AW Groupies/Chat Logs/AWGroupies-2010-03-09
Jump to navigation
Jump to search
- [09:20] Chris Tuchs: awg meeting happens here?
- [09:20] Ceawlin Steamweaver: Hi Chris!
- [09:20] Ahuva Heliosense: oh dear, lagging like crazy
- [09:21] Chris Tuchs: Hi everybody! I'll be quiet now...
- [09:21] Ahuva Heliosense: sorry - Ceawlin - did not mean to step on ou
- [09:21] Ceawlin Steamweaver: My binding is sore nao! XD
- [09:22] Zha Ewry wonders When Ceawlin is going to upgrade to a ipad or nook ave
- [09:22] Ceawlin Steamweaver: Lol.
- [09:22] Ceawlin Steamweaver: I can upgrade to a toaster or American McGee's Alice. :3
- [09:22] Ceawlin Steamweaver: The latter might make me go all stabhappy though, and that would just be unpretty. :3
- [09:25] Ceawlin Steamweaver: BluKitty!
- [09:27] Morgaine Dinova: Wow, my air cushion is still here from last week. No return policy, or a very long one, cool. :-))))
- [09:27] Morgaine Dinova: Hiya 'Lin :-)
- [09:28] Zha Ewry: I am a pretty firm believer in friendly return policy as long as it isn't abused
- [09:29] Morgaine Dinova: Wow, we have a separate David Levine resident here! Did the last name appear in LL's service by accident, or can requests be made?
- [09:29] Sheryl Mimulus is falling asleep
- [09:30] Zha Ewry: Levine was a valid last name a year or so back
- [09:30] Morgaine Dinova: Interesting.
- [09:30] Zha Ewry: So, by blind luck the typist got the vanity name for free
- [09:30] Morgaine Dinova: Hehe
- [09:31] Zha Ewry: At the moment, I'm watching a very expensive, but not stunningly performign alientware box burni n
- [09:31] Morgaine Dinova: Great post on VWRAP Zha. I +1'ned it.
- [09:32] Zha Ewry: Well people touched on bits of that in responde to a couple of posts but it needed a proper diescting
- [09:32] Morgaine Dinova: Useful to have that as a distinct subject header too.
- [09:32] Zha Ewry: And to your comment, the model has to permit informatoin to be discovered, but not be required
- [09:33] Zha Ewry: Now, regions may chose to ding you out if you don't provide some
- [09:33] Zha Ewry: but the model shouldn't enforce that, only thier local policy
- [09:33] XLR8RRICK Hudson: Greetings all
- [09:35] Morgaine Dinova: It goes beyond that though. "Information not available" (user control in an environment where it is discoverable) is different to "Information not discoverable" (region policy for guaranteeing security of all users).
- [09:36] Zha Ewry: I think its managable. The base model I'm thinking of is that you say
- [09:36] Zha Ewry: "Here is where my verifiable metatadata is"
- [09:36] Zha Ewry: and you chose what you put there
- [09:36] Rex Cronon: hello everybody
- [09:36] Morgaine Dinova: Hi Rex
- [09:36] Zha Ewry: and you then live with the consequenes if you don't expose much
- [09:36] Rex Cronon: hi morgaine
- [09:36] Mojito Sorbet: In what form is "here" expressed?
- [09:36] Zha Ewry: ie. you're not allowed in some places
- [09:36] Zha Ewry: URI
- [09:36] Mojito Sorbet: ok
- [09:36] Zha Ewry: "Here in web speak is always a URI?"
- [09:37] Mojito Sorbet: Sorry, did not realize you were speaking Webbish
- [09:37] Zha Ewry: <web>I always speak webish in specs </web>
- [09:37] Rex Cronon: maybe u should offer some classes for that language:)
- [09:37] Morgaine Dinova: Zha: it needs to be stronger though, along these lines (if this is the policy chosen by the world operator: User: "Here is my metadata." World: "User metadata refused."
- [09:38] Zha Ewry: Well, look at it as
- [09:38] Mojito Sorbet: ".. because missing X , Y, and your mother's maiden name"
- [09:38] Zha Ewry: "This is where you *can* get my metadata"
- [09:38] Zha Ewry: "Nope, not looking"
- [09:38] Morgaine Dinova: Nope, that's too weak.
- [09:38] Zha Ewry: The user gets to chose what they put out there
- [09:38] Zha Ewry: the world gets to chose what they fetch
- [09:39] Zha Ewry: So.. why too weak?
- [09:39] Morgaine Dinova: It's just like web services being able to not keep logs. It's different to keeping logs but not making them public, very different.
- [09:39] Zha Ewry: I'm not this this actually follows that at all
- [09:40] Zha Ewry: As a user, I hand my auth service a stack ot things I am willing to let it publish
- [09:40] Zha Ewry: (And possibly a policy on to whom)
- [09:40] Eddi Decosta: sorry rezing ㋡
- [09:40] Zha Ewry: As a service wanting to decide if I want to admit the user, I get handed a URI
- [09:40] Zha Ewry: I fetch against it (with all the joy of making sure its really who it should be)
- [09:41] Zha Ewry: and I fetch what I chose
- [09:41] Zha Ewry: Wyn! I am not cleaning up horse poop fromt he sim!
- [09:41] Eddi Decosta: hi Saij ㋡
- [09:41] Tapple Gao: ao os
- [09:41] Tapple Gao: ao on
- [09:41] Eddi Decosta: hi Morgaine ㋡
- [09:41] Chris Tuchs: Are you aware of pseudonyms ala http://www.chaum.com/articles/Security_Wthout_Identification.htm
- [09:42] Wyn Galbraith: Sorry about that, it was a new gift.
- [09:42] Morgaine Dinova: It's simple Zha, it boils down to whether a particular data field in the protocol is mandatory or not. If it is then the service cannot refuse to maintain it, and the choice is then on the user whether to supply it or not. The mandatory approach does not give the service the option to not gather that data at all.
