In my opinion attempting to degenerate people who are discussing technical issues by using terms such as ("paranoid about security", "handful of complainers that are going to gripe", "dwell on the negative", "a few vocal complainers") is uncalled for.
Genuine skepticism is very good thing and often leads to better ideas and products. From the preceding link
Quote"Pseudo-skeptics often are typically disbelievers - i.e. they are firmly entrenched in believing "no" about certain things. Although they may "claim" that they are open to new information, they typically react with strongly unfriendly if not hostile criticisms when their beliefs and assumptions are challenged by new ideas and evidence."
Now back to technical issues!
First with regard to the notion that security conscious folks are paranoid, the old cliche comes to mind. Just because your paranoid doesn't mean there not out to get you. There are in fact many examples out there of people incurring costs as a result of voip hacking. Googling the terms "voip hack phone bill" yields over 1,450,000 links many many of which discuss real life instances where damage has been done.
I know for a fact, from my system logs, that my own home systems have been scanned by hackers looking for voip vulnerabilities. The following links also appear to deal with voip security concerns:
http://michigantelephone.wordpress.com/2011/04/30/do-you-use-webmin-to-configure-iptables-and-also-run-fail2ban-dont-forget-to-do-this/http://michigantelephone.wordpress.com/tag/security/http://michigantelephone.wordpress.com/2010/11/16/link-interesting-security-technique-for-asterisk-and-freepbx-users-may-work-with-other-sip-based-pbxs-also/Most savvy people in addition to placing their PBX servers behind router firewalls use iptables (firewall) running on their servers and fail2ban to detect attacks and other techniques to enhance their security. I think the ratio of those savvy folks who are concerned enough about security to protect their PBX systems against attack to those who do not, would be more on the order of >90% who do to <10% who do not.
Regarding the issue of usability vs security I certainly would agree that most people would choose to have good usability. Security, problem detection/correction and functionality are all key to maintaining good usability and need not be mutually exclusive.
When questioned regarding how to control if and when updates occur the following statement was made:
Quote from: ShermanObi on May 11, 2012, 11:59:18 AM
To answer questions from RonR and VaHam...
The following parameter settings will disable OBiTALK services.
System Management -> Auto Provisioning -> OBiTALK Provisioning -> Method : Disabled
Voice Services -> OBiTALK Service -> Enable : (unchecked)
Auto Firmware Update & ITSP Provisioning are parameters used primarily by ITSPs (and managed services VARs). OBiTALK does not use either of these parameters. Some individuals & organizations may use the Auto Firmware Update as described in this FAQ: Click Here
This statement is of coarse true and if one is not using the ObiTALK service then presumably (and as Mango's tests have confirmed) the Obi device does not attempt to connect the mothership (ObiHai's server). If the device is not connecting then it's current ip address is not being reported to the ObiHai server and thus an update push cannot occur because OBiHai would not know what ip to send the push to.
Now think about Ron's test which have been confirmed by others that a **5nnnn does not in and of itself changed the ObiTALK Provisioning or ObiTALK Voice Services enable bits on and yet the ObiHai device gets provisioned.
Provisioning is a broad definition which in this case includes the ability to perform firmware update. ObiTALK provisioning is a separate function from use of the ObiTALK service. It appears to be that under normal circumstances the ObiTALK provisioning control bit is honored by ObiHai and when a new update is available that fact is displayed on the ObiTALK control webpage. The user can then at their discretion click and begin a firmware update. That decision however of whether to honor the control bits or not has to be taking place on the ObiHai servers and not in the devices firmware. IMHO that decision should take place in the devices firmware and if auto provisioning is dis-allowed then no firmware update should be possible by anybody. Apparently, although the ObiTALK auto provisioning and ObiTALK service are two separate functions, ObiHai has chosen to not allow the use of the OBITALK service without having the ability to auto provision so even if the ObiTALK provisioning bit is disabled under some circumstances such as last week they can push an update (provided of coarse they can find the ip address of the Obi to push the update to) at least that is what I deduce from Sherman's comments. I would be interested to hear if any folks who had the ObiTALK auto provisioning disabled but the ObiTALK service enabled received a push last week or not.
These decisions on how to act on control bit settings could easily be taken care of in the device itself instead of at the server. Thus no usability or functionality would be changed, but control of whether automatic updates take place or not, would be firmly in the hands of the customer where they can make their own choices.
I would have no problem with the ObiTALK auto provisioning and ObiTALK service control bits being enabled by default (as delivered), as a direct function of a **5nnnn or even with a firmware reset; provided the decision took place in the device itself, thus making certain that there are no ways for the devices to be modified without the users control ("back doors") if you will. Upon a power up I would expect them to be unchanged.
As MichiganTelephone eluded to in his statement " if Obihai could guarantee that an update couldn't "brick" a device (because the power just happened to get disconnected in the middle of an update), I'd have no problem with them sending every firmware update automatically". Which is an excellent reason why automatic (server push) firmware updates should not take place; since ObiHai has no practical way of knowing the current circumstances at the Obi device's location. If your in the middle of a big thunder storm performing a firmware upgrade would not be a wise thing to attempt, if you wish to avoid bricking your device. Now if I got my Obi's for free, or ObiHai agreed to replace any devices which became bricked during a server push firmware update I would not be concerned about that aspect of server push updates.
If the user, say has a UPS in place and is comfortable with accepting the risks associated with receiving automatic updates then they could also choose to turn on ObiTALK provisioning, which should be honored by ObiHai, and the push would take place without them being aware of it. I think that should be up to the user to decide absoultely.
The question was raised about promptly dealing with wide spread problems. One method would be to blast a phone message to ObiTALK service users to inform them that an update was available. The ObiTALK service has to be working in order for ObiHai to push out an update why not use it to inform the users, at least those using the ObiTALK service.
I would suggest a better method of dealing with that situation would be to send an email to all customers informing them of the problem and notifying them that an update is available. This method would help all and not just those customers using the ObiTALK service of the problem/solution. The update could then be performed by the user when practical for them (like when the thunder storm has passed) either thru the webpage or by dialing **X to trigger an update.
A combination of the voice blast and email would be even better since it would cover those who had immediate access to either the Obi's phone line or email if they for instance are mobile at the time and receive their email via cell phone etc.
Even the evil Microsoft allows users to choose their own settings for automatic updates. The user can opt not to receive them at all, receive them but not install them automatically or receive them and install them automatically. But it is the customers choice!!!!!
There are many ways to skin a cat and if you can accommodate all, fairly easily, without sacrifice to others then I would suggest that is the best scenario.