Slashdot Mirror
Skype Blames Microsoft Patch Tuesday for Outage
brajesh writes to tell us that Skype has blamed its outage over the last week on Microsoft's Patch Tuesday. Apparently the huge numbers of computers rebooting (and the resulting flood of login requests) revealed a problem with the network allocation algorithm resulting in a couple days of downtime. Skype further stressed that there was no malicious activity and user security was never in any danger.
Somehow, I don't think thats the real story.
I am not a MS fanboy but it needs to be pointed out that Skype blamed a flaw in their self-healing algorithm that was highlighted by patch Tuesday. They took responsibility.
That's what Skype says. Doesn't sound like they're blaming anyone but themselves.
In Soviet Russia, I ruled you
It was just a few days ago the Open Source elders asked people to stop bashing Microsoft. Skype did not blame Microsoft for the outage. They admitted the fault was in their software. We are not children here or part of a cult. This type of child play is no appreciated here.
I've had much longer downtimes for much lamer reasons. Of course, I'm a pretty bad programmer.
It's realy convient when you have somone else to blame.
Skype blames global warming on Colonel Mustard. In the conservatory (greenhouse). With the pipe. Since Colonel Mustard callously smashed all the windows in the greenhouse, it released all sorts of greenhouse gases into the environment thus dooming all the gay, baby polar bears unless the polar bears cooled themselves off by running the AC units of their Hummers at full blast. Why does Colonel Mustard hate the environment?
Well, there's spam egg sausage and spam, that's not got much spam in it.
Given that this baby was steamrolled through the Congress two weeks ago, the outage seems coincidental.
Consider that Skype could not tell the users of the real reason even if they wanted to: the law mandates that the forced cooperation be kept in secret.
Obama likes poor people so much, he wants to make more of them.
Does the reboot occur at, say, 2AM local time? If so then reboots would be spread out by the (at least) 24 timezones.
Note that nowhere in Skype's announcement does the word "Microsoft" appear.
It's very striking how, when some major vulnerability appears, Microsoft's name doesn't appear prominently in news releases.
It also reminds you that Redmond has the power to reboot most of the computers in the world remotely. What if, one day, they didn't come back up?
I think this demonstrates the goofiness of a p2p telephone system. If I use Skype, I depend upon my data flowing through other users' computers because I am too dumb to allow incoming VOIP connections to my computer.
VOIP connections should be direct encrypted connections from my computer to the computer of the person whom I wish to contact. Period.
Maybe the average machine had more downtime on this month's reboot? Or the reboots happened in a more concentrated time window?
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
"you would need to replace the Skype mono-culture, not the Windows mono-culture."
Not really why do you think that any exploit for Windows is so dangerous? Even then if you think about it the idea that EVERY windows system is going to have to reboot on a certian day is just laughable.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Gee, I hope no one tried to call 911 during the outage. That "enhanced" (insert guffaw, it's like calling a hamburger without the meat and just a bun "enhanced") 911 didn't do a tinkers damn worth of good for anyone who's service was out.
This is why I won't even consider VoIP. Why in the world would I want to take risks like this? I live in a house my family has lived in for over 60 years, with the same old phone line and it's NEVER GONE DOWN IN SIXTY YEARS! A couple of times a month my Internet craps out, though, though usually for less than an hour. And sometimes the router needs to be reset, like many people find they have to do periodically. What happens if I need 911 during one of those times, and I can't get around it?
"Internet phone", "digital phone" whatever they want to call it, anything but a REAL land-line from the local phone company is a substandard service by definition. They can throw whatever words out there to make it sound super-dooper, but it's a substandard service just like anyone who experienced this outage can tell you.
AE
Skype Blames Microsoft Patch Tuesday for Outage
For the love of God editors, I understand that it is fine to write a sensationalist title on some articles but that is blatant FALSE. It is a complete LIE. People at Skype specifically stated that the fault was in *their* log-in mechanisms.
Really this kind of journalism is disgusting... I am tagging this story as LIE which I hope other people do as well, unless editors change the title.
I find hard to believe Slashdot has got so low... this and the speculative digg-like "articles" ending with a question mark "?", What the fuck.
Ubuntu is an African word meaning 'I can't configure Debian'
Reminds me of the late 90s where AOL's crashing mail servers ended up bringing down my universities server (and many other organizations) because of the surge of load when AOL came back online and started sending backlogged mail.
