Re: [opensource-dev] Draw Distance

[Serra Anansi]

I like the command line in emerald, you just type in "dd 512" and it's done.

((I really like all the command lines in emerald.  Took me a bit to get used
to them, but after I did I am really missing them now that I came back to V2
to give it another go while you all are working on it.))



On Sun, Aug 22, 2010 at 2:01 AM, leliel  wrote:

>
>
> On Sat, Aug 21, 2010 at 9:36 PM, Miro Collas wrote:
>
> > How about bbeing able to just type it in?  Why a slider, or mouse wheel,
> > which is inaccurate? How about being able to type it in chat?
>
> Instead of a one off thing just for the draw distance, I'd rather we had a
> general command input system similar to the console on id's games. So since
> we use /# for the channel and /me for emotes how about /set for setting
> debug variables with the following syntax.
>
> /set debugvar value
>
> Where value is one of bool, integer, float, or a vector using the lsl style
> of <0.0, 0.0, 0.0>. With tab line completion of course.
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Draw Distance

[Miro Collas]

That's what I referring to, the command line commands. VERY handy! And 
dd is one I use a great deal.

On 08/22/2010 03:01 AM, Serra Anansi wrote:
> I like the command line in emerald, you just type in "dd 512" and it's done.
>
> ((I really like all the command lines in emerald.  Took me a bit to get
> used to them, but after I did I am really missing them now that I came
> back to V2 to give it another go while you all are working on it.))
>
>
>
> On Sun, Aug 22, 2010 at 2:01 AM, leliel  > wrote:
>
>
>
> On Sat, Aug 21, 2010 at 9:36 PM, Miro Collas  > wrote:
>
>  > How about bbeing able to just type it in?  Why a slider, or mouse
> wheel,
>  > which is inaccurate? How about being able to type it in chat?
>
> Instead of a one off thing just for the draw distance, I'd rather we
> had a general command input system similar to the console on id's
> games. So since we use /# for the channel and /me for emotes how
> about /set for setting debug variables with the following syntax.
>
> /set debugvar value
>
> Where value is one of bool, integer, float, or a vector using the
> lsl style of <0.0, 0.0, 0.0>. With tab line completion of course.
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
>
>
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Display names, again.

[Lance Corrimal]

Am Saturday 21 August 2010 schrieb Oz Linden (Scott Lawrence):

> This list is really not the place for this discussion - the Display
> Names blog comment area is much better.


/me collapses with laughter

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] VWR-20879 - Fix packaging/staging for VC Express

[Robin Cornelius]

>
>> It is currently synced with viewer-development and i can resync as
>> necessary depending on its position in the queue.
>
> Can we get confirmation from users other than Robin that using his
> change enables them to build using one of the tools it adds (preferably
> users who do not have VS 2005 installed)?
>

Oz, the changes actually add express support for 2005 not specificly
support for 2008, the VC90 lines were there previously, all this patch
introduces is the express path if the full version of visual studio is
not found. VS 2008 will still have problems there are a whole bunch of
other small fixes needs for that that are all pretty well understood
but need finishing under a different task.

The real test here is does express now work as expected, and for me
that was yes, and does Standard/Pro/Enterprise VC2005 still work as it
did previously and my independent tester said it did.

Robin
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] (no subject)

[Robin Cornelius]

On Sun, Aug 22, 2010 at 5:26 AM,   wrote:
> Hey!  Um, i've been meaning to ask...  Why don't i ever get the login
> screen pics with Snowglobe?  i just installed the latest release (1.5.0
> 3625) from the website and still all i ever get are little arrow icons in
> the middle of a black screen.  It's not all that important, i know, but
> i've been missing them...  Is something broken, or is it me?

The login pictures are controlled by the login channel and grid that
is passed when requesting the background page. Snowglobe passes its
own login channel different to the main viewer which results in no
pictures. But the choice to send pictures or not, is server dependent.

Robin
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Aidan Thornton]

On 8/22/10, Phox  wrote:
> The website in question suffered no ill effects, and to imply that
> loading a .php and a few images is an attempt at DDOS is just
> ridiculous, our login page consists of a .php script a hi-res picture,
> and our website doesn't go down as a result.

Your website did go down because of the load, though - a whole bunch
of times in fact! There's even still an entry in the Emerald FAQ about
it[1]: "Due to a problem with our webhost 500 errors are increasingly
common with new traffic. Please wait a few seconds and try to reload
the page, it may take a few tries before you get through." The only
reason it doesn't anymore is because you moved to a bunch of really
chunky and expensive dedicated servers.
http://blog.modularsystems.sl/2010/07/19/emerald-user-statistics/ says
that you're using two of
http://www.hetzner.de/en/hosting/produkte_rootserver/eq4/ - each of
which is about as powerful as some of the older Class 5 Linden Labs
servers that host 4 regions each - plus a third unspecified dedicated
server. Hazim was using cheap shared hosting.

What's more, the guy from the Emerald project who did this knows just
how much load the Emerald login screen puts on Emerald's servers,
because he apparently pays for and runs them!

On 8/22/10, Katharine Berry  wrote:
> No it doesn't. If it was a PHP script then I could've made much of the code
> much simpler when I made the thing.
>
> It was very deliberately not a PHP script, for reasons of load.

Yep, looking at the headers it's definitely static HTML. We've got an
Accept-Ranges header, a Content-Length header (both of which you can
get from PHP scripts but wouldn't normally), and most importantly an
ETag in the same format lighttpd uses for static content. Also, the
login page wasn't just making one request for a PHP-generated page
from Hazim's website - it was making 20 requests for the same page.

[1] http://www.modularsystems.sl/wiki/wikka.php?wakka=FAQ
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

[opensource-dev] Login Pic

[aklo]

So, is it fixable?  Is there some way to change the Snowglobe login
channel?  Or can the server be configured to respond to the channel
Snowglobe already has?  Or is this just something Snowglobe users should
not care about?  For reals, it's not important, but i miss it, & the pics
are a nice touch.

Thx!!

- AK

On Sun, Aug 22, 2010 at 5:26 AM,   wrote:
> > Hey!  Um, i've been meaning to ask...  Why don't i ever get the login
> > screen pics with Snowglobe?  i just installed the latest release (1.5.0
> > 3625) from the website and still all i ever get are little arrow icons in
> > the middle of a black screen.  It's not all that important, i know, but
> > i've been missing them...  Is something broken, or is it me?

The login pictures are controlled by the login channel and grid that
is passed when requesting the background page. Snowglobe passes its
own login channel different to the main viewer which results in no
pictures. But the choice to send pictures or not, is server dependent.

Robin



___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] SSH authentication

[Robin Cornelius]

On Sun, Aug 22, 2010 at 12:21 AM, Nicky Perian  wrote:
> How do you do this in windows. Can you take your local key from Linux?

Yes, but you need the full key not just the public key.

Puttygen part of the putty ssh suite has the ability to import/export
OpenSSL keys as well as some other formats, and tortoiseHG probably
uses the putty key format if you are using that/want to ssh auth from
windows.

Robin
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party, viewers: is the policy worth anything?

[Michael Daniel]

Since I am a student on summer break until next week, I have way too 
much time on my hands, and I like numbers (famous last words) so I did 
some analysis of modular systems attack on iheartanime.com.

I think the amount of data involved has been understated in many 
discussions I've seen so far, so I'll show my work, but long story 
short:  4.2 terrabytes of data transfer are involved with this attack 
(2.1 tb up and 2.1 tb down).

I used the screen cap from the following URL to find exactly what was 
downloaded every time somebody logged in with the emerald viewer during 
this attack:
http://alphavilleherald.com/images/2010/08/modular-bing.jpg

I used Google Chrome's inspect element feature to find the sizes of the 
files downloaded (right click, inspect element - resources - size).

This is what I came up with:

http://iheartanime.com/griffblog.php?article=omnomnomnomnom 163.20k
 times 20 loads is 3264k
http://iheartanime.com/images/emerald-explore-sounds.png   
50.03k
http://iheartanime.com/images/emerald-windows-disclosure.png55.09kb
http://iheartanime.com/images/emerald-mac-disclosure.png
66.90kb
http://iheartanime.com/images/emerald-linux-disclosure.png
67.32kb
http://iheartanime.com/images/imgsearch-v0.0.2.png
 152.37k
http://iheartanime.com/images/FRIENDLY%20GREETINGS.jpg77.32k
http://iheartanime.com/images/inertia-test.jpg
  113.51k
http://iheartanime.com/images/inertia-login.jpg`
25.78k
http://iheartanime.com/images/inuyertia.jpg
153.68k
http://iheartanime.com/images/neillife.jpg
102.22k
http://iheartanime.com/images/background-v2.png
130.64k
http://iheartanime.com/images/background.png
77.40k

Total size:  4336.26kb, or 4.33626mb per emerald login.

According to the alphaville herald article, "Gazov told the Herald he 
saw 16,541,673 page hits referred by the Emerald login pages over three 
days".  I'm sure he has the server logs to back him up, so lets see what 
happens if we take him at his word (which I would do, as he seems pretty 
honest to me).
link:  
http://alphavilleherald.com/2010/08/emerald-viewer-login-screen-sneak-ddos-attack.html

I count 32 page hits per login, so we divide 16541673 by 32 to get the 
number of emerald logins during the attack.
16541673 hits / 32 page loads = 516927.28125 logins from emerald

Since it's not an even number, Hazim's numbers must be off a bit.  That 
is no surprise, since his server was under such strain.  Lets round it 
up to 516928 logins from emerald during the attack.

510678 logins during the attack * 4.33626mb requested per login = 
2214432.58428mb requested from iheartanime.com

I used an online calculator at the following link to translate that into 
terrabytes:
http://www.matisse.net/bitcalc/

It works out to 2.11184748104095 Terrabytes of bandwidth stolen from 
Hazim in 3 days!

As we all know, this bandwidth was not just stolen from Hazim.  It was 
also stolen from Emerald users, so if we multiply that by two we get a 
grand total of 4.22369496154786 terrabyts stolen in three days.  To make 
this more concrete, that's over 4.2 tb of transfer.  If you'll pardon 
the archaic reference, the library of congress, if compressed, could fit 
into 4.2 tb almost two times.  That's a lot of data.
Citation for LOC measurement:  http://bit.ly/9TRWUX

The crazy part is that modular systems shows absolutely no remorse at 
all for stealing Hazim's bandwidth.  Most hosts give unlimited 
bandwidth, but some do not.  If, for example, his hosting was at 
nextpoint.net, their hosting plans all come with 2000gb of transfer, so 
he would have gone over by 162.53182058594gb.  They charge $4.50 per gb 
for overage, so that would have worked out to $731.39 in damages to 
Hazim, not counting his regular traffic.  Aren't there laws against this 
kind of thing?

Nextpoint.net reference:  
http://www.nexpoint.net/support/policies/billing.cfm

Video of the emerald team talking about how ridiculous it would be to 
apologize to Hazim, among other things: 
http://www.youtube.com/watch?v=rwmVj9u7C3U

Somebody in the video (I'm assuming the person is Arabella Steadham) 
said, "I'm not going to apologize to Hazim, I mean, why would I?," as 
others agree that they could care less about him.  They also said that 
their users take their account names and passwords too seriously.

I don't see how the third party directory can retain any respectability 
at all if they don't remove Emerald.  I'd be happy if each and every 
member of Modular Systems was banned from SL, but I know there are 
politics involved, so that probably won't happen.

Anyway, I'm sorry if I distracted this list from more important things 
going on with snowstorm.  Given the discussion going on in this threa

Re: [opensource-dev] Draw Distance

[leliel]

On Sun, Aug 22, 2010 at 12:09 AM, Miro Collas  wrote:
>
> That's what I referring to, the command line commands. VERY handy! And
> dd is one I use a great deal.

The problem I have with that is that the draw distance is only one of
several debug settings that affect performance. I've been running with
deferred rendering enabled for the past few months and I've had to
enable/disable shadow maps & SSAO all the time, but I hardly ever
touch the draw distance. What's more, using a general method of
changing debug settings through chat would let us create gestures that
changed a whole group of settings all at the same time. So when
entering a laggy sim you could trigger one gesture that did all of
this.

/set RenderFarClip 128
/set RenderVolumeLODFactor 2.0
/set WindLightUseAtmosShaders 0

With a system like this you could change any setting on the fly
without ever having to open the UI which would be great for filming
machinima. Cam into a building and turn on global illumination and
crank up the SSAO settings for deep highlights, cam back out and put
SSAO back to the defaults and turn off GI for a better frame rate.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Draw Distance

[Miro Collas]

That makes sense yes. I wasn't asking for Emerald to be copied, which is 
why my initial response to the issue was vague. But the basic idea is 
nice, I think: a nice, fast and easy way to set parameters without 
having to use clumsy sliders and navigate pages of dialog boxes, all via 
the command line.

On 08/22/2010 05:09 AM, leliel wrote:
> On Sun, Aug 22, 2010 at 12:09 AM, Miro Collas  wrote:
>>
>> That's what I referring to, the command line commands. VERY handy! And
>> dd is one I use a great deal.
>
> The problem I have with that is that the draw distance is only one of
> several debug settings that affect performance. I've been running with
> deferred rendering enabled for the past few months and I've had to
> enable/disable shadow maps&  SSAO all the time, but I hardly ever
> touch the draw distance. What's more, using a general method of
> changing debug settings through chat would let us create gestures that
> changed a whole group of settings all at the same time. So when
> entering a laggy sim you could trigger one gesture that did all of
> this.
>
> /set RenderFarClip 128
> /set RenderVolumeLODFactor 2.0
> /set WindLightUseAtmosShaders 0
>
> With a system like this you could change any setting on the fly
> without ever having to open the UI which would be great for filming
> machinima. Cam into a building and turn on global illumination and
> crank up the SSAO settings for deep highlights, cam back out and put
> SSAO back to the defaults and turn off GI for a better frame rate.
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges
>

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Draw Distance

[Robin Cornelius]

On Sun, Aug 22, 2010 at 10:09 AM, leliel  wrote:
> On Sun, Aug 22, 2010 at 12:09 AM, Miro Collas  wrote:
>>
>> That's what I referring to, the command line commands. VERY handy! And
>> dd is one I use a great deal.

> /set RenderFarClip 128
> /set RenderVolumeLODFactor 2.0
> /set WindLightUseAtmosShaders 0
>
> With a system like this you could change any setting on the fly
> without ever having to open the UI which would be great for filming
> machinima. Cam into a building and turn on global illumination and
> crank up the SSAO settings for deep highlights, cam back out and put
> SSAO back to the defaults and turn off GI for a better frame rate.

Thats a powerful idea, is there a new feature JIRA for this on the LL
pJIRA currenty? if not could I kindly ask you to create one for it and
post the issue number back here.

The problem comes is its not just a case of updating the
gSavedSettings with new values (which would be very easy to do in the
way you have described). Many of the settings need "applying" in some
way to push the correct values to the correct place, many of the debug
settings would just work but some would not and thats where the work
for this feature would start, but i do like where you are comming from
with this.

Robin
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Draw Distance

[Opensource Obscure]

On Sun, 22 Aug 2010 10:36:18 +0100, Robin Cornelius
 wrote:
> On Sun, Aug 22, 2010 at 10:09 AM, leliel 
wrote:
>> On Sun, Aug 22, 2010 at 12:09 AM, Miro Collas 
>> wrote:
>>>
>>> That's what I referring to, the command line commands. VERY handy! And
>>> dd is one I use a great deal.

btw, recent Kirstens releases handily embed the draw distance slider 
into the 2.x menu upper bar.
 
