[opensource-dev] Known details of LL 'Firefly' client-side scripting

Jesse Barnett jessesa at gmail.com
Wed Mar 17 15:57:45 PDT 2010


Sorry but I have to agree with Argent on this one.

I use a sandbox all of the time for testing code and programs.

The whole point of and inherent safety in a sandbox is that everything is
contained within. If any code is allowed to interact with anything outside
of the sandbox then it is NOT a sandbox.

Jesse Barnett

On Wed, Mar 17, 2010 at 5:46 PM, Argent Stonecutter <secret.argent at gmail.com
> wrote:

> On 2010-03-17, at 16:55, Dzonatas Sol wrote:
> > Somewhere along the line Argent, you trusted to install the SL
> > binary and its "badly behaved code can compromise you."
>
> The SL binary does not contain a mechanism to automatically download
> and execute untrusted code from in-world content.
>
> > Don't complain to me and others that want to improve user security.
> > It seems like you want to parade about *spooky* ideas as if we want
> > to make it worse.
>
> Adding the ability to download and execute untrusted code from in-
> world content is a significant decrease in security.
>
> > No we don't want to make it worse. Again, re-read the threads from a
> > half-year to a year ago about methods to secure and trust these
> > scripts, like how to "sign-off" on them, and how to take advantage
> > of security models.
>
>
> I have been dealing with such security models professionally since the
> '90s. They are inherently hazardous. They have been used as the basis
> of far too many compromises to consider trusting them.
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/opensource-dev/attachments/20100317/8665351a/attachment.htm 


More information about the opensource-dev mailing list