Be nice to LibSL, or... ?

I don't recall LL making any claims to being secure.

Though I can't defend LibSLer's choice to make this readily available, I'm not sure it is worth worrying about who brought such an animal out first - we knew it was coming, it was inevitable. I do belive someone pointed out Flash as an analogue when GLIntercept came out, and that the problem inherit there were inherit to the 'net as a whole.

LL has also made it clear many times in the past that they don't want to run the "world" in SL. I think thier stance here is consistent with prior statements - and we probably can not reasonably expect them to protect us from copy thiefs and infringers any more than we can have that expectation of a web host.

There is really nothing LL could do to stop this. Folks keep coming up with suggestions - most of which won't work or come with consequences they haven't factored in (i.e. encryption slowing an already painfuly slow rezing up of stuff).

Not that there aren't things LL could be doing to help. The "tags" offered back during the GLINtercept stuff would be a great help. Some extra steps for the rezzing of new prims, a protocol to ensure UUID based duplication isn't going on (would only work for some things, mind you. Like inserting scripts into prims.)

However, in the end it's going to be up to us individually to
protect our creations. This is what the DMCA suggestions are about. LL's responsibility to its customes there is providing tools to track and confirm infringement and theft to specific avs.

Which brings us 'round to the whole lack of idenity verification thing, which should probably be left for another thread.

The grid was taken down quite recently in order to "patch permission exploit to protect our content creators we care dearly about". The saving features in the client were disabled for weeks because they could be exploited to break the very same permission system.

If SL is inherently insecure, why create impression it's any different with permission checks that do little, and the whole silly game about how LL is trying to preserve their false functionality?

It isn't a silly game. It's an arms race with the exploiters. And I expect LL to be up to this arms race, not to shrug and admit "we can't do anything". Every other developer does exactly the same. Look at Microsoft, for example - they're constantly working on newly discovered security holes and backdoors. That's what a developer has to be prepared to do when creating a platform like SL. LL seems to just give up and pass the ball to the residents - we will implement functions to aid you in searching for stolen content, but you have to do it yourself, we can't keep anyone from stealing. That's not enough.

I guess I don't interpret it the same way. To me it's a simpe matter of "the software isn't functioning as it should, allowing folks to operate on data in ways the program was not intended to." Wich is a far cry from claims of security. Everything else is advertizing-speak and I filter that out. (Claims of personal caring from any company large or small is advertizing speak.)

This is an ugly dissillusionment for many (most?) but, we've been operating under a false assumption and all that's really changed is the assumption has been proven wrong.

Not to excuse bad behavior, but we're kind of lucky it happened this way. We can spend time deciding how we want to deal with it, rather than suddenly finding this nest of roaches copying away and selling after having made these discoveries about L's protocols out of sight of LL.

Who is going to run the world, I wonder? Someone has to run it, otherwise we will have anarchy. The current 2D web may look like an anarchistic place, but every valuable content is very well protected. I can't break into an online store to steal their wares. I can just copy their display images, something I could do in RL just as well by taking a photo of a window display. LL can't compare a closed and monitored platform with the internet, and reduce our wares to copyable content like a JPEG or GIF file, which doesn't have any value as a sales article. If they don't want to administrate it, they shouldn't have built it.

I belive the intent is: We run it.

We have an extra problem the WWW doesn't have, our products are, by nature, prone to being stolen in this manner. LL's suggestion to hunt theives and infringers down using te DMCA and other legal avenues may well be the only method available to us.

Plus, the costs of administrating a world of this size is prohibitive. And we know no one would want to pay the extra for hiring all the folks nessesary to do the administration.

Not really. Every online game has to deal with third party tools and exploits. The difference is, the publishers of other games/platforms try to do their best to prevent the same incident from happening again. And above all, they make it crystal clear that they won't tolerate it.

As an RL shop owner I wouldn't be disillusioned if someone breaks in and steals my wares at night. Everyone knows this can happen. But I a) trust the law to be enough of a threat to prevent people from doing so and b) if someone comes along and smashes my shop window just to point out the lack of security, I'm going to sue that person. I won't pat him on the shoulder and say "good work, thanks for reminding me how insecure my world is".

I guess we are indeed interpreting it differently. Being able to lock permissions to transfer or copy in-world item implies at least suggestion such item won't be able to be copied or transferred, which in turn implies security of such items not being distributed around en masse by people i'd rather not to.

