Tag: SL News

Lab provides Heartbleed information

Posted on by Inara Pey

This is a little long in the tooth, but I’m caught playing catch-up on a number of things, so apologies on my part.

As most will be aware, there has been a lot of coverage about the Heartbleed OpenSSL vulnerability in the course of the last week, and the impact it may have had over the last two years in exposing what should have been secure information.

The vulnerability is so-called because it affects an extension to SSL (Secure Sockets Layer) which engineers dubbed Heartbeat. It is a server-side exploit which could affect almost any system running any version of OpenSSL from the past 2 years, and allows an attacker to gain control of up to 64kB of the server’s working memory at a time, enabling them to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.

Because of the widespread nature of the issue and the concerns it raised, the Lab issued a blog post on the matter on Thursday April 10th, which reads in full:

Many of you may have read about the Heartbleed SSL vulnerability that is still affecting many Internet sites.

You do not need to take extra action to secure your Second Life password if you have not used the same password on other websites. Your Second Life password was not visible via Heartbleed server memory exposure. No secondlife.com site that accepts passwords had the vulnerable SSL heartbeat feature enabled.

If you used the same password for Second Life that you used on a third-party site, and if that third-party site may have been affected by the vulnerability, you should change your password.

Supporting sites such as Second Life profiles are hosted on cloud hosting services. Some of these sites were previously vulnerable to Heartbleed, which may have exposed one of these servers’ certificates. As an extra precaution, we are in the process of replacing our SSL certificates across the board. This change will be fully automatic in standard web browsers.

Thank you for your interest in keeping Second Life safe!

Due to the weekend, there has been no further news as to whether the Lab has completed replacing the SSL certificates for those services which may have been exposed. Hopefully there will be a further update on Monday April 14th. In the meantime, if you have used the same password for SL that you used on a third-party website and wish to change your SL password as advised in the blog post, you may want to refer to the Lab’s password protection page on the wiki.

VWBPE 2014: Ebbe Altberg keynote – “The Door is Open” (full transcript)

Posted on by Inara Pey

On Friday April 11th, Ebbe Altberg, Linden Lab’s CEO, addressed a packed amphitheatre at the 2014 Virtual Worlds Best Practice in Education (VWBPE) conference in Second Life. Some 200 people were in attendance in SL, with around 100-150 on the live stream channel for what was almost a 90-minute session, entitled Reconnecting with the Education Market, and which comprised an opening statement from Ebbe, followed by an extended Q&A / discussion session.

The following is a transcript of the session, which includes all questions asked via the moderator, Phelan Corrimal (given in italics). The video is the VWBPE official video, recorded by Mal Burns, and my thanks to him for making it available. Timestamps within the transcript notes indicate the points in the video at which Ebbe’s comments can be heard.

The Summary

Click the timestamp to go the relevant section

  • 0:05:38: Terms of Service – “I am working with my Legal Counsel to try to try to figure out how we can make it more obvious – or very obvious – that the creators of the content own the content … we’re working on some simple tweaks to the language to make that more explicit.”
  • 0:07:26: Brand – “We have an incredible breadth of content creators for all kinds of purposes, and this is kind-of unique with Second Life, and I think it’s incredibly important to support everybody and what they want to do.”
  • 0:08:59: The Metaverse and LL – ” There might be some people who might be interested in my position on the metaverse and OpenSim and interoperability, and that whole category.”
  • 0:11:09: Integrating new capabilities – “Some of you might be interested in what kind of integration we can do to make it easier for you to use Second Life in the context that you want to use it.”
  • 0:12:04: Improving SL – “And then I think we still have a tremendous about of work still to be done – actually, a tremendous amount of work has already been done; Second Life today is so much better than it was two years ago.”
  • 0:16:16 Future technologies  – “A little talk about future tech. Many of you have hopefully seen that we are obviously actively developing for technologies that we believe will have substantial mass appeal; Oculus being one.”
  • Questions and Answers / Discussion:
    • 0:21:12 – Are the community liaisons with Linden Lab about to be re-introduced?
    • 0:23:39 – Tier Breaks for Support and Mentor Groups
    • 0:26:28 – Do you feel that communications between Linden Lab employees and content creators are important?
    • 0:31:09 – On users having a voice in the development process
    • 0:35:36 – On Marketing SL, Overcoming Perceptions and Getting People Engaged in SL
    • 0:41:24 – On Opening-up The L$ Beyond Second Life
    • 0:44:44 – Making the Viewer Easier to Use & the Relationship with TPVs
    • 0:48:19 – On a Distributable Version of Second Life
    • 0:50:08 – Is there any hope that shared media, MOAP [Media On A Prim] can be fixed for Mac users soon?
    • 0:50:42 – On Second Life and High Fidelity
    • 0:53:49 – On Network Issues affecting some APAC Countries, Latency & Geographic Distribution
    • 0:56:16 – On Exporting Content
    • 1:01:15 – On the Teen Grid, Student Security and Younger People Accessing SL
    • 1:04:12 – What are Linden Lab’s plans for mainland?
    • 1:05:42: – On Office Hours, Lindens In-world and Community Engagement
    • 1:13:54 – Is the Barrier to VW Mass Adoption Technical, Or Something More?
    • 1:17:26 – On Acquisitions in the Technology Market
    • 1:20:12 – On Encouraging Lindens to Join Groups and Communities
    • 1:22:03 – A Takeaway Message for Educators (and all of us)

