User:Zero Linden/Office Hours/2008 Apr 03
Jump to navigation Jump to search
- [8:24] Goldie Katsu: Hello.
- [8:25] Goldie Katsu: Virtual Worlds cancelation?
- [8:25] Goldie Katsu: oh early not late.
- [8:26] Goldie Katsu: Happily I have a cup in front of me right now.
- [8:26] Goldie Katsu: Reminds me of New Orleans. Not that I've ever been there.
- [8:30] Saijanai Kuhn: so much for agenda pages
- [8:30] Saijanai Kuhn: got morgen Morgain
- [8:31] Tree Kyomoon: chuckles to himself triumphantly for getting the egg seat
- [8:32] Goldie Katsu: The do chicory in their coffee.
- [8:32] Goldie Katsu: And my phone glitched again.... (sorry rl)
- [8:34] Tree Kyomoon: hello folks! Good to see you again Goldie Saij and Morgan!
- [8:34] Saijanai Kuhn: hmmm is there a "cancelled notice' around here?
- [8:34] Goldie Katsu: Heya Tree
- [8:34] Tree Kyomoon: and Harleen too
- [8:34] Tree Kyomoon: :)
- [8:34] Tree Kyomoon: and Kirsten...as the world rezzes
- [8:35] Tree Kyomoon: ("As the World Rezzes..." a new soap opera perhaps?)
- [8:35] Saijanai Kuhn: not this time. He's just late
- [8:35] Goldie Katsu: Not seeing one in the mailing list.
- [8:35] Rex Cronon: hello everybody
- [8:35] Tree Kyomoon: hello Rex!
- [8:35] Zero Linden: Goood morning all!
- [8:37] Tree Kyomoon: morning Zero!
- [8:37] Tree Kyomoon: utters evil chuckles
- [8:38] Tree Kyomoon: So I hear Philip is going to testify about us in front of Congress...thats kind of big news hey?
- [8:39] Nika Talaj: That already happened, Tree.
- [8:39] Tree Kyomoon: aww man...am I ever behind the times
- [8:39] Wyn Galbraith: Yeah already happened.
- [8:39] Raz Welles: Hezzo ^^
- [8:39] Nika Talaj: Virtual worlds.
- [8:39] Tree Kyomoon: hey wyn!
- [8:39] Nika Talaj: There's a couple of threads about it on the forums, if you want more info
- [8:39] Ravi Edgeworth: i have to warn you, i'm a bit of a purist
- [8:39] Wyn Galbraith: tries to turn her feet off
- [8:40] Ravi Edgeworth: thx
- [8:41] Tree Kyomoon: great thanks for the link!
- [8:41] Tree Kyomoon: should be good fuel to keep the old clients paying for the island hopefully
- [8:41] Alaya Kumaki: i watched it, fascinating...
- [8:42] BigMike Bukowski: I thought it was an april fool's joke at first.
- [8:45] Tree Kyomoon: I figured it would be germain to our AWG
- [8:45] Goldie Katsu: one might hope backbone providers were paying attention.
- [8:47] Tree Kyomoon: seems to me they would be biased towards download bandwidth for the coming h.264 based HD video quality...and upload might get neglected or sacrificed
- [8:47] Tree Kyomoon: which isnt good for virtual world types
- [8:47] Goldie Katsu: The nature of the traffic has an impact on how they should look on developing and providing the network.
- [8:48] Saijanai Kuhn: I supposedly have jury duty today so I'm a day late on getting anything done. SO no questions/comments from me (whats up with that?)
- [8:49] Tree Kyomoon: so very good news then
- [8:52] Rookiie Roux: Opensim isnt finished yet it takes alot of time to get a final release
- [8:53] Tree Kyomoon: has Adobe shown any interest to your knowledge?
- [8:54] Alaya Kumaki: lol
- [8:55] Tree Kyomoon: is amazed Adobe is ignoring Virtual Worlds. It seems like the next natural RIA platform development environment
- [8:56] Saijanai Kuhn: Zero, one issue with Sun and SL is the fact that the only alternate world is in C#, a java rival
- [8:56] Tree Kyomoon: excellent!
- [8:57] Rex Cronon: hi
- [8:57] Goldie Katsu: Yay!
- [8:57] Rookiie Roux: hi hamilton
- [8:57] Saijanai Kuhn: Zha not online today. Wondering if she's taking Tes to the airport
- [8:58] Goldie Katsu: Or if she is at Virtual Worlds?
