Re: [opensource-dev] FAQ posted for Third Party Viewer Policy

[Jesse Barnett]

Thank you for the hard work there Soft. It answers all of the questions I
have except for this section:

 "What is the meaning of the Viewer Directory eligibility requirement that
"your Second Life accounts must be in good standing, must not be suspended,
and must never have been permanently banned or terminated"?

This requirement means that if on or after the policy's publication date, on
February 23, 2010, any of your Second Life accounts are not in good
standing, are suspended, or are permanently banned or terminated, then you
and your viewers are ineligible for the Viewer Directory."

So someone that has had an account banned is not eligible for the directory.


What about a team with one or more members who have had their accounts
banned?

In case of a team dev with a support@ email going to the team and meeting
the support requirements, then who's contact info has to be supplied?

And if a team is eligible then couldn't a single person or small team just
replace the front person to be eligible?

In other words; Being a dev requires a very inquisitive mind. This same
trait can get a person into trouble when they first enter our world. You do
have some people who have gone to tremendous lengths to help the Second Life
community at large who have been suspended at some point when they were
first here. If they are helping then why the limitation?

Is it really necessary that I remind everyone who sold and profited from the
Hacked God Mode viewer a couple of years ago? Are you saying he would not be
welcome?

Jesse Barnett
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] FAQ posted for Third Party Viewer Policy

[Jesse Barnett]

Guess I could word that better. We have had people who have had their
accounts terminated for lesser infractions then people who violated the TOS
but were given a pass by Linden Labs. And once a gain you have teams that
have multiple devs that have been banned but they are given a pass as
opposed to a single person project where the dev has been helping the
community but is not forbidden under these rules.

Jesse Barnett
On Fri, Feb 26, 2010 at 11:03 PM, Jesse Barnett  wrote:

> Thank you for the hard work there Soft. It answers all of the questions I
> have except for this section:
>
>  "What is the meaning of the Viewer Directory eligibility requirement that
> "your Second Life accounts must be in good standing, must not be suspended,
> and must never have been permanently banned or terminated"?
>
> This requirement means that if on or after the policy's publication date,
> on February 23, 2010, any of your Second Life accounts are not in good
> standing, are suspended, or are permanently banned or terminated, then you
> and your viewers are ineligible for the Viewer Directory."
>
> So someone that has had an account banned is not eligible for the
> directory.
>
> What about a team with one or more members who have had their accounts
> banned?
>
> In case of a team dev with a support@ email going to the team and meeting
> the support requirements, then who's contact info has to be supplied?
>
> And if a team is eligible then couldn't a single person or small team just
> replace the front person to be eligible?
>
> In other words; Being a dev requires a very inquisitive mind. This same
> trait can get a person into trouble when they first enter our world. You do
> have some people who have gone to tremendous lengths to help the Second Life
> community at large who have been suspended at some point when they were
> first here. If they are helping then why the limitation?
>
> Is it really necessary that I remind everyone who sold and profited from
> the Hacked God Mode viewer a couple of years ago? Are you saying he would
> not be welcome?
>
> Jesse Barnett
>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] FAQ posted for Third Party Viewer Policy

[Jesse Barnett]

Apologies to group as I know that this is off topic but did not want this to
go unanswered.

I am not the one that discovered the Quicktime link but it was easy to
"prove".

All you have to do is uninstall Quicktime on a Windows machine and you are
invisible even testing with a ripper client that everyone else is being
caught with.

And by now everyone should know that I have taken a very strong stance
against ripping and ripper clients and am not Neil.

