Speak Freely for Unix: sfspeaker
by John Walker
sfspeaker - Speak Freely sound receiver utility
sfspeaker [ -dgnq ] [ -areply_file ] [ -b``busy_command''
] [ -baAESKey ] [ -bfBlowfishKey ] [ -bxAESHexKey ] [
-e``connect_command'' ] [ -f``rate_factor'' ] [ -fa ]
[ -iIDEAkey ] [ -jdelay,idle ] [ -kDESkey ] [
-mmulti_group ] [ -nat[hostname[:port]] ] [
-no[lpc|lpc10[rn]|celp|f[c]|t] ] [ -okeyfile ] [
-pport ] [ -r[+]recfile ] [ -slevel[,timeout] ] [
-vtimeout ] [ -wport ] [ -youtdev[:ctldev] ] [
Speak Freely allows users of a variety of Unix and Unix-
like machines equipped with audio hardware connected by a
network to converse, using the audio input and output fa-
cilities of the system to digitise and later reconstruct
the sound and the network to relay sound packets. Option-
al compression is provided, allowing conversations over
relatively low-bandwidth Internet links as well as local
area networks. Speak Freely consists of two programs,
sfmike and sfspeaker. The sfspeaker program must be run-
ning on a machine to allow it to receive sound sent with
the sfmike program. You can execute sfspeaker in the
background; it only uses the audio hardware when sound is
actually being received.
If requested by setting various environment variables, sf-
speaker can publish your identity and Internet address on
a Look Who's Listening server. This enables other users,
by querying the server, to determine if you're on line.
If you have a dial-up Internet connection that assigns you
a different host name and Internet address each time you
connect, Look Who's Listening permits others to find the
address of your current connection, whatever it may be.
To facilitate use of Speak Freely behind a NAT/MASQ
router, sfspeaker can share sockets with sfmike. This be-
haviour is enabled with the -nat option described below.
Note that both parties to such a conversation must enable
socket-sharing. Using the -nat option also enables the -g,
-no, and -s options for controlling gain, compression
type, and squelch respectively.
You can supply an image of your face (or anything else you
like) as a 256 colour Microsoft bitmap (.bmp) file which
will be sent to hosts you connect to. If you have the xv
image display utility installed on your system, you'll be
able to see the face images published by users who connect
When a new host connects, sfspeaker will write
an executable shell script into the given re-
ply_file containing a command that invokes
sfmike to reply to the host. By default, the
command is ``sfmike -t $* hostname'', where
hostname is the Internet host name or IP address
of the connecting host. The user can reply to
the host simply by executing the reply_file.
You can create a custom reply command by speci-
fying it after the reply_file, separated by a
space (be sure to enclose the argument to the -a
option in quotes when doing this). The ``$*''
specification allows you to supply additional
options to sfmike by including them on the re-
ply_file command line. another host, sfspeaker
will execute the specified busy_command to noti-
fy the host that the connection was rejected.
The busy_command should be enclosed in quotes,
and must contain the printf format phrase ``%s''
at the position the IP address of the host orig-
inating the rejected connection is to be inter-
polated. If no busy_command is supplied, a de-
-b"sleep 10; sfmike %s busy.au"
is used. The ten second delay is intended to
allow users with half-duplex audio hardware to
receive the busy signal transmission after send-
ing an initial greeting and switching back to
receive mode awaiting a reply. Because the -bf
option is used to specify a key for Blowfish or
AES encryption (see below), if the first charac-
ter of your busy command is one of the letters
``a'', ``f'', or ``x'' simply quote it and pre-
cede it with a space.
-bakey The specified key is used to decrypt sound re-
ceived using the FIPS-197 Advanced Encryption
Standard (AES) algorithm. The key is a text
string which is hashed to generate a 128 bit
key. You can specify a 256 bit key by supplying
two key phrases after the -ba option, separated
by a plus sign (``+'').
-bfkey The specified key is used to decrypt sound re-
ceived using the Blowfish algorithm.
-bxhexkey The specified hexkey is used to decrypt sound
received using the FIPS-197 Advanced Encryption
Standard (AES) algorithm. The key is between
one and 64 hexadecimal digits which specify a
128, 192, or 256 bit key depending on how many
digits are given. No hashing of the key is
done. If fewer digits are given than the key
size, the specified digits are left justified
and the balance of the key filled with zeroes.
