Aaah, Brave New World......

Linden Lab would have to roll back its 'even your cat can sign up' policy to become more secure. As to the FBI investigating grid attacks in Second Life? With LL's type of limber security I think Bob Mueller to date has only allowed Phil Rosedale to send him an abuse report) If the FBI had been involved in investigating this and previous hackings of Second Life, I'm sure we'd all have seen a pic of an avi perpwalk on the main SL site...covered by ZDnet mag etc !

I think the only reason LL implemented this lax signup policy was to quickly swell its ranks. High body counts in SL mean *possibly* more money as people switch to paying accounts or buy Lindens. But, at this point, the *growing* cult of the grid attack may have them rethinking this policy.

But real life business entities currently arriving in Second Life need a bit more stabilty. So, LindenLab is suggesting placing another label on customers: 'Trusted' and 'Not Trusted' (ie, smarter than the techs at Linden Lab). This to allow the dullER sorts to toy with LSL, the highER IQ sorts to stay away from it. LOL Sad, but true. It may work. But the next generation of scripters would truly be a lackluster bunch.

It's much easier to break off a tree limb and use it as a club to smash things, than to invent secure methods to keep such primitive brutes from doing any harm, without taking away all potential clubs and bereft innocent pedestriants of their walking sticks. Once you have the laws concerning wooden clubs figured out, they'll just use lead pipes. But in any case, they certainly don't belong to the higher IQ group of LSL programmers.

I think that thuggery should be stopped at all costs. ANY costs. Let's hang LL high now! Cough.

Point being that yes, LL will be able to use their positional power to take away the 'trusted' label from the people may feel may be on the malcontent side of the tracks. *Especially* the genii who have them looking over their paranoid shoulders at the moment.

Are all brilliant people evil. No. Are all evil people brilliant. No. Are some brilliant ones, evil. Ubetcha. ETC. One of the best books on recognizing logical fallacies ever written was by the authors James and Dickey. Wonderful book. Read it sometime

I don't think anyone's "trusted" label would be removed without a good reason. The whole purpose of those labels is to do what the account registration no longer does - connecting otherwise anonymous scripters to an RL identity. The system will change SL a little bit back to older times; one does harm, one is tracked down and can effectively be banned. Without the option to be back again in 5 minutes. I really appreciate that, although I'd like the old credit card / paypal verification much better, since it would solve additional problems (like minors on the adult grid).

As for the evil genius - I think that one's just a myth. Usually mediocre or inferior talents start to grief because they can't do anything better. They lack the knowledge and the creativity to produce something useful and genuine; causing harm is the only way they know to draw some attention and get their appreciation in form of enraged outcries. Don't you think they'd rather try and make some money in SL if they had the talent to contribute useful scripted wares (or were old enough to get a paypal account)?

And in their mediocrity have bred a long list of justified complaints. There is such a thing as punishing excellence, but I don't think the majority of outcries about poor service and product re: SL do that. Sure, there's a list of ornery folk with no talent and a modicum of jealousy. But many of them may perhaps be the lackey types at Linden Lab

For the most part, I think that the folks who use Second Life are fair. And would like to be treated in a fair manner. The multiple, frequent and universal outcries(check so many of the forum posts during the last few days) are more than justified. Some of the posts have come from some of the most productive talents in this metaverse. It was sad to see the 'who's who' names of artistry and scripting posting vigorous complaints. They've given so much to this venue.

To describe the honest complaints, some well stated, some pushed to the point of the histrionic, about poor service, as an untoward way to get attention is to trivialize the efforts and the worth of many of these people.

I have found that most Linden Lab apologists are sincere, however. A sort of simian sparring for the title of the next minimum wage liason, perhaps. But they seem fairly rabid in their defense of the company. And no amount of logic will change their mind.

Seems we're completely talking at cross-purposes.



Of course they were justified. Many cried for an end of non-trackable unverified accounts and I did so too. At least for them not being allowed to script. LL tries to realize the latter now, and I'm glad they do. Isn't that what we all wanted? Only verified accounts (payment info as one possible way to become "trusted" being allowed to script?



I never said that. I was talking about griefers (i.e. grid attackers) all the time. You write in your first post that the new trusted account system allows LL to keep the higher IQ sort away from LSL. Whom do you mean? The countless newbies who access the game without real age verification or payment information, among them the alts of griefers? Anyone else won't stay "untrusted". What possible reason could LL have to restrict the scripting possibilities of known, verified and paying residents?

Add to that all your talk about evil genii, and no one would possibly assume (well, not me at least) that you're talking of anyone else than grid terrorists.



I don't see many logic in this thread so far, seems rather slightly paranoid to me. Sorry. I mean, "Linden Lab apologists" - I as a resident state my opinion here, and for once I'm content that we get at least a semi-solution, to keep every anonymous John Doe from using potentially harmful LSL commands. I'm much less content with many other things, like allowing anonymous account signup in the first place, providing no real age verification system for an adult community or ruining people's existing work with currently overdone anti-grief measures. But do I have to sincerely loathe the company I signed up with, in order to become a fully initiated SL community member instead of an "apologist"? Or is it allowed to say one appreciates some of the planned changes?

But I'd say most ppl don't hate/loathe LL. They do, however, wish better service, product.
That simple. But perhaps not that easy

Don't give the crasher script-kiddies so much credit. These crashers are not, by any streach of the imagination, "Brilliant", "Geniuses" or otherwise above average in intelligence. A chimpanzee with a box of matches can be just as destructive. They are about as 'brilliant' as a child who accepts a grenade with the pin already pulled from a terrorist, and walks up to a soldier and allows it to blow them both to hell.

