Also, P2P generally delivers smallest connection latency as compared to all other setups.
Also, P2P makes it harder for the service provider to snoop on the traffic, and this might be just the reason why Microsoft is shifting towards supernodes. Skype is just too big of a communication infrastructure piece to let it go "unsupervised."
So while the bandwidth might be getting cheaper, there's still plenty of reasons to do things in P2P way.
Determining the cost break-even point between P2P and client-server is more complex and I haven't seen any public analyses of it.
I guess Skype (by extension, Microsoft) is growing interested in what people are speaking about. To get hold of that data you need to route it through your own network, at significant processing and bandwidth cost.
I have yet to get high quality video to work on skype, even between two clients each with 10+ mbps lines. MS knows this is a problem.
More than likely Skype will be for SMB and residential use and high end enterprise will continue to use Lync or alternatives. This is a welcome move as it legitimizes Skype for many.
IT managers and IT buyers are obviously not the target market for Skype. They just buy that stuff from CISCO.
Skype has invested considerable development resources into making P2P work over NAT, circumventing firewalls, cloaking and encrypting their traffic to evade packet inspection. Even the client itself is heavily obfuscated. The point of this all is of course to not threaten the P2P model that has allowed them to essentially scale unlimited.
Now, you have Microsoft replacing that with the standard centralized infrastructure that scales terribly. Huh.
Not only is this a waste of my resources it also
provides a shit experience of dropped calls, sudden
drops in quality, and connection issues.
Skype for me is the best VoIP system I've ever used. Voice calls work fine even over my phone's 3G connection, which compared to a broadband line is piss poor. Video calls sometime have hiccups, but it worked for me in situations where more traditional client-server solutions were unusable.
Do those clients accept incoming connections? The only reason as far as I know for the supernodes is to break through firewalls.
If there is no firewall the skype connections are direct from client to client and they don't go through any other peer, microsoft or not.
a) datacenter bandwidth is now much cheaper than it was 10 years ago, to the point that the cost saving from using p2p is not that significant anymore. (Skype did not have zero operating cost, and contrary to the article, they did operate their own supernodes - few tens to a few hundreds at least).
b) Microsoft is going to change the business model, e.g. no more free calls (or, no more free conference calls, or something like that), and if they are going to charge money, they need to guarantee a level of service - which they cannot with a P2P infrastructure.
c) The marginal cost for Microsoft (who already have data centers etc) is actually LOWER than running a p2p, with everything (including end user liability) is taken into account. Running 10,000 servers in existing data servers would cost ~$1M/month. May seem a lot to you, but it's a rounding error for microsoft (and certainly, at a $8.5B total cost, 4 years would make this ~$8.55B from Microsoft's side. Rounding error)
d) Microsoft is planning some kind of integration with their other properties (hotmail? live? office live?) for which hosting everything is essential.
I would guess (c) or (d), although the parent's guess is not without merit.
So you should now assume that ALL your skype calls are being recorded and monitored and anything of interest to the US authorities is now available to them ?
Are you doing anything in the US that might be considered naughty - like online gambling, tax 'optimization', overly-fair use of some recorded entertainment?
Do you work in a foreign company that competes with a major US oil/aerospace/defense/financial concern?
Do you supply to any of the above?
If you wouldn't forward an email about it to the DHS should you now still talk about it on Skype?
"So you should now assume that ALL your skype calls are being recorded and monitored and anything of interest to the US authorities is now available to them ?"
Unless the network is secured by you end-to-end (e.g., encrypted tunnel and you're the private key holder), you should assume that your call can be intercepted and recorded. In the context of Skype, that was never true, so nothing has changed.
So yes, there have been significant changes, but all the concerns you outlines are fringe issues at best. Skype was never any kind of secure communications system where you were safe from persecution by overreaching governments.
IIRC with the original design the supernodes were only used to discover where users were and so tunnel through firewalls . Once the end points of a call had been discovered the voice traffic was direct caller-caller.
Assuming that Skype hasn't been a front for the illuminati all along, then the big change of having all the supernodes under one roof is that all the call endpoints can be routinely monitored and so if there was a future requirement to tap all the voice data it would be easier to pick which links to monitor.
And wrongly so. You still logged in through Skype servers (username/password is centrally managed) who would direct you to a supernode near you, and could equally direct you to an intercepting supernode.
You have just made the fallacious argument of security through obscurity.
> Once the end points of a call had been discovered the voice traffic was direct caller-caller.
