So, who's gone out of business?

The real evil here, the real crime, is a bunch of people complaining about something so much that it becomes a real problem.

It's like this is a crisis - when it's not. This group-think "sky is falling" mentality is 'shaking the confidence' of people who don't realise that this is just a non issue.

What about all the texture writers who have their textures stolen? What about the builders who have their builds stolen, prim by prim?

What makes the coders any more important here? Primming and texturing is pretty hard too, but I don't see any mass freak out over that.

Anyways - like I said, time will tell. But I think you'll find that there is very little material impact by this, other than the mass hysteria.

You are completely missing the point.

I am not suggesting that the code is valuable as example code, or that techniques in the ones you have seen are somehow useful or valuable. I did not say that, don't put those words in my mouth.

There ARE scripts around that depend on particular channel numbers or commands that the scripter assumed nobody would ever guess. (Bad idea. I have no scripts like that.)

There ARE scripters around who have lost SOME confidence. And there ARE scripters that feel the need to modify SOME scripts.

NOT because they are among the ones known or admitted to be stolen. But because we can't be sure what has been stolen (unless you are willing to take LL's word for it).

Buster

Yes, true the hackability of scripts is a bit of an issue. However, this exploit wasn't out there for very long, and anyone who tried to use it was perma banned because of all the logging sl does.

Maybe.

If I were this person, though, you would have a lot harder time banning me than just a simple IP and credit card ban.

So you don't really know that for a fact. All you know is that some accounts were banned.

yes, that is a good point. Let's hope that LL has told everyone who's scripts were hacked and carry sensitive information, then.

Actually they don't know all the scripts that were hacked. I was talking to the person that hosted them on the site, and he told me he just put up 2 new ones, so I told a Linden that was online. I also IMed the owner of the scripts and they said that they were just being told that they have been hacked. There are more scripts that were hacked, but he said they were for friends only.

blaze,

You are right, and you are wrong.

You are wrong, in that just because you personally feel something was a non-event does not mean it wasn't. Lots of people were upset, lots of people spent hours and hours scurrying to change code, catch hackers, and work to spread the word and end this.

bottom line - something that tons of people in Second Life is talking about and a bunch of people had to take immediate action on is certainly not a non-event. And behind the scenes, there was and is a lot still going on - just because you're not privvy to all the information doesn't mean there isn't any.

... and ...

You are right, in that it was ultimately a non-event - and by that I mean it was a close call. The reason it was a close call instead of a disaster was because of the fast action by Lindens and residents to contain this and make it clear that any exploitation would result in swift banning and legal action.

Hiro, bugs are the cost of doing business.

Anyone who expects that LL has some kind of god like prowess that not even Microsoft has is clearly missing a few slices in their pizza.

If there never was a security bug - that would have been a problem because people would probably start coding like there never would be a bug and then we'd be all be screwed when it finally turned up.

To be honest, when LL upgrades and screws us by changing something in LSL that is probably a lot more problematic then this particular problem.

Yes, you're right, I'm not the arbiter of objective truth. Did you really think I was?

This thread is tasteless.

Not really, it's an interesting deconstruction of a bug which has lead to mass hysteria and very little else.

I'm not sure I understand you.

This was not a bug. This was a hack - more accurately, a crack. Someone went out of thier way to find a series of improbable combinations that result in an exploit that they proceeded to take advantage of. This is a federal crime.

You just completely ignored my post and continue to hyper-/bump this thread. I'm not sure why. We talked about this a week ago, and the whole thread was finished. There's no need to rehash what was already resolved.

No, but you're sure sounding like you believe you are one.

Ah yes, damn LL for wanting to screw us!
</sarcasm>

One very stringent requirement of LSL changes in patches is that old LSL is not broken. I believe you're mistaken in your assessment.

Blaze, you're starting to sound like He-Who-Shan't-Be-Named.

This was not a non-event for me.

There were two (possibly related) vulnerabilities. The first allowed the attackers to pull objects from unscripted vendors. A non-zero, but untracked amount of merchandise was stolen from me with this method.

The second attack allowed the attackers to view no-mod scripts. Attackers used this to compromise the password that was embedded inside the scripts to authenticate with the Saedaku and Seburo update servers.

I was alerted to this attack as soon as it happened. (The day before the stolen LSL was posted to the web) Within the first hour, approximately L$20k worth of objects was stolen via update server attack, before I turned them off.

If I decide to continue the Seburo/Saedaku projects, this means several days worth of work to create a new update system that is resistant to this style of attack.

I have some experience with having code stolen in SL. There is always a lag time between compromise and new competitive products based on the stolen code. It's usually on the scale of months. The majority of revenue loss comes from people who redistribute the items, rather than re-sell the items.

I think in this attack, I was probably the hardest hit. Around 3000 lines of code from projects I was involved in (11000 lines of code posted in total) were posted.

Loss of revenue is not what angers me most about what happened.

Francis, and understand I say this as your major competitor - this really blows. I wanted to surpass your business by my quality products, not by some jackholes who hacked the client.

Flipper and I are looking at a way to add auto-update feature for any scripted item (financial / bandwidth logistics aside) via SLBoutique. Would you be interested in assisting with this project? Drop me and Flip an email / IM if this tickles your fancy.

Why not just remember the key of the person who bought it and then they can buy it for 'free' everytime an upgrade occurs. Sure, they get an extra copy of the item every few months, but that's not a lot and it's possible the old version won't work very well anyways.

You know, I gotta say Hiro, in the year I've been in SL I've never come across anyone who was using anything you've ever made. Nothing personal.

That's the short term solution that I'm implementing for my Colt 45s.

Consider that there are challenges that prevent this from working 100% of the time:

1. You can't just update them all at once. Flip told me he did this once with his SLB wallets and got an IM from a concerned Linden about asset server usage
2. You have people who leave SL / get banned / etc ... trying to push the updates to them indefinitely is an unscalable waste.
3. Delivery verification

Why exactly do you "gotta say"? To insult me? Question my ability? Thanks, I really appreciate it when people take shots at my ability. I'm not going to dignify it with a defense.

EDIT: It's especially ironic that earlier in the thread you speak about how your scripts are "under the radar" and then criticize someone because you haven't encountered their scripts.

Blaze, 95% of what you post in this forum is melodrama. Not that there's anything inherently wrong with that - you'll notice I avoid most of your threads and let you speak your peace.
However: pot, kettle, hombre. It's amazing to me that you call a federal crime a "non-event" and our reaction to it an overreaction.

Francis,

Very little has been said about this side of what happened - is there any information on how widespread that problem was or who it affected?

Just a gentle reminder to please remain on-topic and refrain from personally attacking those you don't agree with.

lol

Cyrus and I both use his vendos and some of his weapons. Maybe you should get out more. Nothing personal, of course.