-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 wouldn't that be more like Flash then?
On 17/3/2010 17:36, Morgaine wrote: > Argent is exactly right. > > From sitting in on these OHs, the intention that has come across (but > with some ambiguity) is definitely that binaries will be pushed to our > clients and executed, even if this involves some action in-world. > Whatever the mechanism of transfer, these binaries are inherently > untrusted and untrustworthy by inspection. If you choose to assign your > trust to them, that is your own personal lookout. > > Note that this situation is *NOT* like on the Web, where Javascript is > sent to browsers as /*source code*/ which is available for inspection by > anyone who cares to do it. Because of the possibility of inspection, > the Web enjoys the "many eyeballs" effect that allows browsers to flag > sites as malicious. There will be no such protections here, because the > distributed binaries are opaque. > > The mere idea that opaque binaries are being sent to people and executed > locally on their PCs should be enough to send shivers down everyone's > spine, even if they're only minimally aware of security. From our > technical and open source perspective here, which is after all what > opensource-dev is all about, it's just completely unacceptable. > > Designing script execution to run on LL's servers is wholly within > Linden rights to do in secret. Designing script execution to run /*on > OUR private machines*/ is NOT within Linden rights to do in secret at all. > > > Morgaine. > > > > > > ================================== > > On Wed, Mar 17, 2010 at 6:45 PM, Argent Stonecutter > <secret.arg...@gmail.com <mailto:secret.arg...@gmail.com>> wrote: > > On 2010-03-17, at 12:31, Dzonatas Sol wrote: > > You install a program on your computer, and you either trust it or > > you don't. It comes down to that, so it doesn't matter if it is .NET > > or Java or some binary made by company XYZZY. > > The quotes from the office hours make it seem like they're talking > about having in-world content pushing stuff onto your client, not > explicitly installing code. > > _______________________________________________ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting > privileges > > > > > _______________________________________________ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting privileges -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuheTcACgkQ8ZFfSrFHsmWHuwCeKrI2SP+a2oPDny2sVIj7CwgV INsAni/h81Gb4fKRjd+QOIRh68HC299S =3wB4 -----END PGP SIGNATURE----- _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
