(Admittedly, current open source JPEG2000 libraries aren't up to the speed of the proprietary library the official client links to. I hope that will be corrected.)
So... predictably, the rants have started from people unencumbered by knowledge of security. (Also logical inference. I've seen one complaint that on the very morning of the announcement, a place on the Grid was plagued by copybots. Never mind that copybot has been around for months...)
People have been thinking about security for a long time. Back in the 19th century, Auguste Kerckhoffs did so in the context of codes and ciphers, and wrote it up. (He was quite an interesting fellow; big in the Volapük community.) He set forth a principle that remains important to this day, though how it's stated varies:
- Assume the enemy knows the algorithm/has captured one of your devices.
- Security must reside solely in the cipher keys.
As has been stated repeatedly, things sent to your computer, such as textures and prims, can be copied. There's no way around it. You can go off in another window and look for a directory where the client keeps its cache, or fire up a debugger and trap calls to routines that expect a pointer to the thing you want to copy, or just press "Print Screen."
I hope that the open sourcing will lead to a great deal of experimentation with the user interface and with the way information is displayed, to improvements in security and performance as more skilled programmers have a chance to look at the source code, and that the improvements will, after study and verification, get back into the LL client.
Does this mean that you should go grab Nachtflugen Storm Doors and MMORPGs's custom SL client and use it? Not necessarily. You will have to decide whom to trust. (I doubt there will be many such clients, at least not in wide use. Changes to the SL client will have to run the same kind of gantlet that patches to the Linux kernel do.)
This is the same kind of trust you put in any program when you run it. You don't directly do anything on a computer; you run programs that you trust to perform as advertised and do what you want and nothing else. (That's why you should always run with the least privilege required to do what you need to do at the time. It minimizes the damage if your trust is misplaced.)
An SL client could, in theory, send your name and password to someone other than the server to loot your account at his or her leisure. Perhaps it's written by a left-winger who wants equal distribution of wealth, so that it gives away all your L$ and transferable inventory to the first N people you see, after making everything you created transferable. Maybe SpamCo commissioned a version that makes your avatar shout "Buy Gesornenplatz Beer!" every twenty seconds... or even worse, makes you actually buy Gesornenplatz Beer every twenty seconds, buying L$ when you go broke so you can keep doing it.
For that reason, I seriously doubt that there will be many SL clients out there in wide use. Most will be small experimental branches off the LL code used only by the person or persons experimenting, unless and until their creators have some way to establish the kind of trust needed for people to actually use their client.
P.S. If anyone reading this in time (unlikely at this point) gets to the meet with Cory, could you ask how people working independently on the client will be able to keep up with the changes/bug fixes in the versions that LL will no doubt continue to come out with?
UPDATE: The answer to my question: yes, it will be a pain for a while to have to update one's experimental client with changes in the official one, but one of the side effects of upcoming redesign is relieving that difficulty.
1 comment:
Great post, Melissa. I was wondering how that would affect security.
And it should be interesting to see "robots" or "agents" start appearing :) Im sure people will write cool stuff that will automate things we do in SL. That is wonderful and exciting news :)
Post a Comment