28.2.2010 10:34, Marine Kelley kirjoitti: > I'd like to remind people of my proposed solution, back when LL asked > everyone about how to set their third party viewer policy, a few > months ago. I had proposed to make it so that only viewers built on a > LL-owned dedicated machine would be accepted. Such binaries would be > the result of the build of committed sources, with the addition of a > small code (unknown to the devs of the viewer) that would transfer a > hash to the grid upon connecting (and possibly regularly afterward > while online). The binaries would be hosted on LL's website, along > with the sources, and everyone would have been able to consult the > sources while being sure there would not be any difference between > these sources and the resulting binaries (with the exception of the > code I mentioned). Granted, this is an expensive solution, and > potentially difficult while testing (there has to be some temporary > code for that purpose, for instance a code that allows only 4 or 5 > viewers using it at the same time), but the only solution that > formally guarantees that Build = Source, and that the source can be > reviewed, instead of testing every viewer, which takes much longer. > This approach wouldn't work - and LL's third party viewer policy is not going to work either. There is nothing to stop skillful coder to decode this "secret hashing component", skillful hacker to write proxy that will do it's ebil things between client and server or skillful user to install one certain program that allows to access OpenGL information and gather necessary information.
Moving security/DRM to client side - is not going to work. Big companies like EA have tried this approach through rootkits and such - result: total absolute failure and huge loss of PR (just google "DRM spore"). Microsoft tried to support different DRM schemas with their multimedia player - result: player that is very slow to start, media format that requires internet access, works on single computer and complex encryption/verification/obfuscation schemas. Intel and media companies introduced HDCP - result: honest customers required to upgrade their working hardware and pirates who are still releasing movies to net before their official release day without annoying "you wouldn't steal car ads" and unskippable ads (http://www.makeuseof.com/tech-fun/wp-content/uploads/2010/02/pirateddvd1.png). Next year, 28 February 2011 - assuming world doesn't end and everything is following my grand plan, 1) Nyx Linden still doesn't have bear, 2) you still need to fake bake specular lighting for latex clothes, 3) content creators are going to whine how their content was copybotted and "LL doesn't do enough to stop copybotters" and 4) there are fewer SL compatible open source viewer developers and more non-SL compatible viewer developers IMHO: Instead of wasting valuable bytes to lawyers (don't feed lawyers they are just getting bigger and more hungry) and trying to move security/DRM to client's responsibility LL should do following: 1) Organize "build Nyx's bear competition", 2) add support for clothing materials and custom avatar meshes that finally allow proper latex clothing, 3) create paranoid a server that is not hopelessly fallen love with the client and verifies client's requests and actions, 4) streamline process for posting copyright notices (it should be two click process), 5) allow content creators to post additional proof that they are creators of content (to avoid constant copyright griefing attacks), - higher resolution textures - non-watermarked textures - high polycount models - etc. 6) improve assets server so that it allows better track who uploaded/created asset, when and who are using it so that all copybotted material are instantly deleted from the server and avatars who are distributing it are banned, 7) change from passive - waiting for copyright notice - mode - to active mode, where you are actively seeking copyright violations through automatic processes and perhaps allowing other users to tip possible copyright violations, 8) make process more transparent - allow creators see inside process, give them feedback 9) make process more visible - publish reports how many you have banned, write random blogs about topic and offer rewards from copyright tips Ultimately you could someday render scene in server - and thus avoid situation where you need to transfer assets of textures and objects to client, but I guess there no users currently who are ready to pay from high cost hardware, software and bandwidth that would be needed for server side rendering. I think that third party viewer policy is great ethical guide for second life compatible viewer developers and directory gives good listing to respectable viewers and correct download addresses. But otherwise it is completely waste of time and money, going to drive some developers away from second life, gives users and builders false feeling of security, and good toilet paper, if printed to soft recyclable paper. _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
