Rumored Bug Puts SL Scripts in Jeopardy — Should Lindens Close Grid?

by prokofy on 17/06/07 at 2:20 am

Giant_water_bug

By Prokofy Neva, Fashionable Tech Dept. for Dummies

A scripter by the name of Ethan Schuman claims that the Lindens were squashing a scripting bug today that would have enabled anyone in SL to view — and therefore copy — scripts inside objects in Second Life.

Linden Lab has not yet published any announcement about the alleged exploit, and had not responded to any press inquiries to date. A query sent to security@lindenlab.com got the automatic bounce reply: “Any messages sent to this address that do not specifically report security exploits will be ignored.”

Ethan Schuman, a resident of Ohio who says he discovered the bug, contacted the Herald at about 5 pm SLT and said, “LL just got done squashing a bug that made any script inside any object available for viewing full perm.”

His claim has still not been confirmed with any Lindens publicly. “From point of discovery through reporting and hot patch, it took approximately 2 hours to fix. That was with three people with Linden cell numbers and pagers. Imagine if an ordinary joe had discovered that,” Schumann added.

Scripters have long claimed to skeptics that absolutely nothing can enable copying of their scripts, that unlike objects, skins, and textures, which are vulnerable to client-side exploits like the notorious Copybot, scripts cannot be accessed and copied if permissions are set on them to be unviewable except by the author.

But one expert who asked not to be named said, “All that sits between us and the scripts is a bunch of true/false flags, after all…just one or two lines of code where the server has to decide whether to send you the script or not.”

Residents have had difficulty since the closing of Live Help finding Lindens — especially on weekends — to come to their aid or respond to emergencies such as the discovery of exploits. With the “online” status of Lindens also hidden, it’s not possible to see if any are logged in. Even the Concierge live chat for customers with one or more sims is not open on weekends.

Asked how he was able to get the Lindens’ attention to his problem under these circumstances, Ethan Schuman told the Herald: “I was going to help a friend fit his sig holster, when I accidentally noticed I could view the holster script in his holster. So I summoned some friends, and we tested with a series of objects. Once it was repeatable, I filed a bug report, got the number, and had people make calls,” he said.

Lindens now maintain two systems for bug reporting, one through the drop-down menu in the client, which provides space for very brief reports and generates a reply with a number, and the beta-testing JIRA system which enables residents to add more commentary and “vote” for bugs they think deserve more attention.

Asked what would make a script viewable given what scripters say about copying not being possible, Ethan replied, “A bug inside SL’s core code.” He said it was not a problem in just one script, as he tested a variety of scripted items to see if they were viewable.

When challenged to confirm his claims, Ethan provided additional persuasive details.

Asked what kind of bug could get into permissions, he replied, “Obviously a very nasty one.”

“Anyways, this issue could have put a lot of content providers in a very undesireable place,” he noted. “The Copybot for scripts, as it were, with no need for any additional software. I wonder if LL will address the exploit, or just try to brush it under the rug,” he added.

When warned about problems that can occur to residents who publicize exploits, and create openings for griefers, Ethan Schuman said he felt he had to come forward.

“I’d like to give them [the Lindens] the benefit of the doubt, personally, but an issue like this shouldn’t have occurred, and there SHOULD have been a faster way to make contact with Linden Lab instead of having to rely on personal connections.”

He asked to wait 4 hours to give the Lindens time to test and announce the problem solved, and also to seek more input from other scripters. As of 9:45 pm SLT, he had no confirmation except the automatic LL reply in email:

” Your bug report regarding Bug: E:3717 P:1 O:W V1.17.0.12 (Phoenix Unbound)[Exploit] “Scripts in objects viewable when they should not be.” has been received, and assigned an ID of [rt.lindenlab.com #889623].”

The Herald subsequently contacted a RL scripter with a lot of SL experience who is very knowledgeable about bugs who asked not to be named. He confirmed that in fact the bug was still “hot” and being repro’d. We were then able to see it confirmed.

A source speaking to a Linden about the issue could only quote the Linden as saying, “They are doing repros and thinking what to do next.”

We have an idea about a problem that has likely been live since last Wednesday’s patch: close the grid. Or, as a wiser head suggested, close off scripting editing capability.

It’s 11 pm. Do you know where your scripts are?

64 Responses to “Rumored Bug Puts SL Scripts in Jeopardy — Should Lindens Close Grid?”

  1. Sol Cult

    Jun 17th, 2007

    They’re in my pants. :D

  2. Ethan Schuman

    Jun 17th, 2007

    [1:47] Second Life: All servers will be restarted in the next 90 minutes to fix a security issue. Restarts will move from north to south and give 5 minutes warning. Details at http://blog.secondlife.com/

    It’s amazing how those of us who were trying to alert LL were ignored, until Prokofy posts this article.

  3. LSL Scripter

    Jun 17th, 2007

    It comes as no grate shock that once again linden labs dropedd the ball on support and service

    And I have had it

    in a few hours i will post on sl Exchange a Linden status board that will tell you what lindens are online

    and in that waay you may find a linden

    I am done waiting for them to grace the world with ther login

  4. Apollo Case

    Jun 17th, 2007

    This could have been a lot worse. Just glad they caught it when they did. From what I remember too, this is not the first time that a no perms script has been readable.

  5. One Song

    Jun 17th, 2007

    Pretty scary stuff…

    Considering that some people in the grid that have scripts that could be worth at least 50,000 USD.

    Linden Lab could get themselves some hefty law suits going their way if that bug made aware to them and they were extremely non efficient or simple didn’t care that much since it was not gonna be their work that was going to be exposed to undesirables.

    All we can hope for that the exploit wasn’t easy to figure out and that no one of bad character got hold of it… if they did there is going to be an awful lot of people that are going to be more pissed than ever at Linden Lab.

    I wish the “scriptors” best of luck and hope there was minimum or no damage caused or they will endure some real heavy loses.

  6. Coincidental Avatar

    Jun 17th, 2007

    Reinventing the wheel?

    Wasn’t this the well known bug for technically savvy? It was fixed, but the installation was pending.

  7. Mako Mabellon

    Jun 17th, 2007

    In theory, protected scripts shouldn’t be copyable. In practice, they’re only uncopyable when LL haven’t messed up, and we all know what LL are like. (Testing is supposed to catch this type of issue, but it’s currently a lot of boring manual work.)

    Being able to view scripts the user shouldn’t have access to is also a lot more serious from a security point of view than merely being able to copybot objects. Copybot allowed users to violate copyright slightly more easily; script viewing allows users to compromise the security of various in-world objects in some nasty ways that wouldn’t otherwise be possible.

  8. TT

    Jun 17th, 2007

    The SL blog refers to the bug as the ability to access the source code of “certain LSL scripts”, while the Herald story implies that the exploit allowed reading the source code of ANY script. Will someone please clarify whether 100% of LSL scripts have been compromised, or only some of them?

  9. Lewis Nerd

    Jun 17th, 2007

    Interesting how, in the middle of the night, at a weekend, they manage to get a team together that sort out a bug like this, yet during the working weekday when issues happen that, presumably aren’t considered important, we wait for days or even weeks to get them fixed.

    Lost inventory, failed teleports, lag, failure to rez, attachments appearing up arse… etc… how long have these been going on?

    Lewis

  10. Mikael Khalamov

    Jun 17th, 2007

    Guess what?

    Ethan’s a liar.

    Shocker? Not really.

    Avil Creeggan reported the bug to LL. Not Ethan Schuman.

