Something not mentioned by Ars is that the difference in cost between datacenter bandwidth and broadband has changed significantly in the last 10 years. Datacenter resources are now so cheap that P2P has little advantage. (I think the rise of cyberlockers are another manifestation of this trend.)
P2P has an advantage of being harder to block or to throttle at the last mile ISPs.
Also, P2P generally delivers smallest connection latency as compared to all other setups.
Also, P2P makes it harder for the service provider to snoop on the traffic, and this might be just the reason why Microsoft is shifting towards supernodes. Skype is just too big of a communication infrastructure piece to let it go "unsupervised."
So while the bandwidth might be getting cheaper, there's still plenty of reasons to do things in P2P way.
Let me just make this very clear: you don't go from zero operating cost to multiple millions of hardware and colo space to do the very same thing, in a move so transparent that it needs security researchers to dig into your program to find out it has happened at all.
I guess Skype (by extension, Microsoft) is growing interested in what people are speaking about. To get hold of that data you need to route it through your own network, at significant processing and bandwidth cost.
Or instead of engaging in conspiracy theores with zero proof we should look at whats going on here rationally. Skype is really unacceptable in any corporate environment. I don't want a random PC on my network to be a superpeer and suddenly use my 50mbps connection routing calls to the world. Run skype for a couple of mins, fire up tcpview, and watch calls come in and out. Not only is this a waste of my resources it also provides a shit experience of dropped calls, sudden drops in quality, and connection issues. The P2P model for video and talk is suboptimal and MS knows their real customers (IT managers and IT buyers) aren't going to go for this.
I have yet to get high quality video to work on skype, even between two clients each with 10+ mbps lines. MS knows this is a problem.
More than likely Skype will be for SMB and residential use and high end enterprise will continue to use Lync or alternatives. This is a welcome move as it legitimizes Skype for many.
He phrased it like a conspiracy theorist, but it's a little naive to think that intercept capability wasn't a factor in this decision. As far as I know skype was the biggest player in communications that wasn't being completely monitored.
Skype went down for a couple days about a year or two ago, as did a few other voip services at around the same time. I suspect this is more than just a single company that is behind it, rather the US government.
Sure, it's not a secret that the NSA is the one pulling in all of the data they can get their hands on right now. And they absolutely want all skype traffic, since they already have all internet and phone traffic.
The bandwidth the whole Skype swarm can scale to in a matter of minutes will most certainly exceed what would be possible if you're running everything from a datacenter. Sure, have a few backup machines ready to takeover roles if super peers drop or something else is impacting the network.
IT managers and IT buyers are obviously not the target market for Skype. They just buy that stuff from CISCO.
Skype has invested considerable development resources into making P2P work over NAT, circumventing firewalls, cloaking and encrypting their traffic to evade packet inspection. Even the client itself is heavily obfuscated. The point of this all is of course to not threaten the P2P model that has allowed them to essentially scale unlimited.
Now, you have Microsoft replacing that with the standard centralized infrastructure that scales terribly. Huh.
The point with Skype isn't that its doing something a Cisco device won't do, but the fact that its highly ubiquitous. Maybe IT managers aren't the target for Skype, but when a customer or someone else wants to do a Skype VoIP call... you need to use Skype.
Not only is this a waste of my resources it also
provides a shit experience of dropped calls, sudden
drops in quality, and connection issues.
My experience with Skype, by using it everyday, is not at all similar.
Skype for me is the best VoIP system I've ever used. Voice calls work fine even over my phone's 3G connection, which compared to a broadband line is piss poor. Video calls sometime have hiccups, but it worked for me in situations where more traditional client-server solutions were unusable.
I think the problem is that if you have a very fast connection ("10+ mbps lines") then Skype upgrades you to a super-peer and sacrifices your experience in order to route the calls of other Skype users.
a) datacenter bandwidth is now much cheaper than it was 10 years ago, to the point that the cost saving from using p2p is not that significant anymore. (Skype did not have zero operating cost, and contrary to the article, they did operate their own supernodes - few tens to a few hundreds at least).
b) Microsoft is going to change the business model, e.g. no more free calls (or, no more free conference calls, or something like that), and if they are going to charge money, they need to guarantee a level of service - which they cannot with a P2P infrastructure.
c) The marginal cost for Microsoft (who already have data centers etc) is actually LOWER than running a p2p, with everything (including end user liability) is taken into account. Running 10,000 servers in existing data servers would cost ~$1M/month. May seem a lot to you, but it's a rounding error for microsoft (and certainly, at a $8.5B total cost, 4 years would make this ~$8.55B from Microsoft's side. Rounding error)
d) Microsoft is planning some kind of integration with their other properties (hotmail? live? office live?) for which hosting everything is essential.
