Op/Ed: Why Releasing Server Code is A Terrible Idea
by Alphaville Herald on 05/03/08 at 7:08 am
by d3adlyc0d3c, ex-griefer
For awhile now rumors have been circulating that Linden Labs has been considering open sourcing their server/grid code, a welcome idea for many. While some residents see this as an opportunity for freedom, to break away from the ‘establishment’, I see this very differently.
Releasing the server code will result in a final blow to the in-world economy. This act will lead to certain individuals finding even more ways to circumvent digital rights management and permissions system including stealing scripts – something residents have not had to worry about for the most part.
Individuals could log conversations of enemies that are connected to their server and use this information against them. This is a grave threat to privacy and security across the metaverse.
Had it not been for the fact that the client code was released I would never have found the security holes that I found shortly after leaving the PN. I fear that many people will find similar holes, some of even greater magnitude, if the server code is made public.
Open source is NOT the way to go if you’re are running a business for profit. Open sourcing LL server’s will result in malicious individuals all over Second Life devising new methods to DDoS the grid and wreak havoc on a whole new level. I ask that residents that share my views contact every Linden they can and make it clear what this means.
2007 has been the worst year SL has ever seen. Content theft is rampant, this past year ushered in a griefing problem of greater magnitude than we have ever seen before (which I, regrettably, contributed to), problems with the asset servers, etc, etc.
Let’s make 2008 a better year by keeping the server code where it belongs – in the hands of LL. There is just too steep a price to pay, even if LL misses the opportunity to fix some bugs sooner because they were unable to collaborate with other developers. It would be well worth it for us to suffer longer compared to the disasters that will befall us if this code is released.
Mark my words, SL will whither and die if server code is made available to the masses. It may not happen immediately, but guaranteed, it WILL happen.
Marc Woebegone
Mar 5th, 2008
Another inciteful article…. release of the server code is the best thing that SL can do finally enabling unfettered creativity. The omg, SL will die and wither routine is very old…, clearly, release of the server code does nothing but make avaiable to everyone, yes including griefers (so what), the ability to enhance a troubled concept. More servers would also ultimately lead to better globalization, and is the only way SL’s “idea” could ever compete with the tsunami of competition crossing the sea. As for the “economy”, again, so what…. money seeks money and it will thrive in one form or another. Seems the positive cash flow entrepreneurs would simply use the code to enhance their positions on this infantile platform thereby creating more products, jobs, and increasing productivity for the benefit of everyone that wants to participate in a virtual economy.
The Fire of Delight
Mar 5th, 2008
No it wont d3adly.
Srsly, we aren’t interested in killing SL, so you should have left us out of your microessay to begin with. (The PN, for those of you confused)
We are interested in removing certain persons from SL, these people being furries and other similar communites. Though we also enjoy random attacks, our goal is not the death of SL, otherwise, we would lose an all to valuble source of lulz. Furthermore, you spacemoney, the Linden Dollar, is of no interest to a PN, nor is stealing content, for a Nigra’s account is usually b& in a day at most.
Now, as to why what you suggest is a baseless fear: yes, It will, temporarily, result in security holes, however, the number of hacker faggots as oppsed to the number of drama faggots who know their codes is something like 1:30 whereas the one is the hacker.
Every time a hacker attacks the grid, a SRS BSNS person will quickly located.
Furthermore, you fail to relize one thing: LL could not give a shit about it’s customers, and they’ve proved time and again that they fail at code.
By OS’ing grid software, they both eliminate jobs, and make the public clean the code for them.
Hal
Mar 5th, 2008
Finally…
I’ve been saying this for ages and have been told repeatedly i was imagining the threat. I’m not a ‘sky is falling’ kind of person but it seems obvious to me that once scripts, animations and other server-side content become easily accessible it’s basically all over bar the shouting.
Linden have to realise now that the battle for dominance in virtual worlds is going to take place over the issue of content protection. The talent will go where their work is best protected and therefore most profitable and the (money-spending) users will simply follow – and if Linden open up the server code that place will NOT be Second Life.
Gareth Nelson
Mar 5th, 2008
http://www.opensimulator.org
If LL don’t release their own code, then quite simply the existing open code already out there will out-compete them. The only way for them to survive is to open their own code.
Angel
Mar 5th, 2008
You give yourself too much credit… your griefing attempts were as insignificant as a gnat’s bite to a hippopotamus. Most people in SL have not witnessed the type of games you play.
In terms of eavesdropping a region owner can do that now with a few simple lines of script embedded in the walls, sure they don’t get IMs but how many people talk solely in IMs anyway, a lot of juicy stuff is said in open chat.
As far as open sourcing leading to today’s rampant content theft libSL (copybot) was not a result of open sourced clients, it was reverse engineering before that even happened as OpenSIM is doing now.