0:01:59 Hello everybody. I can’t hear you, but I can sure see you! It’s an incredible sea of people here [approx. 180-200 across four regions]. I’m very excited to be here, very happy for all the work that people are doing to put this conference together. Not only this session but all the other sessions you’re doing through the week. I did pop-in just the other day and listened to Philip, which many of you here might have done as well, and I just wanted to say that I’m really excited to be here.

I’m not going to spend most of this hour just talking. I will be saying a few things up front … putting some topics on the table to discuss and then very much looking forward to it being an interactive conversation between us. I’m mostly here to learn, not necessarily to tell, although I will be speaking about some things that I think matter to you, and some of the things that are going on first.

0:03:06 First, I feel very strongly that the education sector, the education market, is a very important partner of Second Life, and that it’s important to us to make it a great product for all of you. I know many of you have tried and been successful and many of you have tried and maybe not been successful in doing the things you wish you could do, and I’m here to learn more about what we can do to make you successful in the future.

I think the education sector helps us a lot of ways, in that if we can provide a great service to you, you can become great evangelists for the platform, and also in many times I think you are pushing in research and thinking about how to use environments and technologies like this differently from your main consumers. So you’re a very important group of people for us to stay in touch with and learn from and collaborate with.

Continue reading “VWBPE 2014: Ebbe Altberg keynote – “The Door is Open” (full transcript)”

Lab to seek feedback on Transaction History page changes

Posted on by Inara Pey

On Wednesday April 9th, I reported on an error with the Transaction History page on people’s SL dashboards which lead to some upset and confusion after the familiar page was replaced with one that failed to show totals, and which had the familiar .XLS and .XML download options replaced by a single .CSV option. The change lead to forum comments and a JIRA report (BUG-5664).

The page itself was reverted around an hour after concerns were first raised, and Ebbe Altberg stepped into the forum to offer apologies and an explanation:

In an attempt to improve we made a few mistakes and caused some misunderstandings as well. We rolled back the changes and will work on getting it right. The team is looking at feedback and will communicate a plan for how to get there.

On Thursday April 10th, the Lab issued a blog post on the matter, providing further information on the situation, including the fact that they will be seeking input from users on proposed changes to the Transaction History page.

The post reads in full:

Earlier this week, we rolled out a few changes to the Account Management web pages for logged-in users at SecondLife.com, which were aimed at improving these tools for users. One of the changes we made updated the Transaction History page, and we heard lots of feedback that not all of the changes to that page improved our customers’ experiences or met their needs. So, we quickly reverted to the old Transaction History page.

We’d like to get some additional user feedback on the new Transaction History page so that when we make the changeover, the functionality best matches what Second Life users want and need. Once we are ready, we will post instructions on how to review the new page and provide feedback. We will not take down the old page until we have had a chance to review feedback and make appropriate changes to the new page. Check back on this blog for more details as they become available.

This is a positive step by the Lab, both in rectifying the error rapidly and in admitting their mistake. Hopefully, I’ll have a further follow-up once the additional information is published by the Lab.

LL Terms of Service: Ebbe – “we’re working on it…”

Posted on by Inara Pey

Update, April 13th: the full transcript of Ebbe’s VWBPE 2014 address is now available.

