client source opened - sky falling?

That's the most important part: finding the exploits. The possible part is that, once found, they get reported, and LL (eventually) fixes them. As opposed to someone finding them, exploiting them for all they are worth for an untold amount of time, THEN finally getting them fixed, after great amounts of damage are done. Already, in the last few days, a serious exploit dealing with sound file uploads was found and is being fixed. It's been there since day 1.



Yes, it was *MOST CERTAINLY* a "non-event". The VAST majority of the damage was from people's knee-jerk reactions in closing down their stores and everyone and their dog putting out !quit spamming objects, bringing parts of the Grid to its knees. Personally, I would take a few more CopyBot offenders than all that BS anyday.

News flash for you: You know how easy it is to "circumvent" the permissions system for prim builds, even without CopyBot? Give a decent prim artist ANYthing made, and I guarantee you that, within a short period of time and a very small margin of error, he/she can reproduce it so that even the original creator can't tell the difference. CopyBot simply automates the EXACT SAME process, and does it with a margin of error of 0%. Since textures could already be copied, CopyBot added nothing new to that situation.



From what I have seen, both in my time here over the past year, and previously from forum posts as well as their own website, this has ALWAYS been their stance. The DMCA provisions weren't just added for the CopyBot situation, they have been there for at least as long as I can tell.

I don't know how Copyright law works in Germany, but I suspect it is similar to the way it works in the US, given that both parties are signatories of the Berne Convention (as well as TRIPS and WCT). Thus, where criminal infringement occurs, the judge and/or jury CAN take the matter of your $0.85 shoes very seriously. If you stand to make a lot of money off of your creation, it may even behoove you to register your Copyright, so that you are eligible for statutory damages, which are often irrespective of the amount of real damages, and can be quite hefty (upwards of $150,000 per instance of infringement).



Yes, yes, Chicken Little, the sky is falling. I can tell from all the pieces of it that fell during the CopyBot *NON-EVENT*; the only problem is that ALL of the pieces that fell were the ones tossed up in the air originally by those who reacted to it. When LL closes its doors due to mass copyright infringement and bootleg clients everywhere, THEN it will be a disaster, but not until.



..and if it is not significantly worse than it is now, with respect to the potential abuse of the client, will you and every other doom-sayer actually stand up and admit how wrong you were and stop prognosticating doom-and-gloom with no basis whatsoever? I doubt it, but I figured I would ask.



No, it is little more than a 3D browser. That's what LL has been positioning it as for some time. It's a web browser with FrontPage built-in.

Another news flash for you: with a web browser, you can crash websites/webservers, too. All it takes is a simple malformed request against vulnerable webserver software, and voila! It goes down in flames. LL isn't the Internet, it's a web service provider with their own private servers. AT THE MOMENT, you can't use the Viewer on anything other than their servers. I expect that will change, and sooner than they may realize.

Yes, it was a non-event in terms of the fact that it cold always be done by someone with appropriate skill, patience, and the knowhow to use texture-ripping programs, and the patience to search out the exact texture you used from the few hundred that arrive when you use such a ripping program.

Copybot removed 99% of the time and skill requirements, enabling anyone with the motivation to do so. Of course, copybot had its own technical requirements and knowhow, and by most accounts, it wasn't all that easy to use either. But as a proof of concept, it shook the world. I can definitely see many more user-friendly copybot clients being written in the future.

News flash back at ya: Gutenberg added nothing new to the situation of book production. He simply automated the exact same process a decent writer could already do by hand.

Funny how adding nothing new can be widely recognized as revolutionary breakthrough, isn't it...

You still have no clue what CopyBot actually did, do you? How about you go do some researchon the libsecondlife site about copybot and you'll see that it really can't do much. Stop making people think CopyBot was something we needed to preoccupy ourselves with. Next thing you know, everyone sellin off their Ls again because someone said CopyBotII was going to ruin your business. I'm a C++ developer and I've been messing with libsecondlife a ton in the last couple months ever since CopyBot became the end of SL in the eyes of so many people. It's not as harmful as you guys think.

SL going open source has more up sides to it than down sides. If you ask me, the only down side is that we may start seeing a ton more people with avies that are bots just hanging around. Hopefully the traffic thing will be redone soon so that it's not an incentive to log on 10 users through a text based client.

It's a moot point what copybot could or couldn't do when having access to full client code allows one to produce solutions which can do everything what copybot could do and much more, isn't it? In this sense the OP is perfectly right in their assessment, while exact details of original copybot limitations are red herring.

No, it was a NON-EVENT in the fact that we didn't see wide proliferation of mass copyright infringement as a result of its appearance, EVEN GIVEN THE FACT that it "removed 99% of the time and skill requirements" (which I basically said). The only world it shook was the little insecure one that some people live in. Most everyone else looked at it, shrugged, and went on about their daily business.

So what if there are most user-friendly copybots in the future. Maybe someday there will be a plug-in system in a third-party UberViewer, and someone will write a plug-in object duplicator for the UberViewer. People will have a copy machine at their beck and call. Select the object, press a button, poof! Instant copy! I'll go out on a large limb and say that it will be just as much a non-event as CopyBot ever was. I shouldn't have to explain why I am confident about that situation, either. It is simply a priori, and I shouldn't have to restate the obvious.



..and you COMPLETELY missed the point.

It added nothing new in the area of circumventing prim build permissions. They could ALWAYS be circumvented. In fact, before CopyBot was Jeffrey Gomez' Prim Mirror, which allowed for 100% accurate copies of many prim builds in a relatively short time (not textures, prim builds). So as far as copyright infringement is concerned, there's nothing it enabled which didn't already exist, either with MANUAL methods, or other automated methods. Copyright Infringement was STILL possible, STILL easy, and STILL *quite* ILLEGAL.

Thank you Talarus, Very well Put.



Well, apart from the Judges You ALSO seem to be able to Grasp the Proportionality of this "Disaster".

