Sign in to follow this  
Followers 0
Prokofy Neva

Oh, Is This Why They Changed the TOS?

133 posts in this topic

I have to wonder...


The new project viewer -- which means the beta which will eventually become *the* viewer -- is called Project Interesting.

It "just knows" what is "interesting" to you and loads it first. I wondered how it "just knew" until I watched Torley's video:

http://community.secondlife.com/t5/Featured-News/Speedy-Delivery-Introducing-the-Project-Interesting-Viewer/ba-p/2328615


...which explains that "interesting"would have been better translated as "relevant". Because it's not about the prettiest floweror prettiest avatar or best build (to you), but about what is *relevant* to your avatar simply trying to move and explore.

So it renders walls, stairs, etc. that might block your physical movement on a sim *first*, so you can wend around them. Meanwhile in the background, the flowers are rendering. All well and good.

Except another aspect of this "speedy delivery" system is that it loads regions *on your computer* so that the next time you visit that sim, it loads faster.

OK, so you see where this is going. In order to load other people's content on your own computer, it has to download people's content to your computer as if you downloaded it, owning the permissions. But you don'.

So is this hackable? Most "see it, copy it" features of the Internet are. But this isn't just print-screen or using one of those ctr-whatever commands inworld to get the dimensions of textures and grab them regardless of rights, this is actually putting somebody else's content on your computer.

Is this encrypted in any way or obscured by obfuscation? I don't know where to look, and it may be in the form of some kind of raw file or something that you can't open except in world or on an Open Sim. Oh, but that's just it. Are hackers or reverse engineers going to be able to easily visit sims now, let them load, then transfer them "abroad"?

I'd like to hear a technical and philosophical discussion of this.

Yes, I get it that in order to see something, Linden Lab has to stream it to you and it has to be visible in your browser and be cached. But that's in the browser, and that drops out after each session. Of course it's that browser caching that makes rogue viewers able to copybot stuff in world.

But this goes further. It downloads files to your hard drive. Now, that may be a realty that "streaming" encompasses that is not meant as infringing, but is only meant "to provide the service".

Even so, I want to hear more of the specifics of this, both the theory underlying it, the technicalities, and the ramifications for intellectual property.

Share this post


Link to post
Share on other sites

The viewer has had this same object cache for years and years. The only real difference with this new viewer, is that it makes those cache files larger, otherwise it's the same old same old. There really aren't any new implications for security (or lack thereof) of inworld objects.

 

Share this post


Link to post
Share on other sites

But as I noted, I'm not talking about the viewer cache.

I'm talking about downloading to the hard drive.


Unless the mechanics of viewer-caching in fact involve downloading files to the hard drive.

Even so, making the file cache significantly larger opens up larger issues.

Share this post


Link to post
Share on other sites

I have set my cache to 4 GB, for a long time now actually. And yes, these files sit on my harddrive. The interest viewer does cache objects which wouldn't be considered as cachable in the older viewers. Scripted objects for example, which change their parameters in one way or the other, by script, weren't cached before, because, yeah, they change a lot anyway. Now if such a scripted object hasen't changed in the past 2 minutes, it's going into the cache as well. There isn't really anything new to how the viewer handles the content, besides it tries to rez things near you first, and some objects go into the cache, which didn't went into cache in the past.

Share this post


Link to post
Share on other sites


Prokofy Neva wrote:

But as I noted, I'm not talking about the viewer cache.

I'm talking about downloading to the hard drive.

 

Unless the mechanics of viewer-caching in fact involve downloading files to the hard drive.

Even so, making the file cache significantly larger opens up larger issues.

The viewer cache is on your hard drive and in an SL Viewer internal format. Anybody wanting to rip content from SL would use an OpenGL model ripper, just as people rip content from video games using DirectX model rippers. Nothing about "Project Interesting" changes that in any way.

Share this post


Link to post
Share on other sites

That's how the viewer has always worked. We've always downloaded everything we see. Internet browsers, games, everything on the computer is the same way, except for streaming video. And even that can be captured if you know what you're doing.

This just supposedly makes the downloading more intelligent. Supposedly. But since we're talking about LL, "relevant" could mean any frickin' thing.

Share this post


Link to post
Share on other sites


Prokofy Neva wrote:

But as I noted, I'm not talking about the viewer cache.

I'm talking about downloading to the hard drive.

 

Unless the mechanics of viewer-caching in fact involve downloading files to the hard drive.