-d Enables debug output from sfspeaker whether re-
quested by the remote copy of sfmike or not.
When a new hosts connects, the designated con-
nect_command will be executed, with the string
``%s'' replaced by the fully qualified host name
of the connecting site. This can be used to au-
to-reply to hosts which connect.
The specified rate_factor will be used to adjust
the rate at which sfspeaker plays audio it re-
ceives. By default, audio is played at 8000
samples per second. The rate_factor, specifies,
as a percentage, how much faster (if positive)
or slower (if negative) the audio should be
played. The factor may contain a decimal frac-
tion. For example, a specification of -f1.5
will cause audio to be played 1.5% faster than
normal. The -f option allows you to compensate
when a site is continuously transmitting audio
at a rate faster than your machine plays it,
which is usually the result of slight differ-
ences in clock rates on the two machines. You
should rarely need to adjust the speed more than
a few percent. In most cases the -fa option de-
scribed below, which automatically adjusts the
output rate to match that of the transmitting
site, is preferable. You can use an explicit -f
option along with -fa; in that case the automat-
ically determined rate will be adjusted by the
-fa The rate at which sfspeaker plays audio will be
automatically adjusted to approximate that at
which audio is received from transmitting sites.
This avoids long delays due to differences in
audio rates when connected to a site which
transmits continuously (either broadcasting or
sending in full-duplex mode). You can further
adjust the output rate by specifying a second -f
option with a rate_factor as described above.
-g Automatic gain control. See sfmike(1).
-ikey The specified key is used to decrypt sound re-
ceived using the International Data Encryption
Jitter compensation is enabled. This delays
playing sound by delay milliseconds to reduce
gaps due to irregular packet arrival times. The
jitter delay is reset when no sound is received
for idle milliseconds. If no idle time is giv-
en, twice the delay is assumed. If neither de-
lay nor idle are specified, a one second delay
and two second idle time are used. The mininum
delay and idle times are 250 milliseconds.
Note: jitter compensation requires an audio out-
put driver capable of buffering as many samples
as arrive during the specified delay. If the
audio driver on your machine cannot perform this
buffering, the -j option may yield unintelligi-
-kkey The specified key is used to decrypt sound re-
ceived using a slightly modified version of the
Data Encryption Standard algorithm (the initial
and final permutations, which do not contribute
to the security of the algorithm and exist pure-
ly to deter software implementations of DES are
In addition to messages directed specifically to
the host on which it is running, sfspeaker will
listen for messages sent to the IP multicast
group multi_group, which can be specified either
as a symbolic group name or as a numeric IP ad-
dress. Any number of multicast groups can be
monitored simultaneously, up to the system maxi-
mum (usually 20). If the system on which sfs-
peaker is running does not support multicast,
this option will not be available.
-n Disables remote ring requests. Sun users who
have connected the audio output jack to a higher
quality speaker may wish to set this to prevent
remote users from diverting audio back to the
Enables socket-sharing for NAT/MASQ connections.
The peer who is not behind a NAT/MASQ router
starts sfspeaker first, specifying only -nat,
and the peer behind the NAT/MASQ router connects
by specifying -nathostname[:port] in conjunction
with any options concerning compression, gain
and squelch. Note that when using this option,
there is no need to start sfmike since sfspeaker
will start it automatically.
Compression type. Used in conjunction with the
-nat option. If -nat is specified and -no is
not, compression type will be the same as the
peer's. If -nathostname is used, and -no is
not, compression type will default to whatever
sfmike defaults to. See sfmike(1).
The contents of the specified filename are used
as a ``key file'' to decrypt sound data re-
-pport Causes sfspeaker to listen on the specified port
number instead of the default port specified by
``INTERNET_PORT'' in the Makefile.
-q Quiet--disables debug output from sfspeaker un-
Record all audio received in the named filename
in Sun audio file format. This provides a crude
``answering machine'' facility. If you're going
to be away from your machine, run sfspeaker with
this option so any sound you miss will be
recorded in your absence. When you return, play
the sound file to hear messages from people who
tried to get in touch while you were away. If
filename already exists and a plus sign precedes
the name, sound is appended to the file rather
than overwriting previously saved sound.
Squelch. Used in conjunction with -nat, see
-u Prints how-to-call information.
