Skype has had its share of bad news lately, with a malware attack following close on the heels of a massive outage. Current events raise questions about Skype’s technology that won’t — and shouldn’t — go away.

One is the perennial architecture question: proprietary (Skype) vs. open (SIP). Recently I asked SIP application company Counterpath’s CTO Jason Fischl to talk about it. Fischl was also the architect of TelTel’s SIP-based VoIP system.

“When you’re trying to design a system to scale there are two places you can have a problem: design of the protocol or in a bug in the implementation,” he explains.

And quite simply, in protocol design as in so many of life’s other arenas, numbers count.

“In the case of SIP we have protocol design by people who’ve been designing telecom protocols for many years.” People like Cisco and Nortel telecommunications engineers, who have generations of experience with the problems that can crop up in communications networks.

“In the case of Skype, they have a very small group,” he continues. “The advantage [for Skype] is that they can make it simple. But a lot fewer people are looking at it. It’s a monoculture. The same group of people are making all the decisions — and the decisions are made for tactical reasons rather than technical reasons.”

And then there’s implementation execution. Here, too, more is better.

“When you see the problems Skype had, you see the advantages of SIP. In the case of SIP, you’ve got hundreds — even thousands — of implementations. Lots of service providers implement SIP. Any problem they have isn’t going to affect the entire population — just their customers. Lots of different vendors implementing is a nice benefit.

“But the consequences of a flaw in the case of Skype — it’s a catastrophe,” adds Fischl. “There are no other implementations.”

Fischl suggests that Skype’s outage may have had more to do with the centralized aspect of Skype’s architecture than the peer-to-peer dimension. “One of the [problematic] things about their [Skype’s]architecture is that the authorization of users is done on a central server. That leaves open a vulnerability.”

SIP, by contrast, has a distributed authorization process. “It relies on an overlay network. You make a query into the overlay network and find out how to contact subscribers.”

Further, the IETF’s — Internet Engineering Task Force — peer-to-peer SIP working group is looking at an architecture that will do complete peer-to-peer SIP without a server at any point.

“One of the fundamental requirements is that you won’t need a central server when you login — only when you sign up. The consequence is that if servers went down you wouldn’t get new customers, but customers can still make calls.”

Fischl confesses to being puzzled that Skype hasn’t embraced SIP. “To being with, they’ve already got SIP gateways — why not go further down the road? I think if they took that approach — augment the network, let any SIP endpoint connect — they’d have a huge network of vendors building devices.

“Who knows?” Fischl adds, “Maybe they’re going down that road.”

Poor Skype. As if the outage a few weeks ago wasn’t enough, a Windows worm called Pykspa.d is catching a ride on Skype IM, according to this report in PC World.

The most entertaining explanation I’ve heard about last week’s Skype outage is this posting from Rostislav Siryk in his blog:

“Skype’s outage is …[a] natural consequence of quantum physics. Because users [are] like atoms.”

In other words, it’s within the realm of possibility that all the world’s PCs will download a Microsoft update and reboot at the identical moment.

On the other hand, when was the last time you saw an object move by itself as a result of all its atoms just happening to tip the same direction?

I thought so. That’s why many are saying Skype’s explanation, issued this morning, is fishy.

Certainly, no one at Skype or Ebay is saying much. My request for a real live conversation last week was answered politely with a copy of the company’s then-current statement and a link to the Skype blog. As Skype has talked with me openly in the past, it’s thought provoking at the very least.

But this discussion begs the question. Even accepting the Microsoft-did-it explanaon, the outage is nonetheless an object lesson for the entire VoIP industry of another immutable natural law: Murphy’s.

It highlights a fundamental industry problem, says VoIP gray-beard Erik Lagerway. Providers ultimately don’t control the underlying network that delivers their service.

“I’ve been in this business 15 years and over that time VoIP has been in beta 15 years. The main reason is that the network that people are riding on is unreliable,” says Lagerway, whose VoIP pedigree includes executive roles at Shift Networks and Eyeball Networks as well as founding Vocalscape Communications and Xten Networks (now Counterpath).

Unless a provider owns the upstream broadband network, a ‘best effort’ service is all a provider can promise, according to Lagerway.

“If the upstream provider has decided they’re going to be making some changes, you’re going to be feeling those changes. If the upstream provider decides they want to filter out [other providers’ VoIP] packets or handle them with less priority than their own packets, you’re going to experience that regardless of what kind of service you have.

“If they decide they’re going to route packets to Istanbul, they can do that,” he says, adding, “The long and short of it is that the incumbents have their long arm deeply inside the network.”

Having said that, Lagerway does allow that Skype’s proprietary peer-to-peer (P2P) architecture – a closely guarded “black box” — leaves the system unnecessarily vulnerable in a way that conventional centralized services like Vonage don’t.

“My main issue with Skype is that it’s a closed system,” says Lagerway, an outspoken evangelist for the open communications standard, SIP. “Having one guy [Janus Friis] create the entire peer-to-peer architecture, it’s destined to fail – no one is smart enough.

