Kill the SL open source project

When I had seen a while back that SL was going to make the client open source I knew that was going to spell trouble. In fact, I am surprised we have no seen more trouble other then land bots so far. I can understand why SL wanted to do what they did being the fact that they are so under staffed I am sure the thought behind it was let the communities find things that we just don't have the time or staffing to find. And thats fine to a point, however anytime something goes open source your opening up a can of worms. Don't get me wrong, sometimes with certain software it pays off to have it as open source but Second Life is not one of those things.

Lets face it, SL has a ton of issues as is and this is the last thing they should have done in my opinion to try and give some of their issues a "quick fix". Some very nasty things can come from this open source project and I won't even start to name a lot of what can happen to give script kiddies ideas but the most common I could see and trust me it will happen is this....

Somebody is going to take the client, keylog the hell out of it and then release it to the public claiming it can do things that a normal client can not do. And guess what.... 20% of the SL people will run out, download it and install it and won't be able to wait to type in their user name and password. Say good bye inventory, say good bye Lindens and god knows what else. And by the time people figure it out, its waaaaaayyyyyy too late.

This is just one scenario off the top of my head. There are many many many more. Don't think it won't happen. Things like this have hit companies like Yahoo hard with their Yahoo chat.

There are too many people out there in this day and age, mostly kids that need attention and this is their way of attempting to get it. I hardly trust having my credit card information on SL now but since they went open source with the client... YIKES.

Now I know what your asking yourself. Well its only the client. True... However the client is a blue print to how everything exactly talks to the SL servers and such. I don't need blue prints like that going in the hands of script kiddies.

Example A: Landbots.

Not saying these were designed to take land from people who might do a mistake in their selling setup but the fact of the matter is thats what its starting to be used for. Look at copybot. That was never intended for what it ended up being used for in the end and that was before open source even.

My conclusion... I think SL needs to terminate the open source project ASAP. As they release updates the code will change and it will make things hard once again for people who make such things as land bots and such.

What do you think?

I think the percentage is much lower than 20%, but yep, I agree that this will happen. It's only a matter of time. If someone came out with a freely-available landbot tomorrow, I imagine there would be plenty of people who would download it and run it without having any idea of what else the client might do with their password. (Most people won't download anything for any reason unless SL refuses to let them in unless they do.)

But I'm still in favor of the open source client.

The answer to malware is for people not to use third-party clients unless they trust the source or can understand the source code for themselves.

In the meantime, while we have not (as far as I know) had any real destructive malware, the wider community has identified and fixed numerous bugs in the client. Yay.

You may be right, I may be aiming high there but I based it on the fact that SL has so many new signups all the time and most of these people do not have a clue what they are doing when they first start. And people get excited when they think they have found the all mighty...

"GOD MODE" in something. All it takes if for a script kiddie to claim they have found it and you can have it to by using their so called client.

Again let me stress... I think SL's heart was and is in the right place for why they did this but I think sometimes they don't think things out first before they do things. Need I reflect on how bad alot of the past patches have gone.

And to thoose who have used the open source to help us all as a whole, I do say thank you. Its not thoose people I am worried about.

This is a very good point!. Although it would be very risky for a hacker to try to transfer somebodies L$ to their own account. They would have to be very quick to sell the L$ on ebay before LL closed their account.

I predict that Linden Lab are eventually going to force people to register their details in order for their avatar to have the ability to receive L$. Not just to prevent hackers, but also to prevent money laundering, gambling etc.

I agree 2K. Its getting sticky and they are not going to have a choice. Right now account signup is too easy. And your right some of the actions they may take would need to be fast but I don't think most of them are thinking about that when they release stuff like that. Its more of a attention thing then anything.

While I agree with most of what you are saying, Open Source seems to have been a major goal of LL since the beginning. The Lindens have said this often, and so somewhere in their business plan it is pivitol to THEIR goals.

I've said it before, I'll say it again. SL is a product in the mind of LL. They are not here to create a safe, fun community for people to enjoy themselves in. They are here to make money, and they have decided that Open Sourcing makes them more money in the long run.

How, don't ask me. I have some ideas but as I am not privy to LL's inner workings, I can't say with any reasonable certainty.

Then 20% of SL's population are idiots and deserve to get their passwords ganked. It's a sad thing, but we all need to be somewhat paranoid in the way we deal with things on the internet.

However, the indiscretions of a few shouldn't ruin the fun for the rest of the community. Aren't there people out there doing worthwhile things with the client source? Bug fixing? Adding new, useful features? Optimizing the graphics engine? Anything?

It means that they don't have to hire more programmers to fix the bugs. Free labor. Well that's probably the plan.

In the past, I imagine they've hired programmers that have turned out to be totally useless. Now that it's open source, they can wait for residents to figure the client out and then hire the ones that have the best record for squishing the bugs.

Links to what bugs were fixed by the community? And whether they're on the level of fixing a misspelled word or anything actually worthwhile?

Campbot (in various forms), landbot, searchbot, etc. The only thing people seem to use the open-source for (whether it's the official viewer or libSecondLife) is personal monetary gains. Hardly commendable, or the great wonderful things all the open source apologists said would come from it.