-vtimeout When sfspeaker receives a packet from a host it
hasn't heard from in timeout seconds, it will
attempt to find the host name and print a mes-
sage on standard error noting the new connec-
tion. If the host name can't be found, the nu-
meric IP address is given. After timeout sec-
onds of inactivity a message is issued indicat-
ing the host is idle. If no timeout is speci-
fied, 180 seconds is used.
-wport sfspeaker publishes the identity of the machine
it is running on and the given port (2074 if
none is given), on Look Who's Listening servers
as specified by the SPEAKFREE_LWL_xxx environ-
ment variables, but does not open network input
or listen for packets. This option is used by
the Voice on Demand server, sfvod, to identify
itself to Look Who's Listening servers.
This option allows you to override the defaults
for the name of the audio output device file
(for example /dev/audio) and, optionally, the
audio control device file, specified after the
output device, separated by a colon. If the
first character of either the output or control
device specification is a sharp sign, ``#'', the
balance is taken as an integer giving the number
of an already-open file descriptor in a parent
process which is launching sfspeaker. This fa-
cility (or, if you like, gimmick) allows pro-
grams such as sflaunch to evade the restriction
in some audio drivers which support full-duplex
but don't permit two programs to simultaneously
open the audio device files. This option is not
available on Silicon Graphics or other platforms
which do not use device files for audio I/O.
When a pgp/gpg-encrypted session key is re-
ceived, pgp or gpg is invoked to decrypt it.
Decryption requires your RSA private key, for
which the pass phrase must be provided. By de-
fault, you are prompted for the pass phrase each
time a session is initiated. You can override
this by specifying the pass phrase using the
PGPPASS environment variable or by using the -z
option on speaker to supply the pass phrase.
The given pass phrase is then passed to the en-
cryption package when it is invoked. If the
pass phrase consists of more than one word, be
sure to enclose it in quotes. If no pass phrase
is given, sfspeaker prompts you for the pass
phrase when it is first invoked. If you're wor-
ried about your pass phrase being compromised
through specification as an environment variable
or command line argument, this allows you to en-
ter the pass phrase only once per execution of
sfspeaker. Be aware, however, that sfspeaker
continues to pass the phrase via a command line
argument when it is invoked to decode the ses-
LOOK WHO'S LISTENING
Speak Freely's Look Who's Listening mechanism allows you
to publish information in an electronic telephone directo-
ry at a cooperating Internet site. Whenever you're con-
nected to the Internet and running sfspeaker, other users
anywhere on the Internet can, by querying that site, find
out you're on line and where to contact you. If you have
a dial-up connection to the Internet which assigns you a
different host name and Internet (IP) address each time
you connect, Look Who's Listening allows people to find
you at the address you're currently connected to.
To publish your information with a Look Who's Listening
server, set the following environment variables before
running sfspeaker. As long as you don't set the SPEAK-
FREE_LWL_TELL variable, no other site will be notified of
your use of Speak Freely and remote users will have no way
to determine whether you're running sfspeaker or not. If
privacy and discretion are important to you, think care-
fully before publishing your information and if you decide
to proceed, what information you supply. Anything you
send to a Look Who's Listening site is potentially avail-
able to any user on the Internet. Remember that Speak
Freely won't disclose anything you don't explicitly re-
quest be published.
To enable publication, set the environment variable SPEAK-
FREE_LWL_TELL to the name of the Look Who's Listening host
where you wish to publish your address. A public Look
Who's Listening host is currently available at the site
lwl.fourmilab.ch. Anybody can create a host simply by in-
stalling the sflwld program supplied with Speak Freely;
this allows private networks to maintain directories that
aren't accessible to users from the Internet at large, or
interest groups to create ``meeting rooms'' for those in-
terested in specific topics. If the site uses a port num-
ber other than the standard of 2076, you can specify the
port number after the host name, separated by a comma.
Setting SPEAKFREE_LWL_TELL to a valid Look Who's Listening
host publishes default information about you and your site
determined from your password file entry. You can publish
your entry on multiple hosts by listing them on the SPEAK-
FREE_LWL_TELL variable, separated by commas. You can sup-
ply more complete and accurate information by setting the
environment variable SPEAKFREE_ID to a string of the form:
full name: E-mail address: phone number: location
With most shells you'll have to enclose this specification
in quotes. Think about the consequences of making your
telephone number and geographical location potentially
available to any user on the Internet before you include
them on a SPEAKFREE_ID statement. Your E-mail address is
the primary means by which others contact you; this should
be the address you usually give to individuals who wish to
contact you or include, for example, on your business
card. It needn't have anything to do with the host and
network on which you're running sfspeaker. For example,
if you usually give out your E-mail address at work, you
might specify email@example.com even though you connect
to the Internet at home as firstname.lastname@example.org.