- [8:58] Saijanai Kuhn: Well maybethey both went
- [8:59] Goldie Katsu: (related vw article on behind the fw:  )
- [9:00] JayR Cela: Nika from what I understand it will be seemless for IBM employee's to go between the differnt grids
- [9:00] JayR Cela: \Nika IBM will be running it own grid
- [9:02] Nika Talaj: Wll all there assets be handled by SL's cluster, or will they have their own asset server?
- [9:02] Hamilton Linden: / no, they have their own asset server
- [9:02] Nika Talaj: *fascinating*
- [9:02] Hamilton Linden: you can think of this as an intermediate step on the way to providing a connected open architecture
- [9:02] Detour Sideways: so what happens with assests they are carrying on the SL grid when they move over to their private grid?
- [9:03] Hamilton Linden: as described in the AWG
- [9:03] Nika Talaj: bravo!!! thta was really my question.
- [9:03] Tree Kyomoon: what is IBM's specific motivation for involvment beyond helping mankind in general?
- [9:03] Rex Cronon: so if a ibm employee buys somthing on the main grid they also take the item they bought to IBMs asset server(s)?
- [9:03] Hamilton Linden: / Detour, permisions remain intact and so they could buy items on our grid and bring them into their intranet
- [9:03] Nika Talaj: Do they have server source code? I've seen some of their writeups online, very technical.
- [9:03] Goldie Katsu: Alternatives to flying cars
- [9:04] Hamilton Linden: IBM's motivation is to offer corporate enterprises a more secure experience
- [9:04] Saijanai Kuhn: So a 100% trusted world, using Zero's terminology
- [9:04] Goldie Katsu: 100% trusted?
- [9:04] Hamilton Linden: / Saijanai, basically yes
- [9:04] Saijanai Kuhn: full asset sharing
- [9:04] Tree Kyomoon: So IBM will be offering their own servers for rent to corporate clients?
- [9:05] Hamilton Linden: / No we don't have access to their behind-the-firewall assets or chat
- [9:05] Morgaine Dinova: Hamilton: what I'm getting at is security of SL assets, which are currently entirely within an LL-managed environment. Is IBM's grid going to be in a position of trust as if it were LL's own, or of distrust as an unknown 3rd party?
- [9:05] Hamilton Linden: / It's still trusted
- [9:05] Hamilton Linden: / where as Region domains allow us to connected untrusted regions, something we want
- [9:05] Saijanai Kuhn: Morgain/Hamilton, thats what I meant
- [9:06] Saijanai Kuhn: its still the same region domain? or is it bypassing the agent/region domain thing for now?
- [9:06] Hamilton Linden: / in the future we see adding untrusted region domains in the same manner we are adding ones like IBM
- [9:06] Hamilton Linden: / this is still the pre-Region/Agent domain world so its still part of our domain
- [9:07] Hamilton Linden: / However part 2 of our announcement was that we are also working with IBM on the Agent/Region domain architecture through the AWG, which is both of our companies goal
- [9:07] Morgaine Dinova: Hamilton: you've just contradicted yourself. You said IBM's grid was trusted, and now you say "adding untrusted region domains ... same as IBM's".
- [9:08] Hamilton Linden: no, its different timelines
- [9:08] Nika Talaj: Does LL get access to any server enhancements/grid enhancements IBM may create? Source code access?
- [9:08] Hamilton Linden: IBM's trusted grid (actually Regions) was #1 (what we're deploying now)
- [9:09] Zero Linden: The IBM regions are under an agreement between the two companies that enables us to treat those regions as fully trusted - that is trusted to respect permissions
- [9:09] Hamilton Linden: The cooperation on the AWG Agent/Region domains is the AWG and that's not deployed yet
- [9:09] Hamilton Linden: IBM is actually demoing Second Life running on their Blade Center today and tomorrow in the Virtual Worlds conference in New York City
- [9:09] Zero Linden: The future interop work is to get us to a place where we can have region domains that are untrusted - where there doesn't need to be such a legal agreement in place
- [9:10] Hamilton Linden: exactly
- [9:10] Saijanai Kuhn: so you *can't* take it without...
- [9:10] Saijanai Kuhn: so you can't take it with you
- [9:10] Nika Talaj: Does LL get access to any server enhancements/grid enhancements IBM may create? Source code access?