- [09:42] Morgaine Dinova: Hi Eddi
- [09:42] Zha Ewry: if the totality of the metadata is "here is the URI you use to fetch it"
- [09:42] Tapple Gao: man. these benches suck
- [09:43] Zha Ewry: then the service holding the meteadata is in full control of what to expose
- [09:43] Rex Cronon: why doesn't the service tell the user "if u want connect you have to send the following fields: f1, f2,... fn"?
- [09:43] Morgaine Dinova: You can rez your own seat here Tapple
- [09:43] Zha Ewry: (and you can always pass a null URI)
- [09:44] Zha Ewry: What are the benches doing to you tapple?
- [09:44] Tapple Gao: offset is on the ground rather than at the hip
- [09:45] Zha Ewry: xstorm, we're in chat not voice
- [09:45] Morgaine Dinova: Can't pass a null URI if the field is mandatory --- the service would object because if it needs to maintain compliance with a protocol in which this data is declared mandatory.
- [09:45] Zha Ewry: Null URIs are always ok, or a URI to a service which returns no data
- [09:45] Zha Ewry: but, I'm fine with the field being optional
- [09:45] Zha Ewry: "I have no meta data availeble"
- [09:46] Morgaine Dinova: Hmmmm
- [09:46] Zha Ewry: Of course, you may find a lot of regoins which look dowen thier virtual noses at you
- [09:46] Morgaine Dinova: Regions not to visit then :-)
- [09:46] Zha Ewry: "You sir or madam or whatever, might be a bounder and a cad, so no soup for you'
- [09:46] xstorm Radek: i found a real problem that can happen with viewer 2 but im a little worry to tell any one
- [09:46] Tapple Gao: hi chris. Matthew of Open Cobalt here
- [09:47] Rex Cronon: does it give u free L$, xstorm:)
- [09:47] Zha Ewry: Cute seat Tapple ;)
- [09:47] Zha Ewry: I don't promise it won't get rained on tho
- [09:47] xstorm Radek: no it can leed to a computer remote attack on a persons PC
- [09:48] Zha Ewry: The nomoinal path is to file a security Jira I think
- [09:48] Mojito Sorbet: Enable shared media at your peril
- [09:48] xstorm Radek: but if i do it may make people panic
- [09:48] Rex Cronon: u mean that they can find your IP using shared media and do a DOS on u?
- [09:48] xstorm Radek: yes it is the shaird media'
- [09:48] Morgaine Dinova: I'm looking at the case where the user is not made the "culprit", but where the world explicitly declares its support of privacy by not making it a user option.
- [09:49] xstorm Radek: seem people know
- [09:49] Zha Ewry ponders for a moment
- [09:49] Zha Ewry: Well, if a service refuses to fetch the data behind the URI, it's pretty much enforcing that
- [09:50] Latha Serevi: xstorm, http://wiki.secondlife.com/wiki/Security_issues says only you and LL will see an issue in the SEC category
- [09:50] Zha Ewry: you can't stop someone deom shouting out
- [09:50] Zha Ewry: "http://meta.data.org/zha_ewry/meta-data/seedcap" tho
- [09:51] Mojito Sorbet: What sorts of "metadata" are we talking about here? When I hear metadata I think "A name is a charactaer string not exceeding 32 characters, coded in UTF8"
- [09:51] Zha Ewry: nor can you prevent someone from including metadata into the
- [09:51] xstorm Radek: im not clicking on that lol
- [09:51] Zha Ewry: XML the post to you
- [09:51] Zha Ewry: you can just chose not to read it
- [09:51] Zha Ewry: meta data, as in data "about" the data as opposed to the data
- [09:51] Zha Ewry: Which category things such as
- [09:52] Zha Ewry: "age"
- [09:52] Zha Ewry: "RL name matches google's idea of same"
- [09:52] Mojito Sorbet: That is data, not metadata.
- [09:52] Mojito Sorbet: Metata data is, "there is a property called 'age'"
- [09:52] Zha Ewry: its meta data for the proocl
- [09:52] Morgaine Dinova: Zha: I think perhaps the approach I'd be looking for is that when a cap to the drilling down metadata is requested, the response if "Cap recognized but not supported in this world". That's different to being returned a valid cap and then discovering there is no use data for a particular person.
- [09:53] Zha Ewry: Well, two places
- [09:53] Zha Ewry: One is the region/AD's cap set
- [09:53] Latha Serevi: I agree, Mojito, calling user data "meta" is a little wonky.
- [09:53] Zha Ewry: and it can certainly return a cap which always says "No data availabel"
- [09:53] Zha Ewry: and the other is the one that servcies us to fetch same
- [09:53] Zha Ewry: and again, they have the choice
- [09:53] Mojito Sorbet: I work on RDBMSs. The disinction between the two is quite clear
- [09:54] Zha Ewry: Oddly protocol's arent' RDBMs
- [09:54] xstorm Radek: lol and i have been told my bugs i get is called wonky lol
- [09:54] Zha Ewry: At the protocol level
- [09:54] Zha Ewry: we have the data needed to do the task
- [09:54] Morgaine Dinova: No, it's metadata, not data. Your real identity is only "data" if you're an augmentist and don't separate the virtual personna from the RL identity. RL data is VW metadata.
- [09:54] Zha Ewry: and then data which describes more proprties
- [09:55] Zha Ewry: As is "Likes chocolate sauce" nice to know, but not germance to logging you in
- [09:55] Chris Tuchs: I'll mention again what I think is required reading if you are conteplating some kind of avy credentialling: http://www.chaum.com/articles/Security_Wthout_Identification.htm
- [09:56] xstorm Radek: but every computer has its own ID even if the user can not see it
- [09:56] Morgaine Dinova: Chris: thanks! David Chaum's work on DigiCash was excellent. Governments hated it because it didn't give them a back door.