>> /set RenderFarClip 128
>> /set RenderVolumeLODFactor 2.0
>> /set WindLightUseAtmosShaders 0
>>
>> With a system like this you could change any setting on the fly
>> without ever having to open the UI which would be great for filming
>> machinima. Cam into a building and turn on global illumination and
>> crank up the SSAO settings for deep highlights, cam back out and put
>> SSAO back to the defaults and turn off GI for a better frame rate.
> 
> Thats a powerful idea, is there a new feature JIRA for this on the LL
> pJIRA currenty? if not could I kindly ask you to create one for it and
> post the issue number back here.

+1

I like a lot leliel's suggestion about Windlight control
via commandline, especially because I guess that would
evolve into gestures = tradeable assets (correct?)

Opensource Obscure
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Draw Distance

[Martin Spernau]

> I like a lot leliel's suggestion about Windlight control
> via commandline, especially because I guess that would
> evolve into gestures = tradeable assets (correct?)

Assuming that everyone using that gesture has the same windlight prefs  
installed, probably yes. That's also assuming that the currently used  
windlight pref can be se via debug settimngs
-Martin
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Draw Distance

[leliel]

On Sun, Aug 22, 2010 at 2:36 AM, Robin Cornelius
 wrote:
>
> Thats a powerful idea, is there a new feature JIRA for this on the LL
> pJIRA currenty? if not could I kindly ask you to create one for it and
> post the issue number back here.

http://jira.secondlife.com/browse/VWR-20887

> The problem comes is its not just a case of updating the
> gSavedSettings with new values (which would be very easy to do in the
> way you have described). Many of the settings need "applying" in some
> way to push the correct values to the correct place, many of the debug
> settings would just work but some would not and thats where the work
> for this feature would start, but i do like where you are comming from
> with this.

One thing I'd like to happen before this feature is implemented is to
clean up the debug settings name space. There are too many settings
with random, nonsensical names. I suppose we could copy id and put
everything having to do with rendering under r_ and everything for the
UI under ui_ and so on.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Login Pic

[Boroondas Gupte]

 On 08/22/2010 10:09 AM, a...@skyhighway.com wrote:
> So, is it fixable?
Yes, but the proper fix would be server side, so we volunteers can't do
it. (Except we would create our own login page altogether and point the
viewer at that. Dunno how good an idea that would be.)

> Is there some way to change the Snowglobe login
> channel?
Yes, see the |--channel| option on the Viewer parameters
 page. For third
party viewers (shouldn't apply to Snowglobe, just mentioning it for
completeness), please be aware of the Channel and Version Requirements

imposed by the TPV policy .

> Or can the server be configured to respond to the channel
> Snowglobe already has?
I certainly assume so. I don't know how much work that'd be for LL,
though, but I guess it can't be very much.

> Or is this just something Snowglobe users should
> not care about?
These little things are important, especially if they have relatively
easy fixes. Of course this on here doesn't significantly affect
usability, but it does have influence on the overall impression. Even
although Snowstorm might now have priority, this issue should be fixed.
(I thought I'd have seen a JIRA issue about this some time ago, but
can't seem to find it again.)

cheers
Boroondas
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party, viewers: is the policy worth anything?

[Gareth Nelson]

I've reported emerald for violating this clause of the TPV policy:
"You must not launch Denial of Service (“DoS”) attacks, engage in
griefing, or distribute other functionality that Linden Lab considers
harmful or disruptive to Second Life or the Second Life community."

So, hopefully that'll be the end of it, hopefully..

On Sun, Aug 22, 2010 at 9:36 AM, Michael Daniel  wrote:
> Since I am a student on summer break until next week, I have way too
> much time on my hands, and I like numbers (famous last words) so I did
> some analysis of modular systems attack on iheartanime.com.
>
> I think the amount of data involved has been understated in many
> discussions I've seen so far, so I'll show my work, but long story
> short:  4.2 terrabytes of data transfer are involved with this attack
> (2.1 tb up and 2.1 tb down).
>
> I used the screen cap from the following URL to find exactly what was
> downloaded every time somebody logged in with the emerald viewer during
> this attack:
> http://alphavilleherald.com/images/2010/08/modular-bing.jpg
>
> I used Google Chrome's inspect element feature to find the sizes of the
> files downloaded (right click, inspect element - resources - size).
>
> This is what I came up with:
>
> http://iheartanime.com/griffblog.php?article=omnomnomnomnom     163.20k
>  times 20 loads is 3264k
> http://iheartanime.com/images/emerald-explore-sounds.png
> 50.03k
> http://iheartanime.com/images/emerald-windows-disclosure.png        55.09kb
> http://iheartanime.com/images/emerald-mac-disclosure.png
> 66.90kb
> http://iheartanime.com/images/emerald-linux-disclosure.png
>    67.32kb
> http://iheartanime.com/images/imgsearch-v0.0.2.png
>     152.37k
> http://iheartanime.com/images/FRIENDLY%20GREETINGS.jpg        77.32k
> http://iheartanime.com/images/inertia-test.jpg
>              113.51k
> http://iheartanime.com/images/inertia-login.jpg    `
>            25.78k
> http://iheartanime.com/images/inuyertia.jpg
>            153.68k
> http://iheartanime.com/images/neillife.jpg
>                102.22k
> http://iheartanime.com/images/background-v2.png
>    130.64k
> http://iheartanime.com/images/background.png
>        77.40k
>
> Total size:  4336.26kb, or 4.33626mb per emerald login.
>
> According to the alphaville herald article, "Gazov told the Herald he
> saw 16,541,673 page hits referred by the Emerald login pages over three
> days".  I'm sure he has the server logs to back him up, so lets see what
> happens if we take him at his word (which I would do, as he seems pretty
> honest to me).
> link:
> http://alphavilleherald.com/2010/08/emerald-viewer-login-screen-sneak-ddos-attack.html
>
> I count 32 page hits per login, so we divide 16541673 by 32 to get the
> number of emerald logins during the attack.
> 16541673 hits / 32 page loads = 516927.28125 logins from emerald
>
> Since it's not an even number, Hazim's numbers must be off a bit.  That
> is no surprise, since his server was under such strain.  Lets round it
> up to 516928 logins from emerald during the attack.
>
> 510678 logins during the attack * 4.33626mb requested per login =
> 2214432.58428mb requested from iheartanime.com
>
> I used an online calculator at the following link to translate that into
> terrabytes:
> http://www.matisse.net/bitcalc/
>
> It works out to 2.11184748104095 Terrabytes of bandwidth stolen from
> Hazim in 3 days!
>
> As we all know, this bandwidth was not just stolen from Hazim.  It was
> also stolen from Emerald users, so if we multiply that by two we get a
> grand total of 4.22369496154786 terrabyts stolen in three days.  To make
> this more concrete, that's over 4.2 tb of transfer.  If you'll pardon
> the archaic reference, the library of congress, if compressed, could fit
> into 4.2 tb almost two times.  That's a lot of data.
> Citation for LOC measurement:  http://bit.ly/9TRWUX
>
> The crazy part is that modular systems shows absolutely no remorse at
> all for stealing Hazim's bandwidth.  Most hosts give unlimited
> bandwidth, but some do not.  If, for example, his hosting was at
> nextpoint.net, their hosting plans all come with 2000gb of transfer, so
> he would have gone over by 162.53182058594gb.  They charge $4.50 per gb
> for overage, so that would have worked out to $731.39 in damages to
> Hazim, not counting his regular traffic.  Aren't there laws against this
> kind of thing?
>
> Nextpoint.net reference:
> http://www.nexpoint.net/support/policies/billing.cfm
>
> Video of the emerald team talking about how ridiculous it would be to
> apologize to Hazim, among other things:
> http://www.youtube.com/watch?v=rwmVj9u7C3U
>
> Somebody in the video (I'm assuming the person is Arabella Steadham)
> said, "I'm not going to apologize to Hazim, I mean, why would I?," as
> others agree that they could care less about him.  They also said that
> their users take their account names and passwords too seriously.
>
> I don't see how the third party directory can retain any respectability
> at all if they don't

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Ann Otoole]

I hate replying to a policy thread here but will make this one time exception 
for my humble input for LL's consideration:

What I think LL should consider is something in the TPV policy that prohibits 
any tpv from connecting  to any non LL server for any reason when a LL grid is 
selected for login. This simple  policy, if correctly followed, would have 
prevented the incident. It  would also eliminate a tpv team from monitoring 
logins and usage but  then where exactly did they get to do that in the first 
place? It is a  missed policy bullet. There is no reason a client should 
connect 
to  anything except an LL server when an LL grid is selected. LL needs to be 
totally security conscious about the login  process and what rigid requirements 
must be met for connecting to the LL  grids.

I.e.; I watch my port activity. Everyone should. But not everyone would know 
what they are looking at. But had they been watching I bet they would have been 
wanting to know what all those connections to that host were all about right 
away. Had I been using Emerald and saw thirty something connections to 
iheartanime dot com appear I would have been raising hell immediately. What you 
connect to on the internet can be and is monitored sometimes and being open to 
forced connections to something really bad would be extremely unfortunate for 
many that have tom be squeaky clean. 


I use Kirstens and I don't even care much for it's connection for motd. However 
it does tell me when the latest release is available and that is very useful 
information. Maybe there is a way for LL to provide motd bullets for tpvs so 
they can get the word out about updates or something.

There has to be a better way.

Regards

Ann Otoole InSL





From: Brian McGroarty 
To: Thomas Grimshaw 
Cc: opensource-dev@lists.secondlife.com
Sent: Sat, August 21, 2010 10:33:52 AM
Subject: Re: [opensource-dev] Malicious payloads in third-party viewers: is the 
policy worth anything?

On Sat, Aug 21, 2010 at 7:04 AM, Thomas Grimshaw  wrote:
>  Loading 1mb of content per user is hardly a denial of service attack.
> Crosslinking occurs everywhere on the web, this is simply nothing but
> paranoid bull.

"Crosslinking" drops the context of hiding gibberish requests to a
critic's website in a hidden frame that will never be revealed to the
user. This isn't a mere hyperlink to another page or naively stealing
someone else's image hosting.

My read (but I'm no lawyer) is that this looks like 2.d.iii of
http://secondlife.com/corporate/tpv.php and we're already having that
discussion. If anyone can come up with specific reasons why this might
have had legitimate reason to be there, or how this one could be yet
another oversight or mistake, that would be helpful. I sure haven't
heard any to date.

-- 
Brian McGroarty | Linden Lab
Sent from my Newton MP2100 via acoustic coupler
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges



  ___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Gareth Nelson]

"You must not launch Denial of Service (“DoS”) attacks, engage in
griefing, or distribute other functionality that Linden Lab considers
harmful or disruptive to Second Life or the Second Life community"
would have prevented this incident too, if it was obeyed and enforced.


On Sun, Aug 22, 2010 at 1:22 PM, Ann Otoole  wrote:
> I hate replying to a policy thread here but will make this one time
> exception for my humble input for LL's consideration:
>
> What I think LL should consider is something in the TPV policy that
> prohibits any tpv from connecting to any non LL server for any reason when a
> LL grid is selected for login. This simple policy, if correctly followed,
> would have prevented the incident. It would also eliminate a tpv team from
> monitoring logins and usage but then where exactly did they get to do that
> in the first place? It is a missed policy bullet. There is no reason a
> client should connect to anything except an LL server when an LL grid is
> selected. LL needs to be totally security conscious about the login process
> and what rigid requirements must be met for connecting to the LL grids.
>
> I.e.; I watch my port activity. Everyone should. But not everyone would know
> what they are looking at. But had they been watching I bet they would have
> been wanting to know what all those connections to that host were all about
> right away. Had I been using Emerald and saw thirty something connections to
> iheartanime dot com appear I would have been raising hell immediately. What
> you connect to on the internet can be and is monitored sometimes and being
> open to forced connections to something really bad would be extremely
> unfortunate for many that have tom be squeaky clean.
>
> I use Kirstens and I don't even care much for it's connection for motd.
> However it does tell me when the latest release is available and that is
> very useful information. Maybe there is a way for LL to provide motd bullets
> for tpvs so they can get the word out about updates or something.
>
> There has to be a better way.
>
> Regards
>
> Ann Otoole InSL
>
> 
> From: Brian McGroarty 
> To: Thomas Grimshaw 
> Cc: opensource-dev@lists.secondlife.com
> Sent: Sat, August 21, 2010 10:33:52 AM
> Subject: Re: [opensource-dev] Malicious payloads in third-party viewers: is
> the policy worth anything?
>
> On Sat, Aug 21, 2010 at 7:04 AM, Thomas Grimshaw 
> wrote:
>>  Loading 1mb of content per user is hardly a denial of service attack.
>> Crosslinking occurs everywhere on the web, this is simply nothing but
>> paranoid bull.
>
> "Crosslinking" drops the context of hiding gibberish requests to a
> critic's website in a hidden frame that will never be revealed to the
> user. This isn't a mere hyperlink to another page or naively stealing
> someone else's image hosting.
>
> My read (but I'm no lawyer) is that this looks like 2.d.iii of
> http://secondlife.com/corporate/tpv.php and we're already having that
> discussion. If anyone can come up with specific reasons why this might
> have had legitimate reason to be there, or how this one could be yet
> another oversight or mistake, that would be helpful. I sure haven't
> heard any to date.
>
> --
> Brian McGroarty | Linden Lab
> Sent from my Newton MP2100 via acoustic coupler
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>



-- 
“Lanie, I’m going to print more printers. Lots more printers. One for
everyone. That’s worth going to jail for. That’s worth anything.” -
Printcrime by Cory Doctrow

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

[opensource-dev] SVN dead at LL?

[Gareth Nelson]

In the subject really - is subversion just dead now?

-- 
“Lanie, I’m going to print more printers. Lots more printers. One for
everyone. That’s worth going to jail for. That’s worth anything.” -
Printcrime by Cory Doctrow

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] SVN dead at LL?

[Oz Linden (Scott Lawrence)]

 On 2010-08-22 8:32, Gareth Nelson wrote:

In the subject really - is subversion just dead now?



I know that it seems like a simple question, but it may be that it has 
gone over the edge to "too simple".


Linden Lab has for some time been using Mercurial (hg) internally for 
nearly everything.  Whether or not there are some uses of subversion 
still going on I don't know.


The viewer projects are now all using hg, with the authoritative 
integration repository being


   http://hg.secondlife.com/viewer-development

If the question is whether or not we are still updating the old 
viewer-external subversion repository to reflect the new repository 
above, the answer is no.   Those updates were driven by builds off of a 
now-obsolete internal repository (somewhat confusingly named 
'viewer-public').


The subversion repository for Snowglobe continues to exist.

Did that answer your question?


___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] SVN dead at LL?

[Boroondas Gupte]

 On 08/22/2010 02:32 PM, Gareth Nelson wrote:
> In the subject really - is subversion just dead now?
Define "dead". The server is still up and running and I guess it'll stay
like that for the foreseeable future. About the code hosted there, and
the projects behind that:

* I assume there will be no further source drops of *official
  viewer* code on SVN, as there are now public hg repositories for
  that purpose, first of all
  http://bitbucket.org/lindenlab/viewer-development
* I assume the community committers still have write access, so
  *Snowglobe 1* might (and probably will, if necessary) still
  receive security fixes. There will probably not be any new
  features developed for Snowglobe 1. I don't know whether some
  Viewer 2 features will be backported.
* Features of *Snowglobe 2* will be cherry picked into Snowstorm
  (lindenlab/viewer-development) if LL thinks they should be in the
  mainline viewer. It's unclear what happens with features that the
  community wants but LL doesn't. (For implemented ones, you'll
  probably be able to get them from the individual dev's repo. We
  aren't yet sure whether we also want to establish a common
  community repo for that purpose.)

cheers
Boroondas
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Aidan Thornton]

On Sun, Aug 22, 2010 at 1:22 PM, Ann Otoole  wrote:
> What I think LL should consider is something in the TPV policy that
> prohibits any tpv from connecting to any non LL server for any reason when a
> LL grid is selected for login. This simple policy, if correctly followed,
> would have prevented the incident. It would also eliminate a tpv team from
> monitoring logins and usage but then where exactly did they get to do that
> in the first place?

