[sldev][forums]An open letter to Philip Linden

[Baba]

OPEN LETTER = CLOSED SOCIETY!

Jesse Barnett wrote:
> Before anyone states the obvious, I do know this doesn't exactly 
> pertain to sldev. But no lindens eveidently read the forums, so here 
> it is in this mailing list.
>
>
> On 5/22/07 bbcode was turned off in the forums. The only reason given 
> was that the forums were pending an upgrade. Since that time, no 
> further explanations have been given.
>
> Well, we know why bbcode was disabled. On Monday, January 31, 2005 a 
> cross site scripting vulnerability was discovered in all versions of 
> vBulletin prior to v3.06. The forums are using vBulletin v 3.05, so 
> that for nearly a year and a hlf, we were vulnerable to someone 
> stealing our authentication cookies. The exact same authentication 
> used for our SL accounts.
>
> But even with an upgrade to a newer version of vBulletin we would still probably be vulnerable under the present login scheme. Historically
>  bbcode has been a popular hacking target.  The new autentication API 
> being worked on by LL will bypass any further security concerns with 
> the use of bbcode. I can't see any reason why after it's full 
> implementation, the forums can't be upgraded to a newer version and 
> bbcode reenabled.
>
> But............................................ What I do not 
> understand is why a complete and full explanation has never been given 
> and why we end up with remarks like this in the jira entry concerning 
> bbcode:
>
> https://jira.secondlife.com/browse/WEB-156
>
> "Jeff Linden - 26/Oct/07 06:34 PM
> We have plans for upgrading the forums. Unfortunately, compared to 
> some of our other priorities, it is frankly not as high. The reason 
> why we haven't said anything is simply because despite Torley's 
> constantly pinging, there isn't a lot of time to post updates or even 
> investigate who should be posting updates.
>
> As far as I know, BBCode will remain disabled until we upgrade the 
> forums."
>
> Well, excuse my language but this is bullshit. Evidently to the 
> lindens, the forums are nothing more then the the old "General" or 
> present "Resident Answers" sections. I would suggest that ALL of the 
> lindens scroll down the page to the content creation forums and start 
> reading there. You will find that many residents have spent hundreds 
> if not thousands of hours w/o any compensation creating applications 
> for other residents to use and then many more hours helping noobs 
> learn to use them. Then you have many other residents, some with full 
> time succesful businesses, who spends thousands of hours every year 
> helping noobs by answering questions.
>
> After all of this time we have not asked for anything back, we do it 
> so that others can learn scripting, texturing and building. Well 
> actually there is one thing we have asked and that is for bbcode to be 
> reenabled and yet the officail linden response is that "Sorry, we 
> don't have 5 minutes to answer that question."
>
> with utter contempt,
> Jesse Barnett
> 1,103 posts answering questions
> ------------------------------------------------------------------------
>
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
>