Accidental God Mode – An Easter Surprise
by Pixeleen Mistral on 08/04/07 at 10:15 pm
What would Jesus do?
by Inigo Chamerberlin, temporary metaverse deity
Ok, so, it’s Easter Sunday, and because Spring has finally arrived on my island I’m fiddling with terrain textures, new plantings, animal and insect life, all the minutiae that go into running an attempt at a natural sim. I was also trying to track down the mysterious sim ‘freezes’ which had been afflicting Lyonesse since Saturday, which meant Estate Tools were more or less permanently open, along with Statistics.
At one point I was fiddling in the Estate tab, with the Global time instead of fixed time setting. On attempting to switch to Global time the following fascinating dialogue box popped up:
You are about to change a Linden owned Estate (mainland, teen grid, orientation, etc.). This is EXTREMELY DANGEROUS because it can fundamentally affect the user experience. On the mainland, it will change thousands of regions and make the spaceserver hiccup, Proceed?
Change Estate/Cancel
Oh hell! Have I become a Linden?
Hmmm, no, I don’t think so – and I really want to change my Estate settings. Surely that warning is just a mistake? Just screen grab (no one will believe this one otherwise) and…
*CLICK!*
How about a mainland time-change?
Nothing, absolutely no change. Hmmm, teleport to somewhere at random in that teeming chaos – er – It’s exactly the same lighting level and time of night as MY sim! AK!
This looks very much as if the Main Grid has been synched to Lyonesse instead of the reverse. Whoops. Home James! Except of course TP isn’t working now, so it’s log out and back in to home.
Having got home and not been incinerated by bolts of lightning from above by the divine vengeance of St. Philip of Linden, I can hardly believe what just occurred. Still, it did, and being inquisitive I start poking around in the menus – there’s always that tempting ‘Request Admin Status’ that never does anything useful, just tells you the request has been logged. Which it does this time. As usual.
What ISN’T usual is that the Server menu changes to include an enabled God Tools!
Well, who could resist? I mean, after the ‘time’ setting thing I’m not going to USE any of these lovely shiny toys – Woot! There’s stuff here I could REALLY have some fun with.
Inigo only used his near-Linden powers for good – never for evil
I wander through the various menus finding all sorts of interesting things a Linden can do to you if they really wanted to be difficult. Then start wondering what other menus are altered in God mode. ‘Search’, I wonder what a Linden’s Search is like?
So I search a random name: Kick, Freeze, Unfreeze – pretty much what you’d expect.
Right at the bottom, CSR? Hmmm, doesn’t sound too deadly, I click it and am rewarded by a web page – protected by a simple username/password requester – to http://osiris.lindenlab.com
Well, I’m not going to try getting past that, though I have little doubt there are those, in SL too, for whom such an exercise might be of interest.
At this point I suddenly realize, for some reason I’m able to get as far as the authentication page – for what though? It’s clearly AV related, because you get to it via Search People tab – It slowly dawns on me – this is the portal to personal information, easily accessible to me today for some reason, and only protected by a simple user name and password? Just how good are LL’s usernames and passwords? Might Zero Linden, to pick one at random, be Username ‘zero’, Password ‘0’?
Who knows?
Maybe someone less honest and respectful of people’s privacy than me, who’s exploring your details, or mine, or YOURS sir – right now.
Now I’m getting angry. My views on LL management are well known. But this goes far beyond that. This in negligence on a grand scale. Which of course will be spun into nothingness by the well practiced damage limitation team. It’ll turn out to be an ‘unused system’ – a ‘test version’ – ‘not a significant threat’.
Like when Torley’s Forum account was hacked? Or when the password system was accessed?
Am I going to comment? Nope. It’s absolutely futile. Some people will NOT learn. Will NOT listen. WILL eventually reap the rewards.
But I thought this was worth documenting so readers could see just how close to the edge things were today. Today? Well, that’s another question isn’t it? How long has this sort of intrusion been possible?
Artemis Fate
Apr 8th, 2007
This has been around for a long long time actually, ever since the hacked god mode, I guess they figured that they wouldn’t be able to stop people from hacking godmode and just put it in as a secret feature. You probably hit the keystroke by accident.
It’s completely harmless actually, all those dangerous looking options, if you try to use it, it’ll request your linden status, and since you don’t have it, it’ll deny you.
The only thing god mode does do is unlocks camera limitations, lets you select things from long distances, snapshot to disk with no noise, and lets you fly in no fly zones really. Used to have more privacy invasion options like being able to map anyone, and reset any scripts, but they fixed that.
mootykips
Apr 8th, 2007
Sounds somewhat useful.
