A couple of people have pointed me to the "Skype DoS exploit code" that has been published. I had seen that, but I'm not convinced it works as simple as that. Some of the information around it doesn't make completely sense (such as using the term 'server', when they're referring to super nodes I guess, and since supernodes are just regular user machines annexed by the Skype network, they supposedly run the same software, don't they? So why doesn't it take down the client the exploit is run on?

Also I'd bet that someone has tried feeding the Skype client long URIs before; that is one of the most popular ways of seeing if some software can break. You know, Buffer Overflow [wikipedia] is probably the most common class of security issues (maybe second only to PHP programming errors or SQL injection by now, though, with so many people with too little expertise writing webapps in PHP)

Others probably are wondering why I'm writing so much "against" Skype.

There are numerous reasons:

• The whole P2P thing isn't necessary, they could use real servers
• Skype is a pain for every network admin (and thus a users nightmare, since the admin might decide to just block any traffic that could be Skype, and enforce the use of HTTP proxies etc. and thus limiting other applications as well)
• Skype uses all kinds of shady coding techniques in their client to obfuscate what their application is actually doing
• Skype is a security risk
• Skype is a memory hog (it uses 10 times as much memory as my other IM client, who does ICQ, MSN, Yahoo, Google Talk and tons of others!)
• It's a resource hog (it wakes up 200 times as second for nothing, thus preventing my CPU from using power saving states efficiently)
• It's a closed protocol and network, while there are open industry standards such as SIP [wikipedia] and H.323 [wikipedia] that can do much more than Skype
• It's UI is crap (especially Linux version 1.4 is a serious degradation vs. version 1.3), contrary to any usability best practises
• Their API is crap. I'd call that "raping" the DBus API what they're doing (basically they're offering a DBus interface that is just a transport wrapper for a text-based 'telnet-like' API. You know, DBus interfaces are meant to have meaningful functionality (like 'make a phone call') and not meant to be just "send data to the skype application")
• They don't tell the truth. Like e.g. what has really been happening these days. Or what their software really does (see 'obfuscation' above and search for "Silver Needle In The Skype")

And, honest, there is nothing in Skype that other apps wouldn't offer, or had been offering before except being really aggressive at getting through firewalls without any user intervention.

Skype seems slowly to recover from yesterdays blackout.

However, it doesn't look to me as if they've actually solved the problem. I assume they've just added a workaround (e.g. maybe using DNS to locate good servers?) that help recovering. At least when enough people download the new version.

If you look at the graphs at Njanjan.to and 85qm.de, then they still look far from healthy.

I'm not talking about the mere numbers - Skype reports about 3 Million users connected, which would mean 1 out of 3 regular users is back. But I'm talking about the shape of the curve. During regular operations, the curve used to be smooth. Which is easy to explain: by some million users going online and offline indepentenly, it all smoothens out. The curve goes up when people start working in a densely populated area and goes down when they go to bed. But if you look at the graphs for the past few hours parts of the Skype P2P network still appear to get disconnected and reconnected. They cerainly didn't flip a switch and people could connect again. The service still appears to be going up and down.

To me, that indicates that they actually didn't solve the problem, but just found a way to make the problems not take down the whole network, while parts still drop off now and then.

Just my guesses, though. And Skype will not tell the truth either, you bet. (You might want to skim over the presentation "Silver Needle In The Skype" [PDF], about the inner workings of Skype, their obfuscation technologies and how far they go at hiding what their software is actually doing)

P.S. I've read in a blog that Skype might right now only allow one connection per IP. That would even more support the rumors that they're actually trying to defend against an attack on their network (and using the IP limit to slow down the attacks?)

P.P.S. Another interesting note: the Skype stats on the Skype website report 5.5 Million connected users - my Skype client reports 3.7 Million. Which number is correct?

Side note: According to the Skype RSS data feed, right now 174086 user are online. That less than 10% of the usual numbers, isn't it? To me, that's more than a few users.

Skype is harmful. Here's the explantaion why:

Skype uses P2P technology where it is not needed. There are parts of VoIP where it does make sense (when a direct connection is possible, transfer the data directly between clients), but pretty much any VoIP software does that.

And there are parts, where it doesn't make sense. This includes not accessing the login servers directly, but trying to use other Skype users as proxies.

Now what I've seen happening in some networks is the following: Skype fails to login directly, so it starts connecting random peers it has seen before. It keeps a list of 200 peers for that in the registry. So when it fails to connect, it will try contacting these 200 peers instead. Now if you have multiple users sharing your connection, let's say 10 and a cheap router with limited memory, 2000 connections is a lot to keep track of. It might start losing other connections. Such as your mail an web connections.

