client source opened - sky falling?

You are comfortable with this, it seems to me, because the worth and security and quality of open source has been debated for decades and it's something all professional developers have had to come to terms with very early in their careers.

Even among long-term professional developers it's risks to commercial development is still a hotly contested topic, but it's hard to deny that Open Source has largely succeeded in producing high quality and secure products.

For many in SL, only now have they been directly face to face with Open Source and how it might affect them, and that is a scary thing at first.

Time will tell, but I believe that this is good for SL's long term future and will benefit us all.

Prior to opensourcing, if somebody stumbled upon a bug then wrote an exploit and didn't announce it to the world, chances are that hole would remain open and continually in use.

Now, the chances are tipped into the favor of the "good guys" who are bound to notice the flaw and take measures to correct it if possible on the clientside, or notify Lindens of the serverside vulnerability.

Also, remember. This is just the clientside code. Very similar to whats been available via libSL. There's likely very little that hasn't been tested.

You may not be a "biggie", but you have brand recognition and customers that trust you, who feel that you have a quality product.

I wish you the best, and I hope you will forgive me for being optimistic and believing that you have proven that you could grab that window of opportunity once and so may do so again I guess I just prefer to think that the "intangibles" like hard work and brand recognition and networking and all of the other things you and others have built up mean something

You're right, you can't. If someone finds a hole and builds a private client to exploit it and distributes that among his friends and no one else knows about it, there's nothing you can do about it.

But here's why open-sourcing the client helps that. For the sake of argument, let's trust in the average goodness of humanity Without the source code being available, it would take a dedicated person to reverse engineer the protocol and find the holes. Now, it's much easier to find the exploits. But, you'll also have 10 "good" programmers for every 1 "bad" programmer who are also looking for those exploits. So the chances are higher that the exploits will be found and reported to LL. And then they will be fixed on the server side, or by changing the protocol to block the hole.

So, yes, I'm pretty sure there are many security holes waiting to be discovered. I also think that they'll get discovered and fixed faster if you have hundreds of new eyes looking at the code. And a "fix" will be something that will prevent a rogue client from exploiting it. If it's something that requires specific behavior from the client, that's not a fix.

All IMO

Just because your paranoid doesn't mean everyone's not out to get you

I'm trying to say I don't see any point in starting all over! If people's goods can be copied (and, much more to the point, are being copied), what would be the point of starting all over?

coco

I don't see Lindens bloating the client application with 1,001 widgets that fit the needs of a small niche of residents.

Ideally, I hope, they are open to developing themselves or allowing one of the resident coders to develop a plug-in/extention interface/builder that move some features currently in HUD form into the client where they can receive priority packet scheduling, not be so vulnerable to lag, etc.

I see a whole new opportunity for people to start developing and selling widgets as a natural evolution of Second Life. Yes, it will mean some current HUD makers will get left behind in the shuffle, but it is in the name of progress. Those who can continue will be able to move onto newer (and potentially) more lucrative areas.

Double negative... headache... evil .

To be sure, there are plenty of would-be entrepreneurs on SL. It's comparatively easy to be one, given the low cost of entry compared to anything one might do in real life, and the added bonus that for merchandisers, there are no costs associated with producing copies. At the same time though, the risks associated with an SL business are extreme. At the far end, LL has a real, non-zero risk of LL going bankrupt. (Didn't I read somewhere that LL was ALMOST making money?) Anyway, the long and short of it is that the a rapidly changing environment is a very real risk in running an SL business, and every SL business owner needs to consider that as part of a business plan. To do otherwise is... well ... bad entrepreneurship. At the end of the day, some businesses WILL fail, and others will grow to fill new niches, until the entire SL paradigm goes kaput and we all lose our shirts.

If you've ever watched the movie Clue then you'd know that double negative equals proof positive.

Ok, I Know Very Little about Programming but after Reading Five Pages of this thread I came away with the Following:

~Yes, people are going to use "Open source" to generate Hacks, and Griefing tools. People are going to find exploits, and place them in Third Party "Viewers" to access SL and try to either spoil gameplay, or Rip off game assets. It's Inevitable

BUT

~Having gone "Open source", we NOW have, instead of a Few script monkies trying to Plug the leaky dam with thier Fingers, An Army of Potentially Thousands of Pro, Semi-pro, and Amature programmers looking for the Same exploits, cheats, and Bugs, Creating and testing Fixes, and Patches and Offering them to LL fast, and free of Charge.

SO

~As fast as the Bad Guys Come up with thier various nefarious tools, the Good Guys are countering them, or even anticipating them, and Blocking them BEFORE they become issues.

AND

~Evidence exists to support this View in Other On Line systems (At least three of which have already been named here) that Have gone Open source, and NOT collapsed in a Pyre of Fire and Brimstone because of it.

ALSO

~We get Benefit of other improvements to SL growth, game playability, and possibly New and more interesting features developed and tested by the Pro, Semi-pro, and Amature programmers Again, Made available to SL fast and Free of Charge.

Does this seem to Sum Up Open Sourcing?

