Skype: Open sourcing it is no option!

nickers — Fri, 17 Aug 2007 05:30:25 +0000

While the Skype outage is ongoing and i’m in need to revitalize some older IM-Accounts at Jabber and MSN, it’s a good time to think about the whole Skype-thing.

Skype is not Open Source and according to Skype’s CEO Zennström, it will not be. He’s putting this decision on funny spurious grounds. So to his words, it needs to be closed to save it’s users from spammers and identity theft and of course it needs to be closed because they need to save their trade secrets.

A while ago (maybe a year) Andrew Fear of Nvidia was justifying the decision not to open the source of their graphics drivers with a similar funny reason: “It’s so hard to write a graphics driver that open-sourcing it would not help” and that people would not ask for it. People didn’t also ask for safety belts when they were introduced, but they were built into cars even though, cause they can save life. A while after Fear’s interview the driver was exploited through a two years old security hole.

And yesterday a similar thing happened to Skype. Not a security hole, but the complete breakdown of Service (at least for Windows users). It’s hardly understandable why it takes more then a day (the problem isn’t solved at this moment, 24 hours later) to solve the problem and make the service run again. If it’s a problem of Skype’s server software, diversity would have helped, two different server systems, independently developed, will hardly fail to the same bug. This is proven in daily business. You may find bugs in a http-daemon, maybe in Apache 2 or in lighty, but you will not see, that all httpd’s all over the world will be fucked up by the same bug. You may find a failure in Postgres, but this doesn’t mean that Oracles 10g is also affected. So an independently developed server for Skype would beware you from a breakdown of the complete network. On the other hand, if it’s a problem of the client software, diversity and the always needed open and documented protocol would have helped too. You will, equal to the server side, not see that two independently developed clients will fail by the same bug.

This brings us to the important point, lack of documentation, or even the will to open it. No-one, except people at Skype, knows really well how the Software works and whats behind those magic numbers forming the TCP and UDP traffic between nodes and supernodes. Because of the obfuscation Skype put into their code, you will never be sure if there isn’t a backdoor somewhere, or a keylogger or whatever people want to hide from the eyes of the users. One can say that Skype is only doing this to save their trade secrets and to be in control of the development and this may be legitimate, but if i want to use Skype for communication i need to trust Skype. I can’t control what the software is sending between the users, i can not even control what Skype’s doing on my PC. Are you really sure that Skype is not logging the password for your bank account? Some intelligent people have written a report(pdf) about Skypes behaviour on the PC, about the obfuscation in Code and the uncontrollable communication over IP. Now you may argue that i even can’t control what Live Messenger is doing and you may be right. But first of all i’m also not forced to use Live Messenger (or Yahoo or ICQ) and secondly, the protocol of MSN is re-engineered, so i can use the network with an open sourced client like Pidgin , a thing i can’t do with Skype, because the lack of documentation.

But, thank god, there are more alternatives. I can not only choose another client for IM or VoIP, i can choose completely different protocols. There’s Jabber, based on XMPP or OpenWengo, an open sourced system based on SIP, that can also connect to MSN, Yahoo, ICQ or Jabber. No, Skype isn’t possible, because of reasons i described earlier, you know, the documentation thing. There may be more alternatives and it’s up to you to find them. In the end there may be only two reasons to use Skype.

First: Your clients use it extensively. This means your only chance is to win them for an alternative, telling them of the insecurities of Skype. Ask them if they can sleep well, not knowing if Skype is stealing their trade secrets.

Second: You need to be hip. That’s your problem! It’s up to you to think about your security. Forget Spybot S&D, AdAware and Norton Antivirus. After securing every inch of your desktop, there’s still Skype, the uncontrollable monster, even Norton, McAfee and Kaspersky know nothing about.

killing the beep

nickers — Thu, 16 Aug 2007 07:31:11 +0000

Sitting at my laptop, configuring a Debian test environment in VMware, Helloween in my headphone, i almost got killed by a heart attack when i had my finger on the wrong key, forcing the console to give out a loud, high pitched, screaming beep. This behaviour needs to be changed!

So how can i stop those annoying beeps?

Solution 1:
# modprobe -r pcspkr
This is rigorous, just kill the one who’s disgusting you. No talk, no discussion, no excuse, just take out the gun and kill him.

If you want to never load the module, add the line “blacklist pcspkr” to /etc/modprobe.d/blacklist. And if you now really need the beep for reasons i can’t follow, it’s up to you to start it with:
# modprobe pcspkr

Solution 2:
# setterm -blength 50 -bfreq 220
I found this one here. It’s more diplomatic, political correct. The PC-Speaker has a right to live too. The command just lowers the frequency and shortens the sound to 50 milliseconds, so it’s tolerable and saves the health of your ears (and heart). Sadly, you can’t control is the volume.

public brain extension

nickers — Thu, 16 Aug 2007 06:51:56 +0000

Working with many different software tools on Windows and Unixoids the capacities of my brain are more and more reaching it’s limits. So today i decided to expand my brain and use this tool as an information dump. I wonder how long i’ll follow this strategy.