When I registered thestateofme.com some years back it was for a project to allow synchronisation of RSS aggregator/reader state across a number of systems. I never wrote any code because things got overtaken by events. Firstly I discovered RSS Bandit, which had a mechanism to sync state via a WebDAV server (and a number of other means). Then along came Google Reader. At first it kind of sucked, and I kept on using RSS Bandit, but a year or so later I switched to Google Reader and I’ve never looked back.
But now state synchronisation is once again looming as a problem. I want to read ebooks, listen to audiobooks and watch videos on a range of devices, and I want to be able to pick up where I left off – regardless of which device I last used.
Despite knowing that ‘it’s a trap‘ I ordered a Kindle 3G a few days back, which should be delivered by the end of the month. I’ve accumulated so many O’Reilly ebooks recently that I reckoned it was worth having a dedicated device for them. But what if I get going on a novel using it, and then decide I’d like to read a few pages on my iPod touch, or my Tablet PC, or the Android phone I’ve yet to buy?
I recently got a bunch of audiobooks from Audible via a free promotion from a UK newspaper. I’d never tried the format before, but I kind of like it – I listened to a few chapters of Matter on the way to/from a reunion event at the weekend. The Kindle should pay those books too, so how do I start from the right place without laboriously writing down the chapter and time stamp?
I should also take this opportunity to moan about Windows Media Player’s lack of a ‘resume’ function. I like to watch videos on way train ride home, but I don’t always get to complete a whole episode. If I pause an episode then I can pick up again – provided that the machine hasn’t been restarted (which happens all too often with Windows). It’s also feasible that I’d start watching a video on my laptop, and want to finish it on a media player at home, or an iPod or whatever.
The answer to all of these questions is a bookmark service in the sky.
Of course it’s never that simple. People need to agree on APIs and data formats, but it’s also not rocket science. Just to make things a little more tricky though I’d like something that isn’t trapped inside a proprietary content/player silo.
Anybody out there interested in giving this a push forward?
Filed under: cloud, could_do_better, media, technology | 7 Comments
Tags: audiobook, bookmark, cloud, ebook, media, player, reader, state, sync, synchronisation, video
Identity Providers – Google
This is my second post in a series looking at how federated identity has becoming a reality (I first looked at Twitter).
The user experience
The basic premise of federated identity is first you sign into something that you use a lot, and then the platform reuses that sign in to get you into other applications. Outside of the enterprise where people sign into their machines using Active Directory then by far the best place to start is email as that’s typically the app that’s opened first and used the most. Whenever I open my first browser after restarting a machine I open three tabs: Gmail, Google Reader and Google Apps mail for my company domain. In this case Gmail gives me a token to access all of the apps that are federated with my consumer persona, and GApps gives me a token for all of the apps that are federated with my work persona. When I start those other apps I might see some info in the browser saying that it’s redirecting briefly to Google, but I don’t see a sign in page, I get taken straight there.
First time
The first time you visit a site that supports Google sign in you’ll see something like this:
and then you get asked to confirm:
and after that things should be pretty seamless
Maintenance
You can review the applications using your Google ID by going into the My Account page and clicking on Change Authorized Web Sites [1]
Under the hood
There are two principle mechanisms at work:
1. OpenID for authentication
OpenID has been much maligned and is perceived to have many weaknesses. I would argue however that it isn’t a fundamentally weak protocol, and improvements have been made over time. I remember a few years back being stared at by a room full of identity geeks when I was the only one that said that I’d like the big company that was hosting us to support OpenID – oh how things have changed.
2. OAuth for authorisation
Sometimes authentication is enough in its own right, but there are many times when an associated authorisation is needed (e.g. to connect to contacts or calendar data). This is where OAuth comes in, and Google have been one of the driving forces behind the standard [2].
What about SAML?
The Google identity ecosystem, which has become the heart of Google Apps Marketplace is pretty much built on the ‘O’ protocols OpenID and OAuth, but there is a place for SAML. Basically it can be used to extend a Google based federation back into an enterprise – so first the user signs into their active directory or whatever [3] and then they get a Google issued token to sign into other apps. There’s a great diagram to illustrate how this works (thanks to Eric Sachs for pulling this together in the first place, and bringing it to my attention).
