User:Which Linden/Office Hours/2008 Jul 17

From Second Life Wiki
< User:Which Linden/Office Hours
Revision as of 12:16, 17 July 2008 by Which Linden (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
  • [11:08] Which Linden: Hey all
  • [11:09] Siddhartha Fonda: hello!
  • [11:09] Which Linden: Just the two of you, eh?
  • [11:09] Siddhartha Fonda: so far...
  • [11:09] Which Linden: Nice. I had to reboot my computer so I got waylaid
  • [11:10] Which Linden: how are things?
  • [11:11] Siddhartha Fonda: eh, busy... i do hope at some point to have some time to help out on the wiki, but that sort of requires i get a handl on this stuff to a degree lol which i'm still trying to osmose
  • [11:11] Which Linden: What stuff are you interested in?
  • [11:12] Siddhartha Fonda: well... in general everything, but i would guess mainly the interop stuff
  • [11:12] Tao Takashi: Hi
  • [11:12] Siddhartha Fonda: well i mean i guess that encompasses everything lol at some point but specifically, yeah, i dunno
  • [11:12] Which Linden: Hi Tao
  • [11:13] Which Linden: Well that's a precise answer Siddhartha
  • [11:13] Siddhartha Fonda: lol yeah well i guess i dont have a good one at the moment til i get deeper into it
  • [11:14] Which Linden: Tao, you've been making a veritable blizzard of checkins
  • [11:15] Tao Takashi: I would do more but I also have to explain many things which actually takes most of the time ;-)
  • [11:15] Which Linden: To whom?
  • [11:15] Which Linden: The rest of the ogp members?
  • [11:15] Tao Takashi: yes
  • [11:15] Tao Takashi: well, pyogp members
  • [11:16] Which Linden: Well documentation and justification is a really important part of any effort
  • [11:16] Tao Takashi: I am still not sure if the gridnauts mailing list is the list of those OGP members ;-)
  • [11:16] Tao Takashi: I know, that's why I do it :)
  • [11:16] Which Linden: Yeah, I'm curious about that too
  • [11:16] Tao Takashi: will create a good base I hope
  • [11:16] Which Linden: I seem to recall that gridnauts is something else
  • [11:16] Tao Takashi: well, it says for the beta
  • [11:17] Tao Takashi: but as nobody wants to setup another list for OGP I will simply use it for that purpose until I am kicked off ;-)
  • [11:17] Which Linden: Ha ha ha, that's the way to be
  • [11:17] Which Linden: I should get on it, assuming Lindens are allowed
  • [11:18] Tao Takashi: btw, it would really be great to have indra.llsd released as an egg :)
  • [11:18] Tao Takashi: I've heard rumours that some Lindens are on it :)
  • [11:19] Which Linden: Heh, well we host it!
  • [11:19] Which Linden: So, I guess that's a yes
  • [11:19] Which Linden: Yeah, Tao, I was against that idea but now I think it makes more sense
  • [11:19] Which Linden: Especially now that we have a C library
  • [11:20] Which Linden: I didn't want to commit to a particular interface, but now I realize that making an egg isn't committing
  • [11:20] Lazarus Longstaff: Hello :)
  • [11:20] Tao Takashi: I think it makes sense :)
  • [11:21] Tao Takashi: and it's release early, often ;-)
  • [11:21] Which Linden: Hey there Lazarus
  • [11:21] Tao Takashi: Hi Lazarus
  • [11:21] Which Linden: Yeah, I like what Donovan's been doing with eventlet lately
  • [11:21] Tao Takashi: yep
  • [11:21] Tao Takashi: and once you have set it up it's really easy to deploy
  • [11:21] Sae Juran: whats up
  • [11:21] Tao Takashi: just python setup.py bdist_egg upload
  • [11:21] Which Linden: Yeah
  • [11:21] Tao Takashi: actually the original line is longer but it's nevertheless just one line
  • [11:22] Tao Takashi: which can even be shortened to an alias
  • [11:22] Tao Takashi: I hope we can do a release soon as well
  • [11:22] Sae Juran: have been away some, how OG going?
