User:Zero Linden/Office Hours/2007 Oct 16

From Second Life Wiki
Jump to navigation Jump to search
  • [12:55] Whump Linden: I haven't had time yet to customize the bear template.
  • [12:55] Wyn Galbraith: Squirrel!
  • [12:56] Tillie Ariantho: no whump bear? awwwww. :-/
  • [12:56] Tillie Ariantho: hihi
  • [12:56] Whump Linden: Soon, I've barely had time to outfit my avatar.
  • [12:56] Vicero Lambert: whump youve goten father in your adavat apperance then cube linden lol
  • [12:57] Vicero Lambert: -farther
  • [12:57] Tree Kyomoon: chat lag is massive for me
  • [12:57] Whump Linden: But cube's avatar is classic.
  • [12:57] Vicero Lambert: yea
  • [12:57] Kooky Jetaime: Another SC fan I see
  • [12:57] Kooky Jetaime: Have a bear Whump?
  • [12:57] Wyn Galbraith: Looks like Vicero survived Burning Life.
  • [12:57] Whump Linden: I'm hoping he does a cranberry aspic for Thanksgiving.
  • [12:57] Vicero Lambert: lol
  • [12:57] Whump Linden: Kooky, I've gotten the template, but need to customize it.
  • [12:58] Vicero Lambert: yea burning life is still slightly a pain for me though because of all the year round events that are in the mix
  • [12:58] Wyn Galbraith: Wow a really fresh Linden.
  • [12:58] Arawn Spitteler: What's the methance content of all those particles?
  • [12:58] Vicero Lambert: whump is everett linden busy lately?
  • [12:59] Vicero Lambert: torley forwarded a email to him but never hear anything
  • [12:59] Kooky Jetaime: Arawn - huh? methance content?
  • [12:59] Wyn Galbraith: With Iridium gone I would think he was busy.
  • [12:59] Tillie Ariantho: a fresh linden? I know there is a which linden, but which linden is fresh linden? never met him. .P
  • [12:59] Whump Linden: I haven't worked with him, so don't know his status.
  • [12:59] Squirrel Wood: Woot. SVC-392 has been turned into a havok 4 issue...
  • [12:59] Wyn Galbraith: If I were a Linden my name would be Fresh Linden
  • [13:00] Vicero Lambert: I would be earth linden and be a earth lol
  • [13:00] Arawn Spitteler: Next to become a Linden takes the fresh name.
  • [13:00] Saijanai Kuhn: Is there a Lost LInden?
  • [13:00] Squirrel Wood: It's.... MORPHEUS ^^
  • [13:00] Tillie Ariantho: or "Another Linden" or "Justlike Linden" or "Why Linden". :D
  • [13:00] Wyn Galbraith: That's a good one or how about Glow Linden and just be a glow.
  • [13:00] Vicero Lambert: There should be a nut linden lol
  • [13:00] Kooky Jetaime: Workingonit Linden
  • [13:00] Kooky Jetaime: grins
  • [13:00] Wyn Galbraith: Whynot Linden
  • [13:00] Kooky Jetaime: Lazy Liden
  • [13:00] Squirrel Wood: What'sa Linden?
  • [13:00] Kooky Jetaime: Linden
  • [13:00] Wyn Galbraith: I think there si a workingon it Linden
  • [13:00] Arawn Spitteler: Roundtoit?
  • [13:01] Wyn Galbraith: LOL Squirrel.
  • [13:01] Kooky Jetaime: WorkingOnIt linden is a general name
  • [13:01] Saijanai Kuhn: workingonit is a fake linden
  • [13:01] Wyn Galbraith: Intoit Linden
  • [13:01] Kooky Jetaime: Its a currency
  • [13:01] Kooky Jetaime: No its a kind of person
  • [13:01] Kooky Jetaime: no
  • [13:01] Kooky Jetaime: its a lab
  • [13:01] Morpheus Linden: Wyn, not really. Yeah, Workingonit is a fake name -- I think Torley made it up for pjira
  • [13:01] Kooky Jetaime: FRACK what is a linden?!?!
  • [13:01] Kooky Jetaime: looks for his cube to help him
  • [13:01] Wyn Galbraith: Frack Linden!
  • [13:01] Hypatia Callisto: A tree? :D
  • [13:01] Zha Ewry: An ally in San Francisco
  • [13:02] Morpheus Linden: And which linden is not an especially fresh linden. He's probaly year-ish now.
  • [13:02] Zha Ewry: Where they stareted
  • [13:02] Wyn Galbraith: Morpheus is god too.
  • [13:02] Whump Linden: Okay, we need an Abbot Linden now.
  • [13:02] Saijanai Kuhn: Sandman Linden?
  • [13:02] Zha Ewry: We have got to start donating Zero some more furniture
  • [13:02] Wyn Galbraith: Candyman Linden
  • [13:02] Vicero Lambert: web2 linden
  • [13:02] Wyn Galbraith: Hey Zero and Sabin and Periaplse.
  • [13:02] Squirrel Wood: Hellos ^^
  • [13:02] Vicero Lambert: hi tess
  • [13:02] Zero Linden: well, actually, the amount of furniture and setting were picked
  • [13:02] Vicero Lambert: hi zero
  • [13:02] Rex Cronon: hello everybody
  • [13:02] Saijanai Kuhn:  ?????? Linden
  • [13:02] Wyn Galbraith: Morpheus got a bear?
  • [13:03] Zero Linden: to keep this a friendly, cozy office
  • [13:03] Morpheus Linden: shakes his head. Sorry Wyn.
  • [13:03] Zha Ewry: Which is is
  • [13:03] Zero Linden: not a lecutre hall
  • [13:03] Zha Ewry: But.. A crowsed Cozy Office
  • [13:03] Wyn Galbraith: Darn. What good are new Lindens without bears?
  • [13:03] Zha Ewry: *crowded
  • [13:03] Saijanai Kuhn: ha. Wait til we zerg you with AWGroupies
  • [13:03] Zha Ewry: Of course, I need more rocks in my meadow, now.
  • [13:03] Kooky Jetaime: ooh speaking of Zerg
  • [13:03] Tillie Ariantho: Wow attack of the Lindens.
  • [13:03] Wyn Galbraith: Here comes Rob.
  • [13:04] Zero Linden: Here we come....
  • [13:04] Zero Linden: Walking down the street...
  • [13:04] Wyn Galbraith: Wow there's going to be more Lindens then us.
  • [13:04] Zero Linden: Got the funniest avies.....
  • [13:04] Arawn Spitteler: Legionov?
  • [13:04] Zero Linden: That you ever did meet!
  • [13:04] Vicero Lambert: awww no cube linden? :(
  • [13:04] Kooky Jetaime: need to look at my latest news on Starcraft 2
  • [13:04] Wyn Galbraith: Good Zero.
  • [13:04] Kooky Jetaime: grins
  • [13:04] Zero Linden: Hey hey we're the Lindens! Can't stop rezzing around!
  • [13:04] Kooky Jetaime: Zero.. we love the cozyness, but we soo need a bigger venue
  • [13:04] Squirrel Wood: Woot
  • [13:04] Zero Linden: okay I could go on, but I won't
  • [13:04] Wyn Galbraith: changes groups for Sai.
  • [13:05] Vicero Lambert: lol
  • [13:05] Zero Linden: wow - they keep coming and coming....
