Slashdot Log In
Skype Blames Microsoft Patch Tuesday for Outage
Posted by
ScuttleMonkey
on Mon Aug 20, 2007 11:52 AM
from the ddos-ing-yourself dept.
from the ddos-ing-yourself dept.
brajesh writes to tell us that Skype has blamed its outage over the last week on Microsoft's Patch Tuesday. Apparently the huge numbers of computers rebooting (and the resulting flood of login requests) revealed a problem with the network allocation algorithm resulting in a couple days of downtime. Skype further stressed that there was no malicious activity and user security was never in any danger.
Related Stories
[+]
IT: Did Russian Hackers Crash Skype? 108 comments
An anonymous reader sends us to the www.xakep.ru forum where a poster claims that the worldwide Skype crash was caused by Russian hackers (in Russian). The claim is that they found a local buffer overflow vulnerability caused by sending a long string to the Skype authorization server. You can try Google's beta Russian-to-English translation, but the interesting part is the exploit code, and that's more readable in the original. The Washington Post reports that Skype has denied this rumor.
This discussion has been archived.
No new comments can be posted.
Skype Blames Microsoft Patch Tuesday for Outage
|
Log In/Create an Account
| Top
| 286 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Yeah........ (Score:2, Interesting)
(http://www.nsa.gov/kids/)
Re:Yeah........ (Score:4, Insightful)
Re:Yeah........ (Score:5, Interesting)
Re:Yeah........ (Score:5, Interesting)
(http://www.civilwar.org/ | Last Journal: Tuesday September 05 2006, @07:45PM)
Skype said it's the reboots that matter (Score:4, Informative)
(Last Journal: Wednesday March 02 2005, @11:08PM)
Maybe the average machine had more downtime on this month's reboot? Or the reboots happened in a more concentrated time window?
Re:Skype said it's the reboots that matter (Score:5, Insightful)
(http://www.linda.ch/borabora/)
Re:Yeah........ (Score:5, Informative)
I had to leave town and usually leave Thunderbird up and running to filter my mail on my IMAP account so my laptop syncs without having to redo all the filters I have in place. After no reboot on Tuesday I was relieved that I wouldn't have an issue with a down T-bird unless the power went out - which never happens unless I leave town (happened only once before).
Sure enough, none of my mail is filtered after Thursday. Come home this morning and see "Your computer has been recently updated" balloon.
Wiretap law? (Score:5, Interesting)
Consider that Skype could not tell the users of the real reason even if they wanted to: the law mandates that the forced cooperation be kept in secret.
Re:Wiretap law? (Score:5, Funny)
(http://slashdot.org/)
I agree. Every two-day outage of a web service can only logically be explained as a consequence of George Bush spying on you.
One-day and three-day outages, that's something else entirely.
Re:Wiretap law? (Score:5, Interesting)
Interesting point, but Skype is based in Luxembourg and has no obligation to US law. Then again, they are owned by eBay, but just because they are owned by a US company does not mean much: they do not have to follow every shareholder's local law.
how wrong you are (Score:4, Interesting)
Otherwise, Foster Wheeler would just setup a shell in another country and start building refineries for Cuba.
I, personally, know of companies who have gotten into trouble when their equipment, somehow, found it's way to a restricted country (Cuba, Sudan, Syria, Iran, etc). The US treasury department publishes a list. [doc.gov] Admittedly, this is only the voluntary actions but I am certain there are involuntary actions as well (ie: criminal cases). See the entry about Varian (Switzerland) for a specific example of what I am talking about.
The point is: they ARE subject to US law via eBay owning them.
Re:how wrong you are (Score:4, Interesting)
(http://www.pvv.org/~teg/)
You are so, so wrong. If a US company owns them, then they are subject to US law. This is to prevent US based companies from just setting up a shell and providing services to, say....Cuba or any other restricted country. There are countless examples of subsidiaries getting in trouble for things that are illegal in the US -- but not where their offices are.
Or the other way round... In Norway, denying services due to e.g. nationality is illegal. If a US owned company operating in Norway does not serve Cuban customers, they could face discrimination charges. As they should, US law should not apply here.
Re:Wiretap law? (Score:5, Funny)
(http://erikmartin.com/)
Yes, the US government ordered Skype (a UK company, btw) to shut down for two days and blame it on Microsoft, and they complied. Hint: The aluminum foil goes on your head, not crammed forcibly into your ear.
Re:Yeah........ (Score:4, Insightful)
Skype network was overloaded by the zillions of Windows PCs rebooting after the patch installations.
Re:Yeah........ (Score:4, Informative)
Skype's model is somewhat controversial. My own company does not allow employees to run Skype on company issued laptops because the closed code is running distributed and there is no way of knowing where company confidential conversations might be landing.