  • [11:22] Lazarus Longstaff: sorry peeps fone
  • [11:22] Tao Takashi: strong :)
  • [11:23] Lazarus Longstaff: back
  • [11:23] Lazarus Longstaff: quite well actually
  • [11:23] Which Linden: Man, gridnauts has a total of three messages so far
  • [11:23] Lazarus Longstaff: if by OG you mean OpenSim
  • [11:23] Tao Takashi: as it's supposed to be for the beta ;-)
  • [11:23] Sae Juran: my rendering engine need an upgrade or Wich need some water.. (r u a plant?)
  • [11:24] Which Linden: Yes indeed I am
  • [11:24] Sae Juran: y in general open grid moslty.. i belive in standards more than in projects
  • [11:24] Sae Juran: eheh which
  • [11:24] Lazarus Longstaff: well, the success of a standard can only be measured by the success of its implementation
  • [11:24] Lazarus Longstaff: and we have no implementation yet of OG
  • [11:25] Sae Juran: umh
  • [11:25] Sae Juran: not really concorde about that but watching to the past it's usually correct
  • [11:25] Which Linden: Well,m speaking of standards, are y'all interested in the topic of cross-domain transactions?
  • [11:26] Lazarus Longstaff: teriribly so
  • [11:26] Sae Juran: the problem of standard is, in my mind, that they are not written by developers
  • [11:26] Sae Juran: or with them
  • [11:26] Siddhartha Fonda: yes which
  • [11:26] Which Linden: We sorta got started on this track over teh past two office hours
  • [11:26] Tao Takashi: Lazarus: You at least have some patch for OGP
  • [11:26] Tao Takashi: which I actually was checking out an hour ago
  • [11:26] Which Linden: Last time we talked about trust between Domains and the transaction coordinator (.i.e. The Escrow)
  • [11:27] Which Linden: So.... we can leave trust aside for now
  • [11:27] Lazarus Longstaff: Yes Tao, we have a patch
  • [11:27] Which Linden: One thing that was left unturned was the fact that when you buy an object that's in a region, three domains are involved: two Agent and the Rgion
  • [11:27] Lazarus Longstaff: I cant say it is being received with open arms by the core dev team though
  • [11:28] Lazarus Longstaff: yes Which - crucial points in my estimation
  • [11:28] Sae Juran: how can u minimize Region's interaction
  • [11:28] Which Linden: Let's assume that you're directly buying the object -- as in, it doesn't leave the region or get copied to anyone's inventory
  • [11:28] Lazarus Longstaff: Hi Dahlia :D
  • [11:29] Tao Takashi: Lazarus: What's the problem with it?
  • [11:29] Lazarus Longstaff: I'm not sure tbh Tao
  • [11:29] Lazarus Longstaff: I am not core, I just read the list
  • [11:29] Tao Takashi: from what I see from the outside I can guess lack of communication ;-)
  • [11:29] Dahlia Trimble: Hi :
  • [11:29] Dahlia Trimble:  :)
  • [11:29] Which Linden: Hey there Dahlia
  • [11:29] Lazarus Longstaff: at this point however, they are only comfortable with applying it to a branch
  • [11:29] Sae Juran: yes Which, what then
  • [11:29] Tao Takashi: well, it's very rough
  • [11:29] Lazarus Longstaff: or letting individual region ops apply the patch and test independently
  • [11:29] Tao Takashi: as far as I can tell
  • [11:29] Tao Takashi: more a proof of concept
  • [11:30] Tao Takashi: but I hope it will mature
  • [11:30] Which Linden: Hey guys, can you take your discussion to an IM or something?
  • [11:30] Tao Takashi: sorry
  • [11:30] Which Linden:  :-)
  • [11:30] Which Linden: No big deal, just seemed like we had two parallel things going on here
  • [11:30] Sae Juran: what then in direct-buy usecase?
