So many other dramas like USS Nautilus and open space sims, Legend City, and rental dementia might drown out another ongoing FIC-a-zoid story, so let's not forget to keep up on this one.
Back at the SL Dev list (not to be confused with the uber-elite insider big business and "solutions provider" dev list, but the scrappier coders' dev list), there's a debate raging through the scrim of Rob's moderation about whether or not Linden Lab should create a separate and privileged group of residents who get to sign an NDA with the Lab, and get inside information that will help their businesses and their reputation-enhancement and research projects -- which are all part of business, too. And what that NDA would be about is a heads up from LL whenever there is a security exploit emergency.
Now, in the ordinary real world, the world of Madoff and banking scandals and such, you might think, "No fucking way! Gosh, you don't privilege one set of people over another and give them an unfair advantage like that. Shouldn't we spread the wealth around? Aren't we all in this together?" etc.
But in Linden Land, this is how it rolls -- they've *already* picked select groups of residents and privileged them over others. They have a long history of doing this. For example, Cristiano Midnight and his pals revealed that back in 2003, Linden Lab summoned the elite content creators and forums regs with street cred to a special conference call, asked them to sign NDAs (non-disclosure agreements which gives privileged information on pain of reprisal if you release it), and proceeded to tell them they were moving to an auction land and tier model and that lifers could get 4096 m2 tier-free for life if they bought in with a one-time fee of $225 (a lot to be paying for an untested world of this nature at that time, but...not really all that much if you were already a content maker coining anywhere from $25,000-$50,000 a year off this game).
Later, NDAs like that were signed with the Electric Sheep Company, for example, to help develop the viewer and other features -- way before the big business onslaught in 2007. Others got the NDA special treatment -- those who agreed to attend the all-expense-paid high-flying focus group held in San Francisco called SL Views (they seemed to have suspended this, but it had a long run feting the FIC for more than a year). So NDAS have a long and unattractive history *already* in SL, privileging people who have no demonstrable need or merit to be privileged *already* and giving them tremendous business and reputational advantage.
Shaun Altman, for example, former SL Mentor, is one land baron and scripter who comes to mind who benefitted enormously from the Linden trust and imprimatur that went into them first taking his content for their Linden Village, then inviting him to SL Views. That credit of trust had lustre long, long after many questions began to be asked, some by those who lost large sums of money, about his purchase of Ginko Perpetual Bonds...about which we all continue to pray to Our Lady of Perpetual Help to cash out...
So it's no surprise for the Lindens to dangle an NDA *again* -- and this time, to solve another concocted problem, which is the need of some code Lindens to have a vest-pocket group of loyal fanboyz they keep close who work on the code with them.
Of course, there's something really wacky and dysfunctional about maintaining this fake opensource group in a situation where the company hasn't really made a road map to open source anything or use opensource work *really* -- it's a sort of ... placebo. A place-holder, until somebody decides politically what to do.
The NDA then became necessary to address a very, very, VERY salent problem which nobody seemed to raise an eyebrow at: the need of some coders to demand -- and get and preserve -- public anonymity.
I've always found that terribly high-handed -- people digging in the code of Second Life who can essentially grab at your content and money if they have ill will, refusing to give their RL names and contact information. There ought to be a law! But...there isn't. Anonymous fucktardery is the hallmark of the opensource movement, and here it's in more concentrated and facilitated form.
I saw this debate going, with the likes of Gorden Wendt and other JIRA jihadists, and I weighed in as follows -- with a message that went into the moderation queue and never made it out, despite waiting for days:
"Re: special security vulnerability group
"the NDA would provide a legal framework describing action we would take should a 3rd party software developer disclose information deemed to be sensitive" [Linden]
Once again, Linden Lab should not be going the route of creating a special class of residents elevated over other residents, with special NDAs. It's not necessary to serve the purpose intended.
If Linden Lab needs coders, they should hire them or sign consulting contracts with them, not sign NDAs with uneven, untested groups of volunteers without contractual relationships. The NDA, without the context of a work expectation as in a normal contract, merely creates a privileged class, and moves Linden Lab toward the model of There.com and other platforms that make side arrangements with third parties to offer content and services. That has not been the model of Second Life, and it's not a desirable model for SL.
It puts the general public at risk when Linden Lab concedes authority to such anonymous (at least to the general public) avatars without any sort of contractual accountability.
These persons are also seldom the ones who stand the most to lose from security vulnerabilities as they tend not to have content-creator and merchant accounts with money and IP on them.
Prokofy Neva/Random Unsung
That was my second attempt in a week to try to make what seemed the obvious, necessary, needed point: that these coders, who aren't content producers in the sense of inworld avatar content, who aren't merchants or landlords or artists with inventory and money, are the ones demanding to get first dibs on the Lindens' security info -- ostensibly so they can tinker with their opensource viewers, some of which have tiny circles of users no longer than your hand, and others of which have actually fixed flaws in Linden code -- but which the Lindens have never accepted and incorporated.
Rob banned it simply because he didn't want the statement made -- which he viewed as incendiary -- th at these coders had the least to lose. But we all know that. It's the truth. It's not Zha Ewry or Gordon Wendt or Gareth Nelson or Baba Yamamoto or Eddie Stryker, Copybot's inventor and seller that stand to lose; it's all of us.
Let me refresh your memory about this particular bunch who have gravitated to Rob and other tekkie Lindens: out of this milieu once came CopyBot and CampBot, and continue to come many dubious programs like "interoperability", where the Lindens have not devised the policy, procedures and technicalities to preserve IP before they've jumped at connecting servers all over town.