  • [13:05] Vicero Lambert: that works :-p
  • [13:05] Arawn Spitteler: "We're much too busy Hacking, to put any scripting down..."
  • [13:06] Vicero Lambert: i think the lindens may be here for research ;-)
  • [13:06] Zero Linden: Ah... paradoy....
  • [13:06] Kooky Jetaime: Hello Morpheus
  • [13:06] Morpheus Linden: Hi Kooky, all.
  • [13:06] Multi Gadget: v2.0.3b by Timeless Prototype, '/44 info'
  • [13:06] Kooky Jetaime: tries hard to not use the numerious Matrix jokes that he's comming up with
  • [13:06] Arawn Spitteler: Do we get to use them in Scientific Experiments, like on Meaning of Life?
  • [13:06] Tao Takashi: Hi!
  • [13:06] Kooky Jetaime: Ok Ok.. This many lindens, it has to be done.. Bear Swap!
  • [13:06] Vicero Lambert: lol
  • [13:06] Zero Linden: Actually, there is a "ethical guidlines of research on avatars" somewhere on our web site
  • [13:07] Zero Linden: really!
  • [13:07] Vicero Lambert: ah
  • [13:07] Tillie Ariantho: There comes Rock Linden. .P
  • [13:07] Kooky Jetaime: gets out his list of Linden's he's asked for bears
  • [13:07] Sally Linden: had to get the wings out
  • [13:07] Wyn Galbraith: I need bears from everyone except Zero, Periapse, Rob, and Sabin.
  • [13:07] Squirrel Wood: Oh My. Where did you find all these Lindens Zero? ^^
  • [13:08] Wyn Galbraith: I think we're being Zerg'd by Lindens.
  • [13:08] Zha Ewry: So Zero.. have you noticed our evil plan? We're never going to let you catch up on your wiki reading.
  • [13:08] Rex Cronon: will there be a big announcement? that is why so many lindens here?
  • [13:08] Zero Linden: No Zha, did you already edit my edits?
  • [13:08] Sabin Linden: no
  • [13:08] Sally Linden: not that I know of. I'm just a curious observer
  • [13:08] Zha Ewry: Not yet, but shortly ;-)
  • [13:08] Zero Linden: OKAY, Let's get started
  • [13:08] Donovan Linden: we sent email to an internal mailing list announcing this, that's why there are so many lindens
  • [13:09] Zero Linden: Welcome to my stuffed-phone-booth hours
  • [13:09] Kooky Jetaime: Thank you Joshua
  • [13:09] Wyn Galbraith: Where's your ring Squirrel?
  • [13:09] Zero Linden: We're here in general to talk about the once and future architecture of Second Life
  • [13:09] Arawn Spitteler: That would be a cozy venue.
  • [13:09] Squirrel Wood: apparently something in the last update broke the ring
  • [13:09] Wyn Galbraith: Uhoh.
  • [13:09] Zero Linden: All discussion is on the record and will be transcribed into the wiki (by magical elves that I thank profusely)
  • [13:09] Kooky Jetaime: Welcome Pulseburst ! glad you could make it
  • [13:10] PulseBurst Flow: Thanks Kooky Hi
  • [13:10] Zero Linden: Today we have a topic: Viewer / Web Authentication
  • [13:10] Zero Linden: To that end, a host of Lindens came, especially the Studio Icehouse team that is doing the work
  • [13:10] Tess Linden: /wave!
  • [13:10] Tess Linden: waves!
  • [13:10] Sabin Linden: /bow
  • [13:10] Vicero Lambert: woot
  • [13:10] Squirrel Wood: /ao off
  • [13:11] FFM Female: Abranimations Overrider: Franimation override off.
  • [13:11] Zero Linden: So - let's get started -
  • [13:11] Zero Linden: Tess - let's start iwth a status update on the code
  • [13:11] Wyn Galbraith: It's raining bears, thanks Sally, Joshua.
  • [13:11] Zero Linden: where are we?
  • [13:12] Tillie Ariantho: me bears too, please. :D thank you!
  • [13:12] Tess Linden: Our branch is currently in QA, we have the client authenticating via the web
  • [13:12] Tillie Ariantho: *hugs* :)
  • [13:12] Wyn Galbraith: Grasmere
  • [13:12] Jarod Godel: I thought clients already autheticated via the web, or http at least
  • [13:13] Tess Linden: the browser launches the client from the "Go Inworld" page, for windows and macs, and there are instructions to setup that for some versions of Linux
  • [13:13] Kooky Jetaime: ((Can I get bears from: Donovan, Jamie, Leyla, Morpheus, Periapse, and Sabin please..))
  • [13:13] Kooky Jetaime: ((Thank you to Sally and josua for theirs))
  • [13:13] Zero Linden: (bear requests for the end - Lindens please hang for a few minutes at the end)
  • [13:14] Zero Linden: Today: viewer -->(xmlrpc)--> login web server
  • [13:14] Tess Linden: Since the first release will not be mandatory, we are working on ways to extend this for *some* third party clients that do not build the mozilla component and use our splash page
  • [13:14] Zero Linden: Tomorrow: web --> go-in-world page --> internal login services; web --> viewer; viewer --> login service
  • [13:15] Jarod Godel: Cool.
  • [13:15] Jarod Godel: That means we can write auto-login widgets/scripts soon. Bypass that dreadful status page.
  • [13:16] Kooky Jetaime: Jarod add "-autologin" to the command line and it works now
  • [13:16] Gigs Taggart: Tess: some?
  • [13:16] Jarod Godel: ssssh. I want to sound smart!
  • [13:16] Kooky Jetaime: Though I have discovered some...irregularities with the autologin..affecting things it shouldn't.
  • [13:17] Tess Linden: -autologin is implemented in the new client by passing your information to the splash page via https
  • [13:17] Tess Linden: in the query string
  • [13:17] Temporal Mitra: hey gigs
  • [13:17] Leyla Linden: if it has bugs kooky, we'd love to hear about them
  • [13:17] Jarod Godel: slclient.exe -autologin jarod Godel notmypassword
  • [13:17] Leyla Linden: that would be -login jarod Godel notmypassword
  • [13:17] Kooky Jetaime: Jarod - just autologin, and save your password
  • [13:17] Leyla Linden: --autologin uses the saved info
  • [13:17] Kooky Jetaime: it pulls it from the saved
  • [13:17] Jarod Godel: Thanks, Kooky, Leyla.
  • [13:18] Wyn Galbraith: 38 people here, 40 in the sim. We've maxed?
  • [13:18] Zero Linden: Dang!
  • [13:18] Zero Linden: Hot topic, eh?
  • [13:18] Dr Scofield: lol
  • [13:18] Zero Linden: Good thing I wasn't my normal tardy self!
  • [13:18] Kooky Jetaime: Leyla - I need to test them against the release viewer, I only use it with the Nicholaz Edition, but it has changed the way some things act.
  • [13:18] Wyn Galbraith: Sure thing Zero, pays to get here early.
  • [13:19] Jarod Godel: what is the topic?
  • [13:19] Tess Linden: Viewer / Web Authentication
  • [13:19] Dr Scofield: missed the beginning
  • [13:19] Gigs Taggart: Tess, so will autologin use curl or mozlib?