- [09:57] Chris Tuchs: very dated article, I expect the state of the art has advanced, but the opportunity for strong credentials without compromising privacy is worth looking into. I'll be quiet again...
- [09:57] Zha Ewry: The heart of the issue, for most of this is two fold
- [09:57] Zha Ewry: Seperating out as MUCH of the "Here is Morgaine, wanting to rez"
- [09:58] Zha Ewry: from "Here is a way morgaine has provdied to pay for stuff"
- [09:58] Zha Ewry: from "This is an acutual person"
- [09:58] Zha Ewry: from "Oh, here is how I prove I actually work for IBM"
- [09:58] Zha Ewry: all of which are needs we have
- [09:58] Zha Ewry: and 90% of which are "meta"
- [09:58] Zha Ewry: to "Rez me"
- [09:58] Morgaine Dinova: Yep
- [09:59] Zha Ewry: The tricky bits are fully separating them out so the protocol requires as little as possible
- [09:59] Morgaine Dinova: And furthermore, the paying should not be conflated with the RL identification either --- David Chaum's work was very insightful about that.
- [09:59] Zha Ewry: My inclination is to say "Don't pass around the meta-data" Its basically evil
- [09:59] Rex Cronon: zha. anybody that finds your passwords can prove they r u:)
- [09:59] Chris Tuchs: then def. read the article, some clever ways to provide all that, and make "this is chris" able to share "how she pays" with Morgaine cause we are the same RL person, but prevent anyone else from knowing we are. (( actually we aren't as far as I know))
- [10:00] Zha Ewry sniggers
- [10:00] Tapple Gao: pseudonyms? blind signatures? never heard of this stuff before
- [10:00] Zha Ewry: If we do this right
- [10:00] Latha Serevi: Mojito and I would prefer you used "extra" rather than "meta", I think, because the extra stuff is not describing the format or interpretation of the required stuff.
- [10:00] xstorm Radek: RL data now days is to free for people to get
- [10:00] Tapple Gao: neat
- [10:00] Morgaine Dinova: Chris: wanna merge? ^_^
- [10:00] Zha Ewry: something like digicash or OpenId, or Oauth slides in neatly
- [10:00] Chris Tuchs: *giggle*
- [10:00] Zha Ewry: Morgaine! This is aa "moderate" sim!
- [10:00] Morgaine Dinova: Haha
- [10:00] Rex Cronon: ha. ha:)
- [10:01] Zha Ewry: If you're going to merge and bring in lawyers, I'll haveto have the textures all steam cleaned
- [10:01] Zha Ewry: More seriously, tho
- [10:01] Zha Ewry: I think something like digicash *ought* to fit right in
- [10:02] Chris Tuchs needs to read up on the tech used by openid and oauth to see if they are doing it "right". But if they are... use their stuff!
- [10:02] Zha Ewry: It becomes just a "Your proof point is HERE"
- [10:02] Morgaine Dinova: Perhaps the words "extra" and "meta" are both bad. They're both data, but the question is how to avoid the link when unwanted and how to provide it when wanted --- these being fundamentally conflicting requirements in important use cases.
- [10:03] Tapple Gao: shibboleth too. shibboleth is to intranets what OpenID is to the internet
- [10:03] Zha Ewry: I *think* they get pretty close. The problem with 90% of the auth/ID stuff is that people ground them out in things like Facebook which are icky
- [10:03] Zha Ewry: In terms of that, Morgaine, that's the main reason I lean to a REST style
- [10:04] Zha Ewry: you put the meta-data (extra attributes, special sauce)
- [10:04] Zha Ewry: on a URI
- [10:04] Zha Ewry: make it accesiable via a CAP like or other one shot
- [10:04] Tapple Gao: Shibboleth is on the todo list for open cobalt higher than openid
- [10:04] Zha Ewry: and you don't force anyone to consume it if they don't want to
- [10:04] Zha Ewry: and you leave the control int he holder of the data
- [10:04] Zha Ewry: it adds an extra round trip to the dance
- [10:04] Tapple Gao: both are still rather low though
- [10:05] Zha Ewry: You have to fetch off the data rather than getting it handed to you"
- [10:05] Zha Ewry: but
- [10:05] Zha Ewry: It is much better in terms of what you need to secure
- [10:05] xstorm Radek: think of all the data we have in sl and if some one can track down things like we use worldpress or blogs that just adds holes to the system
- [10:05] Zha Ewry: TOCTOU attacks and such
- [10:05] Morgaine Dinova: Here's an idea (not saying I like it, just a wierd thought) --- make RL avatars as discrete entitities, and then link RL and virtual avatars if you want. That puts them both on a par, and allows for simple non-existence of the RL avatar as a means of satisfying the privacy/security/immersionism requirement.
- [10:06] Zha Ewry chcukles
- [10:06] Morgaine Dinova: Then it's all "data" !!
- [10:06] Zha Ewry: But
- [10:06] Zha Ewry: I must have *some* of it to rez you in all cases
- [10:06] Zha Ewry: and only need other bits of it in *some* cases
- [10:06] Zha Ewry: The MUST/ don't must
- [10:06] Zha Ewry: disctinction is what I care about
- [10:06] xstorm Radek: trace roots and paths can be found in any system if given time
- [10:07] Zha Ewry: Don't care if we call it Hamburger and Catchip
- [10:07] Latha Serevi: Chris, I recall some of the existing web auth stuff as making some assumptions like "it's a user authenticating to a service, and it's reasonable to require a manual login from the user once per site per session." Didn't fit with arbitrary hosts authenticating with each other as needed. I hope not all existing schemes have that problem, but I bookmarked it as a potential pitfall.
