User:Blondin Linden/3rd Party Viewer Brown Bag: Session 1 29Oct09/transcript
Blondin: I'm blondin linden and I'm part of the community team here at Linden. It's been a pleasure to have organized these brown bag meetings. Just a couple quick notes here before we begin. Torley will be recording the voice and be making an audio transcript available for the meeting. I just wanted everyone to be aware of that before we begin.
I think it's key to point out and remember that we are supporting and continue to support an open platform. The idea is to create a third party viewer registry. The determiners for this have not been decided and that's why we're here. The purpose of this meeting is to engage in a conversation to discuss and define the appropriate uses. Keep in mind that no policy has yet to have been made. We just wanted to talk to you and see your thoughts and hear your opinions.
If you have questions during this please IM to me directly and I will ask them aloud. We ask that everyone behaves in a professional manner so please respect everybody and respect their opinions, no shouting or arguing. And with that I think that we can throw it to Jeska to start us off.
Jeska: Hello everyone and thanks for coming. I apologize in advance for my scratchy voice I played a llittle too hard at rock band last night so if I squeak it's the Beatles fault. I wanted to kick off the conversation and I wanted to thank you Blondin for setting that up and I just wanted to reiterate, I think there was a couple commments on the blog and there was some feedback that policy has already been made and we've already decided what features want to support and what we don't and I want to be really clear that this is not true. And that's why we're here.
Jeska: So I wanted to kick off with a bit of a guiding question. You all can respond either by typing or saying out loud. The question is "What features are you using most frequently. What are the ones that you can't live without?" After that I'll have a follow up asking about what you are doing with them and how you are using them.
<technical issues with voice>
Anyone who wants to start, go ahead, what are you using most frequently?
Unknown 1: OTR chat encryption, IM encryption Unknown 2: That's definitely a big one
Jeska: OK, anything else? I'm sure there's more than just that.
Unknown 2: Avatar radar list Unknown 1: I think that would let you see more information and things like that Unk 3: Import/Export of content in general, scripts, objects and so forth Unk: Better muting, sounds things like that Unk: Better moderation tools
Jeska: and some of this is pretty straight forward, what are you using it for? Could you talk a little bit more about encrypted chat, what are your use cases for that? How are you using them, what's the story?
Unknown 1: I'm personally using it for more secure communication with people I'm working with with regard to various things such as business related communications not to mention the fact that it ensures that if I'm on a wireless network I don't have to worry about interception of what I'm saying regardless of the nature of it.
Jeska: Anyone else?
Unknown 2: The great thing about it is that it's nice to know that not only is what i'm saying not gonig to be read by anyone except who it is intended to be read by but also that my messages are getting through unmodified. I don't have to worry about someone intercepting the message and sending something different.
Jeska: Go ahead sitearm
Sitearm: I know it sound facetious, and it's a great line but when I tried out the breast physics with some friends on the other viewer that begins with "e" (laughing) it reminded me of my seocnd life roots. Which was the real reason I came here in the first place: to be in a 3D world, to have a different body and to have things that I don't have in real life. To "create your world" like we say all the time. And then sort of out of nowhere Second Life turned into a 3D internet social networking corporate meeting platform, which is good because it's given it a lot of oomph and credibility with Nebraska and all that.
But I've gone back to try some other things like Blue Mars and twinity (?) and meta me and I've talked to other people who have tried thouse, but we keep coming back to Second Life, saying "this is the only place where we have such freedom", not only to create these cool things in cool bodies but to move around so freely. Couple that, Jeska, with now that you've got the Enterprise and Nebraska PR machine. Some other developers and I are working a best practice group for getting back into consumer markets, which is the hoi palloi, the fashion article that came out in the New York times. (unintelligble)
Well, if we're going to get back to fashion, that's also going to go back to bodies. Second Life bodies are great, but that little bit of jiggle... really great. It going to make more news stories. It sounds so trivial but breast physics and anything else you can do on the wire frame, ahem package physics, would be really great. I submit that if that can be done through the viewer hey lets open that up and do more with it. I think that's a great addition to the other stuff.
Jeska: Thanks. Some of them are straight forward. I get the joke about breast physics I remember when we got the first flexi object, I remember that was so exiciting not just for breasts but for all things to move so I do understand the creativity side.
Anyone else, or do we move to the next question?