  • [13:19] Kooky Jetaime: Sim is full, 40 limit, 40 present
  • [13:19] Zero Linden: Okay- so, I'll bring up the two issues I know that people have with this idea that you login to the world via the website
  • [13:19] Wyn Galbraith: 39 now, 40 in sim, so the topic is what Tess said.
  • [13:19] Tess Linden: Gigs: it uses mozlib
  • [13:20] Saijanai Kuhn: intives only now
  • [13:20] Gigs Taggart: Tess: why?
  • [13:20] Zero Linden: So - here they are
  • [13:21] Zero Linden: 1) Can I ensure that my build of the viewer / my scripted commerice AV / my bot can log in w/o reading HTML
  • [13:21] Zero Linden: 2) Isn't the web just less safe than the viewer?
  • [13:22] Zero Linden: There - did I capture it all? are there other questions about it?
  • [13:22] Tess Linden: Gigs: Hm, you're right, using httpclient would have been a better thing to do. We tried to make sure we preserved the old functionality first
  • [13:22] Gigs Taggart: 3) Why ignore industry best practices like challenge-reponse?
  • [13:22] Jarod Godel: 4) How does this make Dave Winer money?
  • [13:22] Gareth Ellison: wow, lindens
  • [13:22] Kooky Jetaime: Zero - what about: Having to open a web browser to get into SL?
  • [13:22] Zero Linden: good one, Gigs,
  • [13:23] Kooky Jetaime: Unless I'm missing something
  • [13:23] Zero Linden: jarod, I can't even begin to comment - would violate our multi-million dollar secret agreement with Dave Winer and the Tri-Lateral Commission
  • [13:23] Jarod Godel: Zero: you can has conspiracie theory?
  • [13:23] Zero Linden: Okay - good, let's start with Kooky's first:
  • [13:23] Gareth Ellison: the amount of lindens here scares the prims out of me
  • [13:24] Dzonatas Sol: 5) What is the status to integrate the new WVA with OpenID? (Question 5.1 - Where does AWG start?)
  • [13:24] Gigs Taggart: Gareth: it's safer to keep them all where you can see them.
  • [13:24] Zero Linden: You don't need to - because there is a web browser built into the SL viewer (at least ours)
  • [13:24] Zero Linden: So, if you launch the viewer directly, you get a web page that has the log in form right there in the viewer
  • [13:24] Gareth Ellison: i wanted to spam about my python stuff
  • [13:24] Zero Linden: no extra browser needed
  • [13:24] Kooky Jetaime: Ah, Ok. that works for me
  • [13:24] Zero Linden: Good question 0 dispatched!
  • [13:25] Zero Linden: Now - question 1: do I need to have human eyeballs to log in?
  • [13:25] Zero Linden: Short answer - at least once!
  • [13:25] Wyn Galbraith: No.
  • [13:25] Jarod Godel: captcha?
  • [13:25] Gareth Ellison: Zero: when you have a spare second can you comment on the idea of using streaming HTTP stuff for all communications and doing all of this in python
  • [13:25] Rex Cronon: yes, unless u want bots to roam the grid
  • [13:26] Wyn Galbraith: can login blindfolded.
  • [13:26] Jarod Godel: I do. ;)
  • [13:26] Kooky Jetaime: Zero - earmark this one to discuss again after the rumored bot policy is brought to light.
  • [13:26] Zero Linden: So here's the driver for why we'd do this at all
  • [13:26] PulseBurst Flow: So Zero, furries won't be able to log in?
  • [13:26] Zero Linden: Gareth - no, not today, But I'd be happy to discuss that Thursday
  • [13:26] Gareth Ellison: has been hacking up a viewer with XUI using the current viewer's skins and written in python using REST niceness - when you get a moment...
  • [13:26] Gareth Ellison: ah, ok
  • [13:26] Zero Linden: PulseBurst - no no, furries will, just not earthworms
  • [13:27] Jarod Godel: Gareth, is that for download yet?
  • [13:27] Joshua Linden: / Yay, mollusks are safe!
  • [13:27] Dr Scofield: so,what's the reason?
  • [13:27] Zero Linden: The issue is this: there may come a time where we may want to amke logging into your second life account somewhat smarter
  • [13:27] Gareth Ellison: Jarod: i have a python-scripted viewer for download in an old SVN rev, and the newer system is still under development
  • [13:27] Zero Linden: It may, under certain circumstances, take more than just your name and passsword to get in
  • [13:27] Jarod Godel: ...like logging in from a World of warcraft link.
  • [13:28] Gareth Ellison: what other credentials would be used beyond name/password?
  • [13:28] Dr Scofield: yes?
  • [13:28] Zero Linden: For example - perhaps you'd like to enable a required physical security token (thing on your keychain) to get in
  • [13:28] Zero Linden: Or - gasp - biometric data
  • [13:28] Temporal Mitra: or biometric of course
  • [13:28] Temporal Mitra: dang..i type too slow
  • [13:29] Gareth Ellison: can we look forward to a day where SSH-type authentication using RSA keypairs is fairly standard?
  • [13:29] Dr Scofield: still doesn't see where web browser comes in...
  • [13:29] Dzonatas Sol: kewl ... biometric direction =)
  • [13:29] Zero Linden: Or - perhaps we may have reason to worry about your account and want to be sure
  • [13:29] Wyn Galbraith: loves biometrics.
  • [13:29] Kooky Jetaime: Oooh nice idea Zero
  • [13:29] Kooky Jetaime: Or maybe a World Map so you can pick your LZ (landing zone)
  • [13:29] Kooky Jetaime: without memorizing Sim/X/Y/Z
  • [13:29] Zero Linden: In all these cases, login may become a more complicated procedure than first/last/password
  • [13:30] Vicero Lambert: multi password login?
  • [13:30] Jarod Godel: "Please pee in this cup to login."
  • [13:30] Zero Linden: Our goal is to make it so there is *one* code path that handles login - so that we never have two ways to log in that have different strategies or requirements
  • [13:30] Kooky Jetaime: haha Jarod
  • [13:30] Temporal Mitra: thinks it should be...since it is protecting a significant amount of money in some cases
  • [13:30] Gigs Taggart: Zero: shouldn't you at least require a password that isn't trivially breakable first?
  • [13:30] Zero Linden: Ewwwww Jarod - now I feel dirty!
  • [13:30] Arawn Spitteler: Voice Print maybe, but how are you going to measure my height?
  • [13:30] Gigs Taggart: Zero: seems kinda premature to talk about multifactor auth when you let people set their password to "password"
  • [13:30] Kooky Jetaime: Voice print identification please.
  • [13:31] Squirrel Wood: Please provide a sufficiently large dna sample to log in...
  • [13:31] Zero Linden: Gigs I think we now have a password strength meter on the password change and entry pages
  • [13:31] Khamon Fate: There is nothing more useless than a voice activated lock.
  • [13:31] Gareth Ellison: Zero: would external OpenID providers ever be supported? presuming that avatar/inventory could be dynamically created or loaded from a remote location?
  • [13:31] Rex Cronon: so what happens if u have a cold?
  • [13:31] Jarod Godel: What about Rose Tyler?
  • [13:31] Wyn Galbraith: A lot of people wouldn't be able to login with the pee in the cup login and voice, what if you had a cold, can voice work then, or were in an area where speaking might not be a good thing.
