Difference between revisions of "AW Groupies/Chat Logs/AWGroupies-2008-12-04"

From Second Life Wiki
Jump to navigation Jump to search
(New page: *[11:05] Zha Ewry debates making a saint bernard Ave. *[11:05] Goldie Katsu translates scalable as in mountains and ponders *[11:05] Saijanai Kuhn: https://wiki....)
 
(Removing all content from page)
Line 1: Line 1:
*[11:05]  Zha Ewry debates making a saint bernard Ave.
 
*[11:05]  Goldie Katsu translates scalable as in mountains and ponders
*[11:05]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: https://wiki.secondlife.com/wiki/User|Saijanai Kuhn:  https://wiki.secondlife.com/wiki/User:Zero_Linden/Office_Hours/2008_Dec_04
*[11:05]  [[User: Morgaine Dinova|Morgaine Dinova]]: The problem wouldn't be something political would it, like an IRS bill for 500m landing on their doorstep?
*[11:06]  [[User: Morgaine Dinova|Morgaine Dinova]]: Thanks Sai
*[11:06]  [[User: Goldie Katsu|Goldie Katsu]]: oh no scrips
*[11:06]  [[User: Saijanai Kuhn needs to learn regexp better |Saijanai Kuhn needs to learn regexp better ]]:-/
*[11:06]  [[User: Zha Ewry|Zha Ewry]]: I'm thinking I need to search dog ave to search for missing lindens
*[11:07]  [[User: Goldie Katsu|Goldie Katsu]]: hmm no better
*[11:07]  [[User: Morgaine Dinova|Morgaine Dinova]]: I just can't find a theory that fits all the symptoms we're seeing
*[11:08]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: which online but not here...?
*[11:08]  [[User: Morgaine Dinova|Morgaine Dinova]]: Aha, a bamboo!
*[11:08]  [[User: Which Linden|Which Linden]]: Hey everyone, sorry I'm late
*[11:08]  [[User: Which Linden|Which Linden]]: Got caught flat-footed by the viewer update
*[11:08]  [[User: Zha Ewry|Zha Ewry]]: Hey Whihc.
*[11:08]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: which important transcript: https://wiki.secondlife.com/wiki/User|Saijanai Kuhn: which important transcript: https://wiki.secondlife.com/wiki/User]]:Zero_Linden/Office_Hours/2008_Dec_04
*[11:09]  [[User: Morgaine Dinova: Hiya Which, 'morning |Morgaine Dinova: Hiya Which, 'morning ]]:-)
*[11:09]  [[User: Zha Ewry|Zha Ewry]]: Maybe its only mobile Linden's who are misplaced
*[11:09]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: might want to skm that since we're kinda here as a continuation of it, Which
*[11:09]  [[User: Morgaine Dinova|Morgaine Dinova]]: Zhayou think it's gravity-related?
*[11:10]  [[User: Goldie Katsu|Goldie Katsu]]: Well there does seem to be a bit of gravity to it.
*[11:10]  [[User: Which Linden|Which Linden]]: Hm, ok, so I'm getting the bit about dissatisfaction with Linden's participation in OGP, am I reading that right?
*[11:10]  [[User: Morgaine Dinova|Morgaine Dinova]]: I think the word is "absence"
*[11:11]  [[User: Which Linden|Which Linden]]: So what happened? I'm not involved with that group.
*[11:11]  [[User: Which Linden|Which Linden]]: Though I wish I was
*[11:12]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: Zero's been away for over a month, Infinity had a family emergency, whump's been talking about merging OGP office hours with AWG, and opensim, libomv, realxtend, etc, are all moving in different directions with no coordination with OGP
*[11:13]  [[User: Which Linden|Which Linden]]: Heh have they ever coordinated with OGP?
*[11:13]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: well, its getting to be more an issue what with duplicated functionality anbd the like
*[11:13]  [[User: Morgaine Dinova|Morgaine Dinova]]: Plus a string of no-shows at meetings, despite being in-world. Not even a "No meeting today" sign, just total disconnect.
*[11:13]  [[User: Which Linden|Which Linden]]: One thing to recall is that every single project at Linden is dangerously understaffed so the incapacitation of a few key members will always have catastrophic impact
*[11:14]  Which Linden abases self for not explicitly cancelling his own office hours last week
*[11:14]  [[User: Goldie Katsu|Goldie Katsu]]: the problem is that Virtual worlds are moving forward whether or not there are good reasons for the absence.
*[11:14]  [[User: Morgaine Dinova|Morgaine Dinova]]: Which is fine in itself, since the community will do its own thing, no problems. But it's not fine for LL. You're losing the reigns.
*[11:15]  Goldie Katsu whinneys appropriately
*[11:15]  [[User: Goldie Katsu|Goldie Katsu]]: (sorry couldn't help horsing around)
*[11:15]  [[User: Which Linden: I'm touched that you're concerned about that, actually. |Which Linden: I'm touched that you're concerned about that, actually. ]]:-)
*[11:16]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: the entire metaverse thing leverages off of Second Life. think everyone wants you to be the leaders BUT...
*[11:16]  [[User: Zha Ewry|Zha Ewry]]: Well, there is, I think, s strong sense that it will be disrupive, in ways both good and bad (short term lots of bad) if it loses any connection to the Second Life grid
*[11:17]  [[User: Goldie Katsu|Goldie Katsu]]: we seem to be at a point where people are asking if LL will be participating or if we should just move forward.
*[11:17]  [[User: Goldie Katsu|Goldie Katsu]]: and what Zha said.
*[11:17]  [[User: Morgaine Dinova|Morgaine Dinova]]: Well I just see it from the PoV of interop. The nightmare of thousands of worlds all requiring different viewers is not something I want to see.
