Secret SL Viewers? "Cyro" and "V-Life"

That only works for three specific situations:

(1) The GPL code is an operating system, and you are using interfaces provided by the operating system.
(2) The GPL code is all LGPL *or* is all GPL-with-exceptions and those exceptions apply to this situation.
(3) The non-GPL code is (as you note) a separate executable.

In all these cases, you still have to provide the GPL code bundled in the product.

Option 1 does not apply.
Option 2 does not apply.
Option 3 requires modifying the client, and that modified client source needs to be provided. It isn't.

And, just in case we're not *quite* unsettled enough, here's a link to a PDF of Ken Thompson's "Reflections on Trusting Trust"...

http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

I have been in SL long enough to have had actual God Mode a couple of years ago for a few months. I have been in SL long enough to know what OpenSL is and that I can already make a copy of anything I want without having to spend $200. The only exception would still apply to these viewers, no scripts, unless of course they are faking God Mode in which case the hole would have already been plugged. I have been scripting and in SL long enough to know a few ways to crash sims or crash viewers. I have been in SL long enough to know that there is nothing SL can do to stop these 2 viewers. It does not matter that they might identify themselves now, it is trivial to hide which viewer it is or spoof another. I have been in SL long enough to know the GPL license terms and know that the viewers are in violation and this is not "iffy" or "might be". So go and follow your own advice and read up on GPL before spreading your own faulty opinion.

Finally I have been in SL long enough to know that even if there was a way to stop the two viewers, you could still do everything they do.

Actualy you can do more with SL Proxy and other libsecondlife applications for free then any scam/licence breaking client and it would be more educational.

A lot of exploids got discovered and fixed with the help of people playing with libsecondlife.

Right, this tends to get off track often, first of all, if Sony was here advertising, he'd get the price right, Vlife is 50k

Second, Vlife is not discontinued, in fact, a beta update was released a few days ago and is currently being cleaned up to prepare for an official update.

Third, yes, anything you can do with a client you can also do with SLproxy, however, the client is made to be user friendly, you click a button rather than logging packets and injecting them.

Fourth, these people selling the clients have also offered code to LL when they discover new exploits, LL responded by BANNING the individual behind Vlife simply for discovering the exploit. He has been banned 20-30 times since, and each time ends up back in SL, with his full avatar re-imported within 60 seconds.

LL can't go after him because he simply does not care. He tried to help them, and all they did was tell him he was wrong simply for finding something.

I've personally submitted patches for a specific crash attack, and it took 4 months for those 4 lines of code to be implemented in a RC viewer. It took me demonstrating the crash to a Linden, and then specifically providing him with the code to fix it by email.

It's not that he hasn't tried to work with them, it's that they don't care, they'd rather assume exploits in their system are few and far between, when that is not the case.

Oh, and Jesse, you don't need god mode to make scripts full perms, just because YOU don't know how something works, doesn't mean it isn't possible.

I would have to see that one to believe it. Scripts are server side only. With only a couple of exceptions that were quickly fixed, all rumors of being able to get a script turned out to be hogwash. I'll make the same offer that Argent made, Missouri rules, "Show me, Don't Tell Me".

And as far as LL banning someone just because they reported an exploit? Someone is really gullible if they believe that one.

Back in the '80s I was running a BBS, and one of my users decided to take his elite hacking skills and become a security consultant. He bragged about what he was doing, but didn't wait quite long enough for any of the ... less naive ... users to advise him.

He decided that the best way to sell himself to a potential customer was to break into their system and then call them up and make an appointment to show all the problems he'd found.

You can imagine what happened next.

You know how he described what happened? Well, it sounded pretty much like what you're saying now. If I hadn't watched it happening as it happened, second hand, I might have believed him.

Now, your friend could be completely on the level. Linden Labs is nothing if not inconsistent. But given what he's doing with his product, completely in violation of the GPL, I gotta say I'd need a bit of proof before accepting him as a white hat fighting back against an injustice the only way he knows...

I'm reluctant to demonstrate any of the more difficult features to anyone here because of the significant risk associated with ripping scripts or original objects. If you don't believe it, I'd be happy to show you an item it was done to recently, but due to the response I've been given for sharing information here, I'm not willing to risk one of you reporting me because I demonstrated something.

Feel free to hand me a no transfer animation and I'd be happy to hand it back, showing anyone you wish as the creator of said animation, including the original.

FWIW - I've been using the CoolSL viewer for Linux, pretty much ever since Windlight came out. Yeah, it was a calculated risk, but we in the Linux community are pretty good about taking care of each other, and I have not been disappointed.

