MasterJ, You just answered my question!
That is exactly what I was looking for! Ok, it looks like someone has already been working on this. Looks like it's already been implemented. it would just be up to me to "put it to use" and demonstrate a "proof of concept" and write up some documentation on how to tie it all together, and get it to work. Ok, that's all I needed to know. You actually hit two birds with ONE stone, by talking about the land issues as well. I actually forgot about the land issues and land sales. I guess that's a good point as well. Ok, let me get cracking and get to work on implementing a "proof of concept" and then begin working on documentation, and step by step instructions (for Grid owners). So at least these features could be used and implemented. Thank-you so much for the help! *those settings are only for play money. the system is not secured and should not be trusted at any cost.* Ok, now what is that supposed to mean? What do you mean this is "not secured'? Are you telling me that if I setup SSL, and do all the transactions over a secure socket layer, and implement standard encryption/banking practices, that the server itself is insecure? How so? Are there SQL injection security vulnerabilities? Contact me off-thread so we can discuss this (and discuss the security implications) because I don't want to discuss "known security weaknesses" over an open thread. Send me an e-mail offline, and we'll take the security implications "offline" and I can at least work out the "security concerns" and we can hammer out some of these "known vulnerabilities" by additional security measures. I do security consulting work, and also work on secure systems (for the government) so surely we can hammer out the small details and implement some decent server-side security measures. The only vulnerability that i could see is a possible SQL-injection attack, but that is easily fixable, and by not running the SQL server on Fast-CGI, and instead using ISAPI, I'm pretty sure that will limit the majority of attacks that could even be done on the SQL side of things (as far as an injection attack). Please talk to me more about this offline, because I definitely want to hear the security concerns, and maybe we can discuss various ways to "harden" the system. Just to reduce the liklihood that anything "bad" could happen. I'm fairly confident that I could hardent the system down, I would just need to know more details about it, and also hear your security concerns (and any known weaknesses or vulnerabilities you may know of). Just so we can work out these details, and overcome these security related problems. Just so this could be used for real in-world commerce system (similar to a "wallet" or "shopping cart" system. I expect money to be stored in secure online banks (Not in Grid servers). The grid servers and the settings mentioned above, would only be used for a "Grid Wallet" system. just like a user keeps a small amount of cash in their wallet. (Not their whole life savings, just a small amount of cash, a few dollars, or whatever). So even if something did happen, and an attack was successful somehow, the monetary damages would really be limited to only a few dollars (maybe $2-$10 at the most). Again, money is actually stored in the SECURE BANKS, and the Grid server is only providing a "gateway" or an "online wallet" or "e-commerce shopping cart" type system. Nothing more. Users would be reminded to keep their money safely stored in online banks (and NOT in their wallets), but wallets would just be a small temporary storage unit, for temporarily moving money tokens back and forth in-world, and also to pay for land, or objects, or whatever in-world. Large money values, should ALWAYS be removed from the wallet, and transfered back (via an ATM system) back into a SECURE online virtual bank. I would need to spend more time looking at all this more carefully, to see how we could securely implement such a Global Grid Banking System, and I would need to setup a "Secure Proof of Concept" that we could use for testing purposes (and I know several licensed CISSP/LPT security professionals that work for the U.S. Governement). I am a licensed security professional, and I do have my LPT certifications and I can conduct my own LPT's (Licenseds Penetration Tests), but it would be a "conflict of interest" in attempting to attack a system that I designed or implemented. I would need to ask several of my friends (as independents) to come in and conducted licensed attacks and licenseds penetration tests (and write their own independent reports) just so I can get some "unbiased independent opinions" from third-party security professionals that I trust (and have known for 20+ years). If the system can be hacked or broken into, these guys are the ones to do it. I can help with the security, design, and implementation, but I would honestly need the developers to come forward (and talk to me offline) about any known security vulnerabilities or security weaknesses, so that I can at least work on "hardening" these areas. Or