I would guess (c) or (d), although the parent's guess is not without merit.
Unless a significant number of paying users decide that they don't want their calls going through a US company with a history of security and monopoly issues.
So you should now assume that ALL your skype calls are being recorded and monitored and anything of interest to the US authorities is now available to them ?
Are you doing anything in the US that might be considered naughty - like online gambling, tax 'optimization', overly-fair use of some recorded entertainment?
Do you work in a foreign company that competes with a major US oil/aerospace/defense/financial concern?
Do you supply to any of the above?
If you wouldn't forward an email about it to the DHS should you now still talk about it on Skype?
The biggest change occurred when Skype sold to a US corporation. That ship has sailed. P2P or not, Skype became a US company when it sold to MS. Even before that, you never had any guarantees about where/who your calls were routed to/through.
"So you should now assume that ALL your skype calls are being recorded and monitored and anything of interest to the US authorities is now available to them ?"
Unless the network is secured by you end-to-end (e.g., encrypted tunnel and you're the private key holder), you should assume that your call can be intercepted and recorded. In the context of Skype, that was never true, so nothing has changed.
So yes, there have been significant changes, but all the concerns you outlines are fringe issues at best. Skype was never any kind of secure communications system where you were safe from persecution by overreaching governments.
Yes Skype was never exactly mil-spec but was generally regarded as safer than email or regular phones as far as routine interception was concerned.
IIRC with the original design the supernodes were only used to discover where users were and so tunnel through firewalls . Once the end points of a call had been discovered the voice traffic was direct caller-caller.
Assuming that Skype hasn't been a front for the illuminati all along, then the big change of having all the supernodes under one roof is that all the call endpoints can be routinely monitored and so if there was a future requirement to tap all the voice data it would be easier to pick which links to monitor.
> Yes Skype was never exactly mil-spec but was generally regarded as safer than email or regular phones as far as routine interception was concerned.
And wrongly so. You still logged in through Skype servers (username/password is centrally managed) who would direct you to a supernode near you, and could equally direct you to an intercepting supernode.
You have just made the fallacious argument of security through obscurity.
> Once the end points of a call had been discovered the voice traffic was direct caller-caller.
Do you know that, or just assume that? Do you know that this hasn't changed with different versions?
> Assuming that Skype hasn't been a front for the illuminati all along,
Blackberry insisted that they can't decrypt end-user communication ... right until the Indian government threatened to make it illegal to use Blackberry in India, and magically it became possible to eavesdrop on BB comm.
Corrupt governments are enough, don't need to invoke the illuminati.
> then the big change of having all the supernodes under one roof is that all the call endpoints can be routinely monitored and so if there was a future requirement to tap all the voice data it would be easier to pick which links to monitor.
It's not any different. The voice links were (mostly) P2P, and I guess they still are. The supernodes (discovery/comm links) were centrally managed, and still are. The only difference is now they are both centrally managed and centrally owned - that's a very little difference.
That's one possible explanation, and I think there's a healthy amount of skepticism required when analyzing moves like this, but it's not the only explanation.
Keep in mind that a large part of Microsoft's business is in the enterprise, and voice is a huge application product for enterprise customers. Exchange has always had some form of voice integration. I haven't used it in years (since back when H.323 was big), so I don't know the current state of affairs, but it is just as plausible that Microsoft is moving to a more traditional client-server structure in a bid to win the mindshare of enerprise purchasers. I'm particularly attached to this explanation because of my insight in to the telecom industry.
Telcos don't want to sell dumb pipes to customers, because dumb pipes are a commodity. Selling a TDM PRI with 23 voice channels is something anyone can do. Carriers are pushing customers away from these products in to SIP offerings that can integrate with customer applications because these products have high exit costs. I can swap out PRIs three times a year without much trouble. Changing application integration is far more expensive. This creates room for higher margins.