- [10:07] Rex Cronon: u rezz a blob and say "this is morgaine":)
- [10:07] Morgaine Dinova: Blue blobs rock
- [10:07] Zha Ewry: But, we want to separate out the "This is what I need" and "This is stuff you may want"
- [10:07] Zha Ewry: Morgaine hasn't put on *that* much weght. Not all that blobby to me
- [10:07] Opensource Obscure: HELLO
- [10:07] Rex Cronon: hi
- [10:08] Rex Cronon: ok. a skinny one:)
- [10:08] Zha Ewry: Heylow Obscure one
- [10:08] Opensource Obscure: (( TODAY IS MY PERSONAL CAPS LOCK DAY ))
- [10:08] xstorm Radek: hi open
- [10:08] Dahlia Trimble: HI OPENSOURCE :)
- [10:08] Morgaine Dinova: Zha: fundamental problem though if they are both maintained information. I want the possibility for the service to simply not support the maintenance of that information. Hence the "Cap is recognized but not available on this service" response.
- [10:08] xstorm Radek: lol
- [10:09] Zha Ewry: I think that's fine
- [10:09] Chris Tuchs: Latha, good concerns. My info is 15 years out of date though, and can't say one way or another. But I get the feeling that the consensus here is optional "certificates" which maintain user privacy.
- [10:09] Zha Ewry: Either you reply that
- [10:09] Zha Ewry: or return a cap which always returns an "service not availabel" error
- [10:09] Zha Ewry: I think, in general
- [10:10] Zha Ewry: the pattern of the specs ought to be
- [10:10] Zha Ewry: "You don't have to support every cap in the spec, but stuff may break if you don't"
- [10:10] Morgaine Dinova: Ummm. Dangerous
- [10:10] Zha Ewry: And, if you don't want to support one, you can certainly return a valid, but null
- [10:11] Zha Ewry: It is a little dangerous, but.. in a web world withc lusters of services its always the possible case
- [10:11] Zha Ewry: If you fail horribly becuase one out of 100 services you depend on 404s for a moment due to network issues, you're just as miserable
- [10:11] Zha Ewry: But. It is tricky as to what is expected to work properly
- [10:12] Zha Ewry: thus.. a "All questies return "no such informatoin is available" ismore graceful
- [10:12] Zha Ewry: and I'm not miserable is some caps return a "No such servcie here"
- [10:12] Zha Ewry: Which isn essence is what happens if you ask for "cap.name.that.I.just.made.up"
- [10:13] Morgaine Dinova: You know, maybe that "RL avatar" idea isn't so daft. It simplifies this whole area massively.
- [10:13] Zha Ewry: you don't get back a "Oh, here is my best guess as to what you meant"
- [10:13] Zha Ewry: you get back 'No such cap" in some form.
- [10:13] Rex Cronon: sometimes in order to find a good solution u have to build a prototype:)
- [10:13] Zha Ewry: brb, while I ponder what you just said
- [10:13] Morgaine Dinova goes to make coffee
- [10:14] xstorm Radek: data search bot
- [10:14] xstorm Radek: spiders
- [10:14] Mojito Sorbet: "No such information is available" can also mean "I know, but I am not telling."
- [10:15] xstorm Radek: lol
- [10:15] Mojito Sorbet: That can block fishing expeditions.
- [10:15] Mojito Sorbet: or "I know, but I am not telling YOU"
- [10:15] Tapple Gao: wireless makes every security hole a mile bigger
- [10:16] Mojito Sorbet: Well, SSL is certainly possible, right?
- [10:16] Chris Tuchs: All comms should be encrypted to prevent eves droppers, imho.
- [10:16] Rex Cronon: u make tunnels:)
- [10:16] Zha Ewry: back
- [10:16] Rex Cronon: wb
- [10:17] Zha Ewry: "I know, but I'm not telllilng, from the outside, pretty much is "I don't know" "
- [10:17] Zha Ewry: Unless of course you implement "snarky tween mode"
- [10:17] Chris Tuchs: And unless there is a *need* for later examining the comms, then something like OTR's crypto should be used...
- [10:18] Mojito Sorbet: "Ha ha, your password is wrong. neener neener neener"
- [10:18] Morgaine Dinova: Mmmmm, nice coffee, if you have any requests, ask now, I'm in a happy mood :P
- [10:18] Zha Ewry: Or to observe y tween's friend's "Oh, I KNOW who your BFF is dating, but I am *SO* not going to tell you"
- [10:18] Tapple Gao: hmm. doesn't everybody log their IM's anyway?
- [10:19] Mojito Sorbet: "Your password is wrong in ONE LETTER, but I am not telling you which"
- [10:19] Zha Ewry: But, al ogged IM doesn't prove you said it
- [10:19] Zha Ewry: If you want to "prove" it
- [10:19] Morgaine Dinova: Chris++
- [10:19] Chris Tuchs: [10:18] Tapple Gao: Sure, I'll send you the money.
- [10:19] Zha Ewry: you need a third party digitally signed repos
- [10:19] Chris Tuchs: Right, if you want to be able to prove comms need extra/different stuff.
- [10:20] Morgaine Dinova: Been saying that since PGP days. It all breaks apart when 99+% of traffic is in the clear.
- [10:20] Mojito Sorbet: Best to keep up random babbling so the channel is full, let someone use the info that you spoke AT ALL. Hmm, I think some group IMs already do that...
- [10:20] Mojito Sorbet: *lest
- [10:21] Zha Ewry: << Snort >>
- [10:21] Zha Ewry: So, I think we have pounded this into the mud for the moment
- [10:21] Morgaine Dinova: Yep Mojito, bit padding a comms link is standard practive to prevent differential cryptoanalysis from having an easy ride.
- [10:21] Morgaine Dinova: practice*
- [10:21] Zha Ewry: The best place for cogent comments is in reply to the note on OGPX
- [10:22] Chris Tuchs: I am pretty new here, and pretty clewless. What is OGPX? Feel free to IM and not spam the group...
- [10:22] Zha Ewry: http://www.ietf.org/mail-archive/web/ogpx/current/msg00890.html
- [10:22] Zha Ewry: OGPX for historical reasons is the mailing list for VWRAP
- [10:22] Zha Ewry: where VWRAP is the IETF working group that this stuff is aiming at
- [10:23] Morgaine Dinova: Zha: do you think we might change it some day to vwrap@ list?