When it turns out that under the hood there's no actual server side checks of these permissions, then it basically makes me think "WTF were they thinking and what was the point of this sham" ... of course the actual point is quite obvious, if it was widely known from get-go that there's next to no protection of one's IP, then number of people interested in creating content for this "platform" would be likely quite smaller.


Population-wide assumptions aren't born just from thin air. If there was wide assumption of security, then i think it was at least in part due to LL pretending that was the case, or at least conveniently for themselves not dispelling these assumptions. In other words yes, i think there was to at least some degree pretence of security on LL part.


Ehh? We have the copying tool being freely and not so freely distributed in world and outside of it, for anyone to use if they wish it so. That's different from 'finding nest of roaches copying away' how, exactly? They *are* out there and copying. And the whole response you get is "oi, file DMCA please if you spot one"

Well, SOE manages it, Blizzard too and NCSoft as well. They have a staff of GMs online at all times to deal with every case of harrassment or exploiting. They just receive $15 from every player, without "selling" islands for $200 a month. They also don't have millions of funding. I know that Sony is behind SOE, but their game department has to create revenue on its own or it will be shut down.

I think the analogy fails in that the LibSL folks have not stolen anthing. They're more akin to the security company demonstrating to you that you can be broken into wit the hopes of improving your store's security...

...and the analogy continues nicely in that they were irresponsible and let every thief and rogue in the neighborhood know about how they got in, and provided the lock-picks too.

The law is in place. CopyBot probably violates the DMCA in that it's a tool that specifically defeats a copy protection scheme (LL's permssions). It's up to us now to make sure that is taken seriously, by filing the take-down notices and ARs, and by demonizing anyone using CopyBot or is technology to make illegal or infringing copies.

They operate in a far smaller, far more controlled environment. They do charge more, too (no one in those games not paying a fee.)

The use of such tools is not the only thing that violates that portion of the DMCA - the development of the tools in the first place that allow circumvention of copy protection is itself a violation.

Poppycock. This group published the code, and then went around bragging about it and showing it off.

And some of the are on the blog now, rubbing everyone's noses with it.

And for some reason, Cory apparently works for THEM.

coco

Oh, we knew about it before Robin's blog. Thanks to Libsl showing it off.

coco

I know I'm behind on reading this thread, and possibly saying what others already had.

What Linden Lab is to blame for is coddling a bunch of hackers, allowing them exemption from the TOS FORBIDDING REVERSE ENGINEERING, and then having the unmitigated gall to stand there and say they support LibSL and LibSL "is very important to Second Life and the community."

They are to blame for not saying Copybot or any variation of it is ITSELF forbidden, and anyone caught using it for any reason will be banned on the spot.

coco

True.

But CopyBot is like a Sharpie marker in my mind. It has its legit purposes, and isn't in and of itself a tool for circumventing copy protection... but that Sharpie does quite a job elimination copy protection from certain CDs.

Since we can not stuff this genie back into the bottle, I'm thinking we aught put our efforts into dealing with the abusers of CopyBot rather than worry about punishing its creators for being a bunch of irresponsible twits.

Rubbish. LL and many residents already knew that SL wasn't that secure. It didn't need to be demonstrated or made available, particularly because as a proprietry platform, the minimal security it does have wasn't and couldn't easily be compromised by the majority of its users.

This however doesn't excuse LL for not doing what they can to secure its platform and protect its residents as many other proprietry online service providers do. Saying nothing can be made 100% secure is no excuse it's just a truism. It can be made secure enough for its purpose but LL would prefer not to and endorse the attempts of a favoured few to actual reduce what security it does have.

What the libSL team did was create a tool designed to explicitly circumvent copyright. They discovered nothing new and trying to call it something other than what it is does not make it so.

I don't care if the libSL team have done anything else of use - I did in the past - but leading members of the team were involved in creating & showing off this wretched hack and in my eyes have proved themselves to be irresponsible & negated any rights they may have had to claim to be doing good for SL.

What he^ said.

Conjecture and multiplying of entities.

erroneous analogy.

See, that's a much nicer way of saying you disagree than "Rubbish!".

Screw LibSL, I hope someone hacks the bejesus out of them. I wouldnt be surprised if someone posts a bounty for it.

Perfectly stated.

libsl stole my milk money when I wasn't nice to them.

MM