
Skype replaces P2P supernodes with Linux boxes hosted by Microsoft - evo_9
http://arstechnica.com/business/news/2012/05/skype-replaces-p2p-supernodes-with-linux-boxes-hosted-by-microsoft.ars
======
wmf
Something not mentioned by Ars is that the difference in cost between
datacenter bandwidth and broadband has changed significantly in the last 10
years. Datacenter resources are now so cheap that P2P has little advantage. (I
think the rise of cyberlockers are another manifestation of this trend.)

~~~
edge17
that's pretty interesting. do you have a link or something with some of the
cost analysis?

~~~
wmf
Here's bandwidth pricing: [http://drpeering.net/white-papers/Internet-Transit-
Pricing-H...](http://drpeering.net/white-papers/Internet-Transit-Pricing-
Historical-And-Projected.php) Let's say 100x drop in 10 years. (But broadband
upstream certainly hasn't gotten 100x faster!)

Determining the cost break-even point between P2P and client-server is more
complex and I haven't seen any public analyses of it.

~~~
sedachv
Problems with DSL upstream bandwidth is the main reason that Kragen thinks P2P
networking won't work very well: [http://lists.canonical.org/pipermail/kragen-
tol/2011-August/...](http://lists.canonical.org/pipermail/kragen-
tol/2011-August/000935.html)

------
revelation
Let me just make this very clear: you don't go from zero operating cost to
multiple millions of hardware and colo space to do the very same thing, in a
move so transparent that it needs security researchers to dig into your
program to find out it has happened at all.

I guess Skype (by extension, Microsoft) is growing interested in what people
are speaking about. To get hold of that data you need to route it through your
own network, at significant processing and bandwidth cost.

~~~
drzaiusapelord
Or instead of engaging in conspiracy theores with zero proof we should look at
whats going on here rationally. Skype is really unacceptable in any corporate
environment. I don't want a random PC on my network to be a superpeer and
suddenly use my 50mbps connection routing calls to the world. Run skype for a
couple of mins, fire up tcpview, and watch calls come in and out. Not only is
this a waste of my resources it also provides a shit experience of dropped
calls, sudden drops in quality, and connection issues. The P2P model for video
and talk is suboptimal and MS knows their real customers (IT managers and IT
buyers) aren't going to go for this.

I have yet to get high quality video to work on skype, even between two
clients each with 10+ mbps lines. MS knows this is a problem.

More than likely Skype will be for SMB and residential use and high end
enterprise will continue to use Lync or alternatives. This is a welcome move
as it legitimizes Skype for many.

~~~
freshhawk
He phrased it like a conspiracy theorist, but it's a little naive to think
that intercept capability wasn't a factor in this decision. As far as I know
skype was the biggest player in communications that wasn't being _completely_
monitored.

~~~
SpiderX
Skype went down for a couple days about a year or two ago, as did a few other
voip services at around the same time. I suspect this is more than just a
single company that is behind it, rather the US government.

~~~
freshhawk
Sure, it's not a secret that the NSA is the one pulling in _all_ of the data
they can get their hands on right now. And they absolutely _want_ all skype
traffic, since they already have all internet and phone traffic.

------
wetsocket
MS using Linux to run their business. That says it all.

A company with more money than it knows what to do with, acting desperately to
save itself from obsolescence.

Skype was flawed from the outset, being non-transparent (about how the network
is set up, turning machines into supernodes withtout permission, and the
encryption they use). It's all closed. Why? You can't verify it's well-
designed. Now it's worse. Do I want MS routing my calls? Scanning every file
transfer? Being able to peek at any video?

No thanks. That's not their role.

There are other true decentralised P2P Video/oiceOIP solutions. People now
know that free calls, even video calls, through the internet are feasible,
even without having technical knowledge.

Right now, use Skype. But it will not hold the market when more robust,
flexible, decentralised, transparent services are ready for non-technical
users.

Because they will be free. And Skype will not be free: the price you will pay,
to a software company[1], is your privacy, at the least, and probably more.

1\. No software company has a need to know such things. They are not the
government, they are not law enforcement, and they are not defenders of
national security. They are a software company. Who are they accountable to?
It's just not a smart idea to let MS take this role. The potential for abuse
is too great.

~~~
angersock
If we had 1 good application programmer for every 100 cryptoweenies, the world
would be a better place.

Write code or shut the fuck up.

~~~
wetsocket
Code is written. Command line only. So not ready for you yet.

There are good application programmers (who are also competent
cryptographers). But it seems, based on mailing list and forum comments, all
the incompetent ones hold them in spite. One can only guess why.

~~~
286c8cb04bda
Command line is good enough for me; Where can I find it?

------
freshhawk
Certainly helps solve the intercept problem for the American national security
agencies.

(Was that still a problem? My info is probably out of date, but skype being
p2p _was_ a pain in the ass for spying on customers a short while ago)

~~~
revelation
Skype offers lawful interception access to anyone interested. The encryption
is literally just obfuscation to deny intermediate peers access.

