Sassy Romano

Disclosure Residents are entitled to a reasonable level of privacy with regard to their Second Life experience. Sharing personal information about your fellow Residents without their consent -- including gender, religion, age, marital status, race, sexual preference, alternate account names, and real-world location beyond what is provided by them in their Resident profile -- is not allowed. Remotely monitoring conversations in Second Life, posting conversation logs, or sharing conversation logs without the participants' consent are all prohibited. From https://secondlife.com/corporate/cs.php

Keeping low amounts in SL and cashing out regularly (other than for the increase in transaction costs) is not a suitable answer as this only seeks to protect the L$ balance and does nothing to protect the account itself, the assets in inventory or any intellectual property on those assets, that's the point in strong authentication. Multiple accounts to attach to vendors? I don't understand what you mean here. The logistics of using multiple accounts to create and sell products under, very quickly becomes unworkable. Moving assets between accounts and the resetting of permisssions is an absolute nightmare, keeping track of assets becomes a job of its own. Marketplace does not allow consolidation of stores so the result would be a very fragmented result with awful searchability. As for inworld vending systems, I do not know of any off the shelf ones that support multiple accounts and present a single vending experience. The one that I use inworld was custom created by my partner at the time, to a specification that we worked out. The better solution on many levels, remains to provide strong authentication to the account, to secure access to it, not to just shrug and try to reduce risk after the compromise of the account. 2FA is far from a "latest geek ritual". It's a time served strong authenticator. Can I say bank chip and PIN here? You know, those risk averse banks, they're pretty keen on 2FA for a reason. The only reason the US banks have been so slow to adopt this is because they place the risk on the customer, that's not the case elsewhere and it's the bank who has the risk of account fraud. I don't recall any geeks ever implying that https would be a be all and end all. For a start, it's not an authentication method, so has no part to play in this at all. Complex passwords are only to mitigate dictionary attacks, they do little to mitigate rainbow table attacks. Passwords are no longer appropriate. Rituals don't prevent theft, strong authentication, strong encryption, good practices do. "The single greatest way that people in SL can eliminate misuse or theft of their accounts is by never giving out their passport." Of course, but how do you prevent the mistakes, the phishing (which was the reason for the subject)? The object of 2FA is to provide strong authentication... it mitigates the phishing links, it removes the guessing of weak passwords, it removes the dictionary and other password guessing attacks. 'Hacks do not happen due to lack of 2FA; they happen because of either dirt-simple passwords or this partner access problem.' You do realise that both of those are then completely mitigated by 2FA? I don't need to Google anything about Apple, you brought Apple up, it was out of context in the first place and has no relevance to this topic so i'll ignore it from here onwards. (Aside from the fact that i'm fully aware of the details of the Apple/FBI stories) 2FA doesn't have to be complex, it can be delightfully simple and enjoyable to use in preference to anything else. Here's how I use 2FA to log in to my PC:- "I just sit in front of it" - Done. (Google that!)

Simple, cancel the sale and offer at higher then the current highest and they'll sell immediately.

Prokofy Neva wrote: The reality is, if you don't want your money stolen from hacking in SL you have to use a variety of safeguards and back-ups and limits and not rely only on rituals like complicated passwords or 2FA if it is installed. Um...such as?! *blinks* You're completely missing the point here, what you described was a state sponsored, man in the middle attack which is completely different to what is being requested as a solution here for a different risk and set of actors. Right now we HAVE to rely on password only authentication, there simply is no other option for SL, it's way behind the curve here and yes 2FA is an easy way forward and done properly can be very simple, not complicated at all. Coming up the response to the problem of, "I will add an alarm to my house to supplement the key" and responding "ah but that's too complicated and the real problem is state interception of the alarm code and threat by foreign super powers with nuclear weapons and...squirrels, don't forget the angry squirrels! Lets stay on track and point LL towards current *appropriate* good practice. (By the way, I would expect the NSA already has Apple's code signing key but the public face of Apple can declare whatever it likes to keep the customers happy. The NSA is also likely to have the code signing key through means unknown to Apple)

