Third Party Viewer Policy coming soon

It doesn't preclude the use of open source software - provided the software/package is on the software catalogue. Someone will have done the due dilligence to decide what can be used and for what.

NHS Spine (which will very likely get canned next year) needs open document formats to share patients records - I doubt you would see that in HM Revenue and Customs - and definately not in the MoD.

I guess things are different in the UK. In the US the oldest open source UNIX was developed on a DoD contract with DoD money in the early '80s, and they sure as hell didn't do any background checks on me when I was working on it. And that was under Reagan.

Just an example about opensource usage by governments. And I don't even start with Linux.
http://wiki.services.openoffice.org/wiki/Market_Share_Analysis

Opensource is obviously really dangerous *NOT* to use in the interest of your customers, that is tax payers .

Our defense ministry uses it

The problem to be solved is that the login server would need to be able to *somehow* determine the viewer without any help from the client.

Any malicious viewer could simply launch the official viewer, let it go through the authentication routine and then dump it and continue the verified session as merely one example.

There really isn't anything from the client's side of things that LL could possibly even consider trusting. Every scheme that involves the client is in the end no more reliable than the plain-text channel every viewer currently sends.

There are very few people who understand the technicalities of this, and so they just ignore this fact. They do not want to accept the reality, and LL seems to want to mislead them. People do not want to hear bad news like this, so they just tune it out and proceed to discuss as though it had never been said. The reality is that there is nothing that LL can do about Viewers that can prevent content theft. It's all just posturing, so that they can be seen by the "ignorant masses", to put it bluntly, as Doing Something About The Problem.

What will be most interesting to watch is if and how LL will implement this policy, what the fallout will be in preventing innovation on SL, and how people will react when it turns out that it didn't do anything positive and content theft proceeds as usual. My main prediction is that due to user turnover and lack of attention span, we'll be having this same conversation two years from now. If SL still exists then, that is.

If the Viewer were closed source, and they changed the protocols, and they used cryptographic methods for "securing" the Viewer, it would still be easy to steal textures. Without any new technology or work on the part of the thieves. Wholesale stealing of objects (prims) would require some black-hat developers to do a little technical work, to create a new tool, but would not be very difficult. I can say with 100% confidence that I personally could accomplish this, so there is no doubt in my mind that someone with motivation will immediately do it. That's the ugly truth, and no amount of debate about policies, open source, or anything else will change that reality. This is a frustrating reality that people refuse to accept.

The only way to actually address the problem is by requiring all users to have real-life information on file for the purpose of making legal actions against them easy. Then your next problems are identity theft, cross-jurisdictional legal actions, and the huge overhead of managing the claims and actions. (LL is currently in the business of creating technology, operating facilities, and selling land; Content, one of the keys to it all, is not something they're really set up to deal with.) I think user registration is unlikely to happen any time soon, and so meanwhile they are posturing and goofing around in the hopes that it will seem like the problem might get better somehow.

You see, the real business that LL is getting into --- or perhaps trying NOT to get into -- is about being a digital content marketplace. Right now they are trying to be all things: technology provider, a hosting company, and a content marketplace. Their challenge is to (a) stay in business, whatever it takes while (b) evolving their business model towards something they can actually manage and hopefully maximize, doubtless involving other players, in this new, poorly understood, dynamic territory.

Even just posturing has deterrent value. Consider the cold war.

My guess is that they will knock maybe 50% of the stupid script kiddies out of the game by just one blog post alone, without even *doing* anything.

Of course, that's like saying 50% of the angry fire ants in your pants are gone. Okay, that's good, but at the end of the day it's not going to make a difference.

What this clearly is, is the beginning of the usual chess game between the black hats and the white hats.

* * * * *

We play this same game with credit card theft (rolled into interest rates), insurance, the expense of lockable doors on houses, even milk is pasteurised in case of bacterial infection. At some level, even our taxes pay for a military to prevent someone from just invading and taking all our stuff. Some level of security is factored into the cost of everything we buy.

But there's no magic escape from the problem. Somehow somewhere, someone is going to pay the cost. It's just a matter of who, and how.

the dutch defense ministry is at this very moment testing firefox to alow direct internet access from secure workstations that can handle confidential information, untill now the only way to have access to web sites was using a virtual desktop system to access a remote web brower or use a non secure workstation without access to the regular network, guess they trust an opensourse webbrowser more then the microsoft browser

The big plus point of open source is the cost savings on Licence fees - so the UK Public Sector have a very strong driver to go open source wherever possible. There is no implication that open source equates to bad at all - just a recognition of the appropriate standards to be met.

There are plenty of UNIX systems still running - the UK Financial Services Authority still has one going (they are the Government Agency that manifestly failed to regulate our banks - but no blame on UNIX there!).

The drive to allow the use of Open Source software is (IMO) mostly financial - savings on Licence fees etc. Software Licence Fees in general are much higher in Europe than in the US. If the company I work for in the UK could buy all its Microsoft Licences in the US, it could save about 150,000 pounds per year.

However NHS Spine is so massively over budget, that I don't see much hope for it in the current economic situation - that and the National ID-Card project are thought very likely to be cancelled as part of budget cuts.

Damned if you do, damned if you don't.

I doubt anyone at LL believes they can do anything to actually STOP content theft by anyone with more than half a brain's worth of technical know-how. However, up until recently it has been questionable whether LL even disapproved of content theft. They met the minimal legal requirements for DMCA response, and that was about it.

If nothing else, this and other policies that follow will do the following:

1. Make it clear that in LL's view, content theft is bad, and automatically entitles them to suspend/ban/wipe an account.