Even so, making the file cache significantly larger opens up larger issues.

You are talking about the viewer cache. That's what all those files in your SL objectcache folder are. They are binary blobs, but not encrypted or especially hard to read. The viewer source would provide complete instructions on decoding anyway, so there is no point in scrambling them.

 

Share this post


Link to post
Share on other sites


Cerise Sorbet wrote:


Prokofy Neva wrote:

But as I noted, I'm not talking about the viewer cache.

I'm talking about downloading to the hard drive.

 

Unless the mechanics of viewer-caching in fact involve downloading files to the hard drive.

Even so, making the file cache significantly larger opens up larger issues.

You are talking about the viewer cache. That's what all those files in your SL objectcache folder are. They are binary blobs, but not encrypted or especially hard to read. The viewer source would provide complete instructions on decoding anyway, so there is no point in scrambling them.
 

And there's probably no point in trying to unscramble them. DirectX and OpenGL model rippers have been around for as long as DirectX and OpenGL. There's probably lots of support for using them amongst the Warez community, so why reinvent the wheel?

Share this post


Link to post
Share on other sites


Prokofy Neva wrote:

 

Even so, making the file cache significantly larger opens up larger issues.

No it doesn't. 

Share this post


Link to post
Share on other sites


Cerise Sorbet wrote:

Because rigging (but that's not in the part of the cache Prok is worried about.)
 

If understand the flow of ripped content correctly, isn't most of it coming into SL? I believe this was the primary reason for LL supporting mesh, to leverage existing mesh content and expertise. And I've heard at least a few people complain that SL meshes must be "dumbed down" from that which is supported by other systems, either because of Land Impact or technical limitations of SL mesh.

Those who create original mesh content for SL may be at risk, but if the mesh models being created for other virtual environments are more attractive, will there be much demand for ripped SL content?

And as you said, the viewer is open source, so anyone with motivation has some help in reverse engineering content. This was one reason (albeit a secondary one) cited for the appearance of MMORPG systems that render in the cloud and stream video to the consoles.

Share this post


Link to post
Share on other sites

Cerise Sorbet wrote:

Because rigging (but that's not in the part of the cache Prok is worried about.)


 

As we all kinda know where :matte-motes-evil:Prok:matte-motes-evil: is coming from she's worried about us having a better experience and actually something nice. And she just can't have that! Don't you understand it, you liberal leftie techno commies? :smileyvery-happy::smileytongue:

Share this post


Link to post
Share on other sites


Orca Flotta wrote:

Cerise Sorbet wrote:

Because rigging (but that's not in the part of the cache Prok is worried about.)

 

As we all kinda know where :matte-motes-evil:Prok:matte-motes-evil: is coming from she's worried about us having a better experience and actually something nice. And she just can't have that! Don't you understand it, you liberal leftie techno commies? :smileyvery-happy::smileytongue:

Prok asked a legitimate question, in a nice normal manner here on the forum.  She didn't realize that the we already have textures, prims, sculpts, etc (Other people's) downloaded to our hard drives, and stored in file, so was worried that there was new development.

NONE of which warranted a snide personal remark.

Share this post


Link to post
Share on other sites

NONE of which warranted a snide personal remark.

Seems you don't know the generallly feared Prok very well, Celest. She's famous for her snide personal remarks and general hostiity. But she's not stupid and kinda knows how stuff works in SL, so I assume she has something up her sleeve she'll release very soon. And it  will be a deadly blow on Moscow and everything fun, mhm. :smileysurprised:

Share this post


Link to post
Share on other sites

Wrong on all counts. Nothing that has ever been asked by that person has ever been without some sort of agenda attached to it - EVER.

 

As for "not knowing" how the client program works - in regard to anything - about three years back I came to the conclusion that anyone too lazy to learn such basic information (and it IS basic) about the client program .... simply does not need to be logging in at all.

Share this post


Link to post
Share on other sites


Madelaine McMasters wrote:


If understand the flow of ripped content correctly, isn't most of it coming into SL?


That was the initial direction, but the tide is turning as more decent content that isn't available elsewhere comes online. Much of the activity is similar to the old copybot, with models re-uploaded to remove permission flags. Given the limitations built in with SL, exports to wholly different commercial environments won't be too appealing many times, but the SL clone grids are of course good matches.

Share this post


Link to post
Share on other sites


Cerise Sorbet wrote:


Madelaine McMasters wrote:


If understand the flow of ripped content correctly, isn't most of it coming
into
SL?

