Another Attack!?!

You can't shut down the grid with push scripts (not that I'm aware, anyway).

Just for the record (and honestly, I don't really understand why you made this "point"... a "maximum" of over two billion push doesn't really qualify as a delimiter, does it?

Just for the record... a "maximum" of over two billion push doesn't really qualify as a delimiter, does it?

Ordinal, you're arguing just for the sake of arguing. No one mentioned or even intimated that push scripts can shut down a grid. We're talking about unrestricted scripting as a whole... which CAN and HAS shut down the grid... several times.

Regarding your airline analogy... have you tried to board a plane lately? Were you able to just walk on with 15 bags and no restrictions whatsoever?

Again, your arguments are as old as the gun lobby. Do people have the right to use guns? Debatably yes (although in countries with gun bans, the murder rate is FAR lower than here in the US. Interesting statistic, eh?).

Does that "right" authorize gun manufacturers to build and sell automatic weapons or assault rifles? No, it's against the law.

Honestly Zuleica, I don't see your issue here. You're frothing at the mouth over a simple statement that scripting power needs to be regulated to sensible limits. By your philosophy, ANY limiting of scripting power is wrong, wrong, wrong. Maybe we should give griefers the script ability to access your personal information on the grid-- along of course, with proper warning and prosecution if they use such information for criminal activity.

Get a grip. Sensible limitations of power are a part of everyday life.

Well, I was talking about push scripts, and their use in griefing; I was responding to somebody talking about restricting the maximum value for llPushObject, by saying that there are loads and loads of ways to grief.

Grid attacks aren't really griefing IMO because they're not aimed at a specific person (I assume - perhaps somebody has something against the Lindens). More like vandalism or destructiveness. To definitely stop grid crashes by restricting LSL itself, as I understand it based on what I've heard about the attacks, you need to deal with basic ideas such as self-replication, and doing that can kill off some really fascinating things. If you can protect the system by making it more robust and knowing when things are reaching dangerous levels - or making sure that people who do this stuff deliberately don't - that's much preferable.

I wouldn't call LSL "unrestricted" at the moment either.

The attacking objects were physical, which have different properties. I inferred that your solution would include replication of physical objects, so that is what I deduced wouldn't work, if your proposal were to include physical objects, that is.

The root of all this really is users abusing a system, not creating artificial rules to contain that kind of behavior. The lindens may have tools to combat this, but the real answer is to aggressively pursue under the law the originator of attack.

Linden Lab has reluctantly chosen this path, but I'm glad they finally did. If this behavior becomes too risky to pursue, then we'll see less of it, without crippling the openness of the system.

To fix this latest attack:

If
self replicate = true
then
can leave sim = false

Exactly. Nothing wrong in preventing objects from replicating across sim borders. And the addition of one more line:

if simobjects = maxquantity then stop replication

would prevent damage to even a single sim.

I also agree with Maxx and others that the additional pursuit of criminal activities with criminal penalties is very sensible. But that won't really have an effect unless Linden Lab drops their much-questioned policy of not revealing the names of griefers. One of the greatest deterrents of crime is potential humiliation.

Linden Lab has told me that 'we don't reveal the names of those on the police blotter due to user privacy'. My response to them: criminals forfeit basic rights. You're not revealing personal information. You're revealing a game-name. Once a person intentionally commits an offense against the TOS, their right to any kind of "privacy" ends. In RL, the general public can access criminal records. So when a person intentionally breaks TOS, a public announcement of the penalty leveled and who it was leveled upon can go a long way toward closure for victims and prevention of such things happening again. And it needs to be posted on the blotter for more than just a few hours.

Griefers hide behind anonymity. So instead of an anonymous posting on a police blotter that lasts for a few hours and then is gone... put their user name and punishment on the blotter for the next 30 days (90 days for a "griefing with attitude". And to further add to the impact, disallow them opening an alt BASIC account for the same period of time. Agreed, that won't stop ALL griefing (nor fraudulent account access)... but like it's been noted, locks are a deterrent, not a guarantee. It will help.