LL can open source; embrace and extend; and become the central core to micropayments and standards or they can wither and die anyway as a result of their fucktarded governance and general mismanagement.
What has opensourcing the client given us? Decent programmers like Nicholaz have submitted patches that plug the leaking sieve that is SL and fixed asstachments. People have written the restrained life patches that allow submissives and masters to roleplay more accurately should they wish.
Melissa Yeuxdoux
Mar 5th, 2008
Concealing the code only means it takes some more work to find security holes, and that LL can’t enlist the help of those with the will, talent, and ethics to find and correct them.
Microsoft Windows is proprietary… how well has that served Microsoft, or the unfortunates who use it, in matters of security?
It’s been known since the days of Auguste Kerckhoffs in the 19th century: security by obscurity is a sham and an illusion.
echoMaster
Mar 5th, 2008
You’re right, SL OS server is devil’s stuff! Same as Apache servers!
Do you talk again about things you dont understand, Mr. I-am-such-a-dangerous-and-skilled-ex-griefer?
Whatever
Mar 5th, 2008
Open source is the reason that Linux is riddled with viruses and worms. Open source is the reason that Firefox is so prone to ActiveX attacks and buffer overflows. Open source is the reason that no one uses MySQL for huge, enterprise databases. Open source is the reason that Apache is so insecure and never used on public websites. Open source is why nobody uses PHP-based content management systems. Oh, wait…
Could it be that d3adlyc0d3c is just self-important script-kiddie and doesn’t really understand why open source code is LESS prone to attack? Moot point – LL is dying anyway.
dandellion Kimban
Mar 5th, 2008
LL doesn’t need to release code, it is already out…. ever heard of OpenSim? Beside that, obscurity is never a way to security. Not only that it doesn’t working but if you have to block the free development of software to keep it safe, you are not doing it right. And open source is business. But you were just hired (by your own self?) to write a bit of noise making propaganda here, aren’t you?
Prokofy Neva
Mar 5th, 2008
d3adlyc0d3c is a Linden Lab double agent who was caught, bribed, blackmailed, and turned, and is now being exploited to drop propagandistic ideas and disinformation into the minds of the masses through its agitprop megaphone, the Second Life Herald.
Prokofy Neva
Mar 5th, 2008
>People have written the restrained life patches that allow submissives and masters to roleplay more accurately should they wish.
Gosh, that sure sounds like progress!
Prokofy Neva
Mar 5th, 2008
It works good enough. Good enough is all you need with a pack of script kiddies at the gates.
Oh boy
Mar 5th, 2008
What people here dont realize is that once people can run their servers, anything you bring into the sim can be copied by them. anything! Down to the scripts because the server needs to know everything about an object
people could even mod the server to show data of running scriipts and asset requests go through the server. reading a notecard? so can the server owner. passwords in a script? server owner can read it
LL will just not allow everybody to connect to their grid!
Lilly Zenovka
Mar 5th, 2008
How can you make so stupid assumptions ?
“Open source is NOT the way to go if you’re are running a business for profit” <— ask every web hosting companies running LAMP wether this ‘fact’ is true or not….
d3adlyc0d3c
Mar 5th, 2008
‘You give yourself too much credit… your griefing attempts were as insignificant as a gnat’s bite to a hippopotamus. Most people in SL have not witnessed the type of games you play.’
Firstly use past tense, since that is what it is. I am no longer griefing. Secondly my griefing was serious enough to crash the asset servers repeatedly in the beginning of january when they banned my legit account taking the entire grid offline, and Philip Linden himself had issued an edict long before then banning me for life from SL for ‘global attacks’. It’s really not important anyway, people like you are desperate to paint a picture of me as still griefing but I’m not doing that and if I were everyone would know. I think it’s funny that you of all people, intlib, come here and try to speak out anonymously minimizing me when I griefed you to the point that you still try to uncover my dox and you take the time out to try and insult me here on SLH on a regular basis. The fact that you are so clearly butthurt makes your words transparent.
Furthermore everyone knows that libsl was out before the client source was released. That doesn’t mean the releasing client code hasn’t enabled people finding more ways to improve applications like copybot and give them added functionality.
I do not need either you or echoMaster to validate me in any case.
I understand why many of you want the grid code to be open sourced and it’s reasonable, except that there will be a price to pay. I guarantee it. I think many of you are unaware of what kind of exploits Plastic Duck found and many of you don’t know what kind of exploits I found from just the client code. Suffice it to say that parcel bans were only a very small part. I have spoken with Plastic in email and irc on several occasions and have some knowledge of the kind of stuff he did.
The problem is that everyone wants to pay less or run their own empire on their owns grid or whatever by their own rules and they are willing to deny the truth in order to get it which will cost them later. Some day you will regret their willful ignorance but right now no one can change your mind so the only thing we can do is sit here and wait. When it happens I’ll be here with a big fat I-TOLD-YOU-SO.
