[Opensim-users] Banning "bad" viewers was Re: Can this be done?

Karen Palen karen_palen at yahoo.com
Wed Jan 13 01:14:43 UTC 2010 

--- On Tue, 1/12/10, Imago <imagorabbit at gmail.com> wrote:
...
> But in my opinion even fragile filtering is better then
> none at all. Because 
> while some could get in the population en masse wouldn't be
> able to.

This statement and the responses to it illustrate the reason I changed the subject line to a generic one. Sadly you are not the only person who thinks this way and it is totally false! 

I hasten to add that this tirade is not specifically directed at you, but at the general notion that you express here. You propose a very bad idea which is far too highly respected by the naive and inexperienced. 

This approach is far worse than "security by obscurity", rather it is merely "feelgood security". By analogy it is like installing dummy fire extinguishers rather than ones which work because "at least" the dummy ones make everyone feel more secure. I suggest you ask your local fire department about the wisdom of dummy fire extinguishers!

The problem is that no security measure comes without a penalty. That penalty is usually paid by your desired (and honest) users. The penalty is usually not apparent before deployment, but the penalty is very real and often deadly.

Typically what suffers is the robustness of the system (frequent crashes, loss of data, etc.) or simple lack of usefulness for its intended job. In this case there may well be very good reasons for people to use other viewers on occasion. 

I count 6 different Linux based viewers that I use regularly and a similar (but different) set that I use with Windows. Each of these have their strengths and weaknesses, and at one time or another each was the ONLY practical way of performing some function that I needed to do!

There is a time for bluffing, but planning your security system is not one of them. Especially if those being "bluffed" are on your team!

Probably your best guide is the OSGrid grid network which is intended as a "test bed" for the OpenSim software. They use the normal username/password system with a fairly simple registration system for access and apparently have few problems. I am sure that a direct email to one of the administrators of that network would bring some very good advice based on real world experience.

My suspicion is that an investment in regular and complete database backups (ask me how I know that!!!) would be far more useful and cost less effort overall than restricting user access based on some hypothetical problem with unknown viewer software.

Karen

More information about the Opensim-users mailing list