- [10:23] Mojito Sorbet: First step toward interop. Just recognizing each other's login credentials.
- [10:23] Zha Ewry: Ask our chairs?
- [10:23] Mojito Sorbet: Hello, chair
- [10:23] Morgaine Dinova: Haha
- [10:23] Zha Ewry: I'd kind of like to see it move
- [10:24] Zha Ewry: But at the "gee, Josh, could we" level
- [10:24] Morgaine Dinova: I think there's no huge argument to force it to change, but I'd like it changed just for clarity.
- [10:24] Zha Ewry: and not beyond that
- [10:24] Zha Ewry: exactly
- [10:24] Mojito Sorbet: See, the CCITT did it right. No misleading group names. Just numbers.
- [10:24] Morgaine Dinova: Haha
- [10:24] Zha Ewry: http://trac.tools.ietf.org/wg/vwrap/trac/wiki
- [10:25] Zha Ewry: http://www.ietf.org/dyn/wg/charter/vwrap-charter.html
- [10:25] Tapple Gao: AWG is mostly about interop among different VW platforms, and VWRAP is the vehicle that we're betting on
- [10:25] Zha Ewry: for those whoe want all the pointers
- [10:25] Mojito Sorbet: I remember working on a protocol where we could not agree on the semantics for one entiry. So we agreed to call that identity by a meaningless name so as not to influence thinking in the meantime.
- [10:25] Mojito Sorbet: *entity
- [10:25] Morgaine Dinova: hehe
- [10:25] Zha Ewry: That's exactly how I ended up working on a project called quad-X
- [10:26] Zha Ewry: Got tired of all the whinging about names
- [10:26] Zha Ewry: so did a global replace to XXXX
- [10:26] Zha Ewry: which is hard to say
- [10:26] Mojito Sorbet: Neatly sidestepps issues like "is this a client or a server?"
- [10:26] Zha Ewry: "Is a blob o code"
- [10:27] Zha Ewry: "You can define it's behavior byt the fact that it exposes these interfaces"
- [10:27] Zha Ewry: I don't give a whoot if its a client, a server or a blongleblat
- [10:27] Mojito Sorbet: followed by UUIDs of interface signatures...
- [10:27] Wyn Galbraith: If all clients could be servers what would that do?
- [10:27] Mojito Sorbet: Simplify the API
- [10:27] Morgaine Dinova: Funnily enough Mojito, we were having a similar discussion in VWRAP just a few days ago, in which it seemed an artificial distinction was being made between human-driven clients and machine-driven clients.
- [10:27] Zha Ewry: Mean we'd deploy IPV6 and shot all the firewall hosters
- [10:28] Mojito Sorbet: Why should the protocol care whether human or machine-driven??
- [10:28] Zha Ewry: Ah, the hints of the "user agent" discussion
- [10:28] Zha Ewry: it shouldn't
- [10:28] Zha Ewry: at all
- [10:28] Morgaine Dinova: It shouldn't.
- [10:28] Rex Cronon: the sim cares
- [10:28] Zha Ewry: Client
- [10:28] Zha Ewry: No the sim only should care to the exctent it may ask "Is this a human"
- [10:28] Zha Ewry: and it may be told "You don't get to know"
- [10:28] Mojito Sorbet: And why should IT care?
- [10:29] Zha Ewry: at whic point it may say "You don't get to come here"
- [10:29] Chris Tuchs: Ask the owner of the sim
- [10:29] Mojito Sorbet tries to find XKCD comics about the Turing Test
- [10:29] Zha Ewry: From a protocol perspective
- [10:29] Morgaine Dinova: Haha
- [10:29] Rex Cronon: if the sim know who is bot and who isn't it can optimize things
- [10:29] xstorm Radek: if a User just coming in to SL asks if there account info will be safe from every thing what do we tell them ?
- [10:29] Zha Ewry: a "client" is the code which drives an avatar and an agent
- [10:29] Zha Ewry: Whether it is a human behind that (and how directly)
- [10:29] Zha Ewry: is really not interesting
- [10:29] Mojito Sorbet: If I had a bot, it would be carrying out duties I assign to it.
- [10:30] Mojito Sorbet: Like those land-harvesting bots that swoop in as soon as you mark your parcel for sale.
- [10:30] Rex Cronon: u tell him: only fools believe that their account is safe from everything
- [10:31] Morgaine Dinova: Rex: "optimize" also means discriminate. And that discrimination even hits humans, for example disabled using bot technology.
- [10:31] Zha Ewry: (For example, a mobild phone gateway, may be "the client" but it may do a ton of stuff that isn't much like a traditional client
- [10:31] xstorm Radek: im getting called away
- [10:31] Wyn Galbraith: Don't think the land bots are running or I've priced the parcel to high cause land I want harvested is not going.
- [10:31] Morgaine Dinova: Dahlia! You've become angelic! :DDDDD
- [10:31] Zha Ewry: At the prorotocl level
- [10:32] Zha Ewry: I'm pefectly happy to see "I am a bot" as "meta-data"
- [10:32] Mojito Sorbet: Yes, you have to set the price at the low end of market to attract them. Once you hit the magic price, one wioll show up in SECONS
- [10:32] Wyn Galbraith: I'm a bot
- [10:32] Wyn Galbraith: oh I mean
- [10:32] Wyn Galbraith: I am a bot.
- [10:32] Zha Ewry: and perfectly happy to have that be optional
- [10:33] Mojito Sorbet: http://xkcd.com/329/
^*[10:33] Dahlia Trimble got a elven theme Linden home and is trying to get into the theme ;)
- [10:33] Zha Ewry: Policy of "No bots" or "I help bots" are region chocies
- [10:33] Zha Ewry: and chosing to expose
- [10:33] Zha Ewry: is a choice
- [10:33] Morgaine Dinova hands Wyn a grommet in lieu of a cookie :-)
- [10:33] Wyn Galbraith yums. ;P
- [10:34] Zha Ewry: Hand wyn some ducttape and see if she stays online longer
- [10:34] Wyn Galbraith: Thanks :D
- [10:34] Zha Ewry: So, like the "name" discussion
- [10:34] Wyn Galbraith: I was missed?
