Is there currently some kind of permissions exploit out there?

But that was a pretty cute cat in glasses, hon...

I like cats in glasses.

I'm also the one that saw something of Cereal's that may have been copied, but I sure wouldn't want to levy any accusations against the maker of this item unless I was to see an original side by side. It is possible, after all, that this person just happened to make the same item. It's happened before.

There is a major difference between mentioning tools that require assembly language code programming skills and knowing the intricacies of network packets and someone posting about a tool that any user of SL, with no skill at all except installing the program can use to steal content. There are all kinds of things LL can do regarding encryption and other things to help protect against reverse engineering, they cannot do anything to protect against a tool that is accessing video card memory. That is the main reason for so much sensitivity about Jarod's revelation.

Yes that's why I called it a silly phrase. It's modeled after the GLIntercept discussion which included such classics as
Though it's apparently not against the TOS to make posts encouraging ripping the client apart. I know you didn't; but neither did he.
Though it's apparently not unwise to post the names of such programs because only wizbangtechies will be able to Google their associated websites.

But the Grand Finale was this thread that appeared a week later and was just a shining example of excellent posting etiquette. Okay okay it's clear that I wasn't really admonishing you for "letting the cat out of the bag," just explaining why Jarod wouldn't post anything he knew about it. The rules obviously don't apply to him the same way they do us.

I'm going to get in trouble for replying to this, I'm certain... All the network encryption in the world does little good when that very same info gets dumped directly into the video card's unprotectable memory.

But *edited to remove name*'s revelation was okay. Thank You; I see the difference now. It boils down to the rules obviously don't apply to Jarod the same way they do us.

Exactly, which is why there is a vast difference between a packet sniffer/disassembler and an open gl monitoring tool. My point was that LL can take proactive steps to prevent client hacking, however what you were posting about is not something that there is any real defense against, and requires no skill at all to use.

You are just being purposely obtuse at this point, it's fine. You have an agenda when it comes to Jarod, so anything anyone says doesn't matter anyway.

I'd just like to add that there is nothing LL can do to protect any content that is sent to the client, including geometry, textures, sounds, animations, or even terraforming, if anyone is selling that sort of service. I THOUGHT they could protect scripts, and maybe they can now, but they certainly couldn't last summer, and I was one of the people who got bit. Even if they tried to get SL to detect whether SoftICE etc. were running, that could be defeated in a couple of ways that I know of (although I don't know specifically how to do it, I know generally how it could be done.)

I could, if I were clever and knowledgeable enough, write something that would extract animations from SL as they were played by myself or others nearby, and export them to a format suitable for uploading to SL.

It would take a bit of time to do this, yes, but it's all possible. The conclusion I arrived at last summer is that having all of your hard work stolen is a possibility you must be prepared to accept. Also, that LL will not do anything to compensate you, nor go after the person who steals from you. It is one of the costs of doing business in SL. If anyone is not willing to shoulder it, then they should not do business here.

Oh! I get it. You'd rather feel your stuff was safe than actually be aware that it's not safe at all. I gotcha.

emphasis mine. worth repeating.

Errrr... right. You might as well complain that someone mentioned that people can use the hacker tools "cd" and "more" to read INI files! Anyone who's actually got the skills to use these kinds of programs to dig into a running executable already knows about them.

It matters if I say it does. That's how forums work. Everybody has to believe what I say and think the way I think. Y'all taught me that. If I have an agenda, I'll never get anywhere with it in this joke of an ill-moderated playground of a forum.

What was this thread about anyway? I know nothing of an existing exploit that allows people to change permissions on animation files. But then I know nothing of animations to begin with. My customers generally purchase one of everything I suppose because they want one of each type of plant. But it's not a fair comparison because there are only eighteen models and they're copy/no trans as that makes sense for landscaping material. Gee I should expand FG's offerings a bit.

Well now I forgot what we were talking about again. And you accused me of being level-headed enough to have an agenda ha ha ha. Please let us know what you learn from your inquisitions. It's interesting to share market-related data, unless of course it's a TOS violation.