- [9:10] Saijanai Kuhn: hates it when he completely mistypes his humerous remarks
- [9:11] Morgaine Dinova: Yep, the untrusted regime I understand, since that's where we'reheading for interop. This "trusted" arrangement I don't understand at all... sounds extremely dangerous. If the main grid suffers L$ loss owing to an action in the IBM grid, there will be hell to pay.
- [9:11] Zero Linden: As there would be if it were due to action in the LL regions
- [9:11] Rex Cronon: i guess it would be possible for somebody on IMBs grid to even get access to script code?
- [9:12] Hamilton Linden: We've done a lot of things to prevent that both technically and contractually
- [9:12] Zero Linden: Think of it this way: right now, LL has to enter into agreements with our CoLo providers to ensure a level of trust
- [9:13] Hamilton Linden: I'm gonna run and let Zero answer your remaining questions. I have a hiring meeting I need to go to.
- [9:13] Hamilton Linden: It was great talking to you guys. Thanks for your time!
- [9:13] Rookiie Roux: bye hamilton
- [9:13] Nika Talaj: thanks for dropping in, hamilton. Great info!
- [9:13] Morgaine Dinova: Zero: LL customers have a contractual arrangement with LL though, but not with IBM. If IBM's grid causes some hiccup, it'll be a lawyer's delight.
- [9:14] Arawn Spitteler: Great news. Will the IBM Island be moving to the IBM SubGrid?
- [9:14] Zero Linden: LL doesn't, and can't, do every aspect of a the job of running the grid, soup to nuts -- we hire CoLos, we contract with internet access providers
- [9:14] Rex Cronon: u can't prevent that technically, once somebody has the byte code they only need a decompiler to get a very similar approximationof the original code
- [9:14] Rex Cronon: bye
- [9:14] Arawn Spitteler: LL contracts with Lindens, as a matter of course.
- [9:14] Morgaine Dinova: That's subcontracting, which has lots of precedent. This is different.
- [9:14] Nika Talaj: (arawn: would be amazed if that happened)
- [9:15] Zero Linden: Morgain- the same would be true if a CoLo employee caused a problem on the grid too
- [9:16] Zero Linden: And I can assure you, that even with a company with the size and reputation of IBM, there was a long period of "due dilligence"
- [9:16] Zero Linden: during which we evaluated the security of the systems they were going to use, and the network configuration
- [9:16] Morgaine Dinova: I won't say more, as it's not tech so a bit boring. But personally I'd have taken the opportunity to make IBM's grid an untrusted 3rd party, the start of interop.
- [9:16] Nika Talaj: ^^ raises eyebrows.
- [9:17] Saijanai Kuhn: Well, I think that would be a better wrougte, bu thow many months should they have waited, Morgaine?
- [9:17] Zero Linden: well, in our remaining time, let's talk a bit about privacy, since i think it follows well from this
- [9:17] Morgaine Dinova: Haha, aye
- [9:17] Tree Kyomoon: if someone could send me a transcript...I crashed
- [9:17] Arawn Spitteler: Contractural Negotiations can be object oriented, and performed via internet. Every Class Definition is a contractual offering
- [9:18] Zero Linden: I like to express my contracts as Unit Tests! :-)
- [9:18] Rex Cronon: how about allowing builders, scripters, the ability to NOT allow what they make to be used on other grids?
- [9:19] Rex Cronon: or only on specific grids?
- [9:19] Frohiky Larsson: hey everyone
- [9:19] Zero Linden: That has been proposed, and on the face of it seems reasonable: Some sort of flag "Restrict to this domain"
- [9:19] Zero Linden: the problem is, once there are two dozen domains live, I imagine that people will want a "Restrict to this set of domains"....
- [9:19] Zero Linden: which is going to get tricky and hard to keep up-to-date
- [9:20] Zero Linden: and what about objects I bought last year, but now there are ten new domains, that the creator trusts......?
- [9:20] Leffard Lassard: Perhaps more a "restrict to this level of trust"..
- [9:20] Arawn Spitteler: Scalar, starting with "Restrict to this Client"
- [9:20] Zero Linden: Right - so, you want a descriptive way of saying "level of trust"... but what is that? A number? A bond rating?
- [9:20] Saijanai Kuhn: or restrict to the creator's domain
- [9:21] Nika Talaj: it's a Security Association, is it not?
- [9:21] Nika Talaj: In AAA terms.