Persona
I already touched on the work/home persona piece above. Google certainly supports multiple personae, but there is trouble in paradise. A year ago I could be signed into multiple Google Apps domains, and my Gmail and everything behaved itself in isolation. These days I far too often see something like this:
and this:
and far too often when I select an account it still fails to get me to the right document. This can be worked around by using another browser (or ‘porn mode’), but it’s pretty aggrevating.
Google have tried to fix this with multiple sign-on, but this seems to do more harm than good. I for one don’t feel that offline mail is a sacrifice worth making.
The key issue seems to be that Google haven’t figured out an elegant means to determine an anchor identity against which multiple personae (more than 3 please) can be attached. For what it’s worth I’d argue that this should be put in the hands of the user – if they have multiple Google personae then let them decide which is the parent account (the one that they sign into first) and which are the children. Of course this can get complicated when work life (and work security policies) encroach onto ‘home’ computers and devices, which brings us on to…
Strong authentication
Had I written this a day or two ago as planned then I’d be spouting about Tricipher (and how wise VMWare were to buy them) and Verisign VIP (and how it also works with eBay/Paypal).
That all changed yesterday when Google launched their own two factor authentication.
I’ve been using it for a day now with the BlackBerry application, so some early thoughts on the system:
- It’s a shame that I couldn’t use an existing OATH token like the VIP soft token that was already on my BlackBerry [4].
- The access codes mechanism for applications and devices that can’t live with two factors is ultimately a security by obscurity mechanism for single factor by the back door, but I accept that it’s a necessary evil (I’ve already had to generate 6 codes). It would be helpful if I could impose additional controls (e.g. source IP) for certain access codes, but this is going to be impractical for mobile – bring on SIM/TPM based keys.
- Strike codes are a good catch all for when people lose their token generator, but I fear that much better education will be needed to prevent disasters here. At least there isn’t a weak workaround (like there is with the eBay/Paypal VIP usage when you say you lost/misplaced your token).
- User choice is all well and good for private accounts, but company administrators want control. I don’t want to say to my team ‘you can use 2 factor if you feel like it, it’s more secure but a bit less convenient’, I want to say ‘our corporate data is the life blood of the company, and we need to keep it as secure as possible – you will now need to use 2 factor’. I also want to have the tools to help my users out when they have trouble with 2 factor, like the ability for domain admins to (re)generate strike lists. It feels to me like Google have developed this for Gmail, but soft launched it to GApps Premier Edition.
- I seem to be being prompted for my password (not my OTP) more often than I was before I turned two factor on. This is making things like Postini a bit more clumsy to use[5], and providing a lumpy user experience. I’m guessing that some parameters have been tightened up, but it would be good to have control over this (and for the user experience to be a bit more evened out).
Overall
It mostly works most of the time, which is certainly better than the alternative of having dozens of passwords to wrangle. There is however clearly room for improvement, especially around the new two factor support and persona. Two factor is good, but it’s also a bit of a pain, so I want to be able to use it as infrequently as possible. For that to happen Google really needs to nail down this thing I’ve termed the ‘anchor account’, and provide a means to spawn various personae off from that.
Next instalment… Facebook.
Updates
Update 1 (19 Jun 2012) – Google have now enabled GApps administrators to force 2 factor authentication.
Footnotes
[1] for Google Apps for domains you need to got to https://www.google.com/a/yourdomain/ManageAccount to do this stuff.
[2] There’s some excellent documentation of OAuth here.
[3] It is invariably AD, though the sign in can be using whatever mechanism the enterprise chooses – password, smartcard, OTP etc. Sadly there isn’t a good way of seeing how strong the initial authentication was and passing that through to an eventual relying party.
[4] Sorry Joe, but it seems you’re out of luck – though there is a glimmer of hope from within the Googleplex. C’mon guys – tell us how it’s done?
[5] I got an error message about cookies, when what it really wanted me to do was sign in (again).