Jesse Barnett

On Sun, Feb 28, 2010 at 11:43 PM, Tigro Spottystripes <
tigrospottystri...@gmail.com> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Without proofs that might have just as well have come from the butt of
> Neil or some other person pissed at Skills for catching their customers
> using malicious clients.
>
> On 1/3/2010 01:34, Miro wrote:
> > I urge you to read the thread. There are details there. To quote on
> > poster...
> > https://blogs.secondlife.com/message/111885#111885
> >
> > "I've learned from sources "close to the developer" just HOW this system
> > works, Via your Media stream access, it accesses your computers AppData
> > folder, searching for installations of identified "copybot" capable
> > viewers, exploiting a function used by programs like flash player,
> > quicktime, and others such as that, that check to see which version is
> > on your system, telling you when you need to update. YOU DONT HAVE TO BE
> > ON THE VIEWER TO BE DETECTED, ONLY HAVE TO HAVE INSTALLED IT AT ONE
> > POINT..."
> >
> > And another
> > https://blogs.secondlife.com/message/112121#112121
> >
> > "IN the meantime, a few tests have been conducted that suggest abuse of
> > port 80 via Quicktime and the Windows filesystem.
> >
> > 1) Disabling media and uninstalling quicktime seems to completely shut
> > this system down, in regards to detecting alts.  Existing avatar keys
> > are still banned, but its "mysterious alt detection" begins to fail.
> >
> > 2) Only some hacked viewers are being detected, and fewer when in Linux.
> >   Further, whereas in Windows if you use a normal viewer but have a
> > hacked one installed, it seems to pick you up (thus eliminating the
> > bouncer analogy, unless you think it's also OK for the bouncer to go to
> > your house and beat up your family), in Linux that function ceases to
> work.
> >
> > 3) Alternative plugins that can handle quicktime functions, when forced
> > to work on a fresh compile of a viewer build, seem to completely block
> > all functions other than being added to the database while using a
> > viewer that announces itself as Cryolife, Streetlife, etc.
> >
> > These all indicate scanning of Windows Application Data, app_data, or
> > even Windows Registry entries without consent.  Additionally, all of
> > this explains why vanilla SL users using Mac OS are getting banned by
> > the system; Mac OS handles the version updates for Quicktime rather than
> > it having that capability enabled on itself, thus making it impossible
> > for this system to function properly against the Mac OS.   So, to
> > prevent that from being noticed, Skills made all Mac OS users get the
> > kill signal because their computers wont allow her/his/its Gemini system
> > to access data on the machine.   This way, Skills can just assert the
> > person was "obviously" using a malicious viewer, defaming them to hide
> > the inefficacy of the system itself."
> >
> > On 02/28/2010 11:02 PM, Tigro Spottystripes wrote:
> > So, all that the scriptkiddies out there need to do to evade the all
> > mighty Gemini CDS malicious client user detection system is to not have
> > Quicktime installed? And LL is letting all their users run around with
> > their machines open to attack by anyone? That doesn't sound plausible at
> > all...
> >
> > On 1/3/2010 00:58, Maggie Leber (sl: Maggie Darwin) wrote:
> >>>> On Sun, Feb 28, 2010 at 10:49 PM, Tigro Spottystripes
> >>>>   wrote:
> >>>>> hm, i didn't thought he did collect IP addresses, but even if the
> >>>>> system
> >>>>> does catch IP addresses (which isn't such a big deal if you keep your
> >>>>> machine safe) an IP address wouldn't be of any help identifying
> >>>>> malicious clients, unless the malicious clients in question routed
> >>>>> stuff
> >>>>> thru a known proxy.
> >>>>
> >>>> Sounds to me like we're talking about a lot more than IP ad

Re: [opensource-dev] Known details of LL 'Firefly' client-side scripting

[Jesse Barnett]

Sorry but I have to agree with Argent on this one.

I use a sandbox all of the time for testing code and programs.

The whole point of and inherent safety in a sandbox is that everything is
contained within. If any code is allowed to interact with anything outside
of the sandbox then it is NOT a sandbox.

Jesse Barnett

On Wed, Mar 17, 2010 at 5:46 PM, Argent Stonecutter  wrote:

> On 2010-03-17, at 16:55, Dzonatas Sol wrote:
> > Somewhere along the line Argent, you trusted to install the SL
> > binary and its "badly behaved code can compromise you."
>
> The SL binary does not contain a mechanism to automatically download
> and execute untrusted code from in-world content.
>
> > Don't complain to me and others that want to improve user security.
> > It seems like you want to parade about *spooky* ideas as if we want
> > to make it worse.
>
> Adding the ability to download and execute untrusted code from in-
> world content is a significant decrease in security.
>
> > No we don't want to make it worse. Again, re-read the threads from a
> > half-year to a year ago about methods to secure and trust these
> > scripts, like how to "sign-off" on them, and how to take advantage
> > of security models.
>
>
> I have been dealing with such security models professionally since the
> '90s. They are inherently hazardous. They have been used as the basis
> of far too many compromises to consider trusting them.
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Third party viewer policy: commencement date

[Jesse Barnett]

GRRR!