You know, I forgot, I'm having very little to do with SL these days. Any company that for months leaves open a great big gaping hole that they know can crash their grid any day of the week, and that for months has known about system bugs that change permissions on merchandise and other builds... well, that's pretty much hopeless. Dunno why I'm debating sensible SL modifications on these forums. Old habits die hard, I guess. Back to RL and more valuable things.

Yes, but unless we suddenly get a triplet team of psychics to estabish a PreCrime division, you can't actually bust someone for things they might do. The account that launched the abortive attack the night before was banned (or at least no longer shows on Find) and I'm sure LL was investigating. Granted, given how pitifully easy it is start a new account, that remains an insufficent barrier. OTOH, legal investigations of crime take a damn sight longer than 24 hours, and there's no guarantee that the person who launched this attack had a thing to do with any other attack... so, your comparison does not quite hold up.

The "database script goes wild, devours grid" mishap I'll gladly call LL on, and so should we all, but the response to the attack itself? About as well-done as you could hope for.

Also, even if we do establish PreCrime, you know Tom Cruise is going to come and bust that stuff up.

As I've said before:



If SL isn't stable enough for you to "make your wage", make your wage elsewhere.

Aliasi, this may come as a shock to you, but people do get tired of you telling them to log off and go elsewhere. Everyone has just as much right as you to voice their opinions, both pro and con. And since we are paying the bills here... we do have a right to say something when LL isn't doing their job... even if that doesn't agree with your opinion.

So you might want to start chilling with the "love it or leave it" attitude. It's a bad attitude, no matter where it's applied, and I've heard it one too many times. Whether I or anyone else decides to stick with or leave SL... that's OUR choice, not yours.

Well, there are people who decide to do so. I for one, have put up with more than a year of problem after problem with SL, and I've decided to majorly cut back. No more event support, no more people management, no more promotion of the system. It's not worth my time.

There are others who do the same thing I've unwillingly done for the last year: they point out the emperor has no clothes and try to get the emperor to wake up to that reality and put some clothes on (we remember in the story, the Emperor continued to parade around naked even after the truth was apparent). And frankly, they're the ones that once in a while manage to get improvements made to SL.

Then again, some folks just walk around like cattle and munch on whatever LL decides to hand out. It's just like Micro$oft groupies with Windows: they just love it... mainly because they're relatively OS illiterate and have no clue as to how a good operating system should perform. Hey, if putting up with continual SL problems and crashes is what someone wants to do, their decision. But then they should expect no recourse when half their inventory disappears, their builds tear themselves apart, the next update prevents them from ever logging on again because... well... can't be a Linden Lab suckup and gripe at bad performance at the same time.

Some folks seem to have the idea that Linden Lab is in charge, it's their system and they can do no wrong. Hey, if that's what floats their boat, fine. Of course, that ignores the fact that we pay the bills. If they don't mind paying heavy fees to Linden Lab and accept whatever they're handed, continual bugs and all, I'm sure Linden Lab will be willing to take their money.

I dunno what this came out of, but I believe we were discussing patching the HOLE, not the people likely to use it.

This very same method was used to destroy Ahern Welcome months ago. If I found a hole like that on my system, that hole would be patched in 24 hours flat. Since Ahern, to my knowledge we have had a minimum of two major grid-killing exploitations of this same security hole (and no telling how many more on sim-level that the general public is not aware of). Since there is a simple solution to this problem, seems irresponsible to just allow that to continue month after month. Is that what we pay for? Is that professional?

Folks wonder why some are dogging Linden Lab for this recent grid problem; that would be why. LL does bear a certain responsibility and accountability for system safety. Ignoring known system security exploits and failing to correct known bugs is not providing for the needs of their clients.