Unknown Female: I guess we tend to use bots for things that don't have a web or http interface to query. We find that sometimes there are things we'd like to do that we can only do through using a bot. We have a nebraska system and we have used that as a way to get information that we use to get information that we can't get through any other interface.
Jeska: Thanks Gigs for posting that in. (In relation to a comment Gigs posted about OTR Chat encryption being similar to SSL encryption on the web)
Unknown: That's special (?) when you have non-disclosure agreements.
Jeska (to female): I guess that's a kind of thinly veiled request to get more web interfaces to things in your simulator environment.
Female: Gweneth can you talk about what a temporary upload would be?
Gweneth: Sure a temporary upload is when you can upload a texture local to the sim but it's not going to your asset servers so designers can look at how the textures work before they commit to 10 linden dollars. I think that's a cool idea and many of the third party viewers are implementing this.
Unknown: Also helps with asset server bloat
Jeska: OK anything else we can move on to talk about a little bit?
Unknown: It's not local to the cache of the machine, it's uploaded via the same mechanism as your face.
Jeska: OK clever
Unknown new male: That's the feature that I use, the temporary textures, just the fact that the new RC is causing me some problems so I'm using emerald all the time now.
Unknown australian sounding guy: If I may jump in there a minute, the feauture that I can't live without is my text only viewer. I frequently connect from work and a full 3d viewer just would not do. Staying in contact with friends and business and stuff non-3d is absolutely essential.
Female: Yeah I totally agree with that, that's definitely useful, and also for blind users there's a blind client as well.
Jeska: I want to switch gears a little bit and move on to your feedback about what you would want in a registry. We want to provide a viewer registry system mostly to help people make good decision when picking a third party viewer. What would you want to know about viewers, if you were looking at a registry what sort of things would you want ot know about it.
Many replies: Who's behind the viewer Number of downloads Usage stats Percentage concurrency
Jeska: What about something, I know ratings are a hot topic, would that be helpful? Like an Iphone app, would that be useful?
(unintelligble)
Male: How about things, like these users continued to use the viewer for so long. There would be a lot of people who might try a viewer once but if someone likes it they would use it over and over.
Male2: I think ratings and reviews are a really good thing from a user standpoint, we see it in all sorts of media. People are used to seeing it it's kind of a standard. One thing I would like to see would be code signing, you don't need to accept every instance of a view, but you accept a producer of a view, so if these people are acceptable they have gone through the code signing and gotten the certificate and have signed their code. Just like anywhere else anyu other program that you might download. It's signed so that you know there's accountability there and it helps establish trust. So they can be more assured that they aren't getting a virus, trojan or password phishing.
Female: I guess it would also be valuable to know how often a viewer is updated.
Male: I think that things to know would be key features of the viewer and also if it's based on linden lab client, and what version it's forked off of, or say it's a libomv based viewer, what version of that it's based on. This can be quite useful as well to determine fundamental features of the viewer.
Jeska: can be interesting. Anything else that you would want to know before you download?
Gwenneth: I would like ot know who is behind the viewer, a resume, bio of the members of the team
Jeska: More information not just a name
Gwenneth: Not just a name, yes a little bit more.
Male: One of the things we brought up at Rob's meetings before, we'd like to know is the log ins for the past week month or 6 months. It was raised as an issue that this would lead to an arms race between viewers and people faking logging channels to try to get their numbers up. But it would be interesting in knowning how many people are using my viewer since I have no way of currently telling.
Sitearm: I'm in the position where I'm trying to use mostly second life as-is in working with clients. I've not yet decided whether I'm going to try Nebraska, some of my fellow developers are. I want a good official capital O official second life viewer, and that's mostly what I'm going to use. So if we are going to have third party viewers, I'd like to know what Linden Lab says about them on each row. What is linden lab's position on "viewer 17". Have they reviewed it? Does it work? Do they think it hsa any advantages? Because I don't want to be recommending viewer 17 to clients and then it goes, the company goes out of business like Electric Sheep, or it stops working with the next Havoc release.
To me I'm just going to use the official viewer unless there's some advantage and Second Life endorses it. In some manner. And I can't see yet if you will endorse it or not, because you don't even endorse solution providers. You say "use them at your own risk", and I can't imagine your legal department not saying "use these viewers at your own risk".