This is exactly what I've seen today: the internet connection becoming pretty much unuseable (single packets would work fine, but not TCP/IP transfers of more than a few kb). When we found out it might be due to Skype malfunctioning, and gave the order for everyone to shut down Skype (which didn't work anyway, so people quickly complied), Internet became useable again. Let me emphasize that: it wasn't a bandwidth issue, but it was just the sheer number of connections opened by Skype that caused more important connections to be dropped by the routers.

So why is Skype not using proper servers, like MSN, AIM and ICQ do? Because they're cheapskates. It's cheaper for them to let others use your bandwidth instead of having to provide enough to handle all the data. The other reason is that it's harder for system administrators to deny access to Skype, if any other Skype user can proxy your access to the actual login server. But if you want/need a central user registry, you can't rely on a true P2P system. It's bound to get disconnected at some point.

And yes, this especially means that Skype is not a good idea in a corporate environment with a large number of users. The skype approach works well for a single user at home, but the Skype networking behaviour can take down your routers if you have too many users running Skype at the same time. Other software choices, such as the standardized, vendor independant SIP protocol for VoIP, however would even allow you to setup a proper VoIP telephone system, with conference rooms, complex call routing, dictionaries, callback, routing to ATM or mobiles, complex voice mail systems, you name it. Skype is designed for single home users, not for company use.

P.S. Am I the only one who thinks the Skype UI is crap? No groups (at least not in my version, which is the latest there is for Linux), and totally idiotic button placement (like this ugly 'add' button I'm pretty much never ever, and a floding-up button next to it with the options, quit and recent chats (do they have anything in common?) hidden in there. How about using a menu bar like everybody else? How about organizing functionality in a human-comprehendable way?

P.P.S. What I guess has happened: somehow, most nodes (especially super nodes) got convined that the actual login servers are bad. As long, as some still had the connection, login still worked. At least sometimes (many probably experienced an unstable Skype connection before they could no longer login). But at a certain point, a large part of the network got separated from the login nodes and started routing requests around chaotically, trying to find the actual login server. The only way they have for fixing it, is slowly convincing and nodes on the perimeter of the P2P network about the proper location for the login servers, and that way spreading the correct information around again. Or shipping a new version which will re-inject this information in clients again. Just my guesses.

P.P.P.S. It would be interesting to know what had caused this. If it was some kind of subtle attack on the network. Like someone trying to convince supernodes that the login servers are bad and untrustworthy or something. Maybe just by sending spoofed bad data packets from the login servers IP or so.

P^4.S. Interesting graph on the number of Skype users logged in. Still going down.

Yesterday, a friend mentioned that some program had been accessing most of his (s9y) blog, and apparently even manged to access password protected entries.

Now I'm not a s9y user myself, but somehow I felt like digging into this. I wouldn't consider myself a web security expert, actually. I'm more interested in data mining and such algorithms these days.

It took me 10 minutes to find the problem (despite not having used PHP much in years; I don't trust that programming language; including some searching if it was maybe already reported somewhere). By sending an appropriate POST request, you could override the password used, and that way disabling it.

Granted: "locating" a security issue you know it exists is a lot easier than actually discovering new ones...

Official announcement in the s9y blog, including a fix for the problem.

Memo to the guys who wrote that bot that was accessing the blog of my friend: You messed with the wrong people, guys. We know how to detect your scan, and we'll spoil the fun for you by helping in fixing the bug!

"Walbrände in Südosteuropa", "Walbrände an der Kroatischen Küste [...]", "Die Lage an der Walbrand-Front im Süden Italiens [...]"

Gefunden bei: Tagesspiegel.de, N-TV Nachrichten, news.ch, dem MDR, Mitteldeutscher Rundfunk.

Und sicherlich vielen anderen.

Die armen Tiere!

In case you're wondering why my blog has become so silent (3 posts in July, 2 posts in June - yes, my posting frequency is down by a magnitude!):

About a year ago I started dancing, and this has by now become my main leisure time activity. And since I'm now off dancing (and meeting friends I know from dancing) like 5-7 days a week, that also means I'm spending much less of my free time on the computer.

It's not just that I'm not blogging as much anymore; I'm also spending much less work on my opensource projects. Sorry about that; but all the dancing has recently been very fulfilling, whereas sometimes opensource work can be somewhat demotivating (especially when you fail to attract people to join your project).

This especially means that some of the projects I started or played a bigger role in (e.g. SELinux on Debian) now need to find someone else to take over my work. Especially SELinux could definitely use some fresh hackers.