I just last night started trying out the GreenLife emerald viewer, and my immediate impression of it is that it's a remarkable viewer! I got the impression of it being a bit faster than the LL and CoolSL viewers, but that may just be in my head. Regardless, if they could take the UI and featureset from the CoolSL viewer and combine it with the featureset from GreenLife, it would be THE ultimate viewer!
Correct - and this is why, for example, the Vivox executables and runtime libraries are separate from the viewer, and not built-in functions. The viewer provides the API by which the Vivox voice system can interface with the viewer (and vice-versa), but they are still separate. In fact, this is why none of the alternate viewers include the files required for voice - because the Vivox executables and libraries are proprietary, NOT licensed under any GPL, and are distribution-restricted.
Right. When it comes right down to it, it all comes down to one's personal morals and ethics. Quite honestly, if (general) you feel you need to resort to griefing and cheating in order to climb to the top of and "win" an open-ended game, then you pretty much suck at life. If you get your jollies off of stealing from other people and causing so much grief that you run people out of the game in droves, believing in your mind that "it's just a game and these are just a bunch of pixels", then you have some serious, deep-seated psychological issues that need to be addressed.

...and if you're willing to hand over US$200 to some shady character who has clearly shown complete contempt of the law and of ethics, to blindly install his software in order to carry out your evil plot, then you are both of the above AND a moron!
*fakes awe* Oh, yay. 5(R1P7 |<1DD135.
Except white hats usually don't turn black when shown the door by their potential client. They just leave the company to suffer its own failure and move on.

Correct - and this is why, for example, the Vivox executables and runtime libraries are separate from the viewer, and not built-in functions. The viewer provides the API by which the Vivox voice system can interface with the viewer (and vice-versa), but they are still separate. In fact, this is why none of the alternate viewers include the files required for voice - because the Vivox executables and libraries are proprietary, NOT licensed under any GPL, and are distribution-restricted.

Right. When it comes right down to it, it all comes down to one's personal morals and ethics. Quite honestly, if (general) you feel you need to resort to griefing and cheating in order to climb to the top of and "win" an open-ended game, then you pretty much suck at life. If you get your jollies off of stealing from other people and causing so much grief that you run people out of the game in droves, believing in your mind that "it's just a game and these are just a bunch of pixels", then you have some serious, deep-seated psychological issues that need to be addressed.

...and if you're willing to hand over US$200 to some shady character who has clearly shown complete contempt of the law and of ethics, to blindly install his software in order to carry out your evil plot, then you are both of the above AND a moron!

*fakes awe* Oh, yay. 5(R1P7 |<1DD135.

Except white hats usually don't turn black when shown the door by their potential client. They just leave the company to suffer its own failure and move on.

I never said he was a whitehat, he was abusing the system yes, but he offered to help fix it at the same time.

It doesn't matter what his intentions are, I'm pretty sure everyone agrees these clients are wrong. The fact of the matter is, they're not going anywhere, you can either accept they exist, and learn about them, or stick your head in the dirt and pretend none of this is possible because LL said so.

Nice try to make an absolute asshole look like a saint. Failed.

Anyone who finds out about exploits and sells them in a custom viewer is an asshole and should be perm banned. Pretty impossible though since LL allows free accounts without any verification. No matter how often they tried to tell LL about the exploit without it being repaired. He is selling a griefer, thief, and scammer tool for 50K so he is not a saint. Try the other side of the balance.

If you want to demonstrate how you make a no-mod script full permission, be my guest. I will be happy to provide you a script to show that power on. And I will not even report you as this would be a mutual agreement.

Heh. The guy I was talking about? I'm sure he wished he was just shown the door.

But, yes, that's kind of the point.

interesting ...

Well Hell.................................................................................

Just had a long conversation with someone I trust in world. Scripts really are vulnerable now and it really was reported. Trivial check could be put in place to stop it and yet that has not happened. Guess we are all in the same boat now as the texturers and builders have always been in. Fortunately, just as in their case, outstanding work will still rise to the top and the majority of SL users are honest. It does not directly affect me because I give away all of my tricks and scripts anyway.

This is horrible news

but on teh bright side im selling a domain secondlifeharold.com it gets tons of hits from ppl who misspell the real one, im me in world with offers i take paypal and lindens for it, transferred via godaddy.com its the perfect domain for a porn site or SL blog or whatever

Horrible about the copy people, just horrible....

You are a man of many words, I see.

I think he won the thread with that succinct, insightful & eloquent post.

Just a small note, this isn't new, scripts have always been vulnerable this way.

The fact that this software remains closed source means that at most a dozen people are able to do this.

You have the evil blackhat who's exploiting everyone to thank for that.

And you are still a troll with a twisted sense of morality........................who has just been put on mute.

Typical response from another sheep.

You don't like what you hear so you close your ears.

On a scale of "hats" with Bruce Schnier and Marcus Ranum at the white end end, let's stick "ethical black hats" like Rain Forest Puppy in the middle, working down to black rotten fungus hats like Cantor and Seigel and other spamming scum that even rank bad hats look down on as beneath contempt... your friend is probably somewhere down in the vicinity of Bozo NYC and other "label" crackers.

See also:

http://en.wikipedia.org/wiki/Responsible_disclosure

http://en.wikipedia.org/wiki/Full_disclosure