Jeska: We happen to have someone from the legal department here
Marty from Legal: As someone from the legal department, let me answer that question. The way that this registry started is sort of as you described. We want to make it possible for creators of third party viewers, whether based on our code base or not, to establish reputation within the community. The way we want to catalyze that is to create this registry. We're going to do some vetting. The vetting we do depends on the feedback we get during these brown bags. That's why Jeska's asking what kind of things do you think are important to know about a viewer before you use it. We're going to take that feedback and we're going to come up with some critera upon which we'll base entrance to the registry. We're going to do some vetting, as complicated as this software is we're never going to be able to say we completely endorse, I don't even know what endorse would mean in this context. The goal I think is consistant with what you said, we want you to be able to use the viewers in the registry with some degree of confidence that they don't contain something that you don't intend to subject yourself or your users to.
Joe may have more to add to that about what kind of vetting process we're going to go through to put those in the registry. Again the big goal here is to make it possible for you to know something about the viewer before you start using it.
Male: Marty that sounds good, I know you actually I don't mean to diss you guys I know you're good because you did a great job. Don't kill me for saying this you other guys on the adult oriented stuff. But as an example one of the common claims is that the other viewers are less laggy than the official viewer, and I'd be interested if Linden Lab could say "we've measured the lag under these conditions, and here's what we noticed". We all know there's 15 reasons you can lag and the viewer can be only one of them. As JB is saying this can be tough to do. I'm hoping though, I'm assuming that one reason you guys are supporting third party viewers is because when we come up with good new stuff you'll embed it in the official viewer down the line, I think that's smart and I totally vote for that. So if there is some way you can add Linden Lab evaluation. Amazon is not a bad comparision here. Amazon always has some official publisher's reivew and then the users get to put in their reviews, so Linden Lab would be the official reviewer so to speak.
Jeska: Anyone else on this? ...... Alright I wanted to give you guys some time to ask questions. So I think Blondin you asked everyone to IM you if you have questions.
Blondin: If you have questions please IM them to me and I'll ask them in chat and voice.. I have one in the queue from Pixel. Pixel says "I'm curious how Linden will present the viewer registry, I guess I'm worried about what you will imply if the viewer is not on the list."
Joe: Let me take that. I don't think we're going to try to "imply" anything with respect to viewers that may or may not be on the list. We view the registry as a completely voluntary submission, pretty much self serve by the developer community. It will really be up to you as the respective developers if they are meant to be used by others, not if they are simply being used by you, pixel, for test purposes if you're modifying the code base and you want to log into Agni for the purpoess of testing we wouldn't expect you to register that binary or create an entry in the registry for that. If you are going to point other users at it, and suggest that it's a viewer that is safe to use for accessing the grid, our grid, the main grid, then we'd hope that you'd take the time to actually enter the binaries, the location of those, and if it's based on GPL code the location of the source tree. We're not going to imply the absence of a viewer indicates that there aren't viewers out there that will be highly valuable to others. Let me say at least at the outset at least from my perspective there's only 3 ways we can help people understand how to effectively use second life in a safe and productive way. - We can engage in education, so that the community as a whole really understands where they can go for information about the range of choices they have, about access points. - We can set policy that makes it very clear that there are things that we will not tolerate being done to the grid with respect to the rules of the road and how people use the resources that make up the overall service offering that we've created. - And there's a few things we can technically do to ensure that service quality remains high for everyone.
The point of the registry is to serve that first purpose, the education purpose. It's to give users the way to see, in an open format, the range of viewers that are available, who's behind them, how popular they might be by download count or active session count, there's a number of ways we can do that. But most importantly it's the vehicle through which an individual developer or devloper group will say "hey we're willing to stand behind this product and indeed the primary development site or the primary location of the download site is at this URL and if you want to inspect the source it's located at this URL and we can commit to the fact that we have not embedded code in this binary that will subject your system or your personal information to exposure if you are not aware of it".
So I hope we don't get into a situation where the lack of an entry implies anything on the part of Linden Lab, this is part of the education attempt on our part to raise the bar a little bit and make people aware of the value of open source which by the way we continue to feel is a key driver around the innovation associated with second life.
We've seen far greater innovation and far faster innovation since the viewer was open source and frankly we anticipated that and we wnat to continue to support that and see it grow. This is part of the education campaign not part of a technical campaign to limit access for binaries to the main grid.