*[11:18]  [[User: Which Linden|Which Linden]]: I'm going to do some investigation and find out.
*[11:18]  [[User: Deckard Lebed|Deckard Lebed]]: thousands of different viewers might not be a problem, like we have 1000 of diff TV sets, which all take the same cable at the back
*[11:18]  [[User: Deckard Lebed: but pardon me, I came in and dont really know what we are talking about |Deckard Lebed: but pardon me, I came in and dont really know what we are talking about ]]:)
*[11:18]  [[User: Which Linden|Which Linden]]: I think we all agree it's in our best interests to be at teh forefront of progress here
*[11:18]  [[User: Zha Ewry|Zha Ewry]]: Imagine having to load a viewer every third web page
*[11:19]  [[User: Morgaine Dinova|Morgaine Dinova]]: Indeed
*[11:19]  [[User: Which Linden|Which Linden]]: Yeah, Deckard, OGP is more about the cable in the back
*[11:19]  [[User: Zha Ewry|Zha Ewry]]: Oh, I want to watch NBC, let me get out the BC television
*[11:20]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: https//wiki.secondlife.com/wiki/Open_Grid_Public_Beta explains the current OGP project, Deckard
*[11:20]  [[User: Deckard Lebed: and while some Lindens ignore office hours which may make it seem like they are treating this like a game instead of work, I am sure Which doesnt have much he can do about it, being one cog in a slightly larger clock |Deckard Lebed: and while some Lindens ignore office hours which may make it seem like they are treating this like a game instead of work, I am sure Which doesnt have much he can do about it, being one cog in a slightly larger clock ]]:)
*[11:20]  [[User: Morgaine Dinova|Morgaine Dinova]]: It's not a disaster for all the cables to be different, since in time they'll merge. But it will be painful for devs and users alike.
*[11:21]  [[User: Deckard Lebed|Deckard Lebed]]: aah OGP, of course
*[11:21]  [[User: Which Linden|Which Linden]]: How long have you all observed Linden withdrawal from OGP for?
*[11:21]  [[User: Zha Ewry|Zha Ewry]]: In particular, it hurts on critical mass and network efects
*[11:21]  [[User: Goldie Katsu|Goldie Katsu]]: I don't think it is an issue of treating it like a game, the concern is that things are moving and we aren't seeing/hearing much from LL.
*[11:21]  [[User: Goldie Katsu|Goldie Katsu]]: 2 months?
*[11:21]  [[User: Which Linden|Which Linden]]: Heh, so that would cioncide with Q4 then
*[11:22]  [[User: Zha Ewry|Zha Ewry]]: I think the way Iw ould describe it is
*[11:22]  [[User: Zha Ewry|Zha Ewry]]: that..
*[11:22]  [[User: Morgaine Dinova|Morgaine Dinova]]: Well I guess it started when the Studios dissolved
*[11:22]  [[User: Zha Ewry|Zha Ewry]]: once we complete the OGP teleport demo, and started to look atw hat was next...
*[11:22]  [[User: Goldie Katsu|Goldie Katsu]]: yeah. I know there is lots going on internally, it's just that there is lots going on externally as well.
*[11:22]  [[User: Zha Ewry|Zha Ewry]]: we hit this sort of awkward pause
*[11:22]  [[User: Which Linden|Which Linden]]: The studios dissolved roughly at the time OGP got started, so, I don't think that's it, Morgaine
*[11:22]  [[User: Zha Ewry|Zha Ewry]]: and then more of a simple "Well, meybe we could sort of look at IM"
*[11:23]  [[User: Morgaine Dinova|Morgaine Dinova]]: Oh, lol. Sorry, I thought it was just a few months ago
*[11:23]  [[User: Zha Ewry|Zha Ewry]]: But a real sense of we're not gonig to push on any of this at the moment
*[11:24]  [[User: Which Linden|Which Linden]]: Hm, jsut speculating here, maybe there's internal disagreement about what the right nex thing to tackle is
*[11:24]  [[User: Goldie Katsu|Goldie Katsu]]: (yes, we are dragging an alternative conversation to Which since we are trying to find a pipe that goes into Linden Lab that is open at the moment.)
*[11:24]  [[User: Which Linden|Which Linden]]: Another theory is that people are currently engaged in attempting to deploy OGP to the production grid (again, just speculation)
*[11:25]  [[User: Which Linden|Which Linden]]: Heh, I don't mind talking about OGP, though every time we do it makes me wish I had more a priori knowledge
*[11:26]  [[User: Morgaine Dinova|Morgaine Dinova]]: Which: well it *could* all be a coincidence ... but it's felt more like a planned disconnect.
*[11:26]  [[User: Saijanai Kuhn: which, there's almost nothing to it right now: https|Saijanai Kuhn: which, there's almost nothing to it right now: https]]://wiki.secondlife.com/wiki/OGP_Explained#OGP_Draft_5_Teleport
*[11:26]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: what is there, is nice, IMHO, but we lack important parts that would let the greater metaverse community move forward even if LL has to backburner it
*[11:26]  [[User: Zha Ewry|Zha Ewry]]: I'd say more of an unplanned siconnect, but.. still a disconnect
*[11:27]  [[User: Which Linden|Which Linden]]: Morgaine I'm sure it seems that way, but please take my assurance that we are not abandoning OGP
*[11:27]  [[User: Goldie Katsu|Goldie Katsu]]: I agree with Zha, it was timed rather well with a quarter break.
*[11:27]  [[User: Goldie Katsu|Goldie Katsu]]: the problem is that in that disconnect other groups are moving forwrad which has the potential to make the OGP obsolete for actual interoperability between grids.
