35 comments

[ 6.1 ms ] story [ 71.0 ms ] thread
Everyone will be wondering what the 8 characters are and the BBC fail to mention it, so here we go:

http://:” (without the quotes) [1]

[1] http://venturebeat.com/2015/06/02/these-8-characters-crash-s...

Android, iOS and Windows apparently fall victim, OSX does not.

Clearing local logs does not resolve the issue, you'll redownload the logs from the server on launch, the culprit message needs to be deleted.

Is this an article summarizer bot?
Nope, I tend to go straight to the comments to HN and Reddit threads for context, criticisms, the likely important relevant information.
My skype crashes on OSX when I try it. I have Skype 7.8(388) on OS X 10.10.3.

My skype is now constantly crashing even though I haven't sent that in at least 10 minutes. Crashes about every three seconds.

Edit: upgraded to skype build 391 and it no longer crashes.

Parsing URLs is hard. Writing tests to find potential segfaults is easier.
(comment deleted)
Web browsers seem to manage to parse URLs quite well.

Doesn't this suggest that MS were doing something funky with the URLs or had some sort of code to operate on certain URLs differently? Why would simply linkifying break the whole app?

> Web browsers seem to manage to parse URLs quite well.

Somehow, I think web browsers' URL parsers might be a little bit more hardened...

What happened to code reuse? Microsoft seem to manage to parse URLs in emails fine too. Is it really that hard a problem that one of Microsoft's most installed apps should find it impossible to do without crapping its pants??
That's a protoype browser engine rather than a product installed on millions of users devices. The fact that this relatively minor project found that parsing error through basic testing at prototype stage actually supports the position that Microsoft should have found this before.

https://github.com/servo/rust-url/blob/1f08064eda8c2873bd64e... - has the string http://: in at several places - are you telling me that MS wouldn't be expected to run similar test data against their URL parser in Skype prior to release?

Does this affect the Linux client?
Nope
Plenty of other bugs on the Linux client to make up for it.
This raises an interesting point: Skype downloads your chat log from their server. They have your chat log on their server.
They have stored chat logs on their server for many, many years.
Why is there still a debate about whether the NSA have access then?
Because misdirection. Who else have access. The FSB?
The "debate" is whether the NSA has "direct access" via special backdoors, or just via law and/or espionage. For instance, people were going off on Google, til it turned out the way the NSA was accessing it was via tapping fiber lines- that doesn't scream "direct access" in a cooperative manner.

Anyone who thinks the NSA can't reach MS is unaware how easy it is to turn people. The KGB turned FBI/CIA agents for years, for paltry sums. Said spies claimed their only motivation was money. The USG would be incompetent if they didn't have agents working for all sorts of companies.

Between all their resources, it's possible the NSA has setup some way to copy all Skype messages.

But I would be very surprised if Skype was knowingly sending all data to them voluntarily. MS has denied this, and it'd require a lot of people to be in on it.

Do they store video chats?
I think they're filtering messages through their server now. Half an hour ago it worked, now it says "message removed". Implying they MITM our messages and can censor them.
I remember back in the day pre-Microsoft when Skype was unable to do that because it had point to point encryption. Then Microsoft purchased them, killed the Skype P2P infrastructure which was a massive cost saver for Skype and instead had it use standard servers.

People have claimed, without much evidence, that the NSA helped finance the purchase for Microsoft in exchange for making Skype easier to monitor but so far as I said nobody has solid PROOF of that, just speculation.

But I will say what Microsoft did made little logical sense. The whole point of Skype was to make running a network inexpensive and scalable, Microsoft's changes made running Skype much more expensive (and what company WANTS a product to cost more to run?).

That change came in a time where Skype ran increasingly often not on PCs but rather mobile devices. And what tablet or smartphone user WANTS a chat application to consume excessive CPU and bandwidth while running in background?

That's the official version, anyway. You may choose to ignore reasons giving by the people who made the change, of course. The infrastructure on which Skype was built relied on most clients being PCs with decent internet connections and CPU to spare. Something that's increasingly not true in today's world.

Prior to Microsoft's centralisation, Skype was completely unusable on mobile devices. I know, I tried it.
It still is though.
It's still bad, but it's improved a lot from where it was.
They could've done an either/or thing; P2P for desktops, client-server for mobile devices (including laptops). However, they'd have to maintain two separate systems, and nowadays there's far more laptops and mobile devices than PC's, so with that in mind it makes sense.
P2P doesn't necessarily have to mean more CPU and bandwidth usage, especially while in the background.

Modern P2P designs often have measures to disable participating in aiding network routing completely for devices with limited network/processing, which effectively only leaves as much traffic/processing as messages you explicitly send/receive.