So you left in the requirements that you may publish the real life name and
address of the developers in the 3rd party Viewer Directory?

This is absolutely nuts and extremely dangerous and whoever thought it was a
good idea needs to publish thier own name and address in reply here. Would
you like to start Joe? Or what about just publishing the address of the
lawyer/lawyers who thought this was a good idea?

I have been using the internet since the time of 2400 modems and have seen
enough incidents. There is no way in hell I would endanger the life of my
daughter by ever having my address listed.

major fail,
Jesse Barnett
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Third party viewer policy: commencement date

[Jesse Barnett]

On Sat, Mar 20, 2010 at 2:05 PM, Timothy Horrigan
wrote:

>  Jesse: How does it endanger your daughter's life to have your business
> address listed?  You can always rent a PO Box for a few bucks a month if you
> feel sensitive about divulging your street address, which many
> businesspeople choose to do.
>
> I do have a business associate whose real anme & address I do not know, but
> I pay him a nominal amount.  I pay him about $100/year to rent space and to
> have him serve as a DJ.  But I would never enter into a real business
> arrangement without knowing the names and addresses of a responsible party.
> Uner US tax law it is in fact ILLEGAL to exchange major amounts of money
> without knowing the other party's identity.
>
> --Tammy Nowotny 9and no I will not reveal my RL identity on this list.)
>
> Straw argument, as your last sentence clearly demonstrates.

But for an update, I accidentally responded directly to Joe at first and
then he responded directly to me. The 3rd party viewer directory application
was reverted by mistake somehow and still shows that LL may publish your
contact info.. The Third Party Viewer Policy IS correct and is what will go
into effect. You will still have to share real life contact info with Linden
Labs but you can opt out of sharing that information with the entire world.

(thanks for clearing that up Joe!)
Jesse Barnett
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Third party viewer policy: commencement date

[Jesse Barnett]

Jeez I fail to understand why in the heck LL can not understand this simple
concept.

Linden devs have introduced bugs before that have allowed content to be
stolen, no mod scripts to be readable, and inventories worth several hundred
dollars to vanish overnight. Yet, none of you, under the terms of your
employment, are legally liable for this nor do you have to compensate for
the losses out of your pocket.

Would any Linden here sign a document stating that you are personally liable
for your code??

Would you sign a document stating that if you introduced another bug that
makes inventories vanish that you have to pay all the affected parties
back

Would you sign a document that is worded so poorly that you then have to
create a FAQ for that same document but the FAQ is in itself non-binding,
only the original, poorly worded contract?

Please take off the rose colored glasses and read it again as if YOU had to
sign it, then you will begin to understand the considerable amount of unease
that the community is experiencing at the moment.

Jesse Barnett
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Third party viewer policy: commencement date

[Jesse Barnett]

Just some thoughts in passing

Precedent has been set in cases that clickwrap agreements take precedence
and supercede any conflicting statements in shrinkwrap agreements.

Although it has not been stated, it is logical that Linden Labs will make
the TPV pop up as a clickwrap agreement starting on the 30th and you will
have to click through and accept before it will allow you to access the
grid. Same as has been done in the past with changes to the TOS.

BUT if devs used Inno Setup for example, to make the GPL popup as a
clickwrap agreement itself before the program could be installed then if
there are any conflicts, you would have a "battle of documents" where both
would have equal legal weight.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Third party viewer policy: commencement date

[Jesse Barnett]

On Tue, Mar 23, 2010 at 10:57 PM, Joe Linden  wrote:

