[Opensim-users] Banning "bad" viewers was Re: Can this be done?

diva at metaverseink.com diva at metaverseink.com
Tue Jan 12 14:15:28 UTC 2010 

As Teravus said, the LL viewer sends a string identifying itself and a 
version. In the new login procedure that is captured by the 
LLLoginHandlers as
   if (requestData.Contains("version"))
     clientVersion = requestData["version"].ToString();

Right now we're not doing anything interesting with this information. 
When this refactoring makes it to the master branch, people can replace 
/ augment the existing LLLoginHandlers to do other things including 
filtering logins according to this field.

But as others said here, this is a very fragile filtering, as any viewer 
can send that field saying that it's an LL viewer.

Imago wrote:
> Ah! Thank you. I did read something on the subject, but then suffered a hard 
> drive death and it wiped out any settings I had. :( Google comes up with way 
> too much junk when you look for stuff as well as Mantis stuff and Jiras. I 
> will check in to this. So, now I know it is possible. :D Now, it's just 
> finding a way to do it. *shrugs and laughs* If it keeps a few kids out than 
> that's fine. I'd rather have fun then to have to police my console for 
> logins. :D
> 
> ----- Original Message ----- 
> From: "Teravus Ovares" <teravus at gmail.com>
> To: <opensim-users at lists.berlios.de>
> Sent: Monday, January 11, 2010 11:56 PM
> Subject: Re: [Opensim-users] Banning "bad" viewers was Re: Can this be done?
> 
> 
>> The viewer information is sent when the viewer logs in.      If you
>> check the viewer channel version string when the viewer logs in, you
>> can deny based on a string match.      That's the easy (and least
>> effective way) to lock only specific viewers.
>>
>> I believe that diva and Melanie_T were the last to work on these
>> areas..    so they would probably be able to tell you where to check
>> 'best'.
>>
>> One thing to note, however, is..
>>
>> The viewer logs into the 'user service' by sending an XMLRPC request
>> to the HTTP Service with the login_to_simulator method.    It's at
>> this time that the 'viewer channel string' should be checked.
>>
>> Teravus
>>
>> On Tue, Jan 12, 2010 at 12:34 AM, Imago <imagorabbit at gmail.com> wrote:
>>> Mostly I want this because of piece of mind, but also because I am
>>> considering compiling a viewer on Hippo code that will have a different
>>> channel code altogether that I will probably use for the sim. If I can 
>>> lock
>>> off viewers that don't have my exact channel or code then I can be sure 
>>> only
>>> official viewers can get in. Right now the sim is only for friends but if 
>>> I
>>> open it up to more I wouldn't want idiots coming in and mucking about the
>>> place. Which is why I was asking. I know that some opensim *shaking head* 
>>> I
>>> wish I could remember who and where banned certain viewers from logging 
>>> in.
>>> I'm not sure how she/he did it, though, but it got me curious as to how 
>>> it's
>>> done. That and I wouldn't really want someone using something like Cryo 
>>> or
>>> even Meerkat, but as you said... They probably all have the same default
>>> code. But if I put in another code and compiled it off of hippo or 
>>> Linden's
>>> viewer I could put in my own channel and have others not able to enter. I
>>> like security and peace of mind, but security in this day and age is a 
>>> myth.
>>> (Like those stupid broadcasting things that were supposed to stop 
>>> copybot.)
>>>
>>> But I was just curious if anyone had done it or heard of it. I want to 
>>> say
>>> openlifegrid did it, but I can't remember so I don't want to say for sure
>>> until I find it again. (computer crashes suck.)
>>> ----- Original Message -----
>>> From: "Karen Palen" <karen_palen at yahoo.com>
>>> To: <opensim-users at lists.berlios.de>