Here's the thing: with Skype, Microsoft can enter this space. I don't know exactly how Skype does it, but they manage to deliver a great VoIP product without any infrastructure considerations (network design, QoS, backhaul constraints). I've used SIP carriers who deliver a router with preconfigured QoS that can't call quality as good as Skype.
I'm not suggesting there's magic here or anything, but Skype's product is damned good. If Microsoft were to integrate Skype in to Exchange, that would give them a customer endpoint that could take advantage of a network designed for voice. Exchange could keep intra-office calls local (like a PBX) and segregated on their on VLAN, while aggregating outside voice traffic on separate network interfaces, much like traditional TDM and SIP based PBX systems. This would check all the right boxes for enterprise voice managers. I'm also willing to bet this would push Skype voice quality over the threshold from end-user novelty to enterprise infrastructure.
There are far too many positive business reasons from a straight forward product standpoint to jump straight to the "this lets them mine customer data" viewpoint.
Setting up the connections is not the "magic". That is not a hard problem. It's been solved years ago.
First, P2P networks to not have to be enormous. Drop your assumptions.
They can be small, and separated. (Think VLAN.) A P2P network can be set up so that any peer can volunteer to be a supernode. (Skype doesn't let you choose.) There must be at least one supernode to get a connection started but it does not have to be a company. It can be you, so long as you have a reachable IP.
And the supernode does not have to forward traffic. She can just function to set up the connections. And she can do so agnostic to the traffic. She only keeps a table mapping MAC's and private, arbitrary IP's. The supernode can disappear after the connection established; it won't break established connections. If two nodes are behind the sane NAT, then the supernode can forward to traffic to get around this impediment. Setting up connections is not the "magic". There's no need for MS to be a (or should we say, "the") supernode.
The "magic" in Skype is the way they handle the compression, encoding and decoding.
That is where one needs to focus.
Setting up P2P connections (for small, segregated P2P networks), reliably, and without snooping, is relatively easy. You or someone else in your contacts needs pulicly reachable IP. All the code you need to connect, which is not much- quite boring for the complexity lovers, has already been written.
I think you might have missed my point. The P2P portion isn't the amazing part for me, it's that Skype call quality is so good without any of the traditional network engineering requirements I'm used to.
I work out of Florida, but most of my partners are in Ohio. Our phones in the Ohio office are delivered by a SIP carrier. The SIP carrier provides a router that establishes separate VLANs (on the local network) for the phones and computers. The phone traffic is prioritized so it goes out over the WAN link first. Granted, once it hits the internet all bets are off, but at least the voice packets are hitting the wire first. That should make our telephones the best performing VoIP option in the Ohio office.
That's not reality though. Everyone in the Ohio office prefers Skype because the call quality is better and the connection is more consistent/resilient.
I can read a SIP trace, and I understand a little bit about CODEC design. I can somewhat reliably identify the difference between a G.711 call and a G.729 call just by listening. In other words, I'm not a complete layman, but I'm not a voice engineer. What amazes me about Skype is that their voice stack performs so well without any special considerations at the network layer.
In an ideal world, a voice engineer wants not only a separate VLAN for voice traffic on the LAN, but prioritization all the way to the PSTN termination point. This usually means you need to get your transport link from the same carrier who provides your voice service. For example, if you buy SIP service from Level 3, Level 3 can also sell you a transport link, on which they can prioritize your voice traffic all the way back to the place where they connect to the PSTN. This assures the best possible transport quality.
Skype has none of this, but still manages to deliver great call quality. That is amazing to me, and it's a game changer. It decouples your voice and data provider.
The key reason to move away from P2P isn't technical, but business related. Enterprise decision makers demand more control over their network. By controlling the super-nodes, Microsoft opens the door for a whole different kind of customer:
Integrate Skype in to Exchange
With Skype integrated in to Exchange, desktop devices (Skype phones) could be segregated on to their own VLAN. The Exchange/Skype service (running on a server) can be bound to a network interface on this separate VLAN. This satisfies common enterprise network design requirements where voice is prioritized on the LAN. This would also provide an internal endpoint for Skype clients to connect to and pass through a set of business rules and/or integrate with internal applications. This is a typical use case for Exchange. Exchange would also handle call routing. Think of Exchange as the PBX, keeping intra-office calls on the LAN, and routing outside calls over a configured link.
