« LL Circling the Wagons | Main | Not Advancing »

08/31/2008

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Cherowolf Redgrave

Hey Prokofy. As Sergeant Schultz would say "I know nothing!" I too am curious as to how anyone could so easily access Agni. I guess I should be alarmed as well. One would think there would be barriers in place to slap down unauthorized access. Glad to see your nod to Garrison Keillor of PHC. Love that show! Chero

Yumi Murakami

"Agni" is the technical name for the main grid, just like "Aditi" is the technical name for the beta grid. (I think there are two others too - "Siva" and "Lela" - one of which is the teen grid, and one of which is the alpha grid.)

As far as I can see from some other posts, Gareth modified the client to teleport from the main grid to his own local sim, while retaining his avatar.

My conjecture (and this is only conjecture) is that he modified the client so that it'd log into Second Life, authenticate into Second Life, and thus into Second Life's asset server plus the sim server for the sim he was in (this is normal, every user does this when they login), and then teleport to his own sim server **while retaining the existing, authenticated connection to the master asset server**, so that he could keep the assets onto his own sim.

Ann Otoole

agni = main grid
aditi = test grid
on login screen press ctrl-shift-g to open the grid selector.

Gridnaughts were to use aditi.

If Gareth really did access the main grid data that easily it explains why a design image I had shown to no one made it into the hands of my competition. I.e.; swiss cheese and nothing in SL at all is safe.

Hope it aint so.

Hey maybe that is why it is always chims, sex systems, and ao's full of expensive no copy animations that always vanish.

Of course the proper design would be all message based and no exposure to main grid internals be remotely possible. I.e.; no client developed by a responsible company would ever have any database connections at all. The client talks to the middleware only. Does anyone still write non secure code?

Yea I looked at the open source code. Oh well.

Too bad because, if I am not mistaken, Gareth was actually trying to get the http texture pipeline running which might mean a huge boost in client performance.

Yumi Murakami

I also thought only that the sim servers could talk directly to the asset server. Maybe there was some way of fudging it, though. Like, for textures, there could easily be a cube rezzed in front of his avatar on agni, which he can texture to any texture, thus causing the sim to load that texture and it to be sent to the client, whereupon it can be used in any context on the opensim.

Gareth Nelson

Wow, a lot of BS here.
I modified the OGP viewer and used a server-side proxy to enable TP out of agni. This worked by wrapping a proxy around the normal agni login server and serving up MY inventory and group chat sessions in a way that they persisted when I TPed out. There was no way I could access other people's inventory, nor would I want to.

I received an IM from a linden asking that I cease and desist, and I stopped. I never released this code anyway and was waiting on LL consent to do so. I also did not invite prok or anybody else to "come along" and was privately testing only.

If it weren't for the legal risks to myself, this code would be available for anyone to look at. Instead, you'll have to make do with the screenshots:
http://www.flickr.com/photos/gwengareth

There's also the blog posts on the subject here:
http://www.litesim.com/blog

I have not been banned from SL or sent to the cornfield, and was doing this with the full knowledge of various lindens. LL's legal department determined that I was breaking TOS clause 4.2 - the same one i've been requesting clarification of for several months and which Zero Linden and others forwarded my concerns about to legal. Since this issue had not been resolved, I willingly chose not to release the code until I had a statement from LL stating it was ok to do so.

Gareth Nelson

Just a note by the way:
"Yes, the aspies in SL are always "high-functioning" just like all the children are above average in Lake Wobegone."

By definition, aspies (people with aspergers - HIGHER FUNCTIONING AUTISM) are higher-functioning. So, aspies are by definition higher-functioning everywhere. Not to mention the fact you feel the need to bring up my neurotype at random.

Gareth Nelson

For those who want to see precisely what I managed to do, there's a video in ogg theora format attached to this post:
https://lists.secondlife.com/pipermail/gridnauts/2008-August/000233.html

Angel Leviathan

How are you meaning the term "tar baby"?

fword utorid

You hurt my feelings. You neglected to mention that I am secretly behind all of this because I have a remote control that can make your avatar look like my grandma.

I will destroy you for this, Prokofy Neva. FROGS WILL MELT IN HELL BEFORE ELVIS TALKS TO YOU SIDEWAYS.

Ann Otoole

So the interesting question is if the Lab could detect what Gareth is doing. If the lab cannot detect this multi grid connection then perhaps the Lab will begin to feel the bug of maintaining continued open source. I.e.; The Lab opened up a whole new world. Now if the Lab wants to protect themselves and their customers then odds are good they are going to have to declare version 2 is not open source, controls what code can connect, and shed the open source pundits that do not wish to continue in a closed source environment.

Or toss it all to the wind and go for the situation where there is no separate "grids". it is all one big intergrid and a sim is just an island in the sea unless the config shows adjacent sims in which case it is a "mainland". And there is no notion of intellectual property, no currency, no economy, and it is just a vast lego land where grown children waste time playing with each others lego blocks.

Gareth Nelson

"So the interesting question is if the Lab could detect what Gareth is doing"

Yes, I made sure of that by sending a specific version string saying "litesim.com supergrid".

Gareth Nelson

Ann - i'm also curious how you could in one post near-praise me for my work on the HTTP textures, then on the next state that such work should be made impossible by closing the source again.

