New LSL function proposal. llIsFriend

[Coffee Pancake]

1 minute ago, Mollymews said:

the proposal is that the owner of the script can check if an agent on the region is also on the script owners friends list

for a parcel owner to know who of their patrons are on each others friends list then it requires each patron to wear a IsFriend script which transmits that information to the parcel owner

forcing patron's to wear a script can be done (wear or be ejected) a HUD script for example.  What the wearer needs to know is if the script is transmitting their friend list to a 3rd-party (i.e. the parcel owner/provider of the HUD)

so the proposed permission request, which should not be automatically granted just by wearing the HUD  

It's an extreme edge case and doesn't match how such ban events pan out.

If a club owner bans Bob, Bob's friends leave all by themselves, because they are Bob's friends. Those that don't, aren't "friends" with Bob for much longer!

 

Draconian, "the avatar wears the prim or it gets the hose", does not happen, even in places that depend on experience tools to function.

(and if they did, such an experience would end up attracting abuse reports!)

[Quistess Alpha]

26 minutes ago, Mollymews said:

edit add to clarify, the permission is requested from the target (agent_id) of llIsFriend(key agent_id). Not from the wearer of the script

If the script has to have permission from the target, that kinda makes it too obnoxious to use in any of the cases where it would be legitimately useful.

"Accept this permissions request so I can check if you are indeed friends with me, or I will boot you in 30 seconds" is not a message I want to send to friends visiting my super-secret-private-space, every time they visit.

[Coffee Pancake]

1 minute ago, Quistess Alpha said:

If the script has to have permission from the target, that kinda makes it too obnoxious to use in any of the cases where it would be legitimately useful.

"Accept this permissions request so I can check if you are indeed friends with me, or I will boot you in 30 seconds" is not a message I want to send to friends visiting my super-secret-private-space, every time they visit.

There is no use case for this function with a permissions check from the target. Even simple friends access security fails because there would be an indeterminate delay between issuance of the check and the user responding.

[Quistess Alpha]

15 minutes ago, Coffee Pancake said:

Even simple friends access security fails because there would be an indeterminate delay between issuance of the check and the user responding.

list temp_keys;
default
{
  state_entry()
  {
    llSensorRepeat(...);
  }
  sensor(integer N)
  { // eject everyone in temp_keys
    temp_keys =[];
    //...
    while(~--N)
    {	temp_keys+=[llDetectedKey(N)];
    	llRequestPermissions(llDetectedKey(N),PERMISSION_FRIEND_STATUS);
    }
  }
  no_sensor()
  {// eject everyone in temp_keys
   temp_keys = [];
  }
  run_time_permissions(key ID, integer perms)
  {
    if(perms&PERMISSION_FRIEND_STATUS)
    {
      	//remove key from temp_keys
      	if(!llIsFriend(key))
        {	//eject key
        }
    }
  }
}

As long as you make the sensor repeat sufficiently long (30 ~60 seconds) and you warn your friends ahead of time to accept the request when they get within range of your orb it /works/ just not well.

Edited July 23, 2021 by Quistess Alpha

[Mollymews]

i avatar turn up on a parcel.  A script asks me: "Are you my friend?"  On the presented dialog I can say: Yes or No

a thing. It is the script that wants to know if I am its friend. That I am friends with the script owner shouldn't mean that this automatically makes me a friend of their script

[Quistess Alpha]

4 minutes ago, Mollymews said:

i avatar turn up on a parcel.  A script asks me: "Are you my friend?"  On the presented dialog I can say: Yes or No

a thing. It is the script that wants to know if I am its friend. That I am friends with the script owner shouldn't mean that this automatically makes me a friend of their script

but what if you don't answer, or click the little x without reading the message? Then the script may never know if it's friends with you or not.

[Mollymews]

1 minute ago, Quistess Alpha said:

but what if you don't answer, or click the little x without reading the message? Then the script may never know if it's friends with you or not.

yes, is the same as the existing default behaviour of the permissions request system. Example: Such and such wants to animate you?  When we ignore the request then the script never gets an OK

[Quistess Alpha]

Oh, If I'm understanding you right, a system whereby residents could become friends with specific scripts would be kinda cool, but seems a bit off-topic. I also don't see the use case if just anyone can become friends with my scripts. How do I make sure mr griefer doesn't bribe my security orb with cookies and become its friend?

[Mollymews]

21 minutes ago, Quistess Alpha said:

Oh, If I'm understanding you right, a system whereby residents could become friends with specific scripts would be kinda cool, but seems a bit off-topic

that it is the script that is asking us is a nuance in how we think about these kinds of things

using the request animation for example.  When we get this request then we don't think that it is the script's owner that wants to animate us. We think that the owner's scripted object wants to do this

using the same thought pattern/nuance. When we get a "are you my friend?" request then it is the scripted object that wants to know this about us

think this thru a bit more with a slightly different nuance

two people come to my parcel. If my script doesn't need their permission then my script can tell them both that they have something in common, that they are both on my friends list.  A question is: Why would the first person want the second person to be told this, without any input to the sharing of this information ?

as the parcel owner why would I do this ?  I might want to do it because I have a match-making app. And if my match-making app client base is to grow then I would prefer to ask my friend if is ok for me to pass on their personal information (that we are friends) to another person

 

Edited July 23, 2021 by Mollymews
nuamce

[bobsknief Orsini]

10 hours ago, Quistess Alpha said:

As I understand the spec as in Rider's OP, only one of the two parties needs to be present for it to work. Another way to mitigate the abuse potential would be to have it on;y work on avatars who are in-region. As I understand it llIsFriend(bob's key); would tell you if the object owner is friends with bob, whether or not bob is in the region. if bob has to be in the region for it to return TRUE, that basically crumbles the "abuse scenario" I put forward in my last post.

