Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by animats

  1. I just noticed that I'm not getting emails from my in-world objects this afternoon.

    Last received email was at 12:41 PM. There should also have been emails at 3:50 and 4:50 PM SLT.

    My NPCs send me a short IM and a long email with a dump when something goes wrong. I'm getting the IMs (as emails), but the emails the objects send to owner with llTargetedEmail are not showing up.

  2. Found that. Filed AR:

    Shoots down aircraft.
    Teleports home anyone entering parcel.
    Discussed on forums.
    Mint Home Security System V1.9.0

    I tried "assault", since pushing on safe territory is considered that. Teleporting people home is not allowed by the Bellessaria covenant.

    Help keep Bellessaria clean of anti-aircraft weapons!

    • Like 7
    • Thanks 4
    • Haha 3
  3. Here's some authentication code I use.

    key logstring(string s)                     // sends a POST to an API endpoint for logging
    {   if (gLogURL == "") { return(NULL_KEY); }// logging not enabled
        s = llStringTrim(s,STRING_TRIM);        // trim string for consistency
        list params = [HTTP_METHOD, "POST"];    // send with auth token
        params = params + [HTTP_CUSTOM_HEADER, "X-AUTHTOKEN-NAME"] + gLogAuthTokenName;
        params = params + [HTTP_CUSTOM_HEADER, "X-AUTHTOKEN-HASH"] + llSHA1String(gLogAuthTokenValue + s); // key is SHA1 of of authtoken followed by message
        return(llHTTPRequest(gLogURL, params, s)); // make HTTP request

    I want to log string s to my server at url gLogURL. s is a JSON-formatted string, although that doesn't matter here.

    First, the string is trimmed, to avoid any ambiguity about where it begins and ends, which matters when taking a secure hash.

    Then the HTTP parameters are used to carry some data. It's a POST operation, since we're sending a string. Two custom headers are added; X-AUTHTOKEN-NAME and X-AUTHTOKEN-HASH. Think of the "name" as an ID which tells which hash is in use. The X-AUTHTOKEN-HASH is the SHA1 secure hash of gLogAuthTokenValue followed by the string being sent.

    At the receiving end, the server extracts the SHA1 hash, which is always 40 characters, and the string s, which is the rest. It trims the string, just in case HTTP stuck a line feed or a null or something at the end. Then the server takes the token value, which is a secret known by both LSL script and server, appends s, and computes the SHA1 hash. This must match the hash value just extracted from the received message. If they match, both ends are using the same shared secret value, the one in gLogAuthTokenValue.

    Known vulnerabilities:

    1. Someone getting hold of the key from the LSL script. The part of the script with the key must be no-mod at all times and not visible to the public anywhere. This is the most likely cause of trouble.
    2. Replay attack. Someone could intercept a message and send it again. If sending the same message twice is a problem, messages need timestamps or serial numbers to prevent that. That's useful anyway, in case something retries.
    3. Breaking SHA-1. From a cryptographic perspective, SHA-1 has been "broken". It took 110 GPU-years on 2017-vintage GPUs. So someone could, for US$20,000 - US$50,000 in AWS bills, send one message of their choosing to your server. How much money does your opponent have?  (SHA-2 is more secure and currently recommended, and LSL should offer a built-in SHA2 function, but it's not available yet. SHA-2 in LSL code is available but slow.)
  4. 2 hours ago, ItHadToComeToThis said:

    And thus September was halfway gone

    Updates from the lindens there are none

    Four months have passed and we do not see

    Any sodding land that's available to me

    I could buy private, yes that's true

    But the current owners...are charging through the roof

    But this is bad poetry so what do I know

    Not too much longer

    Because this s*** is slow


    Thank you, thank you *bows* *bows*. That was my contribution to "God Awful Poetry Friday"


    There's still plenty of abandoned land. There's cheap land in the Linden auctions. The locations aren't good, but some are at least roadside.

    • Haha 1
  5. 17 minutes ago, Phate Shepherd said:

    I did several circuits around your region corner prim. Never got left behind, but in one instance, lost vehicle control. I suspect that your region crossing protection code likely reinstates controls when crossing into a new region to combat that.