Angel.

No, i realize your point was "it's nothing new because it was possible before, so it's irrelevant that this new development makes it possible easier and faster".

I just pointed out your conclusion is imo wrong one. Sometimes this very "easier and faster" factor *is* enough of advancement to become actual 'new' development. Simple as that.

My conclusion is based on historical fact. CopyBot made it easier and faster. The world did not implode. Open sourcing the client will allow someone else to make it even easier and faster. The world will not implode. THAT's the conclusion, and if that is the one you think is wrong, then we will just have to agree to disagree.

I never contended that it wasn't easier and faster, or a "new development". I simply contend that it won't make any significant difference in SL as we know it as a result.

Simple as that.

Let's review the CopyBot issue again at this point, which you claim was a non-event. Open sourcing efforts start, the first program that is widely published uses an exploit, the exploit is reported, LL says they can't and won't change anything and even completely change their policy regarding copyright issues (copying is not theft). That's what we've seen from open sourcing so far. In my opinion, security through obscurity works quite well. All the big players (Blizzard, Sony, NCSoft) take this route. Doesn't mean they have no security issues. But in their online worlds, both the publisher as well as the customers take exploits very serious. They don't shrug, accept, call it a non-issue and state that copying content has always been possible.

There is no telling how much has been inititally copied and how many full perm copies are still in use. Of course the offenders will be careful reselling stolen content, if they sell it at all and not just wanted a free copy for themselves (which is usually the case; how many people resell ripped DVDs or MP3 files?).

Btw, when you quote another person it would be nice and polite to keep at least a complete paragraph together, not pick out the most harmless sentence only to defend your "non-event" point.

Yes, the skilled artist who can create anything from scraps. Those are usually highly paid for custom work or run a business with own designs, they don't need to steal. The usual copyright infringement is done by the end customer, who copies a DVD or music CD instead of buying it. Most of them only copy as long as they can do it effortlessly, with an easy-to-use ripping software.

Of course even the relatively unskilled can copy a linkset (given modify rights) by writing off all prim values, then using tools to download the textures, re-upload them with a quality loss, apply them again and write off repeat and offset values... hell of an effort to copy, let's say, a pair of prim shoes. And guess what? You even have to buy them first
You could as well suggest to copy a DVD by taking screenshots of every single frame, saving them as JPEG files and piece it together using VirtualDub. It's simply too much effort until someone develops the "click here and get your perfect copy" stealing tool.

I've seen how law cases about registered design patents of decoration articles are dealt with (in Germany): Only if you can proof that the copyist clearly intended to copy your designs and to sell them to the same constituency, you might have a chance that the infringer is asked to change the ripped-off design. Not to stop selling it, just to make sufficient changes to shape and/or color pattern. You can also easily lose such a case and end up paying the legal expenses. Registered trademarks (company logos etc.) are taken more seriously of course.

I personally wouldn't go into a legal clinch unless I had at least a design patent on my work. Mere IP rights? "Look here, Stephen King copied my novel, here's a hand-written manuscript by me dating back to 1989 (I've written the date on top of page one), I never published it and now he stole from me". Who says one can't mess with upload dates, using a neat exploit discovered in the client source code? Digital data is easily messed with; the thief could even sue the creator. That's why our law system doesn't take IP rights infringements altoo serious, if it isn't backed up by a real patent.

No one ever said "the sky is falling, that's the end for all SL businesses". When the DVD copy protection was cracked and circumvented, it didn't kill the DVD. It did just hurt the sales numbers. If a few dozen people copy SL wares and hand out copies to some close friends, it won't kill any SL business but it will hurt their sales numbers (did I get this extreme emphasis thing right?). That's all we're worried about. Losing sales doesn't equal bancruptcy. Nonetheless it's something every business will try to avoid. Of course, those who view SL as a mere game as well as those who like the idea that every digital content should be free to copy will fail to understand that.

See above - no one ever said "the end is near", at least I didn't. If I insist that a building in an earthquake zone like Los Angeles should be earthquake-proof, you can also laugh at me after 2 months, if no earthquake did occur during that short period. You can also come back in 4 years to find that still no earthquake has happened. Does that make earthquakes a lesser threat? I don't think so. Sensible security measures are never a waste of time, and someone pointing out potential security risks is no doom-sayer.

You can crash websites but not the web. Aside from that, a website owner also has the option to be prepared for such attacks. You say it yourself: vulnerable server software. It's your choice if you install vulnerable or secure server software. In SL we have a common standard. An attacker can be sure that the trick he used to bring down sim X will work in sim Y as well. Sim owners can't do anything to protect themselves, we completely rely on LL. If now LL chooses tob provide everyone with potential lockpicks, some of us are understandably upset.

If you only view the big picture, of course nothing has happened, there are always some thieves but most people are honest. The small shop owner who has to deal with a few shoplifters still makes revenue, but he loses money due to theft. Someone steals from them, even they aren't robbed blind, you can't argue or rant that away. According to your logic we could all just keep our house doors unlocked, because even with a locked door it's possible to break in. The world will not implode when you keep your door unlocked. An unlocked door makes breaking in just a little faster and easier, right? Nothing wrong with that. Well, here's a "newsflash" for you: most people lock their doors, because they think that stealing should be made hard, not fast and easy. It works and greatly enhances their security; a proven "historical fact".

Wrong. CopyBot was NOT the result of open-sourcing ANYTHING by Linden Lab. CopyBot was a specific implementation of a third-party library created by REVERSE ENGINEERING the network protocol. No exploit code whatsoever was used in CopyBot. PERIOD. Please get your facts straight.



