Chat log from the meeting on 2019-02-12

From OpenSimulator

Jump to: navigation, search

[11:19] Vincent.Sylvester In other news Bill and I have been taking a blowtorch to mantis to try and weed out some of the old and stale issues while confirming actual bugs where possible. We talked about releases last time and that some feel one is due. It would probably be a good opportunity then to tackle some of these mantis reports dating back as far as 2009 and creating a release candidate to test the changes before the next release comes along. Some of the issue tickets I have read sound rather important and refer to some very core functionality that is yet to be implemented or fixed.
[11:20] Ubit Umarov: hmm that sounds like planing work for me :p
[11:20] Gavin.Hird is there a ranked list?
[11:21] Andrew.Hellershanks I wouldn't be surprised if some reports were obsolete.
[11:21] Bill Blight: many were
[11:21] Bill Blight: and closed
[11:21] Bill Blight: now
[11:21] Andrew.Hellershanks Are there many open reports with patches that need reviewing?
[11:21] Gavin.Hird good work one sorting those
[11:21] Ubit Umarov: ( including some very new ones also closed :o )
[11:22] Andrew.Hellershanks :)
[11:22] Andrew.Hellershanks Thank you Vincent, and Bill for doing that.
[11:22] Gavin.Hird yes, that was great effort!
[11:23] Ubit Umarov: yeap was nice
[11:23] Ubit Umarov: thx
[11:23] Vincent.Sylvester There are some patches that need review, I have attempted to build what I can against master to make sure they still apply, where I have done so I left a note. Other issues that I could confirm I did so as well. In the category excluding resolved or closed issues there are 1200 entries, most of which are new, confirmed or acknowledged with about 2 dozen patches available. So there is plenty to go through still, but I don't fully know the codebase so some issues will need to be looked at by a dev.
[11:24] Ubit Umarov: 2 dozen?
[11:24] Ubit Umarov: i only remember a few waiting for me to look again
[11:24] Bill Blight: there are 86 with patches included
[11:25] Andrew.Hellershanks 86 is a lot more than 2 dozen. :)
[11:25] Ubit Umarov: also remember a few that ill not accept :p
[11:25] Vincent.Sylvester Some have been denied, but not in a final way that would give me confidence to close the ticket
[11:25] Bill Blight: some have been applied that have not be resolved I think
[11:25] Ubit Umarov: but well being there some may use
[11:25] Gavin.Hird there was one about marketplace folder I suggest you close
[11:26] Gavin.Hird I don't see that there will be anything like a unified marketplace for opensim anytime soon
[11:26] Ubit Umarov: ( like configurable scripts penalty time )
[11:26] Gavin.Hird I plan to remove support for that completely from the viewer
[11:27] Andrew.Hellershanks I need to finish a couple of OpenSim things I was working on. I've just been deep in to a couple of electronics projects since the start of this year.
[11:27] Ubit Umarov: mantis issue tend to stay open, bc we have a implicity rule of leaving close to the reporter
[11:27] Ubit Umarov: and that most time never happens
[11:28] Bill Blight: pretty much if they are more than 2 years old with no responses, going to close them and if someone still cares about it they can reopen them
[11:28] Gavin.Hird I did a major overhaul of script syntax fro the viewer and I don't have descriptions to go in tooltip for a number of the newest functions
[11:28] Gavin.Hird so an update of those would be great (on the wiki page that is)
[11:29] Ubit Umarov: gavin that is automatic now
[11:29] Bill Blight: Gavin have you looked at the lsl syntax xml that is now in master
[11:29] Ubit Umarov: i mean region provided
[11:29] Gavin.Hird I useless
[11:29] Gavin.Hird not going to support, and I am sorry
[11:29] Andrew.Hellershanks Gavin, writing up pages for some of the newest functions is on my todo list.
