No-mod Object = No remove scripts?

Right now, if I have an object that is set to nomod, with scripts inside set to nomod, I can take the scripts out and put then in a new object. Seems harmless - I've done this in Dark Life to get a magic plunger - but it means that if I have multiple scripts in an object I'm selling, which communicate with linked messages, I have to make an extra effort to guard against tampering with internal communications, since the above procedure effectively lets me add scripts to a nomod object. This is a pain in the butt, and I don't really know why we're allowed to modify nomod objects like this in the first place. Any chance of getting unremovable scripts added as a feature?

Hail, fellow content fascist!

/120/ad/36612/1.html

I vote against this. If you want your scripts not to work outside your object, script them to break if they get removed. Also, no-mod "Object" simply refers to the collection of prims, their shapes, and links. Just because your "Object" is no-mod, does not mean that the item it is part of will also be completely no-mod.

Object + Textures + Scripts + Notecards + Contents (Other items?) = "Item"

People are complaining that their objects aren't no-mod. Their objects are, but the items that their objects go to make are not. If I buy a computer and want to take the WindowXP operating system from it and install that on a different computer instead(instead, not in addition to), I ought to be able to. If I buy a car and take the engine out to use on another car, I should be able to. If I buy your object and take the scripts to insert into something else, I should be able to.

Obfuscation is almost impossible to make foolproof, and it slows the script down, possibly considerably, as well as takes up more sim resources. This refers, of course, mostly to snooping scripts...

But its very hard to make a foolproof "remove-and-die" script too. A simple llGetOwner() check isn't going to do it.

I don't understand the point of your rant, since you are telling me to implement myself what you don't want the Lindens to implement. Doing so is not a trivial task, as Reitsuki pointed out. Anyway, my goal is not just to prevent people from taking the scripts out, but to prevent people from taking ALL the scripts out, adding them to a modifiable prim, and then adding their own scripts to snoop on link messages and change the behavior of the object. This would allow cheating in a game where each player owned an object containing player data, for instance.

Of course this isn't the only way to approach the problem - encryption/authentication of link messages is another way, and the way I'm going with right now, but it's increasing my script sizes so I need to split my code into even more scripts requiring more communication... bleh.

I guess the other thread in General is a better place for this discussion now.

You're suggesting a feature in Feature Suggestions, and this is the place for people to put in their input, yea or nay, with reasons why. Without resorting to dictionary.com links, I don't think my post was a rant. I'm against hardcoding what you suggest, because it's already possible to do script-side. Talk to Prong Thetan, he has a very involved in-game-game, and claims that his objects cannot be tampered with. I'll put the same challenge out to you that I put out in the other thread. Try out some of Prong's RPG objects, with communicating scripts. Try to hack them. He claims that he has implemented a simple script-side solution to this problem (I believe it was posted in the other forum that Reitsuki linked). If you are able to remove his scripts, put them into other objects, and use this ability to hack his game, then I'll reverse my opinion and support your suggestion in this forum. I'll come back and say that I was wrong, and your suggestion is a good one.

If, however, you find that you cannot hack his scripts, would you be willing to go speak with him for help on implementing his safeguards into your own scripts, and withdraw your suggestion to lock down items?

I already CAN make my objects 99.9% tamper-proof, if I wanted to.

Like you say, the functionality basicly exists, minus a couple of bits of glitchy behaivor.

However, it's going to impact my scripts reaction speed, and when programing games, this is a Very Bad Thing (TM), as well as requiring more computational power.

So since it already CAN be done, why not simply allow it to be done with a simple click of the mouse, and save a lot of hassle, sim resource consumption, and script-response-time problems?

Honestly, I think the full no mod idea is a good one.

However if its not implemented, just make the object no-copy as well. That way, they can take the script out of it they really want too, but they can only do it once, and then the original object is useless, so they have to buy another one. If it's something your worried about being hacked(like your rpg), make the item transferable, and when they ask for a new one, get their old one first, and if you feel that they have broken the rules so to speak, refuse to sell them a new one.