In my opinion, security through obscurity only works as long as you can keep the facade of obscurity up, which isn't very long in the vast majority of cases. Don't think for a second that there aren't tons of third-party apps, bots, add-ons, etc for ALL of the games put out by the "big players" you mentioned. They've existed from release day one, and they continue to be updated and improved all the time, as those companies spend literally MILLIONS of dollars in development costs trying to stay ahead of them. Sure, they take exploits very serious, but you know who is paying for them to take those situations seriously? Yep, you guessed it, the players. So, let's make Second Life more like those services. Everyone starts paying $10-$20 per month to "play" SL. I'm sure that would go over well.

You also cannot put Second Life into the same category, as the things they are protecting are different in many ways, not the least of which is the fact that the assets are not even their own.



In fact, there's no telling if anything has been copied at all. I've yet to hear of a single incident where someone got smacked for copyright infringement as a direct result of the use of CopyBot. Have you? I'm not going to say it hasn't happened, but the point is that WE don't know either way. However, if it was indeed widespread, I think it would be a LOT more prevalent than it apparently is.

As for how many people are reselling ripped DVDs or MP3s, I don't know a single person who does. Do you? Again, my argument is not that there are none out there, but that their numbers are fairly small amongst the general population. When they get caught, they go to jail, and their existence hardly puts a dent in the industry (contrary to what the RIAA and MPAA would have you believe, of course; they claim that they are just DYING because of all the "theft", whilst the guys in the background are shoveling cash into their vaults with platinum shovels).



Sorry, that's the way I rebut. I find the points I disagree with and highlight them via quoting. I am not obscuring the context in any way because your message is still present in the thread, available for anyone to read (and they probably already have anyway), so I'm afraid you'll just have to live with it.



I am not a skilled prim artist by any stretch of the imagination, but I have yet to see a single prim build that I could not duplicate (within a negligible margin of error) by hand within a reasonable time frame, if I had reason to bother. There's nothing magical or special about copying; the magic is in the creating from nothingness. Even still, *I* would rather pay someone for their work, rather than infringe on it. I don't know of anyone who would infringe rather than pay, either. I don't know everyone, though, so I am sure there are a few who do but, again, my experience tells me that they are in the MINORITY. I won't even go into the arguments about copying for promotion (where people may copy a song or a movie as a "try it before you buy it", or to get someone else interested in buying it), or attack the falseness of "lost sales", as I don't think they apply as directly in SL. However, I also don't think people are going to bother risking anything from banning to social censure just to copy someone's prim art, and I think even less people are going to bother trying to sell it for the same reasons.



Well, I can't speak to how it works in Germany, but in the US, Patents/Trademarks and Copyrights are different bodies of law, and have different statutes governing them as a result. If you copy someone else's work, you are guilty of infringement. All they have to do is file a suit, and if they win, depending on the nature of the infringement, and how well they documented their ownership of the copyright, they can clean your clock.



Again, copyrights and patents work completely differently and offer different kinds of protection for different things. IE, you can't patent a novel, but you can copyright it. In your example of Stephen King copying your novel, if you had registered your copyright prior to him publishing it, you would seriously own him in court. Otherwise, you have to prove your ownership of the work, and that can be quite hard after-the-fact. Within SL, they do have upload dates for assets, and they can tell if someone is using someone else's assets (like if the infringer was using their sounds/textures via the asset key). Establishment of ownership is of primary concern to anyone who makes anything; if the creator doesn't think it is important enough to protect, then there's no reason to bother chasing down infringement of his/her creations.



No, but it is an accurate paraphrasing of all the hand-wringing and gnashing of teeth that went on in here and elsewhere when the CopyBot fiasco hit the fan, and is still fairly accurate in this instance, given how much effort people are spending decrying open sourcing the client for the same reasons.

There's no hard evidence that cracking CSS hurt the sales numbers of DVDs. In fact, DVD sales have been record-breaking for many years now, so while I deign to say that DeCSS actually bolstered sales, it is not an argument without merit.

The only way copying hurts sales numbers is if someone makes (or is given) a copy of something they would otherwise buy. In that situation, I think the vast majority of people would either refuse, or accept and still buy it. The REAL problem, as I see it, is people who make copies and SELL them. THAT is where the real lost sales are, because the customer DID buy it, and the real creator wasn't paid. Those people, I would expect, will get ferreted out and banned rather quickly, and people who bought illegal copies can expect to lose them. Thus, it becomes and exercise in caveat emptor, just like it is in the real world. Second Life being the small society that it is also makes it very easy to locate and report infringement.



(You tell me; I was only following your advice. )



Sure, businesses don't want people infringing on their works, and they should make every attempt to protect their works (that includes registering their copyrights, too!), and aggressively pursue those that infringe on their IP, especially those selling it.



Earthquakes are acts of Nature; Copyright infringement is an act of People. There's no way you can sue Nature for reparations as a result of destroying your building. I am also not arguing against people's NEED to protect themselves against earthquakes (or copyright infringement); clearly they do, but it is up to each individual building-creator to do it, not the "government". Ineffectual security measures ARE a waste of time, and given that there is NO current way to make them effectual, it is a waste of time (and *OUR* money) to try. That's where LL is coming from, and I think it was the right choice to make under the circumstances.

The only effective way to combat infringement from a technical standpoint is via enforced hardware DRM on every computer the software is run on. Personally, I don't care for DRM, and fight against it at every turn, because it takes away control over *my* computer and gives it to people I don't know and have no reason to trust. As far as I am concerned, artists are just going to have to trust me in that I will be an honest, upstanding person, and sell to me without DRM, or they won't get my money. I won't accept my computer being locked down with DRM any more than I will accept the hood of my car being welded shut because the auto manufacturer believes that I shouldn't be monkeying around under it.



SL is not analogous to the Web. They are a Server, a Service Provider. They have given you a customized browser which lets you accesss their services. In the future, there will be more SL-based Service providers that are likely not run or supported by Linden Lab. As such, you will be able to crash one grid, but not all grids.