‘security by obscurity is a sham and an illusion’
I think you miss the point, Security by Obscurity does not mean that people won’t still find security holes, it is just meant to make it harder. An OS like windows is not difficult to hack open source or not. Thats because thats just the way windows was created – by individuals who did not understand security and they underestimated everyone’s ability to exploit it. Bill Gates is very condescending so why does it surprise everyone that he thought everyone else was to stupid to hack his beloved OS?
@Fire of Delight
Maybe you are unaware of this but PN is not the only group in SL that are interested in exploiting it either out of anger, boredom, or for profit. I think that the rampant content theft proves that. To my knowledge PN doesn’t have access to Copybot so who is doing it? The same exact people that are going to create enormous problems in the future if this code is released. PN wasn’t even mentioned except to say that I left them. 90 percent of the PN wouldn’t have the know how to do anything I spoke about anyway.
RoFLKOPTr
Mar 5th, 2008
d3adlyc0d3c:
Are you fucking dense, or have you been living in an internet-free cave for the last 20 years? Open-sourcing the server will result in less security… TEMPORARILY… until the Lindens fix all the security holes that the clients find. Look at Firefox. 100% Open Source Software. People use it as a more secure means of surfing the internet than Internet Explorer (which is CLOSED source). Look at Apache. How often do you hear of that being hacked? Not very often. Look at fucking LINUX. AN ENTIRE OPERATING SYSTEM THAT IS OPEN-SOURCE. PEOPLE USE IT BECAUSE IT IS EXTREMELY SECURE.
Jesus Fucking Christ, man. I thought you were a coder. I thought you were smarter than that. Get your fucking head out of your ass.
RoFLKOPTr
Mar 5th, 2008
@dandellion Kimban:
“LL doesn’t need to release code, it is already out…. ever heard of OpenSim?”
That is reverse-engineered third-party software. It does not include any Linden-made code whatsoever.
@d3adlyc0d3c:
“I think many of you are unaware of what kind of exploits Plastic Duck found and many of you don’t know what kind of exploits I found from just the client code.”
I’m willing to bet that others have found said exploits, and they are/have being/been fixed. The same thing with the server code. All the Good Samaritan Linden-loving fgts of SL are going to scour the code for possible exploits. It will be free work for the Lindens. You underestimate Open-Source Software… which is, like I stated in my last comment, somewhat ironic, given you’re a “professional” coder.
d3adlyc0d3c
Mar 5th, 2008
‘d3adlyc0d3c is a Linden Lab double agent who was caught, bribed, blackmailed, and turned, and is now being exploited to drop propagandistic ideas and disinformation into the minds of the masses through its agitprop megaphone, the Second Life Herald.’
OMG Tell me this is NOT really prok I mean this is bad even for him. No comment.
‘ask every web hosting companies running LAMP wether this ‘fact’ is true or not….’
Ok you miss the point, those companies didn’t create that software. How much did the company that created it make off of it? Smartass. Thats my point.
@whatever
You think LL is dieing because you have to borrow money from your dying father while I actually profit without paying a dime out of my own pocket. LL is slowly improving the system and working hard to get the kinks out.
whatever/intlib == still trolled and it’s been months. We’ll see but I’m sure he’ll still remember me in 20 years and whine to anyone who’ll listen while trying to use chan memes.
@dandellion Kimban
OpenSim and OpenGrid are two different things.
Miki
Mar 5th, 2008
> … my griefing was serious enough to crash the asset servers repeatedly in the beginning of january when they banned my legit account taking the entire grid offline, and Philip Linden himself had issued an edict long before then banning me for life …
uhoh, do you know the feeling if something is as scrupulously that you just … ahhhh /me shuts the browser window…
d3adlyc0d3c
Mar 5th, 2008
‘Could it be that d3adlyc0d3c is just self-important script-kiddie and doesn’t really understand why open source code is LESS prone to attack? Moot point – LL is dying anyway.’
If you understood hacking at all you wouldn’t have said that. Let me explain something to you, when you can examine source code it is FAR easier to find vulnerabilities. Once you understand how something works you can exploit it…for example looking at the code you can see whats enforced server side and what isn’t whereas before we had to guess and experiment with the client to find those holes and many people likely missed a few vulns that they may notice in server code. I don’t see how you could possibly not understand that.
LOL
Mar 5th, 2008
OH LAWD
“d3adlyc0d3c is a Linden Lab double agent who was caught, bribed, blackmailed, and turned, and is now being exploited to drop propagandistic ideas and disinformation into the minds of the masses through its agitprop megaphone, the Second Life Herald.”
FIRST he’s a griefer and now a LL double agent?
LOLWUT?!!111!
