Linden Lab and reverse engineering (libsecondlife)

Then LL needs consistency...intent vs letter...that is the slick slope down to favoritism and unfair implementation of the rules (for you the favored, intent...for him, the unfavored, the letter). There is no point having a TOS, then doing a wink and a nod to violations of it. Modify it to make the project legit, enforce it on the project or toss it out altogeather instead of pretending it has a reason. Consistency is important...and should be respected by both the end-user and the creator of the rules.

Same field, Terry. Had a fairly disasterous run-in with an OS / hacker-type on staff years back, to the end result of 3 months setback recoding the project and all SORTS of grief to those that survived the purge that followed. I hear people talking like many of these posters and all sorts of red flags go up as to trustworthiness and intentions. I have found there are two kinds of programmers among those I have worked with, the hacker-coder and the professional programmer. The latter I trust implicitly, it is their career and not a game to them...the former, well...personal experience speaks volumes about their ethics, and they are they kind that seem to be posting here.

And its much nicer on the hardware side of the house (with occasional forays into project management / implementation) than the code side of things.

BTW, definitions DO change over time....if the majority of the people (unfortunately) decide to change the meaning of the word, the meaning changes. Take for example gay = happy, but now it means an orientation. Hacker MAY have meant harmless experimenter at one time, and may still hold that meaning to a small social grouping (OS types) but to the bulk of people, it now means malicious coder out to cause damage. No way in hell I would use it to describe myself, regardless what I was doing for a living or a hobby, no matter how cutting edge or neat it was.

That's cool but just make sure it's kept closed source because someone might call you a hacker!!!

Sorry, but you need to get real. The "terms of service", as the wording itself would tell you, if you weren't concentrating too much on keeping your head stuck in the hole of bias, are not just conditions that users need to follow, but they are conditions at wich LL HAVE to offer their service to users.
So yes, if you can't get it by yourself. LL HAS To legally follow the TOS, like it or not.

On another hand, all the "i'm an hacker!" boasting kind of makes me smile more or less like the mmorpg kids that get a pixel gun and think they're so 1337....

Actually, LL doesn't have to follow the ToS. You do. These terms "describes the terms on which Linden Research, Inc. ("Linden Lab" offers you access to its services." LL is the one calling the shots, it's you who are subject to the ToS.

Maybe you need to reread your own quote. the TOS, like every agreement, is mutual. As much as the end user is subject to follow those rules, the provider is subject to provide the service at those conditions.
While the user abides to it by signing in for the service, the provider abides to it by publishing it. Making it, in fact, a mutual agreement. Like it or not.

No Kyrah, threads like these are important. They're like honeypots so we know who to ban from the private discussions when we're talking about the latest free money or permissions exploit.

Yeah, it's not like we have any form of transparency or even public mailing lists with archives

Actually, it seems to me as if they are generally the ones *most* concerned, here or on any other forum

Then tell us what you want explained, Maklin.

I did not develop libSL, so I have no vested interest in the project.

I have, however, downloaded it, compiled it, and checked it out, so I'm familiar enough with it to answer any questions you have.

If you have any question about the functionality or design of libSL, post it. I, or someone else connected to the project would be most happy to address your concerns. Do you have a list of specific concerns, or are you just opposed to third party involvement as a rule?

Suezanne: libSL is a client replacement library. It essentially replaces the SecondLife.exe program that runs on your computer. With a recent development, it can also act as a proxy by passing messages through itself. In no way does it actually modify SecondLife.exe.

The whole God Mode thing is actually a trick: the program simply sends the network message: "turn on God Mode". The only way that the snapshop system could be reverted is if LL offered that functionality in the client already - in which case, someone would probably have already discovered a "turn on old snapshot mode" in the protocol file (that is, by the way, plain text).

Maybe you (and some others) need to re-read the TOS (emphasis mine):

ahh. the ol' "obscurity argument".

Do you want to know how well that works?

I'm a professional programmer. I recently helped someone build a client/server application that utilizes SQL server over the Internet. The program was, unfortunately, insecure because of the lead dev's decision to use a certain tool from Microsoft. His reasoning was "only a few people will use this - the general public won't even know it exists".

In short, it wasn't a matter of a month after we got the project on-line before someone had cracked the server and brought it down.

Obscurity is no help. Just like in the real world, the best cure for cockroaches is a very bright light: to open the source code and the protocol up and let people fix the problems.

It's a long-accepted axiom in the security world that the only way to prevent security flaws is to fix them. If you try to keep a known flaw secret, someone will indeed discover and exploit it. When that happens, you're hosed.

Plus, there is a legal ramifaction: if you know about a vulnerability that could affect your customers, and you say nothing, and the system gets hacked and people lose real money, you can actually be held liable for some of the damanges through your act of omission.

No, keeping the knowledge to a select few doesn't work. The only thing that DOES work is letting people find the problems so that they can be fixed.

You might want to contact an attorney and ask them. You'll find you're mistaken.

If LL wants to do something that contradicts the TOS, they need to modify the TOS first. At least that's what the attorney I contacted told me.

My question to you and your lawyer is, where exactly is LL breaking the ToS?

That's beyond the point. If you reread my posts and the ones i answred to, you'll see that i merely corrected a quite silly misconception that seemed to be fairly maliciously aimed at feeding the masses the idea that the TOS is like toilet paper and LL is not bound by it. Wich is absolutely false, the TOS being a mutual agreement.
Wether LL is breaking their own TOS i'll let others to judge (it's true that they are quite stomping on it, in other cases, as per Philip Linden's personal admission, wich doesn't testify positively about their level of professionality, i'm afraid).

Other than that, i still say that all the hacker talk is absolutely rediculous, but that's quite a personal opinion.

How useful are open standards anyway?! It's not like anyone uses them over the more stable and secure proprietary standards.

Sounds to me like you've tried to use CSS.... it should be renamed to "NTBTS", or "No Two Browsers The Same".

I've never had a problem with CSS... Now, tables.. those are hellish to deal with.

Ok, for the hell of it, i went and re-read the TOS.

The section in question is quoted below, emphasis mine.



The way i read this,

1. LL *HAS* authorized the LibSL project.
2. LL *HAS* given their written authorization (Ok, typed, but this still constitutes a digital signature). There even may be written hardcopy consent given to the person or people presiding over the project. They are under no obligation to prove such consent to us, but:
3. If LL did not authorize this project and wanted it to end, they would put a stop to it and probably punish those involved.

It boils down to the "hackers" have been authorized by LL, clear the TOS, and no amount of whinging over the mapping problem is going to change that.

There's a trick to that.

Draw it out on paper before you start. figure out the row and col span ahead of time.

THen it's easy. =)

Late on this (and on vacation) and uninformed, as I haven't read past this quote.

But no - I don't like that thing about mapping people.

coco

Yes, well, I do and would hate that worse.

coco

Linden is planning a serverside fix for this.

Thing is, without libSL or the godmode coming out and announcing it to the public, more secretive individuals would have used/were using it for malicious purposes in private. Exploits found by libSL are immediately reported to LL. Banning libSL is therefore counterproductive.
==Chris

Hi Coco,

I just have one question for you ;0 What exactly were you refering to with this statment? Heh.. I can't tell what point from the original quote you were speaking to.