>>> Sent: Monday, January 11, 2010 11:24 PM
>>> Subject: Re: [Opensim-users] Banning "bad" viewers was Re: Can this be 
>>> done?
>>>
>>>
>>>> As I think of it the answer is the same.
>>>>
>>>> The Linden Labs viewer does send an identification and version number, 
>>>> bat
>>>> that really does very little. Almost every viewer out there is based on
>>>> the current LL viewer and many people don't bother changing this code 
>>>> for
>>>> their experimental versions.
>>>>
>>>> For example I just checked and I have a customised LL viewer where the
>>>> only change is that it will log on to my private sim by default. The ID
>>>> codes are identical to the original since I never bothered to change 
>>>> them.
>>>>
>>>> I use it to make sure that my private sim will run OK with the 
>>>> "official"
>>>> viewer.
>>>>
>>>> I am not really sure why you would want that restriction though. Should 
>>>> I
>>>> be considering that for my sim? Have I missed something here?
>>>>
>>>> Sorry.
>>>>
>>>> Karen
>>>>
>>>> --- On Mon, 1/11/10, Imago <imagorabbit at gmail.com> wrote:
>>>>
>>>>> From: Imago <imagorabbit at gmail.com>
>>>>> Subject: Re: [Opensim-users] Banning "bad" viewers was Re: Can this be
>>>>> done?
>>>>> To: opensim-users at lists.berlios.de
>>>>> Date: Monday, January 11, 2010, 10:05 PM
>>>>> I don't think anyone is
>>>>> understanding. :D It's not just Cryo. I want only
>>>>> Linden Lab viewers to be able to login. I've seen it done
>>>>> on other
>>>>> opensim's. I know people can get around that. But the point
>>>>> is... Not
>>>>> everyone is a coder. So, while they could compile and make
>>>>> it look like a
>>>>> Linden Lab viewer then so be it. I just want to know if
>>>>> there's a mod or
>>>>> string that I can put in to opensim to see what channel the
>>>>> viewer is
>>>>> sending, and if it's not the right one than to display an
>>>>> error message that
>>>>> would tell them to download an official release in order to
>>>>> login.
>>>>>
>>>>> Maybe I should have chosen my words better. Mentioning Cryo
>>>>> is like
>>>>> mentioning copybot, and responses only seem to be based on
>>>>> theft and copy
>>>>> protection. I just want to know if there's a string to
>>>>> block a viewer. I
>>>>> know people have done it I just can't remember what opensim
>>>>> I saw it done
>>>>> on. I also know that if I had Cryo source code I could
>>>>> compile and make it
>>>>> look like a Second Life release viewer. But not everyone is
>>>>> a hacker or a
>>>>> coder or both. Most people don't know how or can't compile
>>>>> a viewer or are
>>>>> too lazy to. So, they go look for one, and that's the basis
>>>>> for my thinking
>>>>> most theives are too lazy to try to figure out a way and
>>>>> will move on to the
>>>>> next target.
>>>>>
>>>>>
>>>>> So, the question I'm asking is:
>>>>> Is there a way for OpenSim to check a viewer string and
>>>>> allow or disallow
>>>>> based on that, and if so please let me know where that code
>>>>> is, and if
>>>>> not... Then I'll be burning the midnight oil again coding
>>>>> one up.
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Karen Palen" <karen_palen at yahoo.com>
>>>>> To: <opensim-users at lists.berlios.de>
>>>>> Sent: Monday, January 11, 2010 10:44 PM
>>>>> Subject: [Opensim-users] Banning "bad" viewers was Re: Can
>>>>> this be done?
>>>>>
>>>>>
>>>>>> The short answer is no.
>>>>>>
>>>>>> The more complete answer is that you while can easily
>>>>> detect some
>>>>>> characteristic of a viewer (or other software) which
>>>>> identifies that
>>>>>> viewer and use that to ban it, nothing can stop the
>>>>> authors of that viewer
>>>>>> from changing whatever characteristic you use.
>>>>>>
>>>>>> Worse yet, whatever characteristic you select to
>>>>> identify the "bad"
>>>>>> software will inevitably turn up in some other
