Giacomo Vacca

"I’ve been following  TADHack  and its related events for some time, and finally this month I got the opportunity to attend  TADHack-mini Paris . Participants can join from remote too, but the personal full immersion is something different (even, ironically, when the topic is Real Time Communications, and more in particular  WebRTC  and Telecom APIs. We met in central Paris [...] " This is the beginning of the behind-the-scenes story about my TADHack participation. You can read  my full article here .

I was very happy to see the news of the release of a new Kamailio module, authored by Victor Sveva . CFGT can be used to test call scenarios and see what routing logic was triggered in Kamailio. Test calls need to be marked with a specific, configurable Call-ID pattern ('callid_prefix'). A JSON report is generated, with the possibility to choose what variables to dump into it. This is going to greatly simplify testing, while potentially keep the logging to a minimum. Highly recommended.

This is a topic I really care about. Please take a look at the slides (they are quite verbose) used in a seminar at a local developers group: Docker and Puppet for Continuous Integration from Giacomo Vacca

There are scenarios where TLS 1.2 is not just enabled, but the only one accepted. In these cases many clients fail to connect over HTTPS. I needed to be able to use 'git clone https://...' on CentOS 7, and since it was failing and I spent some time on a work around, I'm sharing it here. The system is a CentOS 7 host on DigitalOcean, with kernel Linux 3.10.0-123.8.1.el7.x86_64 git is 1.8.3 , the stock version nss is 3.19.1-5.el7_1 If I do something like curl  --tlsv1.2  https://freeswitch.org the connection is successful, but a command like GIT_CURL_VERBOSE=1 git clone  https://freeswitch.org/stash/ scm/fs/freeswitch.git was giving a connection error with this code: NSS error -12190 (SSL_ERROR_PROTOCOL_VERSION_ ALERT) (freeswitch.org only accepts TLSv1.2). Long story short, I read somewhere that git 2.6 had support for configuring TLSv1.2, and I downloaded the source code of git 2.6.0 from  https://www.kernel.org/ pub/software/...

The other day I was browsing the slides of "Continuous Deployment with Jenkins" , from PuppetLabs . One sentence in particular I found relevant for what I was doing, and important in general: Puppet manifests are code too. To be honest, I don't think I need to sale this very hard, so I'll proceed to a practical consequence: unit testing for puppet modules . Unsurprisingly, there's a app tool for that: rspec-puppet . At least this is what I've been using for some time and find very useful and easy to use. I've even created some Jenkins jobs just to unit test Puppet modules. You can find a tutorial for rspec-puppet here . Feel free to leave this article, read the tutorial, experiment a little and come back later. What I wanted to share is some tricks/settings that I had to use, which I haven't found in one single place so far. As you can see in the tutorial, rspec-puppet generates a dir skeleton for you (with the command 'rspec-puppet in...

Problem: "I want to get the git tag of the current project, but only if it's associated to the latest commit. If not, I want to know what's the current commit hash." In order to achieve this I was using something like: This works but a drawback is that I either see the tag or the latest commit. So a coworker pointed me to this: git describe --tags --always which I didn't know and it's just great. It returns a string with this format: TAG-N-gSHA where: TAG is the most recent tag. N is the number of commits from the TAG. 'g' is just a formatting convention. SHA is the latest commit (HEAD). If the latest commit is also pointed by the tag, then it just returns TAG. 'git describe' is explained here .

On a previous post I shared my experiments with node.js as a WebSocket server. This is quite useful for people working on WebRTC prototypes and familiar with node.js. Some of the readers may have noticed that I was using plain WebSockets ('ws://' URLs). It's recommended to use Secure WebSockets instead ('wss://' URLs), so I thought of playing with the 'ws' node.js module and "add TLS". On github there's an example in this direction (see below), but I must admit I didn't understand some implications at first. I thought the instantiation of an HTTPS server was just coincidental and meant to provide the web pages and scripts in the example, and that the configuration of 'ws' with 'ssl: true' and certificates was independent. It turns out it's not. The best description of my understanding is that you need an HTTPS server to "decorate" the WebSocket module. The HTTPS server will take care of connectio...

In "FOSDEM 2015 - part I" I made an overview of this Conference and a few comments on the talk "Python, WebRTC and you", where the a peer-to-peer WebRTC service was also described. Fast forward to a Lightning talks on Day 1, afternoon: Emil Ivov about Jitsi VideoBridge . In this case we’re considering video-conference scenarios, possibly with many participants, and the ability to add some presentation features, like highlighting the current speaker. The architecture behind Jitsi VideoBridge aims to avoid a centralized mixer ( MCU ), but at the same time prevent the complexities of a Full Mesh approach. Enter the SFU (Selective Forwarding Unit) concept: the server component is “simply” a router of media streams among conference participants. A IETF Draft describes the behaviour expected for an SFU. Each participant receives one stream per each other user: it’s then up to the receiving client to take care of stream presentation. The...

I t's that time of the year when experts of Open Source software meet in frosty Brussels for two intense days of talks, conversations, and a good quantity of beer: FOSDEM . Being just 2 hours away from London with the Eurostar, the relevance/effort ratio is very high. Additionally, the event is free and held over the weekend, so it has a low impact on the normal job activity (although on the other hand it does have some on your family time, but you can't have everything, unless your kids are big enough to join you, which I'd recommend). Right after settling down in a lovely flat (AirBnB is a great choice) with three friends I started planning the sessions to follow. There are about twenty parallel sessions, so you must cherry pick. For day 1 I was oriented towards Configuration Management and Lightning Talks tracks. Day 2 had Virtualisation and Testing And Automation in my radar. As it turns out, FOSDEM is such a success that the rooms are filled incredibly fast a...

Docker is an incredibly useful tool to build prototypes of Linux hosts and applications. You can easily build a network of servers inside a single virtual machine, with each server represented by a docker container. Clients can access the services on the same IP address, but different ports. In this post I'd like to talk about a common prototype case in WebRTC  platforms: a WebSocket server. This will be a node.js server and will run inside a Docker container (hosted by an Ubuntu Trusty VM). The server logic can be as complex as you can imagine, but since it's not the point of this post I'll keep it as simple as the server example in the node.js websocket module : The WebSocket server will listen on port 8080, accept incoming connections, send back "something" upon client connection, and log the content of the messages from the clients. We can assume all the files in this article are in the same folder, and we're cd into it. The server logic is...

I recently had a scenario where I needed to connect servers belonging to: - Digitalocean , on data center X - Digitalocean, on data center Y - A private data center and each architecture needed to be replicated on a number of "logical" environments (e.g. 'development', 'testing', 'production'). They needed to "see" each other, in a secure way. Note that virtual machines on Digitalocean (they call them 'droplets') can belong to different data centers. When the droplets use the optional private interface there are two things to consider: 1. Traffic inside the same data center is potentially visible to any equipment on the same data center. In other words, the fact that two droplets belong to the same customer account doesn't mean that their private traffic is isolated from any other traffic belonging to droplets on other accounts. You are responsible to secure that traffic. 2. Droplets on different data centers cannot ...