No subject
Fri Feb 5 05:04:03 PST 2010
some ambiguity) is definitely that binaries will be pushed to our clients
and executed, even if this involves some action in-world. Whatever the
mechanism of transfer, these binaries are inherently untrusted and
untrustworthy by inspection. If you choose to assign your trust to them,
that is your own personal lookout.
Note that this situation is *NOT* like on the Web, where Javascript is sent
to browsers as *source code* which is available for inspection by anyone who
cares to do it. Because of the possibility of inspection, the Web enjoys
the "many eyeballs" effect that allows browsers to flag sites as malicious.
There will be no such protections here, because the distributed binaries are
opaque.
The mere idea that opaque binaries are being sent to people and executed
locally on their PCs should be enough to send shivers down everyone's spine,
even if they're only minimally aware of security. From our technical and
open source perspective here, which is after all what opensource-dev is all
about, it's just completely unacceptable.
Designing script execution to run on LL's servers is wholly within Linden
rights to do in secret. Designing script execution to run *on OUR private
machines* is NOT within Linden rights to do in secret at all.
Morgaine.
>
>
>
>
>
> ==================================
>
>
> On Wed, Mar 17, 2010 at 6:45 PM, Argent Stonecutter <
> secret.argent at gmail.com> wrote:
>
>> On 2010-03-17, at 12:31, Dzonatas Sol wrote:
>> > You install a program on your computer, and you either trust it or
>> > you don't. It comes down to that, so it doesn't matter if it is .NET
>> > or Java or some binary made by company XYZZY.
>>
>> The quotes from the office hours make it seem like they're talking
>> about having in-world content pushing stuff onto your client, not
>> explicitly installing code.
>>
>> _______________________________________________
>> Policies and (un)subscribe information available here:
>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>> Please read the policies before posting to keep unmoderated posting
>> privileges
>>
>
>
--0016e6d464cc1682ef0482052b12
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
[Mailmain/pipermail is slicing up posts again in the M/L archive.=A0 I'=
ll try a repost.]<br><br><div class=3D"gmail_quote"><br>Argent is exactly r=
ight.<br><br>From sitting in on these OHs, the intention that has come acro=
ss (but with some ambiguity) is definitely that binaries will be pushed to =
our clients and executed, even if this involves some action in-world.=A0 Wh=
atever the mechanism of transfer, these binaries are inherently untrusted a=
nd untrustworthy by inspection.=A0 If you choose to assign your trust to th=
em, that is your own personal lookout.<br>
<br>Note that this situation is <b>NOT</b> like on the Web, where Javascrip=
t is sent to browsers as <i><b>source code</b></i> which is available for i=
nspection by anyone who cares to do it.=A0 Because of the possibility of in=
spection, the Web enjoys the "many eyeballs" effect that allows b=
rowsers to flag sites as malicious.=A0 There will be no such protections he=
re, because the distributed binaries are opaque.<br>
<br>The mere idea that opaque binaries are being sent to people and execute=
d locally on their PCs should be enough to send shivers down everyone's=
spine, even if they're only minimally aware of security.=A0 From our t=
echnical and open source perspective here, which is after all what opensour=
ce-dev is all about, it's just completely unacceptable.<br>
<br>Designing script execution to run on LL's servers is wholly within =
Linden rights to do in secret.=A0 Designing script execution to run <i><b>o=
n OUR private machines</b></i> is NOT within Linden rights to do in secret =
at all.<br>
<font color=3D"#888888">
</font><br><br><font color=3D"#888888">Morgaine.</font><br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><font color=3D"#8=
88888"><br><br><br><br><br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</font><div><div>
</div><div class=3D"h5"><br><br><div class=3D"gmail_quote">On Wed, Mar 17, =
2010 at 6:45 PM, Argent Stonecutter <span dir=3D"ltr"><<a href=3D"mailto=
:secret.argent at gmail.com" target=3D"_blank">secret.argent at gmail.com</a>>=
</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>On 2010-03-1=
7, at 12:31, Dzonatas Sol wrote:<br>
> You install a program on your computer, and you either trust it or<br>
> you don't. It comes down to that, so it doesn't matter if it i=
s .NET<br>
> or Java or some binary made by company XYZZY.<br>
<br>
</div>The quotes from the office hours make it seem like they're talkin=
g<br>
about having in-world content pushing stuff onto your client, not<br>
explicitly installing code.<br>
<div><div></div><div><br>
_______________________________________________<br>
Policies and (un)subscribe information available here:<br>
<a href=3D"http://wiki.secondlife.com/wiki/OpenSource-Dev" target=3D"_blank=
">http://wiki.secondlife.com/wiki/OpenSource-Dev</a><br>
Please read the policies before posting to keep unmoderated posting privile=
ges<br>
</div></div></blockquote></div><br>
</div></div></blockquote></div><br>
--0016e6d464cc1682ef0482052b12--
More information about the opensource-dev
mailing list