~~~
freshhawk
But not large scale trawling of all call data or the ability to mirror all
traffic to another location as far as I know.

~~~
revelation
Of course not; thats not "lawful interception" in the countries that Skype
would market such services to. They don't have access to that large-scale data
anyway, hence my comment on getting access to it by routing it through your
own infrastructure.

~~~
freshhawk
Right, which is the "intercept problem" I was talking about. Your concept of
"lawful interception" is pretty dated when we're talking about national
security agencies rather than police.

The NSA is splitting signals and trawling _everything_ for what they want,
it's how it's done now. The recent wired article about the new datacentre was
pretty interesting. Which was, as far as i know, not possible with the p2p
architecture that skype had previously.

------
muppetman
Good to see the grsecurity patch getting a bit of publicity. I think for
critical devices it's an essential patch, mostly because of it's integration
with the PaX patch which is aimed at preventing many different types of memory
overflow exploits.

~~~
zobzu
You can use PaX standalone tho.

I'd like to know if they used GrSecurity's RBAC or if they just used the patch
and that was that.

~~~
zobzu
Or downvoted for no reason. haha.

That's PaX standalone: <http://grsecurity.net/~paxguy1/>

------
furyg3
I wonder if this has to do with mobile.

A laptop on a broadband line can keep track of all the P2P nodes necessary to
keep my contact list & chats up to date, have a 3-way video call, and top it
off by routing for a few less-well connected peers nearby. Asking that of my
phone is a bit much.

Skype on an iPhone + wifi is rough sailing as it is, let alone on 3G or with a
less-powerful device. The behavior I see (really random incoming chats, call
false-starts) seems to be more related to the P2P layer than the app itself. I
almost never see that behavior on Skype desktop.

I think leaning a bit more towards client-server would be a lot more friendly
for mobile devices. Hopefully they hit the right mix.

------
nthitz
Is this in response to the Skype IP Lookup tool that was released this past
week? Or something completely unrelated?

~~~
TazeTSchnitzel
Unrelated, although this might make such things harder.

------
qeorge
My biggest complaint with Skype is its inability to persist chat messages when
one client is disconnected. If this addresses that it would be great.

That said, we're using HipChat now and love it. If you use Skype for group
chat and don't use the phone a lot, I recommend the switch wholeheartedly.

~~~
Karunamon
Say what now? It always seemed to do that quite fine for me. If a client drops
off, I can still send messages, and they'll sit in the window with the little
"working" circle next to t hem. The partner picks them up when they reconnect.

I've logged in more than once to have a metric ton of IM's waiting for me.

~~~
qeorge
But if you send a message they won't see your message until you're both online
again. So if you sign off before you sign on, it won't send until both clients
are online again (could be days).

If you use multiple computers it gets worse - if you send the message from
your laptop it won't go through until _the laptop_ and your friend are online
again.

Its not a huge problem with a 1 on 1 chat, but with groups its frustrating.

We benefit greatly from having the chat room as sort of a canonical log of
what's happening. Its nice to be able to leave a message for coworkers before
you sign off for the night, and know that everyone will see it. With Skype we
didn't have that guarantee.

~~~
Karunamon
Ahhhh, gotcha. I see what you're getting at now.

It's kind of odd that they don't - messages are stored server side (have a
bunch of conversations and then sign into an empty skype elsewhere - open
chats are synched). You'd think this would be trivial to add.

------
CTop
Just so I understand this: they're switching from direct P2P messages between
users (like MSN), to routing the messages through their own data centers first
(like Facebook)?

So in theory this will prevent any messages ever getting lost en route to the
recipient?

I can't tell you how many messages have gone undelivered between my friends
and I when we used to use MSN messenger exclusively (even happens once or
twice on Skype), causing serious breakdowns in communication. ("Did you get
that message? Did you get that message?)

I always wished they'd switch to this architecture.

~~~
Wilya
Is MSN P2P ? It's been a long time (like.. oh. 7 years maybe ?) since I've
used it, but iirc it was centrally routed. Only some things like file
transfers were P2P.

------
speleding
When I had a fixed IP address and no NAT between the internet and my PC, I
regularly caught Skype promoting me to supernode and using a serious part of
my bandwidth. It made me get into the habit of quitting Skype unless I wanted
to make a call. Perhaps I can keep it running now.

------
RobertKohr
What alternatives to skype exist? Something that does voice, and not likely to
invade my privacy.

~~~
mey
I would recommend looking at something like Mumble
<http://mumble.sourceforge.net/>

Assuming you are concerned about the code you run, the location you run it in,
etc. Does not provide encryption to my knowledge, but VPN can solve that.

If you are looking for something more robust that can interconnect with
telecom stuff, I'd suggest <http://www.freeswitch.org/> or
<http://www.asterisk.org/>

~~~
SpiderX
Mumble requires a server.

