Is the god mode thing for real?

That is the smartest thing I have ever heard anybody say ever.

I'm glad you liked it.

Agreed!!
Yay! I have a new forum sig line!

I'm honored. lol

Yep this has got to be the funnest thread in a long time.

As far as I can tell the secondlife viewer is just a viewer. From object deletion to colition detection is all kept server side. This makes SL's base extreamly secure in its stucture, you couldnt even make a viewer hack to fall though the floor, as the collision detection server side wouldnt allow it. On top of that is what is rather unknown but it seems desent off as well. LL use of complete serverside shows a bit of intilligence.

The use of complete serverside generally makes all viewer hacks nothing more then toys, as thay cant be used to do much harm, and all harm can be controlled by any one who has permissions to do so.

As far as we know the author of such a program went up to a linden of emailed a linden and said: "Hay Mr Linden, I want to work on a viewer program that is relativlty harmless to extend the capablitys of SL a bit"

Once this little bit of comunication is out of the way, it is no longer in voliation of the TOS.


For all those who are worryed about hacking come out of this, dont be the kind of hacking you are talking about is completely another ball park.

Spyware or keyloggers though. That is a possablity.


Personally I would think LL would like such a project, the ablity to have bots in SL could be a big advantage, not only that, but the bots will be running alts - im sure it didnt excape SL's thinking that alts also bring in money.

Well, since the llSetPayPrice bug was client side... what else can be manipulated by reverse engineering the client?

llSetPayPrice is a scripting function - scripts run server side.

This was more then likely a serverside permission issue, perhaps overlooked. It would be the kind of thing that I would most expect.. Thay are something easy to over look, really when one is in a hurry.

llSetPayPrice updated an object's properties to show clients a "quickpay" price. Some scripters wrongly assumed that if they set the quickpay price there would be no reason to check how much money the vendor is actually paid for an object. There was a way to tweak with the vendor while you had the quickpay price dialog open, but you can still do the same exploit to insecure vendors using two copies of SL and have another an alt tweak with the vendor while the quickpay dialog is open on the first. This is not a serverside exploit nor a clientside one, it was people writing poor LSL code.

Bedlam, don't let this information stop you from advertising the God Mode product to a wider audience though. You should probably post a few more threads, and maybe write a blog about it .

My intent is to either get your product banned for violating the TOS, or have the TOS modified so it allows for such a product.

As for the llSetPayPrice bug, all you had to do was minimize the payment window, and maximize it again, then select whatever amount you wanted to pay... like L$1, for example.

It was in fact an issue with scripters not error checking their math, however, it was also a client side issue. It has since been corrected, which is why I mention it here, though the correction may very well simply be the inability to minimize the window.

There's no point in posting about it anywhere else but here, there are enough threads about it as it is.

Either the project needs to get killed by LL, or they need to adjust their Terms of Service to allow for what it clearly does not allow for now.

It is real but not for us to use. I got the following when trying.

Request for special powers failed. This request has been logged.

As ably pointed out - the problem was not in llSetPayPrice, but in poorly scripted vendors.

So the next question is, what other poorly coded bugs can be found and fixed? To make a successful "sky is falling" argument, you have to assume that bugs will be found, everyone will exploit them, and no one will fix them. It ignores the fact that some people are already exploiting bugs like the free upload technique, but now these problems are being addressed as they are brought to a wider audience. Or adopted in to features.

I got the GodMode program and I tried to create a universe with a firmament and heavens and make a bunch of life forms and it didn't work.

I want my money back.

O_o

Actually, no, you are incorrect.

The problem was that a feature in the viewer was defective. The poor coding is secondary to the fact that certain features are tied to the client.

Oh! You need the patch for that. Just come to the Pearly Gates, and St. Peter will have one for ya.

Oh, to be sure, the feature was buggy.

This doesn't excuse a simple step like CHECKING TO MAKE SURE YOUR VENDOR WAS PAID WHAT YOU EXPECT.

Vendors had to do it before llSetPayPrice, the introduction of the function is no excuse.

Calling it a bug is a huge stretch. Where did it ever say "llSetPayPrice will guarantee the client will only be able to pay the price that you set"? I don't think anyone has ever claimed that was the case, and looking at it from a general client-server security perspective, it would be impossible to enforce something like that. So lazy coders were relying on a particular aspect of the most popular SL client (the official one), that aspect changed and people claimed there was a bug somewhere other than the LSL scripts? Insanity.

funky, why does LL let the command to be set on residents thought it just logs you -.-.. you don't get god powers.. you just get placed on the history of doom because your not a choosen one(s)

Curses >.> but it would be nice though >.>

bought? lol you can buy the special powers lol

when were and how

Check my signature

I believe he would send me down below to be tortured for an infinite amount of time. Me and his boss don't see eye to eye.

Well...



Sure, other hacks are possible. Other bugs exist. A common programming maxim: "Every non-trivial program contains at least 1 bug and at least 1 line of unneccesary code". Of course, by induction, every program can be reduced to one line of useless code that doesn't work, but I digress.

My point is that this hack just activates a hidden feature in the client, and all but a useless fraction of it's features are locked unless you have an admin account. Most checking is done server-side; everything that *isn't* checked is probably a bug. LL wasn't aware that map position requests weren't checked server side until this client was released. This hack therefore *exposed* an exploit, which can now be fixed by the Lindens (or incorporated as a feature, at their option). Kinda like doing their work for them.

It all comes around to the security by obscurity argument. You can't just hide the details of a program and assume that makes it safe; better security must exist. To say that SL is inherently insecure because exploits exist is absurd, or at least useless. Every program has bugs. Every program that contains sensitive data of any kind probably has exploitable bugs. There's no way around that fact; programs of this scale are simply too big to avoid every bug. Parts of the program written by one person may interact in an unforseen way with part of the program written by someone else. New code can accidentally break old code. In addition, the client in threaded, and that's another beast altogether. It's ridiculous to assume no bugs will ever appear in the client. We wouldn't need updates nearly so often if that were the case!


Yes, but for a contract to matter, a party in the contract must dispute it. It is entirely LL's discretion, and they have chosen to take no action. They have stated their intent is to eventually open source the viewer anyway, or at least make the communication protocol available. So why would they try to stop someone from doing it now?