- [9:21] Arawn Spitteler: "Restrict to this Sim," could be handy in sales demonstrators
- [9:22] Tree Kyomoon: seems like a lot of extra overhead to support archane and probably unnecessary control details over ones " content"
- [9:22] Saijanai Kuhn: I can see content creators wanting to charge more for unrestricted domain access
- [9:22] Zero Linden: I can imagine rather complete schemes for this.... but feel the need to balance usability
- [9:22] Rex Cronon: tell that to to the music companies tree:)
- [9:22] Tree Kyomoon: why should the grid be subjected to extra overhead to support content creators wanting to charge more ?
- [9:23] Zero Linden: Arawn - I've heard that idea before and think it has great utility - do more "DEMO" versions of stuff
- [9:23] Nika Talaj: thinks it would be safest to stick to known security/permission models, rather than invent.
- [9:23] Leffard Lassard: Restricting the use of stuff disturbs the usability a lot in my eyes.
- [9:23] Morgaine Dinova: Zero: To get us running on the Privacy topic, I suggest a basic breakdown into privacy of (a) communications, (b) identity and presence, and (c) visual activities.
- [9:23] Saijanai Kuhn: does asset control fall into "privacy?"
- [9:23] Tree Kyomoon: thinks the service model is the future, and distribution profiteering is into its last gasps
- [9:24] Zero Linden: Well - along those lines, here is the framework that I've been thinking
- [9:24] Morgaine Dinova: Sai: not really no, although ome things can be inferred from permissions. Objects are a sort of covert channel on privacy
- [9:24] Zero Linden: a) communications that are about individuals are all over HTTPS - hence encrypted and safe
- [9:24] Rex Cronon: if people don't get anything for what they r making, why would they want to make more?
- [9:25] Zero Linden: b) identity and presence - is primarily up to your agent domain to enforce, and so you should choose your agent domain wisely... though I imagine that most will do what LL does to day and make reasonable garuntees about such
- [9:25] Tree Kyomoon: /rex because they can then get a reputation, and get paid to make custom versions, alterations, or related products as a service
- [9:26] Zero Linden: c) visual activities, I take to mean actions in world - are subject to the polcies of the region domain you are in....
- [9:26] Zero Linden: Now, the question is, is that balance enough -
- [9:26] Arawn Spitteler: could ask the same about Children, Rex: People like to be acknowledged, which is what IP is all about. Profit tends to go to lawyers
- [9:26] Zero Linden: I hope so, becuase it is an easy construction and lets different aspects have rights
- [9:26] Rex Cronon: so, until u get those special contracts u r supposed to give everything away for free?
- [9:27] Morgaine Dinova: Zero: re item (a) HTTPS only provides privacy of communication from entities outside of the VW system, no privacy at all within the world. Most of the discussion over the last 4 years about privacy have been about privacy once the communication is in world.
- [9:27] Zero Linden: So before we get into the free-vs-pay philisophical argument
- [9:28] Zero Linden: remember: The goal is to enable all points of view to build parts of the virtual world and they can all co-exist
- [9:28] Infrared Wind: Great goal, Zero.
- [9:28] Zero Linden: But in-world communication comes in two places
- [9:28] Zero Linden: the agent domain and the region domain
- [9:28] Zero Linden: let's look at e-mail
- [9:29] Ravi Edgeworth: There's almost a need for an "office of fair trading" to settle disputes.
- [9:29] Zero Linden: when someone sends you an e-mail, you have choosen your e-mail provider on the basis that it won't divulge your e-mail to anyone but you
- [9:29] Tree Kyomoon: /rex...google doesnt charge anyone to use their search, but they are worth billions. Same idea
- [9:29] Zero Linden: (we'll ignore, for the moment that SMTP is generally not encrypted...)
- [9:29] Morgaine Dinova: Ravi: the "Office of Fair Trading" is being automated, via Which Linden's nice escrow service :-)
- [9:30] Cenji Neutra: (except that almost all email is transmitted in plaintext over the internet, so it effectively public ;) )
- [9:30] Cenji Neutra: (ignoring :0 )
- [9:30] Zero Linden: Cenji - that means the SENDER has choosen to send the mail with out protection
- [9:30] Cenji Neutra: yup
- [9:30] Infrared Wind: To bolster the analogy: how many people who have gmail accounts worry about their email being read?
- [9:30] Zero Linden: I choose an e-mail provider that only allows IMAP over SSL
- [9:30] Nika Talaj: <must go, thanks for the great discussion all>
- [9:30] Zero Linden: so, my path is safe
- [9:31] Rex Cronon: is google and content creator?