That works, doesnt it?

Oh, and stick a notecard in the object that states the terms of ownership of that object, and make it so that they can take it out and read it somehow, or give it to them seperatly when they buy the object. That way, they've been warned ahead of time.

Only problem with this that I can think of is people setting up a black market and selling expeirenced 'characters' for your RPG. but hey, this is just my L$0.02

Making no-mod objects unbreakable would put me at ease for distributing items that send sensitive information in link messages. Right now, for certain items, I have to work in a business model where A) the customer is someone I trust deeply or is buying full source, or B) they pay to use the item but it stays owned by me. Not a very likable arrangement. Option C is that I put a logic bomb into my code that causes scripts to either halt or die() the object they are put into, if removed from the one they're in. I like that one even less.

Cory seems to be of a mind that users should have a right to damage or destroy what they buy. That's all well and good but it is hurting the market by making it prohibitively difficult to distribute certain kinds of items. So the alternative is that A) the products don't get distributed or B) we as developers have to play Microsoft. I really don't see how a person's desire to break things overrides the concerns I have discussed here.

Pushing off the work of "protecting" their scripts to the scripters is wrong, pointless, and wasteful.

Obviously it's the permissions system that needs to be adjusted, not worked around using various little hack methods which may or may not work (and waste resources, to boot). Just because scripts happen to have the ability to "protect" themselves (maybe) isn't important.

What guarantees that the methods of protection won't be defeated some day, maybe after a future patch that could easily break the protection, or whatever? Besides, it's a waste of ALOT of people's time. Let LL do it, that's what they're paid for.

Yes, the current permissions system isn't sufficient--fix it. No stupid hacks--just fix it.

Huns, 2 points:

-If Microsoft could sell their software in such a way that it were locked to a specific PC, would they? If yes, does this suggest that SL developers who want to lock down their items from being taken apart are already trying to be like Microsoft? If Microsoft can't do that, why not? Are there legal reasons which grant me the right/ability to transfer my OS or software from one PC to the next?

-I would argue that a person's desire to break things overrides your concerns ONLY in cases where the item has been bought or given; exchanged owners. If I own it, taking it apart should be one of my rights. If a developer wants to retain full permissions/rights over their creations, they should not give them away or sell them. Once they are given away, not only does the creator lose full control over their object, they also lose complete control over how it might be used. This is a staple understanding of economic transactions. The creator may dictate, in broad strokes, how their materials may be licensed, but not how they might be used. I'm assuming that the fact that we can't lock down our objects so strictly was a deliberate choice, not an oversight. Hell, Paul Harvey was talking the other night about a Philippino immigrant who designed the Lunar Rover from scrap parts in junkyards.

Why is it wrong? If they have interests to protect, who else should protect them?

It's not obvious to me that the permissions system is what needs to be changed. I'll admit that it is a topic worthy of debate over where we should draw the line between the rights of a Creator, and the rights of a Purchaser who fairly bought an item. Notice both are in capitols. Once a Creator puts a price on an item, and a Purchaser pays them for it, then the Creator no longer has full rights over their item. I put forth that one right the Purchaser has as the new owner of an item is the right to take it apart, to break it, to find new uses for it if they are able. Possibly to backwards-engineer it, if they can figure out how it works without reading the scripts.

Nothing guarantees that the methods of protection won't be defeated some day. But the pace of development in SL and LSL is such that there will probably have been advances in protection schemes as well, at least equal to the hacking ability of others. And the community spirit of the scripters in SL is such that they will likely share protection schemes freely, rather than license them. I'm confident of their ability to protect their interests with their scripting skills.

Also, how is it a waste of time for scripters to innovate with their products, to find better and more efficient ways of protecting them?

The current permissions system I think works pretty well in regards to objects, but I would strongly be in favor of land permissions changes/improvements.

I vote for No-mod Object == Not able to delete/remove script.