In before Prok says Cod3c is really Angel Fluffy’s alt and IntLibber’s gay lover XD
Kula Anatine
Mar 5th, 2008
Crazy hundreds even thousands to op a code and Run it to make an exploit. I think more money and time would be lost trying to steal SL in world content. fear and panic is all people can give when they are so needy for attention when they made the lib and people made mega prims they stopped that, come on people things are ok the sky is not falling and who knows if there is an exploit what LL and developers can fix and learn from is worth the risk the horizon is always a risk risk breeds advancement and freedoms..
If all SL is to you is to make money then your a sad lot
this new way of expression communication and benefits to the populous for advancements in broad simulation exercises for new technologies creating a bridge for world communities creating platforms for the disabled to have life interactions in there limited capacities this and other similar platforms breaks down borders ethnic and religious boundaries we have so needed a way to relate to each other in a setting that makes us all equals
shockwave yareach
Mar 5th, 2008
Neither open source nor proprietary will provide anyone with any sort of security. Hackers will always be examining the structure and the code. Some are merely curious – some are malicious. I will admit, were I the man I was at 21, I’d probably get a huge thrill bringing down an entire virtual world too. But I’ve grown up now, and I get far more out of building than destroying. That said, I know there are plenty of punks out there who haven’t matured yet. And if the VR world collapses at their slightest touch, then it isn’t ready for public use.
The only security you will find in publically usable software is to a) encrypt the data in and out, and b) change the structures around, every 3 months. Eventually hackers will break through anything, so you have to morph the software and change it. Have a scheduled 4 times a year release plan that includes bug fixes and establishs encrypted links with the servers, and the troublemakers with their simcrash exploits will quickly lose their simcrash hardons.
Those of you who say everything must be OS – go to your bank and demand the source code of their banking system sometime.
dandellion Kimban
Mar 5th, 2008
Thank you both RoFLKOPTr and d3adlyc0d3c for telling me things that I know. But I expected when a kid has all those intercapitalization and numbers instead of letters (yes, it is used to be called 1337) that they know a single bit about open source and security.
Somebody mentioned that when code is open there will be possible to copy everything from the grid. Isn’t it now? Wasnt it a long time ago?
Melissa Yeuxdoux
Mar 5th, 2008
“I think you miss the point, Security by Obscurity does not mean that people won’t still find security holes, it is just meant to make it harder.”
I question whether that’s sufficient to make up for the lack of the proverbial “many eyes” that Open Source affords one. In a way, it’s like DRM; it only dissuades honest people, and those are the sort who would actually report bugs rather than exploit them.
rip
Mar 5th, 2008
Worrying about releasing the Linden server code will be a mute point by the end of 2008—-If Linden fails to release their server code then they will be left behind by progress—-What i am referring to is the opensim project currently in alpha testing that looks and feels just like secondlife—-There are now 4 grids up and running with more being planned in the future as the OSP platform is upgraded—-Also the total number of mini grids and standalones running currently is impossible to count, but could be in the hundreds—-Make no mistake about it, Lindens business model will be forced to change and the server code will be open sourced and their protocols shared or SL will die pure and simple—-Another thing!—–Your IP rights never survive exposure with the future and the change it brings unless you have the money to defend them yourself——If your a memeber of SL, you have signed all your IP rights away regardless, so whinning about them being lost here is pointless—–
d3adlyc0d3c
Mar 5th, 2008
‘Thank you both RoFLKOPTr and d3adlyc0d3c for telling me things that I know. But I expected when a kid has all those intercapitalization and numbers instead of letters (yes, it is used to be called 1337) that they know a single bit about open source and security.’
So now that I exposed your arguments as deluded you decide to use the fact that my handle contains leetspeak to argue in your favor. How very intelligent of you.
‘Somebody mentioned that when code is open there will be possible to copy everything from the grid. Isn’t it now? Wasn’t it a long time ago?’
Now you have revealed yourself to know as little as you claim I do.
The client has been open sourced for quite some time but you won’t find everything there is to find in the client code. AT first I thought you knew something but now I see you’re just here talking to hear yourself talk. Maybe try doing at least a bit of research before adopting baseless opinions and professing them to everyone like a blundering idiot.
@shockwave
‘Those of you who say everything must be OS – go to your bank and demand the source code of their banking system sometime.’
Thanks shockwave, I agree with you entirely. I’m amazed that we seem to be the minority here in the comments when this fact should be obvious to everyone else.
‘fear and panic is all people can give when they are so needy for attention’
No I write articles centering on security issues and I get paid to do it. Besides the fact that I enjoy writing and I like Pixeleen, I am using my position here to try and genuinely influence SL in the only way I know how to improve it and preserve it. I can’t speak out in world because I am in hiding and would be banned. FYI, writing for the herald does not make one needy for attention and controversy is good news as everyone knows which is why we work to cover things like Copybot, griefers, exploits, security issues, and other drama. If you want to read some candy coated bullshit then you really shouldn’t read or watch any news at all because its almost never like that.
zariok
Mar 5th, 2008
I’m assuming this is to drum up some drama and traffic.
