[opensource-dev] Known details of LL 'Firefly' client-side scripting

[Dzonatas Sol]

Morgaine wrote:
> Argent is exactly right.

The point is already made on a different level. There was no need for 
Argent to dismiss a view of it and try to push me as if I misunderstood it.

My viewpoint was from the use of and application of a sandbox model. My 
point being there is no need to reinvent the wheel on sandbox models.

You install a program natively, install it to a sandbox, or allow it to 
migrate from one process to another process on any machine, the 
difference didn't matter with the significance of the sandbox model.

>
> From sitting in on these OHs, the intention that has come across (but 
> with some ambiguity) is definitely that binaries will be pushed to our 
> clients and executed, even if this involves some action in-world.� 
> Whatever the mechanism of transfer, these binaries are inherently 
> untrusted and untrustworthy by inspection.� If you choose to assign 
> your trust to them, that is your own personal lookout.
This is why I pointed to the sandbox model with the tried and proven 
virtualization means of linux emulation as an example. One can easily 
allow untrusted code to execute natively in the linux emulation. Bare 
bones concepts that have been developed by tons of people across the net 
without the abstractions of other sandbox models. *This we should not 
ignore*

>
> Note that this situation is *NOT* like on the Web, where Javascript is 
> sent to browsers as /*source code*/ which is available for inspection 
> by anyone who cares to do it.� Because of the possibility of 
> inspection, the Web enjoys the "many eyeballs" effect that allows 
> browsers to flag sites as malicious.� There will be no such 
> protections here, because the distributed binaries are opaque.

Let's say BLIZZARD decided to release a software download inside of SL. 
You can use L$ to buy your next game of BLIZZARD directly inside SL. You 
go in-world, go to the shop, purchase, download, install, etc. To make 
the best use of the hardware, you'll need no abstractions upon turtles 
to slow down the 3D ability of the BLIZZARD game. This is the level of 
non-abstraction that needs to be kept in mind or else expect less.

>
> The mere idea that opaque binaries are being sent to people and 
> executed locally on their PCs should be enough to send shivers down 
> everyone's spine, even if they're only minimally aware of security.� 
> From our technical and open source perspective here, which is after 
> all what opensource-dev is all about, it's just completely unacceptable.
>
> Designing script execution to run on LL's servers is wholly within 
> Linden rights to do in secret.� Designing script execution to run /*on 
> OUR private machines*/ is NOT within Linden rights to do in secret at all.
>
>
> Morgaine.

If people want to wait-for and allow a LL special sandbox to run 
anything LL wants to migrate to the client-side to process off their 
servers, then pay no attention to the points I made above.