Any signed SL Viewer with RLV support? Second Life Viewer is signed, but no support for RLV.

[sandy25 Quinzet]

Any signed SL Viewer with RLV support? Second Life Viewer is signed, but no support for RLV. 

[Rowan Amore]

https://wiki.secondlife.com/wiki/Third_Party_Viewer_Directory

Catznip being the main one for RLV.  Firestorm also has it.  No idea which of the others on the list do.

[Aishagain]

I suspect the OP's issue is with signed certificates , which is proving an issue with some FS users that operate high security settings.  Both FS and Catznip employ the RLVa code developed by Kitty Barnett, which is broadly similar to the original RLV code, used by Marine Kelley's own Restrained Love viewer and one or two others, most notably the Kokua viewer.

I don't know the signature status of either Catznip or Kokua.

The most common reason for not signing off the viewer code (to my understanding) is the cost involved.

This matter regularly crops up at FS update time and the FS team are at pains to point out that despite it not being signed the FS code is entirely safe.

Edited February 24, 2023 by Aishagain
typos and punctuation correction

[Coffee Pancake]

5 hours ago, sandy25 Quinzet said:

Any signed SL Viewer with RLV support? Second Life Viewer is signed, but no support for RLV. 

4 hours ago, Aishagain said:

The most common reason for not signing off the viewer code (to my understanding) is the cost involved.

Hi, I help work in Catznip, we make RLVa before it goes to Firestorm etc.

Our code is not signed .. as is it would basically dox either myself or kitty and put real name and home address on the internet for the world to come see.

The viewer is built from source by git hub in a disposable virtual machine, we don't let our personal machines touch the binary we publish.

Edited February 25, 2023 by Coffee Pancake

[sandy25 Quinzet]

Problem with not signed binaries is, some of these Antivirus applications blocking the not signed executables.

[primerib1]

No TPV that I know of has signed binaries.

Lots of games I download from Steam also does not have signed binaries, but they all run well.

If your Antivirus blocks unsigned executables, turn off that feature and/or exclude from the executable you want to run.

 

[Henri Beauchamp]

Signed binaries are not any guarantee that the binary does not contain malicious code (it could have been compiled with secret, malicious code, then signed).

If you want the guarantee the viewer you run does not contain any malicious code, then compile it from sources yourself (it is much harder to hide malicious code in the sources, when the said sources are open; in fact, it is impossible to hide on the long term).

This is one of the strengths and one of the main reasons why Linux got almost no malware and virus: everything is compiled from Open Source software, unlike what happens with Windows and macOS.

<shameless self-promotion>

If you want an easy to build, RLV-enabled viewer, then the Cool VL Viewer is the best candidate; once the necessary build tools installed (gcc & Co under Linux, VS2022 under Windows, Xcode under macOS, with everything explained in details in the viewer's sources doc/*BuildHowto.txt files), you just need to launch a single script/batch file command from a terminal to build it.

</shameless self-promotion>

Edited February 25, 2023 by Henri Beauchamp

[Coffee Pancake]

7 hours ago, primerib1 said:

No TPV that I know of has signed binaries.

I just checked, and Firestorm do .. the Mac one especially so or voice doesn't work.

[Coffee Pancake]

consults her crystal ball .... 

I see ..wooo <over dramatic waving> .. Gavin and Henri will derail the thread fighting over operating systems again .. <falls over> ... I am not drunk! Who said that! @##$%^

Edited February 26, 2023 by Coffee Pancake
~~ you were all warned ~~

[Quistess Alpha]

5 hours ago, Henri Beauchamp said:

you just need to launch a single script/batch file command from a terminal to build it.

Thank you for your hard work making that a thing without whatever black magic the other viewers are still using!

[sandy25 Quinzet]

Firestorm has signed binaries? Please can you share the link? Link i am using it does not have the signed.

[primerib1]

2 hours ago, Coffee Pancake said:

I just checked, and Firestorm do .. the Mac one especially so or voice doesn't work.

Ah it does? Well I stand corrected then.

Because I have all viewers except Firestorm on my computer, so I don't know.

[Gavin Hird]

The macOS version of my viewer preview builds are both signed and notarized. Windows version is not.

[Gavin Hird]

11 hours ago, Henri Beauchamp said:

This is one of the strengths and one of the main reasons why Linux got almost no malware and virus: everything is compiled from Open Source software, unlike what happens with Windows and macOS.

There are absolutely no examples of malware for Linux are there? /sarc

When it comes to macOS, a very large portion of the system is open source as well. For Windows it is pretty much close to ZERO. 

Edited February 25, 2023 by Gavin Hird

[Henri Beauchamp]

53 minutes ago, Gavin Hird said:

There are absolutely no examples of malware for Linux are there? /sarc

You should read better what I wrote: ”Linux got almost no malware and virus”

Yes, there are examples, such as injections via ”pip” with a hacked Python extension on github...

However, if you limit yourself to your distro's packages and the Open Source software you compile yourself, you just never have any issue; I have been using Linux since 1993 and never, ever had encountered any malware, rootkit of virus on any of the many PCs I have been running it onto.

Edited February 25, 2023 by Henri Beauchamp

[Gavin Hird]

7 hours ago, Henri Beauchamp said:

You should read better what I wrote: ”Linux got almost no malware and virus”

Yes, there are examples, such as injections via ”pip” with a hacked Python extension on github...

However, if you limit yourself to your distro's packages and the Open Source software you compile yourself, you just never have any issue; I have been using Linux since 1993 and never, ever had encountered any malware, rootkit of virus on any of the many PCs I have been running it onto.

I have used macOS since 1986 and never encountered any malware, root kit or virus on any of the Macs I have personally owned or the thousands I have managed.  
 

The only platforms that have real malware issues are Windows and Android. 

[Kathrine Jansma]

On 2/25/2023 at 9:34 AM, sandy25 Quinzet said:

Problem with not signed binaries is, some of these Antivirus applications blocking the not signed executables.

If you just want to silence the Antivirus, you have a few options:

1. Configure AV to ignore the signing part.
2. Convince someone to create signed binaries
3. Shell out around 200 €/$ per year for an authenticode signing certificate. There are a few commercial options for that.
4. Sign the application yourself...

            See for example:  Using Powershell Authenticode Certificates to Self-Sign Application - Ipswitch

 

[Aishagain]

13 minutes ago, Kathrine Jansma said:

Configure AV to ignore the signing part.

and how would we do that, please, Kathrine?

[Kathrine Jansma]

Depends on your AV solution.

At least Windows Defender does not care for Signatures. It might warn, but in details it lets you install whatever you want.

Code signing is really just an indicator to show that a binary is really by the organization it claims to be created from. But if that organization is Evil Inc. it will not help against malware at all. Unless you explicitly had a list of trusted organizations configured or manually check it, thats basically useless as a defense.