[sldev][forums]An open letter to Philip Linden

[Jesse Barnett]

Before anyone states the obvious, I do know this doesn't exactly pertain to
sldev. But no lindens eveidently read the forums, so here it is in this
mailing list.


On 5/22/07 bbcode was turned off in the forums. The only reason given was
that the forums were pending an upgrade. Since that time, no further
explanations have been given.

Well, we know why bbcode was disabled. On Monday, January 31, 2005 a cross
site scripting vulnerability was discovered in all versions of vBulletin
prior to v3.06. The forums are using vBulletin v 3.05, so that for nearly a
year and a hlf, we were vulnerable to someone stealing our authentication
cookies. The exact same authentication used for our SL accounts.

But even with an upgrade to a newer version of vBulletin we would
still probably be vulnerable under the present login scheme.
Historically
 bbcode has been a popular hacking target.  The new autentication API being
worked on by LL will bypass any further security concerns with the use of
bbcode. I can't see any reason why after it's full implementation, the
forums can't be upgraded to a newer version and bbcode reenabled.

But............................................ What I do not understand is
why a complete and full explanation has never been given and why we end up
with remarks like this in the jira entry concerning bbcode:

https://jira.secondlife.com/browse/WEB-156

"Jeff Linden - 26/Oct/07 06:34 PM
We have plans for upgrading the forums. Unfortunately, compared to some of
our other priorities, it is frankly not as high. The reason why we haven't
said anything is simply because despite Torley's constantly pinging, there
isn't a lot of time to post updates or even investigate who should be
posting updates.

As far as I know, BBCode will remain disabled until we upgrade the forums."

Well, excuse my language but this is bullshit. Evidently to the lindens, the
forums are nothing more then the the old "General" or present "Resident
Answers" sections. I would suggest that ALL of the lindens scroll down the
page to the content creation forums and start reading there. You will find
that many residents have spent hundreds if not thousands of hours w/o any
compensation creating applications for other residents to use and then many
more hours helping noobs learn to use them. Then you have many other
residents, some with full time succesful businesses, who spends thousands of
hours every year helping noobs by answering questions.

After all of this time we have not asked for anything back, we do it so that
others can learn scripting, texturing and building. Well actually there is
one thing we have asked and that is for bbcode to be reenabled and yet the
officail linden response is that "Sorry, we don't have 5 minutes to answer
that question."

with utter contempt,
Jesse Barnett
1,103 posts answering questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20071104/656e6e4d/attachment-0001.htm