[11:29] Ubit Umarov: thats your problem
[11:30] Bill Blight: agreed
[11:30] Gavin.Hird it requires additinal code paths in the viewer and it does not have all the possibilites to tooltip the elements of the syntax
[11:30] Bill Blight: seems to me makes more sense to pull the lsl/ossl syntax from the version of opensimulator you are running than hope your viewer is updated
[11:30] Ubit Umarov: as actually consindering your viewer a opensim valid one is ours
[11:30] Gavin.Hird so I have merged everything in the same format as the LL syntax file
[11:31] Ubit Umarov: fs did deviate from zl format
[11:31] Gavin.Hird the viewer also need a fallback
[11:31] Ubit Umarov: and sl format
[11:31] Gavin.Hird their problem
[11:32] Ubit Umarov: but if a viewer does not update syntaxe as opensim changes it
[11:32] Ubit Umarov: well not a opensim viewer on that..
[11:32] Bill Blight: I was assuming Dayturn was going to be more opensim centric , not do it the LL/SL way, I guess I was wrong on that
[11:32] Andrew.Hellershanks The viewer can have some defaults but if you TP to a region that is older, or newer, re: supported functions there will be a mismatch between the region and the viewer.
[11:32] Gavin.Hird so I suggest you rather serve up the file in the format that is the LL syntax as it can be used by anyone
[11:32] Gavin.Hird it is there and free to retreive from the repository
[11:33] Ubit Umarov: we do it on sl format
[11:33] Gavin.Hird you can see how it works in 1.1.5 version here
[11:33] Gavin.Hird no you don't
[11:33] Ubit Umarov: works on with fs and singu
[11:33] Ubit Umarov: just fs does not let override of what it already has defined
[11:34] Ubit Umarov: so.. be opensim compatible, or go your own way
[11:34] Ubit Umarov: your choice
[11:34] Gavin.Hird another things is that no viewer handles overloaded functions
[11:34] Ubit Umarov: of course always open to fix things, even create new ones
[11:35] Ubit Umarov: fs kinda updates some in some cases
[11:35] Ubit Umarov: err or alch does... don't remember already
[11:36] Ubit Umarov: just our current code seems to be ok
[11:36] Vincent.Sylvester I think its syntax file may only be missing a few, I did update them with the latest round a couple months ago or was that a year I dont remember
[11:36] Gavin.Hird has everyting in it
[11:36] Ubit Umarov: ( not all the information provided of course.. that takes time
[11:36] Ubit Umarov: and the format is of xml.. as we add info it grows grows... bahh
[11:37] Vincent.Sylvester There is even an open issue on mantis regarding an ossl function overlap
[11:37] Gavin.Hird it grows, but LSL + OSSL does not grow that fast?
[11:37] Andrew Hellershanks: Vincent, all the newest OSSL functions are marked new on the wiki page. I don't think I have missed any unless there is a very recent one I haven't noticed.
[11:37] Gavin.Hird and those new ones mostly don't have descriptions
[11:38] Andrew Hellershanks: Not outside of the code, yet.
[11:38] Gavin.Hird right
[11:38] Ubit Umarov: i almost made my automatic tool to also gen wiki pages
[11:38] Ubit Umarov: but gaveup on that :)
[11:39] Ubit Umarov: mm still need to improve it a bit
[11:39] Vincent.Sylvester Not many have access to the wiki to edit the pages, those who do are often the ones writing the code and we all know how much fun writing documentation is.
[11:39] Andrew Hellershanks: An automatic tool might be useful but it still would need some manual input to provide code samples showing typical usage.
[11:39] Ubit Umarov: my goal is to put information where devs add funtions
[11:40] Ubit Umarov: so less pain to maintain it with code
[11:40] Andrew Hellershanks: Hm... take a page from Python and its method of including doc info in the code via specially formatted comments.
[11:40] Ubit Umarov: well damm viewers also assume there is energy
[11:40] Ubit Umarov: we don't use energy..
[11:41] Gavin.Hird not now
[11:41] Andrew Hellershanks: GIMP also has a mechanism for generating some docs from comments in the code.