However! I DO want to be able to set whether or not the script is running via the scripts checkbox.

This:

A) Allows those who don't want a script in an object to take effect to them.

B) Keeps the scripts safely in the object.

Can anyone find any holes that would be present with this?

I think both options should be available. There are good reasons to want to protect some scripts, as mentioned by many, such as inter-script communications being snooped. There are also other circumstances in which it makes sense to make the object itself no-mod, but allow the contents to be removed, including scripts, and used elsewhere.

Of course, this would require a new permissions setting, "no-dissassemble" or something, which would be a larger change than just changing the functionality of no-mod.

Unhygenix, as people have pointed out in other discussion threads, there are circumstances in which a consumer buys things in RL and doesn't obtain unlimited rights to what they buy. A good example is the right to make reproductions of an original work of art. Another example is the separate sale of first publication rights and subsequent publication rights of a written piece. And in fact, I have used software which was tied to use only on one specific machine, using a hardware-embedded serial code (this was not on a PC). If you want to draw parallels to RL, include these examples, too. Again, I am not saying that all no-mod objects should forbid removing scripts, but that it should be an option available to the creator. The "market" can then sort out whether it's a commercially viable option.

neko

I absolutly 100% vote for this... it's just rediculous to see the object and the script as two seperate parts
If I'm correct, you can NOT extract OBJECTS from inventory of a no-mod, but you CAN extract a script from it.. but then again you can not put ANYTHING back in. Does that make sense? no!
IS the comparison from RL to SL objects relevant? NO. Have you ever seen a MMORPG in Real life, were you could cheat if you had access to the backpack. ehhh no. It's really normal that games are protected. All MMORPG's do every important thing server-side so you can't cheat. Would it make sense if people who buy WOW get angry because they do not have access to the server??? No because, WOW, like warcraft is a SERVICE you pay for. You shouldn't compare the DL backpack to a PC you buy in real life. IF it were possible to make DL without the backpack, I would do it. You pay 500 L$ to be able to PLAY the game, and not to gain ownership over the code/objects from the game.

oh and about turning the scripts off. fine by me as long as ALL scripts from the objects are turned on and off at the same time. If you could disable only one of many scripts that could make security bugs for games. Also you should not be able to reset a script if the creator don't want you too because that can be used as cheating too.
(for example the loot bags, if you click them they should llDie, but you can prevent that when you pick it up really fast or so. But the script remembers that you already clicked it once, so won't give it again)

and I agree, all options should be optional for the creator

Neko, I'm not arguing for copying abilities. The permissions system as-is prevents me from copying objects that I'm not intended to, so the comparison to RL art reproduction may not be the best one. Also, hardware-embedded code = firmware, which is conceptually and (maybe?) legally distinct from software. Is this what you're talking about? What sort of hardware was it? Would you have been legally liable if you found a way to replace the software/firmware, or found another device to install it on, if another device existed? I have a Linksys WRT router that, if I chose, I could replace firmware on, though this is a factor more of Linksys's open-source code policy for their routers than anything else. If they hadn't made their code open-source, people probably wouldn't have been able to come up with "hacked" firmware versions for the routers. I might have been able to wipe the onboard memory and flash it with SOMEthing else, but it probably woudn't have worked. I'd have broken the machine, because of my ability and choice to try overwriting the firmware with unknown code.

It's wrong because it forces extra work off onto scripters that should be the responsibility of the permissions system itself, and LL's job. Builders and texture creators don't have to worry about this problem, why should scripters? (Note: Myself I could fall into any category, I'm not being biased as a scripter.)



I'm not really sure why there's such opposition to a permissions system upgrade. Try looking at it from this perspective: let's say the permissions system already didn't allow scripts to be taken out of objects. Without saying "allow scripts to be taken out of objects", what other solutions can you think of that will allow you to do some of the things you want to be able to do? Is there no other alternative that makes the majority happy? OR at least give the object's creator the liberty to say "purchasers can/cannot do this to my creation".