  11. Prokofy Neva

    Jun 17th, 2007

    I see a number of commentators have problems understanding what a *messenger* is — that’s someone who reports the news. You can shoot the messenger if you don’t like what they say and want to keep bad news down, but that won’t solve the problem ultimately.

    The 2:20 am date stamp on this story is my EST date stamp; the Lindens came out with their notice confirming a resident’s discover of an exploit and their server code to fix it a few hours later, at 1:36 their time. I kept checking the blog and the JIRA before running the story — there wasn’t anything.

    Interestingly, there was also this more cryptic comment from Cyn, it went up at 11:42 pm PDT which was 2:42 EST, 22 minutes after I published my story and sent out more queries to scripters:


    LSL Script Issue
    Saturday, June 16th, 2007 at 11:42 PM PDT by: cynlinden

    We are aware of a problem involving LSL scripts and are currently working on a solution. We will update you as soon as we have further information.”

    Coincidental Avatar, if a dummy like me could repro this bug, sure, it must have been wellknown. But if there was a fix, what took so long, and why weren’t people warned?

    I have no idea if Ethan Schuman’s story is correct, and whether he in fact reported the bug or he is part of a “we” that is now feeling a lot less like “we” and is now breaking down. Not my problem. I reported the news as it was available. In fact, I spent at least 7 hours trying to check the story, trying to find Lindens, trying to get a response from them, then trying to find senior and experienced scripters with demonstrable RL and SL credentials — and I went with the story when I was able to get two people to confirm it and discuss it intelligably for me and repro it for dummies, and then one of whom seemed to think it was a good idea to publish the story.

    Mako, I’m failing to see why script-copying should be privileged over object/texture-copying as an offense. Because programmers are more important and powerful people that dressmakers?

    Some months ago, somebody showed me an easy exploit I could reproduce to have any texture show up on any object — not within my inventory, but on the object. Alarmed, I sent all kinds of bug reports and notices. I then finally reached a Linden, who, instead of treating the situation with gravity, *argued with me* about how everything in a world you can see client-side is copyable, and nothing can be done. I was appalled. I was astounded. I argued and argued. He was in that extreme school of opensourcey “information wants to be free” cult that says, “Just because we can’t lock up something 70 or 80 percent, we shouldn’t try.”

    Some time later, I was sitting in a Linden office hour, and I decided to simply reproduce the exploit right there with 3 Lindens looking on. One of them was the one on duty when I originally reported the exploit.

    Surprisingly — actually not, knowing how they are — suddenly, they got to work, now that it was publicized. In fact, I didn’t publicize. I just noodled around on the deck, reproducing the guy’s textures in front of him.

    I didn’t publicize that story back then, because the Lindens weren’t taking it seriously, didn’t want to try to stop it for ideological reasons, argued with me, and I couldn’t see why, under those circumstances, I should become part of the thiefing griefery of Second Life and enable some fucktards to go hunt for the exploit and terrorize others with it. So I let it go.

    Months later, I discovered it was fixed in a way that suggested to me that could have been done instantly, but for the ideological hobbling on the subject. But it’s probably not perma-fixed.

    Seeing this one, I had to laugh, because I recalled how much arrogance and cynicism we all had to endure with these superior dimwits telling us that scripts could never be copied but textures, ah, too bad for you. During those debates, I would often ponder pointedly to the effect, ‘I wonder if scripts were copyable if we’d see this same laissez-faire and superior attitude” — whereupon I’d be treated to *more* superior lectures from tekkie-wikinistas about how scripts CANNOT be copied because they are SERVER-SIDE dummy, and textures are copied CLIENT-SIDE blah blah de blah. And I thought to myself, but any human system can have errors and enable copying, that’s retarded, with that kind of attitude, they are cruisin’ for a bruisin’, no?

    TT, from what I could tell, randomly looking around, it was ALL scripts. That was all as in : “a random any script you could reach”. And these people reporting the story said “all” because they tried “a random any they could reach.” Then my more sophisticated source here also pronounced “any” and “all” because of their repro’ing. That’s enough for me to say “any”. Surely, perhaps there are some statistically insignificant scripts that are not breachable, I dunno, ask the experts. From the way it was explained to me, “all” seemed to be the reasonable and prudent assumption.

    Most likely LL wanted to pull their punches a bit on this.

  12. Tenshi Vielle

    Jun 17th, 2007

    Prok, your last comment made me smile. You are a cheeky bugger, but you sure get shit done. Congrats. :)

  13. TT

    Jun 17th, 2007

    Thank you Prokofy, I wasn’t attacking or doubting anyone, just wanted to understand the magnitude of the crisis a little better. As there are only a few possible combinations of permissions on a script, I think it’s safe to assume that if 100% of random scripts within a certain sample have all been equally compromised, then indeed, any LSL script could have been hacked open in the same way while the bug was at large. LL probably used “certain scripts” in their blog to make the problem appear smaller than it really was.

  14. Yo Brewster

    Jun 17th, 2007

    Damned LL you know the drill – close the grid down ASAP when a bug like this has been confirmed! About copying objects, there is unfortunately nothing LL can do about this besides take action in cases where abuse is reported. Unfortunately, LL doesn’t really seem to care to much about all the DMCA that have been filed as the abuse continues and more and more people are started to sell copied objects without any repercussions.

  15. Anonymous

    Jun 17th, 2007

    Good piece, Prok.

    And LSL Scriptor, I hope you do get that thing going so people can find Lindens.

    coco

  16. Ethan Schuman

    Jun 17th, 2007

    Actually Mikael, you are very incorrect, and I don’t appreciate that tone. Avil was one of the few people I told about the exploit after Anthony Lehane and I had fully grasped the magnitude of the bug. Why did I do this, you ask? Because when I tried to notify Harlequin to have him take issue orders for troops to take protective measures, I got no response from him (I assume I’m still on his mute list). I had filed my bug report before telling Avil of the bug, who wanted verification of it before he issued the order to the Alliance Navy. I might not like the AN, but I don’t think they should have more of their stuff ripped off (again). However, Avil was among a group of people with personal contact information for Lindens, so he assisted in the effort to make direct contact with them and get the bug repaired.

  17. Prokofy Neva

    Jun 17th, 2007

    BTW, let me note that the Blingsider has this story up now, which Tateru sniffs was on Hakim Gazov’s blog May 11.

    She doesn’t even link to the Herald, although she mentions the source publicized first by the Herald, Ethan Schumann. Now is that lame or WHAT? I always give credit to the Blingsider! Tacky, tacky, tacky.

    She tries to subdue the story too, in true fangirlz fashion, making it sound like some routine buggyness.

    I could add here that this link she provides to the Voter 5 blog was put on my blog ages ago, that is, not long after it first appeared May 11. Most of us just ignored it. It was a griefer putting up a claim that seemed pretty farfetched that he could copy everything. And while fuel attention to exploits?

    You can also read a huge section just on me, how flattering, filled with fake statements, and batting of eyelashes, claims of innocence, and more Eddie Haskell stuff — and plenty of mysogenist tripe — and as I’ve come to realize, probably more than a little racism, too.

    You have to wonder if the Lindens could see this claim May 11th, why they didn’t take it more seriously.

    I guess that’s because libsecondlife, or Open Source this or that, or Baba Yamamoto, who would have seen it and understood it, didn’t fell like telling them, or didn’t think it mattered.

  18. Ceeq Laborde

    Jun 17th, 2007

    This exploit was MUCH more significant than all the ‘copybot’ fuss few months back.
    Outrageous indeed. Very disappointing from a business perspective and in terms of the future of SL as a platform for real e-commerce.

