[opensource-dev] FAQ posted for Third Party Viewer Policy
Imaze Rhiano
imaze.rhiano at gmail.com
Sun Feb 28 03:37:10 PST 2010
28.2.2010 10:34, Marine Kelley kirjoitti:
> I'd like to remind people of my proposed solution, back when LL asked
> everyone about how to set their third party viewer policy, a few
> months ago. I had proposed to make it so that only viewers built on a
> LL-owned dedicated machine would be accepted. Such binaries would be
> the result of the build of committed sources, with the addition of a
> small code (unknown to the devs of the viewer) that would transfer a
> hash to the grid upon connecting (and possibly regularly afterward
> while online). The binaries would be hosted on LL's website, along
> with the sources, and everyone would have been able to consult the
> sources while being sure there would not be any difference between
> these sources and the resulting binaries (with the exception of the
> code I mentioned). Granted, this is an expensive solution, and
> potentially difficult while testing (there has to be some temporary
> code for that purpose, for instance a code that allows only 4 or 5
> viewers using it at the same time), but the only solution that
> formally guarantees that Build = Source, and that the source can be
> reviewed, instead of testing every viewer, which takes much longer.
>
This approach wouldn't work - and LL's third party viewer policy is not
going to work either. There is nothing to stop skillful coder to decode
this "secret hashing component", skillful hacker to write proxy that
will do it's ebil things between client and server or skillful user to
install one certain program that allows to access OpenGL information and
gather necessary information.
Moving security/DRM to client side - is not going to work. Big companies
like EA have tried this approach through rootkits and such - result:
total absolute failure and huge loss of PR (just google "DRM spore").
Microsoft tried to support different DRM schemas with their multimedia
player - result: player that is very slow to start, media format that
requires internet access, works on single computer and complex
encryption/verification/obfuscation schemas. Intel and media companies
introduced HDCP - result: honest customers required to upgrade their
working hardware and pirates who are still releasing movies to net
before their official release day without annoying "you wouldn't steal
car ads" and unskippable ads
(http://www.makeuseof.com/tech-fun/wp-content/uploads/2010/02/pirateddvd1.png).
Next year, 28 February 2011 - assuming world doesn't end and everything
is following my grand plan,
1) Nyx Linden still doesn't have bear,
2) you still need to fake bake specular lighting for latex clothes,
3) content creators are going to whine how their content was copybotted
and "LL doesn't do enough to stop copybotters" and
4) there are fewer SL compatible open source viewer developers and more
non-SL compatible viewer developers
IMHO: Instead of wasting valuable bytes to lawyers (don't feed lawyers
they are just getting bigger and more hungry) and trying to move
security/DRM to client's responsibility LL should do following:
1) Organize "build Nyx's bear competition",
2) add support for clothing materials and custom avatar meshes that
finally allow proper latex clothing,
3) create paranoid a server that is not hopelessly fallen love with the
client and verifies client's requests and actions,
4) streamline process for posting copyright notices (it should be two
click process),
5) allow content creators to post additional proof that they are
creators of content (to avoid constant copyright griefing attacks),
- higher resolution textures
- non-watermarked textures
- high polycount models
- etc.
6) improve assets server so that it allows better track who
uploaded/created asset, when and who are using it so that all copybotted
material are instantly deleted from the server and avatars who are
distributing it are banned,
7) change from passive - waiting for copyright notice - mode - to active
mode, where you are actively seeking copyright violations through
automatic processes and perhaps allowing other users to tip possible
copyright violations,
8) make process more transparent - allow creators see inside process,
give them feedback
9) make process more visible - publish reports how many you have banned,
write random blogs about topic and offer rewards from copyright tips
Ultimately you could someday render scene in server - and thus avoid
situation where you need to transfer assets of textures and objects to
client, but I guess there no users currently who are ready to pay from
high cost hardware, software and bandwidth that would be needed for
server side rendering.
I think that third party viewer policy is great ethical guide for second
life compatible viewer developers and directory gives good listing to
respectable viewers and correct download addresses. But otherwise it is
completely waste of time and money, going to drive some developers away
from second life, gives users and builders false feeling of security,
and good toilet paper, if printed to soft recyclable paper.
More information about the opensource-dev
mailing list