[Opensim-users] Banning "bad" viewers was Re: Can this be done?

Karen Palen karen_palen at yahoo.com
Wed Jan 13 08:18:17 UTC 2010 

I suppose the way to disprove this would be to compile a version of the "genuine" Linden Labs viewer with all content checking disabled and the capability to do some sort of nastiness then distribute it to all the script kiddies somehow.

I am sure there are people out there who will do (or have done) exactly that, but it will not be me even to prove a point. A quick look at the code says it should be about a half day's work, less if I reverse engineered some version of copybot.

In my estimation that makes the illusion that checking the ID exactly equivalent to illusion presented by a dummy fire extinguisher. We just have not (yet) identified which "genuine LL viewer" is the really the fake!

In theory there is no difference between theory and practice, in practice there is!

Karen

--- On Wed, 1/13/10, John Ward <jward at uci.edu> wrote:

> From: John Ward <jward at uci.edu>
> Subject: Re: [Opensim-users] Banning "bad" viewers was Re: Can this be done?
> To: opensim-users at lists.berlios.de
> Date: Wednesday, January 13, 2010, 12:45 AM
> Karen Palen wrote:
> > Hmm, somehow your posts are coming with a really
> strange time stamp. I
> > would guess that the local time zone on your machine
> is incorrect.
> 
> No, just the clock off, and off by enough to keep NTP from
> updating it 
> automatically.
> 
> > My central point remains that knowing the viewer ID
> string does nothing to
> > prevent any such attack, this is simply one
> workaround.
> 
> With all do respect the first of your claims I responded to
> had been that 
> using the ID string was worse then doing nothing. 
> Which is false.  Then you 
> went with it does NOTHING apart from "feelgood"! 
> Which is also false.  Now 
> its it does nothing to prevent an attack.  I mostly
> agree with that.  What it 
> does do is limit a viewer based on how it identifies itself
> which is something 
> and may be worth doing to some even if you disagree with
> that practice.  If 
> one wants users to use a particular viewer this can be a
> good first step.  I 
> say mostly because any attack that doesn't identify itself
> with a blessed ID 
> string gets blocked.  It works this way no matter how
> many times you call that 
> "worse then nothing", "feel good" or plain "nothing".
> 
> John.
> _______________________________________________
> Opensim-users mailing list
> Opensim-users at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-users
>

More information about the Opensim-users mailing list