If intensified open source efforts are good for the viewer,

If intensified open source efforts are good for the viewer, doesn't that sort of suggest the possibility that the rest of the software etc. might benefit from open sourcing?

Specifically the parts of the code and hardware and networking systems that deal with sim border crossing, teleporting, and other such problems that are chronic, fundamental, and extremely detrimental to user experience?

The software might. Just not sure that Linden Research will.

well, in 2007 on a virtual world congres, Phillip Rosenthal (Phillip Linden, former ceo), had announced that the SIM server code would be released, within 1,5 years, as opensource.
(with some restriction ofcourse). And a plan to hook those decentralized sims (hosted by others) to the SL grid services (search/Voice/Assets/Logins etc via an agreement (which costs very much less then renting a sim, e.g. homestead/openspace/full sim from LL, as he told then). To secure the connections, and the remote sims would be autited/monitored, for suspicious activity, if some remote admins, are doing malicious stuff.

He also mentioned that eventually ALL grid related services would become opensourced.
ANd that LL, would be an authority over grids based on their software, just like IANA/RIPE etc are for IP address allocation to providers. And also providing support (on pay base), to the end licensees.

In other words, a complete other business model, would be affective by then.
Just like many opensource companies do, providing the software for free, but for support you need to pay (if you want), etc.

RedHat, SuSE/Novell, Mandriva, became rich through that model..

However, we're 1,5 years+ further, still nothing about that opensourcing of the sim server code.

The Open source efforts for the viewer have been the biggest mistake LL ever made. Of all the fixes and progress which have been made with the viewer, Most have been done by LL's own developers. Only a very small number of fixes/additions have actually come from the community. However, it has opened up the door to all of the large issues we have, such as asset/sim copying, asset hacking, security issues, stalking, bots, and probably a few more I cant' think of right now.

Open sourcing the server would be an even bigger mistake.

So far the intensified open source efforts on the viewer have only led to a viewer that's considerably worse than 1.23.4.

my but some people have short memories

You mean Snowglobe? With all its faults, for some reason it runs on my laptop, which cannot run 1.23.4 (or 1.22 for that matter) at all. So, your experience is not universal.

In general, I think open sourcing the viewer has helped the user community quite a bit. For over a year, the Niklaus viewer was a lifesaver. For low-end machines, the 3rd party viewers still are the best option. And pressure for features first exposed in open sourced code has led to LL accelerating development of those features, even though they rarely use the actual code from the community.

That said, open sourcing the servers would be a considerable blow to LL's value as a company. I don't see it happening any time soon.
.

It did? Hmm, ever heard of Grid Proxy & libsl? The door was opened a long time before OS.

Are you done crying nonsense?

Security through obfuscation?

That is all security is. It's better than no security at all, in every case.

I think OS programmers have some good things to add to common nuisances like border crossings and the like, however, I tend to agree with Darien. Of all the things that bother me personally about SL, I can pretty much say darn near all of them are because of, or directly related to open sourcing of the viewer. I would imagine the same process would take place for the server code as did for the viewer... talented people make great contributions, masses accept it, LL accepts it, then when starting to become mainstream the hacks and exploits come out. I'm just not that interested to see, or tip-toe around the inevitable dodgy stuff that will follow at the server level.

I made a pic for you guys:



I just have to say attacking me rather than refuting my statement is telling.

Read again. I did not attack and I did refute your statement. I notice that you completely ignored it thou

Uhh, no.

There's a big difference in the proper use of "obscurity" when related to security. Security through ACCESSIBLE obscurity simply is not significantly better than no security at all, and actually may be worse, since it leads people into a FALSE sense of "security".

Real security is much more than obscurity.

Um, one person does not make a "pile on." I certainly didn't attack you.

That picture looks like a case of lorry abuse.

No, any and every security method boils down to hiding some key piece of information. Whether that be the design of a key's teeth, a password, or the code entered into an encryption algorithm. They all boil down to withholding some piece of information, that if you posessed, would unlock the process. It's all obfuscation.

You're not the only poster in the thread, and no, you weren't attacking me. But I can't name names, you know, that would be against the forum rules. LOL

The nature of what is hidden matters more. The RSA algorithm is transparent... it's the private data you need to protect through obfuscation.

You need to present more than a sweeping statement built upon an overly general premise to convince me that open sourcing the viewer was a bad idea overall.

It's just, I counted one attack in this thread.

Isn't that sort of the business model we've got now? Access to Second Life is free, but if you want any sort of real support you'd better pony up.

My guess would be the people interested in the opensource community are spending their time working on Opensimulator, because, you know, it's already opensource and all that. Spend your time working for a company that profits from your efforts without paying you or spend your time working for a larger community of independants who all benefit from each others efforts... if you were involved with the opensource community, which way do you think you'd lean?

Yes, that's what I said. The difference is ACCESSIBLE obfuscation.

If you protect your computer with a password, that's security. If you then write the password on a slip of paper and stick it under your keyboard, that's NOT security, because the obscurity is ACCESSIBLE. The same thing is true of things like DRM and the viewer code. You don't NEED the viewer source code to make another viewer. Does it make it easier? If it does (which I am not so sure I would agree with) it does so marginally. There's already so much code out there from other sources that building a viewer from scratch isn't nearly as large a task as it once was.

Not having the source code didn't stop the creation of bots, copy or otherwise. As was said before, they were created LONG before the viewer was open-sourced. They would have been created even if it was NEVER open-sourced. Not to mention that alternate viewers were already being built BEFORE and have been SINCE it was open-sourced. In short, the open-sourcing of the viewer has not had the negative effects you ascribe to it, but instead has been a positive move for LL AND us as residents.

Since it has been open-sourced, a significant number of security vulnerabilites (as well as a lot of nasty crash bugs) have been uncovered and fixed. Almost all of the recent vulnerabilities are in the SERVER code. it doesn't take much to figure out WHY that is, either. Less eyes = more bugs/vulnerabilities. The opposite is also true.

Something you also have to remember is that, just because someone submits a bug fix or a feature request, it does not mean that LL will include that code into the official viewer. Indeed, they have let a significant number of submitted patches fall onto the "floor". Ultimately, it STILL is LL who has control over what goes into their viewer, as it should be.

I think your view of security is a bit skewed... security is prevention of access, whether it be by not making access available, not allowing particular kinds of access, or enabling certain kinds of access based on criteria. obfuscation is a commons means, but so is denial of resources, and making it possible, but not worthwhile, or out of the range of reasonable resources.

take your key example... keys are easy if you examine a lock once. 5 pins, at any of 7 heights, with a shared slotted design. it's not really a secret. but the technical means to produce that specific combination of materials (and make it variable to use on multiple locks) is beyond most people....

I'm glad to hear it works for someone.