Blondin: OK our next question (from sitearm): What about emulating wordpress? Their .com blog service is closed with official widgets but their .org service is more open to test for beta code and third parties, allows both a stable and an exploratory environment for developers and users.
Male: Isn't that what the beta grid is for?
Sitearm: Let me say more, on the .com wordpress, there are some third party widgets, interfaces from wordpress to twitter, flickr. Many of those widgets were developed by third party developers and they passed through vetting process that wordpress uses so you can just add them from your menu. Clicky clicky click. However they have a .org wordpress that looks identical except you as the user and developer have much more power to upload themes [..] widgets and interfaces, and you can run an entire blog from the .org system using all these extra gadgets and widgets, functionally they are pretty much the same but guarantee wise and stability wise they are different because wordpress says on their .com if you click a set of widgets we've already tested that and if it doesn't work right on .org use it at your own risk.
It's not the same as beta because in the background the blog software is the same it's the addons which are different. I'm making the analogy here that you guys are always going to keep the server code solid but the viewers could be stable or proved .... (?) [beta viewers?] still run on the real grid. That's my point here. This is a gleam of an idea so I apologize if there are glaring holes in it. Several people have said here "what if I want to test something but I don't want to quite register it as official" So maybe there could be two categories of viewer tehre could be totally vetted and on the registry and then there oculd be experimental and the Chuck Yeagers ..?. use if they feel like it.
Jeska: Thanks sitearm I'll make sure that gets into our notes to think about. I think the widget sort of style is interesting potential future. Blondin what was next?
Blondin: It's a question from Gigs, "Many of the viewers that people are upset about are violating the GPL anyway. Is this effort going to be coupled with increased enforcement of GPL compliance?"
Joe: Short answer is yes Gigs, we absolutely want to be more open about making it clear that we intend to enforce all the terms of the GPL license, so this is certainly one way we can help do that. I think it's important for anyone who's leveraging the GPL code actually have the source readily available for inspection by anyone who needs to see it and that's certainly not the case today.
Blondin: We have a question from Fraction: "Are you intending to take more decisive action regarding viewers that you come to the determination violate the ToS or harm the service?"
Marty legal guy: Yes, if we know that someone's using features of the viewer to violate terms of service then we will ban that user. It would have to be based on them using functionality that violates, to violate, the terms of service.
Fracture: If I may... I had more in mind programs that beyond a shadow of a doubt were made for the purpose of exploiting the system especially with regard to permission exploits or things like that... Things that could not possibly be construed as legitimate.
Male: Just to elaborate on that a little bit and give an example, the cryolife viewer for example that's being spread around. It was a viewer that was created to push the limits and test the system. It contained the notecard exploit that was fixed a couple weeks ago. As well as import/export, it has the ability to steal clothing right off of avatars. That viewer I sent in to linden lab as well as the channel and specific version strings that were used. In cases like that is anything going to be done to block access to such viewers on a wide scale? Even if it means something as small as blocking the channel or version.
Marty: The question about whether a viewer is primarily or only intended to do things that would violate the terms of services... I guess I don't know how many of you are familiar with the Grokster litigation, the supreme court said that Grokster functionality was primarily intended to violate the copyright laws therefore it was illegal. That would be the determination we would have to make. If we made it that a viewer could only be used to do something that violated the terms of service then potentially we'd ban the whole viewer, but really it's about the use of a piece of code to violate the terms of service so again. I don't know how technically possible it would be for us to also ban a viewer. If it were and we decided that a viewer was being used only to violate the terms of service then I guess we could do it, but we aren't that far yet.
Fracture: I just was thinking more specifically: Would you at any point consider creating a list of software that people are not allowed to use for such reasons? To discourage residents from using such software for such purposes if you decided such software was bad.
Marty: I'm not sure are you asking the same thing? What are you asking?
Fracture: More specifically there's obviously some bad software designed to do harm can't be technically blocked but you could create a list that indicates that it is not allowed and people who use are are subject to... and so forth.
Joe: We'd probably treat communication like that in the same class as potential security exploits. Where we really want people to be aware that there's a particular binary in circulation that could actually or is actually phising for usernames or passwords which by the way happens all the time. It's something we want more and more people to become aware of. I think in the category of further ongoing communication around the risks of using an untrusted binary to access the grid, if we identify a particular application that clearly is doing something that you describe then clearly we'd get that word out.