The short of it is, releasing the server code should not negatively impact the grid. Please read up on the AWG.
http://secondlifegrid.net/programs/awg
http://wiki.secondlife.com/wiki/Architecture_Working_Group
OpenSimulator is listed as a working AWG implementation:
http://wiki.secondlife.com/wiki/AWG_Implementations
Finally the example:
http://wiki.secondlife.com/wiki/Running_at_Home_and_Offline
If you notice, the “Central Utilities” are LL contained. Thus, L$.
Razrcut Brooks
Mar 5th, 2008
As a non-hacker, forgive my ignorance: If server codes were open sourced which would make it simpler for people to create their own grids on their own servers, how does that affect the servers that LL owns? Would not the system be secure for users as long as they do not teleport to “private” grids? I guess what I am trying to figure out is : does opening it up make it easier to bypass LL’s firewalls and security measures for those wanting to create havoc? No doubt there could be potential security issues on privately created grids, but if these grid-creators cannot hack into LL’s physical hardware, how can they create problems?
Again, I am not doubting you, d3adlyc0d3c and I admit these things are above me. I just need a “dumbed down” example of how knowing server codes can affect the populace on LL servers. Thanks.
Gareth Nelson
Mar 5th, 2008
d3adlyc0d3c:
1 – The fact you brag about bringing the grid down shows that you are indeed just another script kiddie (DoS attacks are the online equivalent of vandalism), if you want to be seen as talented then why not do something that requires talent. I can think of tons of different ways to bring the grid down with ease, but I prefer to build new grids rather than engage in what is really a childish activity.
2 – It is true that open source makes it easier to analyse the code, and this is why it leads to such good security. A bug that may be missed by one coder could be caught by someone else. Specifically, with regards to the simulators there are plans for trusted/untrusted sims and external script hosts anyway. Ultimately, the simulator will be just that: a simulator. The scripts will not run on the simulator unless it’s trusted by the script creator.
Shockwave:
“Those of you who say everything must be OS – go to your bank and demand the source code of their banking system sometime.”
Really, I wish they would but know they won’t. There’s been a few times i’ve been mildly bothered by what might be a bug on my bank’s website but i’ll never know unless i’m prepared to risk jail time by testing it myself (and i’m not).
For me, i’m of the view that free/open-source software is generally superior to closed source software but I do not equate this with anything moral. Should someone release source code for their software that’s a very good thing, but I don’t think it’s a moral duty. However, if someone retains the source code then i’m less likely to use the binary code myself for anything critical. I never run a public server on windows for example, yet I do sometimes run windows locally when I must (porting something to windows requires a windows box to test on).
DaveOner
Mar 5th, 2008
What a joke.
If the original architects of the regular internet were so closed minded and ignorant then we wouldn’t be where we are today…or they would have gotten jobs at AOL.
To the “sky is falling” comment about stealing content through server code, you can pretty much take whatever you view on the internet to some extent. Prims=.jpgs when it comes down to it. That’s one of the reasons why just about all SL businesses are a joke and can’t be taken seriously beyond entertainment value (both for the “business owner” roleplaying and the consumer enjoying their product).
Either way, anyone who’s actually paid attention to the overall development of the internet (and computers) would know that security holes are inevitible. Since the only constant is the ever-expanding limit of the hardware involved the only way to be 100% secure is just not to be hooked up to anything.
I will say that Prock’s retarded one liner made reading this stupid article worth the waste of 5 minutes. I love her material!
dandellion Kimban
Mar 5th, 2008
d3adlyc0d3c: If you think that is deluding argumentation, then I really don’t have anything to say. Hurry up, you’re late for school.
[T]he[E]nd[I]s[N]ear
Mar 5th, 2008
For one.
Deadly,
I have found many many exploits and different holes in Second life client code, to me, you sound like a smart ass thinking your the only one who can find such things, i tell you this, its not that hard. Maybe you are proud to find such holes because it makes you feel special but DAMN with LL’s shitty code, a 14 year old could find any good hole in second life.
So please, lurk moar.
Anyone can crash Second life servers-again not that difficult.
d3adlyc0d3c
Mar 5th, 2008
‘I have found many many exploits and different holes in Second life client code, to me, you sound like a smart ass thinking your the only one who can find such things, i tell you this, its not that hard. Maybe you are proud to find such holes because it makes you feel special but DAMN with LL’s shitty code, a 14 year old could find any good hole in second life.’
It sounds to me like you’re projecting your own insecurities onto me. I never said others couldn’t do it. In fact the whole point of the article was to say that other people CAN and thats a cause of concern when open sourcing a product.