*[11:27]  [[User: Zha Ewry|Zha Ewry]]: The way it plays out, community wise, is that people are looking at what to invest in next, and where to go
*[11:28]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: I see it as a confluence (?) of new CEO, immediate grid woes, family issues, etc. But we still want to move forward even as LL is stalled
*[11:28]  [[User: Which Linden|Which Linden]]: Right, so we want to kick off discussion and work in the same direction rather than everything at once
*[11:28]  [[User: Goldie Katsu|Goldie Katsu]]: saijanai++ which++
*[11:28]  [[User: Morgaine Dinova|Morgaine Dinova]]: Well to put it another way ... two more months of this and you'll be following taillights.
*[11:29]  [[User: Which Linden|Which Linden]]: Or... alternatively it would have been cool had we been able to say "break time, everyone mess around and come back and show us whatyou made that is cool"
*[11:29]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: which, we lack 2 important pieces in OGP to let that happen without a complete mess
*[11:29]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: service discovery and a pattern defined for outgoing client to AD communications
*[11:30]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: once we have that, we can at least have people workign on things that will superficiallly be compatible without it, its just meta kludges
*[11:31]  [[User: Which Linden|Which Linden]]: Hm, well you can imagine how service discovery is not a thing to be just tacked on, that defining it might be a major effort in and of itself
*[11:31]  [[User: Which Linden|Which Linden]]: But I agree with you that it would be a big meta-step forward
*[11:31]  [[User: Saijanai Kuhn|Saijanai Kuhn ]]: sure, but...-/
*[11:31]  [[User: Zha Ewry|Zha Ewry]]: People have raised about three major buildng blocks, all of which are useful
*[11:32]  [[User: Zha Ewry|Zha Ewry]]: Discovery
*[11:32]  [[User: Zha Ewry|Zha Ewry]]: Securing some of the connections
*[11:32]  [[User: Zha Ewry|Zha Ewry]]: and a coherent approach for naked UUIds
*[11:32]  [[User: Zha Ewry|Zha Ewry]]: (Oh, and there is much whinign about the request qqueeu(
*[11:32]  [[User: Morgaine Dinova|Morgaine Dinova]]: I'm pretty sure that the original LL plan was to lead the community after open-sourcing ... that way even though a thousand sites are offering products, you're still seen as the leader, and gain the rewards. But that doesn't work when you disappear ;-)
*[11:32]  [[User: Saijanai Kuhn|Saijanai Kuhn]]: must run folks. Recoding on
*[11:32]  [[User: Morgaine Dinova|Morgaine Dinova]]: Cya Sai
*[11:33]  [[User: Goldie Katsu|Goldie Katsu]]: see ya Sai
*[11:33]  [[User: Deckard Lebed|Deckard Lebed]]: hehe i will take this opportunity too, this is way above me  :)
*[11:33]  [[User: Morgaine Dinova|Morgaine Dinova]]: Cya Deckard
*[11:33]  [[User: Goldie Katsu|Goldie Katsu]]: See ya Deckard
*[11:34]  [[User: Which Linden|Which Linden]]: See ya sai
*[11:34]  [[User: Which Linden|Which Linden]]: and decakrd
*[11:35]  [[User: Morgaine Dinova|Morgaine Dinova]]: Well, service discovery is really fairly independent of everything else. It's really just a link provider. (I'm not altogether certain why Sai isn't emulating SD)
*[11:35]  [[User: Which Linden|Which Linden]]: What do you mean, emulating SD?
*[11:36]  [[User: Morgaine Dinova|Morgaine Dinova]]: Pretending that a service discover service sent you something meaningfu
*[11:37]  [[User: Which Linden|Which Linden]]: Oh! Hm
*[11:37]  [[User: Morgaine Dinova|Morgaine Dinova]]: Maybe Sai can't actually find the relevant entry points at all.
*[11:37]  [[User: Zha Ewry|Zha Ewry]]: The other thing I am concrned is going to happen, at some point, is that the OpenSim team is going to fork away from Caps...
*[11:38]  [[User: Zha Ewry|Zha Ewry]]: At which point, the whole interop story between Linden's grid, and OpenSim, falls away
*[11:38]  [[User: Morgaine Dinova|Morgaine Dinova]]: Zha, what's the name of the group with the Gridnauts tag? Doesn't seem to be Gridnauts, unless it's hidden
*[11:38]  Yasmine Alvord smiles softly and clears her throat...terribly sorry to interrupt, i'm not here for this particular topic, but if you could possibly steer me to a Linden that can handle customer service issues I would certainly appreciate it
*[11:39]  [[User: Zha Ewry|Zha Ewry]]: Gridnauts
*[11:39]  [[User: Which Linden|Which Linden]]: Yasmine, I think the right place is secondlife.com/support -- there's a bunch of ticketing solutions and live chat there that is the official channel
*[11:39]  [[User: Yasmine Alvord|Yasmine Alvord]]: thank you very much Which, a bientot
*[11:41]  [[User: Morgaine Dinova: Well there's no Gridnauts group in groups search, just two|Morgaine Dinova: Well there's no Gridnauts group in groups search, just two]]: Gridnauts-France and ReactionGrid.com Gridnauts
*[11:42]  [[User: Which Linden|Which Linden]]: Gridnauts is just a mailing list right?
*[11:42]  [[User: Morgaine Dinova|Morgaine Dinova]]: No, it's an in-world group that PyOGP uses
*[11:43]  [[User: Zha Ewry|Zha Ewry]]: I'd gently prod Whump
*[11:43]  [[User: Zha Ewry|Zha Ewry]]: At the infrastructgure level
*[11:44]  [[User: Morgaine Dinova|Morgaine Dinova]]: Would probably be a good idea if he appointed you an officer for invites
*[11:44]  [[User: Zha Ewry|Zha Ewry]]: I'd like to see something done to allow basic service level authentication between services in interoperating grids
*[11:45]  [[User: Morgaine Dinova|Morgaine Dinova]]: What would you need for that to happen?