[11:41] Gavin.Hird but it is part of the LSL documentation
[11:41] Ubit Umarov: yes so does VS
[11:41] Ubit Umarov: but a pain to reuse
[11:41] Gavin.Hird which is why it is in the syntax file
[11:41] Ubit Umarov: no viewers automatic add it if not present on the file
[11:43] Ubit Umarov: and we will not have that energy concept
[11:43] Gavin.Hird it is always present in keywords_lsl_default.xml which is the file LL serves to the viewer
[11:43] Ubit Umarov: thats very sl throttling specific
[11:43] Bill Blight: to me this is just a case of, do we keep doing it the LL way or do we do it the Opensimulator way, and I guess it is just a choice if you want to keep sucking on the LL tit or move away from it ..
[11:43] Gavin.Hird used by the physics engine potentially
[11:43] Ubit Umarov: yes but code also automaticly adds it if nor present on file
[11:44] Ubit Umarov: no, sl energy is not a physical reality
[11:44] Ubit Umarov: is it a throttling thing
[11:44] Gavin.Hird since we use LSL and LSL is owned and maintained by LL and given to us in a well-defined format, I say we should use it
[11:45] Vincent.Sylvester LL is not a gold-standard and frankly this project would not exist if everyone felt so, so for an OpenSim-first viewer following LL standard where OpenSim deviates seems off imo
[11:45] Gavin.Hird also the extent of LSL is currently much larger than OSSL
[11:45] Ubit Umarov: we are not talking about functions
[11:45] Gavin.Hird well, we do use LSL - that is the reality
[11:45] Ubit Umarov: and even those we do then as close to sl as possible
[11:45] Bill Blight: That does not mean we have to be a clone of them, and follow like good little soldiers
[11:45] Ubit Umarov: but no energy for example
[11:46] Gavin.Hird it is easier to keep it in the syntax file than write code to filter it out for OSSL
[11:46] Ubit Umarov: LSL is a compatibilty layer, not a full spec for us
[11:46] Gavin.Hird so just overlook it
[11:46] Ubit Umarov: and that will be more like that in future
[11:47] Ubit Umarov: all support will be moved to own layers..
[11:47] Ubit Umarov: actually as originally planned
[11:47] Ubit Umarov: ( dont ask how we will do it :p )
[11:48] Gavin.Hird :-)
[11:48] Vincent.Sylvester We do not use LSL, we recreated it from scratch, function by function, often fixing things in the process. LSL according to LL still allows the use of LLResetScript in state_entry which is completely nonsensical to me, OpenSim has removed this ability to reduce spam. There is an issue ticket about this on mantis, maybe even more than one. The point is that we should be aiming to improve upon what LL has created seeing as they no longer really maintain it or update it much anyways.
[11:48] Bill Blight: If we do things their way JUST BECAUSE , with that thinking we should also remove the things they don't do .. And Not a fan of that idea at all .. We either do it the opensimulator way, maintaining compatibility if we choose to do so, or we become Halcyon an attempted SL clone
[11:49] Ubit Umarov: well just SL clone is no longer a opensim thing
[11:49] Vincent.Sylvester I always felt the point of OpenSim was to take what LL has made and fix what they screwed up and build upon it, not adhere and just recreate it, where is the fun in that, we can do better, that's the opensource spirit
[11:49] Andrew Hellershanks: Calling llResetScript in the default state can have its uses. Like a lot of things witih scripting, it has to be done right.
[11:49] Bill Blight: Yeah I know that was my point Ubit
[11:50] Ubit Umarov: that does not mean we will loose tpvs suport
[11:50] Ubit Umarov: of course :)
[11:50] Gavin.Hird that is why there are tooltip in the syntax file for each element, so you can add comments for different behavior as an example
[11:51] Ubit Umarov: yes and we do provide overrides on that NOW
[11:51] Ubit Umarov: it would be nice if they did override
[11:51] Gavin.Hird your syntax file does not have tooltip at all
[11:51] Bill Blight: but if we do the syntax file to LL standards they will never have tooltips for how it behaves in Opensimulator
[11:51] Gavin.Hird of course
[11:52] Gavin.Hird we just let it move on from here
[11:52] Ubit Umarov: it does not have to, because i did not add tooltips on source
[11:52] Bill Blight: umm I'm looking at the scriptsyntax file, I see tooltips
[11:52] Gavin.Hird and not sync directly with LL
[11:52] Ubit Umarov: not a file issue, a laziness issue :p
[11:52] Bill Blight: not on all
[11:52] Ubit Umarov: also that file is damm large
[11:52] Gavin.Hird so what?
