Linden Lab and reverse engineering (libsecondlife)

James Linden to libsecondlife-dev "]Hi there! I just thought I'd introduce myself before someone notices my e-mail address on the list administration pages.

I'm James Cook, aka James Linden, a developer for Linden Lab working on Second Life. I've been with Linden Lab since early 2001, so I've seen the progression from nothing to alpha to beta (LindenWorld) to release. I mostly work on the user interface, but I've been all over the code.

There are a few other Lindens lurking on this list. We're really interested in what you guys are doing. I personally love to see all the neat tools you've developed (an IM bridge!), as well as the bugs and exploits you're finding in our protocol stack.

Unfortunately there are some pretty steep limits to how much help I can give you, at least for right now. We're currently closed source and our protocol isn't published. Nonetheless, feel free to ask questions. Just be aware I'm not the official voice of Linden Lab, and I may not be able to give satisfactory answers.

James

Phoenix Linden to libsecondlife-dev "]Now on to what I can do for you.

We are in the midst of creating an http based capabilities system which maps into system resources. During login and as you move around the grid, those capabilities will will be made available to a connected client through a REST-like interface. We will provide some documentation for how those services work.

For the existing UDP message system, we can provide notification when there are significant protocol changes, but we would prefer usage of the REST interface once it is available since describing and supporting the changes inherent in the templetized UDP messaging system is difficult.


Thanks you all for your participation and support.

Donovan Linden to libsecondlife-dev "]Thanks, Phoenix, for publicly announcing our intentions in this area.

I am Donovan Preston, and I have been recently hired by Linden Lab to help spearhead this web services effort. We are just getting started but will be moving quickly once we have some required infrastructure in place. We have several goals with this project.

* Improve scalability by distributing load and data storage across machines, taking advantage of cacheability inherent in HTTP
* Improve security by presenting a uniform way which access is granted to internal services
* A "capability" is an unguessable url which confers upon the owner the right to access a resource
* A "capability proxy" is a machine which responds to this public url and vouches for the bearer's right to access a private resource
* Improve accessibility by presenting a uniform machine readable view of the world of second life
* Resources will be expressed in a simple XML format
* Access and mutation will be through HTTP GET and POST (as well as the other verbs), in a REST style

So, to put it simply, the system is designed to:

* Decrease lag by distributing load
* Increase security by simplifying access
* Increase developer ease-of-use by reducing reliance on binary protocols and UDP

I look forward to working together with the libsecondlife team to make your lives easier, Second Life better, and the world a better place!

Donovan

Cory Linden to libsecondlife-dev"]Now that Phoenix and Donovan have covered both the security email address and REST/capabilities, it leaves me little to but to say hello as another Linden lurker. I'm Cory Ondrejka aka Cory Linden.

The big picture of the next several months of releases is that we want to make efforts like libsecondlife easier both for us to support and you to improve. Making more of the system available via consistent protocols, enabling more fine grained control via capabilities, and a far more flexible UI system are the first steps down this path. The short term impact of this is that you should expect substantial changes in how the message system protocols function, but the new system will be far more maintainable and functional than what you are working with today.

Everyone engaged in the libsecondlife effort should be aware of the respect that you have generated among the Linden development team. We've been very impressed by your progress and hope that we can make it easier for you to apply your efforts to making SL a better product -- and place -- for everyone.

Cory

4.2 You agree to use Second Life as provided, without unauthorized software or other means of access or use. You will not make unauthorized works from or conduct unauthorized distribution of the Linden Software.
Linden Lab has designed the Service to be experienced only as offered by Linden Lab at the Websites or partner websites. Linden Lab is not responsible for any aspect of the Service that is accessed or experienced using software or other means that are not provided by Linden Lab. You agree not to create or provide any server emulators or other software or other means that provide access to or use of the Service without the express written authorization of Linden Lab. You acknowledge that you do not have the right to create, publish, distribute, create derivative works from or use any software programs, utilities, applications, emulators or tools derived from or created for the Service, except that you may use the Linden Software to the extent expressly permitted by this Agreement. You are prohibited from taking any action that imposes an unreasonable or disproportionately large load on Linden Lab's infrastructure.

You may not charge any third party for using the Linden Software to access and/or use the Service, and you may not modify, adapt, reverse engineer (except as otherwise permitted by applicable law), decompile or attempt to discover the source code of the Linden Software, or create any derivative works of the Linden Software or the Service, or otherwise use the Linden Software except as expressly provided in this Agreement. You may not copy or distribute any of the written materials associated with the Service. Notwithstanding the foregoing, you may copy the Linden Software that Linden Lab provides to you, for backup purposes and may give copies of the Linden Software to others free of charge.

And to put things in perspective...



Reverse engineering is listed as in violation of the TOS.

What I want to know, is why are individuals allowed to reverse engineer the client and make things like "god mode" when such things are expressly forbidden by the Terms of Service?

And to put things in perspective...

Reverse engineering is listed as in violation of the TOS.

What I want to know, is why are individuals allowed to reverse engineer the client and make things like "god mode" when such things are expressly forbidden by the Terms of Service?

Because Linden Labs has "authorized" it? ROFL!

Seriously.. the TOS is nothing more than legal asscovering and doesn't dictate policy. Company policy != TOS... some folks have found that out the hard way. *coughdmcacough*...

But hey, it seems like this project will benefit everyone once it starts seriously getting off the ground, and its also nice to see that LL is giving it their full support.

As far as god mode, i think simply "enabling" the linden menu gave access to something it shouldnt have (namely the ability to map people), which is going to be fixed server-side. Doesn't seem intentional to me.

Profiting from a hack/exploit should never be allowed.

And until projects like the "god mode" hack with the camera exploit are prevented from being SOLD, then the project isn't benefiting everyone. Mapping anyone, anywhere is nothing but a griefer's tool.

I agree. However, this is LLs problem, putting mapping on client-side. The mapping part has been useful, esp. when you have permission but don't wanna waste time with a TP request.

Is it in writing and available for subpoena?

Another thing.. how do you regard the camera thing as an exploit???

You're the first person i've seen who doesnt absolutely love having a free camera!

It's in writing on these forums. As has been pointed out NUMEROUS times. But you just keep trolling.

I'm not trolling pal, I have valid concerns related to this topic. And a forum post is not a legally binding contract.

Then email Phillip Linden. It is abundantly clear to everyone including you that libsecondlife is operating in the full knowledge and consent of Linden Labs but you keep challenging that consent. And the TOS line you love to toss around keeps saying Unauthorized. Since LL has Authorized libsecondlife it doesn't fall under that. There is a VAST difference between valid concerns about the wisdom of having authorized libsecondlife and your repeated TROLLING in challenging whether it has been authorized.

If you don't like what I am saying, either ignore my posts, or reply with more than grade school antics like name calling.

Until the residents of SL can be guaranteed that issues like the llSetPayPrice exploit are corrected server side, not with a simple "Can't minimize the payment window now" fix, projects involving reverse engineering will only open the potential for theft, not improve the SL experience.

The unlimited map is an example of a griefer tool available for sale, and a product of said "authorized" project. It's total BS.

llSetPayPrice worked as expected... Bad coding practices are not bugs. They're the fault of the programmer.

If it was a feature people were intended to have, it should have been added to the official client, not sold in some 3rd party hack.