Be nice to LibSL, or... ?

Libsl had nothing to do with the copybot. anyone who says otherwise is an uneducated moron whos been listening to all the hype and crying.
LibSL created a utility to export your objects to your harddrive (thanks to recent LL inventory problesm) and alowed them to other similar functions.

someone ELSE got ahold of this program, and modified it. THIS is what was used to clone primatives and textures, and this is what the creator started selling in game.

LibSL has been hard at work trying to find a way to solve this problem the whole time that all of you have been forming your lynch mobs, and throwing arround the accusations. if it wasnt for LibSL, this whole problem could have been compounded a dozen times, as someone else would have come around and decided to play with the open code of SL, and would have eventually used this exploit in a much more malicious fashion.

the whole purpose of LibSL was to discover this sort of flaw in the game program, and to find ways of fixing it. just because a relativly harmless program was able to be altered in such a fashion dosent mean it was intended to.


now three are massive lynch mobs roaming around the maps creating more panic and spreading the bull thats sprung up around this whole situation, and this sort of thing is doing nothing to fix it. instead of laying the blame around on people you dont know, and cant prove, you should be trying to find out all you can, and seeing what can be done to help, not hinder.

That's just rude, 2k, and the last resort of someone who has nothing to say.

Mordred, the source for the copybot is still in libsecondlife code repository... exactly the same thing that's being sold around, minus the 'help' message explaining the command syntax.

the copybot i saw being handed out was a much more simplified version, that required little real technicaly know how. the source code off LibSl requires you to actually understand somewhat what your trying to do. i'd say thats a bit more then a helpfile addition.
i'll admit im no programer myself, but some of my partners are, and they have been looking into this since the trouble started. perhaps ive misinterpreted them..

although it wasnt untill the recent public sales of the simplified bot that this whole panic started, depsite this being available for a week or two now.. where were the complaints a few days ago when this was being used for its original intent?

but how can anybody reason with a guy who said this?:





I think you're a resonable guy normally. But on this occasion, you seem a little too defensive. Maybe it's personal? Perhaps your mom helped code libsl?


But anyway, please don't take me too seriously

So, I'm an uneducated moron, thanks for letting me know. But I'm not stupid. LibSL developed a tool called CopyBot. The CopyBot that was sold later may have been altered, but the original tool was already able to "back up" content, no matter what permissions the duplicated content has. It already violated the IP rights of content creators by copying linksets without copy permission. Instead of simply pointing out the security hole to LL, it was posted for download on the LibSL website. And it's still in the repository of this website, accessible for everyone. Any try to bend these facts or play them down are a blatant lie.

Kind of changing the subject a bit here- The whole talk about backing up inventory.

Wouldnt the ability to back up inventory cause all of us to *have* to sell our products as No Transfer. If not, one could back up his no copy/transfer inventory, transfer it, then import it again.

Most of us didn't know about it at that time. Not everyone is monitoring the LibSL website. But I wonder too, where were LL's complaints and preemptive measures days ago?

No, the executable you will get out of compiling that particular piece of code from libsl is very similar and does require little knowledge to operate (compiling it is another matter)

There's probably some other libsl application that you may be thinking of, with similar functions and more complicated, but the copybot itself was quite certainly created as one of libsl projects, so pointing out at libsl as the source doesn't make one uneducated moron, am afraid ^^;;

Of course. That's why no one wants a backup solution put together by hobbyists. If backups have to be possible, then please let the LL staff implement it and no one else. A solution that writes one large encrypted inventory file and checks the ownership rights on upload, to prevent restoring the content on a different account.

i was actually refering to the simplified version, wich everyone is still blaming LibSL for.

i'll also point out though, nobody even knew about the LibSL site untill they admited to SL what had happened, and everyone and theyre dog started howling for someone's blood.
i may be wrong, but i belive it was a linden who originally posted the LibSl website, and might have aided in the panic a little.

Really?

Here are some statements made by Baba about this yesterday:


The difference of 1 line of code that would be removed in a split second and then resold on SLExchange... The point is CopyBot is almost exactly that.

I suggest you find another way to protect your IP rather than relying on the security of the system... ...It also highlights the total lack of IP security inherent in a system like Second Life

CopyBot is primarily a debugging tool

...And copying goes on... and the record companies still make more money this year than last year, only they spend it on DRM that doesn't work.