The sad thintg here is that Something Aweful.com has been heard to be at fault, through rumors. With all thier anti-furry types, wouldnt they hve taken down the biggest ufr-area in Second life? The three Furnation sims. But I myself think there isw a simple solution to this. If, and when an object is spawned with a copy of itself inside, a tracer is immediatly set on it. If it starts spawning mor ethen a certain amount a minute, the scripts are stopped on said objects. For the hell of it, why not script something for every sim, of our own makers, to stop anyone else's objects crossing over sims thrugh replication!? I know it souns complicated, but there ar e so many ways we can stop thi,s it just takes time

Well, SA might have had something to do with it (ruddy likely, if you ask me), but the really sad thing here is that as you pointed out, there are several ways such an exploit can be stopped... and Linden Lab just hasn't done so. They just allow their grid to keep getting hacked, over and over, with the resultant loss in man-hours and client expense. Man, if I were CEO or a major investor, I'd be kicking butts between ears. That's so irresponsible it's beyond sad.

You know, I really wish LL would start behaving in such a way that this pic was no longer relevant...

My personal information is not part of the SL world though is it? What we are talking about here is the ability to build and script freely within SL and with connections to OUR own information outside of SL. Personal information would be an invasion of privacy both within SL and outside of SL.

The point I'm trying to get across is that I have seen countless posts about limiting scripting...even to the point of getting rid of it altogether and make SL just another MMOG. Where do the limitations stop? Please tell me what that boundary is and how you go about setting it in a way that doesn't lead to further degredation when the next grief-flavor-of-the-month appears?

You can't deny the very real possibility that once limiting scripting becomes the tool of choice to stop griefing that it will likely be used to an extreme that makes SL continually less useful.

SENSIBLE limitations are a part of everday life. However the attitude that you fix a purely SOCIAL behavior with technical limitations is simply ludicrous.

Techinical limitations don't change social behavior at all, all they do is make the tool...in this case the SL platform...less useful. Griefers will simply find another tool to use.

I am proposing that ALL social engineering avenues to curb the anti-social behavior be used LONG before technical engineering avenues are used to limit our abilities in SL in an attempt to also limit the anit-social behavior.

In the past this wasn't possible because law enforcement simply wasn't willing to pursue computer crimes as readily. Today things are changing and I'd really like to see that change accelerated so that it becomes unnecessary to use technical limitations as a tool to prevent anti-social behavior.

Agreed. In fact, I earlier posted that one of my major concerns in this is that as with so many things, such script restrictions would be done with a lack of moderate judgement and make those scripting functions powerless altogether. I've seen a lot of that happen on SL (witness the recent Hover Tips debacle. Never make a small mod when a major snafu will do).



Why is it ludicrous? It is obvious that anti-social behavior cannot be corrected by warnings or even punishment. Look at the overflowing prisons in RL to realize that. But make it IMPOSSIBLE for someone to perform a crime... now that's a real solution. You don't have to completely obliterate a function to make it less "griefable". Again... the application of common sense is the solution. It's just as possible to go overboard one direction as the other.




And when they do... that tool can be modified if that is what is required. That's how computer system security patches are done; when you find a leak, you fix it. Really, Second Life is no different than any other networked computer system. There is a real tendency among Linden Lab to treat it differently... and that is where a lot of their problems lie.



If I were a betting man (and I'm not, because well, gamblers are idiots lol) I'd wager than one year from now, keeping to its current course of not fixing the bugs and warning griefers of impending doom without publicly announcing follow-through... that Linden Lab will still have people exploiting this same problem.

They announced intent to prosecute how long ago now? Did that stop THIS hack? Why would you expect such to stop future hacks? It's not going to happen. Warnings, threats and even incarceration don't stop criminals in RL. Why would you think it will stop them in SL?

Reality check time: the only way to stop computer crime is to make computers technically impenetrable... which is a fact that even Micro$oft has come to realize over the last year or so. It's also a fact realized by just about every computer-based company in existence. So why LL doesn't get the hint is beyond my understanding.

There are also methods that may have been used in order to make "intent to prosecute" as far as LL will be able to get. If they used stolen CC info to sign up, are reasonably well masked as far as their network information, or for that matter using a system other than their own/a public system, finding the RL identity behind these attacks could prove rather difficult. Not that I would give these grid crashing idiots the credit to have actually done any of this, but its possible.

If free basic accounts means credit card numbers aren't being confirmed, then free basic accounts are a very bad idea. Charge $0.10 but do something to make sure that people actually are who they say they are.