Perhaps it would be troubling if they were blaming Microsoft. In this case they explained that the large number of simultaneous reboots and subsequent logins simply stressed their servers. They further stated that their "self healing" did not function as designed. It is strange that earlier "patch Tuesdays" did not cause this to occur, but as I write code I find that many behaviors I see in my applications are strange until I truly understand their root cause. It may have been that the software was resilient to a point and then just fell over. Perhaps the point that it fell over was when the "self healing" kicked in and hit its fatal bug.
Load testing is hard. I know. I used to do it. It is hard to anticipate what your peak load might be. It can also be hard to generate the right kinds and volumes of loads that your service might experience. Proper load testing requires a realistic test bed with enough machines running client simulation scripts to sufficiently load the machine. This requires a deep understanding from management that spending large amounts of money on non-production systems is essential. Your setup might deal with some kinds of load well and fail on others. Perhaps Skype had considered what might happen during a natural disaster with a large number of calls originating at the same time, but neglected to see login as a significant risk, especially if they had weathered that storm before.
My least proud moment in quality assurance was seeing my company's service go down for a weekend due to excessive database load. We had a new version of our web service software that required significant database changes to each user account (including database structure redesign...go ahead and wade through that hard book on database principles before you start coding my friends...funny its what I'm doing right now as I go from QA dude to programmer). We made an upgrade script that ran when each user logged in, which brought the user's data up to date with the current version of our software. The thing is I knew about the risk, measured a high load at user login, notified engineering about the potential problem, but didn't demand that the upgrade be placed on hold until the issue could be better quantified. Ah, live and learn.
-Jon
RTFA. It's not bad planning. It's a bug in their networking software.
Does anyone know what OS those Skype servers are running? If the OS is Linux, then I blame Skype administrators. If it is any flavour of Windows, then I blame Microsoft. Now, some of you might say I am biased.
Hey look, if I'm a skilled corporate comms officer -- and I have no doubt Skype has one of those --, and I have to lie about an outage, I'd do it so that it would be believable. All they had to say was:
We recently upgraded our login server authentification routines, and in spite of our testing, we missed something.
The underlying problem with Skype has always been the auth server: everything has to go through it. Worse, when a supernode goes down (e.g., reboots due to a planned install), everything connected to that supernode has to go through it. Now, Skype has been growing pretty fast, pretty much every week their auth servers handle more traffic than the previous week. Your average user might not reboot all computers at the same moment, but what about big enterprises?
And how does Skype pick its supernodes? We know one of the criteria is bandwidth. So let's say in some part of the world where a bunch of little skype clients are wired to a few big bandwidth providers, patch Tuesday hits, and a bunch of those supernodes reset at the same time. The Auth server is hit with the traffic, not from the rebooting supernode, but from all the clients connected to it. That's "peak load" for your auth server, and it increases every patch Tuesday.
Arent people usually complaining that windows userd doesnt install the security patches? now people complain that they actually DO install them... WHEN OH WHEN is people satified?
Skype didn't blame Microsoft for the outage, they attributed it to a bug in their software. Did the subby even read TFA?
How Politicians Lie: http://www.factcheck.org/
How do you know your phone service has never been out in 60 years? Do you monitor it? How many calls a day do you make? Are you home 24/7 and do you use the phone all the time, as in more than 10,000 minutes per month?
Sure, you've never been affected by an outage of your phone service, but that doesn't mean it hasn't been out of service ever.
Plus, you pay for it too. At $30-40/month per line, you expect minimal outages. When you are paying $30/year or even nothing, a two day outage, while annoying, isn't surprising, especially when operated on a public network. Your phone line is on a private, dedicated network. You simply can't compare the two when it comes to uptime.
If all of Skype's customers paid $30-40/month, I'm much more confident that they wouldn't have had this outage.
TossableDigits.com: Temporary Phone Numb
All the central server has to do is instruct each endpoint to UDP tickle each other, then they can talk directly through NAT.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
I don't remember where/when this happened, so it might be an urban legend. But the story is that many years ago an earthquake rattled a California town. No major damage was done, but it killed all the phones in the town for several days.
:)
The earthquake had jostled thousands of telephones off hook. The central office switches survived the quake just fine, but crashed due to a bug that seems eerily like the one Skype just described. Basically the switch kept a list of phones that were off hook. The switch is responsible for playing "dial tone" to those phones, but the central office only had a certain number of units that could play dial tone and listen for dialing. So the first "n" phones off hook got dial tone; the rest were put into a FIFO list of phones waiting for dial-tone equipment.