It also prevents third-party viewers from notifying users that updates
are available, including security updates. Whole bunch of other stuff
too - for example the official Second Life login screen doesn't
actually work on unofficial viewers. Besides, both incidents like this
and undisclosed monitoring of usage violate the TPV policy anyway (and
at least one of Emerald's privacy issues didn't involve connecting to
any non-LL server at all).

Have you taken a look at Imprudence's Privacy Policy, for example
(http://imprudenceviewer.org/wiki/Imprudence:Privacy_policy)? This is
roughly the level of disclosure the policy calls for regarding data
collection associated with viewer use (the information related to the
website goes beyond what the policy requires). I assume Emerald has a
similar page somewhere too.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] SVN dead at LL?

[Gareth Nelson]

So basically, server is still up but no updates, that pretty much
answers my question

On Sun, Aug 22, 2010 at 2:05 PM, Boroondas Gupte
 wrote:
> On 08/22/2010 02:32 PM, Gareth Nelson wrote:
>
> In the subject really - is subversion just dead now?
>
> Define "dead". The server is still up and running and I guess it'll stay
> like that for the foreseeable future. About the code hosted there, and the
> projects behind that:
>
> I assume there will be no further source drops of official viewer code on
> SVN, as there are now public hg repositories for that purpose, first of all
> http://bitbucket.org/lindenlab/viewer-development
> I assume the community committers still have write access, so Snowglobe 1
> might (and probably will, if necessary) still receive security fixes. There
> will probably not be any new features developed for Snowglobe 1. I don't
> know whether some Viewer 2 features will be backported.
> Features of Snowglobe 2 will be cherry picked into Snowstorm
> (lindenlab/viewer-development) if LL thinks they should be in the mainline
> viewer. It's unclear what happens with features that the community wants but
> LL doesn't. (For implemented ones, you'll probably be able to get them from
> the individual dev's repo. We aren't yet sure whether we also want to
> establish a common community repo for that purpose.)
>
> cheers
> Boroondas
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>



-- 
“Lanie, I’m going to print more printers. Lots more printers. One for
everyone. That’s worth going to jail for. That’s worth anything.” -
Printcrime by Cory Doctrow

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

[opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Simon Disk]

The login screen and this attack happened before you select the grid.

On Sun, Aug 22, 2010 at 8:22 AM, Ann Otoole  wrote:

> I hate replying to a policy thread here but will make this one time
> exception for my humble input for LL's consideration:
>
> What I think LL should consider is something in the TPV policy that
> prohibits any tpv from connecting to any non LL server for any reason when a
> LL grid is selected for login. This simple policy, if correctly followed,
> would have prevented the incident. It would also eliminate a tpv team from
> monitoring logins and usage but then where exactly did they get to do that
> in the first place? It is a missed policy bullet. There is no reason a
> client should connect to anything except an LL server when an LL grid is
> selected. LL needs to be totally security conscious about the login process
> and what rigid requirements must be met for connecting to the LL grids.
>
> I.e.; I watch my port activity. Everyone should. But not everyone would
> know what they are looking at. But had they been watching I bet they would
> have been wanting to know what all those connections to that host were all
> about right away. Had I been using Emerald and saw thirty something
> connections to iheartanime dot com appear I would have been raising hell
> immediately. What you connect to on the internet can be and is monitored
> sometimes and being open to forced connections to something really bad would
> be extremely unfortunate for many that have tom be squeaky clean.
>
> I use Kirstens and I don't even care much for it's connection for motd.
> However it does tell me when the latest release is available and that is
> very useful information. Maybe there is a way for LL to provide motd bullets
> for tpvs so they can get the word out about updates or something.
>
> There has to be a better way.
>
> Regards
>
> Ann Otoole InSL
>
> --
> *From:* Brian McGroarty 
> *To:* Thomas Grimshaw 
> *Cc:* opensource-dev@lists.secondlife.com
> *Sent:* Sat, August 21, 2010 10:33:52 AM
>
> *Subject:* Re: [opensource-dev] Malicious payloads in third-party viewers:
> is the policy worth anything?
>
> On Sat, Aug 21, 2010 at 7:04 AM, Thomas Grimshaw 
> wrote:
> >  Loading 1mb of content per user is hardly a denial of service attack.
> > Crosslinking occurs everywhere on the web, this is simply nothing but
> > paranoid bull.
>
> "Crosslinking" drops the context of hiding gibberish requests to a
> critic's website in a hidden frame that will never be revealed to the
> user. This isn't a mere hyperlink to another page or naively stealing
> someone else's image hosting.
>
> My read (but I'm no lawyer) is that this looks like 2.d.iii of
> http://secondlife.com/corporate/tpv.php and we're already having that
> discussion. If anyone can come up with specific reasons why this might
> have had legitimate reason to be there, or how this one could be yet
> another oversight or mistake, that would be helpful. I sure haven't
> heard any to date.
>
> --
> Brian McGroarty | Linden Lab
> Sent from my Newton MP2100 via acoustic coupler
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

[opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Simon Disk]

On Sat, Aug 21, 2010 at 7:48 PM, Phox  wrote:

> (Since then, all additional metadata information has been removed from
> emkdu).
> The change in encryption was simply a result of inertia being able to
> decode the viewer window title information.
>

It is my understanding that the emku was placing the hidden viewer window
title information into the baked textures. So in one sentence you are saying
the information was removed. And in the next you are saying it is still
there just encrypted better so others cannot decode it and out you. Which is
it?
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Will]

Found this morning, forgive me for not noting where, but it puts it in context:

Anonymous said...
Why did they do that? Well, you may recall that Emerald (more specifically the 
libemkdu library in it) was caught leaking personally-identifiable information 
about its users in an encrypted form that could be read by Emerald developers. 
They were then caught continuing to do so after the developers in question 
claimed the problem was fixed, just with stronger encryption that made it 
harder to prove.  iheartanime.com is the website of the person who figured out 
how to decrypt the secret information they were leaking both times, and the 
website on which he publicised this issue.  It's basically a vendatta attack 
against someone who revealed the Emerald developers had been up to no good.


From: Simon Disk 
Sent: Sunday, August 22, 2010 9:47 AM
To: Phox 
Cc: opensource-dev@lists.secondlife.com 
Subject: [opensource-dev] Malicious payloads in third-party viewers: is the 
policy worth anything?





On Sat, Aug 21, 2010 at 7:48 PM, Phox  wrote:

  (Since then, all additional metadata information has been removed from emkdu).
  The change in encryption was simply a result of inertia being able to
  decode the viewer window title information.


It is my understanding that the emku was placing the hidden viewer window title 
information into the baked textures. So in one sentence you are saying the 
information was removed. And in the next you are saying it is still there just 
encrypted better so others cannot decode it and out you. Which is it?






___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Draw Distance

[Morgaine]

On Sun, Aug 22, 2010 at 7:01 AM, leliel  wrote:

>
> /set debugvar value
>
>
+1  lelie

This symmetrical handling for all parameters is far superior to defining
abbreviations for each one, and it is inherently extensible as the set of
parameters grows.  I support this.


Morgaine.





On Sun, Aug 22, 2010 at 7:01 AM, leliel  wrote:

>
>
> On Sat, Aug 21, 2010 at 9:36 PM, Miro Collas wrote:
>
> > How about bbeing able to just type it in?  Why a slider, or mouse wheel,
> > which is inaccurate? How about being able to type it in chat?
>
> Instead of a one off thing just for the draw distance, I'd rather we had a
> general command input system similar to the console on id's games. So since
> we use /# for the channel and /me for emotes how about /set for setting
> debug variables with the following syntax.
>
> /set debugvar value
>
> Where value is one of bool, integer, float, or a vector using the lsl style
> of <0.0, 0.0, 0.0>. With tab line completion of course.
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] RenderVolumeLODfactor (branch from Draw Distance)

[Trilo Byte]

Actually, it would be nice if RenderVolumeLODfactor could either
persist from one version to the next (instead of getting reset with everey
new version installation), or be set based on GPU detection.

I imagine the default of 1.125 is based on "class 0" (intel integrated graphics)
but anybody using better than that can go to 2.0 at a bare minimum.  More
powerful GPU's can easily handle 4.0, and from my experience the 
ATI 4xxx series and above/nVidia 9xxx series and above can do 6.0.

On a side note, I've found that setting above 6.0 can have unexpected and
unwanted results, most notably 'disappearing prims' with smaller sculpts
(necklace chains, etc).

Having to manually jump into debug settings with every viewer release
is a pain.  If it could be auto-detected, that would save a lot of novice users
from having to mess around in the Advanced/Debug menu

On Aug 22, 2010, at 2:50 AM, Opensource Obscure wrote:

> 
> On Sun, 22 Aug 2010 10:36:18 +0100, Robin Cornelius
>  wrote:
>> On Sun, Aug 22, 2010 at 10:09 AM, leliel 
> wrote:
>>> On Sun, Aug 22, 2010 at 12:09 AM, Miro Collas 
>>> wrote:
 
 That's what I referring to, the command line commands. VERY handy! And
 dd is one I use a great deal.
> 
> btw, recent Kirstens releases handily embed the draw distance slider 
> into the 2.x menu upper bar.
> 
>>> /set RenderFarClip 128
>>> /set RenderVolumeLODFactor 2.0
>>> /set WindLightUseAtmosShaders 0
>>> 
>>> With a system like this you could change any setting on the fly
>>> without ever having to open the UI which would be great for filming
>>> machinima. Cam into a building and turn on global illumination and
>>> crank up the SSAO settings for deep highlights, cam back out and put
>>> SSAO back to the defaults and turn off GI for a better frame rate.
>> 
>> Thats a powerful idea, is there a new feature JIRA for this on the LL
>> pJIRA currenty? if not could I kindly ask you to create one for it and
>> post the issue number back here.
> 
> +1
> 
> I like a lot leliel's suggestion about Windlight control
> via commandline, especially because I guess that would
> evolve into gestures = tradeable assets (correct?)
> 
> Opensource Obscure
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Draw Distance

[Marine Kelley]

Please be careful not to screw up debug settings that must NOT be changed.
Some are capital for the viewer to function normally, and would completely
shut out users who don't know how to change them back offline, and to what.
It would be easy to make a gesture that completely messes up your debug
settings and to distribute it.

I'd like to point out that the RLV has been controlling all the windlight
settings and a couple debug settings for two years now, through scripts, and
it works well. I took the whitelist approach to the debug settings precisely
for the reason I explained above, and it can't modify anything else so the
user is safe.

Marine


On 22 August 2010 16:38, Morgaine  wrote:

> On Sun, Aug 22, 2010 at 7:01 AM, leliel  wrote:
>
>>
>> /set debugvar value
>>
>>
> +1  lelie
>
> This symmetrical handling for all parameters is far superior to defining
> abbreviations for each one, and it is inherently extensible as the set of
> parameters grows.  I support this.
>
>
> Morgaine.
>
>
>
> 
>
> On Sun, Aug 22, 2010 at 7:01 AM, leliel  wrote:
>
>>
>>
>> On Sat, Aug 21, 2010 at 9:36 PM, Miro Collas wrote:
>>
>> > How about bbeing able to just type it in?  Why a slider, or mouse wheel,
>> > which is inaccurate? How about being able to type it in chat?
>>
>>  Instead of a one off thing just for the draw distance, I'd rather we had
>> a general command input system similar to the console on id's games. So
>> since we use /# for the channel and /me for emotes how about /set for
>> setting debug variables with the following syntax.
>>
>> /set debugvar value
>>
>> Where value is one of bool, integer, float, or a vector using the lsl
>> style of <0.0, 0.0, 0.0>. With tab line completion of course.
>>
>> ___
>> Policies and (un)subscribe information available here:
>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>> Please read the policies before posting to keep unmoderated posting
>> privileges
>>
>
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[JB Hancroft]

Hi Ann,

You suggested: * "What I think LL should consider is something in the TPV
policy that prohibits any tpv from connecting to any non LL server for any
reason when a LL grid is selected for login."*

I'd change that to require that any TPV *disclose* the specifics of any and
all non-LL servers that they are connecting to, and the details of why they
are doing so.  Otherwise, some of the possible value-added functionality
gets crippled.

The real issue here is the TPVP is just legal CYA for LL, it's not something
they actually monitor or enforce.
There is no assurance being provided by LL or by the TPV developer, that
they have any sense of reasonable security, including processes that limit
rogue devs from pulling the kind of stunts that the Emerald team seem to
favor.

If the TPVP really matters, we'll see Emerald shut down from the TPVP
program, because of this accumulated nonsense.
If not, then it confirms that it's all just a paper chase.

Regards,
- JB

On Sun, Aug 22, 2010 at 8:22 AM, Ann Otoole  wrote:

> I hate replying to a policy thread here but will make this one time
> exception for my humble input for LL's consideration:
>
> What I think LL should consider is something in the TPV policy that
> prohibits any tpv from connecting to any non LL server for any reason when a
> LL grid is selected for login. This simple policy, if correctly followed,
> would have prevented the incident. It would also eliminate a tpv team from
> monitoring logins and usage but then where exactly did they get to do that
> in the first place? It is a missed policy bullet. There is no reason a
> client should connect to anything except an LL server when an LL grid is
> selected. LL needs to be totally security conscious about the login process
> and what rigid requirements must be met for connecting to the LL grids.
>
> I.e.; I watch my port activity. Everyone should. But not everyone would
> know what they are looking at. But had they been watching I bet they would
> have been wanting to know what all those connections to that host were all
> about right away. Had I been using Emerald and saw thirty something
> connections to iheartanime dot com appear I would have been raising hell
> immediately. What you connect to on the internet can be and is monitored
> sometimes and being open to forced connections to something really bad would
> be extremely unfortunate for many that have tom be squeaky clean.
>
> I use Kirstens and I don't even care much for it's connection for motd.
> However it does tell me when the latest release is available and that is
> very useful information. Maybe there is a way for LL to provide motd bullets
> for tpvs so they can get the word out about updates or something.
>
> There has to be a better way.
>
> Regards
>
> Ann Otoole InSL
>
> --
> *From:* Brian McGroarty 
> *To:* Thomas Grimshaw 
> *Cc:* opensource-dev@lists.secondlife.com
> *Sent:* Sat, August 21, 2010 10:33:52 AM
>
> *Subject:* Re: [opensource-dev] Malicious payloads in third-party viewers:
> is the policy worth anything?
>
> On Sat, Aug 21, 2010 at 7:04 AM, Thomas Grimshaw 
> wrote:
> >  Loading 1mb of content per user is hardly a denial of service attack.
> > Crosslinking occurs everywhere on the web, this is simply nothing but
> > paranoid bull.
>
> "Crosslinking" drops the context of hiding gibberish requests to a
> critic's website in a hidden frame that will never be revealed to the
> user. This isn't a mere hyperlink to another page or naively stealing
> someone else's image hosting.
>
> My read (but I'm no lawyer) is that this looks like 2.d.iii of
> http://secondlife.com/corporate/tpv.php and we're already having that
> discussion. If anyone can come up with specific reasons why this might
> have had legitimate reason to be there, or how this one could be yet
> another oversight or mistake, that would be helpful. I sure haven't
> heard any to date.
>
> --
> Brian McGroarty | Linden Lab
> Sent from my Newton MP2100 via acoustic coupler
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Gareth Nelson]

Being listed in the directory is a sign that viewer devs have
self-certified compliance, but it's also an unconcious sign to users
that the viewer is legit, even if not intended.