Open Source hasn't introduced any new avenues for malicious behavior than existed before, in the form of libSL or any other attempt to hack the viewer. It made it a little easier - okay, aLOT easier - to hack together a "Landbot" client, but these thing still could have been done using libSL.

As for keylogging clients and the like, well.. to paraphrase Cory, "Who are you going to download your viewer from? Linden Lab's official website, or Joe's Porn Shop?" When the project gets into full swing, it will still be managed by Linden Lab. It will still have to have the blessing of their internal QA folks, and ultimately Joshua before it is released to the public. If some fool wants to take his chances and build a back-door ridden client, and some other fool wants to take his chances, and download/install/use it, well.. sorry, no sympathy from me. I wouldn't use such a client any sooner than I'd use "Joe's New and Improved Personal Online Banking Interface" to access my RL bank accounts.

This will not end well. Folks have entrenched positions on this. Basically it is the technically minded versus the non-technically minded folk. This has also been argued many times before.

First of all the linden dollar/ebay issue. Not even sure this relates to open source, but if you buy lindens on ebay, they will be passed to you in game and so the lindens have a trace on who the perpetrators are. So let us put that one aside.

When we talk SL, we are talking server/client.

The server is where it all happens. All the scripts run only on servers. All data, information and calculations are on the servers. The code to the servers is definitely not open sourced. Not yet, anyway. All important events happen on the server.

The client is for getting inputs from the user and displaying the results in 2d and 3d. The only scripts that can reach your client are your own. The client is under developed and still suffers many bugs.

Copying intellectual information has always been possible through tcp intercept programs, screen dumps, and just pencil and paper copying, the former able to provide high quality. Rogue Open source will make that easier, but we only talking a matter of degree here. Even if the worst happens, ppl have to set copies for sale for extended periods to make any money out of it and then they have to get the money out somehow, both activities that will expose them to scrutiny and drma actions. That sky has been falling for a couple of years, but I still see plenty of good things for sale and guys/girls talking about making good profits.

When you look at the internet generally, you will see increasing use of intelligent servers using java and php, becoming more impervious to attacks and providing increasingly useful services. Firefox, based on open source code, is increasing its market share and gaining a reputation of reliability and good security. I believe this is the model LL are striving for.

Land bots don't concern me at all, even if I was selling and buying land. All they have done is reduced the danger period of selling a parcel to anyone for $1 from 20 seconds to 5 seconds. That needs fixing either way.

So go ahead and again predict the sky is going to fall down. I'll be busy with my scripts and building.

https://jira.secondlife.com/secure/IssueNavigator.jspa?mode=hide&requestId=10035

There are a number of folks earnestly trying to contribute to the Open Source project in a way that positively benefits the overall community. Yes there are campbots, landbots, searchbots, oh my, but that is far from the only thing people are doing with the software.

That right there is what takes all these companies into trouble. History repeats itself and the hackers shake their heads saying "When will they learn"

I cant help but feel that the open source is just causeing too much greed in this world and it might be one reason out of 1,000 why LL wont even respond to our messages... I've already seen people try to get other people banned by accuseing them of useing that stupid copybot crap! And firstland is a thing of the past if you ask me..... I cant even get my first land without haveing to spend over 2,000 on a chunk of 512 land....


So sorry if you hate me, but I vote on just destorying the project. Dont care what anyone else says. I just hate the fact that it's causeing more harm then good.

It's kinda too late to close the open source project. You do know that once a the code for a program is leaked or given out, it is from that day foreword, Open source rather the creator likes it or not right? I think LL is powerless to stop this.

Don't worry. We still love you.

I beg to differ. Read up about shoopedlife sometime... I've not seen anything positive out of this except for OpenSim which is soon to be stopped by LL becuase it takes their job away from them.

TO be honest, the only reason i dont like the project is because nobody will teach me about scripting ;p

hehe. as i told you just now on yahoo, i learned all i know by myself. ;p When i started SL it took me only a week to learn the basics of scripting, building, texturing, and animations. I grabbed all the freebie stuff i could find and studied them inside a club "thats why i don't dance, I'm busy with my nose in a book XD". Once in a while you can find classes in the events, if your willing to sort through the hundreds of spam events.

If they wanted to badly enough, they could close the source, make some radical change to the client-server protocol and put the genie back in the bottle.

I don't think it likely if for no other reason than bad PR.

I don't see anything earth shattering, or worthwhile there.

Baby steps. The project is only a couple months old, and isn't yet organized such that open source contributors participate directly in the development pipeline. When that process starts, expect a festival of bug fixes.

Where'd you get *that* idea? On this News.com page, Cory Ondrejka said:He's been quoted elsewhere as saying that the only viable long-term future for Second Life - in order for it to become ubiquitous - is an open source model (I read it yesterday, can't seem to find a linky today). And I tend to agree with him 100%. You cannot create a full-scale, ubiquitous, 3D metaverse without open standards, and you cannot have open standards on a closed source model.

Hmm... Could use some linkies here, because everything that I've found so far via Google is completely unimpressive and was already possible using a custom proxy capable of packet injection and modification (libsl has this) and the official client.