  19. Artemis Fate

    Jun 17th, 2007

    “It’s amazing how those of us who were trying to alert LL were ignored, until Prokofy posts this article.”

    Well, a big hole in the White House’s security doesn’t become a REAL problem until they start talking about it on CNN. Especially since the Herald has been a big target for PN griefers lately. So putting it out in the open in a network viewed by griefers turned it up from “get it fixed soon” to “GET IT FIXED NOW!”

  20. Raideur Ng

    Jun 17th, 2007

    Assuming its been fixed and dealt with, what -exactly- was broken where? Which scripting call was broken? So far I’ve heard “LSL was broken, exploits, etc” but no one has pointed to anything.

    I can’t really think of any LSL call that would be able to violate permissions like that.

    Just curious, seeing as no one sites their sources and quite frankly this entire article is purely speculation.

  21. Prokofy Neva

    Jun 17th, 2007

    Radeurs, it was confirmed, multiple times over, and the Lindens have put up 2 notices about it, one which says it was fixed and is being patched by rolling restarts. To say more about it merely only aids griefers. Your skepticism is understandable, but misplaced.

    Ceeq, I’m always amazed at this rigid orthodoxy of tekkies, the all-or-nothing approach which fails to undertand the complex organics of human life. So they had a bug? So they fixed it? So they try? I mean, why is that a reason to conclude they “aren’t a platform for e-commerce”. I didn’t shutter my business’ doors due to this bug, even seeing how serious it was. Something like this technology is fairly new as a mass, actually-operating software, as distinct from the abstractions about its capacity when its parts are examined in isolation.

    Artemis, I don’t know if people who work on difficult things like fixing bugs somehow “work better” under the pressure of press coverage, maybe just the opposite. But what it might do is help galvanize tekkies who are caught this very all-or-nothing vice grip I’m noting here: that they find a solution, it works pretty well, but they hold off deploying it because they think, well, it’s perfect. The perfect is the enemey of the good.

  22. IntLibber Brautigan

    Jun 17th, 2007

    Actually Mikael, Ethan did report the bug, I have the bug report number cause he had to use his personal connections through me to get LL’s attention on the issue. Ethan is also right, that we shouldn’t rely on personal connections to get serious bugs like this dealt with expeditiously, esp on weekends.

    I’m not surprised the arrogant punks at AN are trying to claim credit for this tho, they claim credit for everything else that happens too, except of course when they crash sims with their laggy weapons, launch attacks in civilian sims, and forget to pay the tier on their own sims for THREEE MONTHS….

  23. Prokofy Neva

    Jun 17th, 2007

    I’m so glad Intlibber has a hotline to the Lindens. I wish I could get a hotline like that for weekends especially. Those megaprims on 2 of my sims were really annoying, for example. I’m going to crinkle my tinfoil hat here and note that just as I decided to post this story, the megaprims arrived. I was just telling someone one IM away from a personal Linden connection that I was going to publish the story, and pushed SEND, when instants later, whooops, I have a face full of megaprim. I have no doubt that Linden got on their IRC. And I have no doubt that their IRC is, well, infiltrated, and maybe not by hostile forces, shall we say. And that the word went out to the sobels, “Get him”. It’s just my spidey sense. I have no way of providing this. Just one of those special SL moments.

    Taking the Lindens side for a moment, however, how could you devise a really good emergency comm system that wouldn’t get junked up with people saying “He’s waving a tree into my house!”. Everyone imagines their emergency is a true emergency. How could you really filter it so that Lindens didn’t spend acres of time filtering through irrelevant reports?

    And as much as Desmond — gosh, acquiring a conscience about such things suddenly — is banging on my blog about this concept, which is merely logical (not perfect, and not one I’d use): they need to have a system where those with more responsibility, whether more land or more experience or more customers or whatever criteria you want to put in, are the DEW line for these sorts of things, and acquire a kind of “trust rating” for the reliability of reports.

    What would be far better is to have a normal country with separation of powers, local police precincts and citizens’ advice bureaus or volunteer groups or whatever. But we don’t have that. And won’t have that. And they’ll never allow something like that.

    So you have to work with their own elitism and try to get that elitism at least serving the general public somehow.

    You could have a group of trusted volunteer firemen who simply set themselves up and agree to watch the grid informally, with their own relay systems, etc.

    But that would rapidly become filled with all sorts of swaggering types of the kiddies role-playing police in the WAs.

    How could you make sure that REAL qualified people got into it? Well, you could have people try out for it and be chosen — but that gets you back to the huge backlog of “mentors” and such.

    The volunteer system should therefore just get started without Lindens. Lindens bottleneck it; they chose their pets; they fall back on the FIC every time. So people who care about the grid and don’t like having stuff like this back up and be on the backs of a few weekend Lindens under the gun should think of how to put this together fairly and squarely.

    For all his bluster here, Intlibber, who claims he was “in on it” didn’t think to PUBLISH that information. He figures he and his Linden friends will take care of business, because they are Large and in Charge.

    But publicity is really a good weapon in many ways for something like this. It warns people, it makes those in charge feel accountable, and it makes them find solutions in stead of dithering over abstractions.

    A little claustrophobic security state with Angel Fluffy and Travis Lambert and the gang isn’t really an accountable volunteer fire department either.

    Sometimes I despair of Second Life.

  24. Nicholaz Beresford

    Jun 17th, 2007

    )) Outrageous indeed. Very disappointing from a business perspective and in terms of the future of SL as a platform for real e-commerce. ((

    Bugs happen … everywhere. If you we’d not learn to live them (albeit fixed swiftly when happening), we’d probably still stuck with oxcarts.

  25. One Song

    Jun 17th, 2007

    Actually Prokofy, setting up such system wouldn’t be hard at all. If all you need to do is be sure that Linden Lab is informed when something like this is discovered.

    All they need to do is have the liaison(s) on duty be responsible to listen to people who would report such problem. Then that Liaison could ask the resident who discovered/reported the exploit to replicate the exploit beneath his “eyes”, or teach them how to reproduce it themselves.

    “How do you stop people from wasting a Liaison’s type with things like: ‘Mr Bloggs’ replicated my dress?”

    Simple, you update the T.O.S. to include that a Liaison can only be disturbed in a emergency manner if whatever was found, is an exploit that will affect all or most residents on the grid and is liable to create a lot of discontent if word gets around. People that abuse the system, can always be punished by a nice 4 week ban. I know you will most likely disagree with this point,
    but this is the only reasonable way we can make sure Liaisons don’t have their time wasted by some griever or such. In the case of unverified accounts, the Liaison needs to just make an instant intelligent judgment to whether he will spend his time verifying the report from this possibly untrustworthy individual.

    I don’t know whether this next part has been already been implemented or not…
    Every Liaison should have the power to turn off the grid upon confirming such report and/or shutting off whatever section of the platform is impaired (eg. Stop Scripts from being Opened/Edited).

    Shortly, after contacting which ever developer(s) that is responsible of dealing with such emergencies. Some of you again may disagree on this entirely, but I think its fair and easy to say that sacrificing some “donkey” resident pointlessly dancing in some club getting all mad that their favorite “game” (thats how those newbies see SL) is currently down Is well worth their sacrifice and everyone else’s if the reason the game is being shut down is to protect the intellectual property of residents.