Do you know that, or just assume that? Do you know that this hasn't changed with different versions?
> Assuming that Skype hasn't been a front for the illuminati all along,
Blackberry insisted that they can't decrypt end-user communication ... right until the Indian government threatened to make it illegal to use Blackberry in India, and magically it became possible to eavesdrop on BB comm.
Corrupt governments are enough, don't need to invoke the illuminati.
> then the big change of having all the supernodes under one roof is that all the call endpoints can be routinely monitored and so if there was a future requirement to tap all the voice data it would be easier to pick which links to monitor.
It's not any different. The voice links were (mostly) P2P, and I guess they still are. The supernodes (discovery/comm links) were centrally managed, and still are. The only difference is now they are both centrally managed and centrally owned - that's a very little difference.
Keep in mind that a large part of Microsoft's business is in the enterprise, and voice is a huge application product for enterprise customers. Exchange has always had some form of voice integration. I haven't used it in years (since back when H.323 was big), so I don't know the current state of affairs, but it is just as plausible that Microsoft is moving to a more traditional client-server structure in a bid to win the mindshare of enerprise purchasers. I'm particularly attached to this explanation because of my insight in to the telecom industry.
Telcos don't want to sell dumb pipes to customers, because dumb pipes are a commodity. Selling a TDM PRI with 23 voice channels is something anyone can do. Carriers are pushing customers away from these products in to SIP offerings that can integrate with customer applications because these products have high exit costs. I can swap out PRIs three times a year without much trouble. Changing application integration is far more expensive. This creates room for higher margins.
Here's the thing: with Skype, Microsoft can enter this space. I don't know exactly how Skype does it, but they manage to deliver a great VoIP product without any infrastructure considerations (network design, QoS, backhaul constraints). I've used SIP carriers who deliver a router with preconfigured QoS that can't call quality as good as Skype.
I'm not suggesting there's magic here or anything, but Skype's product is damned good. If Microsoft were to integrate Skype in to Exchange, that would give them a customer endpoint that could take advantage of a network designed for voice. Exchange could keep intra-office calls local (like a PBX) and segregated on their on VLAN, while aggregating outside voice traffic on separate network interfaces, much like traditional TDM and SIP based PBX systems. This would check all the right boxes for enterprise voice managers. I'm also willing to bet this would push Skype voice quality over the threshold from end-user novelty to enterprise infrastructure.
There are far too many positive business reasons from a straight forward product standpoint to jump straight to the "this lets them mine customer data" viewpoint.
First, P2P networks to not have to be enormous. Drop your assumptions.
They can be small, and separated. (Think VLAN.) A P2P network can be set up so that any peer can volunteer to be a supernode. (Skype doesn't let you choose.) There must be at least one supernode to get a connection started but it does not have to be a company. It can be you, so long as you have a reachable IP.
And the supernode does not have to forward traffic. She can just function to set up the connections. And she can do so agnostic to the traffic. She only keeps a table mapping MAC's and private, arbitrary IP's. The supernode can disappear after the connection established; it won't break established connections. If two nodes are behind the sane NAT, then the supernode can forward to traffic to get around this impediment. Setting up connections is not the "magic". There's no need for MS to be a (or should we say, "the") supernode.
The "magic" in Skype is the way they handle the compression, encoding and decoding.
That is where one needs to focus.
Setting up P2P connections (for small, segregated P2P networks), reliably, and without snooping, is relatively easy. You or someone else in your contacts needs pulicly reachable IP. All the code you need to connect, which is not much- quite boring for the complexity lovers, has already been written.
I work out of Florida, but most of my partners are in Ohio. Our phones in the Ohio office are delivered by a SIP carrier. The SIP carrier provides a router that establishes separate VLANs (on the local network) for the phones and computers. The phone traffic is prioritized so it goes out over the WAN link first. Granted, once it hits the internet all bets are off, but at least the voice packets are hitting the wire first. That should make our telephones the best performing VoIP option in the Ohio office.
That's not reality though. Everyone in the Ohio office prefers Skype because the call quality is better and the connection is more consistent/resilient.
I can read a SIP trace, and I understand a little bit about CODEC design. I can somewhat reliably identify the difference between a G.711 call and a G.729 call just by listening. In other words, I'm not a complete layman, but I'm not a voice engineer. What amazes me about Skype is that their voice stack performs so well without any special considerations at the network layer.
