Soft Linden addresses community developers requesting open review

From Second Life Wiki
Jump to: navigation, search

Transcript

  • [15:01] Soft Linden: Are folks able to hang around a bit longer after this?
  • [15:01] Techwolf Lupindo: I am
  • [15:01] Merov Linden: sure Soft
  • [15:01] Latif Khalifa: sure
  • [15:02] Dzonatas Sol: i'm here, soft
  • [15:02] Merov Linden: ok, I'm going to see with Brad on 606
  • [15:02] Soft Linden: So, we've got this Third Party Viewer Directory, where anyone can list a viewer that they self-certify as compliant with our ToS...
  • [15:02] Dzonatas Sol: thank you
  • [15:02] Soft Linden: That shouldn't be a surprise to anyone, but if it is - http://viewerdirectory.secondlife.com/
  • [15:03] WolfPup Lowenhar: i can try to stick around
  • [15:03] Soft Linden: But self-certification is pretty weak. Whether accidental or not, people submit viewers that violate GPL or contain inappropriate features that can harm SL or the end user. We see a lot of those incidents.
  • [15:03] Latif Khalifa: /me has a client in there ;)
  • [15:03] Soft Linden: On the flip side, LL hasn't got the resources to check fo rthe completeness of source links, or the existence of inappropriate or unsafe features on every Snowglobe-derived viewer on every shipped platform
  • [15:03] Soft Linden: We keep pretty busy just trying to keep our own viewer as safe as I can. Oof...
  • [15:03] Soft Linden: So, I'm wondering...
  • [15:04] Soft Linden: I'd like us to add a few days or a week into the viewer submission process. That would make room for a preiod of community review, where people could have a chance to poke at each new viewer submitted.
  • [15:04] Soft Linden: My thought is you could help check that they build and don't contain GPL violations. I also hope some of you might be interested in spotting questionable features or breaches of the rules.
  • [15:04] Soft Linden: Do we have people who would be interested in getting involved in that?
  • [15:05] Techwolf Lupindo: What if the viewer has some bianary only parts?
  • [15:05] Aleric Inglewood: How much does it pay?
  • [15:05] GOAT Firethorn: how much in depth would the testing have to be
  • [15:05] Latif Khalifa: lol
  • [15:05] GOAT Firethorn: and what would it consist of
  • [15:05] Latif Khalifa: Soft, you're interested only in linden derived gpl code?
  • [15:05] GOAT Firethorn: I mean would it be testing from source, or just grabbing the binary viewer and installing
  • [15:05] GOAT Firethorn: ?
  • [15:05] Soft Linden: I'd want to know if there are any Linden-derived viewers violating GPL, among other things, yeah
  • [15:05] Memorial Dae: un-officially many users already take open projects and tear them apart, or throw viewers on packet analyzers
  • [15:06] Memorial Dae: it would be nice to have an official forum and perhaps share tools for doing it
  • [15:06] Soft Linden: There's very little of that done at present, Memorial. Some really basic, ugly stuff has existed for surprisingly long times.
  • [15:06] GOAT Firethorn: lol
  • [15:06] Soft Linden: But I'm thinking we might be able to evolve some good practices, if people are interested
  • [15:06] Latif Khalifa: (i could help reviewer libomv based clients if that ever becomes needed)
  • [15:07] GOAT Firethorn: Soft: like I said how would you be testing them
  • [15:07] Soft Linden: Again, right now we pretty much just ask projects to self certify.
  • [15:07] Boroondas Gupte: How could we verify whether the published sources correspond tot he published binaries? Mismatches there are the most likely GPL violations, I guess.
  • [15:07] Latif Khalifa: i could also do some gridproxy protocol analysis if needed
  • [15:07] Soft Linden: Goat, however people can, and are willing to help.
  • [15:07] Aleric Inglewood: I'm too busy with snowglobe... and frankly, I don't care what other users get themselves into if they don't use snowglobe :p
  • [15:07] Soft Linden: Running the pre-built binaries and looking for things that shouldn't be there helps. But so does making sure you can even build those binaries for a GPL-derived viewer
  • [15:08] Oz Linden: It's important to note that this is all review that goes beyond what we can do, so whatever you can do is useful whether it's just running it and watching for passwords going out on sniffers or anything
  • [15:08] GOAT Firethorn: >.> yeah... lol I could do that
  • [15:08] GOAT Firethorn: although you might have to let me make an alt, as to not 'endanger' my current
  • [15:08] GOAT Firethorn: lol
  • [15:08] Latif Khalifa: But it is unclear what is a GPL violation. Like linking with closed source components?
  • [15:09] GOAT Firethorn: well that
  • [15:09] GOAT Firethorn: and anything that violates the perms system
  • [15:09] Oz Linden: In the minds of many residents, "all third party viewers are hackers", so helping us find the bad guys is helping improve the perceptions
  • [15:09] Soft Linden: It sounds like there's only interest from a couple people?
  • [15:09] Techwolf Lupindo: Emerald does have a licence for libkdu and distrubitue the binary, but can't relice the source for it.
  • [15:09] GOAT Firethorn: eh, well it's kinda risky lol
  • [15:09] GOAT Firethorn: LOL Emerald
  • [15:09] GOAT Firethorn: bugs the LLKDU library
  • [15:09] GOAT Firethorn: >.>
  • [15:10] Latif Khalifa: yes, but that is a GPL violation, isn't it?
  • [15:10] Soft Linden: Emerald definitely has some good examples. :P But it's not the only viewer that's been submitted, which then turned out to have some unwanted surprises.
  • [15:10] WolfPup Lowenhar: wish i could help but im still trying to get my builds to take less than 2 hrs on the machine im running
  • [15:10] Oz Linden: it is if their wrapper is built using GPL code, yes
  • [15:10] Techwolf Lupindo: The bianry is seperate and it not linked in. It can run without it.
  • [15:10] GOAT Firethorn: yeah
  • [15:10] GOAT Firethorn: you can take out the KDU and throw in an openJpeg lib
  • [15:10] GOAT Firethorn: whispers: XD
  • [15:10] Latif Khalifa: Soft, isn't linking to any closed source lib a GPL violation?
  • [15:11] Soft Linden: But yeah. The Emerald KDU issue would have been a nice early catch. If someone had said "Hey, this is embedding the application path and that can contain user names - here's how you see that" - we'd have held it on that.
  • [15:11] Soft Linden: Latif - I think the GPL allows dynamically linked libraries. But I'm not a license expert.
  • [15:11] Dzonatas Sol: windows libs are closed source... oops can't run SL on windows... hmmm... *scratches head*
  • [15:11] Aleric Inglewood: Latif: Not perse, if the binary also runs without that closed source library installed...
  • [15:12] Latif Khalifa: well allowing closed sourced libs like that would make a review process much more difficult
  • [15:12] GOAT Firethorn: yes it would
  • [15:12] Soft Linden: Yep.
  • [15:12] GOAT Firethorn: >.> you have no way of knowing whats in it
  • [15:12] Thickbrick Sleaford: but I think they still have to distribute EMKDU separatly from the viewer.
  • [15:12] Aleric Inglewood: I think that since you CAN get the sources and get the same functionality without KDU (using openjpeg) there isn't really a GPL violation (also not a lawyer though)
  • [15:13] Soft Linden: I think if someone had spent a few minutes with strace for any calls into that lib they would have caught that, though
  • [15:13] GOAT Firethorn: Thick: Kirstenlee distributes the kadoku stuff with the viewer,
  • [15:13] Dzonatas Sol: I've sent email off about the TPV directory... dunno if the cuts affected response.
  • [15:13] Soft Linden: The problem is everyone assumes someone else is looking. So if there's a formal place and time for this, people can see if anyone's actually looking at these viewers as well
  • [15:13] Latif Khalifa: Soft, I doubt it, it uses filename that it uploads, reading that fiel is legit
  • [15:13] Latif Khalifa: file*
  • [15:14] Soft Linden: My understanding was that it's the path of the binary that gets included, not the full path of the texture
  • [15:14] Oz Linden: The cuts certainly did affect response, but I'm taking over the TPVD and will start working through the backlog next week
  • [15:14] Techwolf Lupindo: Soft, I think one thing that can be done is forbid any binary without source code. Being registered on the tpv is not a requirment to connect, they can still do a viweer with perperlly licient binaary only.
  • [15:14] Techwolf Lupindo: properlly licenced that is
  • [15:15] Soft Linden: I think that really reduces the value of the directory. Something like an iPhone app couldn't even be listed in the Directory then
  • [15:15] Aleric Inglewood: If some hacker would want to be really mallicious, then it's very unlikely that anyone will find their "hidden" code, even they are looking for it... It's easy to find plain-in-sight features, but it's non-trivial to find password sniffers or trojans.
  • [15:16] Soft Linden: Yep. Nothing short of a full disassembly of every last build will catch everything.
  • [15:16] Soft Linden: But I think we can do a lot better than self-certification, which doesn't even catch honest casual mistakes
  • [15:16] WolfPup Lowenhar: a good antivirus program will fint trogans easily
  • [15:16] GOAT Firethorn: this is not always true
  • [15:16] Soft Linden: And I think we'd also benefit by having transparency into what community review is happening, by having a time and place where that's done, so people can look back at the results
  • [15:16] Latif Khalifa: but looking for rogue http request would problably discover stuff like account stealing etc
  • [15:17] WolfPup Lowenhar: even if they are burried in the code of something else
  • [15:17] GOAT Firethorn: AV programs are only as good as their database mostly
  • [15:17] Thickbrick Sleaford: BTW, for people who haven't been keeping up with the drama, the emerald kdu path thing is this: http://iheartanime.com/images/emerald-linux-disclosure.png
  • [15:17] Techwolf Lupindo: Sniffers and packet logger are problelly the best methoid to find this stuff.
  • [15:18] GOAT Firethorn: yeah
  • [15:18] Aleric Inglewood: Makes me think of that thing someone had built into the UNIX compiler (of some very major OS) that was NOT visible in the source code of the compiler, but that would ADD the code to the compiler when you used that compiler to compile the compiler. Result: all compilers had it. Also, that compiler added a backdoor (easy password) to the login application of that OS.... and bingo.. when it came out 10 years later, every OS and compiler in the world had that backdoor :)
  • [15:18] Soft Linden: Right. What you see at that link is real. You can see the path to the app binary included in that snapshot.
  • [15:18] GOAT Firethorn: thats really....scary
  • [15:18] GOAT Firethorn: lol I'd be pissed if I saw that.
  • [15:19] Techwolf Lupindo: Programmer didn't know how to get windows title, so grabed full filename path on linux sysstem.
  • [15:19] GOAT Firethorn: >.>
  • [15:20] Techwolf Lupindo: The world had plenty of sloppy programers out there. Even I don't try to claim I'me the "best" programer...
  • [15:20] Soft Linden: Anyway, yeah. A community review wouldn't catch everything. It would catch more than is caught now. If you're interested, drop me an IM or an email at soft@lindenlab.com - ? I want to see if there's enough interest that this is worth adding the delay to the viewer approval process.
  • [15:20] Aleric Inglewood: We could brainstorm on the worst things that people could add to viewers, and see if they are really a danger :)
  • [15:20] GOAT Firethorn: yeah
  • [15:20] Thickbrick Sleaford: Soft, the commi=unity review period you are talking about is an open thing, or a invite-only thing?
  • [15:20] GOAT Firethorn: what you really need though
  • [15:21] Soft Linden: I know some of you want to focus on Snowglobe only, and that's totally okay.
  • [15:21] GOAT Firethorn: is a good idea of how to catch these things
  • [15:21] Soft Linden: Open. But I still need to see if there's enough interest.
  • [15:22] Soft Linden: My thought is there would be an announce-only mailing list with a JIRA for each viewer submitted, and people could add related JIRAs if they find things. That also provides a good place to hang future discoveries
  • [15:22] Boroondas Gupte: I'd prefer some peer review process for TPVs that's independant of the directory.
  • [15:22] Aleric Inglewood: I'd think that the worst things are if they are used by the masses, and backup up by some mafia group: used for SPAM and ads, ... getting full access to the PC's and/or SL accounts.... getting payment info and stealing creditcard info or money - or installing a trojan that steals passwords when you log into your backaccount.
  • [15:22] GOAT Firethorn: yeah
  • [15:22] WolfPup Lowenhar: right now dzonatas has a little snag with his iceshper interphase in windows 7
  • [15:22] Aleric Inglewood: bankaccount*
  • [15:22] Aleric Inglewood: basically, the worst is full access to your PC thus. windows being by far the most likely target.
  • [15:23] Techwolf Lupindo: Soft, I'me intrested as I got sandboxes to run this. But I like to have the alt limit lifed for those of us that are testing this stuff so we can use "safe" accounts.
  • [15:23] GOAT Firethorn: yes
  • [15:23] Oz Linden: I could retire pretty comfortably on the contents of all Mac users bank accounts :-)
  • [15:23] Soft Linden: Sure, I'd think we could help around that, Techwolf
  • [15:23] GOAT Firethorn: thats what I was saying earlier
  • [15:23] GOAT Firethorn: >.>
  • [15:24] Aleric Inglewood: Oz: lol
  • [15:24] Dzonatas Sol: Icesphere can fall-back to VWRAP's event queue instead of a httplistener, so that'll help on Win7 migration
  • [15:24] Thickbrick Sleaford: +1 on it being open.... my guess is something like this would get a lot of interest, though not necessarily from people here.
  • [15:24] Boroondas Gupte: yeah
  • [15:24] WolfPup Lowenhar: dose that mean a recodeing dzonatas?
  • [15:24] Soft Linden: Thanks. I'm good on what I needed to know
  • [15:24] Oz Linden: We'll also be bringing this up at the next meeting of TPV devs
  • [15:25] Latif Khalifa: Soft, I think the idea of public review is great
  • [15:25] Dzonatas Sol: WolfPup, no... it already has that functionality built into the queue to auto-detect full duplex of half duplex transport capabilities
  • [15:26] Aleric Inglewood: One (or more?) step below the mafia that tries to steal millions of dollars,.. is the fact that SL is a real time chat environment: it is VERY attractive to script kiddies and a-like because they get instant feedback on any harm they can do. They are driven by an addiction to the feeling of having power.
  • [15:26] Soft Linden: Yep
  • [15:26] Aleric Inglewood: but personally I think that is rather harmless as long as it stays inside SL. Once people figure that out, they can just uninstall the viewer and use another :p
  • [15:27] Soft Linden: That's one thing we've always seen in the griefing groups. The members we identify tend to have people who normally hang out in the same community they attack, and they hang around after the attack to see the drama.
  • [15:27] Techwolf Lupindo: Drama aside, this should be open communcations. Just finding an item and then saying "thanks, we be talking to them" and then not hear anymore just make it worse.
  • [15:28] Oz Linden: good point, Techwolf
  • [15:28] Soft Linden: Techwolf - can you elaborate on that?
  • [15:28] Boroondas Gupte: I.e., it shouldn't work like ARs do now.
  • [15:29] Soft Linden: You're talking about griefing stuff, or viewer issues or ?
  • [15:29] Techwolf Lupindo: viewer issues.
  • [15:29] Oz Linden: we will no doubt have to constrain what we say "in public" due to legal issues, though
  • [15:29] GOAT Firethorn: I think I get what he's saying
  • [15:29] GOAT Firethorn: noone likes to submit something and then have no feedback on what happens with it
  • [15:29] Boroondas Gupte: what kind of legal issues?
  • [15:29] Soft Linden: Yeah. My preference is that it would be all out in the open in pJIRA. I don't know if we can always share what we find because of legal, etc. A lot of you might be less constrained, so long as you keep it to verifiable information. JIRAs with repro steps, not rumors.
  • [15:29] GOAT Firethorn: >.> LL has tons of
  • [15:30] GOAT Firethorn: *legal things
  • [15:30] Oz Linden: that's the way the world works, unfortunately
  • [15:31] Techwolf Lupindo: Even if the reporter has to do a NDA due to legil issues, at least the reproter know the issue was taken care off and can assure others that the issue was indeed taken care off. Others tend to be more assured that an issues has been taken care off if the into come from the person that reported it.
  • [15:31] Techwolf Lupindo: into=info
  • [15:32] Oz Linden: One possible approach would certainly be to ask the reporter to retest with the version that allegedly solves the problem
  • [15:32] Soft Linden: +1
  • [15:32] Oz Linden: I like the idea of maximum possible openness
  • [15:33] Oz Linden: we'll just have to find out what that maximum is
  • [15:33] GOAT Firethorn: I don't think the LL legal team does XD
  • [15:33] Soft Linden: I think the LL legal team will always err on the side of ass covering, and it's up to us to get better at making counter arguments. Showing some successes where we've stepped a bit farther is the best way
  • [15:33] Oz Linden: The legal team may have a different view if we tell them to balance the risk of black-hat viewers going undetected
  • [15:33] Techwolf Lupindo: Don't ask LL legin team for how much, they will classified everything just like Bush did.
  • [15:34] GOAT Firethorn: LOL
  • [15:34] Boroondas Gupte: The possible actions LL has in case of a violation are: 1) talk to the TPV devs 2) take it off the list. I don't see how any of these can cause legal issues when done publicly.
  • [15:34] Soft Linden: (I'm not using ass covering as a pejorative - legal liability threats, etc are very real)
  • [15:34] Oz Linden: Lawyers are paid to mitigate risk... sometimes you have to educate them about what the risks are
  • [15:35] Techwolf Lupindo: All it takes is one bad devoloper on a team to slip something past everyone.
  • [15:36] GOAT Firethorn: this is extremely true
  • [15:36] Soft Linden: Sure. We can unlist and relist viewers all day. My wish is that people could see why. Given that more often than not, resis find the problem, giving them a place to show their findings will be a win for transparency.
  • [15:36] GOAT Firethorn: especially since most teams don't check each others code
  • [15:36] GOAT Firethorn: /me points to emerald
  • [15:36] Ardy Lay: What possible legal risk is there in telling someone who broke the rules that because they broke the rules they have to leave?
  • [15:37] Techwolf Lupindo: LL did have a few folks that had regular meeting with one or more tpv untill a few weeks ago. Now it just all tpv in one meeting and that sorta made things worse as the feedback from reqular meeting can sometimes stop a feature from going that is questiable.
  • [15:38] Oz Linden: probably none, Ardy, but there are risks in making public statements about it that you might not be able to fully substantiate
  • [15:38] Latif Khalifa: private meetings with just one viewer team are not such a good idea tech
  • [15:39] Soft Linden: Yeah. I think we generally agree that we don't want to repeat that.
  • [15:39] Techwolf Lupindo: I did not say they was good Latif.
  • [15:39] Oz Linden: Tech, and TPV that wants a private meeting to discuss specific issues can have one.
  • [15:39] Oz Linden: just don't want to do that as a regular thing
  • [15:40] Soft Linden: Sorry, yeah - don't want to repeat on single-project recurring meetings.
  • [15:40] Oz Linden: LL is trying to figure out how to increase transparency - thank the return of Phillip
  • [15:40] Soft Linden: Wanting a private space to talk about a feature you want to unveil as a surprise or similar special case is totally fine
  • [15:40] Latif Khalifa: /me is speaking with server lindens whole day today, since 1.40.4 breaks all libomv based clients ;)
  • [15:40] Boroondas Gupte: Btw., are there ideas how we (Snowglobe project) can better cooperate with TPV devs? One of the goals of Snowglobe is to become the base for as many LL-code-based TPVs as possible, right? So we have to know about their needs.
  • [15:40] Latif Khalifa: greaat guys, server lindens
  • [15:41] Soft Linden: /me ❤ the core team
  • [15:41] Soft Linden: That's a very good question, Boroondas
  • [15:42] Oz Linden: right now I think that's best done by leading the way to getting the 2.x version working
  • [15:42] Techwolf Lupindo: Soft, idea...have a remmendation for tpv to have a side-chat/private meeting to disclose all new featrues before puting them to beta or release. Right now, the feeling is that LL doesn't want any more private feedback.
  • [15:43] Soft Linden: I don't understand what you mean. A meeting to talk about what's being added to SL?
  • [15:43] Soft Linden: Or you're saying a place for third party projects to tell LL what's being added?
  • [15:44] Oz Linden: Tech... that might make a good discussion topic for the TPV meeting
  • [15:44] GOAT Firethorn: you could do like a change log sort of thing
  • [15:44] GOAT Firethorn: >.>
  • [15:44] GOAT Firethorn: <.<
  • [15:44] GOAT Firethorn: >.>
  • [15:44] Boroondas Gupte: change log?
  • [15:45] Boroondas Gupte: oh, you mean like release notes?
  • [15:45] GOAT Firethorn: yeah
  • [15:45] Techwolf Lupindo: Some form of communcation to give feecback on new features before public, there are some tpv that "steal"/"copy" idea and release a viewer before hand and claim it as there own. Hence why they don't discuss things before public.
  • [15:45] GOAT Firethorn: exactly
  • [15:45] Latif Khalifa: personally i would love a viewer-dev sandbox on aditi that has stuff that is coming but disabled - enabled, like GetTexture cap for instance
  • [15:45] Soft Linden: Gotcha
  • [15:46] Dzonatas Sol: there is a sandbox here
  • [15:46] Latif Khalifa: Philip said in his strategy blog post that planning and development will be mich more in public
  • [15:46] Soft Linden: That's totally Oz's call. But I'd be more than happy to sit in on meetings like that, Tech
  • [15:46] Latif Khalifa: I don't think there is a need for private disclosure if that strategy is implemented
  • [15:46] GOAT Firethorn: 'much more in public'
  • [15:47] GOAT Firethorn: lol
  • [15:47] Latif Khalifa: "The shift to shorter cycles with smaller deliverables should allow better community involvement and feedback. We will make our changes, develop code, and discuss plans in the open."
  • [15:47] Latif Khalifa: is what Philip wrote
  • [15:47] Techwolf Lupindo: I notice that Phillip metchined something along the lines "now that I caught up", to me, that means phillip was really out fo the loop for some thing that happen in LL>
  • [15:47] Latif Khalifa: if we get that, it solves a lot of issues
  • [15:47] Oz Linden: ... and what he's been telling all of us
  • [15:47] Morgaine Dinova: There was mention of GPL violations earlier, but because you bundle viewers with pre-built binaries of code that is not GPL, TPV developers can sneak in exploit-hacked binaries of those libraries without needing to reveal their modified sources. That's a much more serious threat to end users than any GPL violation.
  • [15:47] Aleric Inglewood: I'd like an addition to the servers that will allow viewers to transport assets of new, user-defined types.
  • [15:48] Latif Khalifa: and ends the need for private meetings, behind the closed doors disclosure... transparency is good
  • [15:48] Oz Linden: I think you'll all be happy with the effects of that as it percolates down to operational changes
  • [15:48] Boroondas Gupte: :-)
  • [15:48] Morgaine Dinova: Joe was aware of the security issues with the prebuilt libraries in TPVs several months ago. Is there any progress on it?
  • [15:48] Dzonatas Sol: Aleric, wouldn't http textures branch be what you want
  • [15:49] Oz Linden: We're working on it, Morgaine
  • [15:49] Latif Khalifa: you cannot test http texture anywhere
  • [15:49] Morgaine Dinova: Oz: that's good to hear.
  • [15:49] Latif Khalifa: that's why i asked for viewer dev sandbox on aditi
  • [15:49] Latif Khalifa: that has those sim features enabled
  • [15:50] Dzonatas Sol: latif, we're talking user define types, which is an ability implicit in http textures
  • [15:50] WolfPup Lowenhar: i think that is kind of what hoppholler is for
  • [15:51] Thickbrick Sleaford: see you people, gotta run
  • [15:51] Aleric Inglewood: Dzonatas: I don't know? Example of what I'd want to use it for... pass along stuff like windlight settings, agenda items (date and time of events with LM's), custom mesh format and animation format (I have very kewl ideas on how to improve those, but they'd need a new non-existing format)... then I could write code and show that it works :)
  • [15:51] WolfPup Lowenhar: tc thick
  • [15:51] Soft Linden: /me has to run
  • [15:51] Soft Linden: Thanks all!
  • [15:51] WolfPup Lowenhar: tc soft
  • [15:51] Latif Khalifa: take care Soft :)
  • [15:51] Aleric Inglewood: bye!

Generated with SLog Wikifier