> I've seen some very dramatic "exits" from the SL open source program here
> in this thread by people who have never contributed.  We're making a number
> of changes to the practice and policy of what we will permit to connect to
> our grid so we can invest in a richer conversation with the contributors who
> are interested in innovating in this space with us.   The decision to work
> with us as we redouble our efforts to create a more meaningful program is
> one each contributor will have to make.  But, we're committed to moving
> forward with those who are willing to accept a reasonable level of
> responsibility for what they create.  That's what the TPV Policy and Viewer
> Directory programs are about.
>
> The code is licensed under GPLv2 and that isn't going to change.
>
> This thread has become a zero sum game for all participants, so I look
> forward to more generative conversation with those of you who are sticking
> around for the next one.
>
> -- joe
>
> p.s. I have a suspicion this reply will be parsed to the same degree all
> other responses have been, but I'm not going to recurse on the subject, and
> I'm not going to make excuses.  Please keep the conversation here civil for
> everyone.
>
>
Just a friendly reminder that we also expect the same level of
professionalism and civility from the Lindens on the list. Marine, Rob and
Boy have all contributed to the OS program and their further contributions
are going to be sorely missed by the community, so what "departures" are you
referring to? I have not contributed in a lng time. All of my
contributions were in Aditi for two years with QA before the jira was even
around and the first couple of months in OSDev when Rob started here. But
take a hard look at the other names here, I see one heck of a lot of names
from people that have made significant contributions to the program.
Evidently they do not feel like you that this is a meaningless "zero sum
game". None of us would be here unless we cared deeply for the OS movement
and wish to ensure that it does continue without being over restrained.

None of us receive a paycheck for what we are doing. There is no spare money
to hire a lawyer for the majority. As you yourself pointed out, the GPL is
clearly written and easy to understand, the same can not be said for the TPV
or we would not be having this conversation.

with regards,
Jesse Barnett
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] A note on preserving "NO WARRANTY" for SL TPV developers

[Jesse Barnett]

On Tue, Mar 30, 2010 at 6:51 AM, Marine Kelley wrote:

> That's my opinion and that's why, so far, I am not quitting yet despite all
> the fuss around the policy (that was for Jesse *winks*).
>
Thanks Marine!

I am blaming it on alzheimers!

Jesse Barnett
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Subject: Re: Can you legally agree to, incomprehensible conditions?

[Jesse Barnett]

Actually reports in the forum stated that many had to agree to a completely
blank box with no text inside.

On Thu, Apr 1, 2010 at 9:48 AM, Lance Corrimal wrote:

>
>
> > A question for anyone who uses the SL viewer with a different default
> > language, or the LL staff who might know: Is the new Terms of Service
> > presented at login being shown in every language the internationalization
> > supports? If yes, then does the meaning of the document remain unchanged
> > through the vagaries of translation? If no, how can people agree to
> > something they cannot even read, for the set of users who are not
> > bilingual in their own language and English?
>
> It's not translated.
> non-english users agree blindly to something they might not be able to read
> at
> all...
> ...hardly binding / legal in my eyes.
>
>
> bye,
> LC
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Can you legally agree to incomprehensible conditions

[Jesse Barnett]

On Sat, Apr 3, 2010 at 8:30 AM, Carlo Wood  wrote:

> Ok, IANAL as well, but here's what I understood (somewhere in the past):
>
> LL is a single legal entity, "distributing" sources internally is
> not considered to be distribution and using binaries on multiple
> PC's within the company is also not considered distribution (it
> doesn't change owner).
>
> Therefore, they can link GPL-ed code with non-GPL-ed code (ie the server).
> The result would not be something that they can legally distribute, but
> that is not being done when they keep it strictly internal.
>
> If however they would sell (or even give) the server binary to another
> company, that is something entirely different. In that case they may
> not link with any GPL code, not even GPL shared libraries unless that
> binary is GPL-ed, meaning that the receiving company also needs to get
> source code, fully GPL-ed, which gives that company the right to
> distribute it on the internet as well. If LL wouldd sell that binary and
> give the source code but created an NDA for it; then they'd break
> the law and could be sued by the copyright holder of the GPL-ed part
> of their server (mostly like the FSF).
>
>
Not sure if that assessment is entirely correct. Rob Linden's greatest
strength (besides his extraordinary patience) was the ability to explain
things in a way so that anyone could understand. He did an excellent blog
post last month about dual licensing and contribution agreements that should
be required reading for everyone:

http://blog.robla.net/2010/thoughts-on-dual-licensing-and-contrib-agreements/

Jesse Barnett
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Introduction

[Jesse Barnett]

You do realize that most us do not recognize Boston as being part of the US
territories?

j/k and welcome aboard Oz!