On Sun, Aug 22, 2010 at 3:56 PM, JB Hancroft  wrote:
> Hi Ann,
>
> You suggested:  "What I think LL should consider is something in the TPV
> policy that prohibits any tpv from connecting to any non LL server for any
> reason when a LL grid is selected for login."
>
> I'd change that to require that any TPV disclose the specifics of any and
> all non-LL servers that they are connecting to, and the details of why they
> are doing so.  Otherwise, some of the possible value-added functionality
> gets crippled.
>
> The real issue here is the TPVP is just legal CYA for LL, it's not something
> they actually monitor or enforce.
> There is no assurance being provided by LL or by the TPV developer, that
> they have any sense of reasonable security, including processes that limit
> rogue devs from pulling the kind of stunts that the Emerald team seem to
> favor.
>
> If the TPVP really matters, we'll see Emerald shut down from the TPVP
> program, because of this accumulated nonsense.
> If not, then it confirms that it's all just a paper chase.
>
> Regards,
> - JB
>
> On Sun, Aug 22, 2010 at 8:22 AM, Ann Otoole  wrote:
>>
>> I hate replying to a policy thread here but will make this one time
>> exception for my humble input for LL's consideration:
>>
>> What I think LL should consider is something in the TPV policy that
>> prohibits any tpv from connecting to any non LL server for any reason when a
>> LL grid is selected for login. This simple policy, if correctly followed,
>> would have prevented the incident. It would also eliminate a tpv team from
>> monitoring logins and usage but then where exactly did they get to do that
>> in the first place? It is a missed policy bullet. There is no reason a
>> client should connect to anything except an LL server when an LL grid is
>> selected. LL needs to be totally security conscious about the login process
>> and what rigid requirements must be met for connecting to the LL grids.
>>
>> I.e.; I watch my port activity. Everyone should. But not everyone would
>> know what they are looking at. But had they been watching I bet they would
>> have been wanting to know what all those connections to that host were all
>> about right away. Had I been using Emerald and saw thirty something
>> connections to iheartanime dot com appear I would have been raising hell
>> immediately. What you connect to on the internet can be and is monitored
>> sometimes and being open to forced connections to something really bad would
>> be extremely unfortunate for many that have tom be squeaky clean.
>>
>> I use Kirstens and I don't even care much for it's connection for motd.
>> However it does tell me when the latest release is available and that is
>> very useful information. Maybe there is a way for LL to provide motd bullets
>> for tpvs so they can get the word out about updates or something.
>>
>> There has to be a better way.
>>
>> Regards
>>
>> Ann Otoole InSL
>>
>> 
>> From: Brian McGroarty 
>> To: Thomas Grimshaw 
>> Cc: opensource-dev@lists.secondlife.com
>> Sent: Sat, August 21, 2010 10:33:52 AM
>> Subject: Re: [opensource-dev] Malicious payloads in third-party viewers:
>> is the policy worth anything?
>>
>> On Sat, Aug 21, 2010 at 7:04 AM, Thomas Grimshaw 
>> wrote:
>> >  Loading 1mb of content per user is hardly a denial of service attack.
>> > Crosslinking occurs everywhere on the web, this is simply nothing but
>> > paranoid bull.
>>
>> "Crosslinking" drops the context of hiding gibberish requests to a
>> critic's website in a hidden frame that will never be revealed to the
>> user. This isn't a mere hyperlink to another page or naively stealing
>> someone else's image hosting.
>>
>> My read (but I'm no lawyer) is that this looks like 2.d.iii of
>> http://secondlife.com/corporate/tpv.php and we're already having that
>> discussion. If anyone can come up with specific reasons why this might
>> have had legitimate reason to be there, or how this one could be yet
>> another oversight or mistake, that would be helpful. I sure haven't
>> heard any to date.
>>
>> --
>> Brian McGroarty | Linden Lab
>> Sent from my Newton MP2100 via acoustic coupler
>> ___
>> Policies and (un)subscribe information available here:
>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>> Please read the policies before posting to keep unmoderated posting
>> privileges
>>
>>
>> ___
>> Policies and (un)subscribe information available here:
>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>> Please read the policies before posting to keep unmoderated posting
>> privileges
>
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSo

Re: [opensource-dev] Draw Distance

[Lance Corrimal]

Am Sunday 22 August 2010 schrieb Marine Kelley:
> Please be careful not to screw up debug settings that must NOT be
> changed. Some are capital for the viewer to function normally [...]



could someone please elaborate on why those settings even exist and 
are changeable?


i mean, basically, a debug setting is nothing other than an entry in 
the global settings.xml file.

According to my understanding of what marine points out, seetting 
certain of these to other than the default values will render the 
client unusable... then why on earth are these changeable settings at 
all, instead of #define lines directly in the source???

or, at least, autogenerated variables in the source, instead of 
something that users can f'ck with?

bye,
LC

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Draw Distance

[Marine Kelley]

On 22 August 2010 17:14, Lance Corrimal  wrote:

>
> could someone please elaborate on why those settings even exist and
> are changeable?
>
>
Well, I believe there are SOME debug settings that are worth changing for a
developer, but NOT for the user. I am thinking of "ConnectionPort" for
example. Change that for the average user and they can't connect to SL
anymore until they actually find out how to change this value back and to
what value, if ever. Granted they could reinstall the viewer, but still it
is annoying at best. You could also sneak a change on "MediaShowOnOthers" to
force the avatar to see the media on your own attachments, and use that to
hack their computer. There are plenty of nasty things you can do if this can
of worms is opened.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Draw Distance

[Lance Corrimal]

related line of thought:


how much faster could the viewer be if every single of these "do not 
change this ever" settings was replaced with a #define in a central 
include file?
or in other words, what is the cpu cycle penalty for a 
SavedSettings.getBOOL() and the others?


bye,
LC



Am Sunday 22 August 2010 schrieb Lance Corrimal:
> Am Sunday 22 August 2010 schrieb Marine Kelley:
> > Please be careful not to screw up debug settings that must NOT be
> > changed. Some are capital for the viewer to function normally
> > [...]
> 
> could someone please elaborate on why those settings even exist and
> are changeable?
> 
> 
> i mean, basically, a debug setting is nothing other than an entry
> in the global settings.xml file.
> 
> According to my understanding of what marine points out, seetting
> certain of these to other than the default values will render the
> client unusable... then why on earth are these changeable settings
> at all, instead of #define lines directly in the source???
> 
> or, at least, autogenerated variables in the source, instead of
> something that users can f'ck with?
> 
> bye,
> LC
> 
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Trilo Byte]

Agreed, I think most users treat the viewers on that directory as having
been approved for use by Linden Lab.  Sort of a 'good housekeeping seal of
approval' for the SL grid, if you will.

On Aug 22, 2010, at 7:58 AM, Gareth Nelson wrote:

> Being listed in the directory is a sign that viewer devs have
> self-certified compliance, but it's also an unconcious sign to users
> that the viewer is legit, even if not intended.
> 
> On Sun, Aug 22, 2010 at 3:56 PM, JB Hancroft  wrote:
>> Hi Ann,
>> 
>> You suggested:  "What I think LL should consider is something in the TPV
>> policy that prohibits any tpv from connecting to any non LL server for any
>> reason when a LL grid is selected for login."
>> 
>> I'd change that to require that any TPV disclose the specifics of any and
>> all non-LL servers that they are connecting to, and the details of why they
>> are doing so.  Otherwise, some of the possible value-added functionality
>> gets crippled.
>> 
>> The real issue here is the TPVP is just legal CYA for LL, it's not something
>> they actually monitor or enforce.
>> There is no assurance being provided by LL or by the TPV developer, that
>> they have any sense of reasonable security, including processes that limit
>> rogue devs from pulling the kind of stunts that the Emerald team seem to
>> favor.
>> 
>> If the TPVP really matters, we'll see Emerald shut down from the TPVP
>> program, because of this accumulated nonsense.
>> If not, then it confirms that it's all just a paper chase.
>> 
>> Regards,
>> - JB
>> 
>> On Sun, Aug 22, 2010 at 8:22 AM, Ann Otoole  wrote:
>>> 
>>> I hate replying to a policy thread here but will make this one time
>>> exception for my humble input for LL's consideration:
>>> 
>>> What I think LL should consider is something in the TPV policy that
>>> prohibits any tpv from connecting to any non LL server for any reason when a
>>> LL grid is selected for login. This simple policy, if correctly followed,
>>> would have prevented the incident. It would also eliminate a tpv team from
>>> monitoring logins and usage but then where exactly did they get to do that
>>> in the first place? It is a missed policy bullet. There is no reason a
>>> client should connect to anything except an LL server when an LL grid is
>>> selected. LL needs to be totally security conscious about the login process
>>> and what rigid requirements must be met for connecting to the LL grids.
>>> 
>>> I.e.; I watch my port activity. Everyone should. But not everyone would
>>> know what they are looking at. But had they been watching I bet they would
>>> have been wanting to know what all those connections to that host were all
>>> about right away. Had I been using Emerald and saw thirty something
>>> connections to iheartanime dot com appear I would have been raising hell
>>> immediately. What you connect to on the internet can be and is monitored
>>> sometimes and being open to forced connections to something really bad would
>>> be extremely unfortunate for many that have tom be squeaky clean.
>>> 
>>> I use Kirstens and I don't even care much for it's connection for motd.
>>> However it does tell me when the latest release is available and that is
>>> very useful information. Maybe there is a way for LL to provide motd bullets
>>> for tpvs so they can get the word out about updates or something.
>>> 
>>> There has to be a better way.
>>> 
>>> Regards
>>> 
>>> Ann Otoole InSL
>>> 
>>> 
>>> From: Brian McGroarty 
>>> To: Thomas Grimshaw 
>>> Cc: opensource-dev@lists.secondlife.com
>>> Sent: Sat, August 21, 2010 10:33:52 AM
>>> Subject: Re: [opensource-dev] Malicious payloads in third-party viewers:
>>> is the policy worth anything?
>>> 
>>> On Sat, Aug 21, 2010 at 7:04 AM, Thomas Grimshaw 
>>> wrote:
  Loading 1mb of content per user is hardly a denial of service attack.
 Crosslinking occurs everywhere on the web, this is simply nothing but
 paranoid bull.
>>> 
>>> "Crosslinking" drops the context of hiding gibberish requests to a
>>> critic's website in a hidden frame that will never be revealed to the
>>> user. This isn't a mere hyperlink to another page or naively stealing
>>> someone else's image hosting.
>>> 
>>> My read (but I'm no lawyer) is that this looks like 2.d.iii of
>>> http://secondlife.com/corporate/tpv.php and we're already having that
>>> discussion. If anyone can come up with specific reasons why this might
>>> have had legitimate reason to be there, or how this one could be yet
>>> another oversight or mistake, that would be helpful. I sure haven't
>>> heard any to date.
>>> 
>>> --
>>> Brian McGroarty | Linden Lab
>>> Sent from my Newton MP2100 via acoustic coupler
>>> ___
>>> Policies and (un)subscribe information available here:
>>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>>> Please read the policies before posting to keep unmoderated posting
>>> privileges
>>> 
>>> 
>>> 

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Rob Nelson]

  (Replied offlist by accident.)

  Funny how you allow Phox and crew to continue operating after they
purposefully leak info and attack a website, and then you ban me for
running a freakin' rental company to help pay a friend's bills.

Get your priorities straight and either enforce ALL of your rules for
EVERYONE, or don't enforce them at all.

Rob
The guy who used to develop Luna before he got banned and started making
crap for Minecraft instead.

On 8/21/2010 8:34 AM, Brian McGroarty wrote:
>  On Sat, Aug 21, 2010 at 8:24 AM, Discrete Dreamscape
> wrote:
>>  Actually, I prefer to remember him as:
>>
>>  1) The guy who hacked Emerald's servers before discovering the data
>>  storage issue and
>>
>>  2) The active developer of a malicious viewer under the lolguise of
>>  promoting exploit/bugfixing.
>>
>>  But hey, they keep antagonizing him, so of course this kind of thing 
>> continues.
>  Yeah, he's no saint from these or a hundred other things said about
>  him. Ditto the Emerald leadership. For us though, the problem begins
>  if a pissing match extends to SL or resis' use of SL.
>

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] SVN dead at LL?

[Q Linden]

Yes. We have switched to hg (Mercurial) entirely. And we are lots happier. Some 
day with a better keyboard and two working hands I could explain why. 

 -- Q (iPhone => terse)

On Aug 22, 2010, at 8:32 AM, Gareth Nelson  wrote:

> In the subject really - is subversion just dead now?
> 
> -- 
> “Lanie, I’m going to print more printers. Lots more printers. One for
> everyone. That’s worth going to jail for. That’s worth anything.” -
> Printcrime by Cory Doctrow
> 
> Please avoid sending me Word or PowerPoint attachments.
> See http://www.gnu.org/philosophy/no-word-attachments.html
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Draw Distance

[Lance Corrimal]

Am Sunday 22 August 2010 schrieb Marine Kelley:

> Well, I believe there are SOME debug settings that are worth
> changing for a developer, but NOT for the user. I am thinking of
> "ConnectionPort" for example. Change that for the average user and
> they can't connect to SL anymore until they actually find out how
> to change this value back and to what value, if ever.

not true, actually...

ConnectionPort is a port that the viewer is listening on (for UDP 
packets, i believe).
I'm running with custom ports here since a few months ago (onde 
distinct, different port on each client computer) and that actually 
made thing (teleports and such) a bit better behind a nat router...


still, most of those settings should just be replaced with defines in 
an incluide file as soon as the build type in the develop.py call is 
"Release"...


bye,
LC
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Draw Distance

[Argent Stonecutter]

On 2010-08-22, at 10:14, Lance Corrimal wrote:
> Am Sunday 22 August 2010 schrieb Marine Kelley:
>> Please be careful not to screw up debug settings that must NOT be
>> changed. Some are capital for the viewer to function normally [...]

> could someone please elaborate on why those settings even exist and 
> are changeable?

Some of them can be changed, but only if you know exactly what you're doing. 
They're in the advanced debug settings list because they're there for the 
people who DO know exactly what they're doing.

Some used to be meaningful but are no longer sensible to change.

Some are there for cases when you DO want the viewer to function abnormally... 
for example changing port numbers.

There really needs to be a "not so advanced advanced debug" subset that could 
then be exported via a "/set" option.