I don't think we'd intend to try to identify that viewer by association with an individual or by a name because as you know those names are trivial to change... the channel name is trivial to change. If indeed there is a binary circulating that has a channel or version number that is doing something malicious or destructive and in violation of the terms of service we do have technical means to lock that binary out but it's trivial to bypass as you know.
Jeska: Any more questions Blondin?
Blondin: Yes we have a question from Robin. "I'd like to ask if viewers designed to work primarily for OpenSim would be eligible for the approved viewer list"
Unknown Male Linden (Soft?): They're still SL compatible?
Joe: Yeah I think that's the question if it can be used to access the main grid it's certianly welcome on the registry.
Blondin: We have a question from ELQ. "What about the possibility of limited viewers, would they be considered acceptable as well? Such as viewers that were only used in conjunction with an inworld game or only limited functionality, not TOS violating, but not with all viewer capabilities. Would this be acceptable on the registry?"
Jeska: I don't see why not. Joe?
Joe: I think so, I don't see any reason...
Marty: Again, If the viewers meet the criteria that we established that they have limited functionality won't affect their qualification to be in the registry as long as it doesn't have the things that we've agreed aren't in the best interest of the second life community for instance things that capture people's passwords.
ELQ?: OK I was just concerned. Everybody's all up in arms about code that gives people more capablilties but I was just concerned about limited capabilities because there's actually a lot of market for limited viewers.
Jeska: Like Joe and Marty said I don't see why not as long as it meets the criteria that we establish. NExt question?
Blondin: Gwen asks the question about a bot registry. "What about a 'bot registry? (Yes, I'm aware of Jack Linden's new initiative, and I've flagged all my bots as such, but... would there be a similar registry for 'bots too? "
Joe: I don't know that we'd want a separate registry for bots. I think a bot based application should be a part of the registry should be clear that the app has a bot capability as everyone knows, I think Meerkat has a growing, active bot module that's available for it. If not Meerkat then several others like metabolt do. I wouldn't want to see a separate bot registry grown out of this inisitiave I'd like to see it include bots as well.
Of course we have made statements about the kinds of bots that are appropriate for use on the system. There are lots of bots that are not, that provide denial of service vectors. And other challenges around normal operation of the systme inworld. We'd want to make sure that bot use continues to remain within the realm of reason. I think those would be incorporated into the registry itself.
Blondin: Moving on we have the next question: How soon will the sl server side code be able to be updated to prohibit illicit copying via viewer; or is that always going to be a risk?
Male: Well in reality anything that is sent to the client can be copied since it's digital.
Male: I think that's a very broad question, is it referring to exploits to trick the system? Or is it referring to import/export, copying what's available on your screen?
Sitearm?: Let me do that then, I've read that huge blog of Cyn and Blondin, several people I think Gigs here has commented on it. You can copy stuff in the current server side and you can't prevent it because hte client has to be able to stream the stuff. A bunch of ideas were discussed on how to avoid that or prevent it. So in the MS Internet Explorer world and in the Firefox world and the mac world the security of the viewer seems to fall into two categories, things that run on the server side that Linden Lab could do something about to prevent illicit copying. And through viewers... you can try to tell viewers not to do that smack smack bad dog no biscuit, the viewers say we're going to do it, the tech people say you can't stop them. If we're going to allow third party viewers we are going to be open to that risk of illicit copying as long as server side code allows it to happen either inherently or because of the current version released. My question is, is this is an inherent risk forever or is there something we can do in Havok 27.9 that would prevent that. In other words if we could look ahead how many years will there be a risk of illicit copying.
Gigs: If I could comment on that, I think until we go to something like server side rendering which probably wouldn't happen in the current incarnation of Second Life, I think it's going to be an inherent thing.
Jeska: I'd also like to point you guys to the content management roadmap, because sitearm I think it starts to address some of those issues. It's all in there if you want to take a read. There are improvements we can do from the way we handle complaints to the way that we help people license content and how we handle copying tools, so I think that's the path that we are on right now.
Gigs: About that it was promised about two years ago now that we would have some way to communicate license intent better, is there any ongoing project at Linden Lab to address this?
