People tend to be trusting and oblivious, which is great. And in fact, sh*&t only happens very seldom, statistically speaking. However, it's not great that people make plans, sometimes involving large amounts of money/time, under obliviousness with respect to security. We're getting close to 0.7, which is always a milestone in every project. 0.7 should not ignore security completely, even if we are stuck with a client that wasn't designed for open systems.
Being involved in the details of OpenSim, I feel a tension between not talking about security problems so not to scare people away and not to attract griefers; and talking about those problems because they are there and people should be informed about them so that they can take them into consideration when making plans, while we improve things on our end. So, in order to make these problems visible and tangible, and give everybody a reality check, I just hooked up a sim to OSGrid that will make bad things happen. Right now, it wipes out the inventory of anyone who visits. Don't worry, it waits for your command, so it's not so violent :-) The sim is called "DO NOT COME HERE" (DNCH). You can find it in the map. WARNING: don't do this with your beloved main account(s), just make an alt if you want to experience the complete disappearance of inventory from under you. As we roll security into OpenSim, whatever bad things the DNCH sim is doing should not happen anymore. So, see it as a test for security, and that's how I will be using it. The very first thing we need to fix is this inventory vulnerability in open grids. Please know that it exists, and be sure that it will be fixed properly(*). Crista * By "properly" I mean without having to involve lawyers and sign contracts between region/grid operators. _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