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Robert Martin]

On Sun, Aug 22, 2010 at 10:56 AM, JB Hancroft  wrote:
> If the TPVP really matters, we'll see Emerald shut down from the TPVP
> program, because of this accumulated nonsense.
> If not, then it confirms that it's all just a paper chase.

actually lets see whats going on here
1 the whole texture thing was due to the viewers install folder being
baked into textures
IF THIS IS LEFT AS DEFAULT then very little info is actually given the
problem is some folks were doing installs into their own home folder
(somebody did not account for that)

2 the whole login screen edit was mostly the person in question err
being "drunk" at the time and not going back to fix/revert his editing
(btw he is in fact stepping down and surrendering the domain)

I would say that since 1 the problems are being fixed 2 former lindens
(from the recent "Night of Glass" set of layoffs) are now being hired
as part of the E-Team this is a closed issue

-- 
Robert L Martin
Phox whenish is the next beta coming out and is 2439 being blocked??
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[dilly dobbs]

this has been put many ways and this is the clearest it can be put.

 FC quits, hands off to Arabella (read the sandbox dialogs to gauge her
reliability), FC creates new account with new name, make some meaningless
webserver changes, FC comes back with a new name, lather/rinse/repeat.

They have proved that they can not be trusted.


I love deadlines. I like the whooshing sound they make as they fly by

Douglas Adams


On Sun, Aug 22, 2010 at 12:20 PM, Robert Martin wrote:

> On Sun, Aug 22, 2010 at 10:56 AM, JB Hancroft 
> wrote:
> > If the TPVP really matters, we'll see Emerald shut down from the TPVP
> > program, because of this accumulated nonsense.
> > If not, then it confirms that it's all just a paper chase.
>
> actually lets see whats going on here
> 1 the whole texture thing was due to the viewers install folder being
> baked into textures
> IF THIS IS LEFT AS DEFAULT then very little info is actually given the
> problem is some folks were doing installs into their own home folder
> (somebody did not account for that)
>
> 2 the whole login screen edit was mostly the person in question err
> being "drunk" at the time and not going back to fix/revert his editing
> (btw he is in fact stepping down and surrendering the domain)
>
> I would say that since 1 the problems are being fixed 2 former lindens
> (from the recent "Night of Glass" set of layoffs) are now being hired
> as part of the E-Team this is a closed issue
>
> --
> Robert L Martin
> Phox whenish is the next beta coming out and is 2439 being blocked??
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Gareth Nelson]

Tell me, what's the default install path on linux, if there even is an
installer?

I know personally when I use a new viewer I do this:
wget http://whatever
gunzip whatever.tar.gz
tar xvf whatever.tar
cd ~/whatever
./whatever

or:
svn co http://whatever
cd whatever
cd indra
python develop.py build
cd viewer-linux-i686-relwithdebinfo/newview/packaged
./whatever

So that the full path will be /home/gareth/whatever or
/home/gareth/whatever/viewer-linux-i686-relwithdebinfo/newview/packaged

If I wanted to be anonymous in-world (and usually I don't, i'm quite
open even when i'm doing all kinds of sexy fetish stuff - but some
people do value keeping their real name private), leaking the
"/home/gareth" part would be a huge problem.

On Sun, Aug 22, 2010 at 6:20 PM, Robert Martin  wrote:
> On Sun, Aug 22, 2010 at 10:56 AM, JB Hancroft  wrote:
>> If the TPVP really matters, we'll see Emerald shut down from the TPVP
>> program, because of this accumulated nonsense.
>> If not, then it confirms that it's all just a paper chase.
>
> actually lets see whats going on here
> 1 the whole texture thing was due to the viewers install folder being
> baked into textures
> IF THIS IS LEFT AS DEFAULT then very little info is actually given the
> problem is some folks were doing installs into their own home folder
> (somebody did not account for that)
>
> 2 the whole login screen edit was mostly the person in question err
> being "drunk" at the time and not going back to fix/revert his editing
> (btw he is in fact stepping down and surrendering the domain)
>
> I would say that since 1 the problems are being fixed 2 former lindens
> (from the recent "Night of Glass" set of layoffs) are now being hired
> as part of the E-Team this is a closed issue
>
> --
> Robert L Martin
> Phox whenish is the next beta coming out and is 2439 being blocked??
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges
>



-- 
“Lanie, I’m going to print more printers. Lots more printers. One for
everyone. That’s worth going to jail for. That’s worth anything.” -
Printcrime by Cory Doctrow

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Jesse Barnett]

Fractured has stepped down and out of the Emerald picture

http://blog.modularsystems.sl/2010/08/22/emerald-off-with-his-head/

But it is painfully obvious that the comments are being heavily moderated
and I know that neither of mine have gotten through.

The Phox is still in the hen house and it is going to take much more then
this token response to restore confidence. Anyone watching the videos and
listening to their voices can see that a complete reorganization needs to be
done and transparency demonstrated and verified.

I hope that the upper echelons of Linden Lab are not fooled by the blog post
and instead demand that more action be taken. At the bare minimum, they need
to be delisted until real change has been shown.

Ignoring this and giving the all clear with no other action taken on the
part of Linden Lab will instead demonstrate that the TPV is a worthless
scrap of paper.

Jesse Barnett
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Tateru Nino]

 Arabella has also resigned.

On 23/08/2010 3:32 AM, Jesse Barnett wrote:

Fractured has stepped down and out of the Emerald picture

http://blog.modularsystems.sl/2010/08/22/emerald-off-with-his-head/

But it is painfully obvious that the comments are being heavily 
moderated and I know that neither of mine have gotten through.


The Phox is still in the hen house and it is going to take much more 
then this token response to restore confidence. Anyone watching the 
videos and listening to their voices can see that a 
complete reorganization needs to be done and transparency demonstrated 
and verified.


I hope that the upper echelons of Linden Lab are not fooled by the 
blog post and instead demand that more action be taken. At the bare 
minimum, they need to be delisted until real change has been shown.


Ignoring this and giving the all clear with no other action taken on 
the part of Linden Lab will instead demonstrate that the TPV is a 
worthless scrap of paper.


Jesse Barnett


___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges


--
Tateru Nino
Contributing Editor http://massively.com/

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[L. Christopher Bird]

On Sun, Aug 22, 2010 at 11:32 AM, Jesse Barnett  wrote:

>
>
> Ignoring this and giving the all clear with no other action taken on the
> part of Linden Lab will instead demonstrate that the TPV is a worthless
> scrap of paper.
>
>
Correction, it only exist on paper if printed. The proper phrase is "a
worthless configuration of pixels"

The TPVP makes it clear what the consequences are for breaking the policy.
8c says:

"If a Third-Party Viewer or your use or distribution of it violates this
Policy or any Linden Lab policy, your permission to access Second Life using
the Third-Party Viewer shall terminate automatically. You acknowledge and
agree that we may require you to stop using or distributing a Third-Party
Viewer for accessing Second Life if we determine that there is a violation."

So either the lab will enforce this, or they will say "Well you are so
popular you can screw around all you want".  Is Emerald the viewer "too big
to fail"?

-- ZenMondo
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Lance Corrimal]

Am Sunday 22 August 2010 schrieb L. Christopher Bird:
> On Sun, Aug 22, 2010 at 11:32 AM, Jesse Barnett  
wrote:
> > Ignoring this and giving the all clear with no other action taken
> > on the part of Linden Lab will instead demonstrate that the TPV
> > is a worthless scrap of paper.
> 
> Correction, it only exist on paper if printed. The proper phrase is
> "a worthless configuration of pixels"
> 
> The TPVP makes it clear what the consequences are for breaking the
> policy. 8c says:
> 
> "If a Third-Party Viewer or your use or distribution of it violates
> this Policy or any Linden Lab policy, your permission to access
> Second Life using the Third-Party Viewer shall terminate
> automatically. You acknowledge and agree that we may require you
> to stop using or distributing a Third-Party Viewer for accessing
> Second Life if we determine that there is a violation."
> 
> So either the lab will enforce this, or they will say "Well you are
> so popular you can screw around all you want".  Is Emerald the
> viewer "too big to fail"?
> 
> -- ZenMondo

I just looked and emerald's not in the tpv directory anymore.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Andrew Simpson]

 oh.. what this mean? we cant use emerald anymore?


On 22/08/2010 2:01 PM, Lance Corrimal wrote:

Am Sunday 22 August 2010 schrieb L. Christopher Bird:

On Sun, Aug 22, 2010 at 11:32 AM, Jesse Barnett

wrote:

Ignoring this and giving the all clear with no other action taken
on the part of Linden Lab will instead demonstrate that the TPV
is a worthless scrap of paper.

Correction, it only exist on paper if printed. The proper phrase is
"a worthless configuration of pixels"

The TPVP makes it clear what the consequences are for breaking the
policy. 8c says:

"If a Third-Party Viewer or your use or distribution of it violates
this Policy or any Linden Lab policy, your permission to access
Second Life using the Third-Party Viewer shall terminate
automatically. You acknowledge and agree that we may require you
to stop using or distributing a Third-Party Viewer for accessing
Second Life if we determine that there is a violation."

So either the lab will enforce this, or they will say "Well you are
so popular you can screw around all you want".  Is Emerald the
viewer "too big to fail"?

-- ZenMondo

I just looked and emerald's not in the tpv directory anymore.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges




--
AnSky Grid is fun & enjoy with community http://www.ansky.ca>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Gareth Nelson]

As they shouldn't be!
Although one does wonder whether users are now at risk of being banned
if they keep using it

On Sun, Aug 22, 2010 at 7:01 PM, Lance Corrimal
 wrote:
> Am Sunday 22 August 2010 schrieb L. Christopher Bird:
>> On Sun, Aug 22, 2010 at 11:32 AM, Jesse Barnett 
> wrote:
>> > Ignoring this and giving the all clear with no other action taken
>> > on the part of Linden Lab will instead demonstrate that the TPV
>> > is a worthless scrap of paper.
>>
>> Correction, it only exist on paper if printed. The proper phrase is
>> "a worthless configuration of pixels"
>>
>> The TPVP makes it clear what the consequences are for breaking the
>> policy. 8c says:
>>
>> "If a Third-Party Viewer or your use or distribution of it violates
>> this Policy or any Linden Lab policy, your permission to access
>> Second Life using the Third-Party Viewer shall terminate
>> automatically. You acknowledge and agree that we may require you
>> to stop using or distributing a Third-Party Viewer for accessing
>> Second Life if we determine that there is a violation."
>>
>> So either the lab will enforce this, or they will say "Well you are
>> so popular you can screw around all you want".  Is Emerald the
>> viewer "too big to fail"?
>>
>> -- ZenMondo
>
> I just looked and emerald's not in the tpv directory anymore.
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges
>



-- 
“Lanie, I’m going to print more printers. Lots more printers. One for
everyone. That’s worth going to jail for. That’s worth anything.” -
Printcrime by Cory Doctrow

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Will]

They may be waiting to make a formal announcement before they pull the plug 
on the viewer- didn't they make a policy of not allowing any viewer to 
connect that wasn't on the list?  I think so-

--
From: "Gareth Nelson" 
Sent: Sunday, August 22, 2010 2:50 PM
To: "Lance Corrimal" 
Cc: 
Subject: Re: [opensource-dev] Malicious payloads in third-party viewers: is 
the policy worth anything?

> As they shouldn't be!
> Although one does wonder whether users are now at risk of being banned
> if they keep using it
>
> On Sun, Aug 22, 2010 at 7:01 PM, Lance Corrimal
>  wrote:
>> Am Sunday 22 August 2010 schrieb L. Christopher Bird:
>>> On Sun, Aug 22, 2010 at 11:32 AM, Jesse Barnett 
>> wrote:
>>> > Ignoring this and giving the all clear with no other action taken
>>> > on the part of Linden Lab will instead demonstrate that the TPV
>>> > is a worthless scrap of paper.
>>>
>>> Correction, it only exist on paper if printed. The proper phrase is
>>> "a worthless configuration of pixels"
>>>
>>> The TPVP makes it clear what the consequences are for breaking the
>>> policy. 8c says:
>>>
>>> "If a Third-Party Viewer or your use or distribution of it violates
>>> this Policy or any Linden Lab policy, your permission to access
>>> Second Life using the Third-Party Viewer shall terminate
>>> automatically. You acknowledge and agree that we may require you
>>> to stop using or distributing a Third-Party Viewer for accessing
>>> Second Life if we determine that there is a violation."
>>>
>>> So either the lab will enforce this, or they will say "Well you are
>>> so popular you can screw around all you want".  Is Emerald the
>>> viewer "too big to fail"?
>>>
>>> -- ZenMondo
>>
>> I just looked and emerald's not in the tpv directory anymore.
>> ___
>> Policies and (un)subscribe information available here:
>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>> Please read the policies before posting to keep unmoderated posting 
>> privileges
>>
>
>
>
> -- 
> “Lanie, I’m going to print more printers. Lots more printers. One for
> everyone. That’s worth going to jail for. That’s worth anything.” -
> Printcrime by Cory Doctrow
>
> Please avoid sending me Word or PowerPoint attachments.
> See http://www.gnu.org/philosophy/no-word-attachments.html
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting 
> privileges 

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Gareth Nelson]

As I understand it, you don't need to be in the list, just comply with
the policy.

On Sun, Aug 22, 2010 at 8:19 PM, Will  wrote:
> They may be waiting to make a formal announcement before they pull the plug
> on the viewer- didn't they make a policy of not allowing any viewer to
> connect that wasn't on the list?  I think so-
>
> --
> From: "Gareth Nelson" 
> Sent: Sunday, August 22, 2010 2:50 PM
> To: "Lance Corrimal" 
> Cc: 
> Subject: Re: [opensource-dev] Malicious payloads in third-party viewers: is
> the policy worth anything?
>
>> As they shouldn't be!
>> Although one does wonder whether users are now at risk of being banned
>> if they keep using it
>>
>> On Sun, Aug 22, 2010 at 7:01 PM, Lance Corrimal
>>  wrote:
>>>
>>> Am Sunday 22 August 2010 schrieb L. Christopher Bird:

 On Sun, Aug 22, 2010 at 11:32 AM, Jesse Barnett 
>>>
>>> wrote:

 > Ignoring this and giving the all clear with no other action taken
 > on the part of Linden Lab will instead demonstrate that the TPV
 > is a worthless scrap of paper.

 Correction, it only exist on paper if printed. The proper phrase is
 "a worthless configuration of pixels"

 The TPVP makes it clear what the consequences are for breaking the
 policy. 8c says:

 "If a Third-Party Viewer or your use or distribution of it violates
 this Policy or any Linden Lab policy, your permission to access
 Second Life using the Third-Party Viewer shall terminate
 automatically. You acknowledge and agree that we may require you
 to stop using or distributing a Third-Party Viewer for accessing
 Second Life if we determine that there is a violation."

 So either the lab will enforce this, or they will say "Well you are
 so popular you can screw around all you want".  Is Emerald the
 viewer "too big to fail"?

 -- ZenMondo
>>>
>>> I just looked and emerald's not in the tpv directory anymore.
>>> ___
>>> Policies and (un)subscribe information available here:
>>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>>> Please read the policies before posting to keep unmoderated posting
>>> privileges
>>>
>>
>>
>>
>> --
>> “Lanie, I’m going to print more printers. Lots more printers. One for
>> everyone. That’s worth going to jail for. That’s worth anything.” -
>> Printcrime by Cory Doctrow
>>
>> Please avoid sending me Word or PowerPoint attachments.
>> See http://www.gnu.org/philosophy/no-word-attachments.html
>> ___
>> Policies and (un)subscribe information available here:
>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>> Please read the policies before posting to keep unmoderated posting
>> privileges
>
>



-- 
“Lanie, I’m going to print more printers. Lots more printers. One for
everyone. That’s worth going to jail for. That’s worth anything.” -
Printcrime by Cory Doctrow

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Miro Collas]

Do you have a cite for that, Tateru? Not saying it is false, I'd just 
like to see it in context if possible.