Filed under: identity | 5 Comments
Tags: federated, federation, gapps, gmail, google, identity, OATH, oauth, OpenID, persona, single sign on, SSO, two factor
iOS 4 on iPod Touch 2G
I heard quite a few friends whining that iOS 4 wasn’t a good ‘upgrade’ on their iPhone 3G(S)s, with many reverting back to versions of 3.x that were considered faster or more stable. I was therefore somewhat sceptical about upgrading my iPod Touch 2G, and would have left it be if it wasn’t for so many apps demanding 4.x.[1]
After digging around the web, and asking around on Twitter I couldn’t find anybody that would say whether this would go well or badly. Eventually I caved in and went for it with 4.02. The process began with an obligatory upgrade to iTunes 10. For some lucky reason I didn’t need to turn off Ping, it was off by default – yay. The backup/upgrade/restore cycle took ages (most of a day).
No harm done – that would be my first impression.
Oh – and there’s an ‘airplane mode’ slider now in settings.
4.02 to 4.1 didn’t take so long – around half an hour. I’ll report back here if I find anything worthy of comment.
Bottom line – iOS 4 on the iPod Touch – probably necessary for new apps (and upgrades to old apps) that insist on 4.x, but otherwise Meh!
[1] This would seem to mark the end of the road for my old iPod Touch 1G. It will still fill my kitchen with music, but the apps world has left it behind
Filed under: technology | Leave a Comment
Tags: 2G, 4.x, iOS, ipod, iPod Touch, Touch
Identity Providers – Twitter
Federated identity seems to have sneaked up on us. A couple of years back federated identity was some huge enterprisey thing that was costly and took time to implement. Then a bunch of service providers started to be identity providers, but there were no relying parties making the whole effort somewhat useless. Now it seems that the relying parties have come. I’m going to start by taking a look at Twitter, and the sites that use it.
The user experience
I for one am sick of having to create a new account for every website I want to interact with, so it’s great when I can just click a button instead:
On first use there’s a splash screen asking if it’s OK for the web site (relying party) to interact with Twitter (identity provider) on behalf of that user, and that’s it, we’re done. Provided that you’re signed into Twitter using a browser you can get straight into the site in future.
We are what we Tweet
Using a Twitter identity to sign in to Twitter related sites makes perfect sense. There’s just no reason why users of that type of site wouldn’t already have a Twitter account to reuse, so for things like PeerIndex it’s perfect.
There is of course the anti-pattern of firstly getting people to sign in with Twitter, and then asking them to provide a password (for a presumably standalone account) – PlanCa.st – I’m looking at you (this is one user that you lost to identity management failure).
For sites that don’t revolve around Twitter it’s still nice to have the option not to create a new identity, and of course Twitter can sit alongside of other providers when that makes sense.
Persona
Having multiple Twitter identities seems to be something that’s broadly accepted. Certainly tools like TweetDeck make it easy to maintain several personae. Things get a bit tricky in the browser though, as you can only be signed into one identity per browser; though this is where ‘porn mode’ can come to the rescue by providing a cookie sandbox [1].
Overall
I’m glad to see that an ecosystem of relying parties has sprouted up around Twitter. It’s convenient, and it makes sense. I know that it aggregates some risk into my Twitter account, but I still feel that’s better than trying to manage a separate username and password for every web site.
Next instalment… Google.
Update 21 Sep 2010 – you can review the apps connected to your Twitter account in the settings/connections page
[1] Some experimentation with incognito windows on Chrome seems to indicate that you get a single cookie sandbox away from the main Chrome instance, so you can’t just open up fresh windows for each identity :(
Filed under: identity | Leave a Comment
Tags: federated, federation, identity, oauth, OpenID, PeerIndex, persona, PlanCa.st, twitter
It used to be that I could sling the kids bikes into the boot of the family car, and strap mine and my wife’s onto a cheap two bike carrier on the boot. Life isn’t that simple any more. Now that the kids have their own little mountain bikes they don’t fit into the boot any more, so I needed something that could manage 4 bikes, which turns out to be less straightforward than I hoped. A bit of research let me to two options:
Option 1 – Roof rack mounted
This was never my favoured approach. For some reason I keep getting visions of driving under a low bridge (and with many cycle tracks on disused railways there’s a lot of these about) and hearing and awful clattering noise. When I totted up the cost of rails, bars and bike holders it was far too much, and I was also put off by the fact that most of the packages seemed to be only for two bikes (though I’m pretty sure four would fit).
