[Opensim-users] Call to discussion: code environment [Was: recent secondlife client versions don't support OSSL functions]

Dr Scofield DrScofield at xyzzyxyzzy.net
Fri Sep 26 17:00:29 UTC 2008 

Diva Canto wrote:
> It may be annoying for experimentation, but it is possible that Linden
> Lab (r)/(tm) is doing this to start addressing the security issues of
> interoperability. Once we have (a) clients running in untrusted servers;
> and (b) servers running code sent by untrusted clients, all sorts of bad
> stuff can happen. Or it may be that they're just doing it to prevent LL
> viewer users from experiencing non-LL servers. Who knows.
> 
> But the security issues are valid, whether that's LL's motivation or
> not. It all boils down to trust. One of these days opensim will have to
> start walking that slippery alley, and come up with a trust API for
> servers and clients. I think we have an opportunity to do this right.
> Trust is a people thing. Unlike the web, where people don't exist (only
> ghostly agents defined by IPs and, maybe, cookies), we have people here.
> So the policies can be specified at users' level. LL's static API
> checking seems a bit odd. It may make more sense to ask the user whether
> she trusts the region server.

i think this is just bad design: checking at the client and trusting the client
to send "good" code to the server is just naive. the server (if it wants to
survive) has to be its own guardian. after all, we don't stop fixing apache bugs
and assume, "oh, the client will prevent exploits from coming our way"...


> 
> As for Stefan's idea of an aux client editor for code: have you tried
> Visual C#? It's great! hehe ;-)
> Seriously, my group here has been experimenting with all sorts of
> completely different clients to get/post all sorts of different things
> from/into the world. Once the Http server was made accessible to region
> modules, there's no limit to what can be done, really... But for this to
> scale beyond experimentation, we need to figure out trust.

no. we need to have clear protocol specs and our grids need to be coded in such
a way that they guard themselves.

trust comes in at much higher level (for example, do i trust that grid to adhere
to the licenses i attach to my objects?). trust should never replace caution and
self-defense.

	dr scofield

-- 
dr dirk husemann ---- virtual worlds research ---- ibm zurich research lab
SL: dr scofield ---- drscofield at xyzzyxyzzy.net ---- http://xyzzyxyzzy.net/
RL: hud at zurich.ibm.com - +41 44 724 8573 - http://www.zurich.ibm.com/~hud/

More information about the Opensim-users mailing list