If intensified open source efforts are good for the viewer,

All of the complaints you mention were in existence before the viewer source was released. The protocols were reversed engineered into libsl. So the open source argument doesn't fly.

Darien is absolutely correct in her assessment.

Sure, other people have reverse engineered both client and server software long ago, but as bad as unavoidable knockoffs are, there is still a world of difference between doing that, and publishing your engineering. This, in a word, is disastrous 99.9% of the time from a business standpoint.

Had there been some sanity applied, our service provider would have *not* given away the farm in a misguided act of self destructive pseudo~charity, and sued the daylights out of any and all infringers. Like 99% of software companies do every day.

You don't see World of Warcraft or other online worlds saying: "Hey, copy us! Take our core business and someday we'll just sell you connexion to our character stats or something!" Why? Because they aren't stupid. Knockoffs of Warcraft, for instance the Chinese 'World of Fight" ~ are *not* promoted, and by not promoting them they don't lend credence to the ripoff.

Coke doesn't publish its formula, neither does Kentucky Fried Chicken, Mercedes doesn't put its manufacturing drawings on the internet. Because it's dumb to do so; about as dumb as leaving your wallet on the sidewalk and walking away. You'll be robbed blind.

The knockoff secondlife grids eagerly leech off our service provider's massive, multimillion dollar ongoing engineering efforts, and rip its customers away daily.

Sure, there are some return benefits from opensource contributions, but consider it this way: why doesn't Blizzard or NCsoft or Microsoft do this? Because on balance, it's a mistake. You are better off having the inhouse crew doing that work, rather than crowdsourcing your engineering efforts. Oh, there's a price for that opensource effort ~ every time you see an opensource region for sale, there it is. Which, by defining the "low end" market, drives *this* grid into a higher priced market stance.

If open source was so great, any number of opensource solutions from VRML to Croquet would have handed Linden Research its butt in the past twenty years, or denied its existence entirely. But none have, and there's the proof: the open sourcers wait for Daddy Bigbucks Corporation to come along, spend the real money needed to create success, and then copy them. Sure, there's a place for open source. But there are other situations where it has no place.

Other people taking advantage of your core IP is just a bad idea for business, and examples abound. Why didn't Lineage2 rocket to fame when hundreds of people copied its leaked source, for instance? Instead, there were arrests and prosecutions. See http://en.wikipedia.org/wiki/Lineage_II

That's the result of copying: lost customers, jeering pirates, bad business for NCsoft and certainly this all did nothing good for the honest, decent user of the service.

Of course, those that stand to gain the most from all this will tell you that "piracy is inevitable" or "there is no real security" and all this other stuff. It's a remarkably convenient position to take, and one that would get you fired from the management of 99% of intellectual property creating businesses in existence.

* * * * *

Of course, I know many will not like my view on this, and that's fine.

I'm not here to debate it, but rather say that I fully agree with Darien here, and yes, I *do* arrogantly think I know a bit more about biz on the grid ~ real biz for, you know... real amounts of money. Hey, it's a character flaw to put it that way, I'm well aware.

I'm skipping the debate on this here entirely. If anyone really wants to debate it with me openly, see me on secondcitizen.net forums.

In these forums, I've got hundreds of thousands of dollars on the line if I get a bit too blunt, whereas the average kibitzer here has the equivalent vested interest of fast food leftovers.

Des

It's baffling that peoples that appears to be so bright and cunning turn out to spew out so stupid arguments.

As a previous poster said securing your computer with a password is security, there is no way to get your password unless trying every single possible combinations. It is denying the data you can't access it because i'm not giving it to you.

Obscurancy is like scrambling a book by shuffling the words using a specified pattern that only your program is able to put back in order. Obscurancy is no security at all, in the end any program has to talk in a language the computer is able to understand, or communicate the video card in a standard way.
It's not denying data, i'm sending it to you but i try to make it unreadable without my special glasses... wich i have to give you someway.

You're just putting a tarp on a water pump and expecting it will stop peoples from figuring how it works or simply peeking under it.

And you are just showing yourself to be more of an asshat everyday Des. If you do not want to debate it here then stay out of the forum. This is the 3rd or 4th time you have pulled this crap: "This is what I have to say but I will not argue with anyone on it, I will not back up my theories with facts and I will not respond if someone proves I am full of it"
And it takes a really big asshat to make the statement that "I make a lot of money so I am an expert in all fields and that anyone that makes less is a dumbass". I do not make any money here but I DO KNOW what I am talking about when it comes to security and exploits. The little bit of money you make here is nothing compared to the money some of us are tasked with protecting in the real world. In my case, it is over $8 million a year, so let me see, per your own reasoning, this must mean that you have no idea what you are talking about?