Option 2 – Tow hitch mounted
If you want more than two bikes on the back of your car then it seems to be obligatory to get a tow hitch. A friend of a friend showed me a neat setup with a detachable tow hitch and a Thule carrier that went onto the tow ball, but ‘detachable’ seems to add around £130 to the cost so I went down the cheaper route. A ‘flange’ tow bar from Towequipe [1] set me back £85, and then the Thule 9705 carrier was a further £65. The carrier comes with a plate that bolts on to the towbar (hence the name ‘BoltOn’), and then clips into that plate [2]. It’s a simple but effective arrangement.
Garage tidy
My favourite thing about the 9705 is that you can but extra mounting plates (part no 958). I’ve got no intention of putting the bikes on my little car (what’s the point of four bikes on a car that only holds two people?), but I thought it would be useful to put one on the wall in the garage. This turned out to be a great move. Not only do I have a place to store the carrier, but I can also sling a few of the extraneous bikes onto it so that the garage is less of a mess than it might otherwise be.
Conclusion
I’ve yet to try the carrier in anger. I’ve had a dry run, putting it onto the car and putting the bikes on, but the British summer weather has so far prevented a proper trial. I wouldn’t be surprised if it alters the handling of the car a little with so much extra weight so far behind the back wheels, but that shouldn’t be a surprise. With the caveat that it hasn’t yet had the ultimate test I’m very happy with my new carrier, especially when I go into my tidier garage.
Notes
[1] For some peculiar reason the version for my car at this price was only available on their eBay store.
[2] One of the clips didn’t seem to align properly. On further inspection it seemed that the holes weren’t quite true. Rather than go through the hassle of returns I did a bit of reaming with an 8mm HSS drill bit and all is now as it should be.
Filed under: review | 1 Comment
Tags: 9705, bike, bolt on, BoltOn, carrier, Thule, towbar
3D (in)Secure
It’s not news that the 3D Secure system that gets branded as ‘Verified by Visa’ is a steaming pile of something that should be scraped off shoes rather than presented on screens. Ben Laurie was the first serious voice of dissent (that I noticed), but then along came Ross Anderson and Steven Murdoch to ensure that we were left in no doubt – how online card security fails [paper].
There is however an insidious problem that none of these worthy security researchers seem to have noticed, which is that the system doesn’t deal with additional cards.
It’s common practice for couples to have joint bank accounts, but there’s not really such a thing as a joint credit card. With credit cards there’s an individual card hold, and there can be additional cards. My wife has a number of these additional cards that she considers to be joint, but they aren’t (even if they’re paid from our joint account) – I’m the cardholder. This is where 3D Secure breaks down (again), as purchases made with additional cards (e.g. my wife) lead to a request for authentication by the cardholder (i.e. me). If I’m not there to type in my password then she can’t buy stuff online, which is kind of inconvenient.
Of course I’m sure that many couples just share their 3D Secure password, this is after all what the banks tell them to do, sadly it’s also directly in contravention of the terms and conditions:
FAQ ‘Only the primary cardholder can enrol with xxx Secure. All other additional cardholders on the same account should use the same login and password as established by the primary cardholder.’
Ts&Cs – ‘You are responsible for keeping your password and username secret. You must not write down, store (whether encrypted or otherwise) on your computer or mobile phone handset or let anyone else know your password or username, and the fact that they are for use with this service.’
I’m sure that the banks don’t care much about this obvious conflict. As Ross and Steven point out the whole purpose of the scheme is to pass liability to the customer, and of course that customer becomes more liable the moment that they break the Ts&Cs (even if the FAQ tells them to).
Clearly whoever contrived the system (as it would be foolish to say that it was designed) forgot to have a conversation with a business analyst about additional cardholders.