“What’s going to happen when the next Windows update comes along? What this says is that, at any given moment, Microsoft can screw over every single Skype user. That’s a serious problem. The fact that no one even thought of this is mind-boggling.”

Lagerway points to Skype’s implementation – a self-organizing P2P network operating exclusively on users’ PCs – as untenable for providing a service to millions of users.

“To have such a dependency on so many people’s PCs, that’s pretty risky business. What happens if a whole lot of people decide to de-install?”

A better approach for a P2P network is an architecture that fails back to a centralized client-server network – the way TelTel’s P2P VoIP network operates, for example. “That’s the way SIP operates,” Lagerway explains. “It’s a peer-to-peer network but it bootstraps the operation with a client-server network.”

In the end, while no one can ever fully escape Murphy’s Law, a more open approach could have helped Skype avert this particular disaster, Lagerway says.

“If this [Skype] had been an open standards projects, you would have had much more peer review. If they had used SIP, this particular outage would have been less likely. It could have possibly been averted,” he explains. “Correcting it now is going to be costly.”

The legendary Murphy could have told Skype that, too.

Looking to emulate the highly successful Asterisk ecosystem business model, IP-PBX pioneer ShoreTel has launched a partner program to extend the choice of integrated solutions available to customers.

Skype Inside: First, an agreement between Toshiba and Skype will build Skype into Toshiba notebooks. Second, German mobile software company Shape Services has launched beta versions of IM+ for Skype software for Java phones, Symbian S60 and Palm OS.

Home networking pioneer Netgear announced a new collaboration with British Ubiquisys to build a residential gateway that integrates a DSL modem, Wi-Fi, VoIP and a femtocell 3G access point. (Femtocells are being promoted for fixed-mobile convergence.) It seems like a natural progression for the company that first made it possible for the average Joe to connect to the Internet. A side benefit is that your cell phone will also work better at home.

For those of you who wish you could take your VoIP service with you when you leave home or office, Chinese manufacturer ATCOM announced a new Mini ATA AG110 that fits in your packet. The company’s website is less than helpful to the English speaker, with howlers like this: “With the powerful R&D capability, ATCOM will keep lunching all kinds of VoIP terminals and devices….” Sounds like Godzilla.

When you take your VoIP service on the road, you’re going to need a broadband connection. Boingo is helping road warriors escape being nickeled-and-dimed to death by WiFi service providers with its global, flat rate, unlimited use service. The company claims to have about 100,000 hot spots. U.S. price is about $40 a month. Earthlink and Nokia are also aiming to let travelers roam free by equipping the Nokia N800 Internet Tablet with Earthlink’s WiFi service at no charge.

Polycom’s Spectralink WiFi phones now comply with the federal government’s security specifications for ’sensitive’ — but not classified — communications. This is the first WiFi phone to achieve this, according to the press release. But it is secure enough for Vice President Strangelove?

If you’ve ever wished you had that great picture of your Maui vacation right there on your cell phone, wish no more. Glide Mobile lets you bring all your files to your phone — even documents. All for free. You’d never guess this from parent company TransMedia’s description of its business: “TransMedia is leading the emergence of rights and identity based, compatible and integrated multipurpose software and services for corporations and consumers.” Huh? Anyway, you can read Glide Mobile’s press release here. (It’s not on the website — go figure.)

With only 2 days left until “i” Day, Ajax software company Backbase is prepping its Ajax framework and developers kit for the Apple Safari 3 browser, Apple’s chosen avenue for value-added applications. Backbase says that its framework will run on the Apple iPhone without modification. You can give it a test run here.

And speaking of tech’s Cabbage Patch Kid, how many people are actually planning to buy one? Not many, according to an online survey at the Silicon Valley/San Jose Business Journal. As of this writing, only five percent of the people taking the survey say they’re going to buy one “immediately.” At the other end of the spectrum, 16 percent say they will “never” buy one, 11 percent say “not as long as it’s tied to AT&T for service,” and 27 percent — the largest cohort — say “not while it’s so much more expensive than other options.” You can weigh in here.

P.S. Gartner says the iPhone doesn’t belong in the enterprise.

The biggest threat to IT security isn’t the hacker on the outside. It’s the employees on the inside that are, in increasing numbers, bringing consumer technologies like Skype, social networking, IM and “unsecured” mobile devices to work with them. So says a new Gartner report. The press release includes details on how to protect the corporate network. A while back, I looked at the use of Skype in business and some of the issues the Gartner study raises.

Satellite TV providers DirecTV and Echostar are getting into the IP communications game with distribution deals with WiMax provider Clearwire. The goal is to be more competitive with cable companies. It will be interesting to see how it rolls out because right now Clearwire’s coverage area is pretty limited and doesn’t include and major U.S. metro areas.

No one’s talking about how VoIP saves money any more. Instead the buzz is around how VoIP can change the way you do business. ComputerWeekly.com has a case study on VoIP as the cornerstone for the virtual office and remote employees.