Is an exploit driving up classifieds prices?

yes, I know, everyone should have exactly the same amount of money. Maybe you should go live in Communist Russia. Oh wait, they collapsed in on themselves from corruption and an unsustainable economy. So much for communism.

lol!
<3 Darien

FINALLY SOME ONE GETS IT!!!!!!!!!!!!!!!!!


"oh well it is only beta" -Unknown

You do realize that the exact same thing is currently happening in the USA, right? Has nothing to do with communism.

Actually, as mentioned above, the ability for business run "for fun" to spend their entire income on marketing is an unbalancing factor in SL that is nothing to do with capitalism.

Also, no real world capitalism is as uneven in income distribution as SL. Doesn't stop them being real world capitalisms.

Also, there were THREE smilies after that comment. How many did I need?

Yumi you're a godsend. Thanks for doing so much honest good research on this bug and sharing this info so openly and so well. You're an asset to SL community. I wish more lindens were as inquisitive and talented as you are.

Actually, a true free market economy without government intervention will correct itself naturally. That's not to say that people will get hurt, but people lose money on poor investments every day. Is it the government's job to make sure they don't lose their money?

A true communist state, run with the best interests of its people in mind MIGHT be a viable social/economic system, but corruption, self interest and greed will always be a factor preventing such a system from working.

There is no economic model that surpasses free market capitalism. If our government would keep its hands off and concentrate on the duties assigned to them by the Constitution we would be better off in the long run.

Just my opinion. You are welcome to yours. Its a free country. At least until next year.

True.

In theory.

Unfortunately, we will never really know because such a system will never actually exist as it does on paper. The dominant players in the market will always distort the market to their preferences, which is to privatize profits and socialize losses. The free market ideal will always be perverted by basic human greed, no matter what type of economic/social system.

I'm afraid I've always had as much faith in the classified ad cost, as I've had in the traffic numbers, to find something in search.
Exploit or not, if a business feels the need to pay L$100k per week for their classified, it means they can afford to not have me as a customer. I'd rather support a business that's known for the quality of their product, not their, supposed, popularity.

Communism is just a red herring.

Your entire concept is flawed, security through obscurity DOES NOT WORK and of course you have every right to suggest that people use SEC however I am exercising my right to tell everyone that you are essentially giving them flawed information. The truth is of course that unless you make it public knowledge and therefore put pressure on the company (and I could give dozens of examples but I won't unless someone asks due to space and ease of reading) it will not get fixed expediantely if at all. The only way to actually get them to fix an issue is make it public and even that aside keeping it secret only helps those who are exploiting it because it means that those who are vulnerable (if it applies to individuals) are unaware of the fact that they are using insecure software and/or an insecure version of software and if there's ways for them to protect themselves they don't know that they have to protect themselves and how.

Flawed information? I'm not suggesting anything my friend. I'm stating the written rule of LL.
You are welcome to your opinion, however that does not overide LL's written rules.

Also don't preach anti-security by obscurity to me, I have spoke for anti-security by obscurity myself plenty.

Since I will be called out on it, here is LL's statement https://wiki.secondlife.com/wiki/Security_issues

Also, why announce it before it is fixed? How does that help anything? Just becuase of you, I promiss to disclose the full details of the exploit, AFTER it is fixed.

It's semantics I know but this is not phrased as a rule of law it is phrased as a guideline. I know it's just semantics but using should instead of have to makes me think that and LL has to my knowledge never said it's a requirement. I obviously respect a Linden's right to move JIRA issues to SEC more for the fact that it's their JIRA than security reasons.

I respect your right to hold your view of course however I hold mine and I'm guessing that we're just going to have to agree to disagree on how this should be handled however even if you have in the past preached not having security through security through obscurity that's what you're doing know and that's what I disagree with.


And in response to your question about releasing it before it's fixed from experiences any promise from the company that has been exploited is hollow at best and by the time they're fixed either the person who caught the exploit has moved on or doesn't care enough to actually release the info about the exploit. I'm a pessimist by experience.

