[Opensim-dev] Always mutable assets in OpenSim -- does it make sense?

J Ross Nicoll jrn2005 at cs.st-andrews.ac.uk
Mon Jan 5 13:15:49 UTC 2009 

Apologies for the thread necromancy, catching up rather late...

MD5 has been broken: http://www.theregister.co.uk/2008/12/30/ssl_spoofing/
SHA1 has flaws, and the recommendation is to be moving quickly towards  
SHA 256.

On 17 Dec 2008, at 19:57, Hurliman, John wrote:

> You can overwrite assets on the SL grid today if you can manage an  
> MD5 collision. If you break SHA1, I would be worrying a lot more  
> about the root CAs that have signed nearly every SSL certificate on  
> the web.
>
> https://www.verisign.com/repository/root.html
>
> John
>
>> -----Original Message-----
>> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
>> bounces at lists.berlios.de] On Behalf Of Frisby, Adam
>> Sent: Wednesday, December 17, 2008 1:06 AM
>> To: opensim-dev at lists.berlios.de
>> Subject: Re: [Opensim-dev] Always mutable assets in OpenSim -- does  
>> it
>> make sense?
>>
>> Be careful here however,
>>
>>
>>
>> Because if the hashing algorithm you choose ever gets 'broken' where
>> it's possible to calculate a binary against a desired result, then
>> people can potentially overwrite existing assets, etc.  A long hash
>> tends to act as a good barrier against this. (256bit+ is ideal.)
>>
>>
>>
>> Regards,
>>
>>
>>
>> Adam
>>
>>
>>
>> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
>> bounces at lists.berlios.de] On Behalf Of Stefan Andersson
>> Sent: Wednesday, 17 December 2008 12:59 AM
>> To: opensim-dev at lists.berlios.de
>> Subject: Re: [Opensim-dev] Always mutable assets in OpenSim -- does  
>> it
>> make sense?
>>
>>
>>
>> First step would probably be to implement the sha-based binary store
>> that you bring up and that we've discussed earlier, so that the
>> immutables at least share the same binary data row. Right now, I
>> believe we're seing massive duplication when people export/import
>> content between worlds. Storing the binaries separately by sha key
>> would probably be an low hanging fruit.
>>
>> I would say that it's probably very much up to the service (aka 'the
>> grid') how assets should be managed. On an grid that employs a
>> consumer/producer division (like a fantasy game) you could probably
>> reap dead assets quite aggressively. In a SL business model, it
>> becomes harder, as they have to ensure consistent user experience  
>> in a
>> heterogenous environment.
>>
>> Best regards,
>> Stefan Andersson
>> Tribal Media AB
>>
>>> Date: Sun, 14 Dec 2008 14:48:01 +0900 From: mmazur at gmail.com To:
>>> opensim-dev at lists.berlios.de Subject: [Opensim-dev] Always mutable
>>> assets in OpenSim -- does it make sense?
>>>
>>> Hi,
>>>
>>> Melanie's recent thread[1] on updating assets prompted me to put in
>>> writing some thoughts on this topic I've been having.
>>>
>>> I'm curious whether it may be beneficial to make assets mutable.
>>> AFAIK assets are currently immutable because of a LL decisions early
>>> on to re-use one asset instance for very popular items sold
>>> no-modify. This makes sense for them because they can:
>>>
>>> * clean up unused assets since they own the entire infrastructure
>>> (regions & DBs)
>>> * save on space because they anticipate more identical copies rather
>>> than slightly modified copies
>>>
>>> Perhaps taking the opposite approach in OpenSim would be a better  
>>> fit?
>>> I mean, copying assets when they are transferred between owners, and
>>> modifying them if they are modified in-world. I can see a few  
>>> reasons
>>> this might be beneficial:
>>>
>>> * OpenSim's databases are distributed so cleaning them (reaping dead
>>> assets) is more difficult
>>> * with the advent of distributed asset servers and the long-term
>>> vision of a wide open 3D Internet (like HyperGrid), when an item is
>>> transferred in-world its assets should probably be stored in that
>>> avatar's own inventory DB *anyway*
>>> * disk is cheap, and I wonder which is more wasteful -- multiple
>>> copies of an asset, each differing slightly due to minor edits over
>>> time, or multiple copies of identical assets because they correspond
>>> to different objects in-world
>>>
>>> I see this as a cleaner approach to assets for the future. Sure,
>>> storing duplicate identical assets in a DB can be wasteful, but this
>>> could be alleviated with hashes of the asset or whatnot (I believe
>>> this was brought up on this list before).
>>>
>>> I realize this change would mean deep, possibly breaking, changes
>>> throughout the source code, would take a long time to hash out, etc.
>>> I thought I'd throw it out there anyway.
>>>
>>> Your thoughts -- or perhaps clarifications on why this absolutely
>>> cannot be done -- appreciated :)
>>>
>>> Thanks,
>>> Mike
>>>
>>> [1] https://lists.berlios.de/pipermail/opensim-dev/2008-
>>> December/004025.ht ml  
>>> _______________________________________________
>>> Opensim-dev mailing list Opensim-dev at lists.berlios.de
>>> https://lists.berlios.de/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev

The University of St Andrews is a charity registered in Scotland : No  
SC013532

More information about the Opensim-dev mailing list