*[11:45]  [[User: Which Linden|Which Linden]]: Is that service discovery?
*[11:45]  [[User: Morgaine Dinova|Morgaine Dinova]]: Do you need Sai's SD function first for that?
*[11:47]  [[User: Morgaine Dinova|Morgaine Dinova]]: Hola Llave
*[11:47]  [[User: Zha Ewry|Zha Ewry]]: Well, we've two parts. Lets assume for the moment, we don't fork on Caps
*[11:48]  [[User: Zha Ewry|Zha Ewry]]: So, now we would like to handle the "I want to get a cap from servcie X. Simple case, sim5863.agni.lindenlab.com
*[11:49]  [[User: Zha Ewry|Zha Ewry]]: and I'd like to prove that I am infact YZSIM1.watson.ibm.com (ie. that one sim is inisde Linden Lab's domain, and the other inside IBM's Research Test Domain)
*[11:49]  [[User: Zha Ewry|Zha Ewry]]: Given we can't depend on FQDNs, in the face of spoofing and such)
*[11:50]  [[User: Zha Ewry|Zha Ewry]]: this implies there is a proper way to prove to each other, we are the droids we say we are
*[11:50]  [[User: Which Linden|Which Linden]]: ? You mean you don't want to rely on SSL certs either?
*[11:50]  [[User: Zha Ewry|Zha Ewry]]: and.. along the way, to set up a TLS (https) pipe, so that our imperial battlestationa ttack plans
*[11:50]  [[User: Morgaine Dinova|Morgaine Dinova]]: We can't depend on FQDNs in production, sure, but we could just to get it working
*[11:50]  [[User: Zha Ewry|Zha Ewry]]: don't get stolen
*[11:50]  [[User: Zha Ewry|Zha Ewry]]: Oh
*[11:50]  [[User: Zha Ewry|Zha Ewry]]: We can depend on SSL certs at the top level
*[11:51]  [[User: Zha Ewry|Zha Ewry]]: but, at every single server, cross authenticated, on the fly?
*[11:51]  [[User: Zha Ewry|Zha Ewry]]: especialy, gieven self signed certs are useful for
*[11:51]  Zha Ewry looks for a word
*[11:51]  [[User: Zha Ewry|Zha Ewry]]: and decided not to use one at all
*[11:52]  [[User: Which Linden|Which Linden]]: heh
*[11:52]  [[User: Which Linden|Which Linden]]: self signed certs aren't useful except for debugging
*[11:52]  [[User: Which Linden|Which Linden]]: IMO
*[11:52]  [[User: Zha Ewry|Zha Ewry]]: right
*[11:53]  [[User: Morgaine Dinova: Well the world isn't going to buy certs from Verisign, whether you like it or not |Morgaine Dinova: Well the world isn't going to buy certs from Verisign, whether you like it or not ]]:-)
*[11:53]  [[User: Zha Ewry|Zha Ewry]]: There is some cool stuff, GGF did with X.509 proxy certs
*[11:54]  [[User: Zha Ewry|Zha Ewry]]: So. what i want
*[11:55]  [[User: Zha Ewry|Zha Ewry]]: is a low cost way for whole domains to have a small number of root servers, with good, proper X.509 signed certs. (or if they dont' care, they can self sign and people will know what to make of that)
*[11:55]  [[User: Morgaine Dinova|Morgaine Dinova]]: I think we need to drop the worldview where there is one megacorp authenticating a teeny upstart, and think more about peers inter-authenticating.
*[11:55]  [[User: Zha Ewry|Zha Ewry]]: and then let lots of components within them,
*[11:55]  [[User: Zha Ewry|Zha Ewry]]: do lightweight TLS/SSL pipe creatoin based on that
*[11:56]  [[User: Which Linden: Morgaine|Which Linden: Morgaine]]: there are plenty of top-level cert authorities
*[11:57]  [[User: Which Linden|Which Linden]]: and it is pretty peer-to-peer right now, relatively, in that you can decide what authorities you trust
*[11:57]  [[User: Which Linden|Which Linden]]: the browser just happens to come with a buncha defaults
*[11:58]  [[User: Morgaine Dinova: Which|Morgaine Dinova: Which]]: ultimately they provide nothing of value that a self-signed doesn't provide. Verisign's checks are a joke -- I used to manage them for a big ISP. And the smaller you get, the less checks. It's what Schneier calls "security theatre".
*[11:59]  [[User: Which Linden|Which Linden]]: Not true at all, for example my university had their own CA, and they were extremely rigid about whose certs they would sign
*[11:59]  [[User: Which Linden|Which Linden]]: But OK, maybe verisign's validation is nonsense
*[12:00]  [[User: Morgaine Dinova|Morgaine Dinova]]: That control only works in a managed domain, like a University or a corp. It can't work in the mayhem of the open net.
*[12:01]  [[User: Which Linden|Which Linden]]: That's an interesting point -- currently the Net can be categorized into "domains" and "sites". Sites get their certs from a central authority, domains are their own authority. Most sites on the WWW are "sites". Whereas it could be conceivable that the Open Grid consists mostly of "domains"
*[12:02]  [[User: Morgaine Dinova|Morgaine Dinova]]: What's more, it's overkill that doesn't achieve anything that couldn't be done by a grid just listing some keys on its website.
*[12:03]  [[User: Which Linden|Which Linden]]: Hm well you want those keys to be listed in at least two different channels, to minimize the risk of compromise
*[12:03]  [[User: Morgaine Dinova|Morgaine Dinova]]: Or a thousand channels .... it's not a problem.
