Upcoming Changes for Adult Content: Answers to Questions

http://vteamblog.com/2009/04/09/second-life-answers-update-and-call-for-volunteer-beta-testers/

Thats the state of play for the new Yahoo answers style help, being rolled out in the Mentor group atm

and if there was enough demand a PG continent isn't ruled out either at some future date.

In case if you missed before, the reference to MD5 is in response to the question raised by the vulnerability of the HTTPS digital certificate
Hello. Are you out there? People are using MD5 to sign the digital certificates as encryption in the real world.

Of course, as if I don't know MD5 is merely a Message Digest (MD) algorithm as a hashing function for finger-printing a message of any arbitrary length to produce an output a 128-bit "fingerprint" or "message digest" of the input. It was designed as such to detect the integrity of the transmitted message from tempering or noise-contamination. But it did not prevent the real world from using it for encrypting the digital certificate in the internet. If you want to bark, please bark at the right tree.
Keystroke logger is in response to your ranting and raving about how you can simply bypassing HTTPS encryption by logging your keystroke before you enter anything into the web.

So does it worth having a heart attack over your own ranting?

There are more fun things to talk about than talking in a circle

LL's brown bag is over, so let's see what is the latest

I was expecting more text as my voice is not set up so it was a rush job to get it sorted while the meeting started. Then we had to send questions in via text and they were answered in voice in the main. Tho a couple that had the voice fully set up could speak. So if anyone gets invited to another ensure your voice is set up beforehand

I don't use voice, and I won't use voice. Ironically, one of the reasons is there's no transcript! Another is that it's MUCH more efficient to hold a multi-person conference in text... because while you can speak faster than you can type, you can read faster than you can listen.

Yeah I was also hoping for more text because of the time it has been taking to get transcripts out. Luckily I was prepared to listen just was in too public a space to speak.

one persistent question of mine (some might remember from a couple threads ago) was about neighborhoods, and they said that if we can work it among ourselves who we want to be near and all note that in the tickets when we submit to review for relocation they will take into consideration people who wish to be placed near each other.

still mulling over a lot of it otherwise.

Anything about providing people the tools to actually create non-public builds?

I said no such thing. What I said is that HTTPS protects the transmission of information from the provider to the receiver. It does that job pretty well. However, it does not control what the receiver then does with that information. They can for instance cut and paste or save the content unencrypted (using features in their browser - no key loggers involved).

In the same way, if I send my credit card details to say Amazon, I would definitely use HTTPS since it not only ensures that by credit card details are not hijacked during transmission but I can also verify that it will be Amazon that receives my credit card number and nobody else. However, HTTPS does not control what Amazon may do with my credit card number once they have it. I am basically trusting that Amazon will do the right thing and charge me for my order - there is no technology preventing Amazon from cleaning out my credit card (there is the fact that it is illegal, would not make particularly good business sense and may trigger a suspicious activity monitor of my credit card company).

HTTPS, and private/public key encryption is great when A wants to ensure that only B can be the initial recipient of information, and also allows B to confirm that the information was sent by A. It does not, however, control what B can subsequently do with that information. All current DRM methods (and future ones without radical breakthroughs say in quantum computing) rely on secrets embedded in software or hardware (and sometimes such arcane mechanisms to hide these secrets which can break legitimate software or activities on the same PC) and those secrets are easy prey to the determined hacker.

Matthew

not specifically that I recall

Well, it would have been almost _impossible_ for me. If I had attended, and found that the Lindens were answering only in Voice, I would have registered a very strident complaint, and stormed out of the meeting.

I guess my input will never be heard at these meetings. Or at least I'll never be able to hear their answers.

It doesn't MATTER what it is in response to. The point is you are calling MD5 something it is NOT. It is NOT an "encryption" algorithm. There is NO WAY to "decrypt" the output of MD5 back into the original information that was "encrypted". That's the WHOLE POINT of a HASHING algorithm. You CAN try to bank on "collisions" or do brute force attacks, but that doesn't make it a valid cryptosystem.



Then why do you keep erroneously calling it "encryption"?



I'm not the one barking.

The "real world" never used it for encrypting anything. They used it for what it was meant for: as a message digest for AUTHENTICATION. Authentication is not the same as encryption, and people who can't distinguish the two cause headaches in the "real world".

Encryption does not imply Authentication, nor does Authentication imply Encryption. A "signed" message isn't encrypted. In fact, digital certificates are quite readable by anyone. They have to be, otherwise, they couldn't be Authenticated.



I never said anything prior about "https encryption" and keyloggers. Maybe you are confusing me with someone else?

In fact, wasn't it you yourself who first mentioned "keystroke loggers" in this subthread?

