[sldev][forums]An open letter to Philip Linden

[John Hurliman]

Best post to sldev so far.

Baba wrote:
> OPEN LETTER = CLOSED SOCIETY!
>
> Jesse Barnett wrote:
>> Before anyone states the obvious, I do know this doesn't exactly 
>> pertain to sldev. But no lindens eveidently read the forums, so here 
>> it is in this mailing list.
>>
>>
>> On 5/22/07 bbcode was turned off in the forums. The only reason given 
>> was that the forums were pending an upgrade. Since that time, no 
>> further explanations have been given.
>>
>> Well, we know why bbcode was disabled. On Monday, January 31, 2005 a 
>> cross site scripting vulnerability was discovered in all versions of 
>> vBulletin prior to v3.06. The forums are using vBulletin v 3.05, so 
>> that for nearly a year and a hlf, we were vulnerable to someone 
>> stealing our authentication cookies. The exact same authentication 
>> used for our SL accounts.
>>
>> But even with an upgrade to a newer version of vBulletin we would 
>> still probably be vulnerable under the present login scheme. 
>> Historically
>>  bbcode has been a popular hacking target.  The new autentication API 
>> being worked on by LL will bypass any further security concerns with 
>> the use of bbcode. I can't see any reason why after it's full 
>> implementation, the forums can't be upgraded to a newer version and 
>> bbcode reenabled.
>>
>> But............................................ What I do not 
>> understand is why a complete and full explanation has never been 
>> given and why we end up with remarks like this in the jira entry 
>> concerning bbcode:
>>
>> https://jira.secondlife.com/browse/WEB-156
>>
>> "Jeff Linden - 26/Oct/07 06:34 PM
>> We have plans for upgrading the forums. Unfortunately, compared to 
>> some of our other priorities, it is frankly not as high. The reason 
>> why we haven't said anything is simply because despite Torley's 
>> constantly pinging, there isn't a lot of time to post updates or even 
>> investigate who should be posting updates.
>>
>> As far as I know, BBCode will remain disabled until we upgrade the 
>> forums."
>>
>> Well, excuse my language but this is bullshit. Evidently to the 
>> lindens, the forums are nothing more then the the old "General" or 
>> present "Resident Answers" sections. I would suggest that ALL of the 
>> lindens scroll down the page to the content creation forums and start 
>> reading there. You will find that many residents have spent hundreds 
>> if not thousands of hours w/o any compensation creating applications 
>> for other residents to use and then many more hours helping noobs 
>> learn to use them. Then you have many other residents, some with full 
>> time succesful businesses, who spends thousands of hours every year 
>> helping noobs by answering questions.
>>
>> After all of this time we have not asked for anything back, we do it 
>> so that others can learn scripting, texturing and building. Well 
>> actually there is one thing we have asked and that is for bbcode to 
>> be reenabled and yet the officail linden response is that "Sorry, we 
>> don't have 5 minutes to answer that question."
>>
>> with utter contempt,
>> Jesse Barnett
>> 1,103 posts answering questions
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Click here to unsubscribe or manage your list subscription:
>> /index.html
>>   
>
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html