In an ideal world, a voice engineer wants not only a separate VLAN for voice traffic on the LAN, but prioritization all the way to the PSTN termination point. This usually means you need to get your transport link from the same carrier who provides your voice service. For example, if you buy SIP service from Level 3, Level 3 can also sell you a transport link, on which they can prioritize your voice traffic all the way back to the place where they connect to the PSTN. This assures the best possible transport quality.
Skype has none of this, but still manages to deliver great call quality. That is amazing to me, and it's a game changer. It decouples your voice and data provider.
The key reason to move away from P2P isn't technical, but business related. Enterprise decision makers demand more control over their network. By controlling the super-nodes, Microsoft opens the door for a whole different kind of customer:
Integrate Skype in to Exchange
With Skype integrated in to Exchange, desktop devices (Skype phones) could be segregated on to their own VLAN. The Exchange/Skype service (running on a server) can be bound to a network interface on this separate VLAN. This satisfies common enterprise network design requirements where voice is prioritized on the LAN. This would also provide an internal endpoint for Skype clients to connect to and pass through a set of business rules and/or integrate with internal applications. This is a typical use case for Exchange. Exchange would also handle call routing. Think of Exchange as the PBX, keeping intra-office calls on the LAN, and routing outside calls over a configured link.
Moving Skype Super-Nodes to Dedicated Infrastructure
The best reason to integrate Skype with Exchange is to replace the traditional SIP carrier. When a user picks up a Skype phone on their desk and dials by directory, the call hits Exchange. Exchange can examine the call and make some interesting decisions:
Directory lookup matches a local Skype username: call is routed entirely over the LAN.
Directory lookup matches a Skype user, but user is not local: call is routed over the outbound interface and through the traditional Skype infrastructure (now run by MS instead of P2P).
Directory lookup only contains a traditional telephone number: call is routed over the outbound interface and through the traditional Skype infrastructure (now run by MS instead of P2P), which terminates to the PSTN.
With Microsoft running the super-node, they have better control over the performance of the Skype back end.
The benefit of the ability to bypass the PSTN can't be understated. Many carriers offer what is called "free on-net calling". If your call is placed to another user on the same carrier, it is free, regardless of their geographical location. Skype could do the same. If you're calling another Skype user, the call is free. If you need to punch out to the PSTN, you get normal Skype rates.
The chances of an enterprise buyer considering this type of service over P2P is remote at best. There might not be any technical reason P2P couldn't satisfy the requirement, but it's bad joo-joo from a purchaser's perspective. They want assurances, and MS owned/run super-nodes make a lot of sense.
Trying to gather any information that's utterly generic and innocuous would cause a massive PR scandal that would probably destroy Skype's credibility for ever, and possibly taint many other of Microsoft's online services as well. What data worth from wiretapping could possibly be worth $8+ billion?
The only way it could possibly make sense is if they were certain of never getting caught. And that's a tall order in these days. All it takes is one lawsuit against MS where the legal discovery process can touch documents and communications pertaining to Skype.
I guess what I was thinking of was something akin to Google AdWords, not the "they want to control the world" conspiracy theory edge.
Serving ads to unpaid users is a good example of something that people probably wouldn't find too creepy (not too different from seeing ads on gmail). The problem is that since MS controls the client software, it's not something that they would need to do at the supernode level. They could just run the voice recognition / keyword selection on the client and then request the appropriate ads.
Even if they were planning on some more wide-ranging thing with adverts than that, it's unclear why they'd need intercept the conversations at the supernode rather than at the client. They'd also have the problems that they don't have a credible display ad service to use this data for, and that they can't correlate the data from a logged in Skype user to some random web user who isn't logged in.
If we assume MS is taking control of the supernodes for some observation purpose, the observation needs to be something that can't be done on the client, or that would look suspicious when done by the client. E.g. storing all the voice streams for later analysis, or transmitting summaries of conversations between paid Skype users to some MS address.
It would be a small change to the supernode logic to enable relaying of calls for wiretap requests.
A company with more money than it knows what to do with, acting desperately to save itself from obsolescence.
Skype was flawed from the outset, being non-transparent (about how the network is set up, turning machines into supernodes withtout permission, and the encryption they use). It's all closed. Why? You can't verify it's well-designed. Now it's worse. Do I want MS routing my calls? Scanning every file transfer? Being able to peek at any video?
No thanks. That's not their role.
There are other true decentralised P2P Video/oiceOIP solutions. People now know that free calls, even video calls, through the internet are feasible, even without having technical knowledge.