These crashers are thugs, not geniuses. They are as pathetic as some street punk who tries to show how powerful he is by taking the lunch money from a blind kid in a wheelchair. SL's security is so patheticly weak, it's servers so readily vulnerable to simple LSL attacks, that no truly intelligent coder would find it a challenge or even interesting to crash the SL grid. That these script-kiddies find it so much a worthwhile use of their time is proof of just how patheticly lame and incompetent they really are.

The mindless rush to a million accounts, and damn the consequences, is killing Second Life. And the sad thing is that no one at the helm in Linden Lab seems to give a damn about the anguish that it is causing for the majority of decent folk who would like to be enjoying the positive potential that SL offers.

SL needs to make the Real Life person who owns each and every account personally accountable for their actions. The ONLY way to do that is to deny access to any person who will not provide verified proof of identity. NOT some stupid credit card! NOT "did they pay us money or not?". But rather requiring each person to provide a postal address and/or e-mail address that WORKS, and some acceptable standard of proof that LL knows who the person is on the other end of the keyboard, and can track them down if needed. Only then can they actually punish people for misbehaving on the grid. Only then can they keep the children off the adult grid. The main grid must NOT have any accounts that LL does not KNOW who the real life account owner is! If Linden Lab can't figure out how to ensure that, then they need to hire a third-party company that can.

There is only one viable form of "Trusted Account". Someone who has provided verified ID that can really be traced back to the real life person who provided it. Payment info has nothing to do with it. If they can, in a reasonable period of time, provide valid ID and become 'trusted', they can play in SL. If not, then show them the damned door, and cancel their account.

If LL wants to offer an insecure, free trial area, a place where someone can anonymously sample SL and see if they like it, then that MUST be a seperate grid. Period. And what happens on that grid is 100% isolated from the main grid - absolutely NO contact between them. No asset transfers, no cash transfers, no messages, NOTHING. And absolutely no way for accounts from the trial grid to be migrated to the main grid, or vice versa. If they like what SL can offer, then they must provide identifying information and create a new account on the main grid.

They have also GOT to improve the security and stability of the grid itself. The fact that a six-line LSL script can crash the grid speaks VERY loudly. They need to spend far more effort to ensure that the tools used to make good things can not readily be used to destroy everything. But the answer does not lie solely in making every script command idiot-proof. Making a gun can hurt people, but there are perfectly legitimate uses for a gun. SO we return to the issue of ACCOUNTABILITY. If you abuse an allowed scripting method and use it to cause trouble, you must be held accountable, and it must be possible to punish you by suspending or removing your access.

Linden Lab wants Fortune 500 companies and other RL businesses to look on SL favorably as a place to do business. They want investors to take them seriously as a good investment. But WHO in their right mind would make a business decision to invest their corporation's time, resources and reputation in an insecure environment that a ten year old script-kiddie can crash daily? WAKE UP LL!

I agree with Ceera. Accountability to access the grid is the reasonable thing.

coco

I totally agree with Ceera too. The old account registration would be the best and easiest way, but if we can't get that back the trusted status is the next best thing.

When paid signups were required grid attacks were rare, almost unheard of.

When free signups were introduced griefing and grid attacks increased.

With unrestricted signups - continual griefing and constant grid attacks.

Apply Occam's Razor...

Preferably to Philips throat!

Well, no, that's entirely too nice a throat. I can think of other things I'd like to apply to it, though . . .

coco

Nope.

There's too many ways to grief without even using scripted objects, let alone scripting. To turn "unverified" accounts into "safe" ones would (and, if they decide to "fix" this through technical means will) end up with unverified accounts being so limited they might as well not exist. Better simply to have accountability right from the start.

And it'll attract the kind of bored asshole who sees taking on this kind of arms-race as part of the fun.

We saw this in Usenet, where all you can do is post messages. The "griefers" have all kinds of names, but their basic goal was to figure out ways of disrupting conversation within the technical limits of the net. They were never beaten, the only reason Usenet has become useful again is because the Internet has provided so many more interesting playgrounds for these jerks. Playgrounds like Second Life.

The best solution that was found to work in Usenet at the peak of the problem... with people showing up with one ID after another at freenix (free UNIX) sites, or at big providers where creating a new alias was effectively free (just like on SL now)... was to establish a minimal level of accountability, setting up subsets of Usenet where sites had to agree to control their users to participate. SL has to bring back accountability or it will simply get worse and worse no matter what technical solutions they develop.

Even such a little thing as a small cost will bring it under control. Sites where you had to pay ten bucks for an account but who blocked bad actors from Usenet so they had to sink another ten bucks for each new alias, they weren't a problem... but when AOL joined up the effect on Usenet was enormous.

In the newsgroup I currently participate in, we never really had a problem with anonymous post servers due to my intelect and a quick email to the provider saying "Please remove our newsgroup from your list, we do not allow anonymous posting anymore due to instances such as this."
And after about two months, the problem was solved.
Now what we get are the trolls with actual info, which I then report as abuse to the provider.
Used to write a message, now it's just Subject: "Usenet Abuse" Body: "Please ban this user. Innapropriate content for publicly accesable newsgroup." and a copy of the message (headers included).

THAT'S the kind of power we need with griefers in SL. No anonymous accounts.