[11:52] Ubit Umarov: so not going to mk it verbose
[11:52] Ubit Umarov: so what what?
[11:52] Gavin.Hird it is the extent of the documentation needed
[11:53] Ubit Umarov: the of that is not to be a full doc replacement
[11:53] Ubit Umarov: just a fast reminder
[11:53] Ubit Umarov: so list of arguments its basicly what it needs
[11:53] Ubit Umarov: needs
[11:53] Gavin.Hird just try it in the editor and you will like it
[11:54] Vincent.Sylvester I have a fairly recent version of that syntax file nicely formatted and easy to read, even sorted, adding to it would not be hard
[11:54] Gavin.Hird I am sure we can get rid of energy in the displayed tooltip
[11:54] Ubit Umarov: yeap thats a minor thing on viewers
[11:54] Bill Blight:
[11:56] Ubit Umarov: you can test it here
[11:56] Ubit Umarov: just look to one ossl new things
[11:56] Andrew Hellershanks: We are almost at the top of the hour. To take the discussion to another topic for a moment I received a question about the use of the Disp parameter in OsSetDynamicTextureURLBlendFace. The user felt the information wasn't clear enough.
[11:57] Ubit Umarov: reducing amount of text is by design not a file format issue
[11:57] Ubit Umarov: you had to pic a totally broken example andrew :p
[11:57] Ubit Umarov: the api of those functions is not that coherent at all
[11:58] Bernd.Steinhardt I don't want to interrupt this discussion, but since this hour goes to its end, I have an topic, which is not dev related, more a problem - before you all are leaving, perhaps anyone has an hint for me, perhaps a wiki or mantis item, which handles this issue...
[11:58] Bill Blight: and if we had a penny for every time a user did not understand the directions, we all be on our private tropical islands ... LOL
[11:58] Gavin.Hird hehe
[11:58] Gavin.Hird actually quite a few are
[11:58] Bill Blight: What's up Bernd?
[11:59] Ubit Umarov: err a thing not standard on that file is the first line
[11:59] Andrew Hellershanks: What is the problem, Bernd?
[11:59] Ubit Umarov: that's a regions thing ( well the file is for regions not viewers.. )
[11:59] Andrew Hellershanks grins at Bill.
[11:59] Bernd.Steinhardt my database is blowing up itself, in name the asset table - it sees the asset items are duplicating itselfs and I cant figure out why
[12:00] Ubit Umarov: regions will read it and gen the viewers one ( that just happens to be the rest of it )
[12:00] Andrew Hellershanks: Bill, one part of the problem is probaby just a typo in the wiki page. It refers to "sDatabase". I think the s wasn't intended to be there.
[12:01] Bill Blight: Bernd, you mean just randomly duplicating or is something triggering the duplication, as in when do you see it happen
[12:01] Andrew Hellershanks: Bernd, are you using the standard assets system or FSAssets?
[12:02] Bernd.Steinhardt no I cant see explicite duplicated items - but the number of assets grows also if nobody logged into the grid - about 2 gb per week
[12:03] Gavin.Hird that's a lot for an idle grid
[12:03] Bill Blight: Maptiles
[12:03] Bernd.Steinhardt yes
[12:03] Bernd.Steinhardt yes fsassets
[12:04] Bill Blight: would not be surprised if it is just maptile generation as those assets don't ever seem to get deduped
[12:05] Gavin.Hird file versioning on the filesystem?
[12:05] Bernd.Steinhardt how can i detect this?
[12:05] Gavin.Hird which operating system are you running?
[12:05] Bill Blight: when you say the assets are growing are you looking specific at the asset folder or your file system in general
[12:07] Andrew Hellershanks: maptiles aren't saved to the database.
