Suspensions for discussing exploits in the forums

Exactly!

coco

Thing is, if that "also" is the reason for the ban, it should be made clear. If you're suggesting this is the justification (and I would not be surprised if it is), then that should have been part of the canned response. Leaving that part out states directly otherwise, both to us, as to everyone else posting.


Good. And this is commonly the proper procedure when it works (and it's a crapshoot in my dealings with them).

The problem with that, however, is that most Lindens will instead tell you "please submit a bug report by clicking it from the top menu." This is absolutely the wrong message to tell people when a critical bug hits, because the bug system "kinda sorta, but not really works."

If you saw through that mixed message and got the bug to them, good for you. Really. It's more a matter of making this process efficient, such that people do not get seriously teed off and post it here, knowing that as a last resort it'll be read.


I cannot speak for the entire body of the forum discussion (having not read all of it, given things get lengthy rather quickly). However, going from the top posts and those I've read banned, I'm not impressed by the conduct here. Some of these people were genuinely trying to help, poor phrasing or not.

Stepping on their toes sends a pretty bad message. Not because they may or may not have "deserved it" as you put it. But because it shuts up other people that feel their actions have been and will be ineffective.

It's not a matter of justification because it's spelled out in the TOS already. Also as I said, this policy is *normal* in most other MMOGs, that is, use or disclosure of an exploit gets the big penalty.

The reason for the ban needs only be clear to the person who was banned. Other than that they want to preserve the privacy of the person banned. By keeping the details private they save the face of the person banned, which is important if the person did violate the rules but is otherwise a good resident. They leave the resident with the option of serving the penalty in private.

They don't need to tell us who got banned, nor the details surrounding it. The person banned however can reveal that information to us if he/she wishes.

In the last MMOG I played names and violations were spelled out in the forum. No one was exempt. Even some very famous people got public announcement of their suspensions and such. That's the alternative.

How to get something into the bug report system?
1. Objective details.
2. Very precise reproduction method.
3. Well written, clearly documented results.
4. Neutral toned reporting (no OMG!! etc..)
5. Patience and Persistence and willingness to wait until someone is awake and in the office.
6. Reported as privately as possible through proper channels.

Now this makes me wonder, if the Lindens were so concerned that the bug was being described a bit too much, that they didnt get the bug out at all, there fore they over reacted by suspending those who said too much about how it worked. I mean if the bug was out..why worry who discribed how to do it, it wouldnt have mattered at that point.

dont mind me, i love conspiracy theorys...but it does make me wonder...

Except, some of those banned stopped short of full disclosure quite deliberately. Further, the token of "most other MMOGs do X" does not make it right in all cases, nor does it here. We call that a bandwagon.


Which is fair and nice if that followed as policy. However, my experience in this is that it's less about maintaining privacy and more about preventing flame wars from erupting around these issues. These threads sound more like "help help, I'm being repressed!" daily because, frankly, it is repressive. And yes, a few just like to complain.

Many of the questions that also stem from these, like the need for transparency of the process and addressing the difficulty of getting information validated, are legitimate ones. Not being able to do much more than "hint" at the matter only complicates things, forcing people elsewhere.



And how, exactly, is that possible within their system? Isn't that the whole point of a ban?



This is correct, and is one of the things that should be more effectively presented in the process. I realize it's mostly common sense, but understand many people have become quite annoyed already.

I've gone through the bug-reporting process dozens of times, and still have yet to find a response faster than going right over its head. This is a problem that needs to be addressed.

Becuase short of hacking, exploits cause the most serious damage to game integrity wherever you go, SL is not an exception. It's not a simple bandwagon. Exploits as you can see from the most recent shutdown are serious trouble.



Alts, non-SL fora, and other means of private communication like email and instant messengers. Friendship networks in SL do not always rely on SL communications.



The main problem is that for so many people, annoyance gets the better of them and they wind up making a terrible report. Maybe for the texture bug it was good that I did the reporting since my business does not hinge on textures.

The most important element of a bug report is the replication. The method must reliably reproduce the bug. Bottom line here is if Linden Lab cannot reproduce the bug, they have no way of working on it.