Normally, the server will reply to a query with all active
sites which contain the query string in either the E-mail
address or full name fields. If you precede the E-mail
address with an asterisk, only queries which exactly match
the E-mail address will return your contact information.
This allows dial-up users to allow those knowing their E-
mail address to contact them without informing any Inter-
net user who's curious that they're on line. The securi-
ty-conscious should note that this protection is provided
by the Look Who's Listening server, and assumes the site
you contact is running an unmodified version of the sflwld
program which is operating as intended.
Look Who's Listening uses the Internet Real-Time Protocol
(RTP) to communicate with the host running the server.
This protocol uses a ``canonical name'' to identify a user
and machine so that remote users can usually contact the
individual with Unix tools such as finger and talk. sfs-
peaker creates a canonical name automatically from your
user ID and domain name. If no domain name is available,
the user ID and Internet (IP) address are used to create a
unique name. If for some reason this process yields an
unusable canonical name, you can override it by setting
the SPEAKFREE_CNAME variable to the canonical name you
SHOW YOUR FACE
If you'd like remote users to see an image of your face
(or any other image you like, for that matter), set the
environment variable SPEAKFREE_FACE to point to the image
file. The image file must be in Microsoft Device Indepen-
dent Bitmap (.bmp) format, in 256 colour mode, and should
not be larger than 128x128 pixels. The xv utility, avail-
able by anonymous FTP from ftp.cis.upenn.edu and many oth-
er public FTP archives can be used to convert images into
this format. If xv is installed on your system, face im-
ages for remote users will appear on the right side of
your screen shortly after they connect. The SPEAK-
FREE_FACE variable must be defined when both sfmike and
sfspeaker are run.
On Sun workstations audio is written to the /dev/audio de-
vice file. sfspeaker acquires the audio device upon re-
ceiving sound, but automatically releases /dev/audio for
output after 20 seconds elapse without any sound having
been received. On Silicon Graphics machines the digital
media development toolkit is used to access the audio
If sound from multiple sources arrives simultaneously at
one machine, sfspeaker interleaves the audio packet-by-
packet. This usually results in unintelligible gibberish,
although it's normally adequate to allow ``butting into''
a conversation. It might be possible to have sfspeaker
mix the sound into one output stream, but I haven't exper-
imented with this approach. If your conversations are
frequently interrupted by other calls, you might try the
-b option, which sends a busy signal when a call arrives
while you're already occupied with another.
In order to deliver acceptable (or at least tolerable)
performance across international links, sfmike and sfs-
peaker use ``Internet datagram'' socket protocol which is
essentially a ``fire and forget'' mechanism; neither flow
control nor acknowledgement are provided. Since sound
must be delivered at the correct time in order to be in-
telligible, in real time transmission there's little one
can do anyway if data are lost. Consequently, bogged down
lines, transmission errors, etc., simply degrade or de-
stroy the quality of the audio without providing explicit
warnings at either end that anything's amiss.
AES, Blowfish, IDEA, DES, and key file options encrypt ev-
ery sound packet with the same key--no key chaining is
performed. (AES, Blowfish, DES and IDEA encryption do,
however, use cipher block chaining within each packet.)
Chaining from packet to packet would increase security but
then loss of any packet would make it impossible to de-
crypt all that followed.
Certain governments attempt to restrict the availability,
use, and exportation of software with cryptographic capa-
bilities. Speak Freely was developed in Switzerland,
which has no such restrictions. The AES, DES, MD5, Blow-
fish, and IDEA packages it uses were obtained from an In-
ternet site in another European country which has no re-
strictions on cryptographic software. If you import this
software into a country with restrictions on cryptographic
software, be sure to comply with whatever restrictions ap-
ply. The responsibility to obey the law in your jurisdic-
tion is entirely your own.
By default, sfspeaker listens to Internet port number
2074. It is conceivable, albeit unlikely, that this might
conflict with some other locally-developed network server.