    Thanks. Yes, that's part of region protection. There's also slowing down for region corners, waiting for avatars to catch up, and restarting animations. I think LL is trying to eliminate the need for all that, based on some recent changes, but has not yet succeeded.

  6. 1 hour ago, Phate Shepherd said:

    I also found that it appears to be active on 1-4. They were returning URLs of the form: http://simhost-07ecfc0bf885aed5b.aditi.secondlife.io and both inbound and outbound was working.

    Yes, Cloud Sandbox 1,2,3,4 all working. I get to see some cloud region crossings logged for the first time.

    So I ran my usual region crossing tests in a 4-sim sandbox, going round and round, and sometimes going straight for the sim corner on a bike which has various protections against region crossing problems.

    One crossing, not near a corner, took seven seconds. One near a corner took more than 30 and failed. The avatar got Left Behind. This is the same behavior seen on the main grid. Interesting that it can be reproduced in an empty sandbox on AWS.

  7. Didn't want to put this in Oz's pinned topic, but that's what it's relevant to.

    Outbound HTTP from Cloud Sandbox 4 working fine. Data from the server that logs region crossings for my test bikes. (Only ones that say REVIEW or DEMO do this; if you buy one, it doesn't have the logging.)

    | timestamp           | shard   | region_name     | owner_name       | object_name                        | eventtype  | msg                                           | auxval   |
    | 2020-09-10 11:55:07 | Testing | Cloud Sandbox 4 | animats Resident | Smooth Cruiser - V2.7.1 (REVIEW)   | SHUTDOWN   | Distance traveled (km)                        | 0.145052 |
    | 2020-09-10 11:54:39 | Testing | Cloud Sandbox 4 | animats Resident | Smooth Cruiser - V2.7.1 (REVIEW)   | SITTER     | on prim #1 :animats Resident distance to seat |  1.37295 |
    | 2020-09-10 11:54:39 | Testing | Cloud Sandbox 4 | animats Resident | Smooth Cruiser - V2.7.1 (REVIEW)   | RIDERCOUNT |                                               |        1 |
    | 2020-09-10 11:54:39 | Testing | Cloud Sandbox 4 | animats Resident | Smooth Cruiser - V2.7.1 (REVIEW)   | PERMS      | Got permissions                               |        0 |
    | 2020-09-10 11:54:38 | Testing | Cloud Sandbox 4 | animats Resident | Smooth Cruiser - V2.7.1 (REVIEW)   | STARTUP    | animats Resident/animats                      |        0 |

    "Shard" is from what the sim is sending in the HTTP header "X-SecondLife-Shard". It's "Testing", the documented value for the beta grid, not some new value for AWS. The main grid uses "Production" there. Everything I look at looks exactly the same. I went over to the nearby Sandbox Pristina, which is not on AWS, and got the same values.

    Looking good.

    Only Cloud Sandbox 4 has outbound HTTP on right now; Cloud Sandboxes 1, 2, and 3 do not.

    I don't look at the source IP address; I authenticate using a MD5 signature computed in LSL and verified by the server. Checking for "this is really coming from SL" by IP address will not, as Oz points out, work very well. All you can find out that way now is that it's on AWS.


    • Thanks 1
  8. We don't often see distant hills in Second Life. On Strawberry Linden's blog, a recent picture showed some.


    North Dakota looks big.


    Same location. Ultra, no special settings.

    It really does look that big in SL. Go there. It's not done with a huge draw distance. It's one sim, surrounded by off-sim mountains. Those show even outside the draw distance.

    Some time back, I was suggesting that SL should do something like this automatically on mainland. Outside the draw distance, draw the bare terrain of distant sims at low resolution. I wondered what that would look like. Now I know. It looks good.

    Worth looking into more.

    • Like 4
    • Thanks 1
  9. 1 hour ago, Aethelwine said:

    Frustrating SL-13785 is hidden.

    Yes. Once a problem is accepted, it goes into some kind of internal JIRA queue where users can see neither the contents nor the status.