Why can't there be two options for the creator to choose:
NO mod - scripts cannot be moved or re-used at all, nothing
No mod with moveable scripts - current

Creators that don't wish to allow derivative works, etc, can prevent them, and those who don't care can allow it. What wrong with that?



Well, I'm looking at this from a software developer's point of view. From this view, it is a waste of time to re-code functionality that is already available, OR to code functionality that should be available as part of your SDK. I think the latter applies here.

Why should scripters be wasting their time trying to figure out ways to "protect" their work, when they could instead be IMPROVING or adding functionality to their work? When you start on a project, all of the "pre-project planning and setup" is just worthless crap that must be done so you can achive the goal you really care about...the project itself. Nobody wants to write script protection code, it's no fun.

This is why I think it should fall on LL, the guys being paid to do the un-fun stuff we don't care about. (Sorry Lindens, I don't hate you as much as it seems.)

I argue that there should not be two options, because given the choice, most Creators would choose to make their scripted items without the possibility to remove the scripts. It's what protects their interests best, because it ensures that any additional functionality comes only as a result of extra payment; perhaps in monetary amounts, or trade, or kindness, or even just having the other person have to ask permission. It's certainly what I would do with my items, if the option were available, because it tends to both reduce competition (objects that I sell which are improved upon and resold for more, or backwards-engineered, or customized) and to ensure future gains for myself; any additional customization would involve payment in money, gratitude or trade.

Secondly, I think that a basic Consumer right of people in SecondLife ought to be the ability to buy a product, but use only part of it; or use it in ways that the seller might not have imagined, to improve on it if they are able, customize it if they wish. I believe that this should be their right, even though I'm assuming that this is by design rather than an oversight; I could be mistaken. I believe they should have that right despite the fact that I'd deny it to them if I had the ability; perhaps I believe they should have that right because I'd deny it to them if I had the chance.

The right of the customer??? I really think that the quality of secondlife is far more important then some philosophical argument about 'rights' that a user should have over it's VIRTUAL properties. I think LindenLab should try to create the best possible environment, and if that means giving developers more rights then they should do it, no matter what philisophical arguments or comparison to RL rights you give.
I hope you do agree that games like simcast/Unreal/Darklife are important for secondlife??? Then at least give developers the possibility to secure their games decently.
People can always check beforehand what permissions an object has and refuse to buy it.
So what's the problem?

I've already encountered some evidence that the Lindens have given some thought to Consumer rights in SL. From the sticky in the building forum, by Phoenix Linden:


I think it's likely that the "Right of disassembly" is another of these rights, that it's by design rather than oversight. If I'm mistaken, and it's just something that the Lindens haven't thought of yet, I'd like to ask them:

LINDENS: Please include "Right to disassemble/recombine" among our fair use rights as Consumers in SecondLife. Please continue to allow, and state explicitly, that Consumers in SecondLife have the right to take apart items that they own, to remove scripts, objects, textures, notecards from the contents of their objects, regardless of the set permissions on the object. Please allow us to use our items in ways that the Creators might not have anticipated or intended, and be limited only by the individual permissions setting on each of the items' components (objects, textures, scripts, notecards), and by the TOS/CS.


I do agree that games-within-game like Simcast and Darklife are important to SecondLife, but no more so than the Clothiers, Airplane designers, people who just generally hang out, or animation creators.

I think it's been discussed before; script designers already have adequate means to defend their multi-part scripts from hacking, and should already be doing so. Mark, I'll issue you the same challenge that I've issued twice before in this debate: Prong Thetan and the Simcast crew claim to have a fool-proof way of protecting their game-system. I believe they even published code to illustrate how it works. If you are able to hack their system by ripping scripts out of the objects that you bought from them, then I'll retract my opinions in this thread and instead support your side of the debate. If your hack does not involve ripping scripts from your objects, though, or if you are unable to hack their system, will you instead back off of your request for permissions changes, and ask their crew for help with similiarly foolproofing your system? I'm willing to change my opinion, if you can prove that your concerns are valid. If you are unable to prove them valid, are you willing to change your opinion?

