[Opensim-users] Banning "bad" viewers was Re: Can this be done?

Wed Jan 13 18:58:21 UTC 2010

--- On Wed, 1/13/10, John Ward <jward at uci.edu> wrote:

> From: John Ward <jward at uci.edu>
> Subject: Re: [Opensim-users] Banning "bad" viewers was Re: Can this be done?
> To: opensim-users at lists.berlios.de
> Cc: "Karen Palen" <karen_palen at yahoo.com>
> Date: Wednesday, January 13, 2010, 10:06 AM
> 
> 
> On 01/13/2010 12:18 AM, Karen Palen wrote:
> > I suppose the way to disprove this would be to compile
> a version of
> > the "genuine" Linden Labs viewer with all content
> checking disabled
> > and the capability to do some sort of nastiness then
> distribute it to
> > all the script kiddies somehow.
> 
> What would this prove?  I think it would prove that
> one would have to 
> use a client that identifies itself with a blessed ID.

It would be the equivalent of some crook who sells defective fire extinguishers at a flea market.

Whatever evil characteristics you consider to be equivalent to a defective fire extinguisher can be included in such a "viewer". This serves to counter the argument about "script kiddies" not being able to do this.

> > I am sure there are people out there who will do (or
> have done)
> > exactly that, but it will not be me even to prove a
> point. A quick
> > look at the code says it should be about a half day's
> work, less if I
> > reverse engineered some version of copybot.
> 
> You must have lots of spare time to call a half day's work
> NOTHING.

Well I HAVE been retired for many years now LOL

In fact it is a matter of priorities, however there are certainly plenty of people out there who WILL spend this time. 

One datum point is to check something like "Windows 7" on Pirate Bay, this morning there were over 900 in the search results. Checking the more popular looking ones shows that someone is spending a huge amount of time and effort cracking and repackaging the software for any "script kiddie" who cares to download one.

I would be very surprised if there were NOT somehting out there that pretends to be the LL viewer in fact. 

Changing the ID string takes some effort on the part of the coder and it is hardly somehting that someone who is trying to produce a "bad" version will care about.

> > In my estimation that makes the illusion that checking
> the ID exactly
> > equivalent to illusion presented by a dummy fire
> extinguisher. We
> > just have not (yet) identified which "genuine LL
> viewer" is the
> > really the fake!
> 
> The broken analogy again....  What fire does a dummy
> fire extinguisher 
> put out?  Blocking based on ID will block any client
> with the wrong ID. 

Which accomplishes exactly what? NOTHING!

>   It will let any client in with a correct ID even an
> undesirable one. 

Which makes the check essentially useless as a security tool.

> I find it painfully amusing that on one hand you call this
> nothing and 
> on another complain how it hurts good users.  If its
> nothing how can it 
> hurt good users?

It hurts good users by removing a tool that they can use to work around bugs and communications problems. 

I use different viewers on Linux and on Windows for just that reason.

Karen