This is a little long in the tooth, but I’m caught playing catch-up on a number of things, so apologies on my part.
As most will be aware, there has been a lot of coverage about the Heartbleed OpenSSL vulnerability in the course of the last week, and the impact it may have had over the last two years in exposing what should have been secure information.
The vulnerability is so-called because it affects an extension to SSL (Secure Sockets Layer) which engineers dubbed Heartbeat. It is a server-side exploit which could affect almost any system running any version of OpenSSL from the past 2 years, and allows an attacker to gain control of up to 64kB of the server’s working memory at a time, enabling them to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.
Because of the widespread nature of the issue and the concerns it raised, the Lab issued a blog post on the matter on Thursday April 10th, which reads in full:
Many of you may have read about the Heartbleed SSL vulnerability that is still affecting many Internet sites.
You do not need to take extra action to secure your Second Life password if you have not used the same password on other websites. Your Second Life password was not visible via Heartbleed server memory exposure. No secondlife.com site that accepts passwords had the vulnerable SSL heartbeat feature enabled.
If you used the same password for Second Life that you used on a third-party site, and if that third-party site may have been affected by the vulnerability, you should change your password.
Supporting sites such as Second Life profiles are hosted on cloud hosting services. Some of these sites were previously vulnerable to Heartbleed, which may have exposed one of these servers’ certificates. As an extra precaution, we are in the process of replacing our SSL certificates across the board. This change will be fully automatic in standard web browsers.
Thank you for your interest in keeping Second Life safe!
Due to the weekend, there has been no further news as to whether the Lab has completed replacing the SSL certificates for those services which may have been exposed. Hopefully there will be a further update on Monday April 14th. In the meantime, if you have used the same password for SL that you used on a third-party website and wish to change your SL password as advised in the blog post, you may want to refer to the Lab’s password protection page on the wiki.
On Wednesday April 9th, I reported on an error with the Transaction History page on people’s SL dashboards which lead to some upset and confusion after the familiar page was replaced with one that failed to show totals, and which had the familiar .XLS and .XML download options replaced by a single .CSV option. The change lead to forum comments and a JIRA report (BUG-5664).
The page itself was reverted around an hour after concerns were first raised, and Ebbe Altberg stepped into the forum to offer apologies and an explanation:
In an attempt to improve we made a few mistakes and caused some misunderstandings as well. We rolled back the changes and will work on getting it right. The team is looking at feedback and will communicate a plan for how to get there.
On Thursday April 10th, the Lab issued a blog post on the matter, providing further information on the situation, including the fact that they will be seeking input from users on proposed changes to the Transaction History page.
The post reads in full:
Earlier this week, we rolled out a few changes to the Account Management web pages for logged-in users at SecondLife.com, which were aimed at improving these tools for users. One of the changes we made updated the Transaction History page, and we heard lots of feedback that not all of the changes to that page improved our customers’ experiences or met their needs. So, we quickly reverted to the old Transaction History page.
We’d like to get some additional user feedback on the new Transaction History page so that when we make the changeover, the functionality best matches what Second Life users want and need. Once we are ready, we will post instructions on how to review the new page and provide feedback. We will not take down the old page until we have had a chance to review feedback and make appropriate changes to the new page. Check back on this blog for more details as they become available.
This is a positive step by the Lab, both in rectifying the error rapidly and in admitting their mistake. Hopefully, I’ll have a further follow-up once the additional information is published by the Lab.
Update, April 13th: the full transcript of Ebbe’s VWBPE 2014 address is now available.
On Friday April 11th, Ebbe Altberg, Linden Lab’s CEO addressed a pack amphitheatre at the 2014 Virtual Worlds Best Practice in Education (VWBPE) conference in Second Life. Some 200 people were in attendance in what was around a 90-minute session which comprises an opening statement from Ebbe, followed by a Q&A / discussion session.
I’ll have a full transcript of the meeting available shortly. However, as a part of his opening statement, Ebbe made a series of comments relating to the Lab’s Terms of Service, which I think are worth highlighting on their own. So here is a full transcript of his comments on the subject:
Terms of Service. I am working with my Legal Counsel to try to try to figure out how we can make it more obvious – or very obvious – that the creators of the content own the content, and we obviously have no intent of ever stealing your content or profiting off of your content independently of the creators in some fashion.