2. Put hurdles in the way of very casual content theft.

If LL 3rd party client registration simply requires that a real person put valid RL info on file with LL, I think that would be great. Of course bandito clients will spoof IDs of valid clients, that's expected. But, the mass of users will know that unless they get a client from a registered source, they risk getting unpleasant attention from LL. And that will deter some casual copiers, and also convey the message that LL cares.

Works for me.

Very good news....I'm glad the Lab are taking these steps!

I will say LL ought to collate all RL information of those developers who want to be part of this 3rd party viewer project. So someone like the creator of the Neil Life viewer becomes accountable by including offending copying tool within the Viewer.

How would they be accountable? The only people who are going to be jumping through any hoops are the ones who aren't doing anything wrong in the first place.

It's terribly naive to think that anyone creating a malicious viewer is even remotely concerned or worried about this; it's beyond trivial for them to just spoof a legitimate viewer. And anyone who wants to steal content doesn't even need a viewer to do it so I doubt they're worried that they're not going to be able to grab whatever they want anymore.

---

Besides, from today's office hour: "The two things we can say with more emphasis are: 1) we'd like a list of safe viewers that users could download and use with less fear. 2) We will not be blocking non-certified viewers from connecting."

(Pretty much anything said by the Lindens present was tempered with "nothing is set in stone", "as I understand it" and "we don't know"

Very! What in pluperfect hell does encrypted chat have to do with content theft - or anything else TOS/CS related? I don't use it; I don't see any use for it; but I don't see why LL is afraid of it either.

Can't get any More Predictable (tm) than that.

Since one of the main features (advertised feature that everyone will know) of Evil Viewers is that they always identify themselves as Good Viewers, and LL detect which is which, why will their usage deter even casual copiers?

Just seems like a weak attempt at FUD that will be laughed at.

The more hoops the better imo......i'm aware that one can't never stop content theft fully.
The difference with this generation of Client viewers are that any old dumbo can use it to copy....at least with the other copying techniques....you still needed half a brain to do it!

With more hurdles to deter the casual copier....that leads to a few less on the grid doing it......at this stage I'd call it a result. LL did say they would take legal action....so that at least it gives the likes of Neil Life developer something to think about.

"We will collaborate with developers to work towards a clear set of expectations and guidelines; however, we will also, if necessary, take action against those who actively seek to disrupt our service or violate our Terms of Service.

Residents who use third party viewers with the functionality described above to violate our Terms of Service or Community Standards, will be warned and then suspended from the service."


So the Legal threat is there for the script-kiddies and possible suspensions for those Residents that choose to use it. Who cares if Neil Life or Thug life spoofs the Official viewer.......all it takes is one downloader to inform Linden Lab and forward on the exe.file for inspection.....then LL can take it from there (legally)
Hell if LL are tipped off, they could probably grab a download themselves and inspect GUI and code.

Did I read that right? OpenOffice has a 62% market share???

Yowza!

Among the specific group of businesses surveyed.

LL can do all the saber-rattling they want, create as many viewer registries as they want... But at the end of the day, the most effective means of preventing content theft is not prohibition, but deterrence. Trying to go after the developers of Niel Life, Thug Lyfe, and their ilk is really going to be nothing more than a big, expensive game of Whack-a-Mole. Going after users of said viewers is likewise not going to accomplish much. But going after stolen content itself is going to hit ALL participants in content theft, and hit them hard. And LL does not need registries or anything more than what they have in place now. All they need to do is put teeth and consistency to their DMCA procedures. If a proper DMCA is filed, then it will result in the immediate removal of ALL copies of the stolen content. And, to go one step further, the Linden Dollar accounts of whoever originated the stolen material will be debited the entire amount of every sale of the stolen goods made. If this happens enough, then buyers will learn to be more careful where they buy their stuff; people who deliberately purchase stolen content will think twice about risking throwing their money down the drain; casual copiers will think twice about risking such a huge loss; and the hardcore devil-may-care thieves will find themselves with nobody to sell their warez to.

The key is to not worry about whatever goes on at the client end, and just devote their resources to managing what they CAN control: What is in their asset servers.

Not to sure that will work as wel, most copied stuff is being sold from disposable alts and the money already moved outside of SL, all LL is left with to drain is an empty account and the copies that where sold to unsuspecting buyers.

It's terribly naive to believe locks on your house doors and windows will stop theives, but we still do it anyway. Why do we bother with all the hoop jumping to lock and unlock things if we know it doesn't work?
Are we trying to say that LL has built a grid that they have no access control over and that to have access control is 100% impossibility?

Hence anyone wishing to sell products in SL for over L$0 should pay a US$10 fee to do so, at the moment it's impossible to fail at reselling stolen content.
As long as we keep campaining to preserve the right to privacy of theives we are going nowhere.

not a bad idea, maybe make it part of premium membership, most serius shop owners are already premium so it would not add any cost to them.

The lock analogy is rather useless because everyone will have the key to the lock sitting right on their own computer in the form of the official viewer.

If the official viewer can log on from your computer then any other random viewer will be able to log on and pretend to be the official viewer as well. The only thing the remote end can do is verify the output of the software running on the client, it can simply not know *what* software was used to generate it.

You finally figured it out. Except that it has nothing to do with LL; any service that accepts and acts on random remote connections has no way to verify what's running on the remote computer.

I don't know about shop owners but a lot of the best creators I know are Basic.

They need to deal with the ability of people to immediately come back in a new unverified alt if they're banned. I would rather they did it by requiring verification from everyone, and making alts just another attribute of an account.