On 01/13/2010 12:18 AM, Karen Palen wrote: > I suppose the way to disprove this would be to compile a version of > the "genuine" Linden Labs viewer with all content checking disabled > and the capability to do some sort of nastiness then distribute it to > all the script kiddies somehow.
What would this prove? I think it would prove that one would have to use a client that identifies itself with a blessed ID. > I am sure there are people out there who will do (or have done) > exactly that, but it will not be me even to prove a point. A quick > look at the code says it should be about a half day's work, less if I > reverse engineered some version of copybot. You must have lots of spare time to call a half day's work NOTHING. > In my estimation that makes the illusion that checking the ID exactly > equivalent to illusion presented by a dummy fire extinguisher. We > just have not (yet) identified which "genuine LL viewer" is the > really the fake! The broken analogy again.... What fire does a dummy fire extinguisher put out? Blocking based on ID will block any client with the wrong ID. It will let any client in with a correct ID even an undesirable one. I find it painfully amusing that on one hand you call this nothing and on another complain how it hurts good users. If its nothing how can it hurt good users? > In theory there is no difference between theory and practice, in > practice there is! > > Karen > > --- On Wed, 1/13/10, John Ward<[email protected]> wrote: > >> From: John Ward<[email protected]> Subject: Re: [Opensim-users] Banning >> "bad" viewers was Re: Can this be done? To: >> [email protected] Date: Wednesday, January 13, 2010, >> 12:45 AM Karen Palen wrote: >>> Hmm, somehow your posts are coming with a really >> strange time stamp. I >>> would guess that the local time zone on your machine >> is incorrect. >> >> No, just the clock off, and off by enough to keep NTP from updating >> it automatically. >> >>> My central point remains that knowing the viewer ID >> string does nothing to >>> prevent any such attack, this is simply one >> workaround. >> >> With all do respect the first of your claims I responded to had >> been that using the ID string was worse then doing nothing. Which >> is false. Then you went with it does NOTHING apart from >> "feelgood"! Which is also false. Now its it does nothing to >> prevent an attack. I mostly agree with that. What it does do is >> limit a viewer based on how it identifies itself which is >> something and may be worth doing to some even if you disagree with >> that practice. If one wants users to use a particular viewer this >> can be a good first step. I say mostly because any attack that >> doesn't identify itself with a blessed ID string gets blocked. It >> works this way no matter how many times you call that "worse then >> nothing", "feel good" or plain "nothing". >> >> John. _______________________________________________ Opensim-users >> mailing list [email protected] >> https://lists.berlios.de/mailman/listinfo/opensim-users >> > > > > _______________________________________________ Opensim-users mailing > list [email protected] > https://lists.berlios.de/mailman/listinfo/opensim-users > _______________________________________________ Opensim-users mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-users