Oh, sure, mixed among the silly script kiddies and unemployed Aspberger's patients and aging programmers between jobs after layoffs are real grown-ups working in real software companies or big computer industry firms who actually may know what they are doing. But...you often can't tell them apart. And it's an ethics-free and infantile industry where they segue from sandboxing to corporate security and back without any accountability.
Isn't it funny to think, for example, that the inventor and seller of CopyBot, Eddie Stryker -- John Hurliman -- is now working at Intel? You know, Intel Inside, like it says on the side of every PC?! Intel is now getting in on the VW bandwagon.Before that, one of the many things that this college kid who helped destroy the first international virtual online economy was doing was making various bots, one of which scraped your land so he could write his college thesis. Of course, this leader of LibSL, who never had much adult supervision from the Lindens who narf-narfed while they let him and his buddies reverse-engineer the code (they made an exception to their TOS stipulation against such reverse engineering because they liked his face and drank with him in San Francisco, and later his girlfriend, Iridium nee Heretic Linden, worked at the Lab, spear-headed the discredited SL Certification group). Will he get adult supervision at Intel, I wonder? I'll be willing to bet dollars to donuts that when interviewed for his fancy job at Intel, John was not even asked about CopyBot -- or if he was, the interviewer snorted along with him at the thought of sending scared furries scattering worrying about the copying of their fluffy tails...
You also have John to thank for his pioneering work in making and getting logged on large numbers of bots designed to home into a sim and...sit there -- "CampBots".
My operating thesis about such people back in 2004, with the help of explanations from Khamon Fate, who was a bit jaded even then, was that they used Second Life as a 3-D resume hanger. They viewed it as a prototyping sandbox to execute their various coding and scripting adventures, and the consequences be damned. That people *lived there* and pursued lives of a social or business sort unrelated to pushing the limits of the coded world was completely irrelevant to them, and their fuck-you I-get-to-do-WTF-I-want hedonism about virtuality. The *last* place you would look for constraint was to this bunch. Worse, not only did they view SL with cold cynicism as their coding sandbox, indifferent to its valuation, except as a scientific problem, they blatantly and cynically sold their wares -- CopyBot was for sale at a high price, until the Lindens shut it down, and remained on sale; CampBots and CasinoBots that used to drain the casinos were also all for *sale*. These weren't just "scientists" helping the "Lab" -- they were cold and calculating merchants -- like arms dealers. They didn't care. And finally, to add to all that, was the IRC chan sort of mentality -- laughing, ridiculing, griefing, harassing their victims, to add to their fun.
John also was involved in the early work on exporting prim data from Second Life, the culmination of which is the libsl program that today enables OpenSim denizens to brag about how they have pwned all your content.
People who never study the past of Second Life aren't only doomed to repeat it; they are doomed to soak in it forever not only on this grid, but all other grids, hereafter.
You wonder how this wunderkind was able to find time, in between college antics like foiling the anti-bit-torrent filters at his university, Washington State, so he could download games and get around virus blockers, to become a merchant of death in SL -- and then get a real job. But, the world of coders is one in which they all maintain omerta, they all close ranks, they all help each other like a bonded mafia.
I give you some of this glorious and usually unheralded coders' past of Second Life, so you can understand what is involved in *giving people like this NDA powers*.
And while my comment is not published, and while the debate rages, here comes Rob, to tell us all that likely, it will all happen (although Gordon Wendt whines later that it sounds to him like they won't; and only time will tell).
"Message: 4
Date: Sun, 28 Dec 2008 23:11:26 -0800
From: Rob Lanphier <[email protected]>
Subject: Re: [sldev] Viewer security vulnerability disclosure group
To: Second Life Developer Mailing List <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8
Hi everyone,
It sounds like everyone who has 2 cents to chip in on this subject has
done so.
Key takeaways from this conversation:
* There were a number of people who expressed skepticism about the effectiveness of having a formal non-disclosure agreement (NDA) versus a trust relationship. Some form of NDA may end up being a necessary part of this, but the questions of added effectiveness are noted.
* There were a couple of people who described a strong desire to be able to maintain their anonymity. I understand the reasons for wanting this, and will look into whether it is possible to accommodate this.
* There were people that argued pretty passionately on both sides of the argument about whether or not an early disclosure group should exist. There wasn't consensus on this point (and I doubt we'll arrive at consensus), but the arguments are all out there to deliberate on.
Here's what I imagine the next steps:
1. I will continue to collect requests for membership in this group. If you haven't done so, and believe you have a case to be in this group, please let me know via private email (and state your reasons for being considered).
2. I need to loop back with more people at Linden Lab to make a determination about how to we want to move forward. I feel I've got a reasonably accurate take on what the various positions are and can speak to them pretty well.
3. In the next month, you should expect to see us announce a policy, or else see a sheepish email from me around the end of January saying "we're still working on it". I really don't want to write a sheepish
email, but know if I don't acknowledge the possibility, then it's just that much more likely I'll have to write it.
Should the need arise for such a group in the interim period, we'll have to improvise. I feel like having had that conversation, we're in a better position to improvise than we would be otherwise.
Thanks everyone for your input, and for those of you who try to avoid these sorts of policy conversations, thanks for your patience.
Rob"
Hi Prokofy,
Just one point of clarification. SL Certification was Glenn Linden's project.
Thanks,
Katherine
Posted by: none | 01/25/2009 at 02:26 AM
Katherine/Heretic Linden/Iridium Linden:
But you know full well YOU are the one who promoted this, joining the group, and talking it up on the forums. I said you "spearheaded" this project. And indeed you did. You were everywhere associated with it. In fact, you were a big booster then -- what happened, so that now you are hiding behind Glen Linden?
Posted by: Prokofy Neva | 01/25/2009 at 02:33 PM