Filed under: could_do_better, security | 2 Comments
Tags: 3D Secure, additional cardholder, cardholder not present, CNP, credit, credit card, joint account, liability, payments, phishing, security, Verified by Visa
The end of the bus tour
I took the kids for a day out to the Tower of London last week. Despite one of my colleagues suggestions I didn’t leave them there. It was great – particularly the knights tournament and the water balloon catapult in the moat.
On leaving, my wife suggested that we should take a tour bus to kill the hour and a half that we had until our dinner reservation in Picadilly Circus. My gut feel was that this was a bad (expensive) idea, but I went along with it until the bill shock slapped us right in the face – £74 for a two adults and two children. We used our Travelcards to jump on a number 15, which took us right where we were going (lucky) and the London traffic was almost slow enough to make us on time.
This got me thinking – why would anybody (other than an Aberdeen Angus munching tourist uber-idiot) ever pay that much to get carted around London (or any other city) when there’s a perfectly good public transport system [1]. I believe (in due course) there’s an app for that. I know that having a tour guide can be part of the experience, but there’s the language issue for many tourists (who are often left listening to some black box anyway). Why not just use a location based app on a smartphone? As part of the ‘right click universe’ you then get to make your own tour – get on a bus – point at the things that look interesting – get the blurb.
[1] If we’d not already bought Travelcards then the daily limit for Oyster travel on London buses is £3.90, and kids are free. £7.80 or £74 – tough choice.
Filed under: wibble | Leave a Comment
Tags: app, bus, location, London, tour
Call routing
Joe asked me about call routing following my post about office VOIP. It’s not a straightforward subject, so I thought it probably deserves a post of its own rather than just a comment reply.
Point of entry – SkypeIn
Having used ‘one number’ for a while in my old banking IT job I wanted to continue in the same way when I left for my new role. SkypeIn seemed to be the only show in town (at the time) that would allow me to have a number that I could redirect where I wanted to. I bought a subscription, which gave me a discount on the number, and also allows me to forward to any UK landline number without running up per minute charges.
Fan out – Ribbit Mobile
Ribbit’s ‘find me’ function lets me have a number of phones ring in the hope that I’ll be near one of them.[1]
Office – SNOM 300
This is a decent SIP phone that allows for multiple SIP subscriptions (four) and has reasonable call handling facilities (hold, transfer etc.)
Home office – GrandStream 286 ATA and Plantronics T20
BT were kind enough to lend me that ATA for testing Ribbit’s SIP functionality. If they ever ask for it back I’ll probably buy a Linksys PAP2T (which a number of my colleagues use for their home extensions). I prefer a headset to a regular phone, and I bought a Plantronics T10 ages ago in order to deal with conference calls whilst working at home. With the extra line that the ATA gives me (in addition to the regular home phone line) I got the T20 so that I could deal with both.[2]
Mobile – BlackBerry 8900
An undocumented (and presumably unsupported) feature of Ribbit Mobile that sometimes works and sometimes doesn’t (and that I wish they would formalise) is that when a call hits its service without CLI from my mobile it knows that the caller didn’t already ring the mobile and so it rings the mobile too.[3]
It’s not actually that simple
Ribbit’s great, but there are times that I need to use Voicehost e.g. to call an office extension. To get my single line ATA to use multiple SIP services I employ SIP Sorcery, where I have a simple Ruby dial plan that routes calls via Ribbit unless I prefix them with 0*.
The people problem
It’s very hard to leave a phone to ring. But it’s also impossible for me to be in my office and home office at the same time, and I spend plenty of time in neither location. This means that when people call me there’s going to be a phone ringing in a place where I’m not, but my family and/or colleague might be. What I want to happen here is for nobody but me to pick up – so I rely on my family and colleagues not to be ‘helpful’.
I could of course spend my life fiddling with the web console for Ribbit turning extensions on and off, but that’s not very convenient
Profiles
Much better would be if I could have profiles e.g. ‘office’ – just ring the office phone, ‘home’ just ring the home office phone, ‘other’ just ring my mobile. Switching profiles would have to be possible from a mobile (web) app, as it’s the sort of thing that you’re sure to forget as you’re rushing out of the office for a meeting.
Location based automatic profiles
Better still would be if my profile could be automatically switched as I change location – something that my smartphone should already know. There’s not an app for that – yet. Fingers crossed.