That was the initial direction, but the tide is turning as more decent content that isn't available elsewhere comes online. Much of the activity is similar to the old copybot, with models re-uploaded to remove permission flags. Given the limitations built in with SL, exports to wholly different commercial environments won't be too appealing many times, but the SL clone grids are of course good matches.

Is there much life on SL clone grids? I'd expect SL to be the largest market for SL ripped content, by far.

Share this post


Link to post
Share on other sites

Creator fascism.


No one should be *required* to learn the mechanics of how browsers work to log in, that's ridiculous. That would be like requiring everyone who drives a car to learn the mechanics of internal combustion. That's not how normal life works, where there is division of labour and division of knowledge and expertise.

I continue to ask questions about this because I'm getting different answers and different emphases.

As I've heard in the past of things being held temporarily in the browser and then thrown out, I want to determine exactly

It's been an axiom of Second Life that scripts are different -- they're special! Scripters don't have to worry about their content being stolen, it executes server side. Rips of scripts in SL have been far, far less common.

So now if the new feature of Project Interesting is that now scripted objects are downloaded to the hard drive, that may drive more ripping because it's a new vista opening up that was previously locked down.

I wonder if it is impossible to encrypt these files or have them on DRM. And before I hear the usual knowier-than-thou response that DRM "doesn't work," let me point out that the inherent contradiction of the encryptionists these days is that they hold out the prospect that communications can be absolutely encrypted (i.e. Bruce Schneier on Tor) but they oppose DRM for intellectual property.

I have no idea what files contain these downloads or how you access them now or whether it's still OpenGL. I'm not a ripper. But the problem of copybotting in SL isn't just the problem of imported items that people rip from various Renderosity type sites, but inworld stealing. And if the cache is larger now and can hold things it didn't before -- scripted objects, which are arguably the most expensive things in SL (pets, vehicles, guns), then is there more vulnerability to theft now?

And back to the main point: was this the reason for the change in the TOS? The change could even be catching up to the reality that has always been in the browser.

 

 

Share this post


Link to post
Share on other sites


Prokofy Neva wrote:

 

I wonder if it is impossible to encrypt these files or have them on DRM. And before I hear the usual knowier-than-thou response that DRM "doesn't work," let me point out that the inherent contradiction of the encryptionists these days is that they hold out the prospect that communications can be absolutely encrypted (i.e. Bruce Schneier on Tor) but they oppose DRM for intellectual property.

 

Other than the fact that none of it is necessary for the reasons mentioned by others (GL intercept etc.), decrypting locally means that there's a decryption key held in memory.  The attack vector at this point is a game of "find the key".  Once the person intent on decrypting the files has found that, it's game over for anything that is encrypted with that key and that key IS in memory because the cached content is decrypted in order to display it.

As you have identified with DRM, if the might of the companies behind that were so successful with their methods of implementing copy restrictions on things like DVD's, you wouldn't be able to fall over the numerous DVD rippers that are available.  Do you feel that LL has better skills at cryptography than the rest of the world?  I don't.

Share this post


Link to post
Share on other sites


Orca Flotta wrote:

NONE of which warranted a snide personal remark.

Seems you don't know the generallly feared Prok very well, Celest. She's famous for her snide personal remarks and general hostiity. But she's not stupid and kinda knows how stuff works in SL, so I assume she has something up her sleeve she'll release very soon. And it  will be a deadly blow on Moscow and everything fun, mhm. :smileysurprised:

Orca, you're the one who is wrong here.  Because, I do know Prok, and I'd wager that I know her better than you.  

But, none of what you stated is relevant to someone responding here on the forum, in a civil manner, to someone posting a question..  What you've done is known as a preemptive strike, and it's a piss poor way to reply to forum posts. 

Do you think that mocking and taunting people is the way forward for a better SL forum, better communications, or better anything?  Because, the person doing those actions in this thread, isn't Prok, it's you.

Share this post


Link to post
Share on other sites


Solar Legion wrote:

Wrong on all counts. Nothing that has ever been asked by that person has ever been without some sort of agenda attached to it - EVER.


Nope.  You've posted irrelevant nonsense.  Prok posed questions about the TOS update and the workings of the SL viewer.  From the nature of her questions, it's clear that she didn't know how the viewer worked, so she was seeking a connection between what she thought, and what she read, regarding the current brouhaha over the TOS. 

Could there be an agenda in her line of questioning?  Sure.  Because, everyone has an agenda.  BUT, that does not warrant rudeness or snide remarks. 