If both parties need to be present then the function would become kind of useless.
Lets not forget the positive sides of this function instead of just the "abuse options". Just to name one, you could have a security system that detects if people are on your friends list.

[Mollymews]

 

3 minutes ago, bobsknief Orsini said:

Lets not forget the positive sides of this function

is the abuse edge cases then lead to functions getting nerfed. So by going thru the edge cases then a more informed decision generally results

yes tho I agree, there are lots of good positive uses for this function

[Profaitchikenz Haiku]

9 hours ago, Quistess Alpha said:

Because that would only worsen the rate of spagettification of SL's code. One box, one function please.

Colour me confused, but I can't understand your objection?

There is a piece of information stored in the database for Avatar A, is friend avatar B allowed to see their online status?

The new function tests to see if it needs to request permissions of Avatar A to let Avatar B see if they are on their friends list

IFF Avatar A has allowed avatar B to see if they are online, permission is implicitly given. No need to ask

Otherwise, popup asks avatar A "Can Avatar B see if you are on their friends list?"

Edited July 23, 2021 by Profaitchikenz Haiku

[Coffee Pancake]

This is as pointless as requiring llRequestAgentData to have a permissions request

 Even though it is actually none of your (or scripts) business if the RL operator of an avatar has an on the record RL financial relationship with LL or not.

 

 

Edited July 23, 2021 by Coffee Pancake

[Profaitchikenz Haiku]

30 minutes ago, Coffee Pancake said:

This is as pointless as requiring llRequestAgentData to have a permissions request

I agree, but it's a conversation-killer

[Mollymews]

50 minutes ago, Coffee Pancake said:

This is as pointless as requiring llRequestAgentData to have a permissions request

the info that can be returned by llRequestAgentData is public information published on our profile

digressing further into other things then I wouldn't mind PERMISSION_OBJECT_DETAILS

so that llGetObjectDetails(key id ...) pops up a request dialog when key id is not the owner of the script. When declined then returns [] empty string

 

[Coffee Pancake]

20 minutes ago, Mollymews said:

the info that can be returned by llRequestAgentData is public information published on our profile

That doesn't make it ok.

[Bent Luik]

13 hours ago, Profaitchikenz Haiku said:

Why not just use the already-available "friend can see if I'm online" tickbox from the profile? If the person has said it's Ok for you to know they're online then it's also ok for your script to check if they're a friend of yours. If they have some privacy concerns and haven't ticked the box then they also don't want your probing their internals vie a bit of LSL.

 

There is of course a teensy problem here, you can use this to determine if a friend of yours has or hasn't ticked that box, but to be honest you can work this out for yourself by seeing if you ever bump into them without having been notified they're online. (Just saying this because if I don't I know somebody(s) who will

You can already check that very easy. If a friend does not show in the friend list on your dashboard, they haven't ticked the see me online box.

[Mollymews]

4 minutes ago, Coffee Pancake said:

That doesn't make it ok.

i don't disagree with this. If was up to me I would nerf this function by at least making it a permissions request

SL/LSL is a pretty nosey environment, and I often don't see any rationale for the nosiness other than to make it more convenient for residents who want to sell stuff

[Profaitchikenz Haiku]

1 hour ago, Bent Luik said:

You can already check that very easy. If a friend does not show in the friend list on your dashboard, they haven't ticked the see me online box.

Indeed, but the point is how to use the existing information LL already store to sort out permissions for the proposed new function.

[panterapolnocy]

https://modemworld.me/2021/07/24/2021-tpv-developer-meeting-week-29-summary/

Quote

Not strictly viewer-related, but Rider Linden proposed a new function via the forums – llIsFriend – on July 22nd, which sparked a lot of discussion via the forum thread, specifically around the question of privacy (having scripts from others – say a merchant or club owner  – able to read your Friends list) and the potential for abuse. Having had time to consider it, Rider noted the following during the TPVD meeting:

Quote

The more I think about it, the more a perms check is called for on that; [it is] probably not a perm that would be auto-granted in an experience, either. I’d set-up a new permission [that would] ask the person running the script, “may this script have access to your friends list?”

The more I think about it, the more I think it is not something that should be allowed invisibly behind the scenes under any circumstances … the added complexity does push it further back, tho. If a script wants to access your Friends list, it needs to be up-front about it.

 

 

[Wulfie Reanimator]

I think the worst-case scenario described by @Quistess Alpha for this function is acceptable.

Requiring permissions and the presence of either party is more than enough to curb the most likely/common abuse a function like this might have.

Though, I wonder if it would be better or worse (for utility) if the presence of agent_id was required instead of either.

(Also, thanks for asking before implementing, @Rider Linden!)

Edited July 24, 2021 by Wulfie Reanimator