In the light of this, I Don't think I'll be Following Chicken Little just yet.
I'll wait and see.

Angel.

So, the sky isn't falling?

Nice post. Balanced, thoughtful, reasoned.

Now everybody return to your usual panic.

I don't sell widgets.

coco

I assume Jacques was talking about widgets as they are used in programming and web applications:

http://www.widgetgallery.com/
http://widgets.yahoo.com/

And he is right, there would be a whole new market segment open up for creation of such items in SL....

Yup, I understood you I sincerely hope it doesn't even come close to that!!!

Well, I'm just going to carry on, assuming it won't come to that.

coco

You're right, now it's much easier to find those exploits. And when anyone finds and reports them - we've seen what happens. LL shrugs, states that they "don't want to get into an arms race" with the hackers, and tells us we have to live with it, things can be copied, that's the nature of the web, get over it. Before those exploits are found everything is fine, afterwards the noble finder leaves us with the remnants of a once working permission system. I can't see anything positive there.

It would be all good and well if LL was willing and able to fix security holes once they've been discovered and reported. That is simply not the case. LL has a big vision and a timeframe in mind, and an arms race with hackers does definitely not fit in there, they made this quite clear.
Any other open source product mentioned here is completely open sourced. We only get the client code, not the server code. The CopyBot issue has shown that we can only report it and be told that we have to live with a problem that we didn't have before.

Notwithstanding exploits, there are probably a hundred different easy ways to screw with the server.

An old testing method for software was to look for places that say "don't do this" and then do it.

Perhaps that's why there's so few comments?

Some random general feelings regarding this issue:

- "Oh god, more camping zombie-bots."

- "Woot! Maybe I can extend the (client-side) particle system a little and submit the extensions back to LL! HmmmMMMMmmm"

Two years now people have been screaming for open source. Now its here and people are now crabby about it. With all advance tech movements there are the "rah rah rah" people and the "Its going to kill the game" people. Abut at the end we all make it through........

Yeah exactly, and that's why I thought it was worth mentioning that from a longtime programmer's perspective, this stuff is old hat, the open source system has been hashed through very thoroughly and it works. The sky is not falling at all.

That doesn't mean everything's going to be blue skies and roses, but the net benefit to SL will be very positive in the long run, just as it has been with other open source software.

The Linux operating system is open source, and it's used by many of the world's governments, scientific organizations, all sorts of people that require the most secure and robust computing environment available.

The Point Ishtara Wasn't so much they didn't WANT toDeal with Hackers, as much as they simply did not have the Time, the Money, or the Manpower to Divert to Dealing Full scale with it. Discovering, and Reporting a Bug is the Easy Part, Finding, developing and Testing a Fix that won't cause more problems than it solves IS the Real work, and it Can be a B*tch. NOW, it seems LL Doesn't Have to. the Work will All be Done For them (Sometimes Before they even know they have a potential problem), and all they need to is verify the Fixes, then Plug them in. FAR less taxing that detecting the scope of the problem, Debugging tens of thousands of lines(Or more) of code.

Not a problem with desire Ishtara, Only with Available resources, and allocation. The people looking at the LL Source Code for Fixes will Mostly be the "Dedicated Hobbyist" Type, and in Any Field of endevor, the Hobbyist can generally work Faster, Longer, and more thoroughly than the professional simply because they Love Passionately what they are doing. They don't watch a Clock, or count Beans.

If LL has Created this Potential resource through Open Sourcing, I think it is Reasonable to assume they have it in Mind to Use it also.

And as for Copybot, well, there's a Huge Dead Issue. It's been, what, Two, Three, Four Months since it became Commonly Known? And the SL economy is still Booming, and the Imminant disaster fortold by All is obviously Still Pending (The only REAL long term annoyance is hearing "!quit-!quit-!quit-!quit" every time you go into a Mall). Once people Calmed Down and Stopped surrendering to Blind Panic, or Ripping Into LL and got the REAL facts about Copybots capabilities it was Fairly Plain that it Wasn't the monumental Threat it was painted to be, and time has Born that out. Maybe, JUST Maybe, LL was Justified in NOT being that concerned about it. The more time goes By without Copybot induced economic disaster, the more likely that looks.

So, for all the Dire predictions of Imminant Doom awaiting us;
"You Keep Saying that, and it keeps NOT HAPPENING!"
Lestat D'Lioncort "The Vampire Lestat"

Angel.

Ok sorry I dont want to go back and read through all the pages. Theres another discussion going on saying this:

"I've seen a lot of responses of the form "this will kill my SL business" and they are probably half correct."



I must have missed something- So open source is a huge "copybot"?

People are going to be able to steal content on their own "client" and no one will know?

I have a question

And this is a dumb example but its just something im using.





I have no idea how this all works so someone please explain this to me.



From reading the chat in here is seams people can make their own client and use it. How are they able to run it though?





Lets say people in client A created something that could steal any content they wanted, and the folks in client B created something to stop it and submitted the patch to LL. But theyre on 2 different clients so how isthat going to stop what client A is able to do?