 


Solar Legion wrote:.

 

As for "not knowing" how the client program works - in regard to anything - about three years back I came to the conclusion that anyone too lazy to learn such basic information (and it IS basic) about the client program .... simply does not need to be logging in at all.

First, the information that the client stores data on our hard dirves is not common knowledge.   (Do a poll of SL residents inworld and see how many know that.)  It's not common knowledge.   But, even if it were, your sentence above is a prejudice anti-people attitude about your fellow SL residents.  You'd better hope that doesn't happen, btw...as inworld would become empty pretty damn fast, if the people who didn't know this information never logged in again. 

 

 

 

 

Share this post


Link to post
Share on other sites


Prokofy Neva wrote:

I have no idea what files contain these downloads or how you access them now or whether it's still OpenGL. I'm not a ripper. But the problem of copybotting in SL isn't just the problem of imported items that people rip from various Renderosity type sites, but inworld stealing. And if the cache is larger now and can hold things it didn't before -- scripted objects, which are arguably the most expensive things in SL (pets, vehicles, guns), then is there more vulnerability to theft now?

And back to the main point: was this the reason for the change in the TOS? The change could even be catching up to the reality that has always been in the browser.

I think you're the first person to have posed that question.  (That I've seen)  Also, yes, it could be the reason.  Only LL (and their legal department) would know for sure. 

Share this post


Link to post
Share on other sites

@prokofy:
the viewer cache is a folder/directory on your computers hard drive that has a subset of folders that right now seem to contain mostly textures/images.
it is possible that this "interesting" viewer will add a new set of subfolders to store locally(on your computers hard drive) objects(linked sets) made of prims/sculpties/meshes.
it could do the same thing for sim terrain data, sounds, notecards and other things except for scripts because scripts are not run locally(it could be done for scripts too but is illogical).
i really don't think that the scripts inside the objects are also dowloaded and saved in the local cache. somebody that is coding for the viewer could confirm of deny that.
i don't think this is the reason for the tos change, but if it is than it is very badly written:(
imo it should say something along the lines "ll needs this only to store data in the local cache of logged in users"
@Orca Flotta:
if porkofy was so feard than he wouldn't be attacked(in anyway) by anybody:)
to me it looks just like he has enemies who don't like him because he confronts those that attack him:)
@Solar Legion:
i think that unless u r actively involved with coding for the viewer there r some "basic" things that u wouldn't even know existed:) that is if u take in consideration that the viewer changes from one version to the next.

Share this post


Link to post
Share on other sites

Once again, I point out the inherent contradiction (and inherent intellectual dishonesty) of people like Bruce Schneier (who I just heard speak and questioned in person) who believe that chat and communications can be "absolutely encrypted" from prying NSA eyes (he makes these claims for Tor, which are false, but that's another story), and the claim that DRM can't be absolutely encrypted.


Because obviously, the same issues of key location, MITM attacks, spoofing of ID to the server, etc. all exist in either case.

Recently I had this debate about data in the cloud, could Google double encrypt, while data is at rest, in motion, and at rest again in the cloud? And the answer is different depending on the ideology of the cryptologist flogging his agenda. Some say absolutely not because you can't then have the data manipulated, moved, sorted, mined etc without provider key ownership. And others say, no, you can do some things.

Why is this relevant? Because keys can be stored locally. They don't have to be stored with the provider. but then the quesiton becomes: but can you do anything with the data then? Let's say this is streamed to you -- you can't click on it, copy it if it has permissions, or manipulate it if it has partial permissions (I'm thinking). So it's the old story, that unless you had an actual piece of hardware like an X-box (and we know how the script kiddies love to hack and jailbreak those), you would not likely be able to have DRM.

BUT, I still wonder if this is achieved some other way. Merely by making it hard. For example, y ou can't just easily find and get into those OAR filesor whatever they are coming from sims.

Share this post


Link to post
Share on other sites

Hi, I really don't care about the form the communications take, and I can defend myself and don't need any help here : )


Don't be a net nanny, don't do the Lindens' work for them.

I don't worry about corporate things like "A better SL forum, better communications" because they aren't sincere, not done in good will, and not done democratically with the stake-holders -- that story was long ago told and ended here at Second Life.

 

So stick to the topic. Is this or is this not a new vista of vulnerability? Yes or no or maybe. That's all. If not, then life goes on. If yes, then few will care anyway until it affects them. But what about the scripts?

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0