Roaming
Most of my international travel is to the US [4], so I have a US PAYG SIM in an old Nokia 7210 (my last mobile phone that was just a great phone rather than an adequate phone bolted onto a handy little computer).
Most PAYG tariffs (including mine) don’t support conditional call routing, so I don’t get to make use of Ribbit. Here I just use SkypeIn to forward to my US cell number, and upgrade to a global subscription for the duration of my trip so that I don’t get whacked with per minute charges. This means that people can still get me on my ‘UK’ number even when I’m in the US.[5] I also make use of Skype’s excellent ‘To Go‘ service to call home from a US point of presence. I have to top up my PAYG account by $100 each year, and I never in practice use all of that credit, but it’s a lot less than I’d run up in roaming charges if I just used my UK mobile.[6] I also change the call forwarding on my mobile to go to my SkypeIn number, so anybody calling my normal UK mobile gets routed through to my US one.
Wishlist
In addition to the location based routing profiles I’d love it if Ribbit was internationalised so that I could have US ‘purpose’ numbers and route calls to US numbers (as well as UK numbers and SIP end points). It would also be great if I could port numbers between services, which I think is pretty easy in the US, but only seems to work for mobile numbers in the UK.
Endnote
There’s a video demo of Ribbit Mobile routing that begins with @jobsworth destroying his iPhone (when he was supposed to drop a dummy in the jug of water) – instructional and amusing.
[1] This isn’t how Ribbit Mobile is supposed to be used, at least not without the ‘purpose numbers’ that aren’t yet supported in the UK. The intended usage pattern is for the mobile number to be the point of entry and for the Ribbit service to be connected via conditional call routing.
[2] This hasn’t worked out so well. My T20 seems to have a fault on line 1 which makes the volume really low. Since I bought it from Amazon in the US (as they don’t sell them in the UK where there isn’t much of a market for 2 line home phones) it’s not so easy for me to get service or a refund :(
[3] I’d much rather have an Android phone than a BlackBerry, but when I needed a new phone the only Android on the market was the G1 on T-Mobile (and I was happy with neither). I’m counting the days until I can get an upgrade to something like the HTC Desire or whatever replaces it.
[4] In the past I’ve also run Swiss and Spanish PAYG SIMs, but I don’t spend enough time in those places to keep a SIM active.
[5] Which means that I need to be careful to turn the ringer off if I don’t want an early call from somebody without the faintest clue where I am (and that I’m trying to sleep).
[6] I started doing this after one month where I’d spent two weeks in the US running up £300 ($600 at the time) in roaming calls, and I’m not even one of those people who spends their lives with an ear glued to their phone.
Filed under: technology | Leave a Comment
Tags: ata, ribbit, sip, skype, SkypeIn, voip
OK. I very nearly bought a new tablety netbook earlier in the year, and I’d still like an s10-3t (or similar)[1], but I’m in no hurry to buy a new netbook and here’s why.
Netbooks are good enough. They’re good enough for web surfing. They’re good enough for watching SD video (maybe even 720p if you have the right screen and graphics chipset). They’re good enough for casual document and presentation editing. They’re good enough for pretty much everything that I’d like to do with a portable machine – and that’s it. The netbook that I bought more than a year ago is still good enough for all those things. I’ve had the chance to play with the latest Lenovo and HP machines in the last few weeks, and they’re a tiny bit better than what I have already. But not enough better that I’m going to splash another £250 or so on a new machine. I’ll buy a new netbook when the one I have breaks, and that could take a very long time – they’re built to a price, but not flimsy.
The press are starting to run articles along the lines of ‘tablets hit netbook sales’ (e.g. on The Register). This misses a couple of important points for me:
- Tablets (like the iPad) and netbooks share a lot of functionality, but they aren’t interchangable purchases. Somebody who wants a netbook won’t buy a tablet instead.
- Pretty much everybody that does want a netbook got one already, it should be no surprise that sales are slowing up. The market is probably reaching that saturation point that mobiles hit a decade ago (when everybody in the civilised world already had two).