  • [13:31] Gigs Taggart: Zero: correct, but it's only a suggestion, it still lets people use weak passwords.
  • [13:31] Dr Scofield: is the login path a well-publisheHTTP GET/PUT URL?
  • [13:31] Temporal Mitra: agreed, gigs...thinks that there should be minimum standards for passwords...alphanumeric with at least one symbol
  • [13:31] Khamon Fate: beats Jarod senseless
  • [13:31] Zero Linden: Gigs - I don't know the planned path there in support - it might be on the future agenda
  • [13:31] Khamon Fate: yes, too late ha ha ha
  • [13:32] Zero Linden: These things often have to be phased in
  • [13:32] Gareth Ellison: Scofield: right now it's a POST to a well-known XML-RPC server
  • [13:32] Kooky Jetaime: Temporal - I dislike "Forced" password standards, beyond the existing minimum characters
  • [13:32] Gareth Ellison: i'm looking towards LLSD for the initial login flow in my recent experiments
  • [13:32] Zero Linden: But long and short of ALL the excellent suggestions - see, you all get it - is that we need a single point of login so that the code path is written once
  • [13:32] Kooky Jetaime: Zero - one thing to add, specifics about passwords that /are/ acceptable. What characters beyond A-Z,a-z,0-9 are allowed, Minimum length is obvious, but what about maximum length?
  • [13:33] Zero Linden: and we need that code path to be very very flexible - and that means the web and HTML
  • [13:33] Temporal Mitra: then what about removal of the saved password, so that phishers cant harvest them
  • [13:33] Icarus DuCasse: what about a second life ID card, with barkeys to identify ^^
  • [13:33] Dr Scofield: yero, understand that...as long as you don't force us to do screen scraping for libsl...
  • [13:33] Kooky Jetaime: I've had a site once accept a 25 character password for setting, then failed me every time I tried using it after, because it truncated the stored password to 20 chars, and the login was accepting 25 (that were right)
  • [13:33] Gareth Ellison: this makes me think of a nice RESTful system: HTTP authentication to <agentID>
  • [13:33] Zero Linden: No - but here is the plan -
  • [13:33] Gareth Ellison: and use PUT to create a presence
  • [13:34] Temporal Mitra: if retinal scans are coming, I'll need a better color webcam to pick up my bloodshot eyes after a 22 hour scripting stint
  • [13:34] Dr Scofield: gareth, exactly
  • [13:34] Wyn Galbraith: listens.
  • [13:34] Dzonatas Sol: too many questions at once... hard to flow flow
  • [13:34] Zero Linden: If you can get into the web site with just a password,then you'll be able to get libsl to get in with just a password
  • [13:34] Dr Scofield: listens as well
  • [13:34] Dzonatas Sol: *follow flow
  • [13:34] Kooky Jetaime: Zero - SSL I think is a given as well
  • [13:34] Gareth Ellison: any biometrics systems couldn't be enforced until they're much more commonplace
  • [13:34] Zero Linden: we've got that running now
  • [13:34] Zero Linden: BUT
  • [13:35] Gareth Ellison: which opens up the system to a downgrade attack
  • [13:35] Zero Linden: if, hypothetically say, you enable some required security token -
  • [13:35] Zero Linden: then libsl won't be able to do that
  • [13:35] Zero Linden: Now - when we add such a feature -
  • [13:35] Dr Scofield: why not?
  • [13:35] Zero Linden: we'll probably add a way for libsl to supply it,
  • [13:35] Gareth Ellison: i.e if i normally authenticate using a fancy retinal scan then an attacker could force the login server to downgrade to password auth
  • [13:35] Dr Scofield: shouldn't the protocol be open?
  • [13:35] Zero Linden: but right now we are NOT designing a fully general purpose login API
  • [13:35] Gareth Ellison: unless you limit certain accounts to biometrics only
  • [13:35] Zero Linden: Sure - I just don't know what it is right now
  • [13:35] Harleen Gretzky: How would third-party viewers use this and at the same time make the resident comfortable that their password is not transmitted to the third-party?
  • [13:35] Jarod Godel: Zero, what's the difference?
  • [13:36] Kooky Jetaime: G
  • [13:36] Kooky Jetaime: Gareth - having a idiotproof version is always a good idea, who knows you could lose an eye
  • [13:36] Kooky Jetaime: or a hand
  • [13:36] Jarod Godel: what would a general purpose api do that this doesn't?
  • [13:36] Zero Linden: Jarod - usually such things require two fields: password AND current token value
  • [13:36] Squirrel Wood: cannot currently invite anyone to your location because the region is full. Try again later.
  • [13:36] Gareth Ellison: Kooky: if an attacker can downgrade from biometrics to weaker auth, the biometrics is useless
  • [13:36] Khamon Fate: Harleen, that would require some kind of pass-through authentication or one-time code.
  • [13:36] Jarod Godel: like Flickr with all their md5 hashing
  • [13:36] Zero Linden: But - in all cases, imagine your account has been flagged in some way that requires you to do something more
  • [13:37] Zero Linden: in those cases, you'd not be able to use libsl
  • [13:37] Zero Linden: libsl would get a login error
  • [13:37] Gigs Taggart: I don't think a token will ever prevent automation, unless you can solve the DRM problem. :)
  • [13:37] Zero Linden: and you'd have to go to the website
  • [13:37] Temporal Mitra: so an opt in security enhancement?
  • [13:37] Dr Scofield: how about docuemtning what that "something" more is?
  • [13:37] Gareth Ellison: biometrics for general login == bad, perhaps enable it by default for any financial transactions and opt out
  • [13:37] Khamon Fate: That'd be nice if we could log into LL's webpage and get a code to use one time to log in through a third party client so we didn't have to give them our password.
  • [13:37] Jarod Godel: so you guyr are still hamstrung by having to work with in the current sl COMMOONITY
  • [13:37] Kooky Jetaime: Gareth - I'm a fan of 16+ character passwords.. good luck brute forcing me.
  • [13:38] Zero Linden: Dr. - it is open ended - which the point - we may, as some point, choose to have you call us, for example
  • [13:38] Jarod Godel: i didn't say that right...
  • [13:38] Gareth Ellison: use the strongest possible auth for financial transactions and ensure to the highest extent possible that only humans do them
  • [13:38] Dzonatas Sol: Zero, this WVA and OpenID layer needs to be done first before scability measures. Where can we focus that design of those with the AWG? (A specific wiki page? more slides? ... some confirmation that OpenID support is in the process?)
  • [13:38] Dr Scofield: ok, can understand that.
  • [13:38] Jarod Godel: this will never be a full api, so long as you still need to herd them through the website
  • [13:38] Zero Linden: Khamon- well guess what - that is sort exactly what this does!
  • [13:38] Kooky Jetaime: as long as proper measures are taken for the "lower quality (passwords)" they are no weaker than biometrics
  • [13:38] Gareth Ellison: then offer an opt-in interface for external automated apps to run finances
  • [13:38] Wyn Galbraith: Bank of America uses a multistep login, so does a credit card company I use.