[12:07] Bernd.Steinhardt windows server 2008
[12:07] Bill Blight: actually andrew yes they are
[12:07] Bill Blight: they are still stored in the DB for V1 viewer compatibility
[12:08] Andrew Hellershanks: Why is there a directory of maptiles if they are saved to the DB?
[12:08] Bernd.Steinhardt quicker access?
[12:08] Andrew Hellershanks: If the maptiles are saved by a fixed UUID (I would expect they would be for a given region), that wouldn't inflate the database.
[12:08] Gavin.Hird what table are they stored to in the db?
[12:08] Gavin.Hird I have never seen them there
[12:09] Vincent.Sylvester WHERE name LIKE %terrainImage%
[12:09] Gavin.Hird in assets?
[12:09] Vincent.Sylvester yes
[12:10] Bernd.Steinhardt ok, i could switch the maptile refresh off... but I cannot imagine that this causes such a huge data influence
[12:10] Ubit Umarov: maptiles have an asset and a non asset part andrew
[12:10] Bill Blight: var region maptiles are pretty big if you have many var regions, and if you generate them often it could inflate quite a bit
[12:11] Vincent.Sylvester I deleted 30k of them, turned out to be 21gb
[12:11] Bernd.Steinhardt no there are no var regions and the refresh rate is 1 hour
[12:11] Bill Blight: so every hour you are duplicating your maptiles
[12:11] Bill Blight: over and over and over and over
[12:11] Ubit Umarov: that possible 2 fast, specially using warp3d
[12:12] Ubit Umarov: and at least one asset is created and stored
[12:12] Ubit Umarov: BUT the previous one can be deleted
[12:12] Ubit Umarov: we spoke about that on a recent mantis
[12:12] Bill Blight: but it is not auto
[12:12] Ubit Umarov: it is
[12:12] Ubit Umarov: remember the mantis vincent ?
[12:12] Bill Blight: well maybe it is supposed to be
[12:13] Vincent.Sylvester Yes
[12:13] Ubit Umarov: its confusing options
[12:13] Gavin.Hird I had about 45000 of those
[12:13] Ubit Umarov: we need to allow assets delete
[12:13] Ubit Umarov: but forbid the option to delete all :)
[12:14] Ubit Umarov: that way map assets are deleted by map generator on upload new
[12:14] Gavin.Hird I suppose you can make a query that deletes all but the latest version
[12:14] Ubit Umarov: well the current one is deleted
[12:14] Vincent.Sylvester ; Allow maptile assets to remotely deleted by remote calls to the asset service.
 ; There is no harm in having this as false - it just means that historical maptile assets are not deleted.
 ; This only applies to maptiles served via the version 1 viewer mechanisms
 ; Default is false
AllowRemoteDelete = false
[12:14] Andrew Hellershanks: hm... terrain image files saved to the database should get marked as temporary assets so they can be later removed.
[12:15] Bernd.Steinhardt ok
[12:15] Ubit Umarov: yeat that should the true.. that comment tells that dev was not worried about db sizes :)
[12:15] Ubit Umarov: but not the NEXT option
[12:15] Ubit Umarov: do not allow delete on all
[12:16] Andrew Hellershanks: I'd also be curious as to what "remote" thing was supposed to either request the deletion or perform the deletion.
[12:16] Ubit Umarov: that is still not safe
[12:16] Ubit Umarov: let rest of assests be immutable :(
[12:16] Bernd.Steinhardt hi hi
[12:16] Vincent.Sylvester AllowRemoteDelete because the flag was always true on standalone
[12:16] Ubit Umarov: guess both
[12:17] Ubit Umarov: its is read by a middle ware processing code :)
[12:17] Vincent.Sylvester While you are all still here, I'd like to cast a vote what you believe the maximum length of a users password should be
[12:17] Ubit Umarov: 1 char
[12:17] Ubit Umarov: ( hihihi )
[12:18] Andrew Hellershanks: I don't think it matters. The password gets hashed before it is saved to a database.
[12:18] Bill Blight: 8-12 seems to be the internet standard
[12:18] Andrew Hellershanks: Well, the longest would be how long a password a person is willing to type if they have to type it manually every time.
[12:18] Gavin.Hird in my viewer it is set to 16 x utf-8 characters
[12:19] Gavin.Hird db supports 32
[12:19] Gavin.Hird and with utf-8 collocation
[12:19] Vincent.Sylvester I think only the hash is 32 chars, if you enter more the hash looks different, but it seems to be truncated to that length maybe
[12:20] Gavin.Hird there should be 4 byte per utf8 character
[12:20] Ubit Umarov: we still use the mysql 3bytes standard
[12:20] Andrew Hellershanks: Gavin, what db is supporting 32 characters?
[12:20] Ubit Umarov: that does have a few issues, but we still can't change it
[12:21] Andrew Hellershanks: Bill, it turns out I have 672 terrainImage assets in my Standalone. :P
[12:21] Gavin.Hird passwordHash varchar 32
[12:21] Gavin.Hird passwordSalt varchar 32
[12:21] Gavin.Hird with utf-8 collocation
[12:21] Bill Blight: hehe
[12:21] Andrew Hellershanks: That is a hash. That doesn't indicate the length of the password.
12:22] Ubit Umarov: as you said, that is lost
[12:22] Gavin.Hird that is the storage for it
[12:22] Gavin.Hird the viewer limits it to 16
[12:22] Vincent.Sylvester Yours does, no other viewer apart maybe Lumiya or older v1 viewers have that limit hardcoded
[12:23] Gavin.Hird the SL viewer does also
[12:23] Bill Blight: so because SL does it , that is the way we should do it, I thought we were past that
[12:23] Gavin.Hird which was changed in 2016
[12:24] Gavin.Hird so possibly FS has the change too and Cool VL
[12:24] Bill Blight: FS does not limit it to 16 or obviously Sheera would not be able to login
[12:25] Vincent.Sylvester Neither would I be here using 20 chars, as is default for Keepass
[12:25] Gavin.Hird In addition to code changs the login panel had this change
[12:25] Gavin.Hird - max_length_bytes="64"
+ max_length_bytes="16"
[12:25] Gavin.Hird so it used to be 64 bytes
[12:26] Gavin.Hird you can see the full code change here
[12:27] Vincent.Sylvester With us having access to connect actual currency to things should we not follow standard of online banking?
[12:28] Gavin.Hird online banking in this country use 2FA
[12:28] Ubit Umarov: well $ is not opensim thing
[12:28] Andrew Hellershanks: Charge high fees on a lot of transactions? ;)
[12:28] Gavin.Hird :-)
[12:28] Ubit Umarov: $ is a lot more that just good tech solutions
[12:28] Bill Blight: ummm
[12:28] Bill Blight: what do you mean vincent
[12:28] Ubit Umarov: i prefer leave to to those that understand it ( and pay insurences etc etc )
[12:29] Bill Blight: we connect to outside payment processors via exchanged keys most of the time, our grid password has nothing to do with that
[12:29] Bernd.Steinhardt hi hi ... whose idea was it to name a database column "name"? (just searching for maptile items)
[12:29] Vincent.Sylvester If you manage to login in as me you can send yourself all my Gloebits for example
[12:30] Vincent.Sylvester If, like many others, I happen to use the same password for everything, you could login into PayPal as well and load your avatar up with that
[12:30] Bill Blight: if someone is going to spend enough time to crack your 10 char password they will spend it to crack your 20
[12:30] Vincent.Sylvester The time difference between that is massive however
[12:31] Leighton.Marjoram The simple and most secure answer to that is dont use the same passwords
[12:31] Bill Blight: yep
[12:31] Leighton.Marjoram thats internet security 101
[12:31] Bill Blight: you are asking opensim to come up to your standard of laziness
[12:31] Bill Blight: LOL
[12:31] Andrew Hellershanks: Vincent, just use the backtick marks around the field name. :)
[12:31] Vincent.Sylvester I use Keepass for everything which defaults to 20 chars
[12:32] Leighton.Marjoram particularly as the viewer passes the password in plaintext over the wire
[12:32] Vincent.Sylvester Unfortunately most people use the same short password for everything
[12:32] Bill Blight: well good for you, does not mean everyone has to support that
[12:32] Leighton.Marjoram well they can take the responsibility for not following sounds advise
[12:32] Vincent.Sylvester You can debate entropy all day, password length has a direct impact on security, the longer the better
[12:32] Leighton.Marjoram the length and using the same password are two things
[12:33] Bill Blight: you may have a long password but since you use the same one everywhere, that just pretty much throws security out the window
[12:33] Leighton.Marjoram nods
[12:33] Vincent.Sylvester Well I don't do that either hence Keepass
[12:33] Leighton.Marjoram thats eactly what I use it for
[12:34] Vincent.Sylvester Point is, short passwords and using them everywhere, crack it on OpenSim, use it for PayPal
[12:34] Leighton.Marjoram it even tells you when you have two sites that have the same password
[12:34] Andrew Hellershanks: The time has certainly flown today. We have been going for an hour and a half. Any last OpenSim issues before we wrap up for today?
[12:35] Vincent.Sylvester Allow longer passwords on OpenSim and viewer, make people less likely to use short password and fall into said trap
[12:35] Bill Blight: allow and enforce are 2 entirely different things
[12:35] Andrew Hellershanks: Allowing use of longer passwords does not make it less likely that people will use short passwords if they are typing them in by hand.
[12:36] Bill Blight: exactly
[12:36] Vincent.Sylvester So because some people are stupid we shouldn't implement any security?
[12:36] Leighton.Marjoram unless you use some form of validation on the password creation box to enforce the length
[12:37] Bill Blight: I enabled complex passwords for exactly ONE DAY on my grids site, and got dozens of, "I can't" or "I won't" sign up complaints
[12:37] Bill Blight: I thought passwords were security
[12:37] Bill Blight: just because they don't meet with YOUR approval does not mean everyone should adhere to that
[12:38] Andrew Hellershanks: OpenSim already hashes the plaintext password with a random salt string. Beyond that, it is a matter for the places where passwords are entered for the first time to decide what will be allowed.
[12:38] Bill Blight: exactly andrew
[12:38] Bill Blight: and opensim itself allows up to 32 char
[12:38] Vincent.Sylvester Yes, but that is not set as standard which is all I am asking for damnit
[12:38] Bill Blight: so this is not an opensim issue, but one evidently specific to Gavin's viewer
[12:39] Vincent.Sylvester I want to get clarification on what OpenSim sees as max allowed password length
[12:39] Andrew Hellershanks: I want to file a bug report against Blender. Their site has rules that are disallowing the unique password I would use with that site. I've had to stop and try and thing of what other password I could use that will be one I will remember for that site.
[12:39] Bill Blight: pretty sure it is 32 char vincent
[12:39] Vincent.Sylvester Not just for Dayturn, Lumiya has the same problem
[12:39] Bill Blight: that is what the field is
[12:39] Leighton.Marjoram I personally dont see the value for longer passwords on Opensimulator, Paypal and payment portals a little more so. But there are other security considerations that are more important like encryption and not using the same password everywhere.
[12:40] Vincent.Sylvester The point is, even PayPal allows 20 chars max, that's all I wanted to say with that
[12:40] Vincent.Sylvester 16 to me feels short these days
[12:41] Vincent.Sylvester A minimum length is up to the grid operator sure, that's not the point though
[12:41] Vincent.Sylvester What standard do they follow for their code if there is none set toward what max length should be
[12:42] Andrew Hellershanks: If you are concerned about security in regards to password length, why limit it at all?
[12:42] Andrew Hellershanks: You could set a limit, if you wanted a limit, of 255 characers.
[12:42] Andrew Hellershanks: This is probably a good timet o wrap up this meeting now that the discussion is about passwords.

Personal tools
About This Wiki