Moving Skype Super-Nodes to Dedicated Infrastructure
The best reason to integrate Skype with Exchange is to replace the traditional SIP carrier. When a user picks up a Skype phone on their desk and dials by directory, the call hits Exchange. Exchange can examine the call and make some interesting decisions:
Directory lookup matches a local Skype username: call is routed entirely over the LAN.
Directory lookup matches a Skype user, but user is not local: call is routed over the outbound interface and through the traditional Skype infrastructure (now run by MS instead of P2P).
Directory lookup only contains a traditional telephone number: call is routed over the outbound interface and through the traditional Skype infrastructure (now run by MS instead of P2P), which terminates to the PSTN.
With Microsoft running the super-node, they have better control over the performance of the Skype back end.
The benefit of the ability to bypass the PSTN can't be understated. Many carriers offer what is called "free on-net calling". If your call is placed to another user on the same carrier, it is free, regardless of their geographical location. Skype could do the same. If you're calling another Skype user, the call is free. If you need to punch out to the PSTN, you get normal Skype rates.
The chances of an enterprise buyer considering this type of service over P2P is remote at best. There might not be any technical reason P2P couldn't satisfy the requirement, but it's bad joo-joo from a purchaser's perspective. They want assurances, and MS owned/run super-nodes make a lot of sense.
I would assume being able to guarantee a certain level or "service quality" played a bigger role than finding out what people are talking about. They're probably going to integrate Skype at a much deeper level into WP8 and they need to make sure there are fewer breaking points, both technical and legal.
Others have argued that the real value of this is the improved user experience (and control over the user experience). That's almost certainly true. But more importantly, mining data from Skype would be of negative value to MS.
Trying to gather any information that's utterly generic and innocuous would cause a massive PR scandal that would probably destroy Skype's credibility for ever, and possibly taint many other of Microsoft's online services as well. What data worth from wiretapping could possibly be worth $8+ billion?
The only way it could possibly make sense is if they were certain of never getting caught. And that's a tall order in these days. All it takes is one lawsuit against MS where the legal discovery process can touch documents and communications pertaining to Skype.
Would this fall under wiretapping? Other IM services have blanket statements on monitoring all and any communication in their TOS, this just takes it to voice and video.
I guess what I was thinking of was something akin to Google AdWords, not the "they want to control the world" conspiracy theory edge.
Sorry, "wiretapping" was probably not a well chosen word.
Serving ads to unpaid users is a good example of something that people probably wouldn't find too creepy (not too different from seeing ads on gmail). The problem is that since MS controls the client software, it's not something that they would need to do at the supernode level. They could just run the voice recognition / keyword selection on the client and then request the appropriate ads.
Even if they were planning on some more wide-ranging thing with adverts than that, it's unclear why they'd need intercept the conversations at the supernode rather than at the client. They'd also have the problems that they don't have a credible display ad service to use this data for, and that they can't correlate the data from a logged in Skype user to some random web user who isn't logged in.
If we assume MS is taking control of the supernodes for some observation purpose, the observation needs to be something that can't be done on the client, or that would look suspicious when done by the client. E.g. storing all the voice streams for later analysis, or transmitting summaries of conversations between paid Skype users to some MS address.
MS using Linux to run their business. That says it all.
A company with more money than it knows what to do with, acting desperately to save itself from obsolescence.
Skype was flawed from the outset, being non-transparent (about how the network is set up, turning machines into supernodes withtout permission, and the encryption they use). It's all closed. Why? You can't verify it's well-designed. Now it's worse. Do I want MS routing my calls? Scanning every file transfer? Being able to peek at any video?
No thanks. That's not their role.
There are other true decentralised P2P Video/oiceOIP solutions. People now know that free calls, even video calls, through the internet are feasible, even without having technical knowledge.
Right now, use Skype. But it will not hold the market when more robust, flexible, decentralised, transparent services are ready for non-technical users.
Because they will be free. And Skype will not be free: the price you will pay, to a software company[1], is your privacy, at the least, and probably more.
1. No software company has a need to know such things. They are not the government, they are not law enforcement, and they are not defenders of national security. They are a software company. Who are they accountable to? It's just not a smart idea to let MS take this role. The potential for abuse is too great.