  • [13:38] Temporal Mitra: I like the idea of being able to opt in your account to require stronger security methods..whatever the methods might be
  • [13:39] Gareth Ellison: of course, you can replace finances with anything that's a sensitive operation
  • [13:39] Gareth Ellison: i like opting out :)
  • [13:39] Gareth Ellison: i run OpenBSD - secure by default
  • [13:39] Kooky Jetaime: My bank just started that Wyn.. I have to log in with name / password, then if I'm not on a computer I've "stored" as mine, I have to then answer two secret questions
  • [13:39] Wyn Galbraith: nods
  • [13:39] Kooky Jetaime: I think its kinda a pain in the ass
  • [13:39] Kooky Jetaime: I'm all for security but.. ugh.
  • [13:39] Gareth Ellison: my bank asks for random digits from your security code
  • [13:39] Zero Linden: Well, again - I don't think we'd want to give you any amount of opt-out - that would stop us from acting when we think your account has been compromised
  • [13:40] Gareth Ellison: means an attacker can never get the full code in one sniffing session
  • [13:40] Gareth Ellison: Zero: if you think someone's account has been compromised you lock it
  • [13:40] Zero Linden: Well- Gareth - there are degrees, eh?
  • [13:40] Kooky Jetaime: The thing with mine, I store my "answers" with my password all in the same place, so its no more secure
  • [13:40] Gareth Ellison: then you contact the person and say "hey, your account looks compromised"
  • [13:40] Dr Scofield: so, in essence you are creating a way of being able to ask for additional information --- which is more informative then the current "your account is locked call helpdesk"
  • [13:41] Squirrel Wood: I would suggest a login where you type in your name, then get sent an SMS with a one time pad which you then input to authenticate yourself.
  • [13:41] Zero Linden: Exactly - well said, Dr.
  • [13:41] Jarod Godel: What Gareth said.
  • [13:41] Dr Scofield: ok. makes sense
  • [13:41] Dr Scofield: thx for the explanation
  • [13:41] Kooky Jetaime: squirrel - aside from not wanting my cell phone linked, I don't wanna pay the sms charge
  • [13:41] Zero Linden: Again - all great suggestions - but until we have a flexible login procedure - we can't even contemplate all these things
  • [13:41] Zero Linden: becuase changing the login API between viewer andserver, and adding all that UI to the viewer for each new extension
  • [13:41] Gareth Ellison: hmm, suppose you could say opt-in and then screw people who don't opt in: it's their duty to setup decent security
  • [13:41] Jarod Godel: Zero, let me ask a dumb question.
  • [13:41] Tillie Ariantho: doesnt own a cellphone. .P
  • [13:41] Zero Linden: would be prohibitive
  • [13:41] Kooky Jetaime: hopes the lindens hands are busy taking notes.
  • [13:42] Gareth Ellison: ok, flexible login: that's what website auth isn't
  • [13:42] Jarod Godel: What will it take to get from where we are "tomorrow" to a flexible ssytem?
  • [13:42] Jarod Godel: "tomorrow" being th new web auth
  • [13:42] Zero Linden: Gareth - we don't and can't and wont' adopt a "screw you" policy toward our customers --- it generally isn't good for business!
  • [13:42] Tess Linden: jarod: what kind of flexibilty are you thinking of specifically?
  • [13:42] Zero Linden: (and, alas, doesn't fly with the credit card companies anyway!)
  • [13:42] Dr Scofield: lol
  • [13:42] Jarod Godel: Tess, I'm not sure, because I'm not sure how Zero's system isn't flexible.
  • [13:43] Gareth Ellison: use your wonderful LLSD APIs, have the viewer authenticate using a website cookie OR directly - and the website authenticates to hte login server by acting as a proxy
  • [13:43] Gareth Ellison: and the screw you policy just means the normal "you are responsible for securing your account - if it is compromised and you didn't take the extra security offer then we are not liable"
  • [13:43] Jarod Godel: Zero's sounds like all you could ask for, but he seems to suggest there's more.
  • [13:44] Jarod Godel: Gareth, but SL citizens aren't responsible people.
  • [13:44] Zero Linden: Jarod - what I'm talking about is what studio Icehouse has running internally
  • [13:44] Gareth Ellison: always help users get their accounts back after being compromised, but users who opt out of extra security hold them liable for fraudulent transactions done on their account
  • [13:44] Rob Linden: Gareth: we are often left holding the bag when someone lets their account get compromised
  • [13:44] Zero Linden: But we wanted to make it clear that the need for all that flexibilty is what is going to cause scripted log in to fail in some cases
  • [13:44] Kooky Jetaime: Zero - Hows this for an idea: User Selectable Authentication Modules. Basic is module 0: AccountID (linked to multiple SL names, simplifies Alt's); Basic Module 1: Password, Module 2: Secret Question, Module 3: Fingerprint Info, etc etc. All you need to program is the web page that will present the user requested security modules, that the user can select from their account prefs page.
  • [13:44] Jarod Godel: Zero, oh.
  • [13:44] Zero Linden: where everything is cool, and extra features are either not enabled, or explicitly disabled, then scripted login will work
  • [13:45] Kooky Jetaime: then as demand happens, LL (or Opensource community) can create new modules to drop in that are self contained mostly.
  • [13:45] Jarod Godel: Zero, oh. well, then I see. It's comes down to "your script may hang" now and "it'll get an error message" later.
  • [13:45] Dr Scofield: any hints on what those extra features might be?
  • [13:45] Gareth Ellison: extra features can all be enabled for bots that are started manually
  • [13:45] Gigs Taggart: Zero can you go back to those numbered questions from earlier?
  • [13:45] Zero Linden: But, we are always going to reserve the right to make scripted log in fail in some cases, no matter how much you opt out ---- but as Dr. points out --- this just degenerates (for the script) to the account is locked, call us
  • [13:46] Tao Takashi: they might even be reduced in what they can do (bots)
  • [13:46] Zero Linden: Yes, Gigs - I was going to go to number 2
  • [13:46] Zero Linden: 2) Isn't the web just less safe than the viewer?
  • [13:46] Jarod Godel: Zero, oh. Sorry. I see. I gotcha.
  • [13:46] Zero Linden: Well, yes and no......
  • [13:46] Kooky Jetaime: No
  • [13:46] Kooky Jetaime: its not.
  • [13:46] Tao Takashi: web is perfectly secure, I put all my data on it
  • [13:46] Tao Takashi:  :-)
  • [13:46] Gareth Ellison: i feel silly suggesting this but on the bots issue why not offer a seperate API to do what people are using libsl to do?
  • [13:46] Kooky Jetaime: Considering we're already using the web
  • [13:46] Dr Scofield: toa, lol
  • [13:47] Dr Scofield: tao, lol
  • [13:47] Tao Takashi: of course if SL would have more APIs we wouldn't really need bots
  • [13:47] Gareth Ellison: then you won't feel obliged to consider bots as anything other than automated avatars
  • [13:47] Tao Takashi: bots are mostly a hack anyway
  • [13:47] Rex Cronon: why would u need bots for?
  • [13:47] Vicero Lambert: bots are usefull for city simulations
  • [13:47] Jarod Godel: Rex, roleplaying
  • [13:47] Saijanai Kuhn: Dale Glass uses one to do mapping of sims
  • [13:47] Vicero Lambert: less need for prim people
  • [13:47] Gareth Ellison: the only use for bots with a decent API is NPCs
  • [13:47] Wyn Galbraith: NPC
  • [13:47] Zero Linden: Gareth - because we don't really want to create an exception - and the API *will work* most of the time
  • [13:47] Dr Scofield: group mgmt, intrusion deteection
  • [13:47] Vicero Lambert: yes npc's
  • [13:47] Gareth Ellison: for NPCs you can extend scripting
  • [13:48] Dr Scofield: help desk
  • [13:48] Wyn Galbraith: That would be great.
