Server 1.34.3 (emergency)

Typically in the world of Security, Best Practice states that you do provide more information than Linden Lab has *ever* released about any of your security fixes. Perhaps not before it's solved, but at the very minimum after it's been fixed.

I would like to know why Linden Lab does not also practice this. We see time and time again that there is some dire emergency facing the grid which mandates immediate attention. In some cases your efforts to correct this extremely vague threat cause severe disruption to planned activities on important dates. Disruptions that are far far far worse than any potential problems which may have resulted from the bug being left alone for several hours to allow those events to happen in peace.

Case in point, New Year's Eve 2009-2010. Sure the Lindens had an event planned and you made it through yours just fine without disruption, but many other non-Linden events were planned that were totally flummoxed. Sims with invisible prims, lack of attendance because people stay away when rolling restarts are going on, low tipping, just to name a few of the problems that night's restarts caused for your customers.

Not once have we ever had a follow-up post giving us truly useful information about what the whole big crisis was and why it was so important to disrupt things. When are you going to get more open and actually share truly useful information in a timely manner? I and many others have been very critical of your company and how you treat your customers, and a simple change like this would probably work wonders in actually repairing the corporate image of Linden Lab.

I suspect that in some cases bugs may get dealt with as rapidly as possible , despite inconveniencing users, because they came to the attention of the Linden staff not by their bug hunting or reports from bug hunting residents but because some griefers found the bug and having done so were at the start of or could be expected to begin a grid wide attack.

That's just speculation on my part, though.

I can't blame Lil or the rest of LL to not explain the bug in detail. We had 6 crashes in 2 days and it was confirmed that it was a attack. The less amount of people to exploit that bug the better.

The Y2K10 bug sucked for everybody but we we survived. ^^








"Sim borders stop everybody except Chuck Norris.....nothing stops Chuck Norris"

And now the Release Notes will be updated so we can read what exactly has happened ?

Release notes: they fixed a bug that let people crash sims.

The reason could be quite clear. Linden Labs believe it is possible or likely that there are similar techniques to the ones being used which may be used against the software. The code is now quite complex, and in some cases quite old, and they do not want to highlight where any vulnerabilities (that they may or may not know about) may lie. In such cases it is bad practice to reveal any security fix that may lead to other nefarious characters trying to reproduce it in the future.

I am more than happy that LL are not telling us - and am happy that they are acting promptly when these issues are brought to their attention.

I agree. Though I would like to know the details to the "why"......the curiosity thing, you know. But I do believe it's far more important to protect the grid and/or software than it is to satisfy my curiosity. People need to, at some point, make up their minds if they trust LL or not. If you don't trust the administrators of a platform such as SL then you'd be better off going somewhere you do trust.......that's my opinion. The very instant I find I cannot trust LL is the instant immediately before I uninstall it and never come back. I ain't there yet............and, so far, I can't see the day that I will get there either. Things change, of course........but as far as the last 3 or 4 emergency upgrades or patches are concerned I'm quite pleased. I feel better about the platform than I did just a couple months ago in fact.

That's because they don't care...

They feel that we're expendable in the face of the *millions* that will *someday* be retained on a new vanilla "web 3.0" grid system.

What the Lab's policymakers never realize is that word of mouth makes the difference on the web, and once you've screwed someone over, they never sing your praises. For any reason. Ever.

I agree, in principle, however badly the timing was botched...

They could have waited 3 hours, then proceeded, but they chose to inconvenience their customers on one of the busiest nights of the year.

He deserves to vent in the forums, at the least...

*smiles*

Hi all, logged in this morning, 11.40 am GMT, to find neither secondlife or emerald viewer displaying correct information and both are glitchy as hell, big graphical issues. My system is fine, so its not down to that. My home region is Foxdale (search under Running LAdy Productions to get a LM)
These glitches are wherever I tp to.. Ideas anybody??

First post and surprisingly interesting...

The security issue was in LSL in which executing

llGiveInventoryList(llGetOwner(), "crash-bug", [1]);

would instantly crash the sim and from what lil said it would cause simstates to not save properly and cause content loss. (I lost a no copy item I rezzed)

The big deal about it was that a simple line of LSL could instantly reproduce the crash with major consequences. At the time it was flowing around many of my scripting groups and it was being used left and right.

Good job to LL for quickly fixing this bug and saving people from many headaches because this was too easy to exploit.

Thank you, Melfina. Finally a real answer.

It boggles the mind that something that simple can cause that much disruption. I'd still like to know why this answer didn't come from Lil or any other representative of Linden Lab.