No subject


Sat Apr 19 01:31:08 UTC 2014 

understanding of how the assest server works.
Also, I don't think I will play with that, but I was thinking of writing
this info up in a blog post. Do you have a link to any additional
information on your cryptogrid assest provider?

Couple questions about the assest servers... 
Could I now run an assest server localy, and allow connections to other
grids securing my assest here?
Even if I could do this wouldn't it all still boil down to the CIL reaching
an unsecure sim?
I ask these questions because ealier someone mentioned trusted
asset/inventory servers as possible furture solutions. I tried to find more
info from past emails, but could not.

Thanks again for everyone time answering my questions on this topic. I do
appreciate it. 
I fully understand its impossible to protect data in any format 100% if its
ever going to be used outside of a controlled enviroment.


-----Original Message-----
From: opensim-dev-bounces at lists.berlios.de
[mailto:opensim-dev-bounces at lists.berlios.de] On Behalf Of Frisby, Adam
Sent: Thursday, March 19, 2009 8:05 PM
To: opensim-dev at lists.berlios.de
Subject: Re: [Opensim-dev] Couple questions on scripts

The short answers here are:
- The sims need unencrypted copies of scripts for operations (to compile
them, etc). You can pass them the assemblies (compiled results), however CIL
(our bytecode language) can be decompiled back to source form with
remarkable accuracy (it's at the very least human readable).
- So anyone who has a region that is running your scripts could potentially
intercept them.
- The grid & asset servers don't need unencrypted copies. If you are
uploading onto an untrusted grid for use in a trusted subsection, there is
the cryptogrid asset provider I wrote a while ago -- however this only works
if you trust the region operators who you give the decryption key to. (and
of course, you won't be able to use the asset without them having it). It
definitely won't be as convenient since you need to provide the keys before
rezzing the object, but it might be useful if you want to say run some
private scripts on a region you self-host on OSGrid.org, and don't want the
osgrid team getting a copy.

Adam

> -----Original Message-----
> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
> bounces at lists.berlios.de] On Behalf Of Skidz Tweak
> Sent: Thursday, 19 March 2009 12:43 PM
> To: opensim-dev at lists.berlios.de
> Subject: Re: [Opensim-dev] Couple questions on scripts
> 
> That's very interesting. I like the idea of trusted asset/inventory
> servers.
> I will look through the past emails for more information on that
> project
> aspect. Thanks.
> 
> -----Original Message-----
> From: opensim-dev-bounces at lists.berlios.de
> [mailto:opensim-dev-bounces at lists.berlios.de] On Behalf Of Melanie
> Sent: Thursday, March 19, 2009 2:23 PM
> To: opensim-dev at lists.berlios.de
> Subject: Re: [Opensim-dev] Couple questions on scripts
> 
> Hi,
> 
> basically, to answer "yes" to your question #1, ALL of the following
> must be true:
> 
> - The grid must be owned and operated by a single entity
> - Said entity must have a TOS, statement and/or track record of
> respecting content creators' rights
> - No outside regions can connect
> - No outside persons can access the shell or database of the grid
> 
> It would be up to you to determine whether you trust the operator of
> the grid. Currently a few such grids exist.
> 
> Generally, if a grid allows outside connections or Hypergridding, it
> is not safe.
> 
> However, hypergrid is moving towards a safe way to distribute
> content from authenticating asset/inventory servers. Eventually this
> may lead to signed binary assemblies being passed around the
> simulators, with the region operators trusting the certificates.
> However, this will likely not prevent retention of copies of the
> goods, so the above points about trusting the operators still apply.
> Even though your script source code can't be stolen in this future
> scenario, permissions as we know them today could easily be
> circumvented.
> 
> Melanie
> 
> 
> Skidz Tweak wrote:
> > Hi all, I finally set up a openSim of my own, and its working great.
> The
> > development community in this project has done an outstanding job so
> far
> > (based on my own experiences).
> > The setup process was easy, so easy I over complicated it by creating
> the
> > database tables and such myself prior to running it causing some
> problems
> :)
> >
> > I just had a couple questions:
> > 1. Are scripts safe on other grids? I get a number of request to move
> my
> > tools into other grids.
> > 	And what I mean by safe is, people can't steal them.
> > 2. I am guessing the real answer to question number 1 is no, so...
> Has
> there
> > been any effort in the direction of maybe a different way to
> distribute
> > items on the new grids?
> > 	For example, I could imagine an install package for a sim, or
> grid
> > that could ensure  purchase in an encrypted maner with a cert or
> something.
> >
> > Just some thoughts and thx for your time.
> >
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at lists.berlios.de
> > https://lists.berlios.de/mailman/listinfo/opensim-dev
> >
> >
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
> 
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev

More information about the Opensim-dev mailing list