I saw him say elsewhere that "CopyBot" was a poor choice of name for it. You still want to claim they had nothing to do with CopyBot and refer to those who have seen Baba himself call it that "uneducated morons"? Oh the irony.

once again, someone who didnt read the whole post... yet you jump to the offensive quickly enough..

i havent seen any posts where baba admitted to selling the simplified version in game or on SLX, so im afraid my comment stands. if your unable to tell the diffrence, that speaks volumes in itself.

I read your entire post. Read your own first paragraph. I'm not even going to quote the self-righteous tripe. You opened your post claiming they had nothing to do with copybot. So what if you went on to say someone else changed it a bit and put it on SLex? Duh, we know that, thanks Doctor Obvious. So yes, your comment DOES stand - you said they had nothing to do with it, which is dead wrong.

Fact is, they were showing it off, made it available to the general public, and it took but a one line change for it to end up in the form it did on SLex. Adam has been quoted on The SL Herald that the lib developers have an ethical duty to think ahead in these situations.

"Copybot has huge ethical liabilities attached to it - and as a consequence, I personally believe it should never have been released into the publically accessible code branch."

"LibSL on it's own is not necessarily evil - there is a great deal of good that can be done with it," said Adam. "But like all things, any powerful tool can also be used for great harm; and I think a few of the developers need to learn a bit of common sense about what people are really going to do with things."

And uh, you're one to talk about jumping on the offensive with comments like "uneducated moron".

Check yourself first oh high and mighty one.

I want to see you copy a pair of my prim shoes "by eye", rofl. There is a reason those things are "no mod", Tardis. They are made of dozens of little tiny prims that are nearly impossible to simply look at and replicate. If they were my Shiny Things would be available all over the grid at a fraction of the price.

Mordred, your defense of them is noble, but the facts speak for themselves by their own admission. They knew exactly what this would do and they posted it on a public website where anyone could get it.


Can you get any more self serving than that? They're also using the classic defense that "security through obscurity isn't security." It is when it's all you have. By creating this tool, bragging about it, and putting the code for anyone to download on a public website, who's to blame for this? Unicorns?

Perhaps Linden Lab is to blame, for trying to tell us for years that SL is a secure platform, when a few amateurs have, in less than a year, poked enough holes in that "secure" platform to show what's really underneath: a wheezing, dying hamster, trying to make that wheel spin as fast as he can.

I'll be by later to smash your car windows and steal your stereo. That will of course be the car maker's fault for not making unbreakable glass because you assumed they were, right? I'm just doing a public service for the good of the car maker.

Yes, LL is to blame.

But then so are people who decided to let it out in the open, because if they sat quiet someone else would do it first and got all the attention.

There's zero redeeming qualities about what was done, really. After all if there's no way to fix it, revealing it won't get it fixed.

The glass wasn't advertised as unbreakable.
The car wasn't advertised as a secure place to listen to the radio.


However, the stereo DOES say "theft guard", and won't work in any other vehicle if it's removed from my car. So good luck with that.

SecondLife, on the other hand, is being billed as a place to do business. It's being advertised all over the place as a way to make money... yet Linden Lab is never disclosing the fact that their platform is inherintly insecure, and that most of the security is client side.

If this were a real estate transaction, I could have sued them for non-disclosure, and I'm pretty sure I would have won.

/applaud

Leaving it uncovered is a sure way to not get it fixed... with the added bonus of this coming up in what, a year from now, when 2 million people are using SL? What would the fallout be like then? What would happen if several major corporations had invested heavily in SL and were suddenly ripped off wholesale by copy bots?

Then LL would have moved their asses and protected from it a lot faster than a 'we're working on it'.

Probably so.

I'm just saying: don't shoot the messenger.

We are being repeatedly told by the very same people who uncovered it, and these who are defending them, that it *cannot* be fixed. Stuff coming down to client to be shown, every encoding can be decoded yadda yadda yadda. So reveraling this issue now isn't any different than revealing it later. OK, there's less people who get affected and maybe LL keels over sooner when these "major corporations" learn in advance this "platform" isn't place worth investment in in the first place. That makes it better *how*, for anyone involved?