You can specify a different port number with the -p to op-
tion, but your sfspeaker won't receive audio from others
that use the standard port number. When communicating
with other applications using VAT or RTP protocol, you
must specify the port on which the other application is
sending. RFC 1890 recommends port 5004 as the default
port for RTP applications. Many VAT protocol applications
default to port 3456.
No verification that the SPEAKFREE_FACE image is actually
a 256 colour Microsoft .bmp file is performed. You can,
in fact, send an image in any format xv is able to dis-
play, as long as you're communicating with another Unix
user. But if you supply a non-.bmp file, Speak Freely for
Windows won't be able to display the image.
The Silicon Graphics audio drivers are based on the stand-
alone SGI version developed by Paul Schurman of Espoo,
Finland. Without his generous contribution, Speak Freely
would have probably remained forever confined in an orbit
around the Sun.
Andrey A. Chernov contributed code that enables Speak
Freely to build and run on FreeBSD.
Hans Werner Strube contributed code to allow the program
to build under Solaris 2.4 without any source changes or
need for compatibility modes.
The GSM compression and decompression code was developed
by Jutta Degener and Carsten Bormann of the Communications
and Operating Systems Research Group, Technische Univer-
sitaet Berlin: Fax: +49.30.31425156, Phone:
+49.30.31424315. They note that THERE IS ABSOLUTELY NO
WARRANTY FOR THIS SOFTWARE. Please see the readme and
copyright files in the gsm directory for further details.
The ADPCM compression and decompression code was developed
by Jack Jansen of the Centre for Mathematics and Computer
Science, Amsterdam, The Netherlands. Please see the
readme and copyright files in the adpcm directory for fur-
The Federal Standard 1016 -celp code-excited linear pre-
diction algorithm and software were developed by Joseph P.
Campbell Jr., Vanoy C. Welch and Thomas E. Tremain of the
U.S. Department of Defense. Craig F. Reese of the IDA/Su-
percomputing Research Center adapted the original imple-
mentation for use on general-purpose computers.
The linear predictive coding compression algorithm was de-
veloped by Ron Frederick of Xerox PARC.
The DES encryption code was developed by Phil Karn, KA9Q.
Please see the readme file in the des directory for fur-
The public domain implementation of U.S. Federal Standard
1015 -lpc10 compression algorithm was developed by the
United States Department of Defense, National Security
Agency (NSA). Please see the README and FAQ files in the
lpc10 directory for additional details.
The public domain implementation of the Advanced Encryp-
tion System (AES) was developed by Brian Gladman. For de-
tails, please visit his Web page:
and see the README file in the aes directory.
The Blowfish encryption module and the DES encryption li-
brary used for encrypting and decrypting VAT and RTP pro-
tocol packets were developed by Eric Young. Please see
the README and COPYRIGHT files in the blowfish and libdes
directory for further details. The Blowfish algorithm was
developed by Bruce Schneier and is in the public domain.
The IDEA algorithm was developed by Xuejia Lai and James
L. Massey, of ETH Zurich. The implementation used in
Speak Freely was modified and derived from original C code
developed by Xuejia Lai and optimised for speed by Colin
Plumb The IDEA[tm] block cipher is patented by Ascom-Tech
AG. The Swiss patent number is PCT/CH91/00117, the Euro-
pean patent number is EP 0 482 154 B1, and the U.S. patent
number is US005214703. IDEA[tm] is a trademark of Ascom-
Tech AG. There is no license fee required for noncommer-
cial use. Commercial users may obtain licensing details
from MediaCrypt AG at IDEA@mediacrypt.com. You can use
IDEA encryption for noncommercial communications without a
license from MediaCrypt AG; commercial use is prohibited
without a license. If you don't want to obtain a license
from Ascom-Tech, use AES, Blowfish, DES, or key file en-
The implementation of MD5 message-digest algorithm is
based on a public domain version written by Colin Plumb in
1993. The algorithm is due to Ron Rivest. The algorithm
is described in Internet RFC 1321.
The -e option support code and fixes for Linux sound
drivers which do not support mu-law encoding were con-
tributed by Jean-Marc Orliaguet.
audio(4), audiopanel(1), audiotool(1), finger(1), gpg(1),
pgp(1), printf(3), sflaunch(1), sflwld(1), sfmike(1),
sfvod(1), soundeditor(1), soundfiler(1), talk(1), xv(1)
by John Walker
March 18, 2003