talk to various other professionals that I know, on ways to overcome some of these weaknesses. Just so at least we can harden the system as much as humanly possible. Then set it up as a "test server" (a test bank, with fake currency) and then I'll just invite about 20 of my friends, and sign agreements (authorizing licensed attacks) on the server, and then let them have at it. See what kind of feedback I get, and then go back and try to implement whatever additional security measures they recommend. It never hurts to have a few extra eyes on the project. I do have a LOT of resources available to me, so when it comes to security issues, I'm pretty sure I know the "right people" in the security community that could conduct true and valid Penetration testing. I would probably even be very forthcoming, and even give them the platform information, and just about everything they could ever want (possibly even source code) just so they can look everything over, study it, and then conduct some independent PEN testing on the server itself. Ok, let me work on getting some of this stuff setup (for testing purposes) and get it functioning first, and then if you could make me aware of any security concerns or known vulnerabilities (from the developer side), just so we can work on hardening some of these areas (as much as possible). But the majority of the security wil probably need to come from the server side, and good use of encryption, and just "basic common sense" when it comes to carrying money. Just like you would NOT carry A Million dollars cash in your Real-Life wallet (fear of getting robbed or mugged), users would need to be reminded that the "virtual wallet" is NOT an online banking system. That the "Virtual wallet" is just a place to temporarily store a very small amount of cash (an amount that would be acceptable to lose by the user), so as long as they understand the risks involved, and voluntarily use the systems anyways (accepting those possible risks) and that the Grid owner would not be responsible for any monetary losses or damages caused by any lack of security, or any security vunnerabilities of the system. It's the banks that really need to worry about hardened security (not the Grid owner). The Grid server is just responsible for a simple "wallet"/"shopping cart" type system. where users can temporarily hold small amounts of cash. Ultimately I think this is the best way to handle "in world" currencies (and limit/lower the possibilities of in-world thefts). On Sun, Dec 14, 2008 at 2:42 PM, MasterJ <[email protected]> wrote: > > Actually if you add into OpenSim.ini this : > [Economy] > ; These economy values get used in the BetaGridLikeMoneyModule. - > This module is for demonstration only - > ; In grid mode, use this currency XMLRPC server. Leave blank for > normal functionality > CurrencyServer = "" > ; "http://192.168.1.127/currency.php"; > > ; In grid mode, this is the land XMLRPC server. Leave blank for normal > functionality > LandServer = "" > ;"http://192.168.1.127/landtool.php"; > > ; 45000 is the highest value that the sim could possibly report > because of protocol constraints > ObjectCapacity = 45000 > > ; Money Unit fee to upload textures, animations etc > PriceUpload = 0 > > ; Money Unit fee to create groups > PriceGroupCreate = 0 > > ; This is the account Money goes to for fees. Remember, economy > requires that money circulates somewhere... even if it's an upload fee > EconomyBaseAccount = 00000000-0000-0000-0000-000000000000 > > ; This is the type of user that will pay fees. > ; Set this to 2 for users, estate managers and Estate Owners > ; Set this to 1 for Users and Estate Managers > ; Set this to 0 for Users only. > ; -1 disables > UserLevelPaysFees = -1 > > ; Amount to give to user as a stipend > UserStipend = 1000 > > ; When a user gets low on money units and logs off, then logs back on, > issue a new stipend if they have less money units then this > ; amount. Be aware that the account money isn't stored anywhere so > users will get a stipend if you restart the simulator > IssueStipendWhenClientIsBelowAmount = 10 > > ; If this is true, the simulator will remember account balances until > the simulator is shutdown or restarted. > KeepMoneyAcrossLogins = true > > ; We don't really know what the rest of these values do. These get > sent to the client > ; These taken from Agni at a Public Telehub. Change at your own risk. > ObjectCount = 0 > PriceEnergyUnit = 100 > PriceObjectClaim = 10 > PricePublicObjectDecay = 4 > PricePublicObjectDelete = 4 > PriceParcelClaim = 1 > PriceParcelClaimFactor = 1 > > PriceRentLight = 5 > TeleportMinPrice = 2 > TeleportPriceExponent = 2 > EnergyEfficiency = 1 > PriceObjectRent = 1 > PriceObjectScaleFactor = 10 > PriceParcelRent = 1 > > you can have the money working but ONLY with OpenSim mode (for me Rex > mode don't show me any money ammount or something with ) > > MasterJ Chaplin > > On Dec 14, 3:34 pm, Peter Quirk <[email protected]> wrote: > > The opensim currency will not include a currency broker. It will be up > > to others to create