    Closing a user JIRA as a duplicate of an SL JIRA is kind of bad, though. The user JIRA should remain live, but dependent on the internal one. Users may have more info to add.

    This was discussed at Server User Group today. The server dev team is totally focused on getting SL onto AWS by the end of the year. The two big server side problems right now seem to be region crossings and group chat, both of which have been modified in preparation for the move to AWS and both of which seem to have been badly impacted by recent mods.

    Simon Linden has way too much to do. LL is trying to hire more people to work on the server side of SL.

    • Like 2
  10. 31 minutes ago, Lucia Nightfire said:

    What SL developer is going to bring anything remotely like that to SL?

    One whose management knows fear.

    Fear of competitors with more money, more users, more technical know-how, and more sharp teeth.

    Linden Lab has had an easy ride for a few years. Not much competition in the virtual world space. Then, about a year ago, people started talking more about the "metaverse". Look who I quote in this topic. Not gamers. Business magazines. People with money think there's money to be made in this space. Things are happening this year. See my previous posts, and Brian Schultz's blog.

    Second Life is not doomed. But it's not safe for Linden Lab to just coast any more.

    • Like 2
    • Haha 1
  11. 11 minutes ago, Madelaine McMasters said:

    I'm with Molly. I've been here 12 years and there's been no improvement at all in avatar collision handling. I went dancing last night and watched half the crowd dancing through each other's bodies and fully a quarter of them with feet buried in the floor. I got tired of seeing that 11.95 years ago.

    A full fix to visible motion would be really hard. But a partial fix, with some viewer side collision detection during animation, could help. So can systems that do implicit motion based on the situation. That's pretty standard in games, and SL does it with animation overriders. It's easier to fix this for moving avatars than for stationary ones being animated by user animations. In motion, the AO has freedom to do the right thing, and if it did a smarter right thing, like having a clue about foot placement, that would be OK. Here's the next generation of that technology.

    The part of the UE5 demo where they show off the motion warping and control system.

    The character moving around has a relatively simple model for control purposes. It has a "super AO" that's reacting to the objects around it.

    • Like 1
  12. On 9/6/2020 at 3:00 AM, Love Zhaoying said:

    Can us Premiums chat with the bot when we are bored / lonely, or is that abuse? Asking for myself.

    • > Hello. Is this the LL chatbot? I want to talk to the chatbot.
    • Here is a related answer:
      • Hi Boxy
    • Did you find the answer helpful?
    • > Yes
    • That's awesome. Let me know if I can help with anything else.
    • Is there anything I can help with today?
    • > Tell me how to get started with a mesh body.
    • Thanks! I will transfer you to one of my minions. They will be happy to assist you!
    • Thank you for contacting Second Life's live chat support. It looks like you have reached out to us outside of our support hours! Our support hours are from 9 AM EST to 5 PM EST.  Linden Lab will be closed Monday September 6th in observance of Labor Day.
      So, yes, we can talk to the LL chatbot, but it's neither useful nor interesting.
      I've been looking into chatbot systems for my NPCs. It works only if you have a lot of questions coming in and a staff to answer the ones the chatbot can't handle. Questions the chatbot couldn't answer have to be reviewed periodically by humans and answers written for them. This is a huge win if you're big and several thousand questions are coming in each minute. You'll probably hit 95% coverage on common questions in a few days. LL doesn't have the traffic to do that fast. Unless you collect the fails and add new questions and answers, it never gets better, of course.
      As a test, I put the GTFO FAQ into RASA chatbot format and ran it. It works, but it's not very useful. Not enough questions and answers.
      These things are pretty dumb, but they're getting good at matching the question to a set of stored questions, even if it's worded very differently. That's the machine learning part. The machine learning system has no clue about the answers, but can match two sentences that have roughly the same meaning.
  13. Let us know what you find. Tell us triangle counts. I'm always looking for low-LI clothing for animesh.

    For my animesh NPCs, I had a low-LI hoodie and sneakers made for me by Duck Girl. These are low-LI rigged mesh. Animesh are charged 1 LI for each 666 triangles. Typical SL shoes with 20,000 triangles each are just not on. So if you do animesh, you really need such low-LI clothing.