- [10:34] Morgaine Dinova: Always, Wyn :-)
- [10:34] Zha Ewry: We should probably look at how we mark "client" and scrub it
- [10:34] Zha Ewry: Of course
- [10:35] Wyn Galbraith smiles.
- [10:35] Tapple Gao: bye all
- [10:36] Mojito Sorbet: I think you were replaced by a bot while you were away. Like the pod people from "Invasion of the body snatchers"
- [10:36] Morgaine Dinova: Agreed Zha. We're a bit sloppy on nomenclature in VWRAP. Stems from not having a glossary. We started off much better in AWG by defining a glossary, despite LL ignoring us on that.
- [10:36] Zha Ewry: Latha got caught in the meme blender
- [10:36] Rex Cronon: so, the server asks "r u a bot" and your client answers "yes" "no" "not telling" then the server replies "only humans are allowed". simple:)
- [10:36] Zha Ewry: I'm trying to get us one in the deployment patterns spec
- [10:36] Rex Cronon: tc tapple
- [10:36] Zha Ewry: I'm going to push to get most of that rolled into the intro
- [10:36] Zha Ewry: (Note the careful seperation of asset in the latest draft)
- [10:37] Morgaine Dinova: Or make glossary of terms a separate doc.
- [10:37] Zha Ewry: "Simulation, Presentation and meta-data"
- [10:37] Zha Ewry: probably a bit of both
- [10:37] Zha Ewry: I HATE the 200 spec approach
- [10:37] Zha Ewry: becuase you spend a lot of effort maintaining
- [10:37] Zha Ewry: I'm also about at thep oint where I believe that anyplace in the spec we have a map
- [10:38] Morgaine Dinova: Ouch, "asset". Big troubles there, because tal about "asset service", as if that excluded objects, which obviously it doesn't. Real mess, currently.
- [10:38] Zha Ewry: a URI shoudl be a valid choice
- [10:38] Zha Ewry: ah., not so much when you cleani t all up
- [10:38] Morgaine Dinova: Lost a couple of words, reposting
- [10:38] Zha Ewry: Once you split out asse/inventory cleanling
- [10:38] Morgaine Dinova: Ouch, "asset". Big troubles there, because we continually talk about "asset service", as if that excluded objects, which obviously it doesn't. Real mess, currently.
- [10:39] Zha Ewry: then you mostly need to be clear that assets may be blobs which
- [10:39] Rex Cronon: aren't objects assets too?
- [10:39] Morgaine Dinova: Rex: not in LL parlance
- [10:39] Mojito Sorbet: What are those htings in my inventory then?
- [10:39] Zha Ewry: contain a 3-tuple of "Presentation data,Siulation data, metat data" and any of those may be null, and any of those may have multiple represenstaions
- [10:40] Zha Ewry: AND..
- [10:40] Zha Ewry: any of them my be a URI you have to fetch to get the actual data
- [10:40] Morgaine Dinova: Mojito: good question.
- [10:40] Zha Ewry: Conceptually, the inventory is a list of pointers
- [10:40] Mojito Sorbet: pointers to what?
- [10:40] Zha Ewry: The items don't get downloaded hen you fetch it
- [10:40] Zha Ewry: Ahh
- [10:40] Wyn Galbraith: 30K items in my case
- [10:40] Zha Ewry: That is the questoin, isn't it Mojito
- [10:41] Zha Ewry: 22K in mine
- [10:41] Mojito Sorbet: pointers to assets, are the not?
- [10:41] Zha Ewry: (I've been a busy little thing cleaning this month)
- [10:41] Mojito Sorbet: Under 7K for me.
- [10:41] Zha Ewry: Pointers to assets, or lists of assets, I think (folders)
- [10:41] Mojito Sorbet: So, there are objects in there. Thos emust be assets too
- [10:41] Zha Ewry: And in all cases you should always epxect a URI at anytime
- [10:41] Rex Cronon: 30000*36=1,080,000
- [10:42] Zha Ewry thinks URIs must not be the spanish inquistion
- [10:42] Mojito Sorbet: You use up a megabyte just to store the UUIDs of your stuff?
- [10:42] Morgaine Dinova: The definition of "object" in SL seems to be something wierd like "Entity instantiated from a storage service (trying desperately not to say "asset service") in a region, which is then a non-asset until it's stored away again." Blech.
- [10:42] Rex Cronon: that is close to 1Mb, and still it takes 5 to 15 minutes to download?
- [10:42] Zha Ewry: Well, rezzed entity is not formalized in thier world
- [10:43] Mojito Sorbet: Oh, so by "object" they mean only the rezzed version.
- [10:43] Zha Ewry: And if you want to have FUN
- [10:43] Eddi Decosta: well, sorry i need to go! ㋡ see you later!
- [10:43] Rex Cronon: tc eddi
- [10:43] Morgaine Dinova: Cyu Eddi
- [10:43] Zha Ewry: describe what the heck you should hand a region to use when an object is "returned" in a fully distributed grid situatoin
- [10:43] Zha Ewry: tc eddi
- [10:43] Eddi Decosta: thanks, take care ㋡
- [10:44] Zha Ewry: You get to do it at Rez time
- [10:44] Rex Cronon: name, size, description, and URI to its inventory?