the payment systems that meet the regulatory > > requirements. > > Linden Lab will presumably strive to offer its services to the open > > grid. > > -- Peter > > > > On Dec 14, 9:21 am, Lc <[email protected]> wrote: > > > > > > > > > but the main issue with currencies is liabilities. Don't forget we can > > > HyperJump to any grids. That means the currencies should have the same > value > > > across the metaverses. > > > Who will be the "Metaverse Central Bank" ? > > > What will be the admissions fees for the grids ? > > > > > lot of questions and not so many answers... > > > > > Sacha > > > > > On Sun, Dec 14, 2008 at 2:48 PM, Peter Quirk <[email protected] > >wrote: > > > > > > The underlying opnesim platform is developing an in-world currency > > > > system. The proposal is covered inhttp:// > opensimulator.org/wiki/Money. > > > > Search the opensim-dev archives and inspect the code to see what has > > > > been done so far and what still needs to be done. > > > > -- Peter > > > > > > On Dec 14, 4:21 am, Mark Malewski <[email protected]> wrote: > > > > > Is there currently an "in-world currency" system with realXtend? > Is > > > > > this being worked on, or is there a viable solution to this at the > > > > > current time? > > > > > > > Also, is there any way to create an "in-world Karma" system? > > > > > > > These are my thoughts on such a system. > > > > > > > 1) Users are given a specific default Karma (maybe 100 pts by > > > > > default). Then their Karma goes up or down based on in-world > > > > > behavior. > > > > > > > For example, an avatar uses a gun, and shoots/kills another avatar > > > > > (this in turn would result in a hearing/trial/conviction) and the > > > > > avatar's Karma points would be deducted/reduced. > > > > > > > Some events could be done automatically. For example a user hits > > > > > another user with a baseball bat (assault), and this could result > in > > > > > an automatic 20 point Karma reduction (for the user committing the > > > > > crime). > > > > > > > Also a user driving a vehicle could strike objects (thus reducing > his > > > > > Karma by maybe 5 points for every object hit) and if the user > struck > > > > > or hit (or "killed") another user (hit them with their vehicle) > then > > > > > this would result in a "murder" and therefore the user's Karma > would > > > > > be reduced by 50 points. > > > > > > > I would like to have 2 different systems. I would like an "in > world > > > > > currency" and also an "in world Karma" system. > > > > > > > Any ideas as to how this could be done, or implemented from within > > > > > realXtend? > > > > > > > I believe it would help make the Virtual Worlds more accurate > > > > > (especially with gaming and rating users) as each user would have a > > > > > "Karma" ranking. > > > > > > > The owner of the world could give certain organizations (such as > > > > > churches) maybe 1,000,000 Karma points, and then these churches > could > > > > > give out the Karma points (to virtual users) like maybe give them > 10 > > > > > Karma points for attending a Virtual church service on Sunday, and > > > > > users can accrue Karma points (for good behavior). > > > > > > > Some users may help with public building, or help with "peace > keeping" > > > > > of the virtual world (and be assigned/given additional Karma > points). > > > > > > > It would be similar to like a "Positive Feedback" system that you > see > > > > > on E-bay. > > > > > > > You purchase something from someone, and the seller could give the > > > > > buyer a Karma point (for a good transaction). > > > > > > > I supposed the "Karma points" could be given to one another (as > > > > > tokens?) similar to a currency. Not to be confused with currency, > > > > > because in-world currency would be completely different, but this > > > > > "Karma" system would just be a way to gauge people's in-world > behavior > > > > > (as good vs. bad). > > > > > > > So users that use foul language, or are disruptive, or participate > in > > > > > fraudulent business practices they could be given "bad Karma" > > > > > rankings, so that other users see that these users have a LOW Karma > > > > > ranking (or even a NEGATIVE Karma number). So they know to be > > > > > cautious, and stay clear of some of these "bad users". > > > > > > > We have "good people" and "bad people" in life. Such is life. But > > > > > how do we rank users in a Virtual world? > > > > > > > I believe a "Karma points" system would at least help differentiate > > > > > some of the good/better citizens from the not-so-good citizens. > Just > > > > > as online feedback is used to rate products, or rate sellers, or > even > > > > > rate buyers... I believe an "In-world Karma" system, could be used > to > > > > > rate citizens. > > > > > > > Any ideas as to how I could implement such a system from within > > > > > realXtend? > > > > > > > I'd like to implement both a in-world currency system, and an > in-world > > > > > Karma system. (That could be used later for gaming, trading, and > > > > > various other things in-world