My apologies, Karen; I was actually directing most of this to Imago. (My comments about Arizona, photo radar, red-light cameras, and California are all still directed toward you, but they open a different topic which is outside the scope of this list.)
-Kyle H 2010/1/14 Kyle Hamilton <[email protected]>: > This is completely off-topic at this point, and after this (unless someone > adds useful signal) I'm ignoring this thread. > > On Thu, Jan 14, 2010 at 8:36 AM, Karen Palen <[email protected]> wrote: >> In fact it takes a certain amount of effort to change the default ID which >> is built into the viewer code. Effort that no malware writer will expend! > > ...until you issue a challenge like that. Further, the 'default ID' can be > changed *on the commandline*. Because of this, there's no requirement to > recompile/relink the viewer when you want to change that ID string, which > reduces (by several orders of magnitude) the amount of time necessary to > brute-force the string necessary. And, since you've essentially stated that > you want the "official" Linden viewer, all someone has to do is figure out > which version string(s) of the released viewer your grid will accept. > > If you want security through obscurity, that's wonderful... but when you make > it no longer obscure, it's no longer secure. You have definitely removed the > obscurity from your system through your announcement of your plans in this > thread. > > I have already stated the only even-remotely-secure way to do it, and even > that, if you want any kind of grid population at all, is going to require > some kind of automation. (That way is server/client mutual cryptographic > authentication, handled via TLS.) Personally, I'd rather each change to a > primitive be written to a log as a revertable changeset... but I'll let you > know when I figure out how to do that. > >> There are a great many crazy ideas that hide under the banner of "security". >> >> Here in Arizona we have a traffic camera scam which is being promoted as >> "safety". The huge amount of statistical evidence which proves this to be >> false is simply ignored. > > Traffic cameras have been held unconstitutional in the state of California. I > used to live in Arizona; I pity that you do. > > The problem that those traffic cameras were supposed to stop can be resolved, > much more effectively, by increasing the length of the yellow light to at > least 2 seconds. The bigger problem is that most city councils were convinced > that it could be a revenue-generation system, and thus most councils directed > that yellow lights be shortened, thus increasing the danger of entering an > intersection in the first two seconds after a green light. > >> Many people are receiving citations for speeding when in fact they are sick >> or travelling outside the US. > > ...which is why they've been held unconstitutional in CA. (As has > photo-radar, since the operator of the vehicle is the one responsible for the > violation -- not the owner or registered owner of the vehicle used for the > violation.) > >> Karen > > The point is to identify the end result of what you want, and you've > identified it as "I don't want anyone fucking with the prims on my grid > unless I grant them permission." You have generalized this to "I don't want > anyone I can't trust not to fuck with the prims on my grid to connect to my > grid," and are now trying to find a way to enforce that. We've all told you > *why* your approach is flawed. We've all told you *how* your approach is > flawed. We've even tried to provide you with *better directions* to find the > solution to your problem. > > All the while, you've been stubbornly refusing to accept any solution more > complex than the not-a-solution that you've come up with, and have been > vocally defending something that, to be effective, must be kept secret. > (Since it's no longer a secret, it no longer has any effectiveness. > Congratulations on shooting yourself in the foot.) > > -Kyle H _______________________________________________ Opensim-users mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-users