Why if I took this forum seriously enough to abuse report people, this post would be on the top of my list you you you meanie you!

uh...

the logic of this escapes me...

jarod: "look there's this real danger out there."

ll: "don't talk about stuff like that. we can't/won't do anything about it."

christiano: "ll is right. they are protecting us by keeping the knowledge only in the hands of the people who might use it... as opposed to putting that knowledge in the hands of people who could try to defeat it."

knowledge is power.

willfully pretending a problem doesn't exist is stupidity.

The above scenerio is very likely considering how the previous exploits functioned. The key to coding a secure client is to not trust it - any modification the client performs to the world must be validated, any data sent to the client must not be vital. Unfortunately, what we've seen in the past does not seem to convey that this is how the client was made.

Ah, c'est la vie
==Chris

There is a big difference between "this exploit exists, you need to protect yourself" (though there is no protecting yourself from it actually) and "here kids, download this program and do this, this, and this and you can steal anything in SL and LL can't do a damn thing to protect you", and making sure as many people as possible know it. There is a such thing as responsibility of disclosure. Pretending that the end justifies the means is also stupidity.

All that you ensured is that even more people were aware of how exactly to steal content, per your directions. Congratulations, that is really noble.

This thread is bringing up a long-dead topic, and I believe it should be locked down to prevent a flame war.

No No No Me Me Me

This is the last straw Stone; i'm gonna kick your butt if you keep stealing my pets. Oh, can I say "butt" here or is that a violation of the TOS? or is it CS? Well doesn't matter anyway as I'm blessed with not being on the mods' or general public's hate lists. There I go sounding all agendish again.

The thread was not a long dead topic, as I was asking about something currently occuring. Khamon made the thread about you. You are right though, it is not about that topic and no further discussion of it is needed. I just wanted to know if anyone else was experiencing similar unusual buying patterns that may be indicative of an exploit.

yes, but on whom does it fall? i think it fall on ll to let people know their data is not safe. and in what manner. and how easily it to exploit. ll didn't do that did they?exactly. using "responsibility of disclosure" against jarod is stupid.

ll trying to silence jarod is using the ends (protecting the end users) by using questionable means (making people be silent).

yeah... you and what army? *ttthpphhttt*

in the event that there were (or is) an exploit, all you ensured is that even more people know it's there. congratulations, that's really noble.

under your theory, you should have asked ll first.

What bothers me about all this, how can I phrase it, is that I've seen people over the months of Second Life's tenure talk about quitting their jobs or abandoning their career searches to work in SL for a fairly steady income. They're mostly graphics artist who indeed produce wonderful textures to sell. They have no idea how vulnderable they are, have been all this time, to IP theft in such an environment.

Who has known? People at LL, that have worked with OpenGL from the beginning, but have only praised and encouraged these poor people who've pinned their futures on a hopelessly unsecure technology, have known. People who work with graphics drivers and hacking tools, but have chosen to keep this all a secret, have known. As a hobbyish texture producer, I suppose I should be angry that the bubble has burst. But honestly, I'm far more shocked that people who knew about it all along fooled me into thinking that the inworld permission system offered my uploads any protection.

It makes the entire project seem like a system organized to use people. Grifting they call it. Lure the mark into a false sense of security and take what you can until they realize how exposed they are. If you're lucky, some patsy will come along to take the blame and make you look like the concerned hero.

Are animation file capturable or reproducable in some other way? I dunno. Maybe I should ask the people at LL before I quit my job to pursue an inworld animation career. Surely they would have the decency to advise me against such a move if copying techniques were going to become pubically obvious and ridiculously easy at some point in the near future. Then again, it would be damn good conferance material to have me working full time in my Second Life, so maybe they wouldn't.

I suppose my hope, my agenda, is that people will finally see this software for the toy that it is and stop talking about using it professionally as though it were some sort of useful tool. That attitude puts people in harm's way as they invest money and time into what amounts to an entertaining parlour game. I don't know what else to say other than the cards seem to be collapsing but falling right back into an ordered stack.