  • [13:48] Wyn Galbraith: Information centers.
  • [13:48] Zero Linden: Okay - so the web has many vulnerabilities - but is tested and used by millions each day
  • [13:48] Tao Takashi: I am not saying there are no use cases for bots but less with APIs ;-)
  • [13:48] Gareth Ellison: Zero: this is what i'm saying, setup more APIs and then you're not obliged to be nice to bots
  • [13:48] Sabin Linden: I'm starting to think web insecurity isn't a concern...
  • [13:48] Zero Linden: The viewer's login vulnerabilities are not known - and used only by thousands
  • [13:48] Gareth Ellison: could setup special server-side bots for NPCs
  • [13:49] Zero Linden: Again - we want ALL APIs to land into the same login checking engine
  • [13:49] Kooky Jetaime: Zero - bad phrasing :P
  • [13:49] Tao Takashi: ok, then we also can keep bots ;-)
  • [13:49] Kooky Jetaime: The viewer login Has no vulnerabilities :D
  • [13:49] Gareth Ellison: makes sense
  • [13:49] Dzonatas Sol: bots are here to stay... implied =)
  • [13:49] Zero Linden: if that engine says "nope, I need your dog's name" - it is going to need that from any API
  • [13:49] Dr Scofield: tao, good
  • [13:49] Zero Linden: SO
  • [13:49] Dr Scofield: loves her bots
  • [13:49] Tao Takashi: well, I'd prefer APIs nevertheless ;-)
  • [13:50] Gareth Ellison: i'd have a centralised authentication server/cluster with multiple frontends
  • [13:50] Dr Scofield: has no dog!
  • [13:50] Tao Takashi: but I'd need to write some RL bots then to find out the name of my dog
  • [13:50] Saijanai Kuhn: There is no doG
  • [13:50] Zero Linden: the issue is that from the point of view of analysis of the protocol, there the same level of protection between the web and the viewer: an HTTP call over SSL
  • [13:50] Kooky Jetaime: I'm curious to see how the new fabled bot policy comes out
  • [13:50] Gareth Ellison: how's website auth handled now? i'd imagine that you authenticate against the MySQL DB directly?
  • [13:50] Jarod Godel: Zero, are the secret questions going to be plaintext or an image?
  • [13:50] 57 Miles: hi everyone.
  • [13:50] Zero Linden: Gareth- yes - as does the login.cgi web service the viewer uses -
  • [13:50] Rex Cronon: hi 57
  • [13:50] Zero Linden: only they do the same thing in two different peices of code
  • [13:50] Saijanai Kuhn: tells turtle to shutup period
  • [13:51] Malburns Writer: Hi 57 - you made it
  • [13:51] Jarod Godel: Because sounds like it could be scripted around
  • [13:51] 57 Miles: only just mal :)
  • [13:51] Zero Linden: Jarod - smells!
  • [13:51] Jarod Godel: Zero, good thing my Sniffomatic is back from the shop
  • [13:51] Jarod Godel: sniffs: smells like teen spirit
  • [13:51] Gareth Ellison: for the APIs, enable users to create seperate authentication secrets specifically for the API - i believe RegAPI already uses CAPS for that
  • [13:51] Dr Scofield: thinks we'll all need dogbots
  • [13:51] Saijanai Kuhn: fishes out the patent that eveyrone said was wrothless
  • [13:52] Saijanai Kuhn: URL-based scratch and sniff
  • [13:52] Hypatia Callisto: needs no dogs :p catbots :D
  • [13:52] Zero Linden: There exists the possibilty of a cross-site-scripting attack on any web page, but by the same token, the viewer essentially fell prety to that one last month
  • [13:52] Jarod Godel: Gareth, I didn't know REgAPI had "secret questions" already. Is that in 2.0?
  • [13:53] Gareth Ellison: Jarod: RegAPI has CAPS
  • [13:53] Gareth Ellison: i didn't mention secret questions
  • [13:53] Jarod Godel: oh. my bad
  • [13:53] Tao Takashi: CAPS = Cool And Perfect Security
  • [13:53] Zero Linden: So, we are currently feeling about equally secure about web based vs. viewer based auth.
  • [13:53] Kooky Jetaime: Uhm ok
  • [13:53] Gareth Ellison: RegAPI is intended for use by automated systems, so it makes sense that it lacks CAPTCHAs etc
  • [13:53] Zero Linden: Web auth, acutally, is esentially a cap:
  • [13:53] Kooky Jetaime: Zero - Perhaps not calling it "web based' might help
  • [13:54] Kooky Jetaime: Because effectively its web based now...
  • [13:54] Jarod Godel: Zero, cool with me
  • [13:54] Tao Takashi: Gareth: Well, in the end there is still a user with the regapi
  • [13:54] Tao Takashi: so you could present a CAPTCHA to them
  • [13:54] Zero Linden: you ask tolog in, the web site notices that you are logged in and gives you what is essentially a cap to login to the grid one time
  • [13:54] Gareth Ellison: Zero: one backend authentication service, frontends which can authenticate a name/password pair or arbitarysecrets - and link those secrets to limited privileges
  • [13:54] Rob Linden: (without a second password prompt)
  • [13:54] Jarod Godel: how long does that cap last?
  • [13:54] Zero Linden: Gareth- long term that would be great
  • [13:55] Gareth Ellison: it's all a case of "hi, i'm <name>, see i know <secret type> is <secret data>"
  • [13:55] Kooky Jetaime: Nothing like a Pumpkin shaped listening device... Hello Pagan
  • [13:55] Gareth Ellison: for normal viewer or website logins it sends secret type==password and secret data == password
  • [13:55] Zero Linden: I envision a day when you log into the web site and you can do things like set "only let viewers spend L$1,000 a day without additional authentication"
  • [13:56] Zero Linden: 3) Why ignore industry best practices like challenge-reponse?
  • [13:56] Gareth Ellison: Zero: with 2 or 3 devs working solid for 24 hours that day could be tomorrow
  • [13:56] Gareth Ellison: yeah, that's another thought: authenticate by responding to challenges relating to the secret data rather than just passing the whole lot of secret data in onego
  • [13:56] Dzonatas Sol: I envision a day where you can have avatars that are not tied to any account.. they just browse the world (limited until they need privs)
  • [13:56] Jarod Godel: You miss six weeks of Zero's, and you forget everything
  • [13:57] Zero Linden: Gareth -- I wish! we need all the commerce paths to have a new check in them for that to work and the db load would have to be very carefully explored
  • [13:57] Gareth Ellison: Zero: ALL L$ transactions will eventually come to one central point
  • [13:57] Zero Linden: So - challenge-response is only used when you want to make sure the secret doesn't cross the network - but since we're inside an SSL connection, there isn't any worry
  • [13:57] Gareth Ellison: if you're lucky that's the sim, if not it's the DB
  • [13:58] Wyn Galbraith: All roads lead to Linden Lab
  • [13:58] Zero Linden: Gareth- I don't think they will come to that central point at the time of transaction....