Right now, use Skype. But it will not hold the market when more robust, flexible, decentralised, transparent services are ready for non-technical users.
Because they will be free. And Skype will not be free: the price you will pay, to a software company, is your privacy, at the least, and probably more.
1. No software company has a need to know such things. They are not the government, they are not law enforcement, and they are not defenders of national security. They are a software company. Who are they accountable to? It's just not a smart idea to let MS take this role. The potential for abuse is too great.
Write code or shut the fuck up.
There are good application programmers (who are also competent cryptographers). But it seems, based on mailing list and forum comments, all the incompetent ones hold them in spite. One can only guess why.
Of course I wish everyone was using end-to-end encrypted audio, text, and video communication with onion routing in the middle. But we aren't there yet. Arguably because everyone with A-list business, marketing, and technical acumen would rather be a billionaire.
I agree, the greed factor is great. And one would imagine some of those with the skill to make a "Skype" might think "Why should I do this for free?" Then you also have the perfectionists, with the skills, who won't attempt to build something that cannot be "perfect". They love to say "It won't work."
Skype is not perfect. And it's very non-transparent. But people are using it.
Should the next Skype be free and open? Is it worth building? I think the answers will become evident going forward. I think communication over the internet is too important to be solely controlled by [insert unflattering description here].
But we shall see.
>Skype was flawed from the outset, being non-transparent (about how the network is set up, turning machines into supernodes withtout permission, and the encryption they use). It's all closed. Why? You can't verify it's well-designed.
re: Skype I simply see no reason that something so essential, and so simple, as a P2P application (note the P2P application does not have to be tied to the VOIP application, or whatever applications you want to run over the P2P connection) needs to be a proprietary product.
It does need to work and work well. The P2P element does that. It will consistently work. It's the audio/video element that is difficult to get right across all connections in all environments.
Perhaps that's why you read some people saying Skype works great for them and other saying it doesn't work so great. Consider that in every case, the connection gets set up just fine. People can connect very easily. P2P is the easy part. It's the audio/video quality that varies. Because everyone's bandwidth situation is different.
Unfortunately there's a lot of chatter about NAT, IPv6, crytography, and other non-issues, which distracts people from focusing the real issue: codecs; making the audio/video element work smoothly over a variety of bandwidth scenarios. That's what everyone wants: clear sound and video.
If you do not fear the command line and want to see a proof of concept of how easy P2P is to set up, leave some way for me to contact you.
I just put Twitter on my profile - toss me a DM on there whenever you get a chance.
You forgot "easy to use", "fun" and "attractive". Normal people don't care about those things you said.
All three criteria you mention are very easy to meet. Skype's GUI was thrown together quickly in Delphi. Yet it's good enough for most users. The bar is set very low.
Features could be added to a next generation "open Skype" (e.g. streaming music or video to several of your friends, simultaneously) that would make it even more fun and attractive, but the RIAA and MPAA would be up in arms within 24 hrs of release.
HN is a place where we routinely discuss things that "normal people" don't care about. That doesn't mean those things are not important. Someone has to deal with the details that enable you to make your easy, fun and free calls, though you might not care such details.
(Was that still a problem? My info is probably out of date, but skype being p2p was a pain in the ass for spying on customers a short while ago)
The NSA is splitting signals and trawling everything for what they want, it's how it's done now. The recent wired article about the new datacentre was pretty interesting. Which was, as far as i know, not possible with the p2p architecture that skype had previously.
I'd like to know if they used GrSecurity's RBAC or if they just used the patch and that was that.
That's PaX standalone: http://grsecurity.net/~paxguy1/
A laptop on a broadband line can keep track of all the P2P nodes necessary to keep my contact list & chats up to date, have a 3-way video call, and top it off by routing for a few less-well connected peers nearby. Asking that of my phone is a bit much.
Skype on an iPhone + wifi is rough sailing as it is, let alone on 3G or with a less-powerful device. The behavior I see (really random incoming chats, call false-starts) seems to be more related to the P2P layer than the app itself. I almost never see that behavior on Skype desktop.
I think leaning a bit more towards client-server would be a lot more friendly for mobile devices. Hopefully they hit the right mix.
That said, we're using HipChat now and love it. If you use Skype for group chat and don't use the phone a lot, I recommend the switch wholeheartedly.
I've logged in more than once to have a metric ton of IM's waiting for me.
If you use multiple computers it gets worse - if you send the message from your laptop it won't go through until the laptop and your friend are online again.