On 08/22/2010 01:38 PM, Tateru Nino wrote:
>   Arabella has also resigned.
>
> On 23/08/2010 3:32 AM, Jesse Barnett wrote:
>> Fractured has stepped down and out of the Emerald picture
>>
>> http://blog.modularsystems.sl/2010/08/22/emerald-off-with-his-head/
>>
>> But it is painfully obvious that the comments are being heavily
>> moderated and I know that neither of mine have gotten through.
>>
>> The Phox is still in the hen house and it is going to take much more
>> then this token response to restore confidence. Anyone watching the
>> videos and listening to their voices can see that a complete
>> reorganization needs to be done and transparency demonstrated and
>> verified.
>>
>> I hope that the upper echelons of Linden Lab are not fooled by the
>> blog post and instead demand that more action be taken. At the bare
>> minimum, they need to be delisted until real change has been shown.
>>
>> Ignoring this and giving the all clear with no other action taken on
>> the part of Linden Lab will instead demonstrate that the TPV is a
>> worthless scrap of paper.
>>
>> Jesse Barnett
>>
>>
>> ___
>> Policies and (un)subscribe information available here:
>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>> Please read the policies before posting to keep unmoderated posting 
>> privileges
>
> --
> Tateru Nino
> Contributing Editorhttp://massively.com/
>
>
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Will]

hmm ok I may be wrong but remember a rush to update viewers from the 
approved list, didn't look over my shoulder and just for good housekeeping I 
don't venture from approved viewers.  Seriously hope you are wrong or there 
will be little to no control over who gets to connect.

--
From: "Gareth Nelson" 
Sent: Sunday, August 22, 2010 3:25 PM
To: "Will" 
Cc: "Lance Corrimal" ; 

Subject: Re: [opensource-dev] Malicious payloads in third-party viewers: is 
the policy worth anything?

> As I understand it, you don't need to be in the list, just comply with
> the policy.
>
> On Sun, Aug 22, 2010 at 8:19 PM, Will  wrote:
>> They may be waiting to make a formal announcement before they pull the 
>> plug
>> on the viewer- didn't they make a policy of not allowing any viewer to
>> connect that wasn't on the list?  I think so-
>>
>> --
>> From: "Gareth Nelson" 
>> Sent: Sunday, August 22, 2010 2:50 PM
>> To: "Lance Corrimal" 
>> Cc: 
>> Subject: Re: [opensource-dev] Malicious payloads in third-party viewers: 
>> is
>> the policy worth anything?
>>
>>> As they shouldn't be!
>>> Although one does wonder whether users are now at risk of being banned
>>> if they keep using it
>>>
>>> On Sun, Aug 22, 2010 at 7:01 PM, Lance Corrimal
>>>  wrote:

 Am Sunday 22 August 2010 schrieb L. Christopher Bird:
>
> On Sun, Aug 22, 2010 at 11:32 AM, Jesse Barnett 

 wrote:
>
> > Ignoring this and giving the all clear with no other action taken
> > on the part of Linden Lab will instead demonstrate that the TPV
> > is a worthless scrap of paper.
>
> Correction, it only exist on paper if printed. The proper phrase is
> "a worthless configuration of pixels"
>
> The TPVP makes it clear what the consequences are for breaking the
> policy. 8c says:
>
> "If a Third-Party Viewer or your use or distribution of it violates
> this Policy or any Linden Lab policy, your permission to access
> Second Life using the Third-Party Viewer shall terminate
> automatically. You acknowledge and agree that we may require you
> to stop using or distributing a Third-Party Viewer for accessing
> Second Life if we determine that there is a violation."
>
> So either the lab will enforce this, or they will say "Well you are
> so popular you can screw around all you want".  Is Emerald the
> viewer "too big to fail"?
>
> -- ZenMondo

 I just looked and emerald's not in the tpv directory anymore.
 ___
 Policies and (un)subscribe information available here:
 http://wiki.secondlife.com/wiki/OpenSource-Dev
 Please read the policies before posting to keep unmoderated posting
 privileges

>>>
>>>
>>>
>>> --
>>> “Lanie, I’m going to print more printers. Lots more printers. One for
>>> everyone. That’s worth going to jail for. That’s worth anything.” -
>>> Printcrime by Cory Doctrow
>>>
>>> Please avoid sending me Word or PowerPoint attachments.
>>> See http://www.gnu.org/philosophy/no-word-attachments.html
>>> ___
>>> Policies and (un)subscribe information available here:
>>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>>> Please read the policies before posting to keep unmoderated posting
>>> privileges
>>
>>
>
>
>
> -- 
> “Lanie, I’m going to print more printers. Lots more printers. One for
> everyone. That’s worth going to jail for. That’s worth anything.” -
> Printcrime by Cory Doctrow
>
> Please avoid sending me Word or PowerPoint attachments.
> See http://www.gnu.org/philosophy/no-word-attachments.html 

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Gareth Nelson]

There isn't anything in the policy itself which says you must be
listed, there is however a note on the directory page warning users to
be wary of unlisted viewers.

On Sun, Aug 22, 2010 at 8:54 PM, Will  wrote:
> hmm ok I may be wrong but remember a rush to update viewers from the
> approved list, didn't look over my shoulder and just for good housekeeping I
> don't venture from approved viewers.  Seriously hope you are wrong or there
> will be little to no control over who gets to connect.
>
> --
> From: "Gareth Nelson" 
> Sent: Sunday, August 22, 2010 3:25 PM
> To: "Will" 
> Cc: "Lance Corrimal" ;
> 
> Subject: Re: [opensource-dev] Malicious payloads in third-party viewers: is
> the policy worth anything?
>
>> As I understand it, you don't need to be in the list, just comply with
>> the policy.
>>
>> On Sun, Aug 22, 2010 at 8:19 PM, Will  wrote:
>>>
>>> They may be waiting to make a formal announcement before they pull the
>>> plug
>>> on the viewer- didn't they make a policy of not allowing any viewer to
>>> connect that wasn't on the list?  I think so-
>>>
>>> --
>>> From: "Gareth Nelson" 
>>> Sent: Sunday, August 22, 2010 2:50 PM
>>> To: "Lance Corrimal" 
>>> Cc: 
>>> Subject: Re: [opensource-dev] Malicious payloads in third-party viewers:
>>> is
>>> the policy worth anything?
>>>
 As they shouldn't be!
 Although one does wonder whether users are now at risk of being banned
 if they keep using it

 On Sun, Aug 22, 2010 at 7:01 PM, Lance Corrimal
  wrote:
>
> Am Sunday 22 August 2010 schrieb L. Christopher Bird:
>>
>> On Sun, Aug 22, 2010 at 11:32 AM, Jesse Barnett 
>
> wrote:
>>
>> > Ignoring this and giving the all clear with no other action taken
>> > on the part of Linden Lab will instead demonstrate that the TPV
>> > is a worthless scrap of paper.
>>
>> Correction, it only exist on paper if printed. The proper phrase is
>> "a worthless configuration of pixels"
>>
>> The TPVP makes it clear what the consequences are for breaking the
>> policy. 8c says:
>>
>> "If a Third-Party Viewer or your use or distribution of it violates
>> this Policy or any Linden Lab policy, your permission to access
>> Second Life using the Third-Party Viewer shall terminate
>> automatically. You acknowledge and agree that we may require you
>> to stop using or distributing a Third-Party Viewer for accessing
>> Second Life if we determine that there is a violation."
>>
>> So either the lab will enforce this, or they will say "Well you are
>> so popular you can screw around all you want".  Is Emerald the
>> viewer "too big to fail"?
>>
>> -- ZenMondo
>
> I just looked and emerald's not in the tpv directory anymore.
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>



 --
 “Lanie, I’m going to print more printers. Lots more printers. One for
 everyone. That’s worth going to jail for. That’s worth anything.” -
 Printcrime by Cory Doctrow

 Please avoid sending me Word or PowerPoint attachments.
 See http://www.gnu.org/philosophy/no-word-attachments.html
 ___
 Policies and (un)subscribe information available here:
 http://wiki.secondlife.com/wiki/OpenSource-Dev
 Please read the policies before posting to keep unmoderated posting
 privileges
>>>
>>>
>>
>>
>>
>> --
>> “Lanie, I’m going to print more printers. Lots more printers. One for
>> everyone. That’s worth going to jail for. That’s worth anything.” -
>> Printcrime by Cory Doctrow
>>
>> Please avoid sending me Word or PowerPoint attachments.
>> See http://www.gnu.org/philosophy/no-word-attachments.html
>
>



-- 
“Lanie, I’m going to print more printers. Lots more printers. One for
everyone. That’s worth going to jail for. That’s worth anything.” -
Printcrime by Cory Doctrow

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Sythos]

On Sun, 22 Aug 2010 21:10:00 +0100
Gareth Nelson  wrote:

> There isn't anything in the policy itself which says you must be
> listed, there is however a note on the directory page warning users to
> be wary of unlisted viewers.

wait... TPV listing is based on volunteer action, somebody can develop
a viewer (maybe TPV compliant) and don't ask to be listed in the
directory 

but in term of service at point 7 all resident accept to use only
approved viewer to connect to Linden Grid (and if they login a time
they must approve it)

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Sythos]

On Sun, 22 Aug 2010 15:30:55 -0500
Brandon Husbands  wrote:

> As a X-emerald Dev (I am Dimentox) Most of the stuff people are
> saying that is going on or has gone on.. Most of the other devs had
> no idea. We just did our parts to make the viewer better. I left due
> to the fact that i did not have time to continue to work on the
> project.  Unfortunately a few bad seeds ruin the apple.

emerald *is* a TPV compliant viewer, but isn't listed

this is a grey zone in ToS and TPV policy... not an dev-emerald fault
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Henri Beauchamp]

On Sun, 22 Aug 2010 21:10:00 +0100, Gareth Nelson wrote:

> There isn't anything in the policy itself which says you must be
> listed, there is however a note on the directory page warning users to
> be wary of unlisted viewers.

Which is a non-sence.

Quoting the TPV policy:

"
6. The Viewer Directory and Self-Certification

We created the Viewer Directory to help promote awareness of Third-Party 
Viewers within the Second Life community. Unlike the other sections of this 
Policy, participation in the Viewer Directory is currently not a requirement 
for connecting to Second Life. 
"

So, the viewer  directory is just a promotion tool. Also, having a
viewer listed in the directory is in no way a guarantee, since LL
clearly disclaims it; still quoting the TPV policy.

"
6.c. The Viewer Directory is a self-certification program. Linden Lab
does not represent or warrant any independent testing or verification
of compliance of any application listed in the Viewer Directory.
We disclaim all liability associated with applications in the Viewer
Directory.
"

And the 3rd paragraph of the forewords of the directory itself:

" .../... However, because third-party viewers are not our viewers, we
cannot guarantee that they will follow our rules. You are responsible
for evaluating whether you want to use and share information with them."

As you can see, being listed in the directory means nothing, and not
being listed means nothing either as far as the safety of the viewer
goes.

I myself didn't list the Cool VL Viewer, not because it would not
be TPV policy compliant (it is, 100%), but because Linden Lab
requires private data about me that I won't disclose so to protect
my privacy and anonimity in SL.

Henri.

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Sythos]

On Sun, 22 Aug 2010 22:30:20 +0200
Henri Beauchamp  wrote:

> On Sun, 22 Aug 2010 21:10:00 +0100, Gareth Nelson wrote:
> 
> > There isn't anything in the policy itself which says you must be
> > listed, there is however a note on the directory page warning users
> > to be wary of unlisted viewers.
> 
> Which is a non-sence.

sorry cannot see the no-sense, terms are both for developers and
resident

a developer CAN listen a viewer in TPV (and succesfully listed if
viewer is TPV compliant)

a resident MUST use a TPV viewer to use Linden services
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Gareth Nelson]

Users are not allowed to connect with a viewer that does not comply,
but a viewer does not need to be in the directory in order to comply.

On Sun, Aug 22, 2010 at 9:36 PM, Altair Sythos  wrote:
> On Sun, 22 Aug 2010 22:30:20 +0200
> Henri Beauchamp  wrote:
>
>> On Sun, 22 Aug 2010 21:10:00 +0100, Gareth Nelson wrote:
>>
>> > There isn't anything in the policy itself which says you must be
>> > listed, there is however a note on the directory page warning users
>> > to be wary of unlisted viewers.
>>
>> Which is a non-sence.
>
> sorry cannot see the no-sense, terms are both for developers and
> resident
>
> a developer CAN listen a viewer in TPV (and succesfully listed if
> viewer is TPV compliant)
>
> a resident MUST use a TPV viewer to use Linden services
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges
>



-- 
“Lanie, I’m going to print more printers. Lots more printers. One for
everyone. That’s worth going to jail for. That’s worth anything.” -
Printcrime by Cory Doctrow

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Will]

Then this is confusing, to be listed you have to within the policy 
"approved" for lack of a better word:
Someone please clarify-

"If a Third-Party Viewer or your use or distribution of it violates
this Policy or any Linden Lab policy, your permission to access
Second Life using the Third-Party Viewer shall terminate
 automatically."

To me it sounds like any viewer not on the list is not approved and that 
means by their own statement it will not be allowed to connect.

--
From: "Gareth Nelson" 
Sent: Sunday, August 22, 2010 4:10 PM
To: "Will" 
Cc: "Lance Corrimal" ; 

Subject: Re: [opensource-dev] Malicious payloads in third-party viewers: is 
the policy worth anything?

> There isn't anything in the policy itself which says you must be
> listed, there is however a note on the directory page warning users to
> be wary of unlisted viewers.
>
> On Sun, Aug 22, 2010 at 8:54 PM, Will  wrote:
>> hmm ok I may be wrong but remember a rush to update viewers from the
>> approved list, didn't look over my shoulder and just for good 
>> housekeeping I
>> don't venture from approved viewers.  Seriously hope you are wrong or 
>> there
>> will be little to no control over who gets to connect.
>>
>> --
>> From: "Gareth Nelson" 
>> Sent: Sunday, August 22, 2010 3:25 PM
>> To: "Will" 
>> Cc: "Lance Corrimal" ;
>> 
>> Subject: Re: [opensource-dev] Malicious payloads in third-party viewers: 
>> is
>> the policy worth anything?
>>
>>> As I understand it, you don't need to be in the list, just comply with
>>> the policy.
>>>
>>> On Sun, Aug 22, 2010 at 8:19 PM, Will  wrote:

 They may be waiting to make a formal announcement before they pull the
 plug
 on the viewer- didn't they make a policy of not allowing any viewer to
 connect that wasn't on the list?  I think so-

 --
 From: "Gareth Nelson" 
 Sent: Sunday, August 22, 2010 2:50 PM
 To: "Lance Corrimal" 
 Cc: 
 Subject: Re: [opensource-dev] Malicious payloads in third-party 
 viewers:
 is
 the policy worth anything?

