SL project updates 43/1: server, viewer, exploits

La Vie; Inara Pey, October 2017, on FlickrLa Vieblog post

Server Deployments for Week #43

As always, please refer to the server release thread for updates and the latest news.

  • There was no deployment or restart for the Main (SLS) channel on Tuesday, October 24th, leaving it on package #
  • On Wednesday, October 25th, the RC channels should be updated with a sideways roll to server maintenance package, #, comprising internal fixes, cuerrently deployed to the Main (SLS) channel.

SL Viewer

On Tuesday, October 24th, the current Maintenance RC viewer updated to version All other viewers in the current pipelines remain as per the end of week #42:

  • Current Release version, dated September 22, promoted October 13 – formerly the “Moonshine” Maintenance RC.
  • Release channel cohorts:
    • Wolfpack RC viewer,version, dated October 20 – this viewer is functionally identical to the release viewer, but includes additional back-end logging “to help catch some squirrelly issues”.
    • Alex Ivy 64-bit viewer, version, dated September 5.
    • Voice RC viewer, version, dated September 1.
  • Project viewers:
  • Obsolete platform viewer version, dated May 8, 2015 – provided for users on Windows XP and OS X versions below 10.7.

Exploits Update: No Copy Items

One area of concern / upset for content creators has been the use of server exploits to generate copies of No-Copy items. These have been frequently used to fold the Market with illicit copies of gacha items. The Lab has been aware of this, and some of the recent server-side updates (which are now grid-wide on Agni) have been to address these problems, as Simon Linden explained, relaying Mazidox Linden’s comments made at the Server Beta Group meeting on Thursday, 19th October:

Some of our recent internal fixes included changes to our back-end systems which will no longer allow certain exploits used for duplicating no-copy content, and make it easier for us identify when anyone uses similar techniques in the future. We haven’t solved all the problems outright, but we’re making good strides.

Simon went on to add, “There is more work to be done, and we want to do it.”

Obviously, the Lab is always interested in learning about potential exploits within the platform. Anyone identifying such an exploit – such as a means to deliberately crash a simulator – is asked to file a SEC (non public) JIRA detailing the exploit. There is a new region on Aditi (the beta grid), called Crash Me, which can be used to test  / demonstrate ways the simulator might be crashed.

If a creator notices that there are endless amounts of their items on marketplace, and they suspect their items have been exploited, and JIRA Bug report should be raised.