- [10:44] Zha Ewry: and you have *NO* idea when it might get returned
- [10:44] Morgaine Dinova: Zha: we're fighting the legacy problem continuously. Makes it hard to introduce any sanity :-(
- [10:45] Zha Ewry: So, if you hand it a URI or a CAP to your asste/inventory problem
- [10:45] Zha Ewry: *service you gte some fun problems
- [10:45] Mojito Sorbet: No, returning an object it has to go to the inventory of its owner, not yours
- [10:45] Zha Ewry: Do you want a long lasting "Here, put anything you want here"
- [10:45] Wyn Galbraith: cycles wash
- [10:45] Zha Ewry: cap
- [10:45] Zha Ewry: right
- [10:45] Zha Ewry: at rez time
- [10:45] Zha Ewry: you the rezzzer
- [10:45] Zha Ewry: the owner
- [10:45] Mojito Sorbet: oh, yes
- [10:45] Zha Ewry: what do you give the sim?
- [10:46] Zha Ewry: if I give the sim a pesrsistent URI
- [10:46] Mojito Sorbet: The URI by which it can fetch the parts of that tuple it needs
- [10:46] Zha Ewry: I am setting up some really bad srtuff
- [10:46] Zha Ewry: So, that's how it gets on the sim
- [10:46] Zha Ewry: (and i agree
- [10:46] Zha Ewry: a onetime cap to fetch it)
- [10:46] Zha Ewry: On return
- [10:46] Rex Cronon: u give to sim a blob that has all the info about the object
- [10:46] Zha Ewry: hours, days, weeks,. months, later
- [10:46] Mojito Sorbet: Sim does not need "appearance" data.
- [10:46] Zha Ewry: The sim gets a request to "return" it
- [10:47] Rex Cronon: the sim stores that blob locally and gives it to every ave in the sim
- [10:47] Zha Ewry gestures at the deployment patterns document
- [10:47] Morgaine Dinova: Good stuff here today, needs much thought. I hope Sai's recording for transcript.
- [10:47] Zha Ewry: that's one pattern
- [10:47] Rex Cronon: each client extracts whatever info it wants from the blob
- [10:47] Mojito Sorbet: No, it sends the *URI* to every viewer in the sim
- [10:47] Zha Ewry: Tha's another
- [10:47] Dahlia Trimble prances off to the secret hidden realm of the faeries... bye all :)
- [10:47] Zha Ewry: and it may not send the same one to each client
- [10:47] Mojito Sorbet: Let them fetch their own copes, over some different channel
- [10:47] Rex Cronon: if object is rezzed the uri will not have local data
- [10:47] Mojito Sorbet: copies
- [10:48] Rex Cronon: tc dahlia
- [10:48] Zha Ewry: have you read the deployment pattern's draft?
- [10:48] Mojito Sorbet: Sim can tell clients, "face #3 has texture with this URI. Go get it if you care"
- [10:49] Rex Cronon: it doesn't make sense for sim to tell client to get data, when the sim could store data locally and give it
- [10:49] Mojito Sorbet: Or, "Object with URI=u1 is at location XYZ, rotated THUS"
- [10:49] Zha Ewry: http://tools.ietf.org/id/draft-levine-vwrap-deploy-01.txt
- [10:49] Zha Ewry: It does if you want to only allow people with licenses to see it Rex
- [10:49] Rex Cronon: if clients gets an uri it has to make an extra connection and get that data
- [10:49] Mojito Sorbet: Trying to get the sim out of the server proxy business.
- [10:49] Zha Ewry: or you want to do content negotiation
- [10:49] Rex Cronon: is wasted time and network resources
- [10:49] Morgaine Dinova: I think perhaps objects need to be handled by regions as a diff w.r.to the asset retrieved by a separate path from the asset service for that object.
- [10:49] Zha Ewry: Depends
- [10:50] Mojito Sorbet: Yesl, an extra connection to SOMEWHERE ELSE. spread the load
- [10:50] Zha Ewry: if the texture is a common one
- [10:50] Zha Ewry: the "extra fetch" can be to akamai
- [10:50] Zha Ewry: or a cache in your network
- [10:50] Morgaine Dinova nods
- [10:50] Mojito Sorbet: HTTP servers are very optimized at doing this. VW sims are not
- [10:50] Zha Ewry: Forcing the sim to always hold all content is kind of painful
- [10:50] Morgaine Dinova: Yep
- [10:51] Rex Cronon: the sim can have a locall asset store
- [10:51] Zha Ewry: I draw your attention to 9.3.3.1 in he deployment draft
- [10:51] Mojito Sorbet: All the sim needs to hold is 1. The data it needs itself, and 2. URIs to pass on to the viewers.
- [10:51] Rex Cronon: it will function similar to a hard drive buffer:)
- [10:51] Zha Ewry: Where you will find all those choices laid out
- [10:51] Mojito Sorbet: Pasing all data through the sim increases the network oload considerably
- [10:52] Zha Ewry: Sometimes it makes sense
- [10:52] Chris Tuchs: otoh, passing all client to client comms through an intermediary helps maintain client privacy
- [10:52] Zha Ewry: I'm strongly arguing that the spec should permit the range
- [10:52] Zha Ewry: everywhere you can put a blob, you can put a URI
- [10:52] Mojito Sorbet: I agree with that
- [10:53] Rex Cronon: what if 30k users want the same asset. that means the asset server will get overloaded
- [10:53] Mojito Sorbet: The protocol should not force one solution to that
- [10:53] Morgaine Dinova: Chris: given a URL to an asset service, you can always choose a proxy for it.
- [10:53] Mojito Sorbet: Asset servers have caches too
- [10:53] Zha Ewry: Put the item on a cached, high speed server. Its bound to better than on a SIM which is running physics and caching it
- [10:53] Mojito Sorbet: Looks at the specs for the YAWS HTTP server. It is very VERY fast
- [10:54] Zha Ewry: Saying the sim shoudl hold it
- [10:54] Zha Ewry: is effectively saying
- [10:54] Zha Ewry: "I can do phyisics and content serving fastert than just content serving"
- [10:54] Zha Ewry: Not always true
- [10:54] Rex Cronon: depending how u implement the sim, it can either store blobs locally or give an uri:)
- [10:54] Mojito Sorbet: Sims are the computational bottleneck. They should be offloaded of everything not related to "presence" simulation.
