-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I do install and run programs i don't trust in a sandbox in my computer,
and i think people are wanting much more than just client-side LSL
scripts...
On 17/3/2010 14:31, Dzonatas Sol wrote:
> You install a program on your computer, and you either tru
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
wouldn't that be more like Flash then?
On 17/3/2010 17:36, Morgaine wrote:
> Argent is exactly right.
>
> From sitting in on these OHs, the intention that has come across (but
> with some ambiguity) is definitely that binaries will be pushed to our
>
We can, for example, easily say that we don't trust your LSL code from
your sim to run in my sim. No difference.
Some suggest the script must be "in the clear" (as in not compiled). Ok,
I argued for that last year, yet here is agruments against it? Or,
people want binaries? Or, people really do
Sorry but I have to agree with Argent on this one.
I use a sandbox all of the time for testing code and programs.
The whole point of and inherent safety in a sandbox is that everything is
contained within. If any code is allowed to interact with anything outside
of the sandbox then it is NOT a sa
On 2010-03-17, at 16:55, Dzonatas Sol wrote:
> Somewhere along the line Argent, you trusted to install the SL
> binary and its "badly behaved code can compromise you."
The SL binary does not contain a mechanism to automatically download
and execute untrusted code from in-world content.
> Don'
Argent Stonecutter wrote:
> On 2010-03-17, at 16:06, Dzonatas Sol wrote:
>> This is why I pointed to the sandbox model with the tried and proven
>> virtualization means of linux emulation as an example. One can easily
>> allow untrusted code to execute natively in the linux emulation.
>
> No you
> [Another attempt to get the archives to see the rest of the post,
prefixing 'From '.]
Success. Don't start your posts with 'From ' folks until it's fixed.
Morgaine.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com
On 2010-03-17, at 16:06, Dzonatas Sol wrote:
> This is why I pointed to the sandbox model with the tried and proven
> virtualization means of linux emulation as an example. One can
> easily allow untrusted code to execute natively in the linux
> emulation.
No you can't. Even in a virtual mac
[Another attempt to get the archives to see the rest of the post, prefixing
'From '.]
Argent is exactly right.
>From sitting in on these OHs, the intention that has come across (but with
some ambiguity) is definitely that binaries will be pushed to our clients
and executed, even if this involves
Oh dear, I may see the problem. Mailmain/pipermail seems to be slicing
posts on a leading 'From ' as if incoming posts were in Unix mailbox format
(they're not!), a very elementary mistake. Any Lindens reading this, please
give the mail/web sysadmins a heads-up.
Meanwhile, it's just a guess, but
Morgaine wrote:
> Argent is exactly right.
The point is already made on a different level. There was no need for
Argent to dismiss a view of it and try to push me as if I misunderstood it.
My viewpoint was from the use of and application of a sandbox model. My
point being there is no need to re
[Mailmain/pipermail is slicing up posts again in the M/L archive. I'll try
a repost.]
Argent is exactly right.
>From sitting in on these OHs, the intention that has come across (but with
some ambiguity) is definitely that binaries will be pushed to our clients
and executed, even if this involve
Argent is exactly right.
>From sitting in on these OHs, the intention that has come across (but with
some ambiguity) is definitely that binaries will be pushed to our clients
and executed, even if this involves some action in-world. Whatever the
mechanism of transfer, these binaries are inherentl
Mike, with reference to CLR and languages (I'm trying to partition the
discussion into manageable chunks, so only one topic at a time):
On Wed, Mar 17, 2010 at 4:01 PM, Dickson, Mike (ISS Software) <
mike.dick...@hp.com> wrote:
>
> Assuming a CLR based approach doesn't simply mean C# there are l
Some of us are not lost in abstractions upon abstraction upon
abstraction upon turtles.
Your welcome to try to explain in detail what you think the nature of
the problem is devoid of such turtles.
Argent Stonecutter wrote:
> I believe you are fundamentally misunderstanding the nature of the
>
On 2010-03-17, at 14:37, Dzonatas Sol wrote:
> If you want to redesign years of study put into the linux emulator,
> its permissions, and its protection levels, to make-up your own
> homebrew sandbox, then go right ahead and worry about remote
> execution.