On Friday April 11th, Ebbe Altberg, Linden Lab’s CEO addressed a pack amphitheatre at the 2014 Virtual Worlds Best Practice in Education (VWBPE) conference in Second Life. Some 200 people were in attendance in what was around a 90-minute session which comprises an opening statement from Ebbe, followed by a Q&A / discussion session.

I’ll have a full transcript of the meeting available shortly. However, as a part of his opening statement, Ebbe made a series of comments relating to the Lab’s Terms of Service, which I think are worth highlighting on their own. So here is a full transcript of his comments on the subject:

Terms of Service. I am working with my Legal Counsel to try to try to figure out how we can make it more obvious – or very obvious – that the creators of the content own the content, and we obviously have no intent of ever stealing your content or profiting off of your content independently of the creators in some fashion.

The current terms might indicate that we might somehow have some plan to steal people’s content and somehow profit from it for ourselves, without benefitting the creator, and that’s obviously not our intent at all. It would be very damaging to our business if we started to behave in that way because this whole platform is all about the content you all create. And if you can’t do that, and trust that it is yours, that’s obviously a problem. So I’m working on that, and I can ask you right now to trust us that we’re not going to do what the current clause might suggest we’re going to do, but we’re working on some simple tweaks to the language to make that more explicit.

We also have no interest in locking you in; any content that you create, we feel you should be able to export, and take and save and possibly if you want to move to another environment or OpenSim, that should be possible. So we’re not trying to lock you in either. Obviously, it’s very important to us to get content both in and out, so I just want to put that right out there.

Quite what will come out of this obviously remains to be seen, as will whether or not the changes successfully quell all concerns. However, it would appear that the wheels are finally in motion, and that hopefully, an equitable resolution will be forthcoming.

Lab seeks to make buying clothes that fit easier … sort-of

Posted on by Inara Pey

secondlifeThe Commerce team have issued a blog post and Knowledge Base article aimed at helping people ensure the clothes they buy will actually fit their avatar.

I’ll be honest and admit that I hadn’t realised that there was a particular issue with clothing that needed any clarification; but I’m also biased in that I’ve been around SL long enough and reporting on it, that understanding the various clothing types doesn’t actually present me with a problem. However, I can understand a new arrival being confused by terms such as “system clothing” or “clothing layers”, and “mesh clothing”, “fitted mesh clothing”, “rigged mesh clothing” and so on, and wondering what the heck it is all about and where the differences lie.

The blog post is aimed at content creators, and is intended to encourage them to define the clothing they produce in terms of three avatar types, and to label their clothing accordingly with icons.

However, to get a clearer understanding of what is being proposed, it is perhaps best to refer to the Knowledge Base article, which provides far more comprehensive information.

Essentially, it has been decided that clothing should be defined in terms of avatar categories. These are defined by the Lab as:

  • Classic – Classic avatars are the original default Second Life avatars.  They have a modifiable humanoid shape, and can wear clothing in the form of textures and attachments added to that shape. Most of a classic avatar’s appearance and clothing can be modified by pressing the Appearance button in the Second Life Viewer, but cannot take advantage of newer graphical features such as normal and specular maps.
  • Standard mesh – A standard mesh avatar is a classic avatar that is wearing a rigged mesh attachment, usually a full-body avatar, and whose classic body is hidden by a full body alpha mask.  It is classified as “standard” if it was created using the standard fitted mesh model available on the Second Life wiki.
  • Custom/branded – A custom avatar is a classic avatar that is hidden by a full body alpha mask and is wearing a customized rigged mesh attachment or attachments that otherwise replace the classic avatar body.  These avatars can come in a wide variety of shapes and sizes, and each model typically requires clothing specifically designed to work with such an avatar.

Hints to help a consumer determine what category of avatar they are using are also provided,

In addition, the Lab is asking that creators define their clothing as one of four types in order to indicate which categories of avatar it is most likely to be compatible with:

  • Classic only – The “layer-based” textured clothing applied directly to classic avatars.  This clothing type only displays properly on classic avatars and is rendered completely invisible by the alpha mask worn by most mesh avatars.
  • Mesh only – An attachment that is designed to appear as clothing on a standard mesh avatar.  It may appear to be a layer-based texture, but does not work properly on classic avatars.  Mesh only clothing must be created outside Second Life in a 3D modeling tool.
  • Classic/Mesh – Attachments primarily designed for standard mesh avatars that can be made to work on a classic avatar.  In order to be classified as classic/mesh, the clothing must include an appropriate alpha mask designed to hide the affected parts of a classic avatar.
  • Branded – A catch-all term meant to encompass the many possible custom avatar designs.  Such avatars can typically only wear clothing specifically designed for that specific avatar; therefore each custom designed avatar and its compatible clothing may be considered a “brand”.  Likewise, clothing designed for a custom avatar shape should not be expected to work properly with classic or standard mesh avatars, or even other custom avatars.

