client source opened - sky falling?

The Lindens have given absolutely no indication of this whatsoever, at least in the forseeable future, that I have ever read. Can you provide any kind of backup to this assertion, or are you pulling it out of your ass?

We don't (yet) plan to release the code that runs our simulators or other server code ("the grid". We're keeping an open mind about the possibility of opening more of Second Life; the level of success we have with open sourcing our viewer will direct the speed and extent of further moves in this arena.

I'd like to see a client that moves away from OpenGL and is more integrated to work in a Direct3D based environment.

Let Radeon users have fun too. ;D

If content theft wasn't trivially easy enough already, I think this puts the final nail in the coffin for a content creation based economy, but hey, at least we'll have 4000 different UI's to choose from! If anyone needs me I'll be out in the yard digging a bomb shelter.

let the hacking begin :/

CopyBot was actually a net positive because it led to holes being closed.

Well, if it's trivial already, releasing the source can't really make it any easier, can it?

My most immediate concern is that, from a rational point of view, unless there's been some feature changes or protocol cleverness that I'm not aware of, CopyBotII is probably only a couple of days away (presuming the existance of a suitably capable and motivated programmer).

Additionally, I'm quite concerned that there will be "omg greiftoolz!" builds of SL (client-rez-based abuse is something that springs to mind); and - more importantly - that such builds will most likely be backdoored to secretly leak the user's login details to their creator. (Or just quietly drain the L$ balances of their users. Or give their valuable Inventory stuff away. Or sell their land for $L1 to their creator. &c &c).

My question to the assembled forum masses is simply: Are we boned?

Has some careless Linden found the Sky prims, unlinked them and set them Physical?

I know that the opening of source will set up for a huge range of awesome and creative opportunities, but I'm also pretty concerned about the potential/probability of Bad Things coming along too. Put your "evil git" hats on and invent some plausible bad-use situations

I don't remember any holes being closed due to Copybot. Could you be more specific?

coco

However, as Cory Linden put it at the last SL Views meeting, "Who are you gonna download your Second Life client from, secondlife.com, or Bob's Porn Shack?" It's just like Firefox or GIMP or any other open source program. Download it from some mysterious 3rd party, and you're asking for trouble, but download it from a reputable source, and you've got nothing to worry about.

We all knew these kinds of "is the sky falling" questions would be raised as soon as the open source plan would be made public. That's why Linden Lab spent money to bring a selection of residents to San Francisco to brainstorm about this ad nauseum. We talked about every conceivable angle from which this could be seen, and try as we did, we couldn't come up with any possible way the negatives could come anywhere close to outweighing the positives on this.

http://secondlife.com/developers/opensource/faq

What source code won't you be releasing
We don't (yet) plan to release the code that runs our simulators or other server code ("the grid". We're keeping an open mind about the possibility of opening more of Second Life; the level of success we have with open sourcing our viewer will direct the speed and extent of further moves in this arena.
There are limited portions of viewer code we've licensed from third parties that also will not be released. We believe we can eliminate proprietary dependencies in the viewer code, either through relicensing or replacement, and are working toward that end.
---------------------------------------------------------


Jacques Groshomme – I hope that answers your comments about my sources, please note I take no offence from your comment about my ass – I can appreciate rapid change can cause stress
I hope you know accept my point about potential much higher mainland and Linden dollar values, major corporates (such as the gaming companies) hosting servers, and potential Island prices being lower. Just a personal view but you have to try to plan ahead

Regards
John

* Expect the Server software to follow suit, but probably not immediately. Keep in mind, running second life servers will never be as cheap as running a web server. The bandwidth is much higher, and you HAVE to have a dedicated server for it. Instant $99 minimum a month, if you get the worst/cheapest server you can find.

If you open the client, don't you necessarily open the protocol thus making creation of a de novo server exceedingly easy? Not that this would be a bad thing for the "residents" but a really bad thing for LL; especially as the server doesn't do all that much and could do what it does much better with a better design.

Good for the community, not so good for LL.

Additionally, I'm quite concerned that there will be "omg greiftoolz!" builds of SL (client-rez-based abuse is something that springs to mind); and - more importantly - that such builds will most likely be backdoored to secretly leak the user's login details to their creator. (Or just quietly drain the L$ balances of their users. Or give their valuable Inventory stuff away. Or sell their land for $L1 to their creator. &c &c).

You're right. All that stuff will happen.

However, as Cory Linden put it at the last SL Views meeting, "Who are you gonna download your Second Life client from, secondlife.com, or Bob's Porn Shack?" It's just like Firefox or GIMP or any other open source program. Download it from some mysterious 3rd party, and you're asking for trouble, but download it from a reputable source, and you've got nothing to worry about.

