object in freebie box stole my money

Dave Herbst offered the dance machine full perms out a sense of kindness that was perfectly within the old SL (prior to 6/6/06). Unfortunately, a lot of people who gave out freebies have had their kindness bite them on the butt.

I'd really, really like newbies to get a better run-down on the drop down menus and their various meanings. But that wouldn't be in keeping with the new, hands-off LL.

ETA: It's really the mark of a classy person to sneer at someone's intellect /and/ bank balance when they're seeking help. Truly.

Someone came up to me in a sandbox a few months ago and casually asked if I knew if there were any scripts for taking peoples' money. I said I had no idea and he said he'd written one and wanted to give me a small number of Lindens so he could test it out.
I said 'no' and checked his profile and he was a relative newbie and so I thought he was just trying it on but maybe not.

Profile ages don't mean anything, people make alts all the time.

hey jax maybe someday you will have enough lindens to actually cash out for your first time.

Of course not *all* scripts that ask debit permissions are malevolent. If someone overpays or underpays one of my vendors, it gives them their money back. To do so, it must take that money back from me. If someone makes a donation through the Second Pride kiosk at my store, it transfers that money to a festival official. To do so, it must take the money back out of my account.

Most people NEVER need to give debit permisions.
About the only time someone needs to give them is when putting out a vendor or similar machine that needs to pay other people.

I think there should be an option in edit - preferences where you enable/disable being able to grant debit permisions and they should be disabled by default.

If disabled, that popup box that asks you to grant them should automatically fail.


The problem with the current system is no matter how obvious you make it on the popup box, its easy to sneak in a debit permisions request where they are expecting a different request so they awnser yes to the debit permision by mistake.
Making the box bright red instead of blue would help providing this was the only red box, but having something in preferences to eliminate debit requests completely is a much safer system.

Yes, those were exactly my doubts for using the famous Hiro holovendor. I know by now this vendor is safe, but how do you know before you try it?

This posting reminds us:

Scripters should never give out full-perm scripts. If you want to open-source something, cut-and-paste to a notecard. Otherwise you're handing out an infinite supply of free griefing tools with your name on them. (Yes, the *Lindens* know better; it's not like an AR against you will hold, but many residents think Creator of a now no-mod script must have written it, and an irate resident is... well, you've seen this forum!)

All residents should keep as close to a L$0 balance as possible. Because of the outrageously high fee for moving L$s to RL currency, this probably means finding an in-world "bank" that seems reasonably reputable to hold your L$s. If you've ever given an object debit permission without reading its source code, you're forever vulnerable any time it's rezzed in-world.

Corollary: Nobody should *ever* rez a third-party vendor without seeing its source code. (Nor, heaven forfend, a gambling device!) There are many open-source, low-lag vendors to choose from, some in the scripting library, some networked, some with plenty of bells and whistles. Suppliers of commercial vendors are effectively "selling freebies," so it seems a small step to start embezzling your L$s.

How can I see the source code if the scripter has followed your first advice??

And how do I see the source code before rezzing the object?

If keeping a low balance is the way some people feel safer, then personally I would prefer sending my Lindens to a relatively unused 'alt' account that I had.

Banks are unregulated and there is few protections.
I had episode one time I used one and while it worked out it left me feeling paranoid and I removed what was left and will never use it again.
Sorry it happen to OP, there are devices out there that do that. I had one myself and deleted it promptly. Even shopping you can accidentally click buy if you're not careful, its not like they list the price on item without clicking buy

Beware!

Your script has the ability to take your money forever after you give it permission once.

It could have a timer in it that repeatedly retries a money transfer in case you receive some more money.

You have no way of revoking that permission.

You must delete and then purge that script.

I NEVER like people that find it amusing when someone has been the scammed. Scammers don't announce what they are doing, they prey on peoples lapse of concentration and awareness, even a 'seasoned' veteran can be scammed. Whats more, I have to ask anyone who 'wouldn't fall for a scam' if they EVER read the full terms and conditions for anything they downloaded and or installed on their PC? That's why we have firewalls, virus checkers and adware removal tools.. scammers evolve to make gain, they are like vultures just waiting for that momentary loss of concentration to strike.

Sorry Abby you fell foul of these worthless parasites on humanity.. IM me ingame and we will look after you.

I don't like it that people get scammed either. That's not what SL is about at all, it's supposed to be a fun and relaxing place. Sorry you've lost your money Abby, I've sent you a little something to cheer you up.

Read the second sentence of his message.

"If you want to open-source something, cut-and-paste to a notecard."

Therefore if somebody wants to use his code, they have to create their own script (ie. *they* will be the creator, not the original code writer), paste the code and compile it.

Rez the object in edit mode or on no script land. If a scripted object is malicious, I somehow doubt the script will be viewable though.

Beware!

Your script has the ability to take your money forever after you give it permission once.

It could have a timer in it that repeatedly retries a money transfer in case you receive some more money.

You have no way of revoking that permission.

You must delete and then purge that script.[/QUOTE]

CORRECT!

Any time you rez the object it could take your money. It can't do it from your inventory, but you might as well delete it. And you might as well empty the trash to avoid rezzing it again by accident.

Object, your advice is sound but impractical for many. It means that it isn't possible for anyone to produce a product that takes money unless that product is essentially assembled by the user.

If you buy a vendor or other funds-taking script from a maker with a reputation, and you watch your transaction history carefully, you minimize your risks.

I was thinking green myself for the color. Day-glo green. But red would work too... although I'd like to see the Linden in world announcements in red. Blue for estate level, because well, something has to stay the original color.

Well, I was really questioning the reputation of any vendor-maker, given the availability of good open-source vendor scripts in the scripting library and elsewhere. But you have a point: for newbies who want to sell stuff through vendors, there's always a risk they'd not configure everything securely when creating their own from the open source scripts, and end up burning themselves anyway.

That's certainly true, and florenze Kerensky's suggestion of parking L$s in an unused alt account seems like the prudent, conservative approach. I've never been entirely comfortable with L$s in the "bank" either, but I'm just greedy enough to bear the risk in exchange for the interest.

i totally agree. its easier and safer for me to just trust the hippovend guy. hes been around for yonks and he can no doubt build a more secure vendor than i can using public scripts and a noobish grasp on coding.

and you realise a lot of people use 'commercial' vendors and most of them arent 'newbies' yeah?

And note that there are many kinds of scripts that take money that aren't vendors. Tipjars, for example.

People do on occassion have alot of cash that can be ripped off, so in truth she does us a favor. But it is very scary - because when this happens and you have some real money LL will NOT intervene
Laugh all you want but if it happens to you you will be SOL


Thanks Abby!