    Linden Lab, truly, you should always and try look after the best interest of your residents, as opposed to just watching your bank accounts grow by the minute. We all know you a business like every other business and with the prime purpose is making cash and feeding your families, but you are also responsible for safeguarding the intellectual property of your users on a scale that only is beat by patent offices. Second Life’s content is mainly composed by an Elite few that have devoted and invested a lot of their time and energy creating cool stuff for your platform; therefore, these are the residents you need to “babysit” the most. I use that term cause most of us are aware of treating us residents like we’re your babies or children. If we were to refer you as our parents god you can make real lousy ones sometimes. :( But thats ok too, we know that no one or no group of people are perfect.

    The purpose of this comment is not to just bash you guys. Some of us realize the hard work you into the platform and how difficult it must be to upkeep such large and daring project; and couldn’t begin to imagine just how tough that can get when things break.

    So we applaud you on that! We are all very thankful for all your efforts so far.

    Second Life is by far the coolest massive collaborative environment ever created (/me claps and salutes) Good Job Lindens!

    I think thats it from me. I’ll be looking forward to reading replies made to this comment if there are any.

  26. IntLibber Brautigan

    Jun 17th, 2007

    Actually, Prok, I thought it was a rather outrageous breach of security for James Linden to announce what the bug WAS before the grid was taken down, thus giving lots of neer do wells who may not have been aware of the bug a chance to rip off some valuable scripts before things got stopped. I suspect the damage was much worse than it could have been because of this slip by James.

  27. Prokofy Neva

    Jun 17th, 2007

    One Song,

    I’d have to disagree with a number of premises you have here. First, you imagine that these people running Linden Lab “are a business like any business whose first job is to make money and feed their families.”

    Are you on drugs? These people do not *need* to make money. They do not *need* to think in ordinary terms like “feeding their families”. They are fabulously wealthy, and if they lose some on this, they have lots left over. They are not motivated by the profit motive. This is a rich man’s toy. But it’s rich men who want more than a toy and more than cash, they want influence and power, and that’s much more fun and rewarding.

    They also aren’t your parents or babysitters. They are influencing the masses and the decision-makers — you are merely a load test for them.

    Your system for emergency response sounds good, except the Lindens would never put a liaison in charge of deciding whether to shut down the whole grid. That has to be an office Linden.

  28. Prokofy Neva

    Jun 17th, 2007

    Actually, Prok, I thought it was a rather outrageous breach of security for James Linden to announce what the bug WAS before the grid was taken down, thus giving lots of neer do wells who may not have been aware of the bug a chance to rip off some valuable scripts before things got stopped. I suspect the damage was much worse than it could have been because of this slip by James.

    The Herald announced it before James, Intlibber.

    And you simply have a different world philosophy, evidently, that posits that elites who know what’s best should run things because lesser beings are too stupid.

    Why predicate everything on what griefers are going to do?

    Warning the public also enables them to do things like get all their items in inventory, close their stores or block their parcels. It gives them information — and hey, information wants to be free!

    Why should only a privileged few coders and their little friends and posses get this information, and if the rest of us demand it or publish it, we are in the same camp as griefers?

    Publicity is always the best weapon; sunlight is the best infectant. It’s not technically superior, but it empowers people and people are the ones who have to run human systems, not machines, not machines run by elites.

    There’s always a problem in publicizing something like a terrorist attack or plan. What if that gives out information how to perform a terrorist attack? What if that weakens one’s country in the face of an enemy? But history has always shown that giving out more information to the public rather than less accomplishes not only warning to be prepared but also makes the government accountability. It also means that not only terrorists and elites have the information, or griefers who mean to do ill.

  29. IntLibber Brautigan

    Jun 17th, 2007

    Its funny, Prok, that you are the one who bans people for exercising free speech, you are the one that wants to ban people advertising on their own land, and confiscate their land, you are the one who calls noobs wearing ad sandwichboards trying to make a few linden, “fucking nooby fucktards”, yet you call me elitist.

    When it comes to the security of everyones intellectual property, telling more scam artists how to steal more is the height of irresponsibility. The distinction between you reporting it here, and it being admitted to by LL, is that half of SL doesn’t believe half the things you say. Further if you were really a journalist, you’d be responsible and send your article first to a linden who was online and say, “Fix this bug, take the grid down, or this article runs.”

    Your right to blabber your lips ends at the boundary of my intellectual property.

  30. Mako Mabellon

    Jun 17th, 2007

    Prokofy Neva: you’re missing the point. Copying textures allows users to commit copyright infringement and affect people’s sales. Being able to view scripts that shouldn’t be viewed totally compromises the security of various inter-script communication systems until new scripts can be rolled out. As an earlier SLH story demonstrates, this can be very damaging (to the tune of L$200,000, in that case – although that one was due to bad design rather than Linden screw-up).

  31. Prokofy Neva

    Jun 17th, 2007

    Prokofy Neva: you’re missing the point. Copying textures allows users to commit copyright infringement and affect people’s sales. Being able to view scripts that shouldn’t be viewed totally compromises the security of various inter-script communication systems until new scripts can be rolled out. As an earlier SLH story demonstrates, this can be very damaging (to the tune of L$200,000, in that case – although that one was due to bad design rather than Linden screw-up)

    No, Mako, I totally get your point, more than you do.

    You think that because scripts “make the world work” and textures “are just decorations” that scripts are more important.

    You’re absolutely convinced, as can be seen, that scripts do really manly important things like compromises the security of various inter-script communication systems and those are oh-so-much more important because they involves things like Slexchange and vendors.

    But those scripts make up a fraction of the world’s products. And there are tons more textures and objects potentially affected by a copying device spread over the grid than there are scripts. There are likely more designed items (furniture, skins, clothing) than there are scripts.

    That’s not to say scripts aren’t important; they are. It’s just that you, with your narrow focus on things you think are “mission critical” have a very skewed view. You’re like a lot of the tekkies we had to deal with during Copybot, when we had to hear sneers, and guffaws and laughter about copying dresses.

    So compromises the security of “various inter-script communication systems is copied”? I mean, um, security for WHAT? A casino object? Do you think if you just wave the word “security” over a thing it’s like holy water?

    I’m trying to get you to see that it’s just as ridiculous to scorn the concerns about copying brought about by Copyright. People’s creations, their livlihoods, their earnings are affected just as much — if not more. If a script has some more universal or more global importance as a mover of the world, that doesn’t give you the right to be superior about it.

    I wish something like this breach would bring about some humility in some people. Why does that never happen?

  32. Prokofy Neva

    Jun 17th, 2007

    >Its funny, Prok, that you are the one who bans people for exercising free speech,

    Um, that’s pretty retarded. I don’t “ban people for exercising free speech”. I have rules on my blog that require a) a SL name and b) not seriously inciting and causing me or others SL or RL damages. Very simple. Copiously explained. Amply defined. Used on a handful of people.

    Uh…so are you referring to Tizzers Foxchase coming to a public meeting and being banned? Sure she is. Because she’s an orchestrator of griefers who cunningly pretends not to be doing this. Five seconds after she is banned, her Woodbury Security goons are on site, spraying textures, particles, in racist get-ups and props, trying to insert giant objects on to the parcel. We all saw it. And she continues to try to invade rental properties, tries to rent properties — which she does merely to insert herself, because once again, she trails in with her goons, who grief my tenants with weapons and particles. We see through this gambit, Intlibber, I’m constantly amazed that you don’t see it.