In order to help shoppers find clothing that properly fits their avatars, Merchants are additionally being asked to use one of two label images to use when advertising their clothes, and to update any clothing they have listed on the SL Marketplace so that it is defined by one of the three avatar categories (so that it is defined as being compatible with Classic Avatars or Mesh Avatars or, in the case of a specific custom avatar, it is defined by the avatar’s brand name.

The two logos the Lab are requesting content creators use to denote their clothing are:

images © Depositphotos.com/i3alda
images © Depositphotos.com/i3alda

Note these are copyrighted stock images, requiring the use of the label, “© Depositphotos.com/i3alda” with each.

Further details can be obtained directly from the Knowledge Base article, which also includes notes on why custom avatar types should ideally have a unique brand associated with them.

The new definitions do appear be to perhaps as confusing as the current terminology (“system”, “fitted mesh”, etc.), as such it will be interesting to see the response to this proposal / request, and how well things work in practice.

Poetry and the art of understanding LSL

Posted on by Inara Pey
The llParticleSystem haiku, with particle creation from Catharsis, by Tyrehl Byk
The llParticleSystem haiku, with particle creation from Catharsis, by Tyrehl Byk

Ciaran Laval alerted me to a project which, having been announced on April 1st, might have been considered a joke; it seems, however, that it isn’t.

Posting over on SLU (twice, it seems),  LSL Portal editor and scripter Strife Onizuka, who is spearheading the project, describes matters thus:

Long have we struggled with how to make the documentation more accessible. One of the most common complaints is that is simply too technical and we are hearing this more often than you would believe from one of SL’s more traditional content creators: descriptive writers. So I am proud to announce that after many sleepless nights we have come up with a way to address this. As the core problem is that the documentation relies upon very specific, technical language we have come up with a way to bring more mundane verbiage into the documentation.

To achieve this end we are announcing the LSL Portal Poetry Project! The goal of the LPPP (or LP³ as I like to think of it), is to provide poetry for every LSL Event, Function and Constant. More specifically, the form of poetry we have chosen is Haiku. Screen real estate being at a premium haiku requires the minimum amount of space while packing the greatest metaphorical punch.

It appears that the essential element of the haiku – the five-seven-five syllable arrangement – is key to any submitted verse; the traditional invoking an aspect of nature or the seasons being not quite so important, as with this example for llSetTorque:

Spinning, all a blur…
Small moment of inertia.
They say torque is cheap.

There have already been a number of LSL articles which have gained their own haiku, and people from across SLU (and SL) are being invited to consider putting forward suitable pieces for those articles still lacking a verse.

While haiku is the preferred medium, other forms of poetry are not ruled out. Strike admits the limerick ran the haiku a close second for choice of verse form, and it may be that some LSL functions may be better suited to the limerick or other forms of verse. For example, lSetLinkPrimitiveParamsFast leant itself to this limerick Atasha Toshihiko:

I once had a hair full of scripts,
When I wore it, Estate Owners had fits.
The creator, at long last
Learned llSetLinkPrimParametersFast
Now I can wear hair without getting kicked!

Strife also says of the project:

Programming is a part of life. It doesn’t have a holiday. People don’t think to write songs or poems about it except in jest. We treat it as a second class citizen, something utilitarian to be used and ignored. But culture has to come from somewhere, it can’t all be about, love and dancing and taking selfies. Eventually someone has to write a song about cloth-driers and warm socks (Who doesn’t like warm socks fresh out of the dryer?) …

There is nothing about LSL that will sustain it past SL’s death, except maybe some obscure poetry. How many programming languages after all encourage their users to write poetry? It will tell future anthropologist just who we were. Not just about our preference for indentation.

So, you may not be a coder, but if you have an inner poet, and feel you’d like to help enshrine LSL in words of verse, now is your opportunity to do so!