The current terms might indicate that we might somehow have some plan to steal people’s content and somehow profit from it for ourselves, without benefitting the creator, and that’s obviously not our intent at all. It would be very damaging to our business if we started to behave in that way because this whole platform is all about the content you all create. And if you can’t do that, and trust that it is yours, that’s obviously a problem. So I’m working on that, and I can ask you right now to trust us that we’re not going to do what the current clause might suggest we’re going to do, but we’re working on some simple tweaks to the language to make that more explicit.
We also have no interest in locking you in; any content that you create, we feel you should be able to export, and take and save and possibly if you want to move to another environment or OpenSim, that should be possible. So we’re not trying to lock you in either. Obviously, it’s very important to us to get content both in and out, so I just want to put that right out there.
Quite what will come out of this obviously remains to be seen, as will whether or not the changes successfully quell all concerns. However, it would appear that the wheels are finally in motion, and that hopefully, an equitable resolution will be forthcoming.
The Commerce team have issued a blog post and Knowledge Base article aimed at helping people ensure the clothes they buy will actually fit their avatar.
I’ll be honest and admit that I hadn’t realised that there was a particular issue with clothing that needed any clarification; but I’m also biased in that I’ve been around SL long enough and reporting on it, that understanding the various clothing types doesn’t actually present me with a problem. However, I can understand a new arrival being confused by terms such as “system clothing” or “clothing layers”, and “mesh clothing”, “fitted mesh clothing”, “rigged mesh clothing” and so on, and wondering what the heck it is all about and where the differences lie.
The blog post is aimed at content creators, and is intended to encourage them to define the clothing they produce in terms of three avatar types, and to label their clothing accordingly with icons.
However, to get a clearer understanding of what is being proposed, it is perhaps best to refer to the Knowledge Base article, which provides far more comprehensive information.
Essentially, it has been decided that clothing should be defined in terms of avatar categories. These are defined by the Lab as:
Classic – Classic avatars are the original default Second Life avatars. They have a modifiable humanoid shape, and can wear clothing in the form of textures and attachments added to that shape. Most of a classic avatar’s appearance and clothing can be modified by pressing the Appearance button in the Second Life Viewer, but cannot take advantage of newer graphical features such as normal and specular maps.
Standard mesh – A standard mesh avatar is a classic avatar that is wearing a rigged mesh attachment, usually a full-body avatar, and whose classic body is hidden by a full body alpha mask. It is classified as “standard” if it was created using the standard fitted mesh model available on the Second Life wiki.
Custom/branded – A custom avatar is a classic avatar that is hidden by a full body alpha mask and is wearing a customized rigged mesh attachment or attachments that otherwise replace the classic avatar body. These avatars can come in a wide variety of shapes and sizes, and each model typically requires clothing specifically designed to work with such an avatar.
Hints to help a consumer determine what category of avatar they are using are also provided,
In addition, the Lab is asking that creators define their clothing as one of four types in order to indicate which categories of avatar it is most likely to be compatible with:
Classic only – The “layer-based” textured clothing applied directly to classic avatars. This clothing type only displays properly on classic avatars and is rendered completely invisible by the alpha mask worn by most mesh avatars.
Mesh only – An attachment that is designed to appear as clothing on a standard mesh avatar. It may appear to be a layer-based texture, but does not work properly on classic avatars. Mesh only clothing must be created outside Second Life in a 3D modeling tool.
Classic/Mesh – Attachments primarily designed for standard mesh avatars that can be made to work on a classic avatar. In order to be classified as classic/mesh, the clothing must include an appropriate alpha mask designed to hide the affected parts of a classic avatar.
Branded – A catch-all term meant to encompass the many possible custom avatar designs. Such avatars can typically only wear clothing specifically designed for that specific avatar; therefore each custom designed avatar and its compatible clothing may be considered a “brand”. Likewise, clothing designed for a custom avatar shape should not be expected to work properly with classic or standard mesh avatars, or even other custom avatars.
In order to help shoppers find clothing that properly fits their avatars, Merchants are additionally being asked to use one of two label images to use when advertising their clothes, and to update any clothing they have listed on the SL Marketplace so that it is defined by one of the three avatar categories (so that it is defined as being compatible with Classic Avatars or Mesh Avatars or, in the case of a specific custom avatar, it is defined by the avatar’s brand name.
The two logos the Lab are requesting content creators use to denote their clothing are:
Further details can be obtained directly from the Knowledge Base article, which also includes notes on why custom avatar types should ideally have a unique brand associated with them.