*[12:03]  [[User: Which Linden|Which Linden]]: Right, well, you'd want each channel to have some barrier to entry so that you can't just push a button and haxx all the keys
*[12:04]  [[User: Morgaine Dinova: If a spoofer can compromise a thousand sites all listing the right keys ... hey. he deserves to be in control |Morgaine Dinova: If a spoofer can compromise a thousand sites all listing the right keys ... hey. he deserves to be in control ]]:-))))
*[12:04]  [[User: Which Linden|Which Linden]]: Are we digressing from what Zha wanted to talk about?
*[12:04]  [[User: Zha Ewry|Zha Ewry]]: a little
*[12:04]  [[User: rk2306 Dezno|rk2306 Dezno]]: hey all
*[12:04]  [[User: Zha Ewry|Zha Ewry]]: Not a lot, tho
*[12:04]  [[User: dogtow Hand: |dogtow Hand: ]]:o)
*[12:05]  [[User: Which Linden|Which Linden]]: Hi!
*[12:05]  [[User: Zha Ewry|Zha Ewry]]: A good set of protocols which let us end up with low cost (computtation, and real world dollar) authentication token in place at the services inside the
*[12:05]  [[User: Morgaine Dinova|Morgaine Dinova]]: That is actually a powerful defence against spoofs ... the power of being a majority.
*[12:05]  [[User: Goldie Katsu|Goldie Katsu]]: I might point out that given how poorly CRLs are checked the likelihood of a program checking multiple sites to verify the key posted on one is unlikely at best.
*[12:06]  [[User: Which Linden|Which Linden]]: One thing that would help with that is better client support for chained certificates
*[12:06]  [[User: Zha Ewry|Zha Ewry]]: servers, so we can do tolerabley efficient https/SSL/TLS pipes between grid bits, is where I'm loking
*[12:06]  [[User: Morgaine Dinova: Goldie|Morgaine Dinova: Goldie]]: it's easy to knock up a library that'll do it by default. Heck, it could even be out in the default resolver.
*[12:06]  [[User: Goldie Katsu|Goldie Katsu]]: as long as you post it on the usual easy place to get a key that's good enough to get most.
*[12:07]  [[User: Zha Ewry|Zha Ewry]]: end user proof, is a whole seperate issue (tho relevent)
*[12:07]  [[User: Goldie Katsu|Goldie Katsu]]: yes end user proof is relevant.
*[12:07]  [[User: Which Linden|Which Linden]]: Heh, yes, even if you can prove you're truly Jim's Grids, the user has to have some assurance that your motto isn't "steal, steal, and thieve"
*[12:08]  [[User: Goldie Katsu|Goldie Katsu]]: Well that becomes a who you do business question - not an authentication question
*[12:08]  [[User: Zha Ewry|Zha Ewry]]: Right
*[12:08]  [[User: Morgaine Dinova|Morgaine Dinova]]: So, what do you need Zha?
*[12:08]  [[User: Zha Ewry|Zha Ewry]]: That's the seperable "business policy issue, but relevent"
*[12:08]  [[User: Zha Ewry|Zha Ewry]]: So.. long term?
*[12:08]  [[User: Zha Ewry|Zha Ewry]]: We need three things, I think, last I counted.
*[12:08]  [[User: Morgaine Dinova|Morgaine Dinova]]: No, short term, to get is going
*[12:09]  [[User: Zha Ewry|Zha Ewry]]: well,s hort term, we need one, which is a good way of alllowing compoinents to prove membership in domains to each other
*[12:09]  [[User: Zha Ewry|Zha Ewry]]: The second one, which we get, amusingly enough from a *LOT* of educational players
*[12:10]  [[User: Zha Ewry|Zha Ewry]]: is to be able to prove end user membership in a community.
*[12:10]  [[User: Zha Ewry|Zha Ewry]]: I'm utterl happy to lety people roll policy on top of those buildng blocks
*[12:10]  [[User: Zha Ewry|Zha Ewry]]: as they see fit
*[12:11]  [[User: Morgaine Dinova|Morgaine Dinova]]: Why is that hard? It seems fairly easy to take a user's public key and ask a service whether the user referred to by a key is a member of it, no?
*[12:13]  Zha Ewry shrugs
*[12:13]  [[User: Zha Ewry|Zha Ewry]]: its software
*[12:13]  [[User: Zha Ewry|Zha Ewry]]: nothign is "hard" except NP complete problems
*[12:13]  [[User: Morgaine Dinova|Morgaine Dinova]]: Hehe
*[12:13]  [[User: Zha Ewry|Zha Ewry]]: or getting anything decent written at all
*[12:13]  [[User: dogtow Hand: oo |dogtow Hand: oo ]]:o)
*[12:13]  [[User: Which Linden|Which Linden]]: The "good way of alllowing compoinents to prove membership in domains to each other" seems to be more challenging
*[12:14]  [[User: Zha Ewry|Zha Ewry]]: Oh, I agree
*[12:14]  [[User: Morgaine Dinova|Morgaine Dinova]]: Talking of which, did you read Dijkstra's nice (old) essay that hit Slashdot a couple of days ago?
*[12:14]  [[User: Zha Ewry|Zha Ewry]]: especially if we really do want to end up with a
*[12:14]  [[User: Goldie Katsu|Goldie Katsu]]: link?
*[12:14]  [[User: Which Linden|Which Linden]]: Or is that the same problem, i.e. group membership?
*[12:14]  [[User: Zha Ewry|Zha Ewry]]: TLS/SSL pipe as the end producty
*[12:15]  [[User: Which Linden|Which Linden]]: Zha, I don't remember you chatting
*[12:15]  [[User: Morgaine Dinova: Dijkstra's essay (a wonderful read, like everything he wrote): http|Morgaine Dinova: Dijkstra's essay (a wonderful read, like everything he wrote): http]]://www.cs.utexas.edu/users/EWD/ewd10xx/EWD1036.PDF
*[12:15]  [[User: Which Linden|Which Linden]]: in multiple lines like this
*[12:15]  [[User: Which Linden|Which Linden]]: in the past. New habit?