I remember when open source P2P VoIP was "being polished" in 2002. I guess if we're lucky we'll get WebRTC, but being from Google it may not satisfy the wannabe cypherpunks.
Code is written. Command line only. So not ready for you yet.
There are good application programmers (who are also competent cryptographers). But it seems, based on mailing list and forum comments, all the incompetent ones hold them in spite. One can only guess why.
If Skype is flawed, then to a certain degree so is Facebook, SMS messaging, Facetime, and the rest. Being able to sell your company for billions two times, keeping ownership of the underlying technical IP and suing the first buyer seems like a pretty shrewd business model to me.
Of course I wish everyone was using end-to-end encrypted audio, text, and video communication with onion routing in the middle. But we aren't there yet. Arguably because everyone with A-list business, marketing, and technical acumen would rather be a billionaire.
Nothing wrong with what Skype did. He made his money. Good for him. The point is that Skype is not magic. It's something that can be replicated, with simplicity and transparency.
I agree, the greed factor is great. And one would imagine some of those with the skill to make a "Skype" might think "Why should I do this for free?" Then you also have the perfectionists, with the skills, who won't attempt to build something that cannot be "perfect". They love to say "It won't work."
Skype is not perfect. And it's very non-transparent. But people are using it.
Should the next Skype be free and open? Is it worth building? I think the answers will become evident going forward. I think communication over the internet is too important to be solely controlled by [insert unflattering description here].
>Skype was flawed from the outset, being non-transparent (about how the network is set up, turning machines into supernodes withtout permission, and the encryption they use). It's all closed. Why? You can't verify it's well-designed.
Perhaps relevant for a FOSS zealot (and I really don't mean that in a derogatory way here, there's a time and a place), but the average user doesn't care about the infrastructure - they want it to work and work well. And Skype pretty much always has, at least in my experience.
I'm definitely not a FOSS zealot. However I might be a zealot for simplicity, lucidity, keeping code small, unclever and boring, making compilation quick and easy, not tolerating many of the annoyances so many folks routinely accept. I do not like "black boxes". Even if they work.
re: Skype I simply see no reason that something so essential, and so simple, as a P2P application (note the P2P application does not have to be tied to the VOIP application, or whatever applications you want to run over the P2P connection) needs to be a proprietary product.
It does need to work and work well. The P2P element does that. It will consistently work. It's the audio/video element that is difficult to get right across all connections in all environments.
Perhaps that's why you read some people saying Skype works great for them and other saying it doesn't work so great. Consider that in every case, the connection gets set up just fine. People can connect very easily. P2P is the easy part. It's the audio/video quality that varies. Because everyone's bandwidth situation is different.
Unfortunately there's a lot of chatter about NAT, IPv6, crytography, and other non-issues, which distracts people from focusing the real issue: codecs; making the audio/video element work smoothly over a variety of bandwidth scenarios. That's what everyone wants: clear sound and video.
If you do not fear the command line and want to see a proof of concept of how easy P2P is to set up, leave some way for me to contact you.
> Right now, use Skype. But it will not hold the market when more robust, flexible, decentralised, transparent services are ready for non-technical users.
You forgot "easy to use", "fun" and "attractive". Normal people don't care about those things you said.
All three criteria you mention are very easy to meet. Skype's GUI was thrown together quickly in Delphi. Yet it's good enough for most users. The bar is set very low.
Features could be added to a next generation "open Skype" (e.g. streaming music or video to several of your friends, simultaneously) that would make it even more fun and attractive, but the RIAA and MPAA would be up in arms within 24 hrs of release.
HN is a place where we routinely discuss things that "normal people" don't care about. That doesn't mean those things are not important. Someone has to deal with the details that enable you to make your easy, fun and free calls, though you might not care such details.
This was the first thing I thought of when reading the article: it's a heck of a lot easier to tap off an (encrypted) stream running through a datacenter than it being remote on a supernode.
Of course not; thats not "lawful interception" in the countries that Skype would market such services to. They don't have access to that large-scale data anyway, hence my comment on getting access to it by routing it through your own infrastructure.
Right, which is the "intercept problem" I was talking about. Your concept of "lawful interception" is pretty dated when we're talking about national security agencies rather than police.