> As they shouldn't be!
> Although one does wonder whether users are now at risk of being banned
> if they keep using it
>
> On Sun, Aug 22, 2010 at 7:01 PM, Lance Corrimal
>  wrote:
>>
>> Am Sunday 22 August 2010 schrieb L. Christopher Bird:
>>>
>>> On Sun, Aug 22, 2010 at 11:32 AM, Jesse Barnett 
>>
>> wrote:
>>>
>>> > Ignoring this and giving the all clear with no other action taken
>>> > on the part of Linden Lab will instead demonstrate that the TPV
>>> > is a worthless scrap of paper.
>>>
>>> Correction, it only exist on paper if printed. The proper phrase is
>>> "a worthless configuration of pixels"
>>>
>>> The TPVP makes it clear what the consequences are for breaking the
>>> policy. 8c says:
>>>
>>> "If a Third-Party Viewer or your use or distribution of it violates
>>> this Policy or any Linden Lab policy, your permission to access
>>> Second Life using the Third-Party Viewer shall terminate
>>> automatically. You acknowledge and agree that we may require you
>>> to stop using or distributing a Third-Party Viewer for accessing
>>> Second Life if we determine that there is a violation."
>>>
>>> So either the lab will enforce this, or they will say "Well you are
>>> so popular you can screw around all you want".  Is Emerald the
>>> viewer "too big to fail"?
>>>
>>> -- ZenMondo
>>
>> I just looked and emerald's not in the tpv directory anymore.
>> ___
>> Policies and (un)subscribe information available here:
>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>> Please read the policies before posting to keep unmoderated posting
>> privileges
>>
>
>
>
> --
> “Lanie, I’m going to print more printers. Lots more printers. One for
> everyone. That’s worth going to jail for. That’s worth anything.” -
> Printcrime by Cory Doctrow
>
> Please avoid sending me Word or PowerPoint attachments.
> See http://www.gnu.org/philosophy/no-word-attachments.html
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges


>>>
>>>
>>>
>>> --
>>> “Lanie, I’m going to print more printers. Lots more printers. One for
>>> everyone. That’s worth going to jail for. That’s worth anything.” -
>>> Printcrime by Cory Doctrow
>>>
>>> Please avoid sending me Word or PowerPoint attachments.
>>> See http://www.gnu.org/philosophy/no-word-attachments.html
>>
>>
>
>
>
> -- 
> “Lanie, I’m going to print more printers. Lots more prin

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Sythos]

On Sun, 22 Aug 2010 22:40:26 +0200
Henri Beauchamp  wrote:

> > > > There isn't anything in the policy itself which says you must be
> > > > listed, there is however a note on the directory page warning
> > > > users to be wary of unlisted viewers.
> > > 
> > > Which is a non-sence.
> > 
> > sorry cannot see the no-sense,
> 
> The non-sense is about LL saying "be wary of viewers not listed in
> this directory" (while the TPV policy clealy states that to be
> compliant, a viewer does NOT need to be listed in the directory) and
> then "we can't give you any guarantee for the viewer listed in this
> directory".

again... is a self-certification, you may be listen submitting your
data, but linden cannot guarantee you say the true :)

if else isn't a "self-certification"
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Login Pic

[Boroondas Gupte]

 I don't know. If in doubt, search the string (or parts of it, in case
it gets constructed on-the-fly) in the config files and edit it there.
If that too doesn't help, search it in the source.

Probably creators of TPVs can tell you more, as they have to handle that
issue anyway.

cheers
Boroondas

On 08/22/2010 09:18 PM, a...@skyhighway.com wrote:
> Thanks for the info!  But, can you tell me what string i should use for
> the --channel argument?  i've tried quite a few different values,
> including leaving it off the way my stock SL 1.23 installation has it, but
> never get the login pic.  i'm guessing that when the --channel spec is
> left out it the built-in default it uses is the wrong one.  Does it have
> some override authority built into it as well?
>
> Thx!!
>
> - AK  (Aklo Modan)
>
>  On 08/22/2010 10:09 AM, a...@skyhighway.com wrote:
>> So, is it fixable?
> Yes, but the proper fix would be server side, so we volunteers can't do
> it. (Except we would create our own login page altogether and point the
> viewer at that. Dunno how good an idea that would be.)
>
>> Is there some way to change the Snowglobe login
>> channel?
> Yes, see the --channel option on the Viewer parameters page. For third
> party viewers (shouldn't apply to Snowglobe, just mentioning it for
> completeness), please be aware of the Channel and Version Requirements
> imposed by the TPV policy.
>
>> Or can the server be configured to respond to the channel
>> Snowglobe already has?
> I certainly assume so. I don't know how much work that'd be for LL,
> though, but I guess it can't be very much.
>
>> Or is this just something Snowglobe users should
>> not care about?
> These little things are important, especially if they have relatively easy
> fixes. Of course this on here doesn't significantly affect usability, but
> it does have influence on the overall impression. Even although Snowstorm
> might now have priority, this issue should be fixed. (I thought I'd have
> seen a JIRA issue about this some time ago, but can't seem to find it
> again.)
>
> cheers
> Boroondas
>
>
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Miro Collas]

I was hoping for something first hand - like a post by her or some other 
member of the Emerald team.

Sorry, but so many things have been written that are not supported by 
evidence. Like videos of chats logs: text can be altered so that's 
hardly reliable, solid evidence of anything.

On 08/22/2010 05:16 PM, Michael Daniel wrote:
> Confirmed by Paisley Beebe, a talk show host:
> http://tonightlivewithpaisleybeebe.com/
>
> Should be a good show tonight.  I'm actually looking forward to hearing
> what Rose Borchovski has to say more than whatever BS the Emerald team
> cooks up.
>
> ~Bubblesort Triskaidekaphobia
>
> ==
> Miro Dollas wrote:
>
> Do you have a cite for that, Tateru? Not saying it is false, I'd just
> like to see it in context if possible.
>
> On 08/22/2010 01:38 PM, Tateru Nino wrote:
>> /   Arabella has also resigned.
> />/
> />/ On 23/08/2010 3:32 AM, Jesse Barnett wrote:
> />>/ Fractured has stepped down and out of the Emerald picture
> />>/
> />>/ http://blog.modularsystems.sl/2010/08/22/emerald-off-with-his-head/
> />>/
> />>/ But it is painfully obvious that the comments are being heavily
> />>/ moderated and I know that neither of mine have gotten through.
> />>/
> />>/ The Phox is still in the hen house and it is going to take much more
> />>/ then this token response to restore confidence. Anyone watching the
> />>/ videos and listening to their voices can see that a complete
> />>/ reorganization needs to be done and transparency demonstrated and
> />>/ verified.
> />>/
> />>/ I hope that the upper echelons of Linden Lab are not fooled by the
> />>/ blog post and instead demand that more action be taken. At the bare
> />>/ minimum, they need to be delisted until real change has been shown.
> />>/
> />>/ Ignoring this and giving the all clear with no other action taken on
> />>/ the part of Linden Lab will instead demonstrate that the TPV is a
> />>/ worthless scrap of paper.
> />>/
> />>/ Jesse Barnett
> />>/
> />>/
> />>/ ___
> />>/ Policies and (un)subscribe information available here:
> />>/ http://wiki.secondlife.com/wiki/OpenSource-Dev
> />>/ Please read the policies before posting to keep unmoderated posting 
> privileges
> />/
> />/ --
> />/ Tateru Nino
> />/ Contributing Editorhttp://massively.com/
> />
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges
>

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Brandon Husbands]

As a X-emerald Dev (I am Dimentox) Most of the stuff people are saying that
is going on or has gone on.. Most of the other devs had no idea. We just did
our parts to make the viewer better. I left due to the fact that i did not
have time to continue to work on the project.  Unfortunately a few bad seeds
ruin the apple.

On Sun, Aug 22, 2010 at 3:20 PM, Will  wrote:

> Then this is confusing, to be listed you have to within the policy
> "approved" for lack of a better word:
> Someone please clarify-
>
> "If a Third-Party Viewer or your use or distribution of it violates
> this Policy or any Linden Lab policy, your permission to access
> Second Life using the Third-Party Viewer shall terminate
>  automatically."
>
> To me it sounds like any viewer not on the list is not approved and that
> means by their own statement it will not be allowed to connect.
>
> --
> From: "Gareth Nelson" 
> Sent: Sunday, August 22, 2010 4:10 PM
> To: "Will" 
> Cc: "Lance Corrimal" ;
> 
> Subject: Re: [opensource-dev] Malicious payloads in third-party viewers: is
> the policy worth anything?
>
> > There isn't anything in the policy itself which says you must be
> > listed, there is however a note on the directory page warning users to
> > be wary of unlisted viewers.
> >
> > On Sun, Aug 22, 2010 at 8:54 PM, Will  wrote:
> >> hmm ok I may be wrong but remember a rush to update viewers from the
> >> approved list, didn't look over my shoulder and just for good
> >> housekeeping I
> >> don't venture from approved viewers.  Seriously hope you are wrong or
> >> there
> >> will be little to no control over who gets to connect.
> >>
> >> --
> >> From: "Gareth Nelson" 
> >> Sent: Sunday, August 22, 2010 3:25 PM
> >> To: "Will" 
> >> Cc: "Lance Corrimal" ;
> >> 
> >> Subject: Re: [opensource-dev] Malicious payloads in third-party viewers:
> >> is
> >> the policy worth anything?
> >>
> >>> As I understand it, you don't need to be in the list, just comply with
> >>> the policy.
> >>>
> >>> On Sun, Aug 22, 2010 at 8:19 PM, Will  wrote:
> 
>  They may be waiting to make a formal announcement before they pull the
>  plug
>  on the viewer- didn't they make a policy of not allowing any viewer to
>  connect that wasn't on the list?  I think so-
> 
>  --
>  From: "Gareth Nelson" 
>  Sent: Sunday, August 22, 2010 2:50 PM
>  To: "Lance Corrimal" 
>  Cc: 
>  Subject: Re: [opensource-dev] Malicious payloads in third-party
>  viewers:
>  is
>  the policy worth anything?
> 
> > As they shouldn't be!
> > Although one does wonder whether users are now at risk of being
> banned
> > if they keep using it
> >
> > On Sun, Aug 22, 2010 at 7:01 PM, Lance Corrimal
> >  wrote:
> >>
> >> Am Sunday 22 August 2010 schrieb L. Christopher Bird:
> >>>
> >>> On Sun, Aug 22, 2010 at 11:32 AM, Jesse Barnett  >
> >>
> >> wrote:
> >>>
> >>> > Ignoring this and giving the all clear with no other action taken
> >>> > on the part of Linden Lab will instead demonstrate that the TPV
> >>> > is a worthless scrap of paper.
> >>>
> >>> Correction, it only exist on paper if printed. The proper phrase is
> >>> "a worthless configuration of pixels"
> >>>
> >>> The TPVP makes it clear what the consequences are for breaking the
> >>> policy. 8c says:
> >>>
> >>> "If a Third-Party Viewer or your use or distribution of it violates
> >>> this Policy or any Linden Lab policy, your permission to access
> >>> Second Life using the Third-Party Viewer shall terminate
> >>> automatically. You acknowledge and agree that we may require you
> >>> to stop using or distributing a Third-Party Viewer for accessing
> >>> Second Life if we determine that there is a violation."
> >>>
> >>> So either the lab will enforce this, or they will say "Well you are
> >>> so popular you can screw around all you want".  Is Emerald the
> >>> viewer "too big to fail"?
> >>>
> >>> -- ZenMondo
> >>
> >> I just looked and emerald's not in the tpv directory anymore.
> >> ___
> >> Policies and (un)subscribe information available here:
> >> http://wiki.secondlife.com/wiki/OpenSource-Dev
> >> Please read the policies before posting to keep unmoderated posting
> >> privileges
> >>
> >
> >
> >
> > --
> > “Lanie, I’m going to print more printers. Lots more printers. One for
> > everyone. That’s worth going to jail for. That’s worth anything.” -
> > Printcrime by Cory Doctrow
> >
> > Please avoid sending me Word or PowerPoint attachments.
> > See http://www.gnu.org/philosophy/no-word-attachments.html
> > ___
> > Policies an

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Argent Stonecutter]

On 2010-08-22, at 15:20, Will wrote:

> Then this is confusing, to be listed you have to within the policy 
> "approved" for lack of a better word:
> Someone please clarify-
> 
> "If a Third-Party Viewer or your use or distribution of it violates
> this Policy or any Linden Lab policy, your permission to access
> Second Life using the Third-Party Viewer shall terminate
> automatically."
> 
> To me it sounds like any viewer not on the list is not approved and that 
> means by their own statement it will not be allowed to connect.

Listing in the TPV list is not "approval". Removal from the list implies but 
does not guarantee "disapproval".
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Jesse Barnett]

Here it is. Paisley mentions it in the introduction to her show tonight:

Its 11.00pm here in Sydney Australia, and I’ve just been informed by
> Communications Manager Arabella Steadham from the Emerald 
> Team who
> is appearing on Tonight Live with Paisley 
> Beebetomorrow
> Sunday 22nd Aug at 6pm… that there is something going down, big time with
> the Emerald Team. Arabella Steadham has resigned from the Emerald Team. And
> she and another Emerald Developer have an announcement  to make on the show.


http://tonightlivewithpaisleybeebe.com/

On Sun, Aug 22, 2010 at 3:49 PM, Miro Collas  wrote:

> Do you have a cite for that, Tateru? Not saying it is false, I'd just
> like to see it in context if possible.
>
>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Henri Beauchamp]

On Sun, 22 Aug 2010 22:36:13 +0200, Altair "Sythos" Memo wrote:

> On Sun, 22 Aug 2010 22:30:20 +0200
> Henri Beauchamp  wrote:
> 
> > On Sun, 22 Aug 2010 21:10:00 +0100, Gareth Nelson wrote:
> > 
> > > There isn't anything in the policy itself which says you must be
> > > listed, there is however a note on the directory page warning users
> > > to be wary of unlisted viewers.
> > 
> > Which is a non-sence.
> 
> sorry cannot see the no-sense,

The non-sense is about LL saying "be wary of viewers not listed in this
directory" (while the TPV policy clealy states that to be compliant, a
viewer does NOT need to be listed in the directory) and then "we can't
give you any guarantee for the viewer listed in this directory".

Henri.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] RenderVolumeLODfactor (branch from Draw Distance)

[leliel]

On Sun, Aug 22, 2010 at 7:48 AM, Trilo Byte  wrote:
> Actually, it would be nice if RenderVolumeLODfactor could either
> persist from one version to the next (instead of getting reset with everey
> new version installation), or be set based on GPU detection.

Put it in the settings_per_account.xml file.

> I imagine the default of 1.125 is based on "class 0" (intel integrated 
> graphics)
> but anybody using better than that can go to 2.0 at a bare minimum.  More
> powerful GPU's can easily handle 4.0, and from my experience the
> ATI 4xxx series and above/nVidia 9xxx series and above can do 6.0.

 The default for class 1 and up is 2.0.

> On a side note, I've found that setting above 6.0 can have unexpected and
> unwanted results, most notably 'disappearing prims' with smaller sculpts
> (necklace chains, etc).

That's because you're running into RenderMaxNodeSize.

> Having to manually jump into debug settings with every viewer release
> is a pain.  If it could be auto-detected, that would save a lot of novice 
> users
> from having to mess around in the Advanced/Debug menu

I'll counter that by saying people shouldn't be making jewelery with
500,000 vertices. We need mesh uploads, if only so people can make
necklaces that don't have more geometry data than half a sim.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] RenderVolumeLODfactor (branch from Draw Distance)

[Trilo Byte]

> The default for class 1 and up is 2.0.

I've been on machines meeting/exceeding class 1 for nearly 2 years.  
Every single viewer update (at least on Mac OS) *still* reverts to 1.125

>> On a side note, I've found that setting above 6.0 can have unexpected and
>> unwanted results, most notably 'disappearing prims' with smaller sculpts
>> (necklace chains, etc).
> 
> That's because you're running into RenderMaxNodeSize.