I really love this part: "why doesn't Blizzard or NCsoft or Microsoft do this?" In case you have not noticed their security is non existent. You have absolutely no idea what you are talking about.

I do not know what has happened to the Desmond I used to know, the one that was jovial and helpful and who would never, ever consider saying something negative about anyone, but that person is no longer here. All that is left is a tyrannical little egomaniac.

@Desmond, not sure if you're talking about the viewer or the server. On the server I agree with you entirely, LL would be shooting themselves in the foot and just helping people piggyback on their innovation to take them down.

If you are referring to the viewer then I think you are dead wrong, although Libsl and others had already done some work before the code was open sourced the success and the amazing new features that are now available from the work of Nicholaz and Marine Kelly (although I don't partake in the features of the latter).

@Darien, I'm not going to mindlessly repeat what I've said many times both on the forums and the JIRA, that and it would be hard to do so without personally attacking you for the beliefs you hold but I'll leave it that I strongly disagree and I think you are under informed and misinformed especially minimizing the positive effort that open source development has had as well as exaggerating the negative impact it has had.

@Everyone, I'd strongly advise everyone to not take me on my word on any statement I make but remember that the people who are ant-open source have their own agendas and misinformation and propaganda are rampant on the topic especially when it comes to content theft.

There's this entire sub-industry of companies, along with experts, both professional and educational, all dedicated to understanding and implementing good strong computer security. Pretty well none of them will say that security through obscurity works well. Generally, having your systems transparent to the analysis of others forces you to strengthening it until it's as bulletproof as you can make it.

Yes, there is a risk with that, but the risk is FAR greater not doing that.

Look at SSL. You trust it with your personal information, your money, your identity. Yet it's not even remotely obfuscated. And it works. Well.

Heh, are you at all sure you could have a serious debate on this over there? This would instantly devolve into humour... unless there is drama to be had.

I'm talking about the entire setup: viewer, server, protocols (not a lot can be done with protocols but basic encryption wouldn't hurt).

Notably they can't opensource everything, as there are licencing agreements in place with companies that absolutely do not have a casual approach toward giving their code away. Havok 4, for instance. Produced by companies that, well, agree with my stance utterly. Because it pays their bills.

I do agree there were some wonderful additions by the opensource community, but the openness of it all came with an absolutely terrible cost to the inworld economy. The two are inextricably linked.

There is an inherent conflict of interest between "let me sell you this item" and "you can rip items here or start your own servers with ripped content, oh well." It pretty much comes down to that, and no agenda tinted vision is required to see it.

And it's not opensource per se, but the philosophy behind it. Long before anything was open sourced, clients and servers were essentially blackbox modeled, and this wasn't terribly difficult to do because the protocol is utterly open. Toss a light encryption or two on the protocols/data and change it often enough, and suddenly you've got fairly effective security.

* * * * *

Finally, I do agree in full with what you say about agendas.

Here is one of mine, not the only one, but one you might find most significant: I make money through my involvement here. It *absolutely* informs my opinion on content theft, open source and similar issues.

And with several hundred residents both commercial and residential on the estate, it's easy to see mass trends. I can measure it in direct dollars every week. I see gateway data too, and I *absolutely* do not report on that, per agreement with Linden Research.

And no, I shan't be spilling resident data all over the forum.

Enough people take me at my word, and my word is proven enough across years. If that's not good enough, ah well.

People forget: I was harangued badly over my views on sexual ageplay (negative), inworld 'banks' (negative), the legality of gambling here (negative) and so forth. The forums here were a lot meaner a few years ago than they are today, and holding those opinions then were far worse from a "wisdom of the crowd" forum perspective than this is, by a longshot. I'm the same Desmond as I always was, if not a lot milder. Anyone reasonably and civilly disagreeing with me, I have no problem with.

* * * * *

So some might wonder why I bothered to post here at all. Here's a pretty blatant nonsecret: you bet the Lindens read these forums and others, in their off hours.

It's important to say "Hey, you know, the inworld economy *is* in trouble" ... and even behind the over~rosy economic reports they do actually 'get it.'

And it's no accident that a roadmap regarding what content creators can expect was blogged about recently.

If it wasn't for concerned residents speaking up about issues, these issues won't be addressed.