Alwin Alcott wrote: Sassy Romano wrote: Maybe you miss the point? no i .. if you see how many people respond to the phishing emails from fake banks giving out their social security numbers, bank codes, CC verification codes... even send them the cards, and so on.., as they serve you a drink it's a dream to think 3way verification will prevent the people being phished. Well that depends on the value that someone places upon their account. There's NO excuse to NOT implement it as an option for those of us who value our accounts and if it were made mandatory, it would eradicate the phishing within SL and potentially much of the fraud. You can't fix stupid people (or even ones who are caught off guard) but if SL were to require two factor authentication then things would change. Those elements that you mentioned above are useful for various reasons, SSN alone is not an authenticator, CVV alone is not an authenticator, a card alone is not that useful. I could send you my CC and it's not going to find much use in a country where a PIN is required etc. The data that you referred to is just that, it's data and more often used for identity theft or further social engineering attack. I could tell you my PayPal username and password but you won't get in with those alone because you don't have my phone with the registered Verisign agent coupled to it. The second factor has to be something I have, that you don't. It could be something like a software token client on a phone, an SMS capability, secure element on a device such as a Yubikey (or similar), an enrolled certificate on a device such as a phone, coupled with a biometric such as fingerprint or face recognition, the list goes on. What doesn't work anymore is username and password, there really is no debate here.

Pamela Galli wrote: May I quote this as a lab chat question? Maybe if several of us asked about it? Sure, as long as you're prepared to hear just *crickets* afterwards :matte-motes-zipped:

Alwin Alcott wrote: yes ánd no... the ones who are so "clever" to enter their info at malicious sites will do the same as now... happely typing their paswords and other info... Don't forget Hackers, terrorists and other criminals are always ten steps further than implemented software/security. Maybe you miss the point? That fake site might get their username/password but wouldn't have the required server side component to generate or handle the token challenge, without this, the user credentials would be worthless to authenticate to Second Life.

bigmoe Whitfield wrote: "hacking" of accounts is not taking place. it is accounts being phished, that means users are clicking links they think are legit and giving the bad guys their informations, if SL was being hacked, LL would do what they did in 2006, where they made everybody change their password. so there is no "hack" , now onto your 2 step idea. while that;'s doable, I suspect at this late in the game they will not implement it. Two factor authentication would alleviate the phising and given that there's potential for RL sums of money to be stolen, there's really no excuse for LL NOT to do this, it's not that complex given the number of auhenticators and APIs available. Passwords are just too weak today. As far as being late in the day, this should be a must have element for their next platform and so the code re-use would be easy.

I still tend to disagree with the notion that a review earns reward regardless of good or bad. The issue is that it's a human trait that when receiving a reward, it's usually going to be for something equal in return thus I would suggest that someone is far more likely to leave a positive review when they know that they will be rewarded. If the new search is biased towards returning results with reviews than that in itself is wrong.

My experience (and product range) is the same, same number of annual reviews and refunds. Regardless of what a broken search system does though, I won't pay for a review, good or bad. If someone wants to leave one of any style, they're welcome to it. Biasing a search result on reviews is just SO open to gaming that is a joke. (If that's what they're doing) Personally, I'm so disengaged, I'm way past caring.

Hmm, one thing that I can think of that might work is 123D Catch from Autodesk http://www.123dapp.com/catch What that does is take a number of pictures with a camera that you take from mutliple sequenced angles but I don't see why you couldn't simulate the same in SL. Pop avatar on a stand against a clean background and take snapshots but instead of using a physical camera, you'd take screenshots. It would be even neater if you had a scripted pose stand that rotated but that's just a luxury. The result is a point cloud model and as I understand it you want to pass that to a 3D printer. Try it. Might work ok.

Indeed. If I sold now you'd see 252.

Well.. Read the other similar threads because the answer hasn't changed because the reasons are the same. Wait for the next platform perhaps, since that has VR as a target platform.

Oh you mean because of the forum post today (last night) asking for money...?

Have you thought of posting in the "wanted" section and maybe describing or doing sketches of what you actually want? Although my hackles tend to be raised as soon as someone says "not a stupid high price" as it usually means they don't understand the need to pay RL bills from income derived from many hours expended making custom mesh items! Perhaps define what your budget is too...if you get no responses, figure that either the budget is wrong or the appetite to make the item in the hope of resale is too low. On the other hand, you could pay that stupid high price (which is actually a fair price for the person creating it) and then YOU have the item full perm and can sell it yourself. Own the risk etc.