  • [13:58] Gareth Ellison: be paranoid: do challenge-response over SSL :)
  • [13:58] Tao Takashi: send dog names over SL!
  • [13:58] Tao Takashi: SSL
  • [13:58] Zero Linden: And challenge-response further requires that the user have a engine that can compute the response
  • [13:58] Zero Linden: and the web isn't good at that
  • [13:59] Zero Linden: also paranoia induced over design isn't any more secure
  • [13:59] Jarod Godel: Bwah?
  • [13:59] Rex Cronon: i think java script is quite powerfull
  • [13:59] Gareth Ellison: Zero: if i try to spend more than my L$ balance what happens?
  • [13:59] Jarod Godel: It's not good at what?
  • [13:59] Zero Linden: Gareth - I know where you are going with that, but trust me, it isn't that simple
  • [13:59] Zero Linden: It *should* be
  • [13:59] Zero Linden: But it isn't right now
  • [13:59] Gareth Ellison: then where does it get complex?
  • [13:59] Kooky Jetaime: I feel sorry for Zero
  • [13:59] Jarod Godel: LiveJournal's been doing challenge-responce, iirc, with JavaScript for a couple years.
  • [13:59] Zero Linden: Let's make AWG solve that
  • [14:00] Kooky Jetaime: 2pm
  • [14:00] Periapse Linden: / Got to go to another mtg. Bye everyone
  • [14:00] Kooky Jetaime: HAHAHAHA
  • [14:00] Dr Scofield: wonders whether her non-existing dog could't do the challenge-response
  • [14:00] Dr Scofield: lol
  • [14:00] Kooky Jetaime: Linden Bears plezeee?
  • [14:00] Sally Linden: I"m about to jet to another meeting, too. who needs my bear?
  • [14:00] Vicero Lambert: bye periapse
  • [14:00] Rex Cronon: bye
  • [14:00] Zero Linden: Jarod - but that is because it doesn't want to run over https?
  • [14:00] Zero Linden: Okay- we had one more question
  • [14:00] Gareth Ellison: i'l translate "let's make AWG solve that" to "Gareth will code that sometime this week"
  • [14:00] Periapse Linden: / bear is on my property in Beaumont
  • [14:00] Dzonatas Sol: AWG... yes... but need more details of how to tie in the current WVA plan!
  • [14:00] Dr Scofield: me
  • [14:00] Zero Linden: 5) What is the status to integrate the new WVA with OpenID? (Question 5.1 - Where does AWG start?)
  • [14:00] Hypatia Callisto: oh, I would like a bear :)
  • [14:00] Harleen Gretzky: I need your bear, thanks :)
  • [14:00] Jarod Godel: Zero, mmm. I'll give you that
  • [14:00] Gigs Taggart: zero a challenge response system would have prevented the recent exploit.
  • [14:00] Kooky Jetaime: Donovan, Jamie, Morpheus, Leyla, Periapse, Sabin, and Colossus please
  • [14:00] Dzonatas Sol: OpenID
  • [14:00] Kooky Jetaime: You 7 I've not hit up yet :D
  • [14:01] Hypatia Callisto: I dont have anyone's bear, so please :)
  • [14:01] PulseBurst Flow: what are these bears?
  • [14:01] Dr Scofield: thx!
  • [14:01] Morpheus Linden: apologizes, but he's curently bear-free, and has another meeting to attend as well. Thanks Zero.
  • [14:01] Leyla Linden: no bear yet...
  • [14:01] Kooky Jetaime: Pulseburst - a lot of lindens have a personlized bear
  • [14:01] Zero Linden: In the future OpenID has two parts: being an OpenID server, and acepting OpenIDs from other servers
  • [14:01] Hypatia Callisto: thanks Sally :)
  • [14:01] PulseBurst Flow: oh.. thanks
  • [14:01] Hypatia Callisto: no worries Morpheus :)
  • [14:01] Harleen Gretzky: thx :)
  • [14:01] Zero Linden: the later would allow you to secure you SL account via some other OpenID server that you trusted - and then use that to log in
  • [14:01] Kooky Jetaime: Thank you Sabin
  • [14:01] Whump Linden: opens JIRA to remind self to make bear.
  • [14:02] Tao Takashi: is more interested in the latter
  • [14:02] Zero Linden: again- yet another reason for the single source of Login code
  • [14:02] Gareth Ellison: is pondering dynamic accounts
  • [14:02] Pixel Gausman: Pulseburst: i'm bearless as well. so u aren't alone
  • [14:02] Kooky Jetaime: hahaha Whump
  • [14:02] PulseBurst Flow: If any Linden would send me a bear, I will give them a wooden cube.
  • [14:02] Kooky Jetaime: Hahaa Pulse
  • [14:02] PulseBurst Flow: Thanks Sally
  • [14:02] Zero Linden: clearly, if you did that, you'd not be able to script log in- unless you script your openId server access!
  • [14:02] Kooky Jetaime: Make your own bear.. I should
  • [14:02] Jarod Godel: Gareth, renaming them on the fly?
  • [14:02] Kooky Jetaime: Oh
  • [14:02] Saijanai Kuhn: will gladly pay them Tuesday for a LInden Bear today
  • [14:02] Tao Takashi: Zero: openid should be one option
  • [14:02] Zero Linden: Yes - it should
  • [14:02] Gareth Ellison: you have an OpenID somewhere else, you login with it and the SL servers generate an inventory etc
  • [14:02] Kooky Jetaime: Zero, you have a sec for something recreational?
  • [14:02] Pixel Gausman: merci Sally
  • [14:02] Gareth Ellison: or allow a limited access
  • [14:02] Gareth Ellison: like guest access
  • [14:03] Tao Takashi: and in fact the perfect scenario would be to associate more than 1 open id account to your SL account
  • [14:03] Zero Linden: Indeed Gareth - we've thought of that and like it
  • [14:03] Gareth Ellison: hands up who used to go to old multiuser VRML systems
  • [14:03] Dzonatas Sol: Zero, so you say let the OpenID provided talk directly with WVA? (like a proxy)?
  • [14:03] Dzonatas Sol: *provider
  • [14:03] Tao Takashi: and it would be nice if you could associate multiple avs to one openid identity
  • [14:03] Zero Linden: Tao - indeed - and if you could make, say, land access dependent on being authenticated to a particular OpenID domain....
  • [14:03] Zero Linden: that could be VERY powerful
  • [14:03] Pixel Gausman: raises hands for VRML
  • [14:03] Tao Takashi: Zero: sort of region domains ;-)
  • [14:03] Zero Linden: Now, VRML, on the other hand, not so powerful!
  • [14:03] Kooky Jetaime: Whump - do you like chess?
