Looks amusingly similar to a bug found by fuzzing in rust-url (the url parser used by Mozilla's Servo) less than a month ago. https://github.com/servo/rust-url/pull/108 (Not implying the two are related in any way)
Web browsers seem to manage to parse URLs quite well.
Doesn't this suggest that MS were doing something funky with the URLs or had some sort of code to operate on certain URLs differently? Why would simply linkifying break the whole app?
What happened to code reuse? Microsoft seem to manage to parse URLs in emails fine too. Is it really that hard a problem that one of Microsoft's most installed apps should find it impossible to do without crapping its pants??
That's a protoype browser engine rather than a product installed on millions of users devices. The fact that this relatively minor project found that parsing error through basic testing at prototype stage actually supports the position that Microsoft should have found this before.
The "debate" is whether the NSA has "direct access" via special backdoors, or just via law and/or espionage. For instance, people were going off on Google, til it turned out the way the NSA was accessing it was via tapping fiber lines- that doesn't scream "direct access" in a cooperative manner.
Anyone who thinks the NSA can't reach MS is unaware how easy it is to turn people. The KGB turned FBI/CIA agents for years, for paltry sums. Said spies claimed their only motivation was money. The USG would be incompetent if they didn't have agents working for all sorts of companies.
Between all their resources, it's possible the NSA has setup some way to copy all Skype messages.
But I would be very surprised if Skype was knowingly sending all data to them voluntarily. MS has denied this, and it'd require a lot of people to be in on it.
I think they're filtering messages through their server now. Half an hour ago it worked, now it says "message removed". Implying they MITM our messages and can censor them.
I remember back in the day pre-Microsoft when Skype was unable to do that because it had point to point encryption. Then Microsoft purchased them, killed the Skype P2P infrastructure which was a massive cost saver for Skype and instead had it use standard servers.
People have claimed, without much evidence, that the NSA helped finance the purchase for Microsoft in exchange for making Skype easier to monitor but so far as I said nobody has solid PROOF of that, just speculation.
But I will say what Microsoft did made little logical sense. The whole point of Skype was to make running a network inexpensive and scalable, Microsoft's changes made running Skype much more expensive (and what company WANTS a product to cost more to run?).
That change came in a time where Skype ran increasingly often not on PCs but rather mobile devices. And what tablet or smartphone user WANTS a chat application to consume excessive CPU and bandwidth while running in background?
That's the official version, anyway. You may choose to ignore reasons giving by the people who made the change, of course. The infrastructure on which Skype was built relied on most clients being PCs with decent internet connections and CPU to spare. Something that's increasingly not true in today's world.
They could've done an either/or thing; P2P for desktops, client-server for mobile devices (including laptops). However, they'd have to maintain two separate systems, and nowadays there's far more laptops and mobile devices than PC's, so with that in mind it makes sense.
P2P doesn't necessarily have to mean more CPU and bandwidth usage, especially while in the background.
Modern P2P designs often have measures to disable participating in aiding network routing completely for devices with limited network/processing, which effectively only leaves as much traffic/processing as messages you explicitly send/receive.
35 comments
[ 6.1 ms ] story [ 71.0 ms ] thread“http://:” (without the quotes) [1]
[1] http://venturebeat.com/2015/06/02/these-8-characters-crash-s...
Clearing local logs does not resolve the issue, you'll redownload the logs from the server on launch, the culprit message needs to be deleted.
My skype is now constantly crashing even though I haven't sent that in at least 10 minutes. Crashes about every three seconds.
Edit: upgraded to skype build 391 and it no longer crashes.
Doesn't this suggest that MS were doing something funky with the URLs or had some sort of code to operate on certain URLs differently? Why would simply linkifying break the whole app?
Somehow, I think web browsers' URL parsers might be a little bit more hardened...
https://github.com/servo/rust-url/pull/108
https://github.com/servo/rust-url/blob/1f08064eda8c2873bd64e... - has the string http://: in at several places - are you telling me that MS wouldn't be expected to run similar test data against their URL parser in Skype prior to release?
http://blogs.skype.com/2013/10/04/skype-architecture-update/
http://www.makeuseof.com/tag/skype-enables-synchronization-o...
Anyone who thinks the NSA can't reach MS is unaware how easy it is to turn people. The KGB turned FBI/CIA agents for years, for paltry sums. Said spies claimed their only motivation was money. The USG would be incompetent if they didn't have agents working for all sorts of companies.
Between all their resources, it's possible the NSA has setup some way to copy all Skype messages.
But I would be very surprised if Skype was knowingly sending all data to them voluntarily. MS has denied this, and it'd require a lot of people to be in on it.
Their ability to do this has been known for a while - see past HN discussions:
- Https URLs posted in private Skype chats visited by Microsoft https://news.ycombinator.com/item?id=5704574
- Skype and Microsoft man-in-the-middle chats to give targeted ads https://news.ycombinator.com/item?id=7369163
People have claimed, without much evidence, that the NSA helped finance the purchase for Microsoft in exchange for making Skype easier to monitor but so far as I said nobody has solid PROOF of that, just speculation.
But I will say what Microsoft did made little logical sense. The whole point of Skype was to make running a network inexpensive and scalable, Microsoft's changes made running Skype much more expensive (and what company WANTS a product to cost more to run?).
That's the official version, anyway. You may choose to ignore reasons giving by the people who made the change, of course. The infrastructure on which Skype was built relied on most clients being PCs with decent internet connections and CPU to spare. Something that's increasingly not true in today's world.
Modern P2P designs often have measures to disable participating in aiding network routing completely for devices with limited network/processing, which effectively only leaves as much traffic/processing as messages you explicitly send/receive.
What about this piece of news from 2008? http://www.nytimes.com/2008/10/02/technology/internet/02skyp...