- [10:54] Zha Ewry: totally true Rex
- [10:54] Morgaine Dinova: In any case, with asset services decoupled from world providers, a lot of the privacy issues become less worrying, because it's generally the world operator that is the weak link.
- [10:54] Zha Ewry: and that's the point
- [10:55] Opensource Obscure: see you everybody
- [10:55] Mojito Sorbet: Protocol must be able to handle both
- [10:55] Zha Ewry: anywhere you might get an object
- [10:55] Zha Ewry: expect a URI
- [10:55] Rex Cronon: tc open
- [10:55] Zha Ewry: just not the spanish inquistion
- [10:55] Morgaine Dinova: 5 mins to 11am
- [10:55] Rex Cronon: as long as the sim can do both, there is no problem:)
- [10:55] Mojito Sorbet: what happens at 11?
- [10:55] Morgaine Dinova: Andrew or OSgrid
- [10:55] Rex Cronon: what morgaine said:)
- [10:55] Mojito Sorbet: A sim designer can be free to never send out blobs.
- [10:55] Zha Ewry: Or always
- [10:55] Zha Ewry: or a mix
- [10:56] Zha Ewry: Including "If you paid premium you'd see pretty textures, but you see default crappy trees"
- [10:56] Mojito Sorbet: Yes. Protocol must handle both. The mix is a business decision
- [10:56] Zha Ewry: I'd say policy
- [10:56] Mojito Sorbet: haha
- [10:56] Zha Ewry: which is my way of saying "Business or other chocie makers"
- [10:56] Mojito Sorbet: Yes, sim will always return plywood no matter what you ask for.
- [10:56] Rex Cronon: the protocol can have one byte that when set to zero means a blob is comming and when is 1 that means here is a uri go get it yourself:)
- [10:57] Zha Ewry: LLSD so you get <map blob, binary blobd> or <map blob, URI>
- [10:57] Zha Ewry: And if its a URI
- [10:58] Zha Ewry: you know what do
- [10:58] Mojito Sorbet: Dont require LLSD, please
- [10:58] Rex Cronon: there r different ways to do it
- [10:59] Rex Cronon: ok. time 4 me 2g2 andrew's oh
- [10:59] Zha Ewry: kk
- [10:59] Zha Ewry: Great stuff today
- [10:59] Zha Ewry: READ DRAFTS
- [10:59] Zha Ewry: Comment on them
- [10:59] Zha Ewry: IETF in 2 weeks
- [11:00] Morgaine Dinova: And Joshua's Jabber gateway to be tested before then.
- [11:00] Zha Ewry: And mixed reality
- [11:00] Zha Ewry: we are DANG well gonna have a full up meeting this time
- [11:00] Zha Ewry: Stream the real world into a SIM
- [11:00] Zha Ewry: and get people in SL on the mike line
- [11:00] Morgaine Dinova: Would be nice
- [11:00] Wyn Galbraith: cool
- [11:01] Wyn Galbraith: When is that?
- [11:01] Zha Ewry: Barry and Josh are on hook to do it
- [11:01] Morgaine Dinova: 23rd, Anaheim
- [11:01] Zha Ewry: 9:00 am PST/ STL
- [11:01] Zha Ewry: *SLT
- [11:01] Mojito Sorbet: Be nice if RL meetings about VW were visible inside VWs
- [11:02] Zha Ewry: That is the plan
- [11:02] Mojito Sorbet: Or at least a ustream page. :)
- [11:02] Wyn Galbraith: They did that at SLCC
- [11:02] Zha Ewry: Mind you I get to live the irony of "Ok, so I need travel to go to meat people about virtual spaces" every few months.
- [11:03] Mojito Sorbet: My experience is, streaming video into SL is messy unless you have Mac computers present. Stupid QuickTime
- [11:03] Zha Ewry: "Wait, you're GOING to a conference on virtual worlds"
- [11:03] Morgaine Dinova: :-)
- [11:03] Wyn Galbraith: Live music viewed in world and SL viewed in RL
- [11:03] Zha Ewry: Josh is supposed to be settting up a test
- [11:03] Zha Ewry: and yeah, I agree
- [11:03] Zha Ewry: Streaming out of RL is annoyingly hard
- [11:04] Mojito Sorbet: Ive been involved in big two-reality conferences. It needs lots of testing in advance. And make sure your stream server scales
- [11:04] Mojito Sorbet: Its load sof fun though, when you have streaming both ways.
- [11:05] Zha Ewry: Yeps
- [11:05] Wyn Galbraith: It is
- [11:05] Zha Ewry: Its hard, but remarkably cool
- [11:05] Mojito Sorbet: All the RL people see these funny cartoon people on the big screen,m actually participatin gin the discussion
- [11:05] Zha Ewry: and it should be fun to blow the dust off the greaybirds
- [11:05] Mojito Sorbet: yes
- [11:05] Mojito Sorbet: People who have never seen it before are going "wtf"
- [11:05] Wyn Galbraith: My gang were talking about it's too bad we can't stream tv inworld, then no matter where we were we could watch together.
- [11:05] Mojito Sorbet: I was in one such session. haha
- [11:05] Zha Ewry: mind you, if I was bearded, I would be a gray beard, but.. I try not to act like it.
- [11:07] Wyn Galbraith is going to run off and play a little.
- [11:07] Object: Touched.
- [11:07] Object: <0.28726, 0.91902, -0.26996>
- [11:07] Chris Tuchs has tons of reading to do now... open cobalt, vwrap...
- [11:07] Chris Tuchs: See y'all around...
- [11:07] Tiny Blue Kitty Head: All Go
- [11:08] Wyn Galbraith poofs.
- [11:08] Zha Ewry: and off
- [11:12] Morgaine Dinova: Think I'll pop over to Andrew's and sit there instead. I'm really at OSgrid just now.