Agreed, I think most users treat the viewers on that directory as having been approved for use by Linden Lab. Sort of a 'good housekeeping seal of approval' for the SL grid, if you will.
On Aug 22, 2010, at 7:58 AM, Gareth Nelson wrote: > Being listed in the directory is a sign that viewer devs have > self-certified compliance, but it's also an unconcious sign to users > that the viewer is legit, even if not intended. > > On Sun, Aug 22, 2010 at 3:56 PM, JB Hancroft <jbhancr...@gmail.com> wrote: >> Hi Ann, >> >> You suggested: "What I think LL should consider is something in the TPV >> policy that prohibits any tpv from connecting to any non LL server for any >> reason when a LL grid is selected for login." >> >> I'd change that to require that any TPV disclose the specifics of any and >> all non-LL servers that they are connecting to, and the details of why they >> are doing so. Otherwise, some of the possible value-added functionality >> gets crippled. >> >> The real issue here is the TPVP is just legal CYA for LL, it's not something >> they actually monitor or enforce. >> There is no assurance being provided by LL or by the TPV developer, that >> they have any sense of reasonable security, including processes that limit >> rogue devs from pulling the kind of stunts that the Emerald team seem to >> favor. >> >> If the TPVP really matters, we'll see Emerald shut down from the TPVP >> program, because of this accumulated nonsense. >> If not, then it confirms that it's all just a paper chase. >> >> Regards, >> - JB >> >> On Sun, Aug 22, 2010 at 8:22 AM, Ann Otoole <missannoto...@yahoo.com> wrote: >>> >>> I hate replying to a policy thread here but will make this one time >>> exception for my humble input for LL's consideration: >>> >>> What I think LL should consider is something in the TPV policy that >>> prohibits any tpv from connecting to any non LL server for any reason when a >>> LL grid is selected for login. This simple policy, if correctly followed, >>> would have prevented the incident. It would also eliminate a tpv team from >>> monitoring logins and usage but then where exactly did they get to do that >>> in the first place? It is a missed policy bullet. There is no reason a >>> client should connect to anything except an LL server when an LL grid is >>> selected. LL needs to be totally security conscious about the login process >>> and what rigid requirements must be met for connecting to the LL grids. >>> >>> I.e.; I watch my port activity. Everyone should. But not everyone would >>> know what they are looking at. But had they been watching I bet they would >>> have been wanting to know what all those connections to that host were all >>> about right away. Had I been using Emerald and saw thirty something >>> connections to iheartanime dot com appear I would have been raising hell >>> immediately. What you connect to on the internet can be and is monitored >>> sometimes and being open to forced connections to something really bad would >>> be extremely unfortunate for many that have tom be squeaky clean. >>> >>> I use Kirstens and I don't even care much for it's connection for motd. >>> However it does tell me when the latest release is available and that is >>> very useful information. Maybe there is a way for LL to provide motd bullets >>> for tpvs so they can get the word out about updates or something. >>> >>> There has to be a better way. >>> >>> Regards >>> >>> Ann Otoole InSL >>> >>> ________________________________ >>> From: Brian McGroarty <s...@lindenlab.com> >>> To: Thomas Grimshaw <t...@streamsense.net> >>> Cc: opensource-dev@lists.secondlife.com >>> Sent: Sat, August 21, 2010 10:33:52 AM >>> Subject: Re: [opensource-dev] Malicious payloads in third-party viewers: >>> is the policy worth anything? >>> >>> On Sat, Aug 21, 2010 at 7:04 AM, Thomas Grimshaw <t...@streamsense.net> >>> wrote: >>>> Loading 1mb of content per user is hardly a denial of service attack. >>>> Crosslinking occurs everywhere on the web, this is simply nothing but >>>> paranoid bull. >>> >>> "Crosslinking" drops the context of hiding gibberish requests to a >>> critic's website in a hidden frame that will never be revealed to the >>> user. This isn't a mere hyperlink to another page or naively stealing >>> someone else's image hosting. >>> >>> My read (but I'm no lawyer) is that this looks like 2.d.iii of >>> http://secondlife.com/corporate/tpv.php and we're already having that >>> discussion. If anyone can come up with specific reasons why this might >>> have had legitimate reason to be there, or how this one could be yet >>> another oversight or mistake, that would be helpful. I sure haven't >>> heard any to date. >>> >>> -- >>> Brian McGroarty | Linden Lab >>> Sent from my Newton MP2100 via acoustic coupler >>> _______________________________________________ >>> Policies and (un)subscribe information available here: >>> http://wiki.secondlife.com/wiki/OpenSource-Dev >>> Please read the policies before posting to keep unmoderated posting >>> privileges >>> >>> >>> _______________________________________________ >>> Policies and (un)subscribe information available here: >>> http://wiki.secondlife.com/wiki/OpenSource-Dev >>> Please read the policies before posting to keep unmoderated posting >>> privileges >> >> >> _______________________________________________ >> Policies and (un)subscribe information available here: >> http://wiki.secondlife.com/wiki/OpenSource-Dev >> Please read the policies before posting to keep unmoderated posting >> privileges >> > > > > -- > “Lanie, I’m going to print more printers. Lots more printers. One for > everyone. That’s worth going to jail for. That’s worth anything.” - > Printcrime by Cory Doctrow > > Please avoid sending me Word or PowerPoint attachments. > See http://www.gnu.org/philosophy/no-word-attachments.html > _______________________________________________ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting privileges _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