I think it plausible, if barely, that a viable LL business model could exist with an open sourced simulator. But I very much doubt that the simulator code is anywhere near safe to open source.

It's absolutely true that security through obscurity is a built-in vulnerability, but if you have a nasty can of worms as code, you don't even know what obscurity is responsible for whatever "security" you're getting by accident. I'd bet that there are wide swathes of sim code that nobody has looked at for years except, maybe, to dip in for a bug fix and flee before getting sucked in to a vortex of complexity and confusion. Dumping the whole mess out in public is just inviting the universe of people with no better hobby to dive in and find all the sleeping vulnerabilities.

Open sourcing the client was an altogether different proposition because the protocol was already more or less fully known by some combination of reverse engineering and "developer leakage." And that was inevitable, really, because even the most efficient strong encryption costs cycles. (Effective protocol security requires more than the best possible encryption, too; it needs a constant-bandwidth "carrier" stream to hide traffic patterns, which would make the service completely impractical due to bandwidth costs on both ends; pretty much nobody outside national security does that.) So, with the protocol known, whatever vulnerabilities existed in the client were effectively revealed before the source was disclosed anyway.

No, she's not.



No, it's not. Reverse engineering has been proven time and time again to uncover idiosyncrasies that even the original "engineers" didn't know about, precisely because it is an ANALYSIS of the ACTUAL product as it exists in vivo. It goes back to that old maxim which illustrates the dichotomy between theory and practice.

Linux / BSD / GNU have been open-source for decades now. If it was so "disastrous", why are so many businesses, whose gross revenues run into the billions annually, depend on them?



What does open source have to do with suing infringers? They can have open / closed source viewer and STILL sue infringers.

BTW, they didn't "give away the farm". The viewer is a small part of what makes SL SL.

Where's the destruction? I mean, you're supposedly a "rich man" in RL now, DUE TO the viewer being open-sourced. You're the Head Cheese, Big Shot, Mr. "I bought a PoS^H^H^HFord Mustang with all my eBucks!". If it was so destructive, why are you (and many others) able to make book every month with a bit of gravy left over, all through legal means?



Apples and eggbeaters. Not even remotely the same thing, and you know it. SL isn't saying "copy us", they are saying "help us make a better virtual world". World of Warcrap's business model is selling THEIR dead-end, canned content, and open source wouldn't help their business model that much.



Quite the sensationalist, I see. Unfortunately, your analogies aren't even remotely applicable. For one, Coke doesn't HAVE a "formula"; it's not a single recipe, and it isn't particularly secret. As for KFC, there are no "11 herbs and spices"; it's sugar, salt, pepper, and MSG. It's all marketing bullshit and hype to sell product. Mercedes DOES put its "manufacturing drawings" into the public eye; they are called PATENTS, ya know. As for the wallet analogy, it is too ignorant to even address.

Thankfully, LL is smart enough to know that there is no money in their viewer; they aren't selling it. They have NOTHING TO LOSE by open-sourcing it, and everything to gain.



What do other grids have to do with LL open-sourcing the viewer? NOTHING. OpenSim is NOT RELATED TO the viewer source in ANY way. If LL's customers are leaving for other services, that is their own fault with respect to the quality of their service and nothing more.



Because LL's business model is NOT the same as Blizzard's or NCsoft's or Microsoft's? It may be a mistake for them, but it is not, and was not, a mistake for LL. LL's PRODUCT IS NOT THE VIEWER. LL's PRODUCT is the WORLD/SERVICE. They don't make money by selling software, they make money by providing a service. Honestly, I don't understand how that escapes such a shrewd businessman, unless it really doesn't because this is all some sort of political agenda. <.<

WTF is an "opensource region" anyway? Are you just spouting random BS as a rant?



VRML is a standard, not a product. Croquet is a proof-of-concept institutional project. Can't you even make analogies to things in the same general category? SL is the next iteration in "3D Virtual World" evolution. LL successfully monopolized monetary and social interest for the time being. However, there is NOTHING saying they will be able to continue to do so into the future. I think there is ample proof that its time in the sole spotlight is waning, probably even faster than they realize, and it isn't remotely related to whether the viewer source is open or closed.



Probably about the only relatively accurate thing you have said, though I have to take it completely out of context for even that assessment.



Another insipidly bad analogy.



Result of copying what? The source? WTF does that have to do with Lineage 2 "rocketing to fame"? Half-Life 2 source code was leaked, too. Didn't change anything about its success.