Anyway if you’re nexis or anyone in the PN then you never found jack shit. PN are largely unskilled kids who rely on the few with talent to do their work for them. The few talented people left there will eventually leave because they will outgrow it and realize they could be doing better things.
‘d3adlyc0d3c: If you think that is deluding argumentation, then I really don’t have anything to say. Hurry up, you’re late for school.’
That and I also think you should learn English. Argumentation isn’t a word. Get a dictionary kid.
’1 – The fact you brag about bringing the grid down shows that you are indeed just another script kiddie (DoS attacks are the online equivalent of vandalism), if you want to be seen as talented then why not do something that requires talent. I can think of tons of different ways to bring the grid down with ease, but I prefer to build new grids rather than engage in what is really a childish activity.’
I did a whole hell of a lot more than bring the grid down. Anyway just because you think that in theory that you’ve found a way to crash it doesn’t mean that it’s anything more than theory. Without understanding how LL servers work you wouldn’t be able to accomplish such a feat because using a botnet or some skiddie crap isn’t going to work on LL’s many thousands of servers…well maybe if you targeted specific points in the infrastructure but it’s a moot point anyway.
Whats irritating is that idiots like you continue to talk like I’m still bringing the grid down – I’m not and there is a lot of evidence to support that but there are still butthurt individuals out there who are intent on antagonizing me as much as possible for whatever problems they suffered as a result of my shenanigans. I am building now. I am creating content. I’m not creating weapons or anything that can be used as such. Be glad that is the case and leave me be instead of thinking you need to be a smart ass and get e-vengeance.
@Razrcut Brooks
It’s ok, I understand why you would think that. Basically if someone finds a vulnerability in the code that vuln could be exploited on LL’s servers as well as their own since the code would be the same.
Cai Pirinha
Mar 5th, 2008
Always entertaining to see the plumbers … sorry, the programmers … talking to each other as if it was important when a few sims go down for a couple of minutes.
*yawns
Gareth Nelson
Mar 5th, 2008
d3adlyc0d3c – I did not say you are still bringing the grid down. Read my comment again. What I did say is that doing the online equivalent of vandalism is childish and not something to brag about.
“Key parts of the infrastructure” < at least you got this right. Any server or set of servers can be knocked offline by someone willing to waste their time gathering the resources to do so. If I was “l33t” like you (sarcasm, look at your name) then i’d go and gather a bot army and start attacking everytime I was bored.
Instead, when bored I create something and put my skills to good use, or I read a book, watch a good comedy film etc. Pointless wreckless destruction for “lulz” is just that – pointless. You say you aren’t still attacking the grid right now, but you’re still bragging about it. Grow up.
dandellion Kimban
Mar 5th, 2008
“That and I also think you should learn English. Argumentation isn’t a word. Get a dictionary kid.”
It isn’t? Funny that Merriam-Webster doesn’t think so:
Main Entry: ar·gu·men·ta·tion
Pronunciation: \ˌär-gyə-mən-ˈtā-shən, -ˌmen-\
Function: noun
Date: 15th century
1 : the act or process of forming reasons and of drawing conclusions and applying them to a case in discussion
2 : debate, discussion
SUPER KALOL
Mar 5th, 2008
@deadly
Angel isn’t intblub it’s that dumbass little furry Angel Fluffy that runs an e-security group and bawws when his sims are crashed while he’s taking some dogcock in his ass.
d3adlyc0d3c
Mar 5th, 2008
Guys -I didn’t just appear in the PN out of the blue. I had experience exploiting other software before then and I’m telling you from experience, as someone who understands the hacker mindset, that when someone has the ability to pick apart the code and see out it works they will find holes. Now it’s a very good debate because as some of you have said, there are people out there that may find holes and report them helping LL to secure the system but what happens to the ones they don’t find? What about individual grid owners that will crop up who don’t keep up with new updates? It is far easier for me to find an exploit by looking at source code or protocol documentation.
As far as ROFLKOPTER’s claims that LL is fixing the holes I found, that may well be because I passed the info on to an LL employee within a few weeks of my retirement article being published after giving it some thought.
As far as claims that I am a ‘professional’ coder, that is a label applied to me by other people. I never claimed to code professionally. When I was working for cox communications I was in the billing department . I actually left cox in August and moved a few hours away, a good while before I leaked the location of my old workplace and people began trying to get me fired from a job I no longer worked at. At the time I thought that was funny but now it seems more malicious than anything else
Now I don’t know everything and I’m not a super hacker like Kevin Mitnick or anything (Thats another reason why I wanted to leave the PN. I was being hyped so much and it was increasingly difficult to live up to my reputation), but I’m telling you what I know from my own experience. I’ve been wrong before and I tend to admit it when I can confirm it.