    So I hardly find any “censorship” or “banning of free speech,” that’s retarded. I have the right to identify conspiratorial groups that have united for the sole purpose of griefing — and griefing ME by the way — and keeping them from disrupting events. That’s not curbing free speech, that’s *making it possible*. Learn to know the difference.

    you are the one who calls noobs wearing ad sandwichboards trying to make a few linden, “fucking nooby fucktards”, yet you call me elitist.

    I tried to work with these people for days. In fact, if you see my original Herald piece about them, I thought they were great — at first — but then they invaded my community, flew into people’s houses, bothered them, harassed them, walked around only my area next door, instead of doing what the scheme called for, which was to go around SL *advertising* with the sandwhich boards which was their *job*. Instead, these loafers just walked around on my public commons soaking up the $10 Linden payments on the hour or whatever, and did no advertising, and just used up the sim’s entire resources, filling it up with 40 people so that my paying tenants, on my land I pay tier for, could not come home. Sorry, that’s crime. That’s destruction of value. That’s harm. That’s a lawsuit. That’s not “free enterprise,” or even “laissez-faire capitalism,” it’s using a scam to undo someone else’s legitimate property values. so that’s when I had to declare war on them. I don’t intended to stand idly by while some bot-swooping land dealer on a fake alt sets up a center on 512 m2 with 40 avatars crowding into it who spill over on my land to do their Linden-sucking.

    The problem with this whole anarcho-capitalist Snowcrash crap is that it’s absolutely and deeply fucked when it comes to the notion of *other people*. It has absolutely no capacity or empathy or even practical self-interest to realize that you don’t get to enlarge your value and wealth by actually criminally destroying someone else’s. RL doesn’t let you do that, and there’s no reason to allow simulated life to do that, either. Most capitalists even of the rapacious kind have the good sense not to do something like commit outright crimes of theft and destruction — if only in self interest.

    >When it comes to the security of everyones intellectual property, telling more scam artists how to steal more is the height of irresponsibility.

    Gosh, all of a sudden you’re worried about intellectual property? You have a poor track record on worrying about somebody’s simulated real property, so I hardly find you sincere here. The people with the intellectual property have the right to know; they aren’t children. They need to be treated like adults and given the information they need to be independent, and not be in a nanny state with Lindens making all the decisions.

    >The distinction between you reporting it here, and it being admitted to by LL, is that half of SL doesn’t believe half the things you say.

    Their loss.

    >Further if you were really a journalist, you’d be responsible and send your article first to a linden who was online and say, “Fix this bug, take the grid down, or this article runs.”

    That was done, in fact, but I’m not going to provide details. You assume a lot, and know less.

    >Your right to blabber your lips ends at the boundary of my intellectual property.

    Wow that was clever. Use your mute button in your fascistic Linden state, dude, have fun.

  33. Angel

    Jun 17th, 2007

    There are already quite a few devices that can report the status of hidden people. I use one called an Enhanced Online Indicator that on a touch can report the true status of almost anyone (not Philip Linden though).

  34. Hazim Gazov

    Jun 17th, 2007

    Feh, I have better exploits than this one.

  35. IntLibber Brautigan

    Jun 18th, 2007

    “Gosh, all of a sudden you’re worried about intellectual property? You have a poor track record on worrying about somebody’s simulated real property, so I hardly find you sincere here.”

    I’d like to know what the hell your talking about here. I have a very strong record standing for peoples property. Sounds like more crazy cat lady jibber jabber to me.

  36. Reality

    Jun 18th, 2007

    “Um, that’s pretty retarded. I don’t “ban people for exercising free speech”. I have rules on my blog that require a) a SL name and b) not seriously inciting and causing me or others SL or RL damages. Very simple. Copiously explained. Amply defined. Used on a handful of people.”

    Sorry dear – the first one is an excuse to get avatar names to harass and/or blame for every little thing that ever happens to you – not valid anywhere. The second is a simple bullshit excuse that you can use for even the slightest little thing.

    Sorry – in that one you fail rather horribly in attempting to rationalize you own inability to deal with critical comments – the messenger and their name means jack shit: It is the message.

    “You assume a lot, and know less.”

    Hmm, funny, many could say the same about you and describe your entire life with that simple sentence.

    Oh – by the by dear, I’m still waiting on your scientific evidence to back up all of your claims for Second Life.

  37. Prokofy Neva

    Jun 18th, 2007

    Um, if you care about people's property -- besides your own -- you will stop talking mumbo-jumbo about 16 m2 sign extortionists being about "the right to advertise on your own land" and grasp that it devalues other people's land, is criminality in a very accelerated and rapid way, reducing somebody's investment in a sim to zilch by uglifying the landscape, and is an unethical business practice. When you can grasp how ad farms destroy value, and undermine investment, and ruin communities, and force people to lose their business, then you'll be ready to claim you "care" about property.

    But then...this is on the mainland, and as an island owner, you may likely be like other ruthless island owners, interested in devaluing the mainland to cause people to flee to your island domains.

  38. Prokofy Neva

    Jun 18th, 2007

    >Sorry dear – the first one is an excuse to get avatar names to harass and/or blame for every little thing that ever happens to you – not valid anywhere. The second is a simple bullshit excuse that you can use for even the slightest little thing.

    You put a SL name on your comments, and you don’t cause or incite RL or SL harm to me, i.e. destroying my properties by griefing or calling me at home in RL, you can post whatever the hell you want on my blog. Simple rules. Otherwise, start your own.

    I don’t have the time to go chasing people inworld to make comments to them. I save that for rare occasions. They often do that to me, however.

    You are a bully, and a coward.

    I think it’s the most valid thing anybody has ever come up with in Second Life forums and blogs, frankly. If everwhere this policy obtained, you couldn’t have the evils you have in places like SC. You also wouldn’t be able to get something like arbitrary bans for what people say critically, you could only barn them if they wished or caused actual harm.

  39. Reality

    Jun 18th, 2007

    “You are a bully, and a coward.”

    Sorry dear – that’s you, not me. I don’t bully anyone, nor am I a ‘coward’ for refusing to give you what you want: The ability to harass me within Second Life.

    Kindly cease your little lies in this regard – your track record is known quite well: If you do not feel the need to harass someone in world you will do so through your Blog, citing bull shit ‘rules’ to use whenever someone posts something you do not like.

    Again dear – it is the message and not the messenger that counts, something everyone learns at some point in their lives.

    “You put a SL name on your comments, and you don’t cause or incite RL or SL harm to me, i.e. destroying my properties by griefing or calling me at home in RL, you can post whatever the hell you want on my blog. Simple rules. Otherwise, start your own.”

    No dear – the type pad system accepts all user names, not just Second Life names. Do be a dear and fix that if you want to enforce such a trite and meaningless ‘rule’. Otherwise you are, again, using your limited power to control what is said on your blog.

    Want to talk about harm dear? Look to yourself hmm? You blame everyone but yourself for each and every one of your troubles: You my dear are rather pathetic.

    simple rules? wrong dear – they are utter bullshit and merely there to give you an excuse to use to control information you do not want to be seen: Again, pathetic.

    You do not get a free pass – sorry dear.

    Want a Second Life name from me? Find it yourself, do a little work for your next target, hmm?

    In the future, it may behoove you to remember that you are posting using a false name: Prokofy Neva exists nowhere in any current database of persons living within the US – or anywhere for that matter. If you wish to preach about ‘accountability’ then my dear you are the first person that needs to drop the act and the pseudonym … No one else.

    I notice you still have yet to provide any credible, irrefutable scientific proof to back up your claims of ‘living in’ Second Life. You have yet to provide any sort of proof of the kind mentioned above for all of your claims.

