Keynote speech, Free Software/Open Source Telephony Summit German User's Unix Group Geilenkirchen, Germany January 2005 Good morning ladies and Gentlemen. Thank you for coming to Geilenkirchen today, and will be talking to you this morning about Open Source telephony. My name is Craig Southeren. I am based in Australia, and I am co-founder of the OpenH323 project which is one of the most widely used Open Source Voice-Over-IP projects. I.m no longer associated with the company that owns the OpenH323 project, but I am still one of the principal maintainers of the OpenH323 code. My company is called Post Increment and it provides Voice-Over-IP consulting services as well as running the Vox Gratia web site which supports OpenH323 and OPAL development. At the 2004 Free Software and Open Telephony Summit, I made the prediction that 2004 was the year that Voice-Over-IP would take off. I was not alone in making that prediction, and looking back over the past year, I don.t think that there is any doubt that this prediction was correct. To show why, I would like to look briefly at the state of Voice-Over-IP during the tech-bubble of 2000, which some people claim was when the Voice-Over-IP boom really started, and compare that to the state of Voice-Over-IP here at the start of 2005. In 2000, Voice-Over-IP was active in two areas. Consumers, both business and private, were focused on using Voice-Over-IP for toll-bypass. Companies like Net2Phone and DeltaThree were selling calling cards or soft-phone clients that allowed customers to save money on outgoing calls by offering cheaper alternatives to the high prices charged by PSTN carriers for long-distance and international calls. These Voice-Over-IP calls were still charged on a per-minute basis, but usually at a much lower cost . sometimes as much as 1 percent of the cost of the same call over PSTN. Incoming Voice-Over-IP calls were not normally supported, and if they were, it was primarily for IP to IP calls within the vendor.s network. The key point is that most products were intended to offer savings on making calls, but were not intended to be a replacement for owning a regular PSTN phone. Interestingly, at this time very few, if any, of the major telcos offered consumer Voice-Over-IP services or products. The second area where Voice-Over-IP technology thrived during the 2000 boom was the enhancement of value-add PSTN services such as calling cards, call centres and interactive voice response systems. The focus for these was not on Voice-Over-IP technology for primary content delivery, but to use Voice-Over-IP behind PSTN to simplify delivery of PSTN applications. Now, fast forward to the present day. In 2005, Voice-Over-IP and indeed the whole PSTN network is in the middle of a massive upheaval, partially due to the pressure from Voice-Over-IP but also due to the rapid uptake of cellular phones. Voice-Over-IP is now very often the preferred method for new application development and for long-distance trunking infrastructure The cost of landline PSTN calls has dropped dramatically since 2000, to the point where it can now compete on a price basis with Voice-Over-IP -only calls. In fact, in a lot of cases a PSTN call is a Voice-Over-IP call - albeit probably over a private IP network rather than the public Internet. Unlike 2000, there are now many companies offering Voice-Over-IP products as a complete replacement for a conventional PSTN phone. VONAGE is one of the most well-known, but now even major telcos are offering Voice-Over-IP products and services. For example, AT&T and Sprint are just two of the big US telcos that are selling consumer Voice-Over-IP products. We.ve just covered very quickly how Voice-Over-IP has changed up till 2005. But I.m sure that everyone in this room would much prefer to know where Voice-Over-IP is headed in the future. Not only is that much more interesting, but it.s much more likely to earn us money. I.d like to offer my opinion of where Voice-Over-IP is going based on personal observations, and on my view of the Voice-Over-IP industry from the inside. And, because I am interested in Open Source and because this event is the Free Software and Open Source Telephony Summit, I will be pointing out some issues that I think are relevant to using Open Source software during the current Voice-Over-IP boom. One of the major drivers for the changes in the Voice-Over-IP industry has obviously been the uptake of broadband Internet connections. Five years ago, the majority of non-business Internet users had dialup modems. Voice-Over-IP applications had to use compressed codecs, usually G.723.1 or G.729. This was a barrier to Open Source Voice-Over-IP because these low-bandwidth technologies are patented and cannot be used without paying license fees. Even more importantly, good implementations of these codecs cannot be distributed in source code form, and so are incompatible with Open Source and Free Source software. Today, broadband is the dominant Internet delivery method. To give some hard figures on this: broadband in the US grew by 36% during 2004 alone, and broadband now accounts for 54% of all US Internet connections. This figure is expected to exceed 70% by the end of 2005. These figures