Dave Winer points out that the one thing that has improved in the last year is battery life. Batteries are an important consideration, particularly as they deteriorate over time. Maybe when the battery on my s10e gets to the stage that it’s frustrating I’ll be faced with a tough choice between buying a vastly overpriced replacement, or just getting a new netbook with a new battery?
[1] Lenovo never did get me the s10-3t that was promised, and they don’t seem to have made a reappearance on their UK direct sales web site. Whilst I’m still happy with the X201 Tablet that was sent as a substitute it would be nice to have something a little lighter.
Filed under: technology | 3 Comments
Tags: Asus, HP, iPad, lenovo, netbook, s10-3t, s10e, tablet
Office VOIP
This post has been a long time coming, in part because it took so long to get everything working.
It was almost 6 months ago that I decided to go down the VOIP route when my company moved to a new office. It’s a decision that I’ve questioned many times, though I think it was ultimately the right thing to do.
The background story – why I came to think this was a good idea in the first place
In my old banking job one of my duties was to work with our outsourced network providers (BT and Swisscom) on R&D projects. One of the more interesting outcomes of this was that I got roped into a ‘hot house’ at Adastral Park looking at the knotty subject of converged collaboration and communications. I got dropped into the Osmosoft team, and much fun was had by all mashing up bits of Wikis, IM, VOIP etc. One of the cool tools that I got to keep on using when the whole thing was over was Mojo, which was a consumer web application on top of BT’s (now defunct) 21CN SDK. Mojo let me initiative calls from a cloud service, and seemed to work from any telephone number to any telephone number (it could also send texts). It had its own currency – Mojits – and I would from time to time have to bother the BT guys for more (the system would charge a number of Mojits for call initiation regardless of where the end points were or how long the call was). I knocked up a basic application that let me initiate calls from my BlackBerry, which was very handy when I was roaming (as I could use it in combination with a local mobile for free calls to anywhere).
Mojo was just one of the cool tools. During the course of the Hot House we collectively came up with plans for the future of telephony, where everything would be mobile, location aware, personalised (and cheap). All the pieces of that future were there already, just unevenly distributed (and not very connected)
When BT abandoned 21CN SDK in favour of it’s newly purchased Ribbit Mojo got pushed out to pasture. Luckily JP was kind enough to arrange for me to go on the private beta of Ribbit Mobile, which offered similar capabilities (and more besides).
The original plan – Ribbit everywhere
The basic premise of Ribbit Mobile is that your mobile number is the ‘one number’ that people will get you on [1]. Through the magic of conditional call routing [2] calls to your mobile can be redirected into Ribbit’s telephony cloud. From the cloud calls can then find you elsewhere (using POTS or SIP), or the system can take a message for you, which can then be transcribed into an email/text/IM. The system also integrates with contact data, so when you get a message you can see who it’s from rather than just a telephone number [3]. For a while there was a mobile browser app at m.ribbit.com that allowed call initiation in much the same way as my old BlackBerry app on Mojo, but when the SPAMers and other bad guys started hitting the US public beta that feature got taken away.
It’s worth noting that the main application piece of Ribbit Mobile is a giant blob of Flash, and it’s fair to say that I hate using it. Luckily there’s little need to interact with the app on a frequent basis, as it can be treated as a configuration tool [4].
The piece of Ribbit that interested me for the office was it’s SIP implementation. The idea was that people could use their desk phones as better quality extensions to their mobiles (which many of my colleagues prefer to use anyway). As a backup the ‘shadow number’, which is the number that mobiles forward to in order to use Ribbit could be used as a geographic number.
Mistake #1 – buying Cisco 7940 phones
Ahead of moving to the office I bought 10 Cisco 7940G phones, and a power over ethernet switch to feed them. This turned out to be a huge mistake. If I’d done my research properly I’d have found that whilst those phones are fine with an on premise VOIP server such as Asterix [5] they don’t do a very good job of NAT traversal, which makes them pretty much useless for cloud SIP providers.
I was quite proud of myself when I got all the phones upgraded to the latest SIP firmware [download] using a TFTP server [download] on my netbook. I even managed to get the phone on my desk working (for a while) – it was getting the other 9 to work that was the problem. To cut a long story short there was no way of making these phone work reliably with Ribbit, or any other cloud SIP provider. I reluctantly gave in and bought 10 Snom 300s, which have been much more satisfactory.