Except, doesn't logging in with an alt constitute a violation of that same TOS? And how is SL, which is marketed as a free system, truly free if we must rely on said alternate forms of communication?


While I'll agree that hacks and exploits cause the most severe short-term damage, killing the messenger and creating a general atmosphere of apathy are far more suicidal for the long term. Customer support in this scope has needed a revamp for some time. Actions like this only drive a nail into the coffin.

It actually is, possibly a violation.

As for free system, like iRL laws can curtail freedoms. But SL's jurisdiction obviously does not extend to alternate communications.



Not sure about that the suicidal part because other MMOGs have weathered similar problems many times. The point of killing the message is to slow the spread of the exploit information. The longer the text stays visible, the worse it can get. By merely putting out the text, the messenger becomes party to causing additional damage. This messenger had the choice to delete the critical portions, as I have chosen to do.

On a forum everyone can visit such as this there is a distinct difference between

"LL, there's an exploit here regarding <item>, please contact me in-game so I can give you the details."

and

"LL, there's an exploit here if you <procedure> <procedure> <procedure>."



Finally, how can it be promoting apathy if they announce that there was a problem, which they did as they took down the grid?

Because it's perceived here that the forum posting is what brought the message across. I realize that the forums != the whole of Second Life, but if this mirrors actions taken in-world (and in some cases, it does), then it's a bit disturbing.


You and I approach this matter from two different perspectives, by the way. Back in yon olden times, SL put itself in the position of not trying to be "just another MMOG." I make some of my assumptions on that, and based on the whole "yay, we dun want to be teh metaverse!11onetwo" posts here and there, occasionally by Lindens themselves.

In the scope of "just another MMOG" -- yeah, you're right on most counts, for the same reason players of WoW persisted through the Warden client and several other changes: people just want their fix. In the scope of what SL originally set out as, this "nifty, grand, open platform thingy we don't have a name for other than metaverse" -- it sucks.

What I'm saying here is Linden Lab is approaching the matter of customer support as "just another MMOG." If this is what you want out of it, then by all means. Personally, I've been here over two years and seen the pitches and transformations of the grid. I expect far better out of them than a boggling QA procedure and stifling comments on the forums to just "preserve the game," while completely trashing all of the clout this set out to be a few years ago.

Just to set things straight, I do not consider SL to be just another MMOG however it does possess so many of the attributes of MMOG management that are relevant in this case.

I really have no idea how Linden Lab could approach the exploit disclosure problem without creating some friction somewhere. On the one hand if they don't penalize how do they keep it from repeating? On the other hand when they do penalize, many will complain. If they gave varying penalties people will start comparing. Do you have a good suggestion in this regard how customer support should have handled it?

I take exploit issues seriously because its analogy in the real world is giving out the means of destroying the world, which in this case got very real with people being able to delete other people's stuff.

Finally, if you feel that you'd like to see more of that early-days clout perhaps you should go into email correspondence with the right Lindens. I'm sure they would be happy to correspond with someone who has the best interests of the community and SL as a whole in mind. With the exception of the automated receipt, I didn't get canned responses to my exploit report from either Brent or Torley, most especially not from Torley.

The interdiction to discuss exploits needs to be made clear. That being said, it is very sensible and people should get suspended if they discuss them publicly.

Yes, SL is not just another MMOG but the policy is relevant. Try to post about exploits there and see how fast your thread gets deleted and you get suspended.

The only people who need to know about how to reproduce an exploit are the Lindens. And yes, you will probably need to go an extra mile to make sure they are actually aware of it. But it's generally worth it for exploits. Apart form that, don't disclose them on the forum and don't quote them.

Wendel

Okay. So, frustrated about the process and taken aback by being banned off the forums, these people will now happily go to SLuniverse, SA, or 4chan and discuss them there. This is not helpful.

What needs to be is a simple procedure for disclosing such exploits, above and beyond the generic bug reporting process. If the matter is grave and severe, a resident should have the option of the panic button. If said panic button costed $1-5 USD to press (or a sum of L$), this would serve both to limit the number of false alarms and frontline the severe bugs. More so if the residents pressing it were given a reward or at least compensated the funds when there was, indeed, a problem.