Of course, but therein lies an assumption: that the software you THINK is secure actually turns out not to be so "secure" after all. That is the rule, not the exception. You can run the securest webserver software in the world and still get hacked because someone found a new hole in it that was heretofore unknown. It happens all the time.



Uhh.. Works that way in First Life, too. Most webservers run some variant of *nix, Apache, PHP, BIND, MySQL/Postgres, exim/sendmail, etc. When vulnerabilities are found in one of those, MANY servers are also at risk. Most people who own/operate webservers aren't programmers, and can't find/patch the vulnerabilities themselves, so they are also at the mercy of the people who created the software to fix it and provide them with the appropriate patches.

ALL of those products are Open Source, so they ALSO provide the "lockpicks" to potential hackers. There's nothing new about that concept. Hell, there is no protecting content on the web. You can view/copy markup, download and save images, sounds, movies, literally everything. Yet, the World Wide Web is probably THE most successful content/publishing business since Gutenberg's printing press. Do you see people constantly ripping off other people's websites and content? Yeah, it does happen, and people have GONE TO JAIL over it or paid hefty fines as a result of their indiscretions, but I don't see infringement killing anyone's web business.



Beyond the fact that Copyright infringement isn't "theft" (despite the constant popular cognitive dissonance to the contrary), I never said it wasn't happening. Yes, the big picture is important, because it is most representative of reality. Those whose works are infringed upon have to be prepared to cope with it; I am. It's already a part of my risk management for my products and services. Just as with Real Life stores who already deal with theft of merchandise, you and everyone else need to be prepared to protect yourself the best you can with what you are given, and agressively defend your property, real or imaginary.



Back at you: A few years ago, when my home was robbed, the burglars didn't bother coming in through the UNLOCKED front door; they went around and broke in through a window on my back deck, shinnying up a 10' wooden post to do it. They didn't even bother going out the FRONT door with the loot. It didn't even slow them down. All the locks in the world on my doors wouldn't have made ONE DAMN BIT of difference. Locked doors have ZERO effect on "stealing". What has a tangible effect is deterrents, both social and legal, as well as making sure you go the extra mile to identify your possessions, and aggressively defend them (if I had been home at the time, there would have been two dead burglars).

The only thing locks do is enhance your SENSE of security. In reality, no lock stops someone from stealing from you; if someone wants something of yours bad enough, they are going to take it, unless you or someone else puts an end to it, or them, first. But I am sure the lock-making industry would love you to think they protect you and your belongings absolutely.

I wrote: open sourcing efforts started. LL allowed open source programmers to re-engineer the client with the goal to create open source software, which led to the development of the CopyBot client, the first widely distributed open source client that used an exploit to circumvent the permission system of SL. These are my facts, which look quite straight to me. You can of course argue that SL's DRM was pathetic and easy enough to circumvent when it comes to textures and prim data. It doesn't make duplicating a linkset with altered permissions anything else but an exploit.

Third party applications that "existed from release day one"? Tons of them? Come on. This is a great example how overdrawn some of your arguments are, sorry. Of course, at some point someone is bound to find an exploit. The community is very aware of this and reports unusual activity, and the publisher reacts to those reports, because they actually think that a healthy and fair inworld economy is crucial for their virtual worlds.

It is an arms race, just as the arms race between virus programmers and anti-virus software development. I'm glad that some companies are prepared to spend the development costs and try to keep their products secure, else I wouldn't dare to use Windows XP anymore. I think that's a better way to spend money than investing it into new hardware to allow everyone in for free, without identity verification even, just to support 2 million accounts in order to attract investors. When it comes to monthly fees: I pay a lot more than $10-20 for SL. Most residents do, when you count the content they buy (which is included in the flat fee of other providers). I also don't own any assets in SL according to the new TOS, just IP rights.

And why exactly can SL be compared to the normal 2D web but not to something much more similar, like another 3D online world (Sims online for example)?

I have yet to hear of a single incident where someone got busted for music or movie copyright infringement. Nonetheless I know that copying movies and music is common practice. No content creator has the time to run around and compare if everyone who wears their products appears in their transaction history as well. We will likely never know, we only know that the possibility exists and that open sourcing the client is a step that makes the development of copy tools even easier.

That was exactly my point: most thieves of digital wares don't resell. They steal for their own use. That's exactly why you can go on pretending that it doesn't happen, because we likely won't see big-time resellers, just lots of folks who save money by simply copying everything they see and like.
As for the music / movie industry: Theft isn't justified when you steal from someone with enough money to spare. Theft is a crime, it's that easy. No matter if you steal from a millionaire or a beggar. I read these "platinum shovel" arguments quite often, usually to point out that stealing is relatively ok in some cases.

You don't know anyone who would infringe instead of buying? All your friends and acquaintances paid for every piece of software they use? That's a pretty rare case. Most of the people I know who own a computer have absolutely no moral constraints to install pirate copies of software applications. Why? Because it's so laughably easy to copy. They don't have to make efforts comparable to forging a painting. They only need to click some buttons, using software products that can easily be downloaded everywhere. So easy that it looks like a perfectly normal thing to do.

The "I try before I buy" argument is an easy method to justify it, btw. And the lost sales argument isn't false. As a kid I saved my pocket money to be able to buy a record; today's kids would do the same if they couldn't easily steal their favorite music. I also think that a person who spends $2500 on a PC could afford to pay $850 for a Photoshop license if they really want and need it. It doesn't always have to be the newest version; if I can't afford a new car, I buy an old car (or use Photoshop 5.0 and Poser 4). Unauthorized copies do indeed hurt the sales numbers of the manufacturer.

How well the patent or copyright is documented, that's exactly the point here. That's why I used the example of a novel. Anyone could say "My manuscript is older" or "My files show an earlier date". All the SL content creator usually has are IP rights proved by earlier upload or creation dates. I fear that's not much of a proof in court. Even a patent doesn't prove much if a ripped off design has slightly been changed. That's why I'm against anything that allows to duplicate other's work fast, easily and effortlessly.