Thanks, will take a look into that

>> Having to manually jump into debug settings with every viewer release
>> is a pain.  If it could be auto-detected, that would save a lot of novice 
>> users
>> from having to mess around in the Advanced/Debug menu
> 
> I'll counter that by saying people shouldn't be making jewelery with
> 500,000 vertices. We need mesh uploads, if only so people can make
> necklaces that don't have more geometry data than half a sim.

Agreed.

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] RenderVolumeLODfactor (branch from Draw Distance)

[leliel]

On Sun, Aug 22, 2010 at 3:32 PM, Trilo Byte  wrote:
>> That's because you're running into RenderMaxNodeSize.
>
> Thanks, will take a look into that

Be careful with that setting. RenderMaxNodeSize specifies the maximum
amount of vertex data an object can use in kilobytes, the default on
class 2 and up is 8MB. If you're exceeding that than you're looking at
a resource hog.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] RenderVolumeLODfactor (branch from Draw Distance)

[Opensource Obscure]

On Sun, 22 Aug 2010 15:26:06 -0700, leliel 
wrote:
> On Sun, Aug 22, 2010 at 7:48 AM, Trilo Byte 
> wrote:
>> Actually, it would be nice if RenderVolumeLODfactor could either
>> persist from one version to the next (instead of getting reset with
>> everey
>> new version installation), or be set based on GPU detection.
> 
> Put it in the settings_per_account.xml file.

When I want to deal with custom debug settings I run the viewer
with additional parameters, like this:
--set AllowMultipleViewers TRUE --set Language it

I find this easier than editing the xml files. This also allows
me to create additional menu entries or icon desktops that
point to the same viewer, but with different configurations.

Opensource Obscure
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Will]

Posted by Bubblesort moments ago- by way of the Alphaville Herald:

"This just in: LLG just released his own viewer named Emergence!"
http://code.google.com/p/emergence-viewer/

--
From: "Michael Daniel" 
Sent: Sunday, August 22, 2010 5:16 PM
To: 
Subject: [opensource-dev] Malicious payloads in third-party viewers: is the 
policy worth anything?

> Confirmed by Paisley Beebe, a talk show host:
> http://tonightlivewithpaisleybeebe.com/
>
> Should be a good show tonight.  I'm actually looking forward to hearing
> what Rose Borchovski has to say more than whatever BS the Emerald team
> cooks up.
>
> ~Bubblesort Triskaidekaphobia
>
> ==
> Miro Dollas wrote:
>
> Do you have a cite for that, Tateru? Not saying it is false, I'd just
> like to see it in context if possible.
>
> On 08/22/2010 01:38 PM, Tateru Nino wrote:
>>/   Arabella has also resigned.
> />/
> />/ On 23/08/2010 3:32 AM, Jesse Barnett wrote:
> />>/ Fractured has stepped down and out of the Emerald picture
> />>/
> />>/ http://blog.modularsystems.sl/2010/08/22/emerald-off-with-his-head/
> />>/
> />>/ But it is painfully obvious that the comments are being heavily
> />>/ moderated and I know that neither of mine have gotten through.
> />>/
> />>/ The Phox is still in the hen house and it is going to take much more
> />>/ then this token response to restore confidence. Anyone watching the
> />>/ videos and listening to their voices can see that a complete
> />>/ reorganization needs to be done and transparency demonstrated and
> />>/ verified.
> />>/
> />>/ I hope that the upper echelons of Linden Lab are not fooled by the
> />>/ blog post and instead demand that more action be taken. At the bare
> />>/ minimum, they need to be delisted until real change has been shown.
> />>/
> />>/ Ignoring this and giving the all clear with no other action taken on
> />>/ the part of Linden Lab will instead demonstrate that the TPV is a
> />>/ worthless scrap of paper.
> />>/
> />>/ Jesse Barnett
> />>/
> />>/
> />>/ ___
> />>/ Policies and (un)subscribe information available here:
> />>/ http://wiki.secondlife.com/wiki/OpenSource-Dev
> />>/ Please read the policies before posting to keep unmoderated posting 
> privileges
> />/
> />/ --
> />/ Tateru Nino
> />/ Contributing Editorhttp://massively.com/
> />
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting 
> privileges 

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[malachi]

i dont think emerald is TPV compliant. data mining, DDoS attacks, User  
data leakage. clearly they have violated not only the TOS but the TPV. so  
no emerald IS NOT TPV Compliant.

On Sun, 22 Aug 2010 16:55:56 -0400, Altair Sythos Memo   
wrote:

> On Sun, 22 Aug 2010 15:30:55 -0500
> Brandon Husbands  wrote:
>
>> As a X-emerald Dev (I am Dimentox) Most of the stuff people are
>> saying that is going on or has gone on.. Most of the other devs had
>> no idea. We just did our parts to make the viewer better. I left due
>> to the fact that i did not have time to continue to work on the
>> project.  Unfortunately a few bad seeds ruin the apple.
>
> emerald *is* a TPV compliant viewer, but isn't listed
>
> this is a grey zone in ToS and TPV policy... not an dev-emerald fault
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting  
> privileges


-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] display names = the end of 1.x viewers?

[Joshua Bell]

On Sat, Aug 21, 2010 at 1:36 PM, Argent Stonecutter  wrote:

>
> That's one thing Blue Mars does better. Your actual login identification is
> by an email address they don't share with anyone, so there's no collection
> of login names available for bulk attacks.
>
> I really wanted LL to add another layer ABOVE the account name, not BELOW
> it. :)


This was considered when the "Display Names" feature was designed, and while
this separation is not part of this work, there was care to make sure that
it wasn't precluded either.

Ideally, IMHO, there would be at least three "names":

(1) login identifier (used with password as login credential)
(2) unique human readable identifier
(3) casual conversational identifier

Prior to "Display Names", the Second Life (firstname, lastname) tuple was
used as all three. "Display Names" separates (2) and (3), but (1) and (2)
are still the same.

I'm not sure if the work to do so is on anyone's backlog - I'm betting
there's a PJIRA on it, though. Technically, it's much less code to touch
than "Display Names" (since a login-only private credential would be used in
far fewer places in the code than username or display names), but it would
be mostly server-side so the community can't help much.

Joshua
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] display names = the end of 1.x viewers?

[Argent Stonecutter]

On 2010-08-22, at 22:53, Joshua Bell wrote:
> (3) casual conversational identifier

Well, we really have that, and I've never thought it's something that needs to 
be maintained by the system. It's something that comes out of human 
interaction, and it's just something people know. For example, Farallon 
Greyskin's name is "Seal", and in RL I've been "Argent" since about '83, 
regardless of my real name, but I don't need my real world ID to match that. 
Some people change their real name to match (I know one guy who did that 
legally), others just use their handles in conversation, in the appropriate 
context. I wouldn't use "Argent" at work, for example.

But we have it now, we'll see how many people use it the way LL expects.

The other thing SL needs is a 1:many relationship between (1) and (2), so that 
Argent David and Argent Stonecutter are both avatars associated with the same 
account... like they are in Avatars United.

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Draw Distance

[Laurent Bechir]

Marine Kelley a écrit :
> Please be careful not to screw up debug settings that must NOT be 
> changed. Some are capital for the viewer to function normally, and 
> would completely shut out users who don't know how to change them back 
> offline, and to what.

Wouldn't it be possible to have an argument "default" like this for 
example :

/set debugvar default

which would put back the debugvar to its default value ?
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Miro Collas]

Yes she did. Here's the interview from treet.tv:
http://treet.tv/people/gracer/blog/20100822/audio-excerpt-interview-arabella-and-jessica

See also:
http://blog.modularsystems.sl/2010/08/22/emerald-resurgence/


On 08/23/2010 12:17 AM, Tateru Nino wrote:
> Sure do. Although apparently she un-resigned shortly after, which I do
> not yet have a cite for. Still waking up.
>
> http://dwellonit.taterunino.net/2010/08/22/hijack-hijinks/
>
>
> On 23/08/2010 5:49 AM, Miro Collas wrote:
>> Do you have a cite for that, Tateru? Not saying it is false, I'd just
>> like to see it in context if possible.
>>
>> On 08/22/2010 01:38 PM, Tateru Nino wrote:
>>> Arabella has also resigned.
>>>
>>> On 23/08/2010 3:32 AM, Jesse Barnett wrote:
>>>> Fractured has stepped down and out of the Emerald picture
>>>>
>>>> http://blog.modularsystems.sl/2010/08/22/emerald-off-with-his-head/
>>>>
>>>> But it is painfully obvious that the comments are being heavily
>>>> moderated and I know that neither of mine have gotten through.
>>>>
>>>> The Phox is still in the hen house and it is going to take much more
>>>> then this token response to restore confidence. Anyone watching the
>>>> videos and listening to their voices can see that a complete
>>>> reorganization needs to be done and transparency demonstrated and
>>>> verified.
>>>>
>>>> I hope that the upper echelons of Linden Lab are not fooled by the
>>>> blog post and instead demand that more action be taken. At the bare
>>>> minimum, they need to be delisted until real change has been shown.
>>>>
>>>> Ignoring this and giving the all clear with no other action taken on
>>>> the part of Linden Lab will instead demonstrate that the TPV is a
>>>> worthless scrap of paper.
>>>>
>>>> Jesse Barnett
>>>>
>>>>
>>>> ___
>>>> Policies and (un)subscribe information available here:
>>>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>>>> Please read the policies before posting to keep unmoderated posting
>>>> privileges
>>> --
>>> Tateru Nino
>>> Contributing Editorhttp://massively.com/
>>>
>>>
>>>
>>> ___
>>> Policies and (un)subscribe information available here:
>>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>>> Please read the policies before posting to keep unmoderated posting
>>> privileges
>> ___
>> Policies and (un)subscribe information available here:
>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>> Please read the policies before posting to keep unmoderated posting
>> privileges
>>
>

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Tateru Nino]

  And my own writeup: 
http://dwellonit.taterunino.net/2010/08/22/arabella-steadham-asked-to-lie-about-emerald-viewer/

On 23/08/2010 3:15 PM, Miro Collas wrote:
> Yes she did. Here's the interview from treet.tv:
> http://treet.tv/people/gracer/blog/20100822/audio-excerpt-interview-arabella-and-jessica
>  
>
>
> See also:
> http://blog.modularsystems.sl/2010/08/22/emerald-resurgence/
>
>
> On 08/23/2010 12:17 AM, Tateru Nino wrote:
>> Sure do. Although apparently she un-resigned shortly after, which I do
>> not yet have a cite for. Still waking up.
>>
>> http://dwellonit.taterunino.net/2010/08/22/hijack-hijinks/
>>
>>
>> On 23/08/2010 5:49 AM, Miro Collas wrote:
>>> Do you have a cite for that, Tateru? Not saying it is false, I'd just
>>> like to see it in context if possible.
>>>
>>> On 08/22/2010 01:38 PM, Tateru Nino wrote:
>>>> Arabella has also resigned.
>>>>
>>>> On 23/08/2010 3:32 AM, Jesse Barnett wrote:
>>>>> Fractured has stepped down and out of the Emerald picture
>>>>>
>>>>> http://blog.modularsystems.sl/2010/08/22/emerald-off-with-his-head/
>>>>>
>>>>> But it is painfully obvious that the comments are being heavily
>>>>> moderated and I know that neither of mine have gotten through.
>>>>>
>>>>> The Phox is still in the hen house and it is going to take much more
>>>>> then this token response to restore confidence. Anyone watching the
>>>>> videos and listening to their voices can see that a complete
>>>>> reorganization needs to be done and transparency demonstrated and
>>>>> verified.
>>>>>
>>>>> I hope that the upper echelons of Linden Lab are not fooled by the
>>>>> blog post and instead demand that more action be taken. At the bare
>>>>> minimum, they need to be delisted until real change has been shown.
>>>>>
>>>>> Ignoring this and giving the all clear with no other action taken on
>>>>> the part of Linden Lab will instead demonstrate that the TPV is a
>>>>> worthless scrap of paper.
>>>>>
>>>>> Jesse Barnett
>>>>>
>>>>>
>>>>> ___
>>>>> Policies and (un)subscribe information available here:
>>>>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>>>>> Please read the policies before posting to keep unmoderated posting
>>>>> privileges
>>>> -- 
>>>> Tateru Nino
>>>> Contributing Editorhttp://massively.com/
>>>>
>>>>
>>>>
>>>> ___
>>>> Policies and (un)subscribe information available here:
>>>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>>>> Please read the policies before posting to keep unmoderated posting
>>>> privileges
>>> ___
>>> Policies and (un)subscribe information available here:
>>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>>> Please read the policies before posting to keep unmoderated posting
>>> privileges
>>>
>>
>
>

-- 
Tateru Nino
http://dwellonit.taterunino.net/

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Tateru Nino]

  And now, perhaps, we can get back to the important stuff, like the 
viewer itself. ;)

On 23/08/2010 3:15 PM, Miro Collas wrote:
> Yes she did. Here's the interview from treet.tv:
> http://treet.tv/people/gracer/blog/20100822/audio-excerpt-interview-arabella-and-jessica
>  
>
>
> See also:
> http://blog.modularsystems.sl/2010/08/22/emerald-resurgence/
>
>
> On 08/23/2010 12:17 AM, Tateru Nino wrote:
>> Sure do. Although apparently she un-resigned shortly after, which I do
>> not yet have a cite for. Still waking up.
>>
>> http://dwellonit.taterunino.net/2010/08/22/hijack-hijinks/
>>
>>
>> On 23/08/2010 5:49 AM, Miro Collas wrote:
>>> Do you have a cite for that, Tateru? Not saying it is false, I'd just
>>> like to see it in context if possible.
>>>
>>> On 08/22/2010 01:38 PM, Tateru Nino wrote:
>>>> Arabella has also resigned.
>>>>
>>>> On 23/08/2010 3:32 AM, Jesse Barnett wrote:
>>>>> Fractured has stepped down and out of the Emerald picture
>>>>>
>>>>> http://blog.modularsystems.sl/2010/08/22/emerald-off-with-his-head/
>>>>>
>>>>> But it is painfully obvious that the comments are being heavily
>>>>> moderated and I know that neither of mine have gotten through.
>>>>>
>>>>> The Phox is still in the hen house and it is going to take much more
>>>>> then this token response to restore confidence. Anyone watching the
>>>>> videos and listening to their voices can see that a complete
>>>>> reorganization needs to be done and transparency demonstrated and
>>>>> verified.
>>>>>
>>>>> I hope that the upper echelons of Linden Lab are not fooled by the
>>>>> blog post and instead demand that more action be taken. At the bare
>>>>> minimum, they need to be delisted until real change has been shown.
>>>>>
>>>>> Ignoring this and giving the all clear with no other action taken on
>>>>> the part of Linden Lab will instead demonstrate that the TPV is a
>>>>> worthless scrap of paper.
>>>>>
>>>>> Jesse Barnett
>>>>>
>>>>>
>>>>> ___
>>>>> Policies and (un)subscribe information available here:
>>>>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>>>>> Please read the policies before posting to keep unmoderated posting
>>>>> privileges
>>>> -- 
>>>> Tateru Nino
>>>> Contributing Editorhttp://massively.com/
>>>>
>>>>
>>>>
>>>> ___
>>>> Policies and (un)subscribe information available here:
>>>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>>>> Please read the policies before posting to keep unmoderated posting
>>>> privileges
>>> ___
>>> Policies and (un)subscribe information available here:
>>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>>> Please read the policies before posting to keep unmoderated posting
>>> privileges
>>>
>>
>
>

-- 
Tateru Nino
http://dwellonit.taterunino.net/

___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges