User:Which Linden/Office Hours/2008 Jun 19

From Second Life Wiki
Jump to: navigation, search
  • [11:00] Saijanai Kuhn: which not online yet
  • [11:01] Teravus Ousley: maybe Which had to cancel again.
  • [11:01] Gareth Ellison: hopes not
  • [11:01] Gareth Ellison: i put on these special blue boots!
  • [11:02] Saijanai Kuhn: he's usually pretty good about posting cancellation notices. You have to know where to look to find them though
  • [11:03] Teravus Ousley: maybe he's just late?
  • [11:04] Lalinda Lovell: the tp entry point here needs to not be onto someones head
  • [11:04] Gareth Ellison: that's it, i'm taking my boots off
  • [11:04] Aimee Trescothick: lol
  • [11:04] Gareth Ellison: he's late, he no see my blue boots
  • [11:04] Aimee Trescothick: landing on people is good
  • [11:05] Aimee Trescothick: saves strain on the ankles
  • [11:08] Teravus Ousley: Hi
  • [11:08] Which Linden: Sorry I'm late
  • [11:09] Which Linden: Hey all, what's going on?
  • [11:09] Gareth Ellison: which - you missed out on big blue boots due to being late
  • [11:09] Gareth Ellison: now on with teh show
  • [11:09] Which Linden:  :-
  • [11:09] Which Linden:  :-(
  • [11:09] Which Linden: Ha ha ha
  • [11:10] Gareth Ellison: come on you little plant
  • [11:10] Gareth Ellison: [1] < teh boots you missed
  • [11:10] Teravus Ousley: Greetings.
  • [11:11] Which Linden: Have you ever nnotice that sometimes it takes like 3-4 clicks to get teh inline links to work?
  • [11:11] Which Linden: I'm glad they're there, but....
  • [11:11] Bartholomew Kleiber: yes
  • [11:11] Aimee Trescothick: was just thinking that
  • [11:11] Which Linden: Whoa. Botty
  • [11:11] Which Linden: *booty
  • [11:11] Teravus Ousley: didn't click on the link :D
  • [11:12] Which Linden: Opensource Obscure asked me last week what presentation I was giving that caused me to cancle my office hours then
  • [11:12] Which Linden: ...OO isn't here
  • [11:13] Gareth Ellison: L$ API we were told
  • [11:13] Teravus Ousley: alas
  • [11:13] Which Linden: Yeah
  • [11:13] Which Linden: Basically the deal is that we're building an (internal-only) API for moving L$ around
  • [11:13] Which Linden: Built, actually
  • [11:13] Which Linden: The presentation was on how to use it
  • [11:14] Saijanai Kuhn: how does this tie in with [2008/06/10 13:50
  • [11:14] Which Linden: It's sort of the first step on teh way to that
  • [11:14] Saijanai Kuhn: or was that just coincidence ?
  • [11:14] Saijanai Kuhn: OK...
  • [11:14] Which Linden: Whoever writes those inter-grid APIs will end up using the internal APIs
  • [11:15] Gareth Ellison: not to be an idiot here, but don't you already have a means of moving L$ around internally?
  • [11:15] Gareth Ellison: how's the internal API different from your current system?
  • [11:15] Which Linden: Gareth: hah, great question
  • [11:15] Which Linden: The current system is "copy-n-pasted SQL snippets
  • [11:15] Which Linden: "
  • [11:15] Gareth Ellison: right
  • [11:15] Teravus Ousley: hehe, fun.
  • [11:15] Which Linden: Yeah
  • [11:15] Gareth Ellison: so all systems wanting to move L$ around reimplement it and touch the database directly then?
  • [11:16] Which Linden: Basically yeah
  • [11:16] Gareth Ellison: now i get you
  • [11:16] Which Linden: Not completely, we haven't completely abandoned encapsulation, but there's at least 10 different APIs
  • [11:16] Teravus Ousley: wrote a php interface for currency.. in the OpenSimulator Example money module...
  • [11:16] Teravus Ousley: .. and OpenSimWi web-interface.
  • [11:16] Gareth Ellison: teravus - you didn't document it ;)
  • [11:16] Gareth Ellison: but offtopic
  • [11:17] Gareth Ellison: which - go on, how's the new API gonna look?
  • [11:17] Which Linden: If you ever write doc, I'd like to see them
  • [11:17] Teravus Ousley: k :D
  • [11:17] Which Linden: Well it's pretty straightforward. Remember this is the internal API so you're never going to interact with something like this
  • [11:17] j3rry Paine: docs are like sex
  • [11:17] Teravus Ousley: hehe
  • [11:18] Gareth Ellison: it's internal but we might want to use it for thoughts on a larger external API for OGP
  • [11:18] Which Linden: There's about four major operations you want to perform on an agent: check balance, transfer L$ to another entity, give L$, take away L$
  • [11:19] Gareth Ellison: give and take, do they just arbitarily increment/decrement?
  • [11:19] Which Linden: Those last two are for LL-specific purposes (asset upload, premium grant), and yeah they're just incr/decr
  • [11:19] Teravus Ousley: would suggest a fully 'transactional' approach....
  • [11:20] Teravus Ousley: .. for the upcoming api anyway..
  • [11:20] Which Linden: Yeah, so it is definitely the bare bones
  • [11:20] Gareth Ellison: i would suggest governor linden hold the fees from asset uploads
  • [11:20] Gareth Ellison: or some other linden account
  • [11:20] Gareth Ellison: M?
  • [11:20] Which Linden: As you note there is no provision for specifying "buy this object", that's handled externally to this API
  • [11:21] Which Linden: Yeah, that's a good point -- the incr/decr could be modeled as transfers to/from some specific agent
  • [11:21] Teravus Ousley: would also posulate that in the future it might be adventagious for a region to have a money specific 'claim user' method.
  • [11:21] Which Linden: The problem is, any agent is going to be on a single host, so if you make a single agent the target of system-wide services, then that agent's host will become the new bottlenexck
  • [11:21] Gareth Ellison: sets up "RulerOf TehUniverse" as the asset upload fee acquirer on own grid....
  • [11:22] Gareth Ellison: not if agent hosts can be replicated
  • [11:22] Gareth Ellison: stateless bitches, you only need state for a few things
  • [11:22] Gareth Ellison: apologies for the language
  • [11:22] Which Linden: Well you certainly need state for your balance.
  • [11:23] Which Linden: That would be the chokepoint
  • [11:23] Gareth Ellison: but state is not tied to sessions - it's tied to the database
  • [11:23] Teravus Ousley: well, the reason for the 'claim-user' method would be to limit money activity within regions that don't have any association with the user.
  • [11:23] Which Linden: Yeah you could get around that by just allowing the balance checks to be stale and instead of incr/decr a single number you're appending to a log
  • [11:23] Which Linden: So tell me more about this claim-user. Is this just a "budget" for a region?
  • [11:25] Which Linden: Teravus?
  • [11:25] Teravus Ousley: well, for example, in the OpenSimulator Example money module, it calls 'claim user', and a region that doesn't have a user claimed cannot make balance queries or call any financial methods on the user
  • [11:25] Which Linden: ah, didn't see the typing animation
  • [11:25] Which Linden: OK, so it's sort of a pre-auth
  • [11:25] Which Linden: I would tend to think of that as requesting a set of capabilities
  • [11:26] Gareth Ellison: that makes sense, you don't want a region you visited just once to have the capability to steal your L$ after you leave
  • [11:26] Teravus Ousley: .. there is also a situation where a user accepting permission of a script to 'take money', would call 'authorize-script' ..
  • [11:26] Gareth Ellison: region needs to get the agent's cap just after avatar rez
  • [11:26] Teravus Ousley: .. which would authorize that region to take money via script.
  • [11:26] Gareth Ellison: and then the cap must be short-lived or some other means of withdrawing it as soon as you change region
  • [11:27] Gareth Ellison: one thing i'd like to point out
  • [11:27] Which Linden: Yeah, you'd want it to be a cap against your agent host or something so you can revoke it
  • [11:27] Gareth Ellison: can we have the viewer talk directly to the backend?
  • [11:27] Gareth Ellison: so regions don't actually run transactions
  • [11:27] Gareth Ellison: that would enable a user to visit an untrusted region and still run L$ transactions
  • [11:28] Teravus Ousley: notes that the viewer currently talks directly to the back end for US dollar transactions(buy $L)
  • [11:28] Gareth Ellison: but not for L$ transfers
  • [11:28] Teravus Ousley: nods
  • [11:28] Gareth Ellison: if right now an untrusted sim was linked to agni and you TP to it, the owner can steal all your L$
  • [11:29] Teravus Ousley: nod nods :D
  • [11:29] Which Linden: Gareth: that would be the point of the agent host
  • [11:29] Gareth Ellison: yeah, viewer talk direct to agent host
  • [11:29] Which Linden: Yeah, and the agent host has the bits (And the persistence) to make shit happen
  • [11:30] Gareth Ellison: kinda similar to on the web, you go to www.scammer.com, and scammer.com can't draw money out your paypal account, but can redirect you to paypal and get you to pay out $100000000USD
  • [11:30] Gareth Ellison: then it's up to your own stupidity whether you login and click accept
  • [11:30] Which Linden: So I love all these ideas for fine-grained L$ permissoins
  • [11:31] Which Linden: It seems the challenge with them though is to keep them from interfering with normal useres
  • [11:31] Which Linden: Thinking, in particular, of this strip: [2]
  • [11:32] Aimee Trescothick: 9 clicks, counted that time
  • [11:32] Which Linden: To do what?
  • [11:32] Gareth Ellison: lol
  • [11:32] Aimee Trescothick: open the link lol
  • [11:33] Teravus Ousley:  :D
  • [11:33] Saijanai Kuhn: that is great
  • [11:33] Teravus Ousley: agreed, that is the challenge
  • [11:33] Eeron Kilian: worked in the first click here. I've never noticed the links needing more clicks than one. is it due to latency?
  • [11:33] Gareth Ellison: reminds me of my bank's online banking: you need to confirm transfers 4 times
  • [11:33] Teravus Ousley: .. and potentially, the bottle neck.
  • [11:33] Which Linden: Oh, hah
  • [11:33] Which Linden: Eeron: could be due to framerate
  • [11:34] Teravus Ousley: suspects frame rate vs click detection.. as it opens for him if he holds down his left mouse button for a second and then releases over it.
  • [11:34] Eeron Kilian: lower framerate would cause the client to not 'catch' the click ?
  • [11:34] Eeron Kilian: ah i see
  • [11:35] Which Linden: Teravus: yeah: "I want to buy this object" "you have to authorize this region to take money from you" "OK" "How much money should it be able to take from you?" etc etc
  • [11:35] Teravus Ousley: hehe, well, the finanical market puts monthly caps on merchants.. and daily caps and per-transaction caps..
  • [11:35] Gareth Ellison: the region makes a request for X amount
  • [11:36] Gareth Ellison: and you get one popup
  • [11:36] Which Linden: Well not everyone is a financial marketeer
  • [11:36] Gareth Ellison: "region wants to draw X from you"
  • [11:37] Which Linden: I guess it depends on when the claim is triggered
  • [11:37] Teravus Ousley: Yes, I suppose the caps would be imposed by the Agent Domain of the money receiver... and would return back either a yes, or no..
  • [11:38] Teravus Ousley: .. but also the sender would have to have a yes or no response to having the money and under 'daily limit'
  • [11:38] Gareth Ellison: makes one think of merchant accounts for credit/debit cards
  • [11:39] Teravus Ousley: exactly.
  • [11:39] Gareth Ellison: get a preauth, and then a capture
  • [11:39] Which Linden: Yeah
  • [11:39] Gareth Ellison: could use the card model actually
  • [11:39] Gareth Ellison: give a card number and a URL
  • [11:39] Gareth Ellison: the card number could be a one-time thing
  • [11:39] Gareth Ellison: with a limit
  • [11:39] Which Linden: ... a capability
  • [11:39] Gareth Ellison: heh
  • [11:40] Teravus Ousley: hehe, our error messages would be equally as non-descriptive, ' the charge was denied by your agent domain'
  • [11:41] Gareth Ellison: heh
  • [11:41] Gareth Ellison: double-heh conversations
  • [11:41] Gareth Ellison: so, viewer talks to agent domain, generates cap and sends it to region domain
  • [11:41] Gareth Ellison: that sounds sexual
  • [11:41] Which Linden: "Please consult this architecture diagram to learn how to use the in-world currency."
  • [11:42] Gareth Ellison: in the viewer UI user clicks on something to buy
  • [11:42] Saijanai Kuhn: special tutorial on UML sequence diagrams...
  • [11:42] Gareth Ellison: gets a confirmation dialog
  • [11:42] Which Linden: Yup, and then the capability gestates in the region domain until birthed by the "buy" request
  • [11:42] Gareth Ellison: then the viewer does the rest of the work behind the scene
  • [11:43] Saijanai Kuhn: I would think the viewer should be doing as little work as possible...
  • [11:43] Which Linden: Yeh, it seems that the viewer is out of the picture as soon as the cap gets to the region
  • [11:43] Gareth Ellison: but the viewer is responsible for sending the cap to the region
  • [11:43] Teravus Ousley: well, preferrably, since the viewer, nor the region is trusted by the agent domain.
  • [11:44] Gareth Ellison: the viewer says "hey, gimme a cap that allows a one-off L$50 payment please" to the agent domain
  • [11:44] Gareth Ellison: it gets it back
  • [11:44] Gareth Ellison: and forwards it to the region domain
  • [11:45] Which Linden: OIC
  • [11:45] Which Linden: That's a little different from what I was envisioning, but I don't see why it wouldn't work your way
  • [11:45] Gareth Ellison: how did you envision it?
  • [11:46] Which Linden: That the region domain and the agent domain negotiate for said cap, and it never travels over the wire to the viewer
  • [11:46] Gareth Ellison: where's the user intervention?
  • [11:46] Which Linden: The user would still see the same set of stuff, it's just that the cap wouldn't physically be stored in the memory of the viewer
  • [11:47] Gareth Ellison: agent domain just says to viewer "is it ok if i send a cap to this region?"
  • [11:47] Gareth Ellison:  ?
  • [11:47] Which Linden: Yeah
  • [11:47] Gareth Ellison: seems clean
  • [11:47] Saijanai Kuhn: I'd prefer that way. WOuld reduce possible security issues if someone can intercept that CAP between viweer and AD
  • [11:47] Which Linden: They're semantically equivalent really
  • [11:48] Which Linden: There are details such as Sai's that would be pretty important to consider
  • [11:48] Teravus Ousley: Saj: technically since the region domain isn't trusted.. in the future, so it's equiv
  • [11:48] Saijanai Kuhn: was a big worry when I thought about a AD to AD transfer of an agent to get to a completely incompatible world. A viewer that has talked to a rogue AD is no longer trusted, IMHO
  • [11:48] Teravus Ousley: .. rather, it's equivelent because in the future the region domain may not necessarily be on the same network.
  • [11:49] Which Linden: Another concern would be that if this cap is granted as part of a transaction, you want it to be as seamless with the rest of that transaction as possible
  • [11:49] Which Linden: I.e. no need for the agent domain to display a dialog on the viewer if it's the viewer asking to buy the object
  • [11:50] Teravus Ousley: hehe
  • [11:50] Gareth Ellison: you want a single dialog
  • [11:50] Which Linden: Right, you click the object and say "Buy for L$50", you don't want to see a dialog asking you "do you want to spend L$50?" You'd be like, "YES, asshole"
  • [11:50] Gareth Ellison: so that the region domain can't keep on requesting caps without the viewer saying ok
  • [11:51] Teravus Ousley: "can I take some money out"?
  • [11:51] Which Linden: Exactly
  • [11:51] Teravus Ousley: <- comic reference.
  • [11:52] Which Linden: Of course, it's much easier to just grant a cap to take L$, sans cap
  • [11:52] Which Linden: um
  • [11:52] Which Linden: sans maximu
  • [11:53] Which Linden: Like right now you can grant an object debit permissions but can't specify a limit
  • [11:53] Which Linden: It's the bare minimum implementation
  • [11:54] Which Linden: Anyway, this is stuff that I can't even think about working on until many months from now
  • [11:55] Teravus Ousley: kind of likes the client methodoligy.. 1: User Clicks buy object.. 2. Client asks debit perms for region to agent domain, gets back cap, client sends cap address as part of buy message to region, region invokes cap
  • [11:55] Which Linden: Once we're on the L$ API completely, and L$ are scalable, then I can start looking at this stuff
  • [11:55] Which Linden: Teravus: yeah, it does have that benefit
  • [11:55] Which Linden: Right now actually the client has very little knowledge of what transactions it's participating in
  • [11:55] Which Linden: I'd like to add some more "smarts" to it
  • [11:57] Which Linden: For example, right now, when you buy something, the viewer deducts teh price of the object from the in-viewer L$ display before the transaction goes through
  • [11:58] Which Linden: Then it waits for the simulator to supply the "correct" balance
  • [11:58] Which Linden: This means that the simulator has to somehow find out the correct balance even if, say, the database connection timed out
  • [11:58] LifeFactory Writer: eeep...hope that did not just play in world.
  • [11:59] Which Linden: Needless to say, it doesn't do a great job of that
  • [11:59] Which Linden: doesn't have sound on
  • [11:59] Teravus Ousley: didn't hear anything
  • [11:59] LifeFactory Writer: oh....the air is filled with noise, cat-calls, gas-blowing and other assorted auditory teases.
  • [11:59] LifeFactory Writer: But I only played one, I think, by accident. And it was nice :)
  • [12:00] Which Linden: Ha ha, being next to the Public OI has its ... side effects
  • [12:00] LifeFactory Writer: is that what it is? :D
  • [12:00] LifeFactory Writer: I was having a hard time putting this group together with those sounds :D
  • [12:00] Which Linden: That island over there is the public OI
  • [12:00] Which Linden: Makes for a nice view though
  • [12:01] Which Linden: Anyhow, I should probably go
  • [12:01] Which Linden: Getting pinged to help debug some stuff
  • [12:01] LifeFactory Writer: I love this spot. I sat here for ages in the beginning not realizing it is your office.
  • [12:01] Teravus Ousley: Yes, hour is up :D
  • [12:01] LifeFactory Writer: sorry for that!
  • [12:01] Teravus Ousley: Thanks for holding this meeting
  • [12:01] Which Linden: NP, feel free to hang out here whenever you like
  • [12:01] LifeFactory Writer:  :) Have fun, All!
  • [12:01] Which Linden: Thanks for the engaging discussion all, some great thoughts
  • [12:01] Which Linden: And send me the opensim docs when you have them, I'd love to see them
  • [12:02] Teravus Ousley:  :D
  • [12:02] Teravus Ousley: will do.