Honestly, I see just as much hand-wringing and gnashing of teeth in your posts.
I would spend the same effort to protest against law changes in my country that I can't support, like legalizing weapon ownership. Protesting against it is pretty much the only thing I can do; if I don't spend this little effort at least, I can hardly complain later when things really hit the fan.

Please. Their loss of sales lies indeed in the illegal copying itself, not the illegal resale only. Nearly everyone I know simply downloads the movies they'd like to watch, the music they want to hear and the software they intend to use. It has become common practice due to ease of use. We all know this, other arguments only come up when someone tries to defend it.

DVD sales numbers went up as VHS sales numbers went back, and since VHS cassettes could be and were copied as well, the movie industry has suffered a sales loss since they started to sell movies for home environments. In addition, the prices for consumer electronics keep falling, and the number of honest customers increases with the number of people able to afford a DVD player. Their slaes numbers go up, but they don't have the growth of sales they could have. Of course they still earn a lot, but as I said before, stealing from a millionaire is still theft.

If you want to nitpick, I can give you the example of a bank that usually has security measures in place as well, to protect themselves against acts of People. It would be madness to completely give up on any protective mechanism just because they don't work 100% failsafe and can be circumvented with enough time and effort. It's madness to allow effortless and easy theft.

Another way to keep the wrongdoer from committing a crime or an infringement is to a) make it reasonably hard, and b) make sure it's clearly outlined to be a crime (or TOS violation). There's no mechanism in place that prevents you from driving drunk, and no one would want such a thing installed in their car. The law alone is enough to keep most people from driving after they had some beers. The inhibition threshold to reverse engineer a client software with the goal to develop a copy tool, if the TOS clearly forbids to do so, is much higher than to download and use a freely distributed open source client that has the same copy tool already built in.

That's what I said: SL is not analogous to the web. You argued against this point before.

That's because most web businesses don't make a living off the image files and texts on their websites. The RL products they sell can't be copied that easily. Another point that distinguishes SL from the internet.

Colloquially, "theft" is the most commonly used word to describe the process of taking something offered for sale without paying for it. Of course there are different legal terms to graduate the exact level of offense, just as some murders are called homicide or manslaughter in court. Doesn't make it any better in my eyes.
Of course, a business owner is prepared to be stolen from. I am prepared, nonetheless I'm against steps taken by my service provider to make stealing (sorry, infringing) easier, after we've already seen how easy it becomes when people start to mess with the client software.

Do you now keep the windows open too, to make it even easier for them, thinking that a locked door/window is pointless? I'd rather spend some more on home security and install better locks as well as an alarm system. Sorry, but my common sense tells me that's the sensible thing to do. I, like most persons, lock my doors and keep my windows shut. I was never robbed and never caught a burglar in my home (if I ever do, I will certainly not repay a crime with a morally even worse crime by attempting to kill them). Even if my locked door can only slow a burglar down and keeps a mere 10% of them from breaking in, it's still worth the effort. If nothing else it clearly shows: this is a private place, you're not supposed to enter here. It can make a difference in court if one took sufficient security measures to prevent a crime, like simply locking a house door.

Sorry for picking this paragraph out of the middle and putting it at the end. In my opinion, if one quotes one should quote the original text within the same context, i.e. paragraph. Paragraphs and sentences are kept together for a reason. It can be quite distorting to quote only a fragment, like picking the "I agree" out of "I don't think that I agree". Not much of a rebuttal, imho. If you need to discuss this way in order to defend your arguments, I can't do anything against that other than giving a better example myself and ending the discussion between us with my final post on this issue (that's why I put this at the end; certainly a little rhetorical manipulation, but at least I kept the paragraph unchanged).

To mention this again: when a creation is uploaded to Second Life, you immediately give every other resident of Second Life a permanent license to all patent rights for that creation. It's in the TOS, honest! Check if you don't believe me

However.. I'm not sure you need design patents in SL. In SL, your "design" is really just a set of numbers which could well constitute a copyable expression under regular copyright law.

Lets see - Linux is OS. Security has always been at the forefront of the design and holes have been stiched up as fast as they are found. The only reason to put an AV system on linux or Mac is to protect windows users further down the chain.

Microsoft Windows is closed source. It is the most frequently hacked and slowest OS around - despite being very user friendly. It is only in recent years that MS has really taken on board security issues. The last ime I looked (a few years ago) there were something like 28,000 viruses, trojens etc aimed at Windows.

Second Life security - Security for your details is with the server mostly, where information like our password is encrypted. What has been opened up is the Viewer. Even if the server source was opened up, to get your password someone would have to decrypt it.

The easiest way for someone to get your password is to simply ask for it (you would be amazed how well that seems to work). That is so much more effective than to spend weeks and weeks creating a dodgy GUI that everyone else will be scrutinising.

Well, thats my thoughts - sorry if I have repeated things others have said, there were too many pages!

Now, where is all the bleedin' First Land? Grr!

I'm afraid this has already been said It ignores the fact that hackers target Windows, not because it is insecure, but because it is widely used. Plus, of course, Windows tends to be used the most by non-technical or casual computer users, who are the easiest victims for hackers; any statistic on the percentage of compromised Windows boxes will include all of the computers that are owned by the old couples down every street who bought a pre-made Dell, running XP Home, to see what this internet business was about. How many of them do you think are running Linux?

However, you wouldn't need to "create a new GUI that everyone else will be scrutinising". If you can change the Viewer, you can make it send the password input from the viewer's regular GUI. That's what people are afraid of here I think.

Besides which, the Windows/Linux analogy doesn't really apply here because concern is more down to interception of in-world creations than username/password exploits or general stability of the software.

I certainly hope this wasn't your last post Ishtara.

