Copy Exploitation?

Just received the new version which states that it fixed a situation in which no-copy settings could be exploited and an item copied.

As a merchant, I have to ask: how great was this exploitation and how much potential harm did it present to merchants? How much of our hours and hours of design and marketing work has now been turned into mandatory public domain and copyable items?

I'm just curious as to how extensive this copy-exploitation problem might extend.

It was pretty bad. Anything with tranferable permissions has prbly been copied a billion times over. sry.

Now that it's fixed, I'm actually curious -- if it could be revealed -- how such exploits were done, for historical and informational purposes.

Can anyone, Lindens or Residents, please shed some light on this?

Thank you graciously.

I have 2 questions:

Are all those that used the exploit permanently banned?

Are all items that were exploited going to be removed from recipient's inventories?

How do you propose that they determine who to ban? Would the mere posession of an illegitimate object be grounds for bannination? What if a newbie was unwittingly given a copy of a stolen item?

How do you propose they expunge the improper items? Wouldn't this require a Linden to sit down and manually cull through many thousands of account transactions to try and determine what objects were legitimately purchased and which objects are the result of malicious buggery? Though searching for objects which are for sale and which have in-world objects with differing permissions might reduce the search space, wouldn't there still be too many entries in the database to search?

Perhaps we could rely on reports from users. However, wouldn't there be significant potential for abuse in such a process?

"Bannination", I love it. So do Strong Bad and Trogdor.

Ardith,

I don't know the nature of the exploit or claim to know the inner workings of the SL system. Nor should I have to. So I can't offer a technical solution.

My questions can be restated as: If/when something like this happens to me, is LL just going to fix the bug and go on? Or, are they going to make every effort to track down those that exploited the bug and deal with them? Additionally, are they going to help me recover any losses?

Can't individual items with the same UUID be removed from the asset servers? I've heard of it happening before.

I'm sorry that my answer was so oblique. I was hoping that by raising these questions, you would arrive at the answer without my needing to explictly state it. I think that at this point, it would be next to impossible for the Lindens to differentiate between legitimate purchases and exploited copies, unless the exploit leaves some blindingly obvious trail in the database. Though it would be an easy matter to remove all objects with a certain UUID, the problem lies in differentiating between legitimate copies and illicit duplicates.

Consider the problems which Andrew (I believe he was the one responsible, but correct me if I'm wrong) faced when attempting to track down glitches in the account balances. He had to check entries in multiple databases and compare these results to obtain the proper balances. I think that a similar manual method would be required to sort through all of the transactions to determine what ones are legitimate and what ones are not. I imagine that it would require first searching for all objects of a certain UUID. They would then need to compare each and every one of those objects against the transaction records of the creator to determine which objects are bona fide. Multiply this by umpteen creators with multiple items, and you're faced with a very daunting task.

The technical solution is the key to determining what response you can expect from the Lindens. If I'm mistaken, which is of course very likely, and the process takes very little effort, then you're definitely more likely to expect a strong response from the Lindens. if the process is far more labor intensive, then it becomes less likely. From a legal standpoint, they are not liable for any harm which has resulted from the exploit and so they may not even bother to address your concerns.

One solution I have for you: if you know of any specific incidents, then report the persons responsible. If the Lindens do not react then, file a formal DMCA complaint with them. To the anti-IP crowd: I'm aware that the DMCA is the spawn of Satan and Janet Reno. Please don't lynch me for suggesting that someone make use of that horrid act.

Hey Torley the way it was done is by sitting on the no copy object, then editing one of your attachments and Shift-Dragging it and it would give you a msg. The msg said it fell off world but it still was on the grid. So basically you got a ton of em in your lost and found folder.

THANKS Cid. And now we all know!

GOOD ON YA for finding this no-copy exploit out... congratulations, you've done your civic duty to the gridverse. Hee hee.

Seriously though, ladies, gentlemen, and avatars of indeterminate or more than one gender, give this man a hand! *clapclapclap*

And you SHOULD be credited in the release notes too!!!

*BLUSH* . Keep it down. I like to fumble through this place with my head down and as quite as possible.... less of a chance of being shot with a watermelon that way.

How meek of you.

You are to be even more admired for this, Cid... hee hee... teasin'!

Well, I for one am glad to know it was such a difficult exploit... so likely few people were aware of it. That is SOME relief... and a relief to know it's been fixed.

My NEXT question is... those items that were exploited... are they NOW not able to be copied or did they basically just transfer to public domain?

I know that an exploit this huge may be difficult to foresee or predict... but when merchants devoted days or even weeks to produce an item... they're not gonna be too happy when someone says, "Oh, sorry, your item is now all over SL and nothing you can do about it."

So I fully understand Al's concerns. And I think he's within his rights to question what's being done to correct the stolen items. I won't call the one who discovered the exploit a "thief"... because if he discovered it, it was probably very difficult to resist testing it out a few times. But he should have immediately gone to the Lindens and reported it, and not spread the info over SL. Hopefully... maybe.. that's what happened.

Basically it didnt change the permissions just let u make an extra copy. So no they rnt public domain.

But now there's ANOTHER flaw that lets you change permissions, see other recent threads on this topic. We're back in limbo.