    In the future Prokofy, kindly think your outright lies out before responding to me, m’kay?

  40. Mako Mabellon

    Jun 18th, 2007

    Prokofy Neva: the reason I pointed out that being able to view scripts is a security issue is that, since textures and objects are sent to the client, being able to copy those isn’t a security issue – if anything, it’s a DRM issue. (Of course, being able to copy non-copy objects on the server *would* be a security issue).

    This may seem like a pointless distinction, but it’s not. It’s theoretically possible to have a totally secure server (though whether you can tell it’s totally secure is another question entirely). It’s theoretically impossible to have a totally secure DRM scheme, and in practice schemes designed for use on normal computers generally get cracked sooner or later.

    (Actually, the Lindens didn’t even try that hard. Now that the client is open-source, it’s not worth it, either – and despite what you say, they did have good reasons to open-source the client, the main ones being that it was good publicity and they could get some of the bug-fixing work done for free. If they’d kept the client closed-source, coded a really paranoid DRM scheme, and shut down the grid and rewritten the DRM code every time it was compromised, they could’ve made copying objects and textures harder. Of course, this would have to be done at the expense of grid and client stability and testing…)

  41. Panda

    Jun 18th, 2007

    “So compromises the security of “various inter-script communication systems is copied”? I mean, um, security for WHAT? A casino object? Do you think if you just wave the word “security” over a thing it’s like holy water?”

    So, Prokofy, which do you think is more damaging?

    a) Someone copying a texture.
    b) Someone reading, for example, SLExchange, SLBoutiqe, or Ginko bank terminal scripts, faking deposits/withdrawals, etc.

    If you answered a) above, you truly are a retard.

  42. Proteus Hand

    Jun 18th, 2007

    Y’know, I bet the writers of these articles get a huge ass laugh when the scroll down and watch the arguments appear like colonies of bacteria halfway down the page.

  43. Raideur Ng

    Jun 18th, 2007

    *Points up*

    Agreed, Proteus, and Avil informed me what the exploit was, unlike everyone else here. Glad its fixed.

  44. Prokofy Neva

    Jun 18th, 2007

    >So, Prokofy, which do you think is more damaging?

    a) Someone copying a texture.
    b) Someone reading, for example, SLExchange, SLBoutiqe, or Ginko bank terminal scripts, faking deposits/withdrawals, etc.

    >If you answered a) above, you truly are a retard

    I’m going to be a “retard” then, champ, because here’s how it works, and here’s why — and why YOU are the retard:

    1. A massive copying device enters the world and it’s malicious makers put it up for sale — it can copy any outfit, any look, any textures, any skins. And this in a world which has a huge percentage of the economy tied up in retail precisely of people’s original creations in textures and skins. That device not only forces people to close their stores, it actually — let’s hypothesize — begins to copy and give away or resell everything so that creativity is utterly undermined. People stop creating, or never come back, and the criminals win. The world is demolished, the world carefully made up of people’s creations that they laboured over — their labour has value, and their creations do.

    2. A device comes in that can copy scripts. Those with financial websites close them instantly upon hearing about it. Devices that talk to third-party websites have scripting inworld that might wind up copying, but they also have programming on the back end on the website, and I’m thinking that if they see suspicious activity, with security systems built in, they may not issue withdrawals. Alarms go off — they have ways of protecting themselves. Creators don’t.

    Scripts and programming *do*; creations *are*. The scripts can be copied, but the exploiter would have to go find the scripts and “do” with them — and there are more ways of blocking that off on properties and thruogh locking accounts than there are of copying the “being” of textures which are everywhere.

    Scripts *feel* like they are “more important” because they are made by programmers who themselves feel they are more important. It’s just their perception. Many other things are important in the world. The world has ways of dealing against the threats against scripts that it doesn’t against other types of creations.

    If a script is compromised, and a Ginko or SLB loses money, they fix the whole, and they go on. They revise the script, they resume functioning.

    If textures are copied in a widespread manner, in completely undermines the world of fashion and design. Nobody can be assured then that they can sell unique creations. They can’t just fix a line in a texture and have it be safe again.

    Thus, the damage is more far reaching and long lasting — as it has been in SL. And it’s typical that a scripter would see this problem as “someone just copying a texture” verus OMGODZORS a special an important secure facility being compromised GASP.

    I fail to roll with the induced drama. You have to look at the bigger picture.

  45. Prokofy Neva

    Jun 18th, 2007

    >Sorry dear – that’s you, not me. I don’t bully anyone, nor am I a ‘coward’ for refusing to give you what you want: The ability to harass me within Second Life.

    Hi, Fucktard! I’m not you “dear”. You’re the bully and the coward, continuing to hide behind a false nickname, misnamed “Reality,” which is about as fictional as it comes. Aren’t you the least bit ashamed at how lame that is lol?

    >Kindly cease your little lies in this regard – your track record is known quite well: If you do not feel the need to harass someone in world you will do so through your Blog, citing bull shit ‘rules’ to use whenever someone posts something you do not like.

    No, I don’t harass people, anyone can post what they like, and there have been some really long-running hate campaigns as a result, but they have to put their SL name. I don’t cite bullshit rules; I cite the same 2 rules every time.

    >No dear – the type pad system accepts all user names, not just Second Life names. Do be a dear and fix that if you want to enforce such a trite and meaningless ‘rule’. Otherwise you are, again, using your limited power to control what is said on your blog.

    Tools don’t rule; people rule. I don’t care what Typepad does. I’m not interested in making one of those cumbersome forums that requires inworld objects to valid the avatar to post on the site. They sometimes don’t work; people have trouble getting them to work, and I don’t wish to go that route. Most people comply, and put their SL names *shrugs*. A few retards and cowards and bullies don’t. There’s nothing typepad can do about it, it’s not their problem and they don’t have the template for it. What they do have for IP bans works good enough tho *shrugs*.

    >Want to talk about harm dear? Look to yourself hmm? You blame everyone but yourself for each and every one of your troubles: You my dear are rather pathetic.

    I don’t have troubles : )

    I expose assholery and I fight back : )

    Like I’m doing now? Most people would ignore a troll like you — I continue to expose your weaknesses and cowardice.

    >simple rules? wrong dear – they are utter bullshit and merely there to give you an excuse to use to control information you do not want to be seen: Again, pathetic.

    Well, most people would say “it’s my blog, I can do that”. But, whatever. I actually don’t use that Tony Walsh excuse; I make rules, and I stick to them.

    >You do not get a free pass – sorry dear.

    Actually, I do, because it’s my blog?

    >Want a Second Life name from me? Find it yourself, do a little work for your next target, hmm?

    I don’t target people needlessly, and needling me on a forum isn’t going to warrant an inworld chasedown. You imagine you have greater importance than you do.

    >In the future, it may behoove you to remember that you are posting using a false name: Prokofy Neva exists nowhere in any current database of persons living within the US – or anywhere for that matter. If you wish to preach about ‘accountability’ then my dear you are the first person that needs to drop the act and the pseudonym … No one else.

    No, Second Life is predicated on the idea of accountability of the avatar within the SL space. And I stand by it. I have a reputation inworld, and I stand by it. You obviously don’t. More’s the pity. Do be a dear and go get a good reputation you can stand by inworld, hon, you must be a griefer with a name you’re embarassed to “share”. Run along now.

    Look on the Lindens' statistics page, do be a dear, and run along now.

    >In the future Prokofy, kindly think your outright lies out before responding to me, m’kay?

    In the future, Reality, kindly eat a shut-the-fuck-up sandwich, mkay? buh-bye!