  • [11:30] Lazarus Longstaff: sorry which
  • [11:30] Which Linden: So yeah
  • [11:31] Tao Takashi: is somebody actually writing those use cases down into some wiki? :)
  • [11:31] Sae Juran: (can u move some tree while u type? lol)
  • [11:31] Which Linden: One way you could do it is just ask the agent domains to talk to the region
  • [11:31] Which Linden: There is actually a list of use cases, Tao: [1]
  • [11:31] Sae Juran: a notification
  • [11:32] Tao Takashi: great
  • [11:32] Sae Juran: y of couse
  • [11:32] Which Linden: Yeah, so, the Escrow talkes to agent domain A, and A turns around and talks to the region R
  • [11:32] Which Linden: A tells R "Hey, reserve this object, and if domain B comes and talks to you on behalf of avatar B, set the owner to B"
  • [11:33] Which Linden: (Maybe I should use the nomenclature that a domain is capital -- B -- and the agent/avatar is lowercase -- b
  • [11:34] Which Linden: So then the Escrow does its thing and then contacts B, telling it to go ahead and claim the object from R on behalf of b.
  • [11:34] Latha Serevi: Do we have any assumptions (for the sake of this chat) about where the money lives, whether we're going to write a cryptographic e-check or do something paypal-ish, etc? I'm trying to catch up. Or lemme know if we're focusing on the non-money parts of the transaction.
  • [11:34] LifeFactory Writer: Hi...I am just here as an ease-dropping voyeur ..but may I please sit down?
  • [11:34] Which Linden: Sure, is there enough space?
  • [11:34] Which Linden: Yeah, looks like there's space on the red couch
  • [11:34] LifeFactory Writer: yes. Unless some of you are invisible. Thank you!
  • [11:34] Which Linden: Latha: money is fair game
  • [11:35] Sae Juran: umh i lost the target point
  • [11:35] Which Linden: I've been assuming that it lives in the Agent Domain
  • [11:35] LifeFactory Writer: ao off
  • [11:35] Which Linden: But money is simple actually, because of that.
  • [11:36] Lazarus Longstaff: for the purposes of keeping the discussion simple, can we keep money simple as we have the purchase?
  • [11:36] Miamies Hellershanks: vous tes ki
  • [11:36] Lazarus Longstaff: simple transcation: buy object for sale in region with funds on hand
  • [11:36] Which Linden: Right
  • [11:37] Miamies Hellershanks: c ou laa
  • [11:37] Which Linden: Um, hello
  • [11:37] Miamies Hellershanks: hii
  • [11:37] Miamies Hellershanks: who are u
  • [11:37] LifeFactory Writer: chuckles. :)
  • [11:37] Which Linden: I'm which, and these are my office hours
  • [11:37] Miamies Hellershanks: ok
  • [11:38] LifeFactory Writer: chuckles again? :)
  • [11:38] Which Linden: If you're not into the technical details of some future cross-grid transaction implementations, this might not be for you
  • [11:38] pmoki Jayaram: kskil disent?
  • [11:38] Miamies Hellershanks: ok
  • [11:38] Miamies Hellershanks: j enb c ren lol
  • [11:38] pmoki Jayaram: looooool
  • [11:38] Miamies Hellershanks: c un truc pas pr nous ils disebt
  • [11:38] pmoki Jayaram: oko
  • [11:38] pmoki Jayaram: on y vas
  • [11:38] Miamies Hellershanks: et ils disent que si on veux poser des question faux demander
  • [11:38] Sae Juran: i think u should underline the target of discussion/thesis
  • [11:38] Miamies Hellershanks: a une pers ok
  • [11:39] LifeFactory Writer: begins to laugh a bit more loudly? :) Very cute digression.
  • [11:39] Which Linden: So, ok, our current example is: Agent a (in Agent Domain A) buys object r (sitting in region R), whose current owner/seller is Agent b (in AD B)
  • [11:39] Sae Juran: perfect
  • [11:39] Sae Juran: what is the thesis?
  • [11:40] Which Linden: One way this could work is: Escrow asks A to reserve the sale price, and B to reserve the object
  • [11:40] Which Linden: Under the hood, B has to go and talk to R
  • [11:41] Which Linden: Once the escrow has received confirmation that both reservations happened
  • [11:41] Which Linden: It can then distribute
  • [11:41] Lazarus Longstaff: sounds like the most probable way of doing things
  • [11:41] Sae Juran: doesnt it work like that?
  • [11:41] Sae Juran: actually
  • [11:42] Lazarus Longstaff: next question: is there any other way to accomplish the transaction?