The NSA is splitting signals and trawling everything for what they want, it's how it's done now. The recent wired article about the new datacentre was pretty interesting. Which was, as far as i know, not possible with the p2p architecture that skype had previously.
Good to see the grsecurity patch getting a bit of publicity. I think for critical devices it's an essential patch, mostly because of it's integration with the PaX patch which is aimed at preventing many different types of memory overflow exploits.
A laptop on a broadband line can keep track of all the P2P nodes necessary to keep my contact list & chats up to date, have a 3-way video call, and top it off by routing for a few less-well connected peers nearby. Asking that of my phone is a bit much.
Skype on an iPhone + wifi is rough sailing as it is, let alone on 3G or with a less-powerful device. The behavior I see (really random incoming chats, call false-starts) seems to be more related to the P2P layer than the app itself. I almost never see that behavior on Skype desktop.
I think leaning a bit more towards client-server would be a lot more friendly for mobile devices. Hopefully they hit the right mix.
I think it is quite coincidental that now the skype ip lookup site JUST got killed and this press releases timing. They may have implemented this new infrastructure in tangent, and now took them all offline?
Say what now? It always seemed to do that quite fine for me. If a client drops off, I can still send messages, and they'll sit in the window with the little "working" circle next to t hem. The partner picks them up when they reconnect.
I've logged in more than once to have a metric ton of IM's waiting for me.
But if you send a message they won't see your message until you're both online again. So if you sign off before you sign on, it won't send until both clients are online again (could be days).
If you use multiple computers it gets worse - if you send the message from your laptop it won't go through until the laptop and your friend are online again.
Its not a huge problem with a 1 on 1 chat, but with groups its frustrating.
We benefit greatly from having the chat room as sort of a canonical log of what's happening. Its nice to be able to leave a message for coworkers before you sign off for the night, and know that everyone will see it. With Skype we didn't have that guarantee.
It's kind of odd that they don't - messages are stored server side (have a bunch of conversations and then sign into an empty skype elsewhere - open chats are synched). You'd think this would be trivial to add.
Just so I understand this: they're switching from direct P2P messages between users (like MSN), to routing the messages through their own data centers first (like Facebook)?
So in theory this will prevent any messages ever getting lost en route to the recipient?
I can't tell you how many messages have gone undelivered between my friends and I when we used to use MSN messenger exclusively (even happens once or twice on Skype), causing serious breakdowns in communication. ("Did you get that message? Did you get that message?)
I always wished they'd switch to this architecture.
Is MSN P2P ? It's been a long time (like.. oh. 7 years maybe ?) since I've used it, but iirc it was centrally routed. Only some things like file transfers were P2P.
MSN relies on central servers to broker connections, just like this does. It is not going to solve the problem you describe.
True P2P, via an overlay, where you and the other person(s) have a direct connection, is fast and reliable "enough" (otherwise Skype would not have been successful), but not perfect. Nor is store-and-forward (e.g. text mesaging) perfect either. But it is "good enough" for people to use it.
If I were really concerned about "lost messages", I'd prefer a direct connection as opposed to one that goes through a third party. It just makes more sense.
from what we get from the article: no, they are replacing the bit about connecting over NAT, which went through some random people, making it go through some servers they own directly.
If you and your peer are on mutually accessible networks the data will still be p2p in the same way (or not, as before).
I have a fair amount of experience with MSNP, and it is the exact opposite of P2P. Some things like file transfers will sometimes use P2P if it's available.
When I had a fixed IP address and no NAT between the internet and my PC, I regularly caught Skype promoting me to supernode and using a serious part of my bandwidth. It made me get into the habit of quitting Skype unless I wanted to make a call. Perhaps I can keep it running now.
Assuming you are concerned about the code you run, the location you run it in, etc. Does not provide encryption to my knowledge, but VPN can solve that.
I don't know of any truly distributed encrypted voice systems you can trust out there. Hosting your own server for a service seemed like the next rational way to solve the persons question.
Try not to think in terms of server and client being separate machines. Or thinking that a server needs to be complex or able to handle an unlimited number of nodes. It's possible to be both a client and a server. And that is in fact what Skype was doing. Some clients were also functioning as supernodes.