Simply, what I'm suggesting is to not lock up people that publicize these flaws if they attempt to do so tastefully. It is quite similar to many countries locking up cryptography researchers that post white papers on the state of a security flaw. These are people, posting to these forums, where Linden exposure is high. Such an intent is either suicidal or aimed at being helpful.

And Aodhan, trust me on this one: while the intent is good, I don't think going to those Lindens will "bring that back." While I expect there to be friction, I also expect the Lindens to improve upon the process. The latter has yet to happen.

Well if you have some good constructive and workable suggestions, do approach the Lindens about it. If nothing happens at least no one can say that you never tried.

Today we get another update. Among the changes are fixes to two bugs I had reported, including the texture theft bug, and push permissions for landowners similar to those that I kept advocating. We will see a big decrease in griefing by tomorrow (and probably will go deaf with new bug reports, LOL).

But that update list made me very happy. Some hope is on the way.

Looks like I will be immersing myself in PHP and SQL code tonight while the update happens. That is if I don't get tempted to log on to the preview grid.

Yep. I have. For the past two years. Lack of response is half the reason I generated many of my projects.

Though I did go for that Push-being-landowner-only, so it's good to see it in there.

@Jeffrey

Going to be stepping out but I must say this. Thanks for a wonderful discussion. It's really great being able to argue so civilly and disagree agreeably over such a controversial topic.

And here's hoping to say goodbye to a lot of bugs and hello to some long awaited relief 7 hours from now.

A.

No problem. It's what I do.

Is SL a fascist state? : /148/d0/79527/1.html

It seems to me that LL is harsher on these suspensions than they are on griefers and the theives running around SL stealing textures or pretending to be sale managers.

It does certainly appear that there is more than an acceptable amount of inconsistency here.

I would be interesting to know whether those who handle abuse reports in-game actually play, and understand most of what the reports actually contain?

Lewis

*snorts*

It does appear they have no concept of things, does it not?

~Jessy

I'm a bit stunned, myself. Apart from anything else, I find myself applauding all of Jeffrey's postings .

I didn't get to see Cristiano's posts about the exploit, because the links were taken down by the time I looked, but he says he didn't post details of the exploit and I believe him if he says so. I said myself that I wouldn't have blogged about it, but actually if he didn't post details and only a warning to others, then I might have, and I don't think he deserves a suspension.

What we do about exploits and bugs is bound to be informed by our previous experience, and if previous experience leads us to think that the Lindens maybe slow to respond, then I think warning other people that there is an exploit is a reasonable thing to do. Especially since they initially only closed the grid to new log ins, so that a lot of people were still in world and able to use the exploit should they choose to. Francis Chung posted on SL Insider (link below) about her previous experience, which indicated a rather slow and lax response to a previous bug, and that is bound to have informed what was done.

Yes, Brent has posted details of what should happen in future, and reporting detail etc to the Lindens is the right thing to do, but we need some measure of consistency in the way that things are dealt with, and the responses to exploits/bugs. If you have had the experience, as I have, of asking for help with something that is broken, and finding that each time you ask, it is being "investigated" without even coming to a conclusion over the course of a number of months, you do begin to lose faith in the system. Sometimes even coming back with "oh damn it we don't have a clue why your parcel stream only works for Lindens" would be something....

When you religiously report bugs over the course of a version, only to get 20 emails saying "we think we fixed this with the new version, kthanxbye" and it proves to be UNTRUE, then your faith in what you are told, and in the system -- and the incentive for reporting bugs and engaging in the process -- begins to be undermined.

SL needs to sort this out pronto, because someone has already posted to SLI saying that they won't ever report bugs for fear of banning, and as they rely on residents testing and feedback that really can't be a desirable outcome of this case.
Cali

One would think that Linden Lab would have better things to do other than to suspend people over forum bull$hit.

This proves reason #298723792.7 why the forums suck.

Agreed and more focus needs to be shifted on what should been high level offenses versus low level offenses.

High Offense = texture thieves, grid attacks etc.

Low Offense = forum nonsense etc.

My feelings exactly.

There's no real reason why forums and game suspensions should even be connected in the vast majority of cases.

Lewis