The process is to encrypt the hash generated by the MD5 algorithm. Generating the hash is not an encryption step, MD5 is not an encryption algorithm. MD5 is part of the signing process.

Matthew

That's a good truism.

I'd also submit that having a "buffer" is of great utility. Don't have to endlessly ask for people to repeat what they said because it got drowned out in the din.

I felt very similar, especially as the invite explicitly said the meeting would be in text. I wasn't sure if voice would even work (I've had firewall issues in the past), and to be honest, I remembered why I don't use voice (frequent break ups and loss of sound even on a good connection - not enough to render it unusable but enough to be annoying and to miss the odd word).

Matthew

Who from LL was at this meeting? Blondin? Blue? Cyn??

I counted Jack, JP, Marty, Blondin and Pete

Guess they figured that if all the answers were in voice no records of what was really said.

1) In response to the issue of Maturity levels building on each other: 'Except that's not how it currently works. Right now, if Age Verified is checked, AND Group Access is checked, then Shopper Furball can get in despite not being Age Verified, because Group Membership is checked first. Are you saying that server 1.26 changes this?
ANSWER: Maturity is set at the region level. You can set other permissions at the estate or parcel level. Regarding group access and age-verified, you can only set one or the other at each level from what we could tell. This has not changed at all.

Examples:
Estate - limited to group, Parcel - limited to age-verified
Estate - limited to age-verified, Parcel - limited to group

can't do Estate - limited to age-verified & group
or Parcel - limited to age-verified & group

And when tested, whatever the estate was limited to took precedence, and if the resident could get in the estate, then the parcel permission took effect.

So, if Shopper Furball is not age-verified, if the estate is set to require age-verification Shopper Furball will not get in to the estate to even try to get into the parcel.

If the estate is set to group but the parcel is set to age-verified, Shopper Furball will get into the estate, but not the parcel.


2) Is there a timeline for when a Release Candidate viewer is expected that can exercise these settings? (Perhaps coincident with a "Beta grid" viewer preset to connect to Aditi, which is probably the only place with the relevant sim restriction attributes.)
ANSWER: The tentative timeline would be this summer (june / july)*

3) I rent houses, in a Mature Mainland Sim, I get all sorts of tenants, Vampires, Goreans, BDSMers etc..... What if one of my tenants wants to have a party and advertises it - lets say for the sake of argument its a regular Saturday night BDSM party which they advertise. Lets then say adult activities are had within the privacy of one of my rental houses. These are things being done by my tenants, not organized or officially sanctioned by me (though not forbidden either). Yet advertised by the tenant. So where does that put me? Are my rentals suddenly Adult? Must I move because of the actions of my tenants? How would you police and enforce such a thing?
ANSWER: It would be up to you as the owner to decide whether or not to flag your land as Adult or Mature. The situation in question would appear to be adult and the tenant would either need to be on a parcel set to adult, on the adult mainland or adjusted such that it accommodates the mature rating.

4) People who have many parcels separated in a number of different sims, if they declare the land as adult requiring a swap to Ursula, can they opt to join them into whole sims, or will they be swapped on an individual basis?
ANSWER: Yes, we will be able to accommodate this kind of request.

5) What about providing REAL privacy controls on the mainland (JIRA SVC-205)?
ANSWER: This feature request is not a part of the Adult project.

6) Will the 1.22/alternate viewers work with SL at all if you are not accessing adult content?
ANSWER: There will be a grace period in which the 1.22 and alternate viewers will work normally, however after the adult continent has been opened and the grace period has ended then the non-adult viewers will no longer be able to access adult content or search for adult keywords.

7) Will there be double prim land available to swap on Ursula as well as the standard land?
ANSWER: Yes, parts of Ursula will be double primed

How is LL going to notify people that it's time to get on the consignment list?
ANSWER: We will roll out the program publicly via the blogs and forums in a few weeks.

Long, Busy, Holiday weekend. We had the Land Brown Bag this afternoon and the audio recording should be available within the day or so. I've missed a lot so I'm going to go back a few pages and start catching up.

Blondin, please re-read the question. It was asking about if those viewers were *not* accessing adult content.

Are private estate tenants going to get any help with a move to Ursula if they're getting evicted from the mature sim they setup business due to the estate owner not wanting to flag his whole sim adult?

Is this being given top priority as a fix? If not, why not? I know, actually providing tools to let people solve problems is not part of this project.
What do you mean by "a PARCEL set to adult"?
The answer to the question as asked is "yes", no?

TRANSCRIPT?

Why not hold these "brown bags" in text so (a) they're more efficient, (b) there's a transcript, and (c) more people can effectively take part?

I'm pretty much off the train. I am at the station and was about to buy another ticket, but I'm going to have a seat on the platform and watch for now.

And still no plan to make notifications other than blog/forum.