I still believe that this is a serious issue and I still think that there are alot of people here with the ‘I want what I want when I want it’ mindset who will argue with me forever about it because they want to run their own grids. You should be more mindful of the future and not just the present, there is a lot to worry about and a lot to consider. I think if people understood how hackers find exploits they’d share my sentiments. Not only that but the servers have been closed source for ages and how often do you hear about new exploits? Spamming animation requests is not an exploit. I mean real exploits. Not very often. Maybe a few times a year if that. You think LL doesn’t have techs to look at logs to pick up on these things and determine what happened when someone does exploit the servers? So in the end if an exploit gets reported or not LL can find the info they need if it’s big enough to be concerned over.
Whatever
Mar 5th, 2008
“If you understood hacking at all you wouldn’t have said that.”
Uh-huh. Perhaps you shouldn’t make make assumptions about people you don’t know. Why do you think I call you a script-kiddie?
dandellion Kimban
Mar 5th, 2008
deadly, for the best and sincere, if you mess into underground (and illegal) activity, they you don’t go after that into tabloids to say that you haven’t appear out of blue and that you had exploits before. If you are into hat then you keep your mouth shot. You can talk with your partners and that’s it. Otherwise you’re just making fun of yourself. OK?
d3adlyc0d3c
Mar 6th, 2008
‘If I was “l33t” like you (sarcasm, look at your name) then i’d go and gather a bot army and start attacking everytime I was bored’
I stopped playing with bots years ago, smartass.
‘You say you aren’t still attacking the grid right now, but you’re still bragging about it. Grow up.’
No I was dissecting an attempt at insulting me that apparently originated from Angel Fluffy. It makes sense now, since I put people like him in business and theres a little less to do now so he’d like to think he could goad me into going back to it. Not gonna happen.
FYI, I’m pretty sure I know alot more about computers, programming,etc,etc than you do even though you wanna come in here and show off like you actually know something.
‘Instead, when bored I create something and put my skills to good use’
What skills? Just because you post here doesn’t mean you have skills. Anyone can claim as much. Also building a grid doesn’t make you a ‘leet haxxor’. When you can code your own then you can come here and brag.
All that aside, the security problems LL has seen since SL was established have been mostly due to client side enforcement instead of server side.
Thats going to change however, because when the server code is released people with know-how will be able to find buffer overflows by examing the code, buffer overflows meaning where software takes input and doesn’t parse it properly and so in laymans terms the kernel or other software running on the OS is tricked into running commands it shouldn’t, giving someone root or escalating priveledges being just two common examples.
d3adlyc0d3c
Mar 6th, 2008
‘Uh-huh. Perhaps you shouldn’t make make assumptions about people you don’t know. Why do you think I call you a script-kiddie? ‘
Oh wow, intlib, you can use the word script kiddie. That means your a hacker. lmao.
‘deadly, for the best and sincere, if you mess into underground (and illegal) activity, they you don’t go after that into tabloids to say that you haven’t appear out of blue and that you had exploits before. If you are into hat then you keep your mouth shot. You can talk with your partners and that’s it.’
English please. I can’t decipher that garbage.
‘Otherwise you’re just making fun of yourself. OK?’
Yeah, ok. lol. FYI FBI prioritizes and I just wasn’t a priority because I never messed with the government or large coprorations. Addtionally ‘doing’ an exploit as you so eloquently put it isn’t always even a crime. Some people, including me, like to run software on their own computers and experiment with it trying to exploit it.
In germany possesion of poc exploit code may be illegal, but here in the US it still isn’t.
RoFLKOPTr
Mar 6th, 2008
@dandellion Kimbam:
“Thank you both RoFLKOPTr and d3adlyc0d3c for telling me things that I know.”
You’re welcome, but you seem to misunderstand our intentions…. see… we’re NOT telling you things you already know… in fact, we’re telling you things that you DON’T already know. Who woulda thunk it, huh?
“Somebody mentioned that when code is open there will be possible to copy everything from the grid. Isn’t it now? Wasnt it a long time ago?”
LINDEN LAB HAS NEVER OPEN-SOURCED THEIR SERVER SOFTWARE. OPENSIM DOES NOT INCLUDE ANY LINDEN-WRITTEN CODE. IT HAS VERY LIMITED FUNCTIONALITY, AND CAN HARDLY BE COMPARED TO REAL SECOND LIFE SERVERS. SO SHUT THE FUCK UP.
RoFLKOPTr
Mar 6th, 2008
Sorry for the repeat comment, but I just have to point-out d3adlyc0d3c’s extreme stupidity:
“That and I also think you should learn English. Argumentation isn’t a word. Get a dictionary kid.”
