Another Attack!?!

I'm dying laughing! ROFLMAOOOOOOOO

Not to be snide....

"Oh, little Johnny only shot 3 people before his parents took the gun away from him. Could have been a lot worse."

I admit I don't know all the factors involved in grid attacks. I don't honestly know if this shutdown was caused by the time-honored-standard of "self-replicating prims" or not (but the grapevine has it it was). All I know is, when you find out that there's a way to shut down your company, you plug the hole, period. No arguements, no if/ands/buts... you plug the hole. If your chief of security comes to you with ifs/ands/buts... you fire him and find a new chief of security.

You turn the perpetrator over to the FBI and he spends the evening explaining the matter to them... and then the next few months sitting on a hard cell bench thinking about how much fun it was to hack the grid. Then the perpetrator goes to trial and spends a bit more time thinking about whether or not it was really worth it. When he sees sunlight again, he might think twice before being that stupid.

We're constantly told that this "isnt' just a game". It's an economy-based society. So as an investor in that society, anyone have any idea how much it costs in RL $ every hour the grid is down? We're charged professional fees; we expect professional service. And that does not mean the grid crashing on a regular basis because of some unfilled security hole.

That's why I don't accept excuses anymore.

I have to say, as a semi-new Noob, that I think the Lindens are doing a great job. Why are some making a fuss that they should have taken precautions. I say, if anyone can do a better job, start your own SL company and show the Lindens you were right. I for one appreciate them. So this is inconvenient, it's a hassle, but that's Second Life. You can't prevent all attacks in SL anymore than you can in RL.

Hmm you bring up a good point I had not thought of before. If you were on a private island why was that private island taken down too. As we all know when you buy private islands they are clumped on their own servers and not a part of the main grid of servers. Things that make me go hmmmm. So these global attacks can travel across the water servers and attack these groups of seperate servers? why not just turn off the main grid and the water surrounding it? Dunno not that tech savvy when it comes to global attacks. Enlighten me folks if you can do so without personal attacks I will love you forever

Mar

"turn the perpetrator over to the FBI and he spends the evening explaining the matter to them... and then the next few months sitting on a hard cell bench thinking about how much fun it was to hack the grid.' That's one thing I will agree with you on. The griefers/hackers should pay for there crime, however, I don't believe that the onus should be on the Lindens. I'm sure they have the security in place, but like I said before, you can't prevent every attack.

Yes they sure did jump on it fast.

I saw the first few rez and IMed live support with makers name. They continued to multiple quickly but the sim I was in never crashed and after about 10 min they all poofed and the sim was clean.

Apparently though the idea of deleting everything with the name 'object' escaped LL as not being wise so we are now looking at rollbacks.

Now rollbacks bring up a different question entirely for me...what exactly gets rolled back? and for how long? I can't see how you can roll back only certain sims because that could leave people missing purchased objects AND still missing their money.

Can someone explain the mechanism of rolling back only certain sims?

Sky, as a semi-new noob, I can understand you having this opinion. In fact, there are a lot of not-so-noobs that think SL is just fine.

It costs $3,540 US to set up a private island for one year. That comes to roughly $9.69 a day. $300 or so a month.

There are people who make their livings on SL. Every time the grid goes down, so do their wages.

Every time the grid goes down, events are cancelled (not that events have been all that spiffy lately).

Landowners often count on "traffic" to help pay for their land. When the grid goes down, traffic stops.

So please don't take this personal, cause no intent, but the concept "if you can do a better job" is easy to say and a little naive; it ignores the fact that people are PAYING Linden Lab to do their job (and paying quite a bit). So when the grid continues to go offline due to repetitious griefer attacks... there is grounds for complaint.

I'm not trying to bust LL chops here. There's just a lot of folks who think it's time for LL to take care of these problems on a permanent basis, and not after-the-fact. If someone comes up with a brand new way to crash SL... hey, that's a standard risk of computer operation. But when they exploit the same fault over and over and over... excuses don't cut it.

Rollbacks have to do with individual sims. They do not (or so we hope) affect sales or individual users. Basically, a rollback changes a sim back to a previous time. Now unfortunately, if you just put out that new, non-copyable piece of furniture, car or home on the sim and they roll it back... yeah, you're going to lose that item. Any building you've done that day (or since the last sim backup) will be lost if you did not store a copy to inventory (which is why it's always good to make backups of builds).

Sometimes something just goes wrong and a rollback is necessary. We're glad that provision exists. But it shouldn't have to be done because yet another griefer exploited an already-known weakness in SL defenses.

If this was indeed another "self-replicating prim" problem... that problem should have been nixed a long time ago. Yet another unaddressed SL bug.

I am in complete agreement that griefers need to be stopped however there have been a few suggestions that I do NOT agree with as they punish the vast majority for the actions of a few;

1. Getting rid of basic accounts,
2. Removing scripting capabilities or restricting it such that valid projects are ruined.

I am COMPLETELY in favor of sending these guys to jail and publishing their behind-bar pics on billboards in SL as a warning to other twits that might attempt it.

I have to admit question on this as well. Last time a griefer hit the sim, I stood and watched as our private islands disappeared one by one. I had to wonder how it was that even a self-replicating prim could jump across voids and hit an island. Thus the question... why take down private islands as well?

Only thing I can figure:
* It's easier to just shut down the whole grid?
* There's no way to differentiate between private islands and mainland when doing a grid clean?
* Since sims are stacked on the same server with at least one other sim, in order to take down one sim you have to take down at least another one?

I don't know. Not sure how the system is built. Would seem though, that at least private islands could be left going while mainland was taken down.

