Skype Blames Microsoft Patch Tuesday for Outage

brajesh writes to tell us that Skype has blamed its outage over the last week on Microsoft's Patch Tuesday. Apparently the huge numbers of computers rebooting (and the resulting flood of login requests) revealed a problem with the network allocation algorithm resulting in a couple days of downtime. Skype further stressed that there was no malicious activity and user security was never in any danger.

Yeah........

[Clockwurk]

Somehow, I don't think thats the real story.

Re:Yeah........

[Ulven]

This wasn't exactly the first ever Patch Tuesday. And didn't skype break on a Thursday anyway?

Re:Yeah........

[Southpaw018]

Yeah, but Patch Tuesday usually involves a dozen patches or less, any handful of which (2-3) might apply to any one system. This one included more than 50 patches, 12 of which were needed by most computers in my office.

Re:Yeah........

[Anonymous Coward]

Something was different last week wrt Microsoft. I had six servers reboot that had autoupdates turned off. My desktop system running 2003R2 and my laptop running XP also rebooted w/o my permission. We have quite a few pissed-off customers because of the updates. It was an unusual situation.

Wiretap law?

[megaditto]

Given that this baby [washingtonpost.com] was steamrolled through the Congress two weeks ago, the outage seems coincidental.

Consider that Skype could not tell the users of the real reason even if they wanted to: the law mandates that the forced cooperation be kept in secret.

timezones

[hey]

Does the reboot occur at, say, 2AM local time? If so then reboots would be spread out by the (at least) 24 timezones.

P2P dumbness

[Kludge]

I think this demonstrates the goofiness of a p2p telephone system. If I use Skype, I depend upon my data flowing through other users' computers because I am too dumb to allow incoming VOIP connections to my computer.
VOIP connections should be direct encrypted connections from my computer to the computer of the person whom I wish to contact. Period.

Like I needed another reason not to use VoIP

[AudioEfex]

Gee, I hope no one tried to call 911 during the outage. That "enhanced" (insert guffaw, it's like calling a hamburger without the meat and just a bun "enhanced") 911 didn't do a tinkers damn worth of good for anyone who's service was out.

This is why I won't even consider VoIP. Why in the world would I want to take risks like this? I live in a house my family has lived in for over 60 years, with the same old phone line and it's NEVER GONE DOWN IN SIXTY YEARS! A couple of times a month my Internet craps out, though, though usually for less than an hour. And sometimes the router needs to be reset, like many people find they have to do periodically. What happens if I need 911 during one of those times, and I can't get around it?

"Internet phone", "digital phone" whatever they want to call it, anything but a REAL land-line from the local phone company is a substandard service by definition. They can throw whatever words out there to make it sound super-dooper, but it's a substandard service just like anyone who experienced this outage can tell you.

AE

Reminds me of AOL crashing mail servers

[DrDitto]

Reminds me of the late 90s where AOL's crashing mail servers ended up bringing down my universities server (and many other organizations) because of the surge of load when AOL came back online and started sending backlogged mail.

Re:Wiretap law?

[orzetto]

Given that this baby [wiretap law] was steamrolled through the Congress two weeks ago, the outage seems coincidental.

Interesting point, but Skype is based in Luxembourg and has no obligation to US law. Then again, they are owned by eBay, but just because they are owned by a US company does not mean much: they do not have to follow every shareholder's local law.

Re:Assuming this is true...

[DingerX]

Hey look, if I'm a skilled corporate comms officer -- and I have no doubt Skype has one of those --, and I have to lie about an outage, I'd do it so that it would be believable. All they had to say was:
We recently upgraded our login server authentification routines, and in spite of our testing, we missed something.

The underlying problem with Skype has always been the auth server: everything has to go through it. Worse, when a supernode goes down (e.g., reboots due to a planned install), everything connected to that supernode has to go through it. Now, Skype has been growing pretty fast, pretty much every week their auth servers handle more traffic than the previous week. Your average user might not reboot all computers at the same moment, but what about big enterprises?