are from Neilsen, and assume that broadband is a connection with a speed greater than 64 kilobits per second. Broadband allows Voice-Over-IP calls to be delivered using uncompressed codecs such as G.711. This means that the call should have the same audio quality as a PSTN call, because this is the same codec used by ISDN by TDM. This is a very important point, because audio quality has traditionally been one of the big barriers to the adoption of Voice-Over-IP. In one stroke, widespread broadband penetration removes one of the biggest hurdles to Open Source Voice-Over-IP development. Open Source developers can now use patent-free audio codecs such as G.711 without losing the majority of users. VONAGE in the US has demonstrated that this is true . they have 400,000 customers, most of whom use G.711 for their calls. So now, we have Voice-Over-IP calls that have approximately the same audio quality as a PSTN call. That.s not really much of an achievement, because PSTN calls are limited to a maximum frequency of about 4000 hertz, as that is the minimum range needed to ensure that most human speech patterns can be recognized. But if a broadband connection is being used, there is no reason why Voice-Over-IP calls should be constrained in this way. A packet switched Voice-Over-IP call is not restricted in bandwidth in the same way as a circuit switch call is, so a Voice-Over-IP endpoint can offer improved voice quality by using, a faster sampling rate, such as 16 kilohertz. An obvious next step is to improve the conference calls by using full stereo effects or even 5.1 surround sound. I know that at least one vendor has implemented so-called .high quality. Voice-Over-IP calls, but that vendor has not provided any technical information to allow verification of this claim. Even so, users claim that they can hear the difference. I predict that better audio quality than PSTN will become a driver for the adoption of Voice-Over-IP over traditional PSTN in the next year or so. I also feel that this is one area where Open Source has a real opportunity to be a leader rather than a follower, and I look forward to seeing, or should I say, .hearing. of new developments in this area. Another technology that becoming synonymous with Voice-Over-IP is WiFi. Hotspots for WiFi are everywhere these days. They can be found in airports, restaurants, cafes and schools. WiFi technology is readily obtainable to consumers, and many users have their own home WiFi network (ask audience how many have their own home wifi network) WiFi works wonderfully with Voice-Over-IP. I frequently use Voice-Over-IP over my home WiFi network, and in the last three months, I have made Voice-Over-IP calls from WiFi hotspots in Narita Airport in Japan, and in Changi Airport in Singapore without any problems. For consumers who want to make calls without a PC, there are several WiFi handsets available that use SIP natively. There are also dual-mode cellphones that can make calls using either conventional cellphone GSM or Voice-Over-IP over WiFi. The synergistic combination of WiFi and Voice-Over-IP presents many opportunities for Open Source developers. One such opportunity is the software used for WiFi hotspots, many of which are based on Open Source software. There is an obvious need for a WiFi hiotspot software package that includes a SIP or H.323 proxy, as this would simplify NAT traversal for Voice-Over-IP endpoints Another opportunity that WiFi offers for Open Source developers is in the area of embedded software. Many consumer WiFi devices can be retrofitted with new firmware, (the excellent Linksys WRT54G comes to mind), but there are also many companies developing new WiFi hardware that are looking for Voice-Over-IP applications and libraries. Voice-Over-IP and WiFi are obviously complementary technologies, and I think we all agree they will continue to accelerate each other. As one of the co-founders of the OpenH323 project, the change in focus from H.323 to SIP has been of particular interest to me. For some strange reason, it.s often assumed that I because I have worked with H.323 for many years, I must therefore hate SIP. So I.d like to make something very clear. It is not true that I like H.323 and hate SIP. I hate both H.323 and SIP exactly the same. They are both very complicated, and they are both difficult to implement correctly, but they both have very important advantages and disadvantages. I.ll not bore everyone here by going over this old argument again, but if anyone is interested, we can discuss it in depth later today, or preferably, later tonight over a few drinks. What is not in question is that five years ago, the major Voice-Over-IP protocol was H.323, but now, SIP is the dominant protocol for Voice-Over-IP client software. The picture is less clear for applications in the network core, as evidence says that more than 50% of calls using Voice-Over-IP leg still use H.323 at somewhere. But the evidence is also clear that the majority of calls that use Voice-Over-IP end-to-end use the SIP protocol, and while H.323 will be with us for many years yet, it.s use is definitely on the decline. For Open Source developers, this is good news. The complete SIP specification is very complex