    4 LI sneakers. You don't need 20,000 triangles for shoes. That's 4 LI for both.

    • Like 1
  14. What are you trying to do? Encrypt, or authenticate?

    Base64 is not encryption. It's just a way to get binary numbers into a set of characters that will pass through most text handling systems.

    LSL has SHA-1 and MD5 hashes available. They're not secure by modern standards, but they require a fair amount of compute power to come up with a collision, and unless you have a well-funded adversary they're probably good enough. I've used an SHA-1 hash to validate log entries I make to a server. I was originally considering doing a racing game, and wanted to avoid people messing with the results. That's not hard.

    The LSL random number generator is not random enough to be used as a key generator. "The random number generator is not a source of entropy." - LL docs.

    If you're sending messages to an outside server, you can use HTTPS, and get regular web-grade encryption. You can probably even do object to object HTTPS within the LL world.

  15. I think a recent fix did not produce the intended result. See BUG-229312.    It was a reasonable fix, but it has side effects.

    Vehicle builders seeing new problems should come to Server User Group at 1200 SLT on Tuesday. This needs a discussion between vehicle builders and the Linden dev team. Managing SL region crossings well requires a cooperative effort between vehicle scripts and sim servers. If you want the technical details, read the referenced JIRAs.

    • Thanks 1
  16. 3 hours ago, Wulfie Reanimator said:

    OpenGL is like 30 years old. No tech should be supported (or developed/maintained) forever. Eventually, new things come along with more benefits and less baggage.

    Metal might be "Apple specific" but I make the same argument for Vulkan, for example.

    There's an open source cross-platform adapter to make Vulkan work on Apple platforms. Because you really don't want to maintain two very different versions of the viewer.

    There's also something called "Zink", which is an OpenGL adapter for Vulkan. That would be useful in porting the viewer for the parts that aren't 3D - the dialogs and windows, for example. You don't need physically based rendering and custom shaders for the chat window; boring old basic OpenGL functions are enough.

    • Like 1
  17. "Fortnite is a game. But ask that question again in 12 months." - Epic CEO

    Fortnite has tried concerts and special events with success. Users can create "skins". But it's what we in SL call "getting dressed". It's just putting together an outfit from items made by others.  Users can create levels. All that is tightly controlled; you can't just make something. Epic takes a cut of revenue above 90%. They're terrified of losing control.

    Second Life has a social culture that works, and doesn't need heavy governance. Linden Lab does well at running a municipality. Property rights let the users do most of the work. LL's big problems are over them falling behind in technology. SL ought to be the Metaverse, but it's not happening.

    • Like 1
    • Haha 1
  18. I think teleporting in SL is much too easy. You can teleport from anywhere to almost anywhere. At one time, that wasn't allowed. You could only go from telehub to telehub. And you couldn't even fly without a "flying feather" attachment. That was before my time, although I recently got a flying feather from a dispenser at a dead university sim.

    What's the history on that?

    • Like 4
    • Haha 1
  19. 3 hours ago, Luna Bliss said:

    I share your enthusiasm for the Metaverse.  Ideally I'd like to have an avatar that could transport to all niches of the Metaverse  :)

    For now though, I'm going to check out Nostos, even though it's not ready for prime time and likely to be buggy.  The graphics are just so beautiful. Hopefully, it won't be a waste of 20 bucks.

    Nostos is gorgeous. It's a game that you play and finish, though. Some people claim to have cleared Nostos in 3 hours. It's not a place to live, like SL.

    • Like 2
  20. 1 minute ago, Mollymews said:

    one day somebody is going to make a avatar. Then make a world for it

    millions and millions of dollars gets spend the other way around. Make a fairly good world scene-wise and often quite good toolsets. Then stick a box in it as the avatar with a promise that one day the box is going to be awesome. And it never is, it stays as a box with stuff stuck on it

    Now that's a good insight. Almost all the attempts at a metaverse other than SL have cartoon-grade avatars. Games, on the other hand, are getting close to photorealism. It's not that it can't be done. There's a reluctance to go there.

    Where should SL go? Further towards realism?


  • Create New...