Hi there Phoenix, This is exactly the kind of collaboration I had in mind. Thank you for making my evening. :)
The REST-like interface sounds great. I'd be more than happy to help you test that out. I do have one request. Can you offer it through HTTP over SSL (https)? Encryption and authentication are basic requirements to do business these days. Second Life's growth as a business platform could be hurt if it is not offered. We need this security to ensure our data is not being stolen or manipulated by a third party. Thanks for the support! -Sam -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phoenix Sent: Wednesday, July 19, 2006 9:23 PM To: Development list for libsecondlife Subject: Re: [libsecondlife-dev] Hello from James Linden -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Howdy folks. If you believe you have discovered an exploitable flaw in the network layer, please report them to [EMAIL PROTECTED] or directly to me if you feel the need. I define exploit as any combination of timing and network events which: * elevates client privileges on the grid * allows access to private information * creates a local or global denial of service In a report, provide: * how you believe this compromises the service. * a method to reproduce the exploit or at least a time and place where you successfully exploited the system. * an indication if you are interested in the resolution. We have a team here at linden diligently resolving all known exploits, and we would love to know about more. For every confirmed exploit reported, you will be given a unique identifier which allow tracking for a fix if you have indicated interest. We do not have an easy and automated way to do that, but I should be able to throw something together which will send out an email to this list if the release includes a fix for your issue. For every new confirmed exploit reported - other than local denial of service attacks - I will personally pay a bounty of L$10,000 to you. Bounties will not be paid twice for the same issue. Now on to what I can do for you. We are in the midst of creating an http based capabilities system which maps into system resources. During login and as you move around the grid, those capabilities will will be made available to a connected client through a REST-like interface. We will provide some documentation for how those services work. For the existing UDP message system, we can provide notification when there are significant protocol changes, but we would prefer usage of the REST interface once it is available since describing and supporting the changes inherent in the templetized UDP messaging system is difficult. Thanks you all for your participation and support. On Jul 19, 2006, at 12:30 PM, [EMAIL PROTECTED] wrote: > 2) I feel it would be beneficial to Linden Labs and libsecondlife to > establish some kind of direct reporting method to allow us to > better, and > more quickly, report discovered exploits/flaws in the protocol. > Due to our > technical expertise, bugs/flaws that we report are generally more > likely to > be real problems than those reported by the public in general. > Particularly, protocol exploits should get the attention of Linden > staff as > quickly as possible. Do you and the other Lindens feel this would be > something of value? > > 3) In the spirit of give and take, and given our reporting of bugs/ > exploits > (as in question 2, above), it would be highly desirable from our > perspective > to be given advance notice (or any notice at all, at this point) about > changes in the protocol. Any information at all would be better than > nothing. Just an informal quick email to the list would be great. > Do you > think any kind of collaboration such as this would be possible? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEvwUqwJCr4A9g8scRAupdAJ9l9NXdWdSkzH2uJAurLWRgng9RcwCdE39Y r2SRV4acWs5FMii4fclgdhA= =nZaa -----END PGP SIGNATURE----- _______________________________________________ libsecondlife-dev mailing list libsecondlife-dev@gna.org https://mail.gna.org/listinfo/libsecondlife-dev _______________________________________________ libsecondlife-dev mailing list libsecondlife-dev@gna.org https://mail.gna.org/listinfo/libsecondlife-dev
