[sldev][forums]An open letter to Philip Linden

[Ben Byer]

Evar.

On Nov 4, 2007, at 11:51 PM, John Hurliman wrote:

> Best post to sldev so far.
>
> Baba wrote:
>> OPEN LETTER = CLOSED SOCIETY!
>>
>> Jesse Barnett wrote:
>>> Before anyone states the obvious, I do know this doesn't exactly  
>>> pertain to sldev. But no lindens eveidently read the forums, so  
>>> here it is in this mailing list.
>>>
>>>
>>> On 5/22/07 bbcode was turned off in the forums. The only reason  
>>> given was that the forums were pending an upgrade. Since that  
>>> time, no further explanations have been given.
>>>
>>> Well, we know why bbcode was disabled. On Monday, January 31, 2005  
>>> a cross site scripting vulnerability was discovered in all  
>>> versions of vBulletin prior to v3.06. The forums are using  
>>> vBulletin v 3.05, so that for nearly a year and a hlf, we were  
>>> vulnerable to someone stealing our authentication cookies. The  
>>> exact same authentication used for our SL accounts.
>>>
>>> But even with an upgrade to a newer version of vBulletin we would  
>>> still probably be vulnerable under the present login scheme.  
>>> Historically
>>> bbcode has been a popular hacking target.  The new autentication  
>>> API being worked on by LL will bypass any further security  
>>> concerns with the use of bbcode. I can't see any reason why after  
>>> it's full implementation, the forums can't be upgraded to a newer  
>>> version and bbcode reenabled.
>>>
>>> But............................................ What I do not  
>>> understand is why a complete and full explanation has never been  
>>> given and why we end up with remarks like this in the jira entry  
>>> concerning bbcode:
>>>
>>> https://jira.secondlife.com/browse/WEB-156
>>>
>>> "Jeff Linden - 26/Oct/07 06:34 PM
>>> We have plans for upgrading the forums. Unfortunately, compared to  
>>> some of our other priorities, it is frankly not as high. The  
>>> reason why we haven't said anything is simply because despite  
>>> Torley's constantly pinging, there isn't a lot of time to post  
>>> updates or even investigate who should be posting updates.
>>>
>>> As far as I know, BBCode will remain disabled until we upgrade the  
>>> forums."
>>>
>>> Well, excuse my language but this is bullshit. Evidently to the  
>>> lindens, the forums are nothing more then the the old "General" or  
>>> present "Resident Answers" sections. I would suggest that ALL of  
>>> the lindens scroll down the page to the content creation forums  
>>> and start reading there. You will find that many residents have  
>>> spent hundreds if not thousands of hours w/o any compensation  
>>> creating applications for other residents to use and then many  
>>> more hours helping noobs learn to use them. Then you have many  
>>> other residents, some with full time succesful businesses, who  
>>> spends thousands of hours every year helping noobs by answering  
>>> questions.
>>>
>>> After all of this time we have not asked for anything back, we do  
>>> it so that others can learn scripting, texturing and building.  
>>> Well actually there is one thing we have asked and that is for  
>>> bbcode to be reenabled and yet the officail linden response is  
>>> that "Sorry, we don't have 5 minutes to answer that question."
>>>
>>> with utter contempt,
>>> Jesse Barnett
>>> 1,103 posts answering questions
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Click here to unsubscribe or manage your list subscription:
>>> /index.html
>>>
>>
>> _______________________________________________
>> Click here to unsubscribe or manage your list subscription:
>> /index.html
>
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html