The new definitions do appear be to perhaps as confusing as the current terminology (“system”, “fitted mesh”, etc.), as such it will be interesting to see the response to this proposal / request, and how well things work in practice.
The Silicon Valley VR (SVVR) Meet-up at the end of March featured a series of presentations from people within the VR field, including those by Brian Bruning, VP of Business Development and Marketing at Technical Illusions (castAR) and Philip Rosedale of High Fidelity.
The full video of the presentations is provided below, and I’ve included notes on each of these two presentations in particular. When reading, please be aware that these are notes, and not a full transcript.
Brain Bruning – castAR
Brian Bruning’s presentation commences at the 0:05:48 mark.
I’ve covered the early work on castAR in the past, some of which is touched upon at various points in the presentation, so I don’t want to repeat things here. What is interesting is that the system’s development has been following a similar route to that of the Oculus Rift: Technical Illusions have been out attending technology shows, conferences, exhibitions, etc., to gain visibility for the product , they ran a successful Kickstarter campaign for castAR which raised $1,052,110 of a $400,000 target.
[07;10] castAR has three modes of operation:
Projected augmented reality (AR), which presents a 3D hologram image projected onto a retro-reflective surface in front of you. allowing you to interact with it via a “wand”
Augmented reality of a similar nature to that of Google Glass
Virtual reality of the kind seen with the Oculus Rift.
castAR projected AR gaming with the castAR wand (image via Technabob)
The emphasis is that the headset is natural, comfortable-looking (a pair of glasses) which has three product features built-in. As a result of the Kickstarter, the company has now grown to 10 people, and the technical specifications for the system have been decided:
Glasses
Less than 100 grams in weight
Fits over most prescription glasses
Ultra flexible micro coax cable
Active shutters with 50% duty cycle
Projectors
1280 x 720 resolution per eye
120hz refresh rate per eye 24 bits of color per pixel
65 degree horizontal field of view 93% fill factor
Tracking System
110 degree FOV
120hz update rate
8.3ms response time
6 degrees of freedom
Absolute positioning Over 200 unique tracking points
0.07mm accuracy at 1.5m
AR & VR Clip-On
90 degree horizontal FOV
Very low distortion freeform optics
5mm by 8mm eye box
Removable flip-up shutter for AR mode
[11:20] castAR has its roots within the gaming environment and has been developed with the games market in mind (again, as had pretty much been the case with Oculus Rift), although they had recognised the potential for wider applications – they just hadn’t anticipated that someone like Facebook would step into the VR / AR arena and potentially add impetus to the wider applications for VR / AR.
[11:45] One of the benefits seen with a combined approach to VR / AR is that there are situations in work, in education, in research / medical fields where a completely occluded view of the real world – as required by head-mounted displays (HMDs) such as the Oculus Rift – are simply not appropriate (Mr. Bruning jokes that there are even some activities associated with gaming where a HMD is inappropriate – such as simply trying to eat a snack or take a drink without interrupting the game flow!). In these situations, the projected AR or the Google Glass-like” AR are seen as more beneficial, and hence the drive to address all three modes of operation.
[13:20] Technical Illusions believe that many of the challenges faced by AR and VR content creators are similar in nature – such as dealing with UI issues, both seeing UI elements and interacting with those UI elements, or dealing with physical objects which my be places within a VR / AR scene. As such, Technical Illusions are focused on educating content creators to the needs of immersive / augmented environments and are producing dev kits to assist content creators in developing suitable environments / games / activities which take such issues into account.
[14:57] Current planning is for Technical Illusions to have their dev kits and the Kickstarter sets shipped in summer 2014, and to have the consumer version ready to ship by the fourth quarter of 2014, and it is indicated that price-point for consumer kits (glasses, tracking components, retro-reflective surface and input wand) will be “sub $300”.
The castAR update is an interesting, fast-paced piece, primarily focused on the projected AR capabilities of the glasses. Little or nothing was said reading the ability of the system to be used as a VR system, and no disclosure was given on the VR clip-on system.
This is apparently a deliberate decision on the part of the company, in that they are allowing VR HMD focused companies promote the potential use of VR, While Technical Illusions focus on the potential of projected AR capabilities. While an interesting approach to take, I can’t help but feel that (assuming the VR clip-on is at a “feature complete” status) promoting all capabilities in castAR wouldn’t be better, as they help present the product as a more versatile tool.
