TLS for SIP and RTP has long been on my hit list. I've been traveling a lot more for work recently, so secure mobile VoIP has gone up in priority.

Step 1, create an SSL certificate.

openssl req -out certreq.pem -new -nodes -keyout key.pem

(Optional) Step 1a, sign the SSL cert with your own CA. Otherwise, get it signed by a trusted CA.

Asterisk only supports certain formats for playing back audio, which can be a pain. Seems like every time I try to load a new mp3 for my music on hold, I run into the same errors and generally have a devil of a time finding the answer.

Just the other day, Spamhaus was subject to a DDoS attack from an ISP who got upset at being blacklisted. That's par for the course, but what's interesting is that the ISP used a DNS amplification to boost their DDoS capabilities. Lately at work we've been working on shutting down our open DNS proxies. Once upon a time, on the naive Internet, they were fine. But as evidenced by this latest attack, such is not the case any longer.

Shutting down the DNS servers we knew about was easy, of course. But what about the ones we didn't know of? Well that's where a handy port scanner comes into play. There are a number of DNS scanners out there but I found them all lacking in some regard. So I whipped up my own.

Somewhere a while back I read that the difference between NAD 27 and NAD 83 was on the order of a few feet at most and thus I had ignored it. Turns out I was very misinformed. NOAA has a site where you can calculate the difference between NAD 27 and NAD 83 which I tried today and my coordinate varied by more than 50 meters. That's pretty significant. So, lesson learned.

Catalyst and Rsync don't seem to get along well. That is to say, the built-in development server doesn't notice when rsync changes source files. The upshot is Catalyst won't automatically reload the application on change, and that's just plain annoying.

The solution is to use the --inplace option to rsync. This alters how rsync propagates changes and plays nice with Catalyst.