Of course, it would also seem that this particular exploit should be plugged in the first place so it never happens again. But what do I know?

I know that given all the information and a day or two, I could probably come up with a solution. But I have better things to do and I'm not on the payroll.

your claim that it's quite a financial loss to many an entrepreneur and your gripe is valid in the sense that somethings could be done to prevent, if possible, but my comments basically were that I am sure that there are checks and balances in place. It's going to happen no matter how much is spent to prevent it. Had they taken the grid down last night, two nights or even 10 hours ago, it is going to happen and revenue would have been lost then. There are appoximately 95.2K citizen and the most online at one time being just over 1100. I don't know if you're a business owner or not, and I apologize if you are for your loss in revenue, but a slight loss of 4 hours of revenue (depending on traffic of what? Maybe $100.00 USD or less) is well worth it in comparison to Linden Labs, jacking up the price on every land owner, just to compensate for the little time lost. I know it's the way of the world, inflation makes the less fortuanate remain so. It's just my opinion and I'm sorry if that offends anyone.
BTW, I've enjoyed this debate. It's great for the mind and better for the soul.

said this in another post to my thery on it, is mabye its planned, since 1.7 had the same problems the day before release and at the same time as this

i love how every time something goes wrong its "an attack" on the grid

Same here. Sometimes I even learn a thing or two.

Over the years, I've discovered there are often ways to accomplish something if one is willing to do one of two things: 1) Look outside the box... or 2) Get back to basics.

I don't want to go into a lot of time analyzing this because as I mentioned, I'm not on the payroll. But I do know that there's a way to plug ANY security hole. So if we're being told that this exploit can't be corrected because it would affect legitimate script usage... that's just not the case. All it means is that someone hasn't done one of the above two things sufficiently to put an end to this exploit.

Example: for how long now have griefers used high-level push guns to blast people to limbo? Linden Lab typical response: well, we have to have push scripting because it's required in legitimate programming.

My question in turn: what legitimate programming requires a push script of 9 billion? So why can't a simple governor be applied in the scripting language to not permit excessive push figures? Why can't they add a routine that will not allow someone to be pushed unless they grant permission (as they already do with inventory gives and teleporting)? Simple solutions to an obvious problem.

All that these things need is basic application of common sense to arrive at a solution. It requires someone who is willing to think and perform rather than make excuses as to why something "can't" be done.

Are you serious?
Platform or not it is not a rock solid verified matrix of metaversatality. The sun still shines outside your window I'm almost certain. (read get a grip) If people want to spend multi $k usd on this system that is their business. No one is shoving a sim down your throat. Get off Sky's back, he is spot on. I personally don't give a rat's ass if a island sim goes down. You ever read the TOS before you click agree? If not, you should. Sorry not trying to bust YOUR chops here but, hell, yes I am.

High push scripts should not be used. I've been hit from behind and to my face, knocked into limbo and beyond. Yet, the Lindens are also right about it too. There should be a limit on the amount of power in a push script and if you're found in violation, then banned from SL. I see no need in banning the scripts entirely, but see very little use in have the high powered pushes.

Chees Lektor, on a rampage again? Don't you ever get tired of copping an attitude?

You know, it is possible to state an opinion without going spaz.

So...you classify this as "something went wrong"??? ROFL...now there's a useful classification.

Ummm...FYI, it WAS an attack on the grid. Did you actually witness it? I did. Please tell me how rapidly reproducing balls that push and spam "OH SHIT" propogatting from sim to sim can be called ANYTHING ELSE but "an attack on the grid".

What mealy-mouthed euphamism would you prefer we use?

Because SL is not yet a socialist run project. Why punish the thousands that may find a real use for those things because a small group aren't mature enough to be in SL?
Punish only those who go against the TOS.
You may not need any of the scripting features that could be used improperly but other people may.

You add that kind of control and most people are going to leave SL.
We have enough rules in RL without needing to have our hands held in a virutal world.
Just my opinion.

Yeah, that's the point. Dunno why some folks seem to think it has to be either all or none. People have this wierd concept that "freedom" means no restrictions. But common-sense moderation is what makes real freedom work. Freedom isn't the right to do anything we wish. It is the right to do as we wish within a logical, beneficial, sensible frame of reference. Beyond that is anarchy and chaos, which destroy rather than build.



See... that's what I mean. What is this nonsense? Putting reasonable restrictions on push scripting equates with a socialist regime? I don't think so, Tim.

Well that all sounds good, but a lot of it depends on how stupid the attacker was. It may not be so easy to trace them. They may have used someone else's SL or Internet account, or they may even have compromised the ISP they are connecting through.

Also, contacting the FBI may or may not bring the level of response that you or I think it should. After September 11 the FBI's turned its focus much more to combatting RL terrorism (I know, some would argue this is RL terrorism as people do lose RL income). I have no idea what kind of resources they would develop to investigate what I think most people on the street would characterize as a hack in a video game.

I'm not saying that the Lindens should not contact the authorities, but I think that in general technical problems are best met with technical solutions. If there is a bug somewhere that was exploited so that someone could modify or delete other peoples items, then the answer is to find and patch that bug. For the longer term, the Lindens might consider bringing in security experts to audit their code.


Kyushu

Anarchy and chaos is why we are here today.
Out of anarchy and choas comes order

Where is the rampage ? And it's LECKTOR. Seriously, examine your response and read mine again. I didn't think I rampaged. You were responding to a totally new person. I found it hilarious as I'm sure he may have. SL is not a serious platform and won't be for some time. To lay down multi thousands of US dollars is IMHO insane.