Re:Yeah........ (Score:5, Interesting)
Re:Yeah........ (Score:5, Insightful)
(http://slashdot.org/)
Re:Oh please! (Score:5, Insightful)
(Last Journal: Saturday October 20, @06:40PM)
For the love of God editors, I understand that it is fine to write a sensationalist title on some articles but that is blatant FALSE. It is a complete LIE. People at Skype specifically stated that the fault was in *their* log-in mechanisms.
Really this kind of journalism is disgusting... I am tagging this story as LIE which I hope other people do as well, unless editors change the title.
I find hard to believe Slashdot has got so low... this and the speculative digg-like "articles" ending with a question mark "?", What the fuck.
Is it just me (Score:1, Insightful)
Skype did not blame Microsoft (Score:5, Informative)
Re:Skype did not blame Microsoft (Score:5, Interesting)
(Last Journal: Saturday October 14 2006, @08:12AM)
Re:Skype did not blame Microsoft (Score:5, Insightful)
Isn't this how it's supposed to work?
Skype Blames Skype for Outage (Score:5, Informative)
(http://slashdot.org/)
That's what Skype says. Doesn't sound like they're blaming anyone but themselves.
Assuming this is true... (Score:1, Insightful)
Methinks Skype has other issues that they don't want to admit to, so it's easier to sort of blame M$.
Re:Assuming this is true... (Score:4, Insightful)
Load testing is hard. I know. I used to do it. It is hard to anticipate what your peak load might be. It can also be hard to generate the right kinds and volumes of loads that your service might experience. Proper load testing requires a realistic test bed with enough machines running client simulation scripts to sufficiently load the machine. This requires a deep understanding from management that spending large amounts of money on non-production systems is essential. Your setup might deal with some kinds of load well and fail on others. Perhaps Skype had considered what might happen during a natural disaster with a large number of calls originating at the same time, but neglected to see login as a significant risk, especially if they had weathered that storm before.
My least proud moment in quality assurance was seeing my company's service go down for a weekend due to excessive database load. We had a new version of our web service software that required significant database changes to each user account (including database structure redesign...go ahead and wade through that hard book on database principles before you start coding my friends...funny its what I'm doing right now as I go from QA dude to programmer). We made an upgrade script that ran when each user logged in, which brought the user's data up to date with the current version of our software. The thing is I knew about the risk, measured a high load at user login, notified engineering about the potential problem, but didn't demand that the upgrade be placed on hold until the issue could be better quantified. Ah, live and learn.
-Jon
Re:Assuming this is true... (Score:5, Interesting)
(Last Journal: Wednesday February 21 2007, @08:20AM)
We recently upgraded our login server authentification routines, and in spite of our testing, we missed something.
The underlying problem with Skype has always been the auth server: everything has to go through it. Worse, when a supernode goes down (e.g., reboots due to a planned install), everything connected to that supernode has to go through it. Now, Skype has been growing pretty fast, pretty much every week their auth servers handle more traffic than the previous week. Your average user might not reboot all computers at the same moment, but what about big enterprises?
And how does Skype pick its supernodes? We know one of the criteria is bandwidth. So let's say in some part of the world where a bunch of little skype clients are wired to a few big bandwidth providers, patch Tuesday hits, and a bunch of those supernodes reset at the same time. The Auth server is hit with the traffic, not from the rebooting supernode, but from all the clients connected to it. That's "peak load" for your auth server, and it increases every patch Tuesday.
Hardly the first time (Score:1)
So, their servers got hammered (Score:2)
It sounds like bad planning on their part. A large scale power outage in a region could do as much damage.
Grow up (Score:4, Insightful)
That's the reason the use MS (Score:3, Funny)
(Last Journal: Monday March 21 2005, @03:37PM)
In other news . . . (Score:5, Funny)
timezones (Score:5, Interesting)
(Last Journal: Thursday December 08 2005, @04:33PM)
Note absence of word "Microsoft" (Score:3, Insightful)
(http://www.animats.com)
Note that nowhere in Skype's announcement does the word "Microsoft" appear.
It's very striking how, when some major vulnerability appears, Microsoft's name doesn't appear prominently in news releases.
It also reminds you that Redmond has the power to reboot most of the computers in the world remotely. What if, one day, they didn't come back up?
But, the question is... (Score:1)
(http://kbetong.com/)
(Well, after typing this, I just realized--maybe they incorporated new code, but they should have mentioned that too)
P2P dumbness (Score:5, Interesting)
VOIP connections should be direct encrypted connections from my computer to the computer of the person whom I wish to contact. Period.