I believe you are fundamentally mis
Somewhere on this list in the past is a discussion about how to sign off
on scripts and such data for distribution. Those points have already
been made.
What the sandbox model does is allow people to setup a default
permission scheme and allow processes to migrate within the sandbox
without th
On 2010-03-17, at 14:14, Dzonatas Sol wrote:
> It's still the same concept: to download and install... they are
> overused buzzwords that make people think there are some elaborate
> separations for the basic ideas on how to migrate processes.
That's because there are. One requires a human in
It's still the same concept: to download and install... they are
overused buzzwords that make people think there are some elaborate
separations for the basic ideas on how to migrate processes.
The sandbox model is just another abstraction to unify permissions.
It would be no different to insta
On 2010-03-17, at 12:31, Dzonatas Sol wrote:
> You install a program on your computer, and you either trust it or
> you don't. It comes down to that, so it doesn't matter if it is .NET
> or Java or some binary made by company XYZZY.
The quotes from the office hours make it seem like they're ta
You install a program on your computer, and you either trust it or you
don't. It comes down to that, so it doesn't matter if it is .NET or Java
or some binary made by company XYZZY.
What some people want is to separate a way to run a sandbox version of
their LSL code on the client-side, which i
Not to mention that .NET does not have an uncontroversial licensing
arrangement, with many lawyers not able to figure out whether or not most
linux distributions are in technical violation...
On Wed, Mar 17, 2010 at 9:51 AM, Argent Stonecutter wrote:
> > I don't follow you here. What I read in t
On Wed, 17 Mar 2010 11:34:36 -0500, Mike Dickson
wrote:
> On 03/17/2010 11:17 AM, Morgaine wrote:
>> Mike, Soft was referring to us on the opensource-dev list as a whole.
>> That's the "we".
>> As to which "our position" is, that's simply the aggregate of what
>> everyone has expressed in this l
> I don't follow you here. What I read in the above was a combination
> of a well defined client side extension API and a mechanism to load
> code that can be granted a level of trust based on criteria it needs
> to do its job. That might include code signing and metadata about
> the capab
=
>
> On Wed, Mar 17, 2010 at 4:01 PM, Dickson, Mike (ISS Software) <
> mike.dick...@hp.com> wrote:
>
>> See below for comments..
>>
>>
>>
>> *From:* opensource-dev-boun...@lists.secondlife.com [mailto:
>> opensourc
You missed the point of my response to Soft then, Mike.
Soft complained that she didn't know the details of Firefly and that
*WE*(all of us here, including yourself) were not using well backed
positions,
and asked for details of our discussions with Q. I've now supplied the
details of the only in
comments..
>
>
>
> *From:* opensource-dev-boun...@lists.secondlife.com
> <mailto:opensource-dev-boun...@lists.secondlife.com>
> [mailto:opensource-dev-boun...@lists.secondlife.com
> <mailto:opensource-dev-boun...@lists.secondlife.com>] *On Behalf
to:
> opensource-dev-boun...@lists.secondlife.com] *On Behalf Of *Morgaine
> *Sent:* Wednesday, March 17, 2010 9:47 AM
> *To:* Soft Linden
> *Cc:* opensource-dev
> *Subject:* [opensource-dev] Known details of LL 'Firefly' client-side
> scripting
>
>
>
> Soft, I answere
See below for comments..
From: opensource-dev-boun...@lists.secondlife.com
[mailto:opensource-dev-boun...@lists.secondlife.com] On Behalf Of Morgaine
Sent: Wednesday, March 17, 2010 9:47 AM
To: Soft Linden
Cc: opensource-dev
Subject: [opensource-dev] Known details of LL 'Firefly' c
Soft, I answered your post (enclosed below) quickly on Friday 12th to
correct the unfortunate misreading of the words I had written, as that was
rather urgent. I didn't have time then to answer your point about our
technical discussions with Q though, as it needed the details to be dug out.
Now I
30 matches
Mail list logo