Your thoughtful, well reasoned, and respectful responses to the arguments brought forward by these pro-open source "coder types" who exhibit such obvious disdain toward the worth and contribution that content creators have made to SL to this point, have been refreshing to read.

The fact remains that SL would not be where it is today if not for the amazing contributions made by the texture and prim content creators of SL to date. There is no mistaking that the large majority of residents, and especially females, would not be hooked to SL today had it not been for the ability to play barbie with our AVs and go shopping for the thousands of creations (IE., skins, clothing, hair, shoes, jewelry etc) introduced to SL by our very talented fashion content creators.

But AV enhancements are only one sector that benefits from our texture and prim content creators. I bet that if a study were done in regard to what areas of the economy, outside of land perhaps, generate the most income in SL, the study would reveal that textures and prim creations generate the most income, and are what that truly makes the economy go round.

See many, not all but many, of these coder types protecting this open source idea are the scripters of SL.

Do you think that if the roles were turned and it was the scripters creations who were threatened by this open source implementation, that they would be so vehemently protecting this change on these boards and dismissing its threat to texture and prim creators?

Of course not!!!

They would all be crying and screaming all over these forums like they did when the scripting security fiasco occured several months back. Omg, talk about alligator tears.

To date SL has had the best of the best of talented texture and prim content creators working on this world. As a result our AVs and in-world creations have experienced explosive growth and look wonderful.

Do you think this talent will hang around for long given the current change of events?

I fear that this may not be the case.

Hey but atleast we'll be able to download a jungle themed skin for our viewers with matching animal paws for button icons. Um ... yay?

Not.

Funnily enough, so is mine. ^^ And i'd dare a guess 500 years can give better hindsight than few weeks passed since the ability to easily copy content was released in the open in SL... we live in accelerated age but perhaps stating already what effect the new development had or didn't have on the world... is a bit hasty jumping to convenient conclusions..?

On sidenote re: open source security. isn't wakkawiki which was used as backdoor to compromise SL account database a while back... open source project as well? Just a case of life verifying the security claims -- being open source itself isn't enough to warrant any kind of increased security, there needs to be 'critical mass' of people both interested in keeping code secure *and* skilled enough to make that wish possible.

I don't know where you get the idea that scripters aren't also taking a risk with this!

I've already mentioned this: many popular scripted items, such as personal HUD attachments and gadgets and building enhancers, now run the risk of being obsoleted by new features on the client. A client-side version of these features can usually be better than a scripted version in every possible way - faster, with a better user interface, no lag, and no messing with attachments. The only problem is that, under the GNU license, it'd have to be given away (well, actually, I think there is a way around this (!) which we might see being used soon - but it'll only work for major new features, not neat add-ins). Scripters who are not also builders generally seem to have a fairly hard time and this runs the risk of making it worse.

Of course, you'll probably argue that scripter/coders have no interest in making that kind of change to the client precisely because it would disadvantage them. Well, here's some good news: most of them don't really have any interest in disadvantaging builders or artists either. In fact some of them are builders and artists as well as coders.

From what I understood of the townhall meeting, LL isn't planning on reintegrating anything more than minor bug fixes into the official client. Without a way to add add-ons to the official client, there is no risk of any HUD or gadget being obsoleted because the only way to achieve it would be by offering an unofficial viewer that has that capability, which noone is going to trust using.

Oh, plenty of people will use third party viewers. But we're talking handfuls here and there with specialized needs. Such groups will even collaborate on unique TP viewers. I agree with you though...this kind of usage ain't gonna hasten obsoletion of existing items...and I don't envisage a sudden stream of unexpected features and architectural changes in the coming months (as a result of the OS effort) either.

Umm. No. What part of "third-party effort" are you not understanding? LibSL started without any support from LL. LL's open-source plans parallelled LibSL. LibSL was NEVER part of their open-source plans. CopyBot no more uses an exploit to recreate prim models than you do when you sit down and copy them by hand. If there was any exploit, it was in that it could apply texture keys as well; however CopyBot didn't introduce the use of this exploit, but instead borrowed from one that already existed.



Sorry, it is the truth, and if you want to do just a small amount of digging in a few underground sites which TRADE in these tools, you can see for yourself that a great deal of cracking tools were ready at or very close to release of popular games, especially World of Warcraft. They were developed during beta, and fine-tuned at release.



Sure they do, but that doesn't alter the FACT that they exist and are continually updated, distributed, and used to do everything from dup items to farm gold. It's particularly telling just how much effort is focused on regularly attacking the Warden program specifically so that they can circumvent its protections. Blizzard regularly bans many thousands of accounts for use of these tools and using similar exploits. They will be banning many thousands more in the future.



Virus protection is overblown in most cases. I haven't had a virus on any of my systems in almost 20 years, except for one I accidentally self-installed trying to "store" it for later examination (or on isolated test machines I intentionally infect to examine). I only intermittently run virus scanners because they often cause more problems than they prevent in my case. It is easy enough to practice safe computing, and avoid getting viruses and trojans in the first place. Use a good hardware firewall, don't use IE, don't use Outlook, don't run anything you don't know or that comes from an unknown or untrusted source, and keep up-to-date with your patches. Just as with lock and alarm vendors, they are making their money on selling a SENSE of security, however they still admit they can't stop many viruses and trojans that are newly released into the wild. 0-days will still get you if you aren't careful.



I would rather they spend money on fixing bugs, finishing projects, and then improving the overall quality of the system and software so it can scale. Even still, you won't get any argument from me that free/unregistered accounts were a mistake. I don't think "most" of the 2.4 million residents have spent nearly that much money, ever, let alone monthly. Buying Linden$ and then content with them doesn't put much at all into LL's coffers, so it doesn't really count. Owning IP rights on assets IS "owning the assets", because that's all they are; you don't own the tiny piece of the hard drive used to store them as well.



I never said it couldn't be. In the PROPER CONTEXTS, it can be compared to either, both, or neither.