  • [11:42] Which Linden: It will tell B to give b the L$, and it will tell A to ask R for the object
  • [11:42] Which Linden: Sae: nope, we don't have Agent Domains yet
  • [11:42] Sae Juran: y true
  • [11:42] Sae Juran: btw this sounds reallistic
  • [11:42] Which Linden: Lazarus: the other way is if The Escrow talks to R in order to reserve/transfer r
  • [11:43] Which Linden: So how would that work...
  • [11:43] Lazarus Longstaff: sounds like that method gets the cart at least alongside the horse
  • [11:43] Which Linden: Hah
  • [11:44] Which Linden: Yeah, so in that case the Escrow reserves teh L$, then talks to R and says to reserve the object
  • [11:44] Sae Juran: coulnt all be managed by ADomain and just notified to R ?
  • [11:44] Sae Juran: i mean , AD master, R slave
  • [11:44] Which Linden: Then during the distribute phase it gives the L$, and talks to R to set the new owner of r
  • [11:45] Lazarus Longstaff: the region owns the object to be sold Sae
  • [11:45] Lazarus Longstaff: perhaps should say 'owns' in quotes
  • [11:45] Which Linden: Sae: yeah, that's the first possibility, and I think it's "cleaner" to have the AD act on behalf of the avatar in all cases
  • [11:45] Which Linden: Yeah, it would be more proper to say R "runs" the object
  • [11:46] Lazarus Longstaff: my concern is that by having the object reserved in advance of the remittance, there is introduced a 'man in the middle' opportunity
  • [11:46] Sae Juran: i work often about security, i think that a centralized system is to be preferred when talking about money
  • [11:46] Sae Juran: it would be easier to trust an AD than a R
  • [11:47] Which Linden: Lazarus: yeah I see what you mean, but if the reservation is done in such a way that the region will only relinquish the object to the designated recipient, it closes the MIM attack
  • [11:47] Lazarus Longstaff: can the des recpt be spoofed?
  • [11:48] Which Linden: Depends how these things are implemented
  • [11:48] Sae Juran: also thinking about a malicious R, it would just obstacolate transaction in it's context but not away
  • [11:48] Which Linden: I think we'd want to do it in a way that you can't spoof it, obviously
  • [11:48] Lazarus Longstaff: +1 lol
  • [11:49] Which Linden: Sae: yes, that's absolutely a risk, which is why we have the trust model
  • [11:49] Lazarus Longstaff: these are some pretty dopey questions I know, but they need asking methinks
  • [11:49] Sae Juran: well indeed
  • [11:49] Sae Juran: and that's why model need to be good lol
  • [11:49] Which Linden: Dopey questions make the world go round :-)
  • [11:49] Lazarus Longstaff: grins and spins teh globe
  • [11:49] Which Linden: Actually, yeah Sae, that's the major difference between the two methods of doing this
  • [11:49] LifeFactory Writer: I thought it was love and money :)
  • [11:50] LifeFactory Writer: and the pursuit of knowledge...
  • [11:50] LifeFactory Writer: sorry :/
  • [11:50] Which Linden: If, as in the first example, the Escrow talks to the ADs to reserve R, then we have to set up trust relationships between the ADs and R
  • [11:50] Sae Juran: i still think that AD shold have a major role as it should be "more secure" than other domains
  • [11:50] Which Linden: If, as in the second, the Escrow talks to R directly, the only trust relationships need to be between each domain an R
  • [11:51] Sae Juran: y true indeed
  • [11:51] Which Linden: sorry, between each domain and The Escrow
  • [11:51] Which Linden: So in that sense the Escrow could act as a centralized trust system
  • [11:51] Sae Juran: but since everything going to security u should have a general plan about it
  • [11:52] Which Linden: This would be useful if a domain turned malicious
  • [11:52] Sae Juran: yes
  • [11:53] Which Linden: Let's say all of a sudden object purchases from a domain stop being legit (i.e. it claims the transfer happened but it really didn't), then we can tell The Escrow to not even initiate transactions with that domain
  • [11:53] Lazarus Longstaff: bonus
  • [11:53] Which Linden: Whereas if the ADs did all the talking, we'd have to tell every AD about the untrustworthy domain
  • [11:53] Sae Juran: is there a plan of secutiry trust between domains
  • [11:54] Which Linden: Not in any detail
  • [11:54] Sae Juran: that is one level upper this discussion
  • [11:54] Sae Juran: i think
  • [11:54] Which Linden: We talked about that a bit last week
  • [11:54] Sae Juran: well
  • [11:54] Sae Juran: when u start planning details u must reconsider the model but u need one
  • [11:54] Sae Juran: i mean
  • [11:54] Which Linden: You can take a look at the trasncript (sponsored by Tree Kyomoon's excellent wikifier)
  • [11:55] Which Linden: (thanks to Saifor showing it to me)
  • [11:55] Sae Juran: in general u have to know quite well the domains/servers/.. u trust in
  • [11:55] Sae Juran: and its security level
  • [11:55] Sae Juran: doing that, that topis would be just few words
  • [11:56] Sae Juran: but the eBuy usecase is very impostart for secure transaction of a new network model, i think
  • [11:56] Which Linden: eBay, you mean?
  • [11:56] Sae Juran: lol
  • [11:56] Latha Serevi: Background question on ownership mechanisms. I'd like to live in a world where the bits underlying my object remains at my AD, and the AD continues to "hold the keys of ownership", even if it's no-copy and has been rezzed in region R (call this "model 2"). Many people assume that the bits to a no-copy object must be transferred and then deleted when an object is rezzed, so the region holds the "only copy" of the object. Call this "model 1". Are we assuming one or the other of these models today? Zha would like to be able to support both policy choices within the general OGP, but at the moment I'm not even clear on if folks will buy the distiniction at all.
  • [11:57] Sae Juran: honeslty is still not very clear to me, how an Open Grid without a centralized trust system would work with money transactions
  • [11:57] Which Linden: Latha: I don't think that's off the table or nailed to it yet
  • [11:58] Which Linden: So, we haven't decided yet in other words
  • [11:58] Lazarus Longstaff: I am *always* in favor of config points
  • [11:58] Latha Serevi: OK; but for today's discussion, does R or A's AD need to "sign off" on the ownership transfer, I wonder?
  • [11:58] Lazarus Longstaff: (of course, thats how we got to the nightmare that is sendmail)
  • [11:58] Which Linden: Sae: it might be the case that it doesn't, so we'll build a centralized trust system. :-)
  • [11:59] Sae Juran: ok that what i would do, so
  • [11:59] Which Linden: Latha: I see... right, during the second example, when The Escrow talks to R, does it have to also talk to B
  • [11:59] Sae Juran: define a model of trust
  • [11:59] Sae Juran: i wonder that the centralized system include Agent domain right ?
  • [12:00] Latha Serevi: (If R "has control" of the object then it should "ask permission" of A's AD and then "do" the transfer. Or, is R just "hearing about" a transaction between A and B after the fact.)
  • [12:00] Which Linden: Sae: let's talk about trust some other time
  • [12:00] Sae Juran: y sorry
  • [12:00] Tao Takashi: has to leave unfortunately
  • [12:01] Tao Takashi: take care everybody! :)
  • [12:01] Tao Takashi: looking forward to an llsd egg :)
  • [12:01] Lazarus Longstaff: TC TAo
  • [12:01] Which Linden: Latha: so we want B (the AD which contains the object's seller), to have a say in the transaction, but we don't want to have a many-to-many trust relationship -- i.e. we don't want B to really have to trust R
  • [12:01] Which Linden: cya tao
  • [12:01] Sae Juran: but i would like to notify how much that is important when u think how to design that kind of translactions
  • [12:01] Dahlia Trimble: bye Tao
  • [12:02] Sae Juran: u need to have some security guidelines and points in mind
  • [12:02] Sae Juran: usually
  • [12:02] Which Linden: One way we could do this is -- The Esscrow talks to B and asks B to reserve r (like in the first method we talked about) -- and The Escrow gives B and unforgeable token that authenticates the transaction as being really on behalf of The EScrow
  • [12:02] Which Linden: I apparently plan on spelling "The Escrow" differently every time
  • [12:03] Lazarus Longstaff: Which: that scenario has many unanticipated advantages
  • [12:03] Sae Juran: eeh
  • [12:03] Trinity Coulter: S-Crow
  • [12:03] Lazarus Longstaff: for instance, the ability to 'recover' a transaction that is interrupted by an infrstructure meltdown
  • [12:03] Sae Juran: mh hows that
  • [12:04] Which Linden: Well, the entire point of The Escrow is that it can survive those too
  • [12:04] Which Linden: But yeah, unforgeable tokens are pretty rad
  • [12:04] Sae Juran: ic
  • [12:04] Latha Serevi: I hope I'm not throwing a spanner in the works by questioning how we define "owns", but it seems that the job of the Escrow sort of depends on which defn we're using.