>>>>> (innocent) viewer sooner or
>>>>>> later and will cause them to be banned for no reason.
>>>>>>
>>>>>> The best you could hope to achieve is some sort of
>>>>> "arms race" between
>>>>>> "bad" viewer creators and sim operators.
>>>>>>
>>>>>> In addition any viewer could be adapted for piracy.
>>>>> The original
>>>>>> experiments that resulted in
>>>>> libsecondlife/openMetaverse were based on
>>>>>> analysing the data stream between the Second Life
>>>>> Servers and the viewer
>>>>>> software (at the time ONLY the Linden Labs viewer) and
>>>>> had access to all
>>>>>> of that information. This was all done without
>>>>> modifying the viewer in any
>>>>>> way - it was proprietary at the time.
>>>>>>
>>>>>> Sadly the lesson of the endless failures of DRM
>>>>> schemes elsewhere shows
>>>>>> that the real losers are the honest/innocent users who
>>>>> are unable to do
>>>>>> the things that they really should expect to do with
>>>>> the content that they
>>>>>> have purchased.
>>>>>>
>>>>>> For example, I have completely stopped buying anything
>>>>> in Second Life
>>>>>> since I want to use the inventory I buy in my private
>>>>> sims as well. Sure I
>>>>>> can use pirate tools to do this, but if I have to do
>>>>> that to use my
>>>>>> purchases where I want to use them then why not just
>>>>> steal the stuff in
>>>>>> the first place?
>>>>>>
>>>>>> This is very similar to the situation with music CDs
>>>>> and DVDs, why build
>>>>>> an expensive collection if you will just have to
>>>>> re-purchase it in a few
>>>>>> years for the next technology and some DRM scheme
>>>>> tries to keep me from
>>>>>> playing my collection on the new equipment?
>>>>>>
>>>>>> There are several efforts being directed at come sort
>>>>> of "portable"
>>>>>> content. I hope that one or more actually proves to
>>>>> work, but I have no
>>>>>> illusions about that actually happening any time
>>>>> soon.
>>>>>> My opinion is that the best we can do at present is
>>>>> similar to the real
>>>>>> life piracy situation: stop the commercial marketing
>>>>> of pirated
>>>>>> merchandise as it is detected and reported. Ban anyone
>>>>> who engages in such
>>>>>> activities and if they persist bring real world law
>>>>> enforcement to bear.
>>>>>> For once Linden Labs seems to be using a reasonable
>>>>> version of this when
>>>>>> they state that the viewer is not the problem, it is
>>>>> the use of the
>>>>>> viewer. They have promised to act promptly to ban
>>>>> anyone using any viewer
>>>>>> for piracy.
>>>>>>
>>>>>> Karen
>>>>>>
>>>>>> --- On Mon, 1/11/10, Imago <imagorabbit at gmail.com>
>>>>> wrote:
>>>>>>> Is it possible to stop
>>>>>>> certain viewers from logging
>>>>>>> in to your opensim? Like Cryo?
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Opensim-users mailing list
>>>>>> Opensim-users at lists.berlios.de
>>>>>> https://lists.berlios.de/mailman/listinfo/opensim-users
>>>>>
>>>>> _______________________________________________
>>>>> Opensim-users mailing list
>>>>> Opensim-users at lists.berlios.de
>>>>> https://lists.berlios.de/mailman/listinfo/opensim-users
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Opensim-users mailing list
>>>> Opensim-users at lists.berlios.de
>>>> https://lists.berlios.de/mailman/listinfo/opensim-users
>>> _______________________________________________
>>> Opensim-users mailing list
>>> Opensim-users at lists.berlios.de
>>> https://lists.berlios.de/mailman/listinfo/opensim-users
>>>
>> _______________________________________________
>> Opensim-users mailing list
>> Opensim-users at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-users 
> 
> _______________________________________________
> Opensim-users mailing list
> Opensim-users at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-users
>

More information about the Opensim-users mailing list