Teamspeak is another option, along the lines Mumble. There are others. It's a diferent concept from Skype. ONe person has to run a server. They choose who they want to be on the P2P network. Teamspeak is closed source.
Free SIP services are another option, but not easy enough for the novice who is in a hurry and just want things to work. Most people seem to use SIP servers operated by companies, not running the servers themselves. Some ISP's are selling pre-packed VOIP service (and some are deep inspecting every packet, lol).
Skype has the market now. It is ubiquitous. It's easy to use and works reasonably well.
But to think Skype will become the world's new default global communications channel, with MS in control, is just silly.
Skype is just a hint of what's possible, given today's bandwidth and a network that no one player controls.
All the enterprises that have deployed in RFC4193 space are using IPv6 NAT. It's been available in OpenBSD (a popular IPv6 Firewall/NAT device) for several years. If cisco hasn't deployed it yet in their ASAs, they will soon.
Enterprise cannot leak their internal addresses, and, if they do, they want it to be something that nobody can make use of/route to.
IPv6 NAT (or, more precisely, PAT/NAPT) is pretty much identical to it's IPv4 ancestor. One external (globally routable) IP Address which represents the entirety of the internal IP address space. If you are on a corporate LAN, and your IPv6 address is from the RFC4193 range (it starts with "FD" e.g. FDC2:D343:1234:5678:..." ), and, you are accessing IPv6 resources outside your company, then some kind of PAT/NAT/Proxying is taking place.)
The brilliant and problematic property of the translation (and why I think it will catch up) is that it allows to easily make your today's problems someone else's problems five years down the road. Noone gives a ding about what happens in five years in one's network - let alone the larger internet.
BTW, next time you talk with the "address-hiding security" fans, check what result they get from http://panopticlick.eff.org/ - very curious!
I'm one of those "address-hiding security" fans - I've architected and deployed more than 7 million (currently operational) IPv6 nodes, 100% of them in RFC 4193 space. We have many layers of security. Link Layer Security, Application Layer Security, Firewall Security, IPsec Security, App Transport Security in addition to the non-routability security.
I've never understood security professional who turn their nose up at the usefulness of using a non-routable IP address in your environment. It's always seemed self evident to me, that putting your resources on something like "192.168.1.5" - on an internal network, in addition to all of the other steps you take, would be yet another layer of defense that makes an attackers life difficult. And, in an enterprise environment, I would rather optimize for security than ease of two-way communication with external entities.
Do you really NAT all those meters though? It seems much more likely to me that you only have one or two specialized ALG's running.
One to many NAT really makes an attackers life easier in a lot of ways - at least as far as computer networks that support active users. NAT makes it much easier to hide from flow analysis and IDS and the proliferation nat traversal and tunnels to escape NAT make it much harder to spot rogue traffic. Lets not forget the classes of attacks that private v4 space has eased like DNS rebinding and home router attacks.
It's interesting, the only network I knew of that was ip6, aggressively secured and that many nodes is DISA which definitely doesn't allow any public network traffic - and yet uses global address space.
Once again - "addressability != accessibility". I think the benefits of being able to reference the host even if for abuse tracking, or netflow cross-correlation, etc. - outweigh the obscurity advantages of NATs.
If I were concerned to have a diode-like gateway, I'd get a stateful firewall, or on cisco boxes, configure the reflexive ACL. It comes for free with the base code, IIRC.
This all said - each individual network's mileage can vary, so we could argue till dawn - and I think we'd need to agree to disagree on the matter of the "security of NAT" :) If it makes someone sleep better - I think it's served its purpose. Much like throwing away the soda bottle before boarding the plane.
I had my account hacked, and it also happened to a friend a few weeks ago (and i m unable to reclaim it because they ask for the day i registered). Is it possibly related to the transition?
When they bought hotmail, it took them years to migrate off the freebsd boxes that was running it -- they had several failures, and when they finally succeeded, they needed several times as many NT boxes as the original BSD boxes.
I would guess that the supernode software was written by skype long before the acquisition (they were running their own supernodes, despite what the article claims -- although not as many, and most supernodes were users), and microsoft hasn't had the chance or the reason to port them to Windows yet.
It allows you to do the same thing Skype does. It uses a server (supernode) to make P2P connections (via SDP signaling) between web browsers. I can assure you, it can be used much like Skype is used.