The plan meets the enemy – the plan changes
Once I got the phones to work we quickly discovered some limitations of Ribbit, the main one being that we could only call UK and US numbers (a fair restriction given that we aren’t paying a Ribbit bill [yet]). So I needed something that would let us call India, France, The Netherlands and various other places that we do business. After digging around some forums, and shopping on quality rather than price [6] I settled on VoiceHost. Adding another provider also gave me a few features that I couldn’t get from Ribbit:
- Central London 020 7… numbers (OK I admit that I’m still a bit snobby about 020 3… numbers)
- Call groups
- Transfer between extensions
- Fax to email
- Conference calls [7]
I hope that one day there will be a Ribbit SME or Ribbit Office solution that gives me the best of both worlds from one provider (and then I just need to cross my fingers that the numbers will be portable).
Mistake #2 – BT business broadband
I really wanted a fibre connection for the new office, but that was going to cost lots and take ages. I’ve already written about this, but the short version is… I was fooled into thinking that we could get ADSL2, which would have been just about good enough, but in the City you can only get bad old ADSL, with atrocious contention. ADSL in the City isn’t enough to run more than about 1 VOIP call, which isn’t really good enough in an office with 10 desks and 2 meeting rooms. This was eventually resolved by getting an EFM connection.
Steady state
People are used to phones just working, and we’re now at a state where they pretty much do. I can’t say that I’m happy with the cost – when you add up the EFM and the monthly VOIP bill it’s a fair bit more than I’d guess we’d be paying if I’d gone down the traditional POTS/ISDN/PABX route. US centric stories online tell of all you can eat SIP trunk tariffs and cheap good quality broadband, which are things that are hard to come by in the UK – don’t get me started about BT and regulatory capture.
Compensations
I now have a ‘work’ line in my home office that integrates seamlessly into both Ribbit and Voicehost, and after some recent tweaks by the Ribbit guys it’s been rock solid reliable. I’m not the only one – 5 of my colleagues have the same capability. It goes beyond the home office too – a colleague has spent much of August on ‘staycation’ in a cottage that has lousy cell signal but good enough broadband. He’s been able to have an ‘office’ extension there for when he needs it – without crazy costs or engineering bother.
Next…
Computer Telephony Integration (CTI)
I can make my phone dial by logging into its web interface and pasting a number into a form, but I want to be able to just click on numbers in my CRM and contact management systems and have them dial. CTI is a basic capability of this type of setup, but the integration to make it work isn’t easy enough (yet).
Location based dynamic routing
I tend not to fiddle much with the routing of my numbers to my devices, and I expect that this annoys my work colleagues when my phone rings when I’m not there (I had to buy a new phone for the home office with a second line and a distinct ringer to reduce similar annoyance to my wife). This is a solvable problem in principle, as my smartphone knows where I am, and so I should be able to run an app on it that updates my telephone routing in the cloud.
Conclusion
Going VOIP for the office has cost more than expected and has yet to deliver the full breadth of functionality that could be expected of it. For the extra money we have got extra functionality (and a reliable data network) and the promise of more jam tomorrow.
[1] It also has a concept of ‘purpose numbers’, though these aren’t implemented fully in the UK yet, which could be regular geographic telephone numbers.
[2] A magic that’s missing from some PAYG tariffs
[3] Though annoyingly they still haven’t implemented my feature request to set ‘reply to’ headers so that you can send an email back to a voicemail transcription without messing around with the To: field.
[4] Though it does have lots of features like a softphone and the ability to listen to messages and read transcriptions
[5] Or their native Cisco Unified Communications Manager (CallManager)
[6] Shopping on price would have probably taken me to Localphone, and one day I might find the time to set up something that does least cost routing etc.
[7] That people dial into rather than the sort where you dial out to multiple extensions (which Ribbit can do)
Filed under: technology | 6 Comments
Tags: 7940, Cisco, CTI, POTS, ribbit, sip, Snom, Voicehost, voip
Chris Swan's Weblog 