The Drax Files Radio Hour 13 features Richard Goldberg, artist, creator, member of MadPea Productions (and a personal friend, I’ll say that up front 🙂 ), talking about the Linden Lab Terms of Service. As just about everyone is aware, these were changed in August of 2013, only to cause considerable upset and furore once the specifics of the changes – notably section 2.3 – became apparent.
Ahead of Richard, however, the show features a follow-up chat (3:30 into the show) with Dennis Harper, Senior Product Manager at OnLive, discussing OnLive’s revised pricing structure for their SL Go service (alongside a huge expansion of the number of countries in which the service is available). While pointing out that the service has met with an overwhelming thumbs-up in terms of the added accessibility it brings to Second life for those on the move, he frankly admits that it was clear pricing was an issue.
SL Go: pricing restructure discussed
The company actually moved rapidly in this regard as well. While we were asked not to make any public statements at the time, those of us involved in the preview programme (and, I assume those in the closed beta), were asked to complete a survey and provide feedback and thoughts pricing options and points. There were also some direct exchanges with a number of us on the matter as well.
From Dennis’ feedback, it seems those who did respond to the survey may have been indicating roughly the same amount for a monthly subscription (I suggested $15.00-$20.00 in the survey, with the lower figure being comparable to the company’s CloudLift monthly subscription), with the result that the company opted to go even lower, with the $9.95 charge, while retaining the pay-as-you-go (PAYG) option (which again, I personally felt was important and offered the greatest flexibility of appeal if offered alongside a subscription plan), which has also been dropped to a flat rate of $1.00 per hour.
An important point of note with the subscription mechanism is that it commitment-free. If you sign-up to the subscription service and find that you’re not using the service less than 10 hours a month, you can switch-over to the PAYG model. Similarly, if you start-out on the PAYG model, you can swap to the subscription model if you find it more cost-effective – then swap back, if your usage time then decreases; any unused hours you have under the PAYG plan will be “banked” for you until you switch back.
I’d actually asked OnLive about the status of SL Go for the iOS platform, but Dennis covers that topic in the interview ahead of my getting feedback from OnLive, saying that is it coming, but is still a little way down the road. He also manages to get-in a plug for the OnLive CloudLift service, which also launched at the same time as SL Go.
Richard A. Goldberg
Richard’s interview comes at around the 21:30 mark, starting with Drax reading from Section 2.3 of the August 2013 Linden Lab Terms of Service, and specifically Section 2(.3).
Richard and I have been, and without going into specifics, very closely involved in matters relating to the Terms of Service since the changes were made. As such, I’ve come to respect his position and viewpoint – which admittedly, has been pretty closely aligned to my own. As such, this is an interview I’ve been looking forward to hearing since Drax indicated he’d be talking to Richard some three weeks ago.
Richard makes a very strong case as to why the ToS as we have it today goes too far. In essence, this can be defined in a single term: lack of limitations. There might actually reasons why the Lab may wish to extend their existing ToS – such as to offer content creators additional routes to market within the Lab’s stable of properties (such as through Desura), should creators wish to do so, or to make services like SL Go (whose servers must be able to cache data, much as the viewer does, on your behalf).
However, there appears to be no reason why, even allowing for these situations, the Terms of Service need to have a perpetual, unlimited scope or purpose. As Richard states – and the handful of IP and Copyright lawyers I’ve spoken to agree with him – it should be a relatively straightforward matter to sit down look at the ToS wording and revise it in such a way that allows the Lab to meet all reasonable goals and expectations required of their services and platforms and provide a comforting degree of limitation for content creators and artists with regards to the licences assigned to the Lab (and their sub-licensees) in terms of the scope, purpose and duration of said licences.
Beyond the immediate issue of the ToS situation, Richard paints a very good picture of the broader issues of rights and copyright and the increasingly uphill battle artists and creators face. In this regard, I would recommend anyone wanting to better understand matters listen to this entire interview and consider listening to the views of Agenda Faroment and Tim Faith as recorded in these pages through my transcripts of the October 2013 ToS discussion panel on the ToS, and the SLBA March 2014 Copyright & Fair Use presentation.
Outside of these two items, there’s the inevitable mention of VR headsets, plus pointers to the various links on the web page itself. In reference to one of these – the Petrovsky Flux – I’d also point to my article on the subject and also Ziki Questi’s update, both of which should provide further information on matters.
Inara Pey: Living in a Modemworld 