I read about it all the time. STILL doesn't make it "commonplace". "Commonplace" means that more people you know who do it than don't do it. Unfortunately, anecdotal experience is highly subjective (ie, depends on how high or low the moral character of the friends you keep is), but after networking a bit, it has been my experience that there are more people I know who don't infringe than do.

I don't expect content creators to spend all their time policing; I contend that they shouldn't worry about it until it is either reported to them ("Hey, Joe, I saw one of your widgets the other day, and it didn't show you as the Creator.. isn't that weird?" "Yeah, show me!", or they discover it themselves. Then I would recommend going after the perp wholesale with everything they can muster. Ask your customers to report infringement of your products to you; offer a reward.



I have never said that it doesn't happen. I don't have a need to "pretend" otherwise. I am well aware that it happens. My argument is that it isn't significant enough to warrant measures where the "cure" is worse than the "disease".



A) It is not "theft", and B) I never said infringement was "justified", regardless of how much money was involved. My point in using the "platinum shovel" argument is that the RIAA and MPAA are WELL-KNOWN to WAY overstate their "losses" for political sympathy. A fact which has been borne out in evidence in quite a few of their court cases in recent years. Again, truth trumps hype.



That's right. I don't use a single piece of software I didn't pay for. I don't know anyone who does, either. I *DO* know some friends who copied a piece of software or two *for evaluation purposes*, and either bought a copy for themselves (something which would not have happened if they had not tried it to see if it suited their needs first), or ditched it rather quickly. I suppose it all comes down to who you keep as friends. I HAVE had some customers who have asked me to verify if they were infringing, and one or two who asked me to do something which would have infringed if I didn't refuse, but were not fully aware that it was infringement. However, I don't know anyone who infringes "just because it's so laughably easy to copy". Those who are indoctrinated into a culture of infringement I have no doubt feel that way, and probably infringe without even thinking about it. I don't tend to associate with those people, because they usually have some other deep-seated issues which keep me from allowing them close to me.



If someone wants to try out one of my products before they buy it, fine by me, as long as they buy it or stop using it within a reasonable time frame. Why do you think so many companies offer free trials of their products nowadays? Because they recognize a legitimate need for people to do just that. In fact, I think you would have a hard time convincing any judge presiding to award damages over an infringement case where the person tried the product using an infringing copy, and either bought it anyway, or deleted it from his/her system before getting any significant use out of it. I'd ALMOST say that is a "fair use" right, at least in terms of functional products like software.

The "lost sales" argument IS false. You can't count a sale as a sale that you could lose if you would never had the sale to begin with. If you could, then you can extend the absurdity to the fact that, if the RIAA could have sold each and every one of its 100,000 songs to 100,000,000 people for a $1.00 each, then the difference between that revenue figure (which, incidentally, is $10 trillion) and what they actually made would be attributable to "lost sales". Not surprisingly, their numbers on that metric are not that far off. It is a metric which has no basis in fact.



So? When has the burden of proof never required documentation, regardless of the situation? When you go to court over ANYTHING, the more documentation you have, the better your chances. The same is true in any contested situation, including copyright infringement, regardless of how it occurs.

Here, let's say you make nice Victorian prim houses, and you happen to be in a sim visiting a friend, and you notice that the next door neighbor has (what appears to be) one of your houses; however, on a lark, you check the house info and see that you aren't the creator, and you also note that the owner isn't in your financial ledger. At that point, does it really matter HOW this person got a copy of your house? If you had done your homework, you would have already done the necessary documentation to prove your ownership of those assets, so you can then go ahead and file it as part of a DMCA notice. Chances are, you have the original textures; the person who copied them doesn't. You have the original house; the person who copied it doesn't, and his creation date (which he has ZERO control over) is later than yours. You win.



Yep, it's called "reaction". I see a GREAT DEAL of good in open sourcing the client. FAR more good than even the worst evil dreamed up that will never come to pass by those freaking out about its potential abuse as a copyright infringement tool. I support LL's move in this direction, and I KNOW it will be better for all of us; not just you, or me, but everyone. As such, having people constantly attacking it because they are short-sighted, or don't know any better tends to make me vocal, and somewhat reactionary. I apologize if I come off a bit abrasive and overbearing because of it, but I do believe in and support it with as much zeal as you do in your beliefs from your side of the fence.



Nope, I am sorry, but that is just, well, wrong. I don't know any other way of saying it, but you can't "lose" a sale that you never would have had. That said, it doesn't mean it is "right" to infringe and use / enjoy the use of something you didn't pay for, but it cannot be counted as a "lost sale".

Sorry, but that hasn't been my experience at all. The few people I know of who download movies and music do so to sample before they buy, if they do it at all. I don't know anyone who downloads and uses pirated software. Yes, anecdotal, but no more so than anyone else's experience, including yours.



You're kidding me. The home movie market has added BILLIONS of dollars in sales to the movie industry's coffers; they are even doing direct-to-DVD movies more and more because they find that many movies sell better AFTER they hit DVD than they do at the box office. Yeah, I am sure they don't have the growth of sales they want; no big company ever does, even when they are doing better than just about any other industry. In addition, they aren't above naming strawmen and the boogum known as "piracy" as the reason why, either, regardless of the facts (which, again, keep strangely showing up in their court cases and from independent analysis of their market data).



If the best any bank could ever do is a vault made out of papier mache, and the best of the best of these papier mache vaults cost them MILLIONS of dollars to erect, was constantly under attack and being breached, and they neglected the other parts of their business because they were spending so much on "security", would you remain a customer? It's madness to throw the baby out with the bathwater, too, ya know.



That's fine, except a) is a VERY hard problem to solve via technical means; one which has very little to no return for the massive investment required. b) is already outlined well, both in law, and in LL's support of said law.



