Thanks Ben! Good write up. Sounds like it was a blast. :D
- Timeless Prototype On 22/08/06, Ben Byer <[EMAIL PROTECTED]> wrote:
Now that SLCC has concluded, I'd like to share the things I learned with those who couldn't make it. I'm probably leaving tons of things out -- there was so much to take in, especially for me -- so please, those who were there, please feel free to fill in the gaps. I got to meet John and Baba for the first time in front of Linden Lab shortly before 11 AM on Friday. We went inside to see preparations for SLCC being made -- somebody wheeled in a pallet of 20,000 (ish) copies of the Metaverse Messenger to be handed out at the convention. A few minutes later, we were ushered into the (main?) glass "fishbowl" conference room. I hadn't really expected a formal meeting, but they had even put a sign on it -- "11:00 libsecondlife". We were joined by about a dozen Lindens -- I wish I could remember everyone's name, I should have taken notes -- but all of the familiar names were there. I think that one of the Lindens asked us at one point "how far" we were towards emulating the whole thing. We spent a little bit of time talking about the latest libSL work that's gone on -- how we've gotten many of the basic packets down, how we've covered much of the non-graphical content of SecondLife, but we still are missing a few basic things like avatar movement. We talked about a few of the different sample apps our devs have built, as well as SLProxy which lets you tweak the official client. (I think someone made a comparison to Greasemonkey.) John and I had worked on a program that demonstrated the "insecurity" of the unencrypted UDP protocol -- that anyone one a local wired/ wireless network with you, who can sniff your packets, can read your SessionID and AvatarID and then forge packets from you to the server or from the server to you. This isn't really a gaping hole -- other than, say, large conferences, you don't have many situations with a number of SL users on one subnet -- and the amount of packet injection you can do is limited (more on that later). The program we demonstrated sniffed the local wireless network for outgoing CompleteAgentMovement packets, grabbed the IDs, and forged a GrantGodMode reply from the server. It got a chuckle from a couple of the Lindens, when they signed on with their alts and ended up in God mode anyway. I'd hoped to have a program to allow us to create new GUI elements in XML and hook them into user-written code, but didn't have a chance to finish it before the conference. The meeting with the Lindens was overwhelmingly positive. I'm going to try to list my takeaway points from the meeting -- my apologies for any inaccuracies: * LL is glad to have us working on libsecondlife. They pointed out (and Cory later reiterated in http://www.secondlifeinsider.com/ 2006/08/19/slcc-keynote-speech-part-2-cory-ondreika/) that we have more people subscribed to the libsecondlife-dev mailing list than Linden Lab has paid developers. They see more value in working with us and encouraging us to explore areas they don't have to than trying to impede our progress and get in an arms-war with encryption, etc -- this is of course constrained by their general business with the sims and official client, as well as a (hopefully dwindling) number of sensitive area WRT exploits, etc * "Everything will change" within the next few months -- LL wishes we had maybe started 3 months later and feels we may be wasting our time (but isn't telling us to stop) * Many things in the protocol are the way they are because they were originally implemented one way, and once it started working they just pressed forward and moved on -- and thus, the hacks stayed in place. * Cory publicly stated in his keynote speech at SLCC to the general crowd that Linden expects to spend the next couple of months working on "refactoring and cleaning" of code -- meaning there won't be many user-visible changes or new features. However, I'm under the impression that that refactoring does include making protocol improvements. * Everything, to the extent possible, will be moved to "better" / more standard interfaces -- examples: textures will be sent over HTTP, map data / profiles / etc will be sent over HTTP, most commands will be possible with a REST interface (as discussed before). Eventually, it will be possible to do many of the things we have implemented in libSL using just an HTTP library and never actually touching the UDP protocol -- which will still be there, and used, but only for parts of the protocol where quick updates with low latency are important, such as object/avatar movement updates etc * One of the Lindens gave an example of how they see us as helping them -- the scenario of building a stripped-down SL client for use on a phone was thrown out. Linden would be happy to see us get one of those working, because we would then be able to explore issues of usability -- how do you make a client usable with a small screen? If they later chose to write such a client themselves, they would benefit from the research we do * Along those lines -- do we need any protocol modifications to accomplish such a thing? For example, a phone client would probably want to reduce bandwidth as much as possible, for cost concerns, plus it's silly to receive data we can't display -- we could ask the server to only let us know about things happening within a short range of our avatar, and / or download reduced size/quality textures, etc. Upon further discussion amongst the Lindens, they said that much of that may actually already be possible with the existing protocol, but we'd never know it by eavesdropping on the packet stream because the offical SL client wouldn't need to use those features. In any case, we just have to ask. * In fact, there's a lot they thought we should just ask them for. They said we should waste our time trying to decode things that are cryptic but not sensitive -- for example, the whole LayerData thing (near and dear to my heart -- I lost a night of sleep over that -- http://www.libsecondlife.org/protocol/index.php/LayerData). LayerData is a standard IDCT, similar to JPEG, but tweaked -- using different coefficients so that they get better compression of land data than they would if they tried to apply something meant specifically for image compression. (Cory actually repeated this full explanation during his keynote at SLCC and probably confused 95% of those in attendance -- bless his heart!) If we just ask them for those details, they will try to provide them. * Along with LayerData, we talked about the ObjectUpdate / ImprovedObjectUpdate system, as well as the packets needed for normal avatar movement. * Linden is hiring -- anyone out there please feel free to send them your resume, and if you are a coder and don't get a programming test back from them, ping them again because they probably just missed it I reorganized the wiki a little bit and decided that http:// www.libsecondlife.org/protocol/index.php/Help_Wanted would probably be a good place for us to put any info requests we have for the Lindens -- if they don't see it and respond themselves (hint, hint) then when stuff starts piling up there I can email it to them and post the results there. Although the wireless connection was a big spotty at the conference, Baba, John and I tried to keep the godmode-packet sniffer up and running. While we were there, I made a few improvements to it -- I made it look up AvatarIDs in w-hat's name2key DB as it caught them, and we also added a feature that sent out an instant message telling people that they got godmode courtesy of libsecondlife. However ... upon looking around the room, it became clear that it often wasn't working -- I'd see someone's name come up on my screen, and go over and see that they didn't have a green menu bar. However, we DID see a couple of the "libsecondlife has given you a gift!" messages flash up on the big projection screen. The code's ugly, but it's up at http://www.libsecondlife.org/protocol/index.php/ SessionID_hack for posterity. More if I think of it - I'm still reeling, it was a lot to take in. Oh, and don't let me forget that qDot gave a live demo of teledildonics hardware, and explain that it was all possible due to libsecondlife! Ben _______________________________________________ libsecondlife-dev mailing list libsecondlife-dev@gna.org https://mail.gna.org/listinfo/libsecondlife-dev
_______________________________________________ libsecondlife-dev mailing list libsecondlife-dev@gna.org https://mail.gna.org/listinfo/libsecondlife-dev