*[12:16]  Zha Ewry chuckles. It varries, depending on how distracted I am
*[12:16]  [[User: Which Linden: |Which Linden: ]]:-)
*[12:16]  [[User: Morgaine Dinova|Morgaine Dinova]]: Dijkstra was pretty much my "god" when I was doing research in concurrency and parallelism, way back.
*[12:16]  [[User: Which Linden|Which Linden]]: It makes sense, in that we don't have to wait for your entire thought to complete
*[12:17]  [[User: dogtow Hand|dogtow Hand]]: lol or answers
*[12:17]  [[User: Zha Ewry|Zha Ewry]]: So.. I am sort of stunned to notice that there isn't much of an existing
*[12:17]  [[User: Zha Ewry|Zha Ewry]]: body on this
*[12:17]  [[User: Morgaine Dinova|Morgaine Dinova]]: Zha's now running on multicore, and her threads aren't sync'd ;-)
*[12:17]  Which Linden is reading the dijkstra essay
*[12:18]  Zha Ewry pouts
*[12:18]  [[User: Morgaine Dinova|Morgaine Dinova]]: He's so right too. The world of computing is in total disarray.
*[12:18]  [[User: Zha Ewry|Zha Ewry]]: I make sure all my threads are properly swen, thsank you very much
*[12:18]  [[User: Which Linden|Which Linden]]: It's after 12 so it would not be rude if anyone had to depart, btw
*[12:18]  [[User: Goldie Katsu|Goldie Katsu]]: (a scan! reminds me of the scratchblogging)
*[12:18]  [[User: Morgaine Dinova|Morgaine Dinova]]: Is Swen your swedish friend? ;-)
*[12:19]  [[User: Zha Ewry|Zha Ewry]]: Oh. no. Now my couturier seamstress has been named. I shall be rouined
*[12:19]  [[User: Zha Ewry|Zha Ewry]]: err
*[12:19]  [[User: Zha Ewry|Zha Ewry]]: ruined
*[12:19]  [[User: Zha Ewry|Zha Ewry]]: which is better then being runed, and having to read in elvish.
*[12:20]  [[User: Zha Ewry|Zha Ewry]]: (Which is probably what trying to follow my typing is like anyway)
*[12:20]  [[User: Morgaine Dinova|Morgaine Dinova]]: I lectured in Sofware Engineering, so what Dijkstra wrote (very critical of S/E) really hit home ... he's 100% right.
*[12:20]  [[User: Goldie Katsu|Goldie Katsu]]: FUTHARKed again
*[12:20]  [[User: Morgaine Dinova|Morgaine Dinova]]: I rank him along Feynmann
*[12:20]  Goldie Katsu growls loudly at adobe for inserting itself where it isn't wanted
*[12:21]  [[User: Zha Ewry|Zha Ewry]]: But.. seriously, we actually have some nasty peer to peer component level authentication issues lurking in here
*[12:22]  [[User: Which Linden|Which Linden]]: So how are the components of a domain peers?
*[12:23]  [[User: Which Linden|Which Linden]]: I kind of view components as just being implementation details of a monolithic-appearing whole
*[12:23]  [[User: Which Linden|Which Linden]]: For example, right now all simhosts have the same ssl cert, which the client verifies
*[12:24]  [[User: Zha Ewry|Zha Ewry]]: Right, but they all happily live inside a single firewalled sub-net
*[12:24]  [[User: Which Linden|Which Linden]]: Isn't each domain expected to do so as well?
*[12:25]  [[User: Zha Ewry|Zha Ewry]]: Not when we want to allow someoen to teleport from a sim in domain A to a sim in Domain B
*[12:26]  [[User: Morgaine Dinova|Morgaine Dinova]]: I think I'm missing the key problem. If SL server #1 (whom you trust by cert) gives you a link to X server #2, are you unwilling to believe that that's a valid host without further evidence?
*[12:26]  [[User: Which Linden|Which Linden]]: Maybe I'm just confused about what you mean by "component". I thought you meant "host in a domain', but do you actually mean "a domain in the larger grid system"?
*[12:26]  [[User: Which Linden|Which Linden]]: Good point Morgaine
*[12:27]  [[User: Which Linden|Which Linden]]: I could see it going either way, w.r.t a link given to you from a trusted host
*[12:27]  [[User: Which Linden|Which Linden]]: You might trust the trusted host to do everything except give you more links
*[12:29]  [[User: Zha Ewry|Zha Ewry]]: So, from the bottom, up, I'm a lonely little region simulator in aa grid, and I have a user who has handed me a landmark to a remote sim in another grid. And I say "Ah,, I need to call that remote sim"
*[12:29]  [[User: Goldie Katsu|Goldie Katsu]]: I'm thinking domain in the larger grid system
*[12:30]  [[User: Zha Ewry|Zha Ewry]]: I need to end up with a https pipe to that sim, at the end of a dance which lets that sim know I am a proven memeber of my domain, and that they are aproven member of their domain
*[12:30]  [[User: Zha Ewry|Zha Ewry]]: I can clearly do that with nothing but verisggn certs, if I wanf to
*[12:30]  [[User: Zha Ewry|Zha Ewry]]: (and then I'd better be careful, and rich
*[12:30]  [[User: Morgaine Dinova: Just say "certs" |Morgaine Dinova: Just say "certs" ]]:-)
*[12:31]  [[User: Zha Ewry|Zha Ewry]]: well, signed by a mutually trusted third party with a sealed path certs
*[12:31]  [[User: Morgaine Dinova|Morgaine Dinova]]: Why?