I will tell you "piracy is inevitable" and "there is no real security" and all this other stuff. I don't stand to gain anything more from it than you do. I just operate on a pragmatic and realistic risk assessment, and plan my business and work accordingly. Is it convenient? Is being pragmatic and realistic ever "convenient"? I have never found it to be, myself. Real Life sucks; it is chock full of landmines, oft times in the guise of stupid, rotten human beings. Learning to deal with them WITHOUT sacrificing freedom and quality of life is the real challenge, and I don't find that it is "convenient" at all.

I get paid some pretty good money in RL to be pragmatic and realistic when advising business owners about risk management in several different areas related to IT, including some "intellectual property creating businesses". Most of them already KNOW the truth of these issues, and have done their homework in the risk management area to mitigate potential losses.



It's not a matter of liking or not liking it. I simply reject it as an ignorant, arrogant bluster in the form of a rant, most likely for some political agenda.



By posting, you're here to debate it. Kinda the point in stating your view, ya know.



Money does not automatically make someone a subject matter expert. It simply makes your opinion less valuable because it is tainted with bias. If your argument can't stand on its own, regardless of how much "money" you make, then all you've succeeded in doing is throwing your credibility out the window, while giving everyone the reason to boot.



It is easy to toss an orb in public, then retreat to one's own den where one feels "safe", surrounded by buddies and sycophants. We're here, in the REAL forums, if you feel like having a REAL discussion.



Well, I guess that just goes to show your real motivation.. just to rant and flame those whose views you don't share. Here I was thinking that you were really wanting to have a constructive and intelligent discussion/debate on the subject. Silly me.

I'm sorry, Des, this whole post of yours just comes off as a rabid rant. I wish I knew WTF bit your ass to turn you into a raving lunatic, but I doubt that will ever come to light.

Good luck with your business; I think you're going to need all you can get at this point. <.<

there used to be a caricature around about some guys who got a first look on the source after microsoft decides to opensource windows... and they almost died of laughter.


thats why LL isn't opensourcing the server.


right now, pretty much everybody has the suspicion that there are a lot of totally inept programmers working on that stuff... LL is NOT going to confirm that by showing people the source.

Not really. All that stuff had already been reverse engineered before the Viewer was open sourced.

Darien/Des. You both agree with that statement then defend it.

Please name ONE of those LARGE issues that was introduced by open sourcing the viewer?









The answer is ZERO. Even in cases where it is implemented into a viewer, the implementation is still based on libsl code or discovered first with libsl, NOT anything discovered by perusing the viewer code. That one key sentence is the basis of both of your arguments. If you can not defend it then neither of you have any argument at all.

I've found dozens of bugs from inspection of the viewer source code myself, including one that would have mysteriously broken about 10% of the scripts on the grid when Mono came out. And I'm small potatoes. There's at least thousands and probably tens of thousands of fixes in the mainstream viewer from SLDEV list members, and that's leaving Snowglobe aside.

Actually, all that stuff started long before the viewer was open sourced, and most of it doesn't involve the open source code base in any way. Bots are NOT based on the open source viewer. They're not even written in the same language... C# and C++ are only superficially similar.

Desmond: Even Microsoft has had to embrace open source and open systems. They actively promote "rip-offs" of their latest software platform and APIs because it's their only hope of co-opting open source developers to work for them. They've worked with the developers of Mono and Moonlight. They've even shipped GPL-licensed code.

Open-sourcing the server? I'm not convinced that would buy them nearly as much, since open source developers can't take the server's code and use it on the grid, the way they can with open source viewers. But open sourcing the viewer has been a major win for Linden Lab.

That’s because they don't bother encrypting the data

Like many people here, I am a professional computer programmer.
In my opinion if they took these steps it would significantly reduce theft:

1. Encrypt everything between client and server, and change the encryption often. Use the strongest encryption that speed allows.
2. Eliminate open source of anything sensitive.
3. Give protected access points both through the ability for other programs to control the client and from scripting so there will be much less need for libsl.
Or make a closed source libsl that other programs can access that wont give access to things that it shouldn't (just like scripting doesn't)
4. Sue everyone who reverse engineers anything.
5. Hire people who have made good contributions to the open source. This can be contract work or full time. Either way they would have to sign the appropriate forms for non-disclosure.

Be aware it won’t reduce all theft, but it will help much more than many people on this thread have been implying. And legal action can help with the rest.