On Wed, May 19, 2010 at 9:28 AM, Glen Canaday  wrote:

> Mornin, east-coaster!
>
> --GC
>
>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Offlist replies + Posting Policies and Guidelines

[Jesse Barnett]

I think you hit the nail on the head. Dzontas experiment gone wrong?

Jesse Barnett

On Sunday, August 8, 2010, Henri Beauchamp  wrote:
> All this non-sense looks and sounds furiously like the gibberish that some
> so called "A.I." bots produce...
> If I were you, guys, I'd just stop feeding the bot, lol !
> As for me, the bot's email is now part of my spam filter.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Open Viewer Development Announcement

[Jesse Barnett]

(Illustrative example)
I am so relieved that Linden Lab does actually listen to feedback from the
residents that have supported it for so long. This should guarantee that the
proposed user name/display name never goes into affect then.

Back to OP subject thou; the spreadsheet does look pretty good and gives
more hope then any of the discussions so far.

Jesse Barnett
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] display names = the end of 1.x viewers?

[Jesse Barnett]

baloo198731.residentPlenty of names available.

This has absolutely nothing to do with "We listened to our users" as this is
not what we asked for. Pyske figured it out in the SLU thread. This is a
move to the openID format and this is confirmed when you look at the Display
Name wiki page:

"This feature is an important step on our social media strategy that will
ultimately allow you to connect your inworld identity to other social
networks, on an opt-in basis. Again, Display Names and eventually, the
connection to social networks, is all about choice."

Jesse Barnett

On Wed, Aug 18, 2010 at 3:22 PM, Baloo Uriza  wrote:

> On Tue, 17 Aug 2010 16:04:19 -0700, Kelly Linden wrote:
>
> > 'Resident' is just the final last name, and is treated specially on new
> > viewers to be hidden from view when displayed.
>
> So new users won't have the choice of picking a last name anymore?  Isn't
> that going to severely limit the number of names possible now?
>
> ___
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Jesse Barnett]

Fractured has stepped down and out of the Emerald picture

http://blog.modularsystems.sl/2010/08/22/emerald-off-with-his-head/

But it is painfully obvious that the comments are being heavily moderated
and I know that neither of mine have gotten through.

The Phox is still in the hen house and it is going to take much more then
this token response to restore confidence. Anyone watching the videos and
listening to their voices can see that a complete reorganization needs to be
done and transparency demonstrated and verified.

I hope that the upper echelons of Linden Lab are not fooled by the blog post
and instead demand that more action be taken. At the bare minimum, they need
to be delisted until real change has been shown.

Ignoring this and giving the all clear with no other action taken on the
part of Linden Lab will instead demonstrate that the TPV is a worthless
scrap of paper.

Jesse Barnett
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Jesse Barnett]

Here it is. Paisley mentions it in the introduction to her show tonight:

Its 11.00pm here in Sydney Australia, and I’ve just been informed by
> Communications Manager Arabella Steadham from the Emerald 
> Team who
> is appearing on Tonight Live with Paisley 
> Beebetomorrow
> Sunday 22nd Aug at 6pm… that there is something going down, big time with
> the Emerald Team. Arabella Steadham has resigned from the Emerald Team. And
> she and another Emerald Developer have an announcement  to make on the show.


http://tonightlivewithpaisleybeebe.com/

On Sun, Aug 22, 2010 at 3:49 PM, Miro Collas  wrote:

> Do you have a cite for that, Tateru? Not saying it is false, I'd just
> like to see it in context if possible.
>
>
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges

Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

[Jesse Barnett]

Really wish that was true but you saw Katharine's comments in irc.
Absolutely nothing has changed with Emerald except for the servers.
Here is hoping that both Philip and legal are not deceived so easily.

Jesse Barnett

On Monday, August 23, 2010, Tateru Nino  wrote:
>   And now, perhaps, we can get back to the important stuff, like the
viewer itself.
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges