[Opensim-dev] Interrelated difficult problems related to asset portability

Kyle Hamilton aerowolf at gmail.com
Wed May 28 11:09:19 UTC 2008 

On Wed, May 28, 2008 at 3:50 AM, Antti Ilomäki
<antti.ilomaki at adminotech.com> wrote:
> Hi
>
> Being off-topic is a valid concern, some conversation on the subject is probably fine to get some opinions and consider the potential impact on OpenSim (the external modules could for example need some support functionality in the core architecture etc.), but in general this discussion should probably happen somewhere else. But the subject is important and so is the discussion, which means that we really should find the appropriate forum.
>
> Being open source doesn't mean you have to give up hopes of being secure. For example Linux's inner workings are pretty well known, but cracking the system is still not exactly trivial. And as long as OpenSim is BSD, adding proprietary solutions is quite simple, if deemed necessary. It's important to remember that nothing's really 100% secure, but if the most important and popular sites and avatar services have the protection on, it'll probably be a very strong incentive for not resorting to piracy.

Er.  *puts on security expert hat*

Cracking a Linux system is non-trivial because everything is in the
same administrative domain.  One entity -- the system administration
team -- owns the entire machine from kernel to supporting software.
While there's a team that writes the kernel, and that team isn't
running the system, the ultimate responsibility for every aspect of
the system's performance and behavior is retained by the system
administration team.  (And the fact that the source is open means that
they can fix bad behavior so it's not a problem any longer.)

In contrast, every DRM system fails because that ultimate level of
trust cannot be transitive across administrative domains -- especially
to administrative domains owned by and controlled by the DRM system's
adversaries.

*takes off security expert hat*

For a portable asset system that content creators can have any faith
in, these are still issues that need to be addressed.  Asset location
(which I suggest a DHT for).  Content protection (which requires a
couple extra fields to the protocol and the asset database).  Whatever
else the third thing was (which I've forgotten since I've gotten so
caught up in explaining why DRM is such a bad idea).

-Kyle H

More information about the Opensim-dev mailing list