[Opensim-users] Banning "bad" viewers was Re: Can this be done?

[Kyle Hamilton]

My apologies, Karen;  I was actually directing most of this to Imago.

(My comments about Arizona, photo radar, red-light cameras, and
California are all still directed toward you, but they open a
different topic which is outside the scope of this list.)

-Kyle H

2010/1/14 Kyle Hamilton <aerowolf at gmail.com>:
> This is completely off-topic at this point, and after this (unless someone adds useful signal) I'm ignoring this thread.
>
> On Thu, Jan 14, 2010 at 8:36 AM, Karen Palen <karen_palen at yahoo.com> wrote:
>> In fact it takes a certain amount of effort to change the default ID which is built into the viewer code. Effort that no malware writer will expend!
>
> ...until you issue a challenge like that. Further, the 'default ID' can be changed *on the commandline*. Because of this, there's no requirement to recompile/relink the viewer when you want to change that ID string, which reduces (by several orders of magnitude) the amount of time necessary to brute-force the string necessary. And, since you've essentially stated that you want the "official" Linden viewer, all someone has to do is figure out which version string(s) of the released viewer your grid will accept.
>
> If you want security through obscurity, that's wonderful... but when you make it no longer obscure, it's no longer secure. You have definitely removed the obscurity from your system through your announcement of your plans in this thread.
>
> I have already stated the only even-remotely-secure way to do it, and even that, if you want any kind of grid population at all, is going to require some kind of automation. (That way is server/client mutual cryptographic authentication, handled via TLS.) Personally, I'd rather each change to a primitive be written to a log as a revertable changeset... but I'll let you know when I figure out how to do that.
>
>> There are a great many crazy ideas that hide under the banner of "security".
>>
>> Here in Arizona we have a traffic camera scam which is being promoted as "safety". The huge amount of statistical evidence which proves this to be false is simply ignored.
>
> Traffic cameras have been held unconstitutional in the state of California. I used to live in Arizona; I pity that you do.
>
> The problem that those traffic cameras were supposed to stop can be resolved, much more effectively, by increasing the length of the yellow light to at least 2 seconds. The bigger problem is that most city councils were convinced that it could be a revenue-generation system, and thus most councils directed that yellow lights be shortened, thus increasing the danger of entering an intersection in the first two seconds after a green light.
>
>> Many people are receiving citations for speeding when in fact they are sick or travelling outside the US.
>
> ...which is why they've been held unconstitutional in CA. (As has photo-radar, since the operator of the vehicle is the one responsible for the violation -- not the owner or registered owner of the vehicle used for the violation.)
>
>> Karen
>
> The point is to identify the end result of what you want, and you've identified it as "I don't want anyone fucking with the prims on my grid unless I grant them permission." You have generalized this to "I don't want anyone I can't trust not to fuck with the prims on my grid to connect to my grid," and are now trying to find a way to enforce that. We've all told you *why* your approach is flawed. We've all told you *how* your approach is flawed. We've even tried to provide you with *better directions* to find the solution to your problem.
>
> All the while, you've been stubbornly refusing to accept any solution more complex than the not-a-solution that you've come up with, and have been vocally defending something that, to be effective, must be kept secret. (Since it's no longer a secret, it no longer has any effectiveness. Congratulations on shooting yourself in the foot.)
>
> -Kyle H