*[12:31]  [[User: Goldie Katsu|Goldie Katsu]]: and my clothing needs to be transferred there too so their is some matter of Asset server from aa grid knowing where its sending info on those assets (if they aren't a all assets are freely shareable kind of sim)
*[12:32]  [[User: Which Linden|Which Linden]]: Goldie, yes, though theoretically once trust is established data transfer is an "easy" problem
*[12:32]  [[User: Morgaine Dinova|Morgaine Dinova]]: Right now, when you surf the web, the vast bulk of all information you obtain is unauthenticated. And it's certainly not a problem.
*[12:32]  [[User: Goldie Katsu|Goldie Katsu]]: yes but there is the client to domain b trust and the domain aa to domain b trust
*[12:33]  [[User: Goldie Katsu|Goldie Katsu]]: yes in some cases the data will be that way
*[12:33]  [[User: Morgaine Dinova|Morgaine Dinova]]: So I'm not sure why you want to burden all VW traffic with the needs of just the authenticated traffic
*[12:33]  [[User: Which Linden|Which Linden]]: Yes, ugh, there is indeed a three-way trsut problem here
*[12:33]  [[User: Monalisa Robbiani|Monalisa Robbiani]]: hi
*[12:34]  [[User: Goldie Katsu|Goldie Katsu]]: because the unauthenticated part of the web doesn't deal with identity
*[12:34]  [[User: Morgaine Dinova|Morgaine Dinova]]: I'm not saying that https isn't required. I'm just saying that your higher standard of evidence isn't required.
*[12:35]  [[User: Goldie Katsu|Goldie Katsu]]: if we are talking auth in a broader sense
*[12:36]  [[User: Goldie Katsu|Goldie Katsu]]: and right now auth is on a per-site basis in most cases
*[12:37]  [[User: Which Linden|Which Linden]]: OK, I'm really sorry but I have to run
*[12:38]  [[User: Monalisa Robbiani|Monalisa Robbiani]]: dont forget my bear
*[12:38]  [[User: Which Linden: Feel free to add on to the transcript here: https://wiki.secondlife.com/wiki/User|Which Linden: Feel free to add on to the transcript here: https://wiki.secondlife.com/wiki/User]]:Which_Linden/Office_Hours/2008_Dec_4
*[12:38]  [[User: Goldie Katsu|Goldie Katsu]]: Thank you for your time
*[12:38]  [[User: Which Linden|Which Linden]]: oh!
*[12:38]  [[User: Which Linden|Which Linden]]: didn't see the IM
*[12:38]  [[User: Monalisa Robbiani: sent you IM|Monalisa Robbiani: sent you IM]]:)
*[12:38]  [[User: Morgaine Dinova: Cheers Which, take care |Morgaine Dinova: Cheers Which, take care ]]:-)
*[12:38]  [[User: Monalisa Robbiani|Monalisa Robbiani]]: hihi *giggle*
*[12:38]  [[User: Monalisa Robbiani|Monalisa Robbiani]]: thankies
*[12:38]  [[User: Goldie Katsu|Goldie Katsu]]: oh a
*[12:38]  [[User: Goldie Katsu|Goldie Katsu]]: bear
*[12:38]  [[User: Goldie Katsu|Goldie Katsu]]: could I have one?
*[12:38]  [[User: Zha Ewry|Zha Ewry]]: Thanks Which
*[12:38]  [[User: Goldie Katsu|Goldie Katsu]]: yay!
*[12:39]  [[User: Which Linden|Which Linden]]: Thank you! I'll see you next time
*[12:39]  [[User: Morgaine Dinova: Oh, I don;t have a Which bear either |Morgaine Dinova: Oh, I don;t have a Which bear either ]]:-)
*[12:39]  [[User: Zha Ewry|Zha Ewry]]: What do horses do with Linden Teddy Bears?
*[12:39]  [[User: Monalisa Robbiani|Monalisa Robbiani]]: horses?
*[12:39]  [[User: Goldie Katsu|Goldie Katsu]]: Let them ride on their back
*[12:39]  [[User: Monalisa Robbiani|Monalisa Robbiani]]: haha
*[12:39]  [[User: Monalisa Robbiani|Monalisa Robbiani]]: o.O
*[12:39]  Zha Ewry grins
*[12:39]  [[User: Zha Ewry|Zha Ewry]]: Of course
*[12:39]  [[User: Goldie Katsu|Goldie Katsu]]: lol
*[12:39]  [[User: Monalisa Robbiani|Monalisa Robbiani]]: 77 bears
*[12:39]  [[User: Monalisa Robbiani|Monalisa Robbiani]]: yay
*[12:40]  [[User: Morgaine Dinova|Morgaine Dinova]]: Wow!
*[12:40]  [[User: Goldie Katsu|Goldie Katsu]]: Are you in the linden bear collector group?
*[12:40]  [[User: Monalisa Robbiani|Monalisa Robbiani]]: and all pesonally taken from them
*[12:40]  [[User: Monalisa Robbiani|Monalisa Robbiani]]: yes I am
*[12:40]  [[User: Goldie Katsu|Goldie Katsu]]: good!
*[12:40]  [[User: Monalisa Robbiani|Monalisa Robbiani]]: ugh so scripts hjere
*[12:40]  [[User: Goldie Katsu|Goldie Katsu]]: yeah
*[12:41]  [[User: Goldie Katsu|Goldie Katsu]]: that's why I'm standing instead of sitting.
*[12:41]  [[User: Morgaine Dinova|Morgaine Dinova]]: So Zha ... which part of SSL cert auth isn't enough for you?
*[12:41]  [[User: Goldie Katsu|Goldie Katsu]]: oooh a tinies seat.
*[12:42]  [[User: Goldie Katsu|Goldie Katsu]]: (sorry that was off topic.)
*[12:42]  [[User: Monalisa Robbiani|Monalisa Robbiani]]: ride anyone?