Re:P2P dumbness (Score:5, Informative)
Unlikely story! (Score:2)
This has been going on for years now. You will note that the outage occurred on *Thursday* August 16th. Microsoft's patching schedule is every Tuesday. Typically computers reboot on Wednesday morning early in the AM. So it would seem unlikely that all of the computers that run Skype were rebooted Thursday morning. Also, not everyone leaves their computers on to download updates and reboot automatically. I would say that this explanation is suspect, at best.
"The high number of restarts affected Skype's network resources. This caused a flood of log-in requests, which, combined with the lack of peer-to-peer network resources, prompted a chain reaction that had a critical impact."
Right - it had nothing to do with patches MS or otherwise it had everything to do with Skype not being able to service their supposed large number of logon requests.
Further though this DOES NOT explain *at all* why they were not able to service logon requests for *3* days. This level of outage is almost unheard of.
My only guess is something went terribly wrong and they don't want to own up to it.
Like I needed another reason not to use VoIP (Score:3, Interesting)
This is why I won't even consider VoIP. Why in the world would I want to take risks like this? I live in a house my family has lived in for over 60 years, with the same old phone line and it's NEVER GONE DOWN IN SIXTY YEARS! A couple of times a month my Internet craps out, though, though usually for less than an hour. And sometimes the router needs to be reset, like many people find they have to do periodically. What happens if I need 911 during one of those times, and I can't get around it?
"Internet phone", "digital phone" whatever they want to call it, anything but a REAL land-line from the local phone company is a substandard service by definition. They can throw whatever words out there to make it sound super-dooper, but it's a substandard service just like anyone who experienced this outage can tell you.
AE
What, you monitor your dial tone with nagios? (Score:5, Insightful)
(http://www.angryox.com/ | Last Journal: Sunday September 29 2002, @04:53PM)
Sure, you've never been affected by an outage of your phone service, but that doesn't mean it hasn't been out of service ever.
Plus, you pay for it too. At $30-40/month per line, you expect minimal outages. When you are paying $30/year or even nothing, a two day outage, while annoying, isn't surprising, especially when operated on a public network. Your phone line is on a private, dedicated network. You simply can't compare the two when it comes to uptime.
If all of Skype's customers paid $30-40/month, I'm much more confident that they wouldn't have had this outage.
Reminds me of AOL crashing mail servers (Score:5, Interesting)
Re:Reminds me of AOL crashing mail servers (Score:5, Funny)
me2!!
monoculture (Score:2)
(http://www.solussd.com/)
Anyone know... (Score:4, Funny)
Proof. (Score:2)
(http://www.execyte.com/)
hmm (Score:3, Insightful)
Not MSs Fault (Score:2, Redundant)
(http://slashdot.org/ | Last Journal: Monday August 20 2001, @10:38AM)
More info: http://arstechnica.com/news.ars/post/20070820-gia
If this is true... (Score:1)
Wouldn't this be a huge blow against Windows on the workstation? I can't see it making much difference to Windows as a gaming or multimedia platform, mainly because you wouldn't typically see Skype on a machine with such as its primary use. This could still take a chunk out of MS if it's true though.
Read TFA (Score:3, Funny)
Two day lag? (Score:1)
Scuttlemonkey... (Score:1)
Not malicious? (Score:2)
But since it was a result of a Microsoft patch isn't that a contradiction?
Reminds me of a 50-year-old telephone outage (Score:5, Interesting)
The earthquake had jostled thousands of telephones off hook. The central office switches survived the quake just fine, but crashed due to a bug that seems eerily like the one Skype just described. Basically the switch kept a list of phones that were off hook. The switch is responsible for playing "dial tone" to those phones, but the central office only had a certain number of units that could play dial tone and listen for dialing. So the first "n" phones off hook got dial tone; the rest were put into a FIFO list of phones waiting for dial-tone equipment.
There were so many phones off hook due to the earthquake that the FIFO list overflowed, crashing the switch.
When the switch rebooted, it had to figure out which phones needed dial-tone. So it had to examine each phone line in turn, putting the ones that were off hook into the queue for a dial tone...thus overflowing the list and crashing the switch again. And again. And again.
After a while the telco folks figured out what was wrong, but then couldn't tell anyone about it...since the phones were down. They eventually had police and fire trucks driving all over town, stopping to hang up all the pay phones that were jostled off hook, and blaring over megaphones for people to hang up their phones.
Eventually enough phones were hung up so the switch could reboot without crashing - end of crisis.
Good times.
Hmm reminds of that old scheme (Score:1)
Makes one wonder why there devs never thought of what would happen if the same happened to there software.
this is bullshite even for slashdot (Score:2)
certainly if i was making a product like skype that would be runnin