  • [14:04] Gareth Ellison: yeah, VRML itself is dead
  • [14:04] Jarod Godel: long live opengl
  • [14:04] Gareth Ellison: some old communities had cool guest access though
  • [14:04] Pixel Gausman: <insert favorite VRML bash here>
  • [14:04] Kooky Jetaime: Same to anyone else here
  • [14:04] Gareth Ellison: www.cybertown.com
  • [14:04] Tao Takashi: and if you can then share inventory of all the avs associated with one openid account that would be great, too :)
  • [14:04] Hypatia Callisto: bashes VRML too
  • [14:04] Pixel Gausman: high fives Jarod
  • [14:04] Gareth Ellison: bit cheesy but similar idea there
  • [14:04] Saijanai Kuhn: reminds everyone to read this webpage. IM Zha Ewry or Saijanai Kuhn for invite if you're interested: https://wiki.secondlife.com/wiki/AW_Groupies
  • [14:04] Zero Linden: Sol - well, say the way you prove to theweb site that you are you is via openid - that requires a browser today, but then you'd be good-to-go when you want to go in world
  • [14:04] Malburns Writer: Hi Goldie - lucky there
  • [14:04] Jarod Godel: REgAPI 2.0 is supposed to allow initial inventories, iirc
  • [14:04] Tao Takashi: and of course it wwould also be powerful to define rights for objects depending on your openid provider
  • [14:05] Whump Linden: Tao, are you thinking of YADIS?
  • [14:05] Tao Takashi: I don't know YADIS
  • [14:05] Rob Linden: / brb
  • [14:05] Dzonatas Sol: Zero, gotcha... so it sounds more a side by side relation then one dependant on the other
  • [14:05] Zero Linden: TADIS is a way to discover the identity provider for a given URL
  • [14:05] Kooky Jetaime: TARDIS, What?
  • [14:05] Kooky Jetaime: heheeh
  • [14:05] Zero Linden: Okay folks - it's been real
  • [14:05] Tao Takashi: ic
  • [14:05] Zero Linden: or, virtual
  • [14:05] Tao Takashi: real!
  • [14:05] Jarod Godel: aww
  • [14:05] Zero Linden: Thanks for coming
  • [14:05] Goldie Katsu: Really virtual?
  • [14:06] 57 Miles: thanks everyone
  • [14:06] Tao Takashi: thanks for hosting!
  • [14:06] Saijanai Kuhn: Time And Relative Dimensions In Second life
  • [14:06] Tao Takashi: make it 3 hours next time
  • [14:06] Zero Linden: Thank you studio Icehouse for being here
  • [14:06] Dr Scofield: thx for your patience with us :-)
  • [14:06] Harleen Gretzky: bye Zero
  • [14:06] Burhop Piccard: Virtually real :-)
  • [14:06] Goldie Katsu: Sounds good to me.
  • [14:06] Gareth Ellison: are we about to have Zero Zeros? :(
  • [14:06] Saijanai Kuhn: laters
  • [14:06] Turtle: Yeah,: bye...
  • [14:06] Rex Cronon: bye zero
  • [14:06] Jarod Godel: Thanks for answering the questions, Zero
  • [14:06] Zero Linden: Tao - we got to get some work done some time!
  • [14:06] Goldie Katsu: Bye Zero
  • [14:06] Gareth Ellison: shouts: hello icehouse!
  • [14:06] Tess Linden: thanks for the talk zero
  • [14:06] Gareth Ellison: and bye
  • [14:06] Tara5 Oh: Bye zero!
  • [14:06] Tao Takashi: Zero: I though you are the boss ;-)
  • [14:06] Vicero Lambert: ttyl zero
  • [14:06] Hypatia Callisto: take care Zero :)
  • [14:06] Tao Takashi: so tell your folks what to do while you chat with us :)
  • [14:06] Hypatia Callisto: thanks again
  • [14:06] Zero Linden: Oh no - they are the boss, I'm their humble servant
  • [14:06] Harleen Gretzky: will take bears from any Linden who is giving them out :)
  • [14:06] Tao Takashi: and we come up with new ideas of what they could do ;-)
  • [14:07] Dzonatas Sol: Thank you for being here!
  • [14:07] Tara5 Oh: Me too!
  • [14:07] Hypatia Callisto: too - will take any bears from people giving them out :D
  • [14:07] Gareth Ellison: i'll give oranges to all who want them
  • [14:07] Pixel Gausman: moi aussie
  • [14:07] Tara5 Oh: ner i waana bear!
  • [14:07] Goldie Katsu: Yes I'll take bears too
  • [14:07] Goldie Katsu:  :-)
  • [14:07] Leyla Linden: bye all
  • [14:07] Tao Takashi: ok, I am off then, too
  • [14:07] Tao Takashi: cya all!
  • [14:07] Rex Cronon: bye
  • [14:07] Tillie Ariantho: byebye =)
  • [14:07] Malburns Writer: bye Tao
  • [14:07] Gareth Ellison: oranges should become the official collectable of SL FLOSS hackers
  • [14:07] Gareth Ellison: my eego demands it
  • [14:08] Gareth Ellison: *ego
  • [14:08] Hypatia Callisto: thanks Zero :))
  • [14:08] Harleen Gretzky: ty
  • [14:08] Dr Scofield: bye & good night all
  • [14:08] Vicero Lambert: feels theres more talk about bears then anything else lol
  • [14:08] Tara5 Oh: g'night!
  • [14:08] Rex Cronon: bye dr
  • [14:08] Whump Linden: Nice to meet you all!
  • [14:08] Hypatia Callisto: oh I am very interested in the new authentication
  • [14:08] Goldie Katsu: By Dr.
  • [14:08] Saijanai Kuhn: hey all
  • [14:08] Turtle whispers: typically rude. He really means:
  • [14:08] Turtle: Hey: Gareth Ellison; Hey Warthog Jun; Hey Pixel Gausman; Hey Goldie Katsu; Hey Joi Koi; Hey Tara5 Oh; Hey Gigs Taggart; Hey Whump Linden; Hey JayR Cela; Hey Rob Linden; Hey Malburns Writer; Hey Sabin Linden; Hey JeanRicard Broek; Hey Jarod Godel; Hey Wyn Galbraith; Hey Dzonatas Sol;
  • [14:08] Hypatia Callisto: then think a bit
  • [14:08] Saijanai Kuhn: turtule, you are near-sighted
  • [14:08] Hypatia Callisto: just, sometimes better for me to listen
  • [14:08] Jarod Godel: hey, turtle
  • [14:08] Whump Linden: Saijanai, cool turtle.
  • [14:09] Saijanai Kuhn: turtle, you are near-sighted
  • [14:09] Turtle whispers: Sorry...
  • [14:09] Turtle: Hey: Gareth Ellison; Hey Warthog Jun; Hey Pixel Gausman; Hey Goldie Katsu; Hey Joi Koi; Hey Tara5 Oh; Hey Gigs Taggart; Hey Whump Linden; Hey JayR Cela; Hey Rob Linden; Hey Malburns Writer; Hey Sabin Linden; Hey JeanRicard Broek; Hey MSo Lambert; Hey Jarod Godel; Hey Khamon Fate;
  • [14:09] PulseBurst Flow: Thanks Zero
  • [14:09] Saijanai Kuhn: maxed out the sensor
  • [14:09] Hypatia Callisto: hee
  • [14:09] Malburns Writer: Hi Turle
  • [14:09] Gareth Ellison: me, my ego, my avatar and i are TPing out due to lag - been interesting
  • [14:09] Gareth Ellison: goodbye
  • [14:09] Rob Linden: bye all
  • [14:09] Rex Cronon: bye
  • [14:09] Vicero Lambert: bye rob
  • [14:09] Goldie Katsu: Bye!

Made with Tree Kyomoon's free wikifier Special thanks to Squirrel Wood for saving the log.