and (at last count) was the subject of 55 different RFCs, but the essential concepts of SIP are simple to understand. Writing code that can create and maintain a simple SIP session is quite easy for a programmer of even modest skills, which means that an Open Source developer needs less time to get results. That can only be a good thing. But in this simplicity lies a subtle trap for Open Source developers. Very often, programmers seem to conclude that it is simpler to write a new SIP stack, rather than to use one of the existing excellent Open Source implementations. This is leading to a proliferation of Open Source SIP stacks, each with their own problems and incompatibilities. To me, this indicates that developers, Open Source and Closed Source, are wasting time finding and fixing problems that other people have already found and solved. I find this confusing because one of the strengths of Open Source is supposed to be the elimination of duplicated effort by allowing sharing of code, but this does not appear to be the case for SIP stacks. Time will tell if this trend continues. So, if you are involved in project that needs a SIP stack, then please reconsider whether you really need to re-invent the wheel again. If you do decide that you need to write another SIP stack, then please consider making the code Open Source, and do it now rather than waiting until the code is finished. The sooner you make your code available, the more chance you might get someone else to help you debug your code, and the more likely you will stop someone else from duplicating your mistakes. Traditionally, telcos have always attempted to lock-in their customers by using proprietary or undocumented standards. When they are forced to use documented standards, telcos usually add protocol extensions that lock out competitors. Computer companies often use the same strategies, so it amall wonder, then, that Voice-Over-IP providers, which are both telcos and computer companies are using the same strategies. A good example of this is the popular Skype program and network. (ask audience who has heard of Skype, and who has used Skype) From a user.s perspective, Skype is a great system. It transparently works through most kinds of NAT and firewall, and it is available for a wide variety of platforms including Linux, Windows, MacOSX and PocketPC. The call quality is mostly excellent, and it supports video, text chat. Best of all, it is free to download, free to register, and free to make person-to-person calls. I have heard that some companies now depend on Skype for all of their international calls. Skype is a classic example of a vendor using a proprietary protocol to lock in their customers. The Skype protocol is completely closed and is inaccessible to developers, except through their proprietary interface which has limited functionality. There is no chance of writing an Open Source client for Skype . if you don.t have one of the approved host configurations (say, you have a Power PC Linux machine) then you are out of luck. More seriously, there is no means of verifying any claims that Skype make about their system. As an example, Skype claim on their website that the client program .automatically encrypts everything before sending it through the internet.. For a start, this claim is verifiably false . anyone can use Ethereal to see that the Skype username is sent as clear text. So lets assume that Skype.s statement actually means that the audio data is encrypted. Skype engineers have apparently stated that RSA is used to encrypt the audio data, but because the protocol is undocumented, there is no way to verify this. And even if it is true, we have no way of knowing if the audio data is encrypted end to end, or if it is decrypted and re-encrypted at every node in the network. And remember . Skype is supposed to be a .peer to peer network. just like Kazaa, so this is a very important difference. Potentially, your .secure. call could be available to every peer that your call traverses. Now, it is only fair to point out that most Voice-Over-IP networks don.t offer encryption at all; so any encryption, even bad encryption, maybe better than what you are using now. But if you do care about security, then you have no way of verifying whether Skype.s claims are true or not. If Skype was based on an open standard, such as SIP or H.323, then other companies and individuals could write clients that would interoperate with their network, and it would be possible to verify the claims about security. The same could be done if Skype provided an Open Source client, even if it used a new protocol. But Skype have chosen to do neither, and so I feel that Skype is a risky option for companies that depend on Voice-Over-IP for their business The speed at which user have embraced Skype and the other closed-source and closed-protocol Voice-Over-IP networks such VONAGE and CallVantage shows that the users are comfortable with using a Voice-Over-IP network, provided it solves problems such as NAT traversal and had good audio quality. This situation seems, to me, to be a perfect opportunity for the Open Source community to provide an alternative network that is not locked into a particular vendor. The Free