  46. Prokofy Neva

    Jun 18th, 2007

    >This may seem like a pointless distinction, but it’s not. It’s theoretically possible to have a totally secure server (though whether you can tell it’s totally secure is another question entirely). It’s theoretically impossible to have a totally secure DRM scheme, and in practice schemes designed for use on normal computers generally get cracked sooner or later.

    Well, talk to Panda about this, since he thinks it’s a security issue. It’s not vital to me to make this distinction; my point is merely that we can see from this incident that scripts are not “special” and also we can point out they aren’t “more important”.

    And we could note that the Lindens dropped everything and FIxED the ability to copy scripts in ways they SURE AS HELL DID NOT DO with Copybot and textures. It took them days to make up a TOS policy that they couldn’t back up with technology — for ideological reasons, as they wouldn’t work on this as a priority, or concede that making a good-faith effort to tackle it through a variety of even imperfect technical means and non-technical policies was the key to a solution.

    >(Actually, the Lindens didn’t even try that hard. Now that the client is open-source, it’s not worth it, either – and despite what you say, they did have good reasons to open-source the client, the main ones being that it was good publicity and they could get some of the bug-fixing work done for free.

    Could you please point to some really good examples of “bug fixing gets done for free?” And I don’t mean some picayune little thing, something major, something that really effects the quality of life. Well…?

    And…what kind of place is it that has to enlist free slave slavery to get a product finished?

    >If they’d kept the client closed-source, coded a really paranoid DRM scheme, and shut down the grid and rewritten the DRM code every time it was compromised, they could’ve made copying objects and textures harder. Of course, this would have to be done at the expense of grid and client stability and testing…)

    I don’t see these two follow, and they follow for you only due to ideological hobbling. It is possible to code the scheme, and it need not even be as paranoid as you wish — if they wish to make a world. They don’t. They wish to make software. ANd that’s why they’re evil.

  47. Lynn Loon

    Jun 18th, 2007

    Maybe it’s because I am a newb yet I don’t understand why ll needs to store the source along with the bytecode. Scripters should be able to strip the source.

  48. Panda

    Jun 18th, 2007

    “I’m going to be a “retard” then”

    Straight from the horses mouth, so to speak.

    “let’s hypothesize — begins to copy and give away or resell everything so that creativity is utterly undermined. People stop creating,”

    When Copybot was on the lose, where was the widespread copying and copy-shops popping up all over the grid with fake wares? The client is still open source, stealing textures and prims is still just as easy as ever. Where are all these closed stores and people who no longer create? Gee, they should be shutting down right about *LAST FEW MONTHS* if what you say is true. And it is NOT. Q.E.D. You lose.

    “2. A device comes in that can copy scripts. Those with financial websites close them instantly upon hearing about it. Devices that talk to third-party websites have scripting inworld that might wind up copying, but they also have programming on the back end on the website, and I’m thinking that if they see suspicious activity, with security systems built in, they may not issue withdrawals. Alarms go off — they have ways of protecting themselves. Creators don’t.”

    No, what happens is that these financial websites remove their terminals as they are no longer workable. Because:

    “If a script is compromised, and a Ginko or SLB loses money, they fix the whole, and they go on. They revise the script, they resume functioning.”

    There is no point in revising a script that can be re-read just as soon as it’s put inworld. Which is why these holes need to be fixed, and kept fixed.

    “Scripts and programming *do*; creations *are*. The scripts can be copied, but the exploiter would have to go find the scripts and “do” with them — and there are more ways of blocking that off on properties and thruogh locking accounts than there are of copying the “being” of textures which are everywhere.”

    You’ve stopped making sense. Congratulations.

    “Well, talk to Panda about this, since he thinks it’s a security issue.”

    That’s “she”, thankyouverymuch, ma’am. For someone who gets so pissed of when people don’t follow your fairytale dream of being male, you sure don’t have any problem changing other peoples genders.

    “And we could note that the Lindens dropped everything and FIxED the ability to copy scripts in ways they SURE AS HELL DID NOT DO with Copybot and textures. It took them days to make up a TOS policy that they couldn’t back up with technology — for ideological reasons, as they wouldn’t work on this as a priority”

    Because it is POSSIBLE to and necessary to fix scripts. It is NOT possible to secure textures, no matter how much Lindens or you would like it to be. I’d like to hear you explain how the Lindens should protect textures. Why aren’t people coming up with workable texture protection schemes and asking LL to use them? Do tell us how you would like to do that, because I’m sure all of the ideologically impaired tekki wikis would love to hear your ideas on the subject.

    And no, saying it’s not your job does NOT count. Knowlegable people HAVE thought about it, and come up short. If you keep insisting that there is a way, then show us the solution, or stop bitching about it..

    “If textures are copied in a widespread manner, in completely undermines the world of fashion and design. Nobody can be assured then that they can sell unique creations. They can’t just fix a line in a texture and have it be safe again.”

    Widespread hacking of scripts completely undermines the world of inworld finance, vendors and banking. Are they not important as well? If SLX or Ginko got hacked, would anyone ever trust them again? You want to extend more protection to the impossible to secure texture based content creators, than you do the very POSSIBLE to secure script based ones.

    “Thus, the damage is more far reaching and long lasting — as it has been in SL.”

    Again, where is this damage? Creators are creatin’ like ever before, and anyone caught copying is hounded until they cease, even on this very blog.

    “I fail to roll with the induced drama. You have to look at the bigger picture.”

    And you can’t see the tree falling towards your head because you’re too busy looking at the forest.

    “if they wish to make a world. They don’t. They wish to make software. ANd that’s why they’re evil.”

    LL wants to make software? OMG how evil. And there’s the rub. You want it to be a WORLD. LL doesn’t fit and fly about on your whim, thus they are branded evil.

    You’re right. “I’m going to be a retard then” is almost too good for you.

  49. Prokofy Neva

    Jun 18th, 2007

    >”I’m going to be a “retard” then”
    >Straight from the horses mouth, so to speak.

    I’m happy to match you punch for punch on this one.

    >When Copybot was on the lose, where was the widespread copying and copy-shops popping up all over the grid with fake wares?

    Copybot was more about unscrupulous — nihilist and terrorist would actually be the words I’d use — young programmers with zero ethics not only being heedless, but being maliciously and gleefully destructive. They thought it would be great to go in and scare furries and furry avatar makers, for example, and openly mocked them on their IRC.

    What’s operative here isn’t that they managed to copy anything; what’s important is that they scared and angered people tremendously. They quickly rallied and shut their stores and rallied and lobbied the Lindens. It was quite an impressive demonstration. They forced the Lindens to take action — and while they were hardly as swift as they were on a scripting copy scare, first they made it an offense to sell the copybot, then put in a ban on it in the TOS. It never could do much –
    DUH we all grasped that, and it’s been rehashed a million times, and I guess you missed the debates, and imagined you are “right” and have only to patiently and condescendingly “set me straight on this”. You won’t be doing that. Copybot undermined the economy. It caused stores to close, and some didn’t re-open. I had customers close up and cease creating or wait til they could move to islands to control their land better from griefers. All of us in retail *lost something* from this — all of us. The anti-copybot devices which were almost immediately ineffective continue to plague the world. The fear that was DELIBERATELY and MALICIOUSLY sowed in people has been long lasting — and to add insult to injury, they are blamed by their tormentors who think they’re the problem not understanding that um ‘information wants to be free’.

    If information wants to be free, if copybotting is ok, can I have your script? kthxbye.

