not want you accidentally upgrading production systems by choosing this option in the Repository.

How can you help?

Well first and most important, did I mention that donate button above or on the left? In order to continue the evolution of this great product, we need your financial support – we have thousands of our donated hours in addition to the real infrastructure costs for this Site and the Online Repository.

Next, testing. Most of the core dialplan and critical components have remained unchanged or have been carefully scrutinized. We expect very high stability going to this release. However there are a few areas that have undergone some changes and explicit testing of these areas will be valuable. These include :

  • Queues. The changes here are because we have ported the Queues module to a more modern underlying infrastructure as it was amongst a few of the old modules that had not been updated since the AMP days. The code is fundamentally the same, but there is a big conversion process when you upgrade and we would like careful eyes to scrutinize that Queues are still configured and acting like they were previously.
  • Zap Channel Routing. Existing Zap channel routes will be converted to a Zap Channel DID entry in the form of zapchanNN and then a corresponding route for that DID. You should confirm that the conversion continues to operate, and then consider changing the DID information to proper DIDs and testing the new abilities such as CID routing with Zap Channel DIDs.
  • Extension and Destination Registries. All modules should be properly implemented to block duplicate extension numbers and generate notifications if there are problem destinations. You should test out this mechanism by trying to create various errors and confirm they are blocked and/or notifications are generated upon applying a configuration. You should also convert your custom destinations to entries in the new Custom Apps module.
  • Bug fixes! Either help by providing patches, or if you are a developer and would like to get more involved contact us so we can work with you to get involved. Providing bug fixes and patches are a great way to show your work towards getting SVN access.

We are excited about the new capabilities that are in this release and look forward to running it through a thorough beta test cycle so we can get the release out for general consumption.

Thanks, and Happy Holidays!

Philippe – On behalf of the FreePBX Team

Are You Interested in a Training & Certification Course?

We have had numerous requests to put on a training seminar to provide deeper knowledge of FreePBX, General PBX maintenance and how to market and sell against the traditional providers. We are investigating doing such a multi-day training course and would like to know your interest in such. We have heard from users who have been to courses put on by other organizations that they would like to see something from us that takes it up a notch as well as focuses purely on the FreePBX based market (regardless of which Distro you choose to use). And we have also heard that you are looking for such a course that includes testing and certification to demonstrate your knowledge to your customers and employers.

So, we would like to hear from you if this is something you would like and would pay typical rates to attend? We are considering something in the March time frame if the response is positive but we need to know in advance if there is adequate interest to make commitments for hotel space and training rooms.

If you would like to attend, is there a preference in locations? We have considered locations such as Las Vegas, Chicago and Charlotte, NC.

Please let us know through responses to this post, we look forward to hearing what our community is looking for in this space?

Philippe – on behalf of the FreePBX team