1.Ultima online was encrypting it's data, hell they changed the key every few versions or so, it didn't stop the peoples who reverse engineered the server, then the client.
As for strongest that speed allow, you realise SL is already terribly slow, you think we should add a crypto stack on top of it?

2.Umm what?

3. What would be the point? Why would anybody use a complicated system of going through the official client when they can communicate directly with the server? You really believe peoples would choose something convoluted instead of something simple?

4. Reverse engineering is legal and you can't make peoples enter a legaly binding contract about it just because they connect to the grid.

5. So if you can't beat them, hire them?

How far are you peoples willing to go against the flow of the rivier because you refuse the inevitable?

And I bet it would have been cracked even more often if it wasn't encrypted.

Also back in ultima online days they didn't significantly use one-way mathematical operations for encryption. It is far harder to crack encrypted data nowadays.

If the bottleneck for data transfer is the internet and not the client or server then having the client or server perform their encryption/decryption wont slow down data transfer any more than it already is.
I do kinda agree with you on this point however, which is why I said "that speed allows"

Yeah but the bottom line is that the client has the encryption and decryption in order to work so it's kind of moot.

Peoples miss the point it'snot the armored fund transport that is the weak link, it's the bank you're dealing with itself that is.

You should see how the peoples who crack protections like starforce proceed, they don't have to guess the key, they know it's hidden somewhere in the room.

Actually once it was cracked peoples made tools to strip the encryption from the client automatically, it required only minimal changes each time the encryption was updated.

This debate is not so very important for this generation of SL, because we will not change the facts: the viewer IS open source, and the servers are not and will not be.

However, a new generation of SL (presumably server AND viewer) is coming, and LL has then the opportunity to go closed source. A lot of businesses do this, closed source for the new whiz-bang version, open source for an older one. In LL's case, the exact sequence which has already been started might actually be the best strategy: open source viewer to expose new ideas and concepts for use in the new product, then close the new product.

As for protecting from reverse engineering really there are only two options:

1. Encryption. Encrypting all SL data would be mind-numbingly stupid. If a lappie doesn't have a good enough graphics setup to run SL without loading the CPU, it for sure doesn't have hardware encryption. Why would LL throw away manyears of work to enable lower-end platforms to play by imposing encryption on processors which are already running at 100% CPU utilization?

You COULD encrypt only control data, I suppose ... easy to do if SL has a separate control "channel" (port) already. No idea if they do, but since the game is played by interacting with the graphics, I wouldn't be surprised if control cannot be cleanly separated.

2. Private protocol. This will protect for awhile, but more importantly, it provides a reason for customers to stick with LL. Even when the protocol is reverse engineered, LL will always have the OPTION to yank it out from under reverse engineered products.
.

I don't see going to a radically new SL being in LL's interests.

The content in world and compatible with SL as it is, is the major barrier to entry for competitors.

Microsoft does do this. They created the Microsoft Public License for that purpose, and have released code such as WiX under it.

Decisions to release code under open source have to be evaluated on a case by case basis. You can't compare SL viewer source to the Coca-Cola formula. They're totally different businesses with different business models. Ditto all of the others.

There may be good arguments against the release of the viewer code, but I don't see any in your post. Now if you want to argue that LL has a bad business model, that would be a different story.

The kinds of responses I see here, are why this can't be rationally debated. "No, you're wrong." isn't a debate. This is exactly why more people don't speak up about their dislike for the fact LL pulled the rug out from under them by open sourcing the viewer, because they immediately get pounced on by all the open source people who *have their own agendas, too*.

The fact is, the reverse engineering done was the usual geeky, poorly working stuff that hackers do. no documentation, didn't half work, and your average person couldn't understand how to use it.

But LL opening up the source and making it accessible to a broader range of coder changed everything. As Des said, sure, there have been positive benefits. But I stand by my analysis, having watched the SL Dev list, and watched the JIRA, that most of the work has, and is being done by LL's paid developers. Why do you think they hired so many?

Now, anyone who can download MSC++ 2005 Free edition can compile the viewer and hack away at it. And in the process, hack away at the value the creators and builders bring to the grid.

I'm glad LL is working toward trying to stem the tide of sim stealing and content copying *they caused*. But it's too little too late really.

I say this for all those who are too afraid to speak up, I know there are a lot of you out there. It needs to be said, and I damn well hope LL is reading, because they need to hear it.

You screwed over your own users LL, and We won't forget that.

Massive fail. Go back and look at post number 36 and answer that single question.

/327/4f/335272/2.html#post2531633