Some of my products have been doing this for years, it's pretty trivial. I would suggest that RLV is better than permitting auto hide as some of those items leave the item present and clickable! I'm pretty certain there was a script for general use around ages ago on MP which is why I didn't bother to make a general one. If you can't find anything, let me know.

L$1,400,000, 7 weeks.

Ok, then you don't understand how it works at all but let me help with a dump of the current market data:- You see, you CAN buy L$ for a single dollar, how many would you like? As you can see, most people are selling them for between L$248 to L$250. You can buy L$10,000 or in fact as many as you like for $1 US...IF you can find someone willing to perform that transaction. (Money laundering rules aside, there are ways to achieve this while remaining within the TOS). But the simple fact is that the trading rates are those show below and if there's no demand to buy or sell, those people hoping to sell @ L$231 for $1 will have their turn or those who want to buy L$279 for $1 will get theirs. They just have to wait for the other half billion L$ to change hands first without anyone coming along with a better offer in between. *shrugs* LL as the original vendor will have seeded the market but once in circulation, the market rate will prevail, just how it is, do as I suggested and have EVERYONE stop transacting until they get to the rate you want. Simples! 

The "what it's worth" question is answered each time when one resident buys L$ from another resident. You too can influence this by choosing at what rate to transact. Contact all your friends (and a few hundred thousand others) and all agree to boycott those residents who are offering at what you feel is a price too high. That's all there is to it, simples!

They can be linked, that will work, they will remain static and clipping may be an issue but there's no need to use them as a separate attachment.

Tenly wrote: So maybe they dont "sell" on the marketplace...but they could have a presence and upload ads like the realtors do. you buy the card fo NO lindens...usually has a description and always has a SURL. To do that would be a Marketplace listing violation. https://marketplace.secondlife.com/listing_guidelines#non-item-listings

No need for an apology and you're not bothering anyone. I was just setting out to explain a couple of things, particularly around copyright of the design and just to attempt to set expectations around potential cost for a custom mesh creation Question:- Who owns the copyright of the design you showed?

Multiple failures according to the Orders log but surely they must be figments of my imagination, I can't believe they exist, not after all the work put into Direct Delivery and then Viewer Managed Marketplace.

Well since nobody else has answered, i'll at least pick up on a few elements. The first question is "who holds the copyright on the original design?" Creators here cannot (should not) create items that they do not have permission to reproduce and the ToS is a bit hmmm in this respect which makes it even harder to fully comply. Having established rights to the design, the next question is whether this would be only for you as a single custom item or available to the creator to resell (although it's not going to be an item in demand so it is unlikely to attract anyone as a volume saleable item). On that basis, lets assume that it's a one off, it could take someone 3 to 5 days (or more) to fully create, weight, test etc. Lets just call it a week as a guide and assume that's a working week so 40 hours. What would this person be doing as an alternate for their 40 hours? Making something that sells in volume! So, lets now assume you're paying contract rates (low ones!) of $20 per hour, you're looking at $800 or in terms of L$, that'll be L$200,000. But wait a minute, you've seen full avatars on Marketplace for L$1000 so how dare they ask for ridiculous amounts! As I said, those L$1000 are volume sales, not one off items but so often, people are conditioned to expecting a full perm mesh item for L$1000 or so and consider anything different as a rip off. Someone slaving away for 40 hours, their whole work week does rather command more than $4 US. This is possibly why you've not received any response, people have tired of explaining this. So, whether this is ridiculous or not to you, you shouldn't expect to find quotes for a unique item which start at L$100,000 to L$250,000 as particularly odd. On the other hand, you may find someone who does not value their time and for which this project is not competing with any other demands on their time, you never know. Someone might do it for nothing, just for fun.

It will be classed as resident to resident dispute and they will not get involved. Had the purchase been on Marketplace, they would because LL is the delivery mechanism and besides the system shouldn't take payment if there's no stock. I can't understand why an inworld system should take funds if there's no stock but then it's not my vending system. My vending system won't even take money for a duplicate purchase because you can self redeliver, it wouldn't be right to take money again. Anyway, inworld purchases are 100% Caveat Emptor I'm afraid.