Also, if you are developing a game-within-a-game, are you already putting systems in place to look out for suspicious behavior? Are you accounting for the possiblity that someone might have hacked your game in a manner that you haven't anticipated? If you are being responsible by doing this, then you should be able to easily identify who, when, how. If this is a violation of the TOS, then the Lindens will punish them appropriately. Even if you get what you're asking for, and object contents could be locked down, it still doesn't preclude the possibility of someone hacking your system, and you should still be on the lookout for suspect activity. Why punish all Consumers in SL, in order to protect a rather specific potential for abuse? If abused, let the person be reported when they do it, and be disciplined appropriately.

Most my scripts effect the object in such a way that if you stuck them in something else they wouldn't do anything of use. I mean you would have to have the same number of objects linked, know the link order (guess thats not hard to figure out though). Know what I named everything. If someone went through all that to use my script in something else, I say let them.

That's fine for normal objects, but game objects are not. As I said before, it doesn't matter if people cheat in single player games. But if you cheat in a multiplayer game it ruines the game for other people! And those other people have payed money and EXPECT a secured game where you can't disassemble the game-objects!

If you really are so inclined about your 'rights' (you probably play too much SL and confuse it with real life where rights actually matter) it's ok that people who intent to buy an object which does NOT have disassembly permissions get some kind of big warning about it, but just give the oppertunity to secure items if we want to!!! I don't FORCE anyone to buy my stuff, and I really really don't mind letting everyone know that darklife items may/can not be disassembled... if you don't like that then you're free to fly your re-assembled airplane back to that sexclub you came from....

Actually it is pretty common to have software locked to one particular machine, at least in the high level enterprise realm. As in if the serial number of the CPU doesnt match, it doesn't run.

Perhaps we shouldn't change no-mod itself but add a "Strict nomod" permission where stuff cant be added / removed.

Something does have to be done, however. And the whole concept of "99.9% security is fallacious. If there is a known design flaw that only affects 0.01 percent of cases, you can believe that someone will find it and it will get around. In a short short time, 99.9% turns into 0%. All it takes is one hole.

There are only so many ways to protect scritps via software. Most are trivial to exploit. The most common method consists of finding an object created by the script creator (or appropriate creator) that is in fact moddable. All it takes is one plywood cube. Then use that as a base to create a geometrically identical object as the script you are going to "hack". Slip a couple of listener scripts in and check out the link messages. Various ways to "protect" against this sort of thing are changed events for inventory (so do all the prep work in a "no script" area: if the script isnt running, it dosnt know you are monkeying around with contents). Also, scripts can check to see if the proper number & name of items are in inventory, if the proper color is set on a specific face, if a specific texture is on a specific face (perhaps an obscure small cut on the prim). Etc, ad nauseum. All you have to do is fool the script into thinking it is operating in its "home" environment. Encryption is another method, and probably the best since it raises the complexity of reverse engineering by at least an order of magnitude and most likely many orders. The major drawback there,as has been mentioned by others, is that now you have to embed a complex library in every script .. which gives less "room" for functionality.

It simply does not make sense NOT to have a "Strict NoMod" permission setting.

My opinion as always,
Antagonistic Protagonist

I agree with Reitsuki's statement - the tools exist to make things tamper-proof, but they come with the cost of worse performance. LSL is already slow enough, to further encumber it with encryption/challenge/response puzzles is unacceptable for many applications.

Although, I think it would be acceptable to allow people to turn off/delete scripts as they see fit. As an example I keep hearing is that you buy an object because it's a nice model, but they come with an irritating/buggy/laggy scripts.

The only argument I can find against the ability-to-delete-scripts is they make try-on/evaluation versions of many products impossible to implement. To take a tangent here, I'm told that over There, you can actually lend an object (such as a car) to someone else without losing your right of ownership. The owner can recall their car at any time. Then we can have our cake and eat it too