Marty: I'll take this one. We're working on it. I don't know what you're referring to in the past. I'm sure we've talked about it in the past, but what we have now is the permission system. Maybe in the future we'll have a different, more robust licensing scheme, but we don't have it yet.
Jeska: thanks marty, Blondin anything else
Blondin: We have a question from Gigs: "Will a viewer that allows standard functions like saving assets locally that are already downloaded locally regardless of permission be allowed on the registry."
Joe: Are you talking about assets that are in the cache that are simply parsed and made available locally?
Gigs (obviously eating): Well what if you had a function where you could right click on a prim and say "Save Texture As", that's obviously feasible with the technology, is that going to keep something off the registry?
Joe: Again, as we've pointed out a couple times, a capability that's built into a viewer in and of itself is not a violation of the terms of service, the way it's used certainly could be. And as Marty pointed out right now our best model, our best method of providing IP protection for content creators is through the permission system. So the actual use of a viewer to bypass the permission system is not something that would ever be allowable under the terms of service. So you are absolutely correct that assets are saved locally as part of a local system cache to make performance improvements available to the end user and that in and of itself is not a violation of the TOS. So if a viewer were doing something to extend that sort of functionality to improve performance or to provide additional creature comforts at the end user certainly that's something we'd like to see more innovation around, but not for the purpose of siphoning off IP that has a license attached to it or permissions attached to it that are clearly designed to protect the IP for someone else.
Gigs: It kind of sounded like you were saying one thing at the beginning there and then changed to say something else at the end. Suppose I hired a builder and there was a texture there that I wanted to use on my chair. Not to get into the legal details but it would probably be considered ... not a big deal copyright wise. If the viewer had that function, if it did ignore the permissions, would it keep it off the registry?
Joe: What do you want to do with the texture? It's not clear to me what you want to do with that function.
Gigs: If the viewer allowed the function, you are saying that the use of the function for "IP Theft" whatever that means, the use of that would violate it. There's a spectrum between someone downloading a product wholesale and selling it themselves and someone just using it as part of their building, as a convience for part of their building. Maybe they want to have their chair match their couch and they don't necessarily have the texture for the couch.
Marty: Let me jump in here a minute. What we said in the blog post, a month ago, maybe it's been longer than that. If the viewer contains functionality that allows you to copy something that you, that's in your inventory for the purposes of creating a backup, without changing the creator name, then that's OK. If it's something that can be used and is being used to do an end-run around the permission system then that's not OK.
Without trying to get into a hypothetical that's the bright line we're trying to draw. If you are using copying functionality in the viewer that allows an end-run around the permission system, again we haven't come up with the final criteria about what will be included in the registry, but that's likely to be one that we consider. Back to what I said earlier, we're not punish, trying not to punish intent, we're only trying to punish the actual use. We're having these brown bags because we want to take people's thoughts before we come up with guidelines on this, but that's what we're thinking.
Blondin: As a time reminder we have about 4 minutes left. We'll wrap it up after this last question from Gabe: "What guidance will there be for what features do/do not violate the ToS? And will this be something that we police between ourselves, and what can we expect from LL if a viewer in the registry is released with a feature that's deemed to violate the ToS?"
Marty: Lets see if I can add anything to what's already been said about this. Yes we are going to have a detailed FAQ when we put up the guidelines for the registry. That will hopefully in a detailed fashion explain what we believe would be a violation of the terms of service. And then we're going to make some decisions about what can and can't be registered. It's going to change over time. What we come up with at the beginning is probably not going to be as good as what we have 6 months later. You are just going to have to bear with us as we learn because we have not done this before.
Again I feel like I'm straddling the line between... I'm talking about of both sides of my mouth when I say we're not going to punish things that aren't being used to violate the terms of service. Back to the question about if something can /only/ be used to violate the terms of service will we allow it in the registry. Probably not but we haven't decided yet.
Blondin: We have about 2 minutes left before our hard stop at 4 are there any closing thoughts from any of the Lindens or any of the participants here.
Blondin: OK then I guess we will wrap it up. Torley is making the audio recording and as soon as it is ready we will post it to the original blog so everyone can go there and have a listen for themselves. Thank you for attending this has been fantastic. We do have a second one coming up in the upcoming weeks so look for a second audio clip as well. Thank you all for attending and thank you lindens for clearing off your schedule and everyone being able to attend.