Before you jump all over somebody’s case because they’re using fake words… maybe you should check and make sure the word isn’t real. Here, an entire tl;dr article about the intricacies of the argumentation theory. Have fun, dumbfuck: http://en.wikipedia.org/wiki/Argumentation_theory
d3adlyc0d3c
Mar 6th, 2008
‘Uh-huh. Perhaps you shouldn’t make make assumptions about people you don’t know.’
Sorry I couldn’t resist coming back to this because he’s just oh so begging to be trolled with that statement.
You familair with the phrase, ‘it takes one to know one’?
I didn’t assume, it’s based on
1) retarded statements you make
2) you’re intlibber the 40 year old basement dweller who lives with his parents who uses crap like Psitech huds. If you were that computer literate you’d at least be able to script your own crap instead of trying to hire me in october. Anyone that can hack can learn LSL, it isn’t hard.
Additionally your definition of script kiddie is obviously flawed:
1) Script kiddies can’t code
2) Script kiddies rely on ‘l33t haxor’ tools
3) Script kiddies not only rely on lame and backdoored tools but have no knowledge of how they work
4) Script kiddies aren’t interested in learning, they aren’t willing to spend time picking things apart to see how they tick which means they don’t ever find 0-days.
[T]he[E]nd[I]s[N]ear
Mar 6th, 2008
Deadly,
Sure you were a good scripter for PN, you brought great stuff to it. But, you go on bragging about your talents like your the only one who has it. No, your just the only stupid ass that goes off, brags about it, then gets the holes patched. Anyone can break linden labs codes, Its shitty, Not just you, So you can think your all high and mighty, But your as much as a script-kiddie then anyone else posting on this forum. All it takes is for one person to learn. When they learn, they progress.
I can tell you this, anything you have created or scripted, i am sure i can progress it to work better. To have more power. And to own more then ever.
Your nothing special, your as good as any other script-kiddie deadly, Stop bragging like your the best.
Because, the deadly i knew( well didn’t know you personally, but your ways ), found SL as a place for LULZ, And to own Furfags. Not a place to settle down, join LL’s ways of virtual world. Your a disgrace to any hacker anywhere that finds SL as a place to test hacks and to get LULZ.
Also Cocks?!?!?!!?
youvebeen framed
Mar 6th, 2008
I just found something very funny and shocking…the Herald is stealing its op/eds from other publications and publishing them a month later!!! lol.
Check this “op/ed” by Delatango Vale published in all its glory here on 23rd February: http://foo.secondlifeherald.com/slh/2008/02/oped-second-lif.html
The original story (edited) was published in The Avastar on 25th January – http://www.the-avastar.com/epaper/archive/2008/TheAvaStar_Issue58.pdf
I wonder where they stole this op/ed from??? Maybe SL Newspaper???
Way to go Htards.
pixeleen mistral
Mar 6th, 2008
i just found out something funny and shocking – “youvebeen framed” uses sockpuppets in the herald comments – and always seems to be pimping the old ‘tardstar. some samples:
http://foo.secondlifeherald.com/slh/2008/03/help-prevent-me.html#comment-106068642
http://foo.secondlifeherald.com/slh/2007/05/german_media_no.html#comment-68820760
http://foo.secondlifeherald.com/slh/2007/09/4-sl-viewers-an.html#comment-81670537
http://foo.secondlifeherald.com/slh/2008/01/motorati-closes.html#comment-95687154
is this standard practice at the ‘tardstar?
protip – get an ip address anonymizer – the fashionistas started doing that after some nasty board wars – linden fanboys and tardstar staffers might want to follow their lead.
d3adlyc0d3c
Mar 6th, 2008
@[T]he[E]nd[I]s[N]ear
Dude, only like two of you idiots could even be called hackers. Copying someone elses LSL scripts and using them to wreak havok in SL isn’t hacking. Neither is spoofing your ip or mac address. Get a fucking clue.
FYI I got the holes patched by passing the info to a linden willingly via email, and not all of them are even patched yet.
You can sit there and whine and cry and tell everyone how you found all these exploits in LL’s code, but we all know you didn’t find shit so go peddle that crap somewhere else. It doesn’t take alot of smarts to uncover this crap but you don’t have it. Like maybe two people in the PN do…the rest of you really are a bunch of script kiddies who sit there waving your hands at someone like a toddler waiting to be picked up.
Seriously, cry moar because the truth hurts. Everyone knows that an active PN member would have supplied the other members with any exploits he found, then 90 percent of them wouldn’t be able to keep their fucking mouths shut and we’d know about it instead of having some no name faggot show up on SLH with some idiot named ROFLKOPTR posting bullshit because they’re both butthurt that I didn’t find the PN interesting anymore and because you’re so self important that you think whenever I mention anyone doing anything malicious in SL that it means I’m talking about you. I don’t even like to think about most of you retards anymore. There are still a handful that I respect but the rest of you can go fly a kite.