If you open the client, don't you necessarily open the protocol thus making creation of a de novo server exceedingly easy? Not that this would be a bad thing for the "residents" but a really bad thing for LL; especially as the server doesn't do all that much and could do what it does much better with a better design.

Good for the community, not so good for LL.

The server doesn't do much. It only makes everything work.

The "bad guys" so many people are afraid of here cannot win. They can do damage, they can cause considerable short-term consternation, but they cannot win in the long run.

This is the part that confuses me. If someone does build a griefer tool whether or not I downloaded the client from them, can`t they still 'take advantage' of me?

But didn't Lindens clean up a server-side permissions flaw relating to texture UUID use? Wasn't that one of the fixes in a rushed out patch? Granted, I may have been dreaming when I think I read this and may be mistaken. (I wasn't paying that closely attention at the time since I don't depend on content creation.)

But regardless, I stand by the opinion that the attention CopyBot brought to the general public helped underscore the need to responsibly open the client completely for the exact reasons Chosen Few much more eloquently explained above.

Okay, first of all, I can assure you the sky is most definitely NOT falling. It's nice to be able to finally talk about this openly. I've been involved in LL's open sourcing discussions for a while now, under NDA.

I know a lot about this, so let me address some of your concerns.


You may be right about that, but the reality is it was ALWAYS just a few days away anyway. Copybot works simply by capturing the data that you have to receive in order to view SL in the first place. Anyone who wanted to exploit that data was always able to do so, and always will be. There's absolutely no way around that.

The difference between what was happening before and what can happen now though is that before, the ONLY people who were looking for exploits were the kind of people who have no problem breaking rules and breaking agreements. Most people who are willing to break one rule or agreement are perfectly willing to break others, including the one about not stealing.

Now, the rules are different. Anyone who wants to look at some of the source code (and I emphasize SOME because the sensitive core components of SL are still closed, and always will be) can do so with Linden Lab's blessing. It's no longer anything that has to be done in secret. If someone finds an exploit, they can report, and see that it gets fixed.

In other words, both the goodguys and the badguys are now equally armed. This is huge.


You're right. All that stuff will happen.

However, as Cory Linden put it at the last SL Views meeting, "Who are you gonna download your Second Life client from, secondlife.com, or Bob's Porn Shack?" It's just like Firefox or GIMP or any other open source program. Download it from some mysterious 3rd party, and you're asking for trouble, but download it from a reputable source, and you've got nothing to worry about.





Not at all. We're all going to be much better off. Think about all the little annoyances that you currently hate about SL, like the inefficient building tools, lack of certain desired features, bugs, etc. Now imagine you can just go in and add or change these things to your liking (assuming you're good at programming, that is). The cost/benefit factor on this one is insanely high on the benefit, and very low on the cost. The potential is amazing.



Again, not at all. This is what Linden Lab was always intending to do from day one. Think about from this perspective. The world of SL is user-created, right? LL simply sets a few universal ground rules, like we always have land beneath our feet, and sky over our head, stuff like that, but the rest is up to us. Everything SL is today is 100% because of us, the users.

Doesn't it therefore follow that the next logical step is to also allow us to create the means by which we view and interface that world which we created? The same ground rules will still be there. LL will always dictate how the world itself works. All that's changed is that we now have tremendously more freedom to determine what we do within it, and how we use it. Again, the potential is simply amazing.


I hear you, believe me. In the beginning, I was a wellspring of potential negatives in the discussions about this. The more the discussions went on though, the more I started to see the light.

The cold hard truth is all the bad stuff is happening anyway. It always has been, and it always will be. The potential for exploitation is an inherent function of the system (and all systems). Open sourcing the viewer does not change that in any way. The difference now, as I said in the beginning of this post, is that now the goodguys get to carry just as many guns as the badguys.

We all knew these kinds of "is the sky falling" questions would be raised as soon as the open source plan would be made public. That's why Linden Lab spent money to bring a selection of residents to San Francisco to brainstorm about this ad nauseum. We talked about every conceivable angle from which this could be seen, and try as we did, we couldn't come up with any possible way the negatives could come anywhere close to outweighing the positives on this.

To summarize, will the badguys be better armed now? Yes, absolutely, but so will the goodguys, who before now were not armed at all.

For a good comparison, think about the turnaround time between when an exploit is found and when it is fixed in Firefox vs. Internet Explorer. IE, as a closed source application with only a few hired goodguys working on it, takes months or even years to get its holes patched. Firefox, as an open source app with the entire world's population able to work on it, gets fixed almost instantly by comparison.

The same can now be true for SL, and all I can say is it's about time. Again, this was always what LL had in mind from the day SL was conceived. It's the best possible plan for the future of Second Life. This is a great day.

If somebody releases their own flavor of client application that, let's say, sends your usename and password to them or slowly sends your L$ balance to them, then only people who downloaded and use that particular hacked client application will be affected.