Perhaps I misunderstood you, but when you say "You can crash websites but not the web", are you not referring to the ability to crash SL with the Viewer as analogous to crashing the entire Web with a browser? If so, then you DID directly imply the analogy, and my point stands.



Doesn't make it any less a case of infringement if someone copies their images and files, though, does it? Also, not all products in SL are simply "prim art"; many are scripted, too, and people make their money off of the whole package, not just the "prim art".



Colloquial use fails in a debate where its use is little more than inflammatory, in which case, proper use has more weight. "Theft" is used, properly, to describe the process of taking something without permission in which it deprives the proper owner of its presence, use, and/or enjoyment. Copyright infringement fails in this definition at the "deprive" part. I don't know about you, but I don't think the penalty for premeditated cold-blooded murder is fair to apply in a situation where a fatal accident due to negligence (most often where manslaughter charges come from) occurred. That's why there is a distinction, so while you may not see it as any better or any worse, I am glad that the courts and the law do. I don't want to go to Death Row because I accidentally ran you over with a hay baler.

I'm not happy with them taking any steps which make infringement easier, either, UNLESS the benefits of doing so outweigh the negatives far enough to convince me otherwise. In this case, they do. Copyright Infringement is a SMALL problem, better addressed with other measures besides technical ones. Worrying about copyright infringement is pointless if the grid can't stand up long enough for anyone to hardly log in to infringe, let alone MAKE anything TO BE infringed.



It might seem insane to you, but yes, I do often leave my house unlocked even today, because if the thieves are going to steal, I would rather them at least not add to the property damage by breaking windows and the glass on the expensive front door. That doesn't mean I won't be pursuing their sorry wastes of flesh and making sure they are prosecuted to the fullest extent of the law if they are caught, or blowing them away if they happen upon me in my bedroom in the dark of night.

I don't consider killing someone invading my home a morally worse crime. They aren't supposed to be there. Period. I am not going to wait for them to shoot me first, since many home invasion burglaries end up with dead occupants, even when they are unarmed. People kill other people for a few dollars and a pack of cigarettes; thanks, but I have no desire to become one of their statistics.

I also don't need a locked door to establish claims of trespassing and my rights to defend myself, my family, and my property with deadly force, if necessary. Thankfully, neither does the law where I live (except in some really stupid and insane cases).

Until I live in a concrete bunker without windows and only one door which is the equivalent of a bank vault door will I really worry about locking it.



Doesn't bother me in the slightest. If you misquote me, then I will be happy to correct you. I expect no less in return from you or anyone else.

I will note that you have yet to correct a misquote I made of yours, but simply make a point that you don't like my "style". That's unfortunate, but I see no reason to change my "style" for anyone based simply on whether or not they "like" it. I haven't quoted you out of context or made a rebuttal based on ANY manipulation of your words. Your words are there for everyone to see, and you are always free to point out where they were mistakenly quoted.

It's not a fact at all. There is a similar magnitude of people constantly attacking *nix systems PRECISELY BECAUSE it is widely-used for internet servers. This is a constant FUD-based myth thrown around by Microsoft and its supporters as well as people who don't know any better.



How many of them do you think are renting / using internet-based services which are running on *nix? E-mail? Routers? Their website? A lot more than you probably realize.

I have ZERO disdain, but LOTS of support for the worth and contribution of ALL content creators, prim artists, musicians, sound artists, texture artists, animators, AND scripters alike. Lest anyone doubt, I make scripts, yes, but I also make textures and some prim works as well for my products.

None of that changes my belief that an Open Source client is better for EVERYONE in the long run, including ALL of those people I listed above. I believe that because my experience AS a coder with similar projects gives me that level of confidence needed to support it.



Yes, and let's not forget the contributions made by the scripters as well. Animation overrider? Flight assists? VENDORS?



Unlike some people, I won't deign to say that scripters are better or contribute more to the SL economy than any other discipline. I will simply say that scritpers are a significant part of the economy and have NO call to claim either more than their fair share of credit, or decry or devalue the contributions of anyone else.



So? Even if that were true (I doubt you have the statistics to back that up, but let's say it's true for argument's sake), what difference does it make? "Coder types", especially those which have worked on Open-Source projects would tend to know the benefits and costs of open-source better than non-coders, yes?



It also doesn't mean we are callous or uncaring towards the plight of other disciplines. We SHARE the same plight. I PROMISE you, as far as I am concerned, if open-sourcing the viewer caused scripts to become more vulnerable as well, I would still support the move to open source just as much, because the benefits STILL outweigh the potential risks.



Though I didn't "cry" or "scream" over it, I don't see why doing so would be any worse than when texture/prim permissions were borked in the past.



I don't see why it wouldn't, unless getting-arse-on-shoulder syndrome caused people to drive themselves away. Why would anyone leave when they are still making mucho bucks? I'm certainly not leaving as long as my stuff sells.

Really? That's strange, I don't recall the invention of the Gutenberg press destroying the book writing and publishing industry; in fact, I recall quite distinctly it revolutionizing it. It sure did piss off a lot of monastic scribes, though. Damn near put them out of business. I'm sure that we wouldn't mind someone going back in time and destroying that invention, just to protect their interests, though, right? I mean, we can't have a few people's livelihood run over by progress for the masses, can we?



You tell me. In 500 years, when our descendents look back at how SL revolutionized the 3D virtual world industry, will the fact that it could easily copy and distribute content be anything more than a hysterical footnote?

(and no, I don't really believe that "SL revolutionizing the industry" part; just thought it would be a fun comparative metaphor )



You won't get any argument from me on that subject. All I say is that the POTENTIAL for better security is much greater with Open Source than with closed. Given the popularity of Second Life, I have no doubts about its ability to reach that "critical mass" of people you describe as necessary for making it happen.

On the wakkawikki subject, from what I recall, LL was using an unpatched version with a known vulnerability, so if we're going to demonize anything or anyone over that, it surely isn't wakkawikki or open-source.