Ann Otoole

I find it mildly amusing that the Lab got bit by their own open source everything must be free attitude. I'm not disrespecting your work. Nor do I think the lab will close source. However, if the lab wants to control access then they have no choice but to close source and put in the necessary token code to do so. (which could probably still be hacked anyway)

So as it stands anyone can do what they want as long as they don't get caught. You got caught because you were responsible and told them exactly what you were doing. Anything can go in the channel parameter and the common parameter could have been used obfuscating the actual version. Had you done it with aditi then they might have been more supportive.

I'm not a big fan of the database access support being in the viewer and my opinion is the Lab (And all open source sim folks) needs to architect into a true n tier design and the client only sends/receives properly formatted messages with the correct authentication token. There is open source middleware and transactions managers available right?

Gareth Nelson

"I'm not a big fan of the database access support being in the viewer and my opinion is the Lab"

The viewer can't access the database directly, it all goes through the messaging and transfer system. My avatar was moved by having a bot simply send RequestImage messages to the sim on agni and then serve them up to the sim on my grid.

I do not think of this as "getting caught" either, as various lindens were fully aware of what I was doing as the whole thing happened in public. It was only when the legal department reviewed matters that I was asked to stop. If I had less scruples it would be trivial to disguise this activity, but I am fully complying with the request that I stop.

Prokofy Neva

"Tar baby" is not a racist term, Angel. It does not refer to black people unless you artificially concoct this meaning. It's a perfectly legitimate term from American folklore, from the Br'er Rabbit stories. It's a small doll figure made of tar and briars to which you stick and can't get unstuck from.
http://en.wikipedia.org/wiki/Tar_baby

I've said this my whole life and I will go on saying despite the spasm that a few people have gotten into in recent years suddenly deciding, for reasons that have no back-up or sense in the story itself or anywhere, that this is "racist". I refuse to be brow-beaten and harassed on this one just because a few idiots decided to find one more weird PC cudgel to pick up. The expression is a folk term about a story, not referring to any black person -- and P.S. Gareth isn't black.

BTW, Angel is banned because he's a psychopath that used to harass and negrate me and my tenants viciously and cause all kinds of trouble as a neighbour. He continues to harass me at events and such. Stay away from Angel.

Cocoanut Koala

Wait - you think it would be a GOOD thing for people to be able to see this and try it, Gareth?

If so, why?

coco

Gareth Nelson

"Wait - you think it would be a GOOD thing for people to be able to see this and try it, Gareth?"

If you're talking about the TPs from agni, then yes - I think it'd be a good thing if the general public could do this, and apparently LL do too - just taking a way longer time to develop it.

Ann Otoole

There is database access support in the code. All you need is the knowledge of the database to use it.

If this code is not used in the functionality of the client then that MySql specific Python database support needs to be removed from the code base.

Gareth Nelson

Ann - you're not talking about the viewer code, you're talking about the web services code, part of mulib. This is not used by the viewer at all.

Cocoanut Koala

No, I was talking about the ability to take items with you to other grids, if that is what it was?

Or see chat, or whatever else? Not sure what all you were able to do.

coco

Ann Otoole

I think eventually there has to be a way to cart stuff around. The problem is everything made for SL was not made with the intent for global distribution.
The code for adding such permissions must know if an assembly sub component such as a texture is cleared for transport. Therefore the code will not be as easy as 123.

Gonna take a while to sort that out. And before it gets sorted the idea of non LL grid operators has to be based in solid trust. People getting in trouble for TOS violations associated with intergrid activities probably does not help their cause a lot.

Bad Gareth, Baaaad.

Now make the http texture pipeline work so you can be a hero of SL.

Gareth Nelson

"Bad Gareth, Baaaad"

So would it be better if I did the same thing in private completely without telling LL and then suddenly released the code? I stated from the start that I would not be releasing this code for the general public until LL gave consent, and I stayed true to that statement.

"Now make the http texture pipeline work so you can be a hero of SL."

Got a patch on the JIRA, but need a sim with the associated CAP working to actually use it.

Gareth Nelson

"No, I was talking about the ability to take items with you to other grids, if that is what it was?

Or see chat, or whatever else? Not sure what all you were able to do."

I could view my inventory, but not yet rez and I and others could see my avatar (minus attachments). I could also receive IMs and group chats, but not yet send them outbound. I planned to add the outbound IM next.

As for whether I consider it a good thing to be able to take items cross-grid: yes, I do, but only within the boundaries of fair use.

Gareth Nelson

"The code for adding such permissions must know if an assembly sub component such as a texture is cleared for transport. Therefore the code will not be as easy as 123."

if asset.meta_data.allow_intergrid_flag:
send_assset()
else:
send_403()

The textures are seperate assets in themselves, so each new request must be evaluated seperately.

FWord Utorid

what happens when all of the fearful doomsday sky-is-falling things that Prok blogs about come to pass... and no one cares?

Will people suddenly evolve into a higher form of life with the time saved from reading these pages because instead, they focus on achieving the greater good, instead of the meanderings of one person all over the internet?

If all of the smart people who frivolously spend their time arguing with Prokofy Neva over the attack machine about unimportant nonsense suddenly decided to work on... say... a cure for cancer instead, could it be cured?

How much damage does Prokofy Neva do to the world economy by drawing attention away from the key issues of the world and onto himself?

Someone, please, post some statistics on that, I think we would see, Prokofy Neva has halted the progress of the human race.

"If World War III is fought with Prokofy Neva, World War IV will be fought with sticks and stones."

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)