Incidentally from the page you quoted



Arguably (again a little bit of a semantic argument but a valid one) this issue isn't even really a security exploit as per the above quote.

I do agree to disagree, and respect your opinion.

My reasons for not disclosing it are that I personally don't want to see classifieds fill up with 99999999$L priced ads, even if it will be resolved soon.

Also, on what constitutes an exploit as per the wiki's description. I consider this as an attack at the stability of the Grid as a whole, most notably the economy.

Unfortunately either way it seems to be a moot point whether its' released or not as evidenced by it's exploitation for so long and how badly it is exploited although I hope it's fixed soon the fact that it seems to be a fundamental fault with how payment for classifieds is handled (after rather than before and allowing you to go into negative for it) I doubt it will be unless there's a classified overhaul coming.

I am fairly sure that NOT ALL of the businesses on the first page of Classifieds are using either exploit.

However, I suspect that _some_ might be.

Why not release it? Because it's a big deal. It essentially steals a paid-for service from LL. It could have unknown side effects for the user. And worst of all, it's infectious: once someone uses it, every other business has to do so as well. Unbelievable that Abranimations could use an exploit? I personally doubt it too, but if the other option was to be buried under 30-40 random places uploading and selling stolen BVH files, would you blame him?

(The exploit that Dante and I found is _not_ one that would require a change to the classified payments schedule to fix.)

Mmm yes, this is a more technical problem. Regarding exploitation of the way the protocol works.

Actually, this thread serves a VERY valuable purpose. it makes public a secret shame that LL has known about for ages, and not fixed. It points out, that if LL refuses to fix the problem, that the problem DOES exist, and that there ARE people cheating.

Shame is a very powerful tool. Both in terms of shaming those who are obviously cheating, and shaming LL for not doing something about it sooner. Maybe someone who has been cheating, knowing that the spotlight is now upon them, might decide to knock it off.

I'm looking forward to Reuters or one of the virtual-world magazines (the reputable ones) picking up the story. As someone who has played by the rules for 2 years, I very much look forward to seeing this exploit fixed.

Remember also, according to the OP, the lindens SUGGESTED it be posted to the forums. Perhaps because it was unverified.. or perhaps they didn't understand the issue.. or perhaps they themselves were powerless to solve the problem, and adding a little more squeak to the problem might get someone to grease it finally.

Maybe what it's gonna take is a few thousand L$99999999 classifieds, before the people at LL take it seriously.

When bad stuff happens to me I just like to know why. Its true that after finding out, there are sometimes things I can't do anything about personally. However, I can take precautions like not doing anything majorly important in areas that I know are broken until its fixed.

As for the ad exploit, merchants who do pay for adverts should know about this because they're spending their hardearned money on them. And now that they do know, they can make an informed decision about the value of their own adverts. I just don't think its fair otherwise.

Let's put it like this:

Would you rather that - case 1 - LL can fix the exploit, and use their logs to ban anyone who used it?

Or, case 2 - LL can fix the exploit, and in their logs they can find who used it, but they can't ban anyone because a majority of the users were legitimate businesses who were forced to use it to compete after the exploit was made public - so essentially, the original exploiters get away with it?

Nobody *forces* a business operator to do wrong to make sells.

This is not the same as "Should a shop use bots to drive traffic?" threads. This is an exploit that is cheating LL out of money. It is stealing. Any shop that is using the exploit should be boycotted by the honest SL users. And the owners of the shop should be banned full stop when LL verifies it is what they are doing.

This is not gaming the system.. this is theft pure and simple.

Very few theories account for the underhandedness of many human beings

I would rather
Case 1 - LL just fix the exploits promptly and don't bother banning those who relied on it to put their lesser quality businesses afloat.
or
Case 2 - just announce from next week they will ban anyone using the exploit then start banning. While committing to fixing the problem before their policing gets lax.

Most people doing the exploit would be using disposable unverified accounts anyway.

That might be true, but lets say that the Successful Business XPTO that everyone knows is using one of those scams… LL might know that the alt used is a disposable one but nevertheless they know who are the owners of Successful Business XPTO…