[Opensim-users] Banning "bad" viewers was Re: Can this be done?
John Ward
jward at uci.edu
Wed Jan 13 17:06:26 UTC 2010
On 01/13/2010 12:18 AM, Karen Palen wrote:
> I suppose the way to disprove this would be to compile a version of
> the "genuine" Linden Labs viewer with all content checking disabled
> and the capability to do some sort of nastiness then distribute it to
> all the script kiddies somehow.
What would this prove? I think it would prove that one would have to
use a client that identifies itself with a blessed ID.
> I am sure there are people out there who will do (or have done)
> exactly that, but it will not be me even to prove a point. A quick
> look at the code says it should be about a half day's work, less if I
> reverse engineered some version of copybot.
You must have lots of spare time to call a half day's work NOTHING.
> In my estimation that makes the illusion that checking the ID exactly
> equivalent to illusion presented by a dummy fire extinguisher. We
> just have not (yet) identified which "genuine LL viewer" is the
> really the fake!
The broken analogy again.... What fire does a dummy fire extinguisher
put out? Blocking based on ID will block any client with the wrong ID.
It will let any client in with a correct ID even an undesirable one.
I find it painfully amusing that on one hand you call this nothing and
on another complain how it hurts good users. If its nothing how can it
hurt good users?
> In theory there is no difference between theory and practice, in
> practice there is!
>
> Karen
>
> --- On Wed, 1/13/10, John Ward<jward at uci.edu> wrote:
>
>> From: John Ward<jward at uci.edu> Subject: Re: [Opensim-users] Banning
>> "bad" viewers was Re: Can this be done? To:
>> opensim-users at lists.berlios.de Date: Wednesday, January 13, 2010,
>> 12:45 AM Karen Palen wrote:
>>> Hmm, somehow your posts are coming with a really
>> strange time stamp. I
>>> would guess that the local time zone on your machine
>> is incorrect.
>>
>> No, just the clock off, and off by enough to keep NTP from updating
>> it automatically.
>>
>>> My central point remains that knowing the viewer ID
>> string does nothing to
>>> prevent any such attack, this is simply one
>> workaround.
>>
>> With all do respect the first of your claims I responded to had
>> been that using the ID string was worse then doing nothing. Which
>> is false. Then you went with it does NOTHING apart from
>> "feelgood"! Which is also false. Now its it does nothing to
>> prevent an attack. I mostly agree with that. What it does do is
>> limit a viewer based on how it identifies itself which is
>> something and may be worth doing to some even if you disagree with
>> that practice. If one wants users to use a particular viewer this
>> can be a good first step. I say mostly because any attack that
>> doesn't identify itself with a blessed ID string gets blocked. It
>> works this way no matter how many times you call that "worse then
>> nothing", "feel good" or plain "nothing".
>>
>> John. _______________________________________________ Opensim-users
>> mailing list Opensim-users at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-users
>>
>
>
>
> _______________________________________________ Opensim-users mailing
> list Opensim-users at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-users
>
More information about the Opensim-users
mailing list