There were so many phones off hook due to the earthquake that the FIFO list overflowed, crashing the switch.
When the switch rebooted, it had to figure out which phones needed dial-tone. So it had to examine each phone line in turn, putting the ones that were off hook into the queue for a dial tone...thus overflowing the list and crashing the switch again. And again. And again.
After a while the telco folks figured out what was wrong, but then couldn't tell anyone about it...since the phones were down. They eventually had police and fire trucks driving all over town, stopping to hang up all the pay phones that were jostled off hook, and blaring over megaphones for people to hang up their phones.
Eventually enough phones were hung up so the switch could reboot without crashing - end of crisis.
Good times.
Really? So when they said, "[t]he disruption was triggered by a massive restart of our users computers across the globe within a very short timeframe as they re-booted after receiving a routine set of patches through Windows Update", they didn't really mean it?
Come on, just admit that you're wrong. It was a fault with their auth service in the sense that it wasn't able to cope with a Patch Tuesday-induced slashdotting that it wasn't designed for.
After watching Sycko now I am very afraid to live in the USA. How can you live there?The same way Australians can live in Australia, even though I've seen "The Road Warrior" and personally would not wish to.
Dewey, what part of this looks like authorities should be involved?
You are so, so wrong. If a US company owns them, then they are subject to US law. This is to prevent US based companies from just setting up a shell and providing services to, say....Cuba or any other restricted country. There are countless examples of subsidiaries getting in trouble for things that are illegal in the US -- but not where their offices are.
Otherwise, Foster Wheeler would just setup a shell in another country and start building refineries for Cuba.
I, personally, know of companies who have gotten into trouble when their equipment, somehow, found it's way to a restricted country (Cuba, Sudan, Syria, Iran, etc). The US treasury department publishes a list. Admittedly, this is only the voluntary actions but I am certain there are involuntary actions as well (ie: criminal cases). See the entry about Varian (Switzerland) for a specific example of what I am talking about.
The point is: they ARE subject to US law via eBay owning them.
SKYPE is blaming Skype for the outage quite contrary to the completely misleading headline on this article.
No, I don't know better. They have takes some part of the blame but a M$ anomaly was the initiating cause. To be fair to Skype you have to admit that 85% of the world's computers turning off at the same time is not an event a normal person would predict nor could such an event be tested in advance. M$'s synchronized forced updates are a menace.
Friends don't help friends install M$ junk.
No, it's just another example of your moronic blinding hatred of a company. EVERY other software distribution has [frequent, but not necessarily monthly] updates that require a restart like this. Sane software distributions make fixes available as soon as they are ready [including Microsoft, for sufficient values of criticality]. For marketing and big dumb company reasons, Microsoft saves them up for a once a month ordeal instead of letting users have things in a timely fashion and chose their time and size of their pain [at least for the non-important ones. Go figure, huh?]. This problem was significant but is trivial next to threat posed by the 60% of all Linux computers that belong to a botnet [see, I can make numbers up too!].
Sure, there was a problem with Skype's code and Skype admitted to it, but the initiating factor is all Twitter. That's blame casting and Twitter deserves it. The summary mentions the code flaw, so I don't see what your problem besides an outsided [fuck! Even Firefox has no idea what that word means!] love for an incompetent software maker. For anyone to report things differently is to misconstrue things [notice I altered this sentence slightly. Also note that it's no more bullshit than your sentence].
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
http://ars.userfriendly.org/cartoons/?id=20070819
"I'm never quite so stupid as when I'm being smart" (Linus van Pelt)
...Huh? Why would this affect MS in the least, let alone strike "a huge blow against Windows on the wordstation"? It's not as if this will happen every month: It was a one off due to a bug in Skype's network algorithms, it's already been fixed, and the chances of it happening again are negligibe.
What's purple and commutes? An Abelian grape.
Serves Skype right for making their program a systray app that starts when Windows does :-)
Sorry. I have a rabid hatred of TSRs. Particularly those that don't show up in the Startup folder.
I was at the hospital visiting a loved one. I noticed that the nurses console was hung in the middle of an autoreboot. I admit that autoupdating critical computers is a bad idea. The amount of power that Microsoft has over the windows update feature is of great concern to me. The ability to corrupt/reboot most of the desktop computers in the country controlled by one company is too much power in my mind. This is a risky system that we cannot absolutely control, much like a nuclear reactor. Just not as spectacular when it fails.