Kerian Bunin
Apr 8th, 2007
Isn’t this just View admin options enabled from the client menu? Not really ground breaking.
Nimrod
Apr 8th, 2007
I mentioned the osiris part to Spike Linden in the Voice beta, he said something about being able to see previous disciplines on the avatar, as well as account balances, and I’m assuming much more. Too bad I don’t have login info for it!
Prokofy Neva
Apr 8th, 2007
Yes, this has been around for a long time, and other than that long view that you get in admin view, and the ability to copy and paste absolutely any texture with about 3 steps, it doesn’t do anything.
I’m wondering about the sim freeze too. Or rather, my avatar, freezing all over the place, on all sorts of sims. Freezing in time, and if I wait, he’ll unfreeze and then fly into negative space offworld.
Nimrod
Apr 8th, 2007
Prok, 2 steps, 3 keystrokes… Get it right!
Nacon
Apr 9th, 2007
ahh …Noob
Inigo Chamerberlin
Apr 9th, 2007
Yeah… you’re right… move along everyone now, NOTHING to see here…
EXCEPT:
“You are about to change a Linden owned Estate (mainland, teen grid, orientation, etc.). This is EXTREMELY DANGEROUS because it can fundamentally affect the user experience. On the mainland, it will change thousands of regions and make the spaceserver hiccup, Proceed?
Change Estate/Cancel”
Which appeared without warning during a legitimate Estate Tools operation – BEFORE I fiddled with any Debug Menu settings…
Any clever explanations for THAT?
Inigo Chamerberlin
Apr 9th, 2007
And Nimrod – I actually looked at that and thought about it. I’m a curious sort, and there are thing’s I’d love to know…
Obviously lack of a user/pass was a problem
but hey, people use lame passwords and a Linden user name is probably just their first name which HAS to be unique. I could have tried a few guesses. But that would have probably got me in hot water, so I didn’t try.
But it’s an intriguing thought, isn’t it?
If nothing else, wouldn’t it be interesting to see you own CSR entry?
Inigo Chamerberlin
Apr 9th, 2007
Artemis – At NO time was I asked for my Linden ‘status’ as you put it.
I managed to effect several settings changes without any difficulty.
The only ID requester displayed was the web page gateway to CSR.
Artemis Fate
Apr 9th, 2007
“Artemis – At NO time was I asked for my Linden ‘status’ as you put it.
I managed to effect several settings changes without any difficulty.
The only ID requester displayed was the web page gateway to CSR.”
Yeah, you never see it ask you, it asks on a programming level (or so i’m told), if you try to press one of these dangerous looking Linden buttons like change estate, it’ll take a nano-second to query the database to see if your avatar has the rights enabled to do such a thing, which unless you’re a linden or the Lindens specially enabled it, you wouldn’t, it denies it. Try pressing something like that, nothing happens.
Ice Brodie
Apr 9th, 2007
This menu set was included in a prior version of SL, as a more open position for the debug tools. LL added it after a client hack became popular. (LibSL folks) While the client may act like you have control, and may think you have control, generally it’s either been safety tested or Linden Lab would be closing the grid the second someone did something with the tools.
Linden Lab knows about it, Linden Lab implemented it… this is technically old news as it’s been out for 5 months now.
I believe it’s somewhere in the area of 1.11 or 1.12 on the Second Life release notes, where it will detail the information on it.
Gaius Goodliffe
Apr 9th, 2007
“Any clever explanations for THAT?”
Take a look at your own screen cap. You weren’t editing your own estate, you were editing estate “(unknown)” with owner “(unknown)”. Sometimes these dialogs get displayed without the proper information behind them. So when you tried to change anything, it thought you were editing a completely different estate. It’s essentially just a client side bug — it should check whether it actually successfully downloaded the information displayed on a dialog before it allows you to edit it.
Artemis Fate
Apr 9th, 2007
“Change Estate/Cancel”
Which appeared without warning during a legitimate Estate Tools operation – BEFORE I fiddled with any Debug Menu settings…
Any clever explanations for THAT?”
I get that all the time when I have the admin mode on and am scrolling through a group listing. It always asks me if I want to accept changes, even if I don’t change anything. But, if you press accept, cancel, or ignore, either way it’ll do the same thing.
If you were fucking around with keystrokes and accidentally managed to hit the Godmode one before opening up that estate menu, it would likely happen.