World Dialup network from Jeff Pulver, and IAXTEL from Digium are both attempts to provide this, but they are limited in scope as they are both locked into specific Voice-Over-IP protocols. I would like to see a protocol-independent addressing network that is not controlled by any one vendor. This network should allows users to find each other and to make calls. I think that DNS is an obvious answer to this question, not using ENUM, but using email addresses. I.d like to finish my talk with a discussion of software licenses. When my business partner and I decided to release OpenH323 as Open Source in 1999, one of the most important decisions we had to make was the software license to use. We had two requirements that drove the license selection process. The first requirement is that the license we chose had to require developers to return their code modifications back to the community. We felt this was necessary if we were to prevent the software from being hijacked by developers who would use the software, but not contribute their changes back to the community. Secondly, we needed the license to permit combining the code with other non-Open Source code; but without the entire combined program needing to be released as Open Source. We needed this in order for us to fulfill our goal of using OpenH323 to earn a living which would allow us to create more even more Open Source software. This would also allow the use of patented codecs such as G.723.1 which we considered essential if OpenH323 was to be accepted as a real alternative to closed source stacks. After much discussion and investigation, we had a short list of four Open Source licenses that were candidates for our license. The first was the well known Gnu General Public License, known as the GPL. This is the most popular and well known license for Free Software, and it is in the unique position of having a full time advocate in the person of Richard Stallman. Given the amount of software available under this license, we had to consider it seriously. In the, however, we had to reject it because of paragraph 2b of the GPL. This paragraph is the famous .viral license. clause that only requires any software program that contains GPL code to also be GPL. As the GPL requires free distribution of source code, this prevents GPL code from being used with non-Open Source software like patented codecs. For this reason, we rejected the GPL for OpenH323. We also considered the Lesser GPL, or LGPL. This license seemed well suited to us, because it is compatible with the GPL but still allows code to be in the saeme program with non-GPL contributions. Unfortunately, the language used in the LGPL is not clear. The license text seems almost to be a commentary on Free Software rather than a clear statement of license conditions. For this reason, we decided that the LGPL was not specific enough and so was not suitable for OpenH323. We considered the BSD license which is among the most open of all of Open Source licenses. After reading the license text, we decided that the only purpose of the BSD license is to disclaim responsibility for damages arising from any use of the code. Because the license does not place any restriction on how developers can use the code, we could not use it for OpenH323 because there was no requirement for developers to contribute their changes back to the project. In the end, we chose the Mozilla Public License, or MPL, which was originally created by Netscape for the Mozilla web browser. The MPL requires any modifications to the code to be returned to the project, but it is missing the .viral. property of the GPL that spreads to the entire program. Because of this, our code can be combined with code using other licenses such as the GPL, or even closed source code. Six years later, I still think we made the right license choice, even though our decision not to choose the GPL has caused contention among our friends in the Open Source and Free Software communities. Our selection of a commercial friendly license means that many companies have selected OpenH323 instead of purchasing a closed-source H.323 solution. Some of those companies are now active contributors to the OpenH323 code base, and those contributions are now available to everyone, including many developers in projects that use the GPL. If we had chose the GPL instead, then those contributions would be lost, and the project would be much poorer for it. If you are considering the selection of license for an Open Source or Free Source project, I would recommend that you consider whether the GPL really meets your needs. While it is the most popular license, I feel that many people choose it for their project without considering the many real alternatives. I would like to thank our host Martin Schulte of the German Unix Users Group for looking after us during the past three days, and for his superhuman efforts in keeping us all happy and fed and with Internet access. I would also like to thank CSB System International, and particularly Albert Boymer, for providing us with a wonderful venue which make these summits very enjoyable and much fun. That concludes my talk for today. Thank you for your time, I'd be happy to take any questions.