Its not a huge problem with a 1 on 1 chat, but with groups its frustrating.
We benefit greatly from having the chat room as sort of a canonical log of what's happening. Its nice to be able to leave a message for coworkers before you sign off for the night, and know that everyone will see it. With Skype we didn't have that guarantee.
It's kind of odd that they don't - messages are stored server side (have a bunch of conversations and then sign into an empty skype elsewhere - open chats are synched). You'd think this would be trivial to add.
So in theory this will prevent any messages ever getting lost en route to the recipient?
I can't tell you how many messages have gone undelivered between my friends and I when we used to use MSN messenger exclusively (even happens once or twice on Skype), causing serious breakdowns in communication. ("Did you get that message? Did you get that message?)
I always wished they'd switch to this architecture.
True P2P, via an overlay, where you and the other person(s) have a direct connection, is fast and reliable "enough" (otherwise Skype would not have been successful), but not perfect. Nor is store-and-forward (e.g. text mesaging) perfect either. But it is "good enough" for people to use it.
If I were really concerned about "lost messages", I'd prefer a direct connection as opposed to one that goes through a third party. It just makes more sense.
If you and your peer are on mutually accessible networks the data will still be p2p in the same way (or not, as before).
Assuming you are concerned about the code you run, the location you run it in, etc. Does not provide encryption to my knowledge, but VPN can solve that.
If you are looking for something more robust that can interconnect with telecom stuff, I'd suggest
http://www.freeswitch.org/ or http://www.asterisk.org/
Free SIP services are another option, but not easy enough for the novice who is in a hurry and just want things to work. Most people seem to use SIP servers operated by companies, not running the servers themselves. Some ISP's are selling pre-packed VOIP service (and some are deep inspecting every packet, lol).
Skype has the market now. It is ubiquitous. It's easy to use and works reasonably well.
But to think Skype will become the world's new default global communications channel, with MS in control, is just silly.
Skype is just a hint of what's possible, given today's bandwidth and a network that no one player controls.
Skype succeeded because it worked in many different network environments. As contrasted with h323 and sip. Just to remind.
Enterprise cannot leak their internal addresses, and, if they do, they want it to be something that nobody can make use of/route to.
So to hide IPv6 corporate network structure it is necessary to send outside all IPv6 packets with one global address. Is this an only option?
It should be possible to hide internal network structure with some address shuffling techniques.
I'm sure it will be very popular.
BTW, next time you talk with the "address-hiding security" fans, check what result they get from http://panopticlick.eff.org/ - very curious!
I've never understood security professional who turn their nose up at the usefulness of using a non-routable IP address in your environment. It's always seemed self evident to me, that putting your resources on something like "192.168.1.5" - on an internal network, in addition to all of the other steps you take, would be yet another layer of defense that makes an attackers life difficult. And, in an enterprise environment, I would rather optimize for security than ease of two-way communication with external entities.
One to many NAT really makes an attackers life easier in a lot of ways - at least as far as computer networks that support active users. NAT makes it much easier to hide from flow analysis and IDS and the proliferation nat traversal and tunnels to escape NAT make it much harder to spot rogue traffic. Lets not forget the classes of attacks that private v4 space has eased like DNS rebinding and home router attacks.
It's interesting, the only network I knew of that was ip6, aggressively secured and that many nodes is DISA which definitely doesn't allow any public network traffic - and yet uses global address space.
If I were concerned to have a diode-like gateway, I'd get a stateful firewall, or on cisco boxes, configure the reflexive ACL. It comes for free with the base code, IIRC.
This all said - each individual network's mileage can vary, so we could argue till dawn - and I think we'd need to agree to disagree on the matter of the "security of NAT" :) If it makes someone sleep better - I think it's served its purpose. Much like throwing away the soda bottle before boarding the plane.
So in case of your networks Skype traffic will go though third-party servers ...
Lots of folks get this mixed up.
Anyway, arguing about NATs is a bit like arguing of vi vs emacs - it's a great pastime.
http://blog.ioshints.info/2012/04/ipv6-legends-and-myths-mor... has a good collection of opinions so I can save the bits to not write it here.
I would guess that the supernode software was written by skype long before the acquisition (they were running their own supernodes, despite what the article claims -- although not as many, and most supernodes were users), and microsoft hasn't had the chance or the reason to port them to Windows yet.
I presume you mean this - http://www.webrtc.org/.
Is it just a more simple way of setting up chatroulette style sites only using browser native programming rather than relying on Flash?