- [9:31] Zero Linden: So, like e-mail, I think in-world IM is the balance between the sender's choice of communication and the receiver's choice of agent domain
- [9:31] Rex Cronon: a*
- [9:31] Zero Linden: Plus, I think the protocol will put a pretty clear expectation on the privacy:
- [9:32] Zero Linden: For example, in the protocol, the only way to get the IM capability is to log in
- [9:32] Zero Linden: of course, there is nothing stopping some Agent Domain from offering the capability via some other channel.... but I wouldn't park my identity there
- [9:32] Zero Linden: :-)
- [9:32] Morgaine Dinova: Zero: that's a good analogy, with email. Now consider PGP email as the next step. People in SL will want to communicate via IM *without* trusting their ISP/VW provider, and in email they will PGP-encrypt their email to do so. In SL2, how are we going to provide that functionality?
- [9:32] Cenji Neutra: What about email between objects that requires a high-level of privacy (such as that involving monetary transactions- say from an ATM to an external server)?
- [9:32] Infrared Wind: By Agent Domain, do you mean like LL is an agent domain?
- [9:33] Saijanai Kuhn: Cenji, Which LInden is working on that kind of thing
- [9:33] Cenji Neutra: I guess the ATM creator must trust the region domain, since they can ultimately reverse engineer the ATM to get any encryption keys out.
- [9:33] Cenji Neutra: ok
- [9:33] Zero Linden: Well, PGP was designed to use the channel privided by e-mail as a transport --- the transport doesn't in any sense "know" that the content is encrypted
- [9:33] Zero Linden: there are similar systems for IM
- [9:33] Saijanai Kuhn: 
- [9:33] Zero Linden: which give you secure chat over AIM
- [9:34] Ron Kaffebaum: hello people :)
- [9:34] Zero Linden: I have heard wind of someone wanting to do the exact same thing as a viewer mod for IM in SL
- [9:34] Zero Linden: and there is nothing stopping it
- [9:34] Cenji Neutra: Will there be ways content creators (of scripts) can prohibit script binaries from executing in any region domain except a trusted whitelist, for example?
- [9:34] Rex Cronon: hi
- [9:34] Morgaine Dinova: Yep. And that's what we have to build into our systems too, once we start considering IMetc
- [9:34] Cenji Neutra: (sorry, a little off topic)
- [9:35] Zero Linden: Cenji - I think that just speaks back to the earlier points about coming up with a reasonable and fair and usable system --- but there clearly will have to be something
- [9:35] Zero Linden: Morgain- can you remember to propose, when we get to IM, adding a "filter" or "encryption" field?
- [9:35] Goldie Katsu: Scripts can have impact on privacy.
- [9:36] Zero Linden: Most of the IM systems use a goofy plain text header in an attemtp to establish with the other side, like "@(@(--PrivacyIM?"
- [9:36] Zero Linden: we should do a bit better than that
- [9:36] Tree Kyomoon: xml?
- [9:37] Zero Linden: I think we can just include a map field in the LLSD payload of the IM meesage
- [9:37] Zero Linden: well all
- [9:37] Saijanai Kuhn: Cenji, scripts will probalby live in the region domain (except attachments) so it goes back to trust /permissions
- [9:37] Zero Linden: it is past the hour
- [9:37] Morgaine Dinova: There are at least two simple ways of handling it. One is to mark the stream as encrypted and only send it to listeners whose IM port is marked as enceypted too (they'll see gibberish if they don't have the key, but people who do not have an encrypted IM port will see nothing at all). And the otherapproach is to display the gobbledigook for all to see, and only those with the right keys can make any sense of it, once it reaches their client.
- [9:37] Zero Linden: and I'm late (as usual) to my next meeting.....
- [9:38] Infrared Wind: cheers Zero
- [9:38] Zero Linden: thanks all for coming
- [9:38] Saijanai Kuhn: Thanks for doing this
- [9:38] JayR Cela: later Zero
- [9:38] Tree Kyomoon: thanks again zero!
- [9:38] Ravi Edgeworth: thx
- [9:38] Zero Linden: See my wiki home page for a place to put agenda topics for next Tuesday
- [9:38] Morgaine Dinova: Zero: sure. Ie's about time we had more VAGs anyway, hahaha. Privacy VAG in this case
- [9:38] Zero Linden: Peace
- [9:38] Saijanai Kuhn: Zha's said thaat Eben Moglen is talking about holding privacy discussions in-world --a kind of privacy VAG
- [9:39] Morgaine Dinova: Excellent Sai, I want to be there
- [9:39] Rex Cronon: bye zero