Bruce Schneier vs DJ Cuppycake – Event Showdown Part 1
by Alphaville Herald on 06/06/09 at 9:20 am
No questions from the audience makes for a bad show
by Pixeleen Mistral, National Affairs desk
Security guru sinks into his chair while talking to disembodied voices in virtual world
Second Life – a fancy dress party trying to become serious business – came in a poor second place to Metaplace in Thursday night’s virtual event showdown between security guru Bruce Schneier and DJ Cuppycake. At least in terms of event interactivity for in-world players, Metaplace won this round easily.
In the news business it is important to both look good and be prepared, so I stopped by the in-world set for Jimbo Hoyer’s Virtually Speaking show several hours early and ran into Widget Whiteberry. Ms. Whiteberry assured me that audience questions would be entertained during the Bruce Schneier interview, so I dropped off four questions with her that would be of particular interest to residents of Second Life. Ms. Whiteberry promised to pass the questions on, and I braced myself for the usual live event scuffle to get the moderator to pay attention to hard questions — something I first learned about when covering Hamlet Au interviewing Julian Dibble several years ago.
But by the time the show was running events had taken a turn for the worse. Jimbo Hoyer’s computer wouldn’t run Second Life and Bruce Schneier was ignoring IMs from the engineering staff, so we were treated to what might as well have been a pre-recorded interview.
The telephone interview between Mr. Hoyer and Mr. Schneier was piped in world, but there was no interaction with the audience. The in-world audience's view of the event was a pony tailed Bruce Schneier avatar sunk into a chair, all alone on stage, talking to an invisible interviewer. Eventually CS Kappler decided to sit in the interviewer’s chair to help keep up appearances. At times like these, the cognitive dissonance becomes overwhelming and I wonder at the wisdom of holding events in any sort of virtual world.
Luckily, Superman – in the form of Kalel Venkman – was in the audience to help put things in perspective. With the virtual crime fighters like the JLU on hand the event would certainly be safe from the griefer menace. Should trouble arise, Kalel could call a gang abuse report in and Lab's ban stick swinging GTeam would jump into the fray. If Kalel had questions for Mr. Schneier about security for the JLU website and Brainiac avatar tracking database he was keeping them quiet.
I did feel a little bad for the event organizers, and I'm all too aware that the Herald's own parties have resulted in some bad crashes – both in Second Life and Metaplace – although we do pull in the celebrities. Still, the learning curve for Second Life is steep enough that noobies like Mr. Schneier can easily end up adrift. Is this really the best way to have virtual public meetings?
Eventually, Dire Lobo contacted me via IM:
Dire Lobo: Hi Pixeleen – I'm Dire, I run engineering for the show. I know you want to ask a question, but there are some technical issues which are preventing us from dealing with questions. Our host (calling in on a phone) cant seem to log on to SL, his machine is messed up. The guest has never been in SL and doesn't know to respond to IMs, so he is ignoring me and you and everyone. There isn't a damn thing I can do about it, and it is driving me CRAZY. Not just because of your insistence, but because we have a big crowd and a lot of people want to ask questions.
Dire Lobo: And no, its NOT pre-recorded. We do this every Thursday for over 2 years now and it is rare we have a problem like this. Just bad luck. Sorry you are frustrated. Maybe after the guest will remain and answer questions via chat.
Pixeleen Mistral: I'm not trying to be a total bitch but this is not interactive at all
Dire Lobo: I agree, its not. Usually its different – Jimbo regularly reads chat and IM questions and posts them to the host by voice – "Adam wants to know 'Why do you …..'" – thats how it USUALLY goes. This sucks, but like I said, there is nothing I can do – its all Jimbo the host and I am sure if he could log on he would.
Pixeleen Mistral: this sucks way more than you will ever understand
Pixeleen Mistral: I know of an avatar that was just permabanned from SL for reporting a security exploit and I would like to hear from Bruce if banning players for responsible disclosure of security exploits is good security practice
Dire Lobo: Well, it sounds like you had a really important goal in coming here and are now stymied, so I can understand why you are taking it so seriously. I have heard of this, and it makes no sense to me either!
Was the event worthwhile? I did manage to add Bruce to my friends list, but I have a feeling I’ll not be seeing him in-world much – and none of my questions were answered.
I turned to a new page in my reporter's notebook, and after a short break headed over to Metaplace for DJ Cuppycake's first set.
[Continued in: DJ Cuppycake vs Bruce Schneier - Event Showdown Part 2].
Unanswered questions
q1.) Linden Lab bans players who publicly reveal security issues with SL. Without responsible disclosure, how is it possible to motivate Linden Lab to fix security issues in a timely fashion?
q2.) Has Bruce looked at SL's security at all?
q3.) Is the built-in web browser in the Second Life client a possible concern?
q4.) How safe should we feel based on the "McAfee SECURE – TESTED DAILY" logo on Second Life's web-based storefront?
Neo Citizen
Jun 6th, 2009
I was present at this event – Pixeleen hadn’t done any research on the subject material being presented and assumed that because it was being presented IN Second Life, that it had something to do directly WITH Second Life – so naturally she was outraged because she couldn’t commandeer the entire lecture.
She was so disruptive and spent so much time trying to shout down the lecturer that by the end of the event, half the audience had muted her, including the presenters.
A reporter’s job is to report the news, not be the news.
Cuppycake
Jun 6th, 2009
Aww, you’re a sweetheart. Thanks for stopping by Pix.
That guy
Jun 6th, 2009
q1.) Linden Lab bans players who publicly reveal security issues with SL. Without responsible disclosure, how is it possible to motivate Linden Lab to fix security issues in a timely fashion?
It isn’t. They’re hellbent on their own self destruction.
q3.) Is the built-in web browser in the Second Life client a possible concern?
Absolutely. As it progresses it will need to be able to run java, javascript, vbscript and a plethora of other very common and popular scripting languages that introduce critical security problems. With that new functionality Linden Lab’s Second Life client will become the IE of virtual worlds. Not a good thing. There are a lot of really huge security concerns and with more functionality we’ll only see more security concerns. Think about this, if prims can display webpages including running scripting languages like javascript that are automatically run on the computers of everyone in the vicinity, is that not a valid security concern? This built in web browser in SL is going to work by the client directing the embedded browser to go wherever it is commanded to go. Of course the user must manipulate the client to manipulate the browser or else it is manipulated by visiting a sim where the user set a certain page to display,etc,etc. The simple fact is that scripting capabilities are an essential part of the internet now and so eventually LL will need to implement the most popular standards if they really want second life to become web 2.0, which IMO it doesn’t really have a chance of being. Have you ever wondered why it’s taking them so long to integrate this ‘new’ html-on-a-prim functionality that they announced ages ago?? This is why.
q4.) How safe should we feel based on the “McAfee SECURE – TESTED DAILY” logo on Second Life’s web-based storefront?
As a former malware author, I can tell you that you shouldn’t feel safe at all. Firstly, McAfee is shit. The best virus scanner in existence only picks up about 60 percent of malware, I believe. I can’t remember the exact figure but it was obscene. Basically there are millions of viruses, trojans, worms, and other nasties that your AV doesn’t pick up. Guaranteed. So with those stats and with knowing that McAfee has created perhaps the most overrated software in existence, I’d have to say that they suck especially hard for having a mcafee symbol on their website.