    >The client is still open source, stealing textures and prims is still just as easy as ever. Where are all these closed stores and people who no longer create? Gee, they should be shutting down right about *LAST FEW MONTHS* if what you say is true. And it is NOT. Q.E.D. You lose.

    No, they did shut down. People went out of business. They felt burned, and some never bothered to come back in SL. Most didn’t let it get to them. They soldiered on as they always do in SL. But the point is, the Lindens *took action*. Had they NOT taken action, and it was “anything goes” it would have been completely different.

    Philip speaking at the Long Now conference does an arm-pump and a woot when somebody in the audience asks about when everything will be free to copy and there will be no copyright. Fuck him for that. And shame on him — totally. Because he’s making money off people’s creativity and their copyright now — protections he’s built into the world for now — and his cynicism, and the cynicism in Linden Lab as a whole to “temporarily” and “expediently” exploit people’s use of permissions and copyright to gain widespread use of their platform is truly evil. I hope people pick up on this, call him on it, and confront him with it.

    >No, what happens is that these financial websites remove their terminals as they are no longer workable. Because:

    No, these terminals often shut down when they have a glitch or they are concerned about the system being compromised. They have their own security measures. I think you’re just not familiar with them.

    >There is no point in revising a script that can be re-read just as soon as it’s put inworld. Which is why these holes need to be fixed, and kept fixed.

    A program on a third-party site is not beholden to the scripting problems of Second Life. Obviously security holes need to be patched. Duh? Nice circular argumentation there. You’re making it seem as if I’m arguing for scripts to be open-sourced always. But I’m not arguing that in the slightest. I argue that everything should be protected better and if hacked, hackers punished and holes closed as best as they can.

    The Lindens keep following this other pernicious ideology: “If the horse is stolen, let’s not close the barn door, let’s throw it wider open, and if they take another horse, too bad, because it’s stupid to close a barn door after a horse is stolen.”

    >”Scripts and programming *do*; creations *are*. The scripts can be copied, but the exploiter would have to go find the scripts and “do” with them — and there are more ways of blocking that off on properties and thruogh locking accounts than there are of copying the “being” of textures which are everywhere.”

    >You’ve stopped making sense. Congratulations.

    Um, maybe because I make common sense? And you don’t. Being literalist and tekkie and untethered from reality. Somebody who runs a casino, and doesn’t want to close the business could conceivable put his wares back in inventory, or make a group and let only trusted customers in, and keep out uknowns who might steal his script. They can reset their password on their accounts. There are other things that can be done obviously related to this exploit, that it’s not prudent to detail.

    >That’s “she”, thankyouverymuch, ma’am. For someone who gets so pissed of when people don’t follow your fairytale dream of being male, you sure don’t have any problem changing other peoples genders.

    How am I supposed to tell if someone is male or female? Did you have a marker that you use?

    >Because it is POSSIBLE to and necessary to fix scripts. It is NOT possible to secure textures, no matter how much Lindens or you would like it to be. I’d like to hear you explain how the Lindens should protect textures. Why aren’t people coming up with workable texture protection schemes and asking LL to use them? Do tell us how you would like to do that, because I’m sure all of the ideologically impaired tekki wikis would love to hear your ideas on the subject.

    There sure as hell are ways to protect textures — the Lindens have an ideological bias against this, however. Obviously World of Warcraft protects its copyrighted items; it does it even in the face of hackers by securing its service with all kinds of defeaters of hacking, whether scrambles or obfuscation or whatever. Extreme tekkies always sneer at obfuscation, saying it can’t work 100 percent and is defeated. So? It’s an automatic enough process that you can run it to defeat at least that 60 percent or whatever. It’s the unwillingness to put in anything that isn’t 100 percent perfect that is the hallmark of the extremist mind.

    >And no, saying it’s not your job does NOT count. Knowlegable people HAVE thought about it, and come up short. If you keep insisting that there is a way, then show us the solution, or stop bitching about it..

    People constantly meet with the Lindens and try all kinds of solutions on them — watermarking, date-stamping, obfuscation. They are absolutely ideologically resistant to this, because of their pre-determined religious belief in copyleft, not copyright. Philip’s arm-pumping tells me all I need to know about that. I had previously thought that he really believed in copyright for content creators, and that this was something that in fact he had taken away from his meetings with Lessig.

    But in true Bolshevik fashion, what this leads to is ultimately merely “freeing” of everybody’s work. It’s a strategem. Lessig insisted on it merely to confront what he saw was a potentially powerful software company that was going to have a huge influence — so he confronted them with “freeing” their own copyright and giving it “to the people”. And so they did. The minute they see that giving it “to the people” makes them successful and able to make a living, they’ll undo that, and “free it again” to give it to other people they find more deserving, either the poor of the third world, or just “everybody” since “information wants to be free”. How they imagine they can keep getting people to create value in that regime is impossible to understand — and their examples are preposterous.

    >Widespread hacking of scripts completely undermines the world of inworld finance, vendors and banking. Are they not important as well?

    I haven’t said they ARE NOT important. I said that textures and skins and such are IMPORTANT TOO. And in fact, as there are way more of them, and way more people involved making them, it’s fine to posit that they’re MORE important just to make sure that eventually they might be taken as EQUALLY important.

    >If SLX or Ginko got hacked, would anyone ever trust them again?

    But they have broken down and they’ve been fixed and worked again. If they were hacked, of course people would trust them, they do a good job at what they do and have a lot of loyal customers. Lindens were hacked — did anybody miss a log-on?

    >You want to extend more protection to the impossible to secure texture based content creators, than you do the very POSSIBLE to secure script based ones.

    I want to extend THE SAME protection and the SAME alacrity of responding to the emergency and threat to the economy. Copybot is in fact being used again, sold again, and there are allegations of prim hair theft again. This constantly breaks out, and it’s only a matter of time, unless the Lindens really break out of their ideological isolation on this, that it will become a serious problem again.

    >Again, where is this damage? Creators are creatin’ like ever before, and anyone caught copying is hounded until they cease, even on this very blog.

    Can you read? I made a hypothesis that said IF the Lindens had not created a policy and outlawed Copybot AND it was allowed to run free, the economy would collapse. Can you not grasp that? Then you’re the one who needs to get the retarded tag on.

    >And you can’t see the tree falling towards your head because you’re too busy looking at the forest.

    No, I’m a good corrective to this consistently assanine and one-sided discussion always run by arrogant tekkies who don’t make money inworld in creation of anything but scripts, so they don’t get it.

    >LL wants to make software? OMG how evil. And there’s the rub. You want it to be a WORLD. LL doesn’t fit and fly about on your whim, thus they are branded evil.

    Yes, evil, not because they want to make software and not a world — that’s just their right as a company. Evil because they exploit and extort people’s dreams as the support for their project and then discard them and their needs. That’s wrong.

  50. Reality

    Jun 18th, 2007

    Prokofy dear, your response to me does not even warrant a step by step break down – all it warrants is my laughing at how incredibly senseless you really are in actually assuming that a single word of what you typed somehow negates the truth of the matter.

    Please be more original in your outright lies, avoidance of issues and the general bull shit which you actually seem to believe, M’kay?

    This web site is not a part of Second Life – nor is your web log. Your Avatar does not do the typing, you do. Remember that dear: Your precious little Avatar exists only within the client program – nowhere else. Prokofy Neva does not exist in the real world.

    Now then dear – carry on with business as usual. By the by? try actually living in the real world for a change – it is quite a treat dear.

Leave a Reply