And how does Skype pick its supernodes? We know one of the criteria is bandwidth. So let's say in some part of the world where a bunch of little skype clients are wired to a few big bandwidth providers, patch Tuesday hits, and a bunch of those supernodes reset at the same time. The Auth server is hit with the traffic, not from the rebooting supernode, but from all the clients connected to it. That's "peak load" for your auth server, and it increases every patch Tuesday.

Re:Skype did not blame Microsoft

[MyLongNickName]

Please join me in tagging this 'badjournalism'. Skype does not blame Microsoft. They blame their own code.

Re:Unlikely story!

[warderz]

My thoughts exactly, they can deny it all they want but I find the previous story [slashdot.org] more believable. Just put yourself in their shoes for a second, if there was a DoS, not even a breach, and you admit it what would the customers think/do? Skype's not the only company that provides this kinda service...

Reminds me of a 50-year-old telephone outage

[Anonymous Coward]

I don't remember where/when this happened, so it might be an urban legend. But the story is that many years ago an earthquake rattled a California town. No major damage was done, but it killed all the phones in the town for several days.

The earthquake had jostled thousands of telephones off hook. The central office switches survived the quake just fine, but crashed due to a bug that seems eerily like the one Skype just described. Basically the switch kept a list of phones that were off hook. The switch is responsible for playing "dial tone" to those phones, but the central office only had a certain number of units that could play dial tone and listen for dialing. So the first "n" phones off hook got dial tone; the rest were put into a FIFO list of phones waiting for dial-tone equipment.

There were so many phones off hook due to the earthquake that the FIFO list overflowed, crashing the switch.

When the switch rebooted, it had to figure out which phones needed dial-tone. So it had to examine each phone line in turn, putting the ones that were off hook into the queue for a dial tone...thus overflowing the list and crashing the switch again. And again. And again.

After a while the telco folks figured out what was wrong, but then couldn't tell anyone about it...since the phones were down. They eventually had police and fire trucks driving all over town, stopping to hang up all the pay phones that were jostled off hook, and blaring over megaphones for people to hang up their phones. :)

Eventually enough phones were hung up so the switch could reboot without crashing - end of crisis.

Good times.

how wrong you are

[tacokill]

You are so, so wrong. If a US company owns them, then they are subject to US law. This is to prevent US based companies from just setting up a shell and providing services to, say....Cuba or any other restricted country. There are countless examples of subsidiaries getting in trouble for things that are illegal in the US -- but not where their offices are.

Otherwise, Foster Wheeler would just setup a shell in another country and start building refineries for Cuba.

I, personally, know of companies who have gotten into trouble when their equipment, somehow, found it's way to a restricted country (Cuba, Sudan, Syria, Iran, etc). The US treasury department publishes a list. [doc.gov] Admittedly, this is only the voluntary actions but I am certain there are involuntary actions as well (ie: criminal cases). See the entry about Varian (Switzerland) for a specific example of what I am talking about.

The point is: they ARE subject to US law via eBay owning them.

Re:Wiretap law?

[Kalriath]

Except that that's not the problem. Skype uses the resources of it's users to do everything, and when a huge portion of their users go offline simultaneously, then log back on at the same time, then no "logon servers" (read: network peers) are available.

If you ask me, peer to peer phone is a stupid idea anyway.

Re:how wrong you are

[teg]

You are so, so wrong. If a US company owns them, then they are subject to US law. This is to prevent US based companies from just setting up a shell and providing services to, say....Cuba or any other restricted country. There are countless examples of subsidiaries getting in trouble for things that are illegal in the US -- but not where their offices are.

Or the other way round... In Norway, denying services due to e.g. nationality is illegal. If a US owned company operating in Norway does not serve Cuban customers, they could face discrimination charges. As they should, US law should not apply here.

Re: On auto rebooting

[Douglas Goodall]

I was at the hospital visiting a loved one. I noticed that the nurses console was hung in the middle of an autoreboot. I admit that autoupdating critical computers is a bad idea. The amount of power that Microsoft has over the windows update feature is of great concern to me. The ability to corrupt/reboot most of the desktop computers in the country controlled by one company is too much power in my mind. This is a risky system that we cannot absolutely control, much like a nuclear reactor. Just not as spectacular when it fails.