~~~
mey
I don't know of any truly distributed encrypted voice systems you can trust
out there. Hosting your own server for a service seemed like the next rational
way to solve the persons question.

~~~
snarkinatree
Try not to think in terms of server and client being separate machines. Or
thinking that a server needs to be complex or able to handle an unlimited
number of nodes. It's possible to be both a client and a server. And that is
in fact what Skype was doing. Some clients were also functioning as
supernodes.

------
dgregd
With IP6 supernodes won't be needed for A/V traffic. Supernodes are only
needed for NAT hacks.

Skype succeeded because it worked in many different network environments. As
contrasted with h323 and sip. Just to remind.

~~~
wmf
Think again; firewalling and NAT are coming to IPv6 whether they're needed or
not.

~~~
trotsky
Who has ever said IP6 didn't need firewalling? That sounds insane... And where
is this IP6 NAT you speak of??

~~~
ghshephard
All the enterprises that have deployed in RFC4193 space are using IPv6 NAT.
It's been available in OpenBSD (a popular IPv6 Firewall/NAT device) for
several years. If cisco hasn't deployed it yet in their ASAs, they will soon.

Enterprise cannot leak their internal addresses, and, if they do, they want it
to be something that nobody can make use of/route to.

~~~
dgregd
Frankly speaking I'm not familiar with IPv6 NAT.

So to hide IPv6 corporate network structure it is necessary to send outside
all IPv6 packets with one global address. Is this an only option?

It should be possible to hide internal network structure with some address
shuffling techniques.

~~~
ghshephard
IPv6 NAT (or, more precisely, PAT/NAPT) is pretty much identical to it's IPv4
ancestor. One external (globally routable) IP Address which represents the
entirety of the internal IP address space. If you are on a corporate LAN, and
your IPv6 address is from the RFC4193 range (it starts with "FD" e.g.
FDC2:D343:1234:5678:..." ), and, you are accessing IPv6 resources outside your
company, then some kind of PAT/NAT/Proxying is taking place.)

I'm sure it will be very popular.

~~~
ay
The brilliant and problematic property of the translation (and why I think it
will catch up) is that it allows to easily make your today's problems someone
else's problems five years down the road. Noone gives a ding about what
happens in five years in one's network - let alone the larger internet.

BTW, next time you talk with the "address-hiding security" fans, check what
result they get from <http://panopticlick.eff.org/> \- very curious!

~~~
ghshephard
I'm one of those "address-hiding security" fans - I've architected and
deployed more than 7 million (currently operational) IPv6 nodes, 100% of them
in RFC 4193 space. We have many layers of security. Link Layer Security,
Application Layer Security, Firewall Security, IPsec Security, App Transport
Security in addition to the non-routability security.

I've never understood security professional who turn their nose up at the
usefulness of using a non-routable IP address in your environment. It's always
seemed self evident to me, that putting your resources on something like
"192.168.1.5" - on an internal network, in addition to all of the other steps
you take, would be yet another layer of defense that makes an attackers life
difficult. And, in an enterprise environment, I would rather optimize for
security than ease of two-way communication with external entities.

~~~
trotsky
Do you really NAT all those meters though? It seems much more likely to me
that you only have one or two specialized ALG's running.

One to many NAT really makes an attackers life easier in a lot of ways - at
least as far as computer networks that support active users. NAT makes it much
easier to hide from flow analysis and IDS and the proliferation nat traversal
and tunnels to escape NAT make it much harder to spot rogue traffic. Lets not
forget the classes of attacks that private v4 space has eased like DNS
rebinding and home router attacks.

It's interesting, the only network I knew of that was ip6, aggressively
secured and that many nodes is DISA which definitely doesn't allow any public
network traffic - and yet uses global address space.

------
zerostar07
I had my account hacked, and it also happened to a friend a few weeks ago (and
i m unable to reclaim it because they ask for the day i registered). Is it
possibly related to the transition?

------
tar
I just wish they would update their Linux client.

~~~
diminish
same here. I hope linux boxes save Microsoft some money and stability.

------
pritam2020
So, Microsoft would use Linux boxes..

~~~
beagle3
When they bought hotmail, it took them years to migrate off the freebsd boxes
that was running it -- they had several failures, and when they finally
succeeded, they needed several times as many NT boxes as the original BSD
boxes.

I would guess that the supernode software was written by skype long before the
acquisition (they were running their own supernodes, despite what the article
claims -- although not as many, and most supernodes were users), and microsoft
hasn't had the chance or the reason to port them to Windows yet.

------
tbundy
Let's hope this at least makes user presence more accurate. I'm doubtful.

------
nextparadigms
Everything Skype does will soon be replaced by WebRTC anyway.

~~~
pbhjpbhj
How soon?

I presume you mean this - <http://www.webrtc.org/>.

Is it just a more simple way of setting up chatroulette style sites only using
browser native programming rather than relying on Flash?

~~~
drivebyacct2
It allows you to do the same thing Skype does. It uses a server (supernode) to
make P2P connections (via SDP signaling) between web browsers. I can assure
you, it can be used much like Skype is used.