  • [12:05] Sae Juran: i still point to the other solution btw
  • [12:05] Lazarus Longstaff: I think basically what we are describing here is a transition of ownership that passes through the escrow
  • [12:05] Which Linden: Did the script on my couch just break?
  • [12:05] Which Linden: WTF
  • [12:05] Which Linden: Only in SL
  • [12:05] Sae Juran: lol
  • [12:05] Latha Serevi: Or maybe we can encapsulate the difference under a layer of abstraction so the Escrow can do the same operations regardless of the underlying ownership model.
  • [12:05] Lazarus Longstaff: so for a very brief period of time (barring the aforementioned meltdown) the escrow does in fact own the object in question
  • [12:06] LifeFactory Writer: Well, goodbye. Thank you so much. I am learning vicariously...ciao!
  • [12:06] Which Linden: Latha: you mean what if we lived in a world where objects could be owned by something other than an Agent?
  • [12:06] Which Linden: cyaLifeFactory, enjoy
  • [12:06] Which Linden: Lazarus: yes, exactly
  • [12:07] Latha Serevi: No, I think I mean, where the final say over which Agent owns an object is given by different members (R or AD) of the collaboration.
  • [12:07] Which Linden: Though it's a very limited ownership because it should be able to do one and only one thing with the object it "owns": complete the transaction
  • [12:07] Sae Juran: well i think about a network who shouldn trust about regions and during transactions i think their role should be minimized, recoverable
  • [12:07] Lazarus Longstaff: basically, in this scenario, it should be safe to say that once the process has begun, the escrow owns the object
  • [12:07] Lazarus Longstaff: righto Which
  • [12:08] Which Linden: Latha: yes, this is a good point. I think we have to recognize that whatever host currently holds teh bits and/or simulation ultimately has final say over the object's fate, but we want to arrange things so that said host is subservient to the will of its masters
  • [12:09] Latha Serevi: I'd prefer to be able to have my AD know exactly what objects I own, have the bits for all of them, and have control over all of them. But I'm not sure if I'll have to deal with folks who ahve a different model and want my AD to give up the bits when I "do" things with some of my objects like rez them.
  • [12:09] Sae Juran: concorde 100%
  • [12:09] Lazarus Longstaff: in a perfeect world Latha, thats the case
  • [12:09] Which Linden: Yeah, interesting question Latha, I don't know the answer
  • [12:09] Lazarus Longstaff: perfect being unchanged from how it is now
  • [12:10] Sae Juran: or better
  • [12:10] Lazarus Longstaff: but to move things, i.e., trasact, across grids, there will have to be a trusted intermediary
  • [12:10] Lazarus Longstaff: or there is no trust at all
  • [12:10] Sae Juran: in an open world..let's say a part of them
  • [12:11] Latha Serevi: So, bookmarked on my to-do list for OGP stuff is, define two or three models of what happens to objects with various permissions and ownership; so we could have (in this discussion) said "let's use model 1 for now".
  • [12:11] Lazarus Longstaff: +2
  • [12:11] Which Linden: That's a great idea, Latha
  • [12:12] Which Linden: Well I guess that's homework. I should go.
  • [12:12] Lazarus Longstaff:  :D
  • [12:12] Lazarus Longstaff: Hope we were able to help Which :D
  • [12:12] Which Linden: Thanks so much for coming by, I think we really made progress
  • [12:12] Sae Juran: was a pleasure to be here, need 2 go, have a good day
  • [12:12] Which Linden: Yah! Very useful
  • [12:12] Lazarus Longstaff: Thanks for taking the time to include usI know its expensive
  • [12:13] Which Linden: Hey, you're helping me out here. :-)
  • [12:13] Lazarus Longstaff: waves and grins
  • [12:13] Which Linden: Take care.
  • [12:13] Lazarus Longstaff: be well :)