*[12:42]  [[User: Zha Ewry|Zha Ewry]]: SLL cert auth, at the web-service to web-service level, is, at best goign to be a bear to manage
*[12:43]  [[User: Goldie Katsu|Goldie Katsu]]: (lol bear hunting tag is active )
*[12:43]  [[User: Morgaine Dinova|Morgaine Dinova]]: Indeed, doing it the current way (which is manual) isn't going to work.
*[12:43]  [[User: Zha Ewry|Zha Ewry]]: Right
*[12:44]  [[User: Zha Ewry|Zha Ewry]]: and. when you hit the NxMxC case I'm not sure how many certs I need in a big service, like a IM hub, or a asset backup service
*[12:44]  [[User: Zha Ewry|Zha Ewry]]: (N x M regions x C components)
*[12:45]  [[User: Morgaine Dinova|Morgaine Dinova]]: But the problem there is, that all non-manual methods have no security to mention.
*[12:45]  [[User: Morgaine Dinova|Morgaine Dinova]]: Ie. it's theatre
*[12:46]  [[User: Zha Ewry|Zha Ewry]]: Well
*[12:46]  [[User: Zha Ewry|Zha Ewry]]: part of me is inclined, for that very reason
*[12:46]  [[User: Zha Ewry|Zha Ewry]]: to keep certs at domains
*[12:46]  [[User: Zha Ewry|Zha Ewry]]: and use a leased, shared secret between the low level comp[onents
*[12:46]  [[User: Zha Ewry|Zha Ewry]]: (established by the cert based domain services)
*[12:47]  [[User: Zha Ewry|Zha Ewry]]: as the thing we use to setup the HTTPS pipes between the low level components
*[12:47]  [[User: Zha Ewry|Zha Ewry]]: GGF did that with X.509 proxies
*[12:47]  [[User: Morgaine Dinova|Morgaine Dinova]]: Sure, that's no problem. The shared secret is really just the session key, short lived.
*[12:47]  [[User: Zha Ewry|Zha Ewry]]: But they seem heavyweight, and aimed at end user authentication
*[12:48]  [[User: Zha Ewry|Zha Ewry]]: well, one might go one step longer term, and allow the session key to be reused in limited ways, but.. there are some real
*[12:48]  [[User: Zha Ewry|Zha Ewry]]: risks you trade off there
*[12:48]  [[User: Zha Ewry|Zha Ewry]]: (ie, can I pass the session key from service to service, locally, within a domain, for a short while)
*[12:49]  [[User: Zha Ewry|Zha Ewry]]: keep a short time to livce
*[12:49]  [[User: Zha Ewry|Zha Ewry]]: (which makes the kabuki much more acceptable)
*[12:49]  [[User: Morgaine Dinova|Morgaine Dinova]]: It's a necessary risk though. Without it you'll never be able to move sessions from a home device to a mobile device for example.
*[12:50]  [[User: Zha Ewry|Zha Ewry]]: Oh, more importantly, be to establish the session to asim, and then pass it to an adjacent sim, on boundrary crosssing, without a heavy transaction
*[12:50]  [[User: Zha Ewry|Zha Ewry]]: I
*[12:50]  [[User: Zha Ewry|Zha Ewry]]: am pretty comfortable with laptop to cell phone handoff being heavyweight
*[12:50]  [[User: Zha Ewry|Zha Ewry]]: I am much less willign to let thsat happen on sim to sim
*[12:50]  [[User: Morgaine Dinova|Morgaine Dinova]]: True
*[12:51]  [[User: Zha Ewry|Zha Ewry]]: What i really want to make sure we manage, is a good balancing point
*[12:51]  [[User: Zha Ewry|Zha Ewry]]: and bake it in low, so we don't encumber 90% of the protocol with it
*[12:51]  [[User: Zha Ewry|Zha Ewry]]: (and keep it deeply orthogonal from policy)
*[12:53]  [[User: Zha Ewry|Zha Ewry]]: OK, I need liquid and five minutes of clear brain time, to prerp to talk to a senior executive about some funding
*[12:53]  [[User: Morgaine Dinova: Good luck |Morgaine Dinova: Good luck ]]:-)
*[12:53]  [[User: Zha Ewry|Zha Ewry]]: Oh, and I've gently relayed the "WTF is happening, you are going to get bypassed" concern to Zero.
*[12:53]  [[User: Goldie Katsu|Goldie Katsu]]: good luck.
*[12:53]  [[User: Goldie Katsu|Goldie Katsu]]: Good!
*[12:53]  [[User: Morgaine Dinova|Morgaine Dinova]]: Hehe, so did I Zha.
*[12:54]  [[User: Zha Ewry|Zha Ewry]]: Not like Zero isn't aware
*[12:54]  [[User: Morgaine Dinova|Morgaine Dinova]]: He hasn't replied, sadly
*[12:54]  [[User: Zha Ewry|Zha Ewry]]: Ah. I got an "Painfully aware of that"
*[12:54]  [[User: Zha Ewry|Zha Ewry]]: Mind you my note started with "As I am sure you are painfully aware"
*[12:55]  [[User: Goldie Katsu|Goldie Katsu]]: lol
*[12:55]  [[User: Goldie Katsu|Goldie Katsu]]: Go take your 5 minute prep time
*[12:55]  [[User: Zha Ewry|Zha Ewry]]: yeps
*[12:55]  [[User: Morgaine Dinova|Morgaine Dinova]]: Take care :-)
*[12:55]  [[User: Zha Ewry|Zha Ewry]]: *poof*

Revision as of 19:28, 4 December 2008

Retrieved from "https://wiki.secondlife.com/w/index.php?title=AW_Groupies/Chat_Logs/AWGroupies-2008-12-04&oldid=164963"