IDK, but I’ve seen some very successful forks of other projects with large code bases - SuiteCRM (forked from SugarCRM and most of the add-on developers followed); Libre Office (forked from Open Office); OpnSense (forked from PFSense). As for commercial modules, a forked version of FreePBX maintained by the community with a commercial module marketplace (much like SuiteCRM or even Wordpress) would very likely lead to better functionality and better pricing - certainly not the arcane and ever-changing licensing system put in place by Sangoma. And support can’t get any worse than Sangoma support. The best example though is SuiteCRM, which now has a similar number of users and both open-source and commercial developers than its parent, SugarCRM. And the user-base is growing much faster than SugarCRM’s.
You’re timing here sucks, not your fault, just a timing issue. The situation wasn’t always like it is now. The last two years or so have been different than the larger history with this project IMHO.
Been using/supporting FreePBX since version 12 (I think) and overall it was a great experience. During that time Sangoma came in a bought up all of the vendors we used one by one and in general it was never an improvement, again IMHO.
Used to love Digium phone hardware, won’t touch it anymore. Used VoIP Innovations, not anymore. Still use commercial modules from Sangoma and in fairness the one’s we typically use work rather well and nobody minds paying for them. But now the project (FPBX) seem to be on very shakey ground. It’s the typhical pattern of any good tech company that goes public. The product suffers. I’ve never seen a programming project that was offshored for cost savings and became better. Again, just my life experience.
@penguinpbx may be a really nice person but I think being the moderator here is a very poor job match. Some people are just not cut out for certain types of jobs and when that job involves this much public exposure it’s hard to hide it. Doesn’t mean the job is bad or the person is bad but that the two just aren’t a good match.
If Sangoma is serious about keeping this project alive and prospering, they would do well to find a new position for @penguinpbx where whatever talents he does have will be better matched to the task at hand.
The V17 project… I don’t know. Given the potential security issues with 16 it really needs to be kicked up a notch and I don’t see that happening in an offshored project structure where all too often cost is put above quality. But hey, I could be wrong, it’s just MHO.
Nice people don’t make false accusations, or slander others.
I said “may be” because I don’t know @penguinpbx personally. I have seen where otherwise good stable people crumble under the stress of being placed in a position they are not well suited for and begin acting… undesirably. Stress is a terrible thing if you don’t have the ability to manage it.
Whatever the case may be with @penguinpbx as a person, it would seem to me he’s not a good match for this position as demonstrated by past behavior which is the best indicator of future behavior. That doesn’t mean he couldn’t contribute greatly in another position… Just not this one. Again just MHO.
Thanks to everyone for the support. It is good to know when you take care of the community they have your back. Happy New year all.
Very nicely said
Please fork FPBX asap. Save this great resource. I keep leaving one after another of my Sangoma services for ClearlyIP and they ask me why I’m leaving and I always say the customer support is among the worst of any company I’ve ever dealt with. If you don’t fork it, I’m fully preparing to move to FusionPBX or VitalPBX. I have seen absolutely no evidence that Sangoma is at all interested in my feedback as a customer, or my incredibly poor experience with their services and their frequently broken system.
That’s right, if you guys don’t spend 7 figures to make this fork happen then screw ClearlyIP as well…moving to FusionPBX or VitalPBX…
But honestly, what other options do we really have? As the recent FPBX DefCon vulnerabilities showcased, FPBX is simply not well cared for, and I have evidence that it is becoming dangerous to deploy in production. What other alternatives do we have to save FPBX? It would be amazing if there could be some sort of non-profit foundation formed to manage and oversee FPBX development. I know @Crosstalk has posted some excellent videos recently confirming he would also be interested in participating in a FPBX freed from its Sangoma shackles. Anyway, my PBX’s HAVE to stay secure. Until I am convinced that Sangoma is interested in taking this serious and treats their customers better, or until ClearlyIP or Chris Sherwood or a consortium of interested individuals create a place for a forked FPBX to thrive, I don’t know what else to do. I have a new client who needs a phone system deployed in a few weeks. I’m currently learning Fusion and Vital because I have no other options.
Which recent on was this and what was showcased?
Oh so over a year ago and we are all well aware of this one. I believe has been addressed (at least from the OSS side, can’t tell with commercial).
However, and I’m not trying to take digs here, we have to keep the actual timeline of things in place. The OSS side of code that was talked about here wasn’t new, it had existed in the code for years and years before this was highlighted. So one would think that if someone hadn’t highlight these flaws in years old code in 2023, you’d be chugging along thinking things were hunky dory.
Even this current kerfuffle about the modules upload process is based on logic that has existed for the better part of a decade at this point. So a working knowledge of this history of this project can help cut through some of this crap. Just because a flaw was found today doesn’t mean it was just put in, it could have existed for 8 years and in no way reflects any current plans or status of the project.
But going back to the DEF CON presentation. Yes, there were flaws that allowed bad things to happen because the code was sloppy. However, it could only be exploited if the attacker had access to the PBX or have the ability to access it via the API, etc…
True, but what strikes me as utterly unprofessional and seriously dangerous was Sangoma’s response to the the vulnerabilities becoming public. When the researcher contacts them, they respond to almost none of his communication. Sangoma had previously said that they want to work with researchers and fix bugs in 60 days, and had a bug bounty program to prove it. Apparently they never paid the guy his bounty (see https://www.youtube.com/watch?v=xGtJNwWoyHo). Instead they remove the bounty page from their wiki entirely. Does nobody else feel this is utterly childish, irresponsible, behaviour? Does anyone want to trust their customer’s PBX systems to a company that engenders so little trust? Does anyone feel like Sangoma is an upright model of honest dealing here? Does anyone feel like Sangoma is a bastion of excellent security practices? Does anyone believe there is any reason whatsoever to think Sangoma is excellent, blameless, and praiseworthy? What is clear to me is that Sangoma doesn’t care much about FPBX. I’m jumping ship before my customers are hacked. I’ll reconsider FPBX once an organization or foundation who cares about it makes a reliable and trustworthy fork.
I figure I should comment in here now that I am no longer banned. Sangoma is a public company. They react based on what shareholders say and the stock price. If you want the shareholders to know how and what you feel about regarding Sangoma I encourage everyone to go post their thoughts on this investment forums where people who own Sangoma discuss all things about Sangoma. Make the shareholders hear from the users of their software and hardware products. Anyone can signup for a free account to post.
We no longer participate in this forum, but I wanted to share a link to Ward Mundy’s post on Sangoma’s stock forum for those that still care about open source development.
This is an interesting read and lawsuit over the heavy handed treatment of community members in Wordpress. Lots of similarity here. Mullenweg's Grip On WordPress Challenged In New Court Filing
Maybe I should file a libel suit for the false statement that I threatened someone with personal harm when that never happened.
I just came to post on the forum that I have problems with version 17 and stayed here reading this thread…this is my top action movies and detectives in book style so far. I guess I’ll go look for something else.
really? I thought we made our money on time for handling, configuring and installing, I make no money on freepbx its unsalable, about time you got a clue, but your history on here shows that unlikely
You know, what I mean. Some of you dont tell your customers that this is free software, you are installing & configuring!
You all depend on Sangoma!
I bet this is how Jitsi feels…
Fun fact FreePBX has Free right there in the name
Note I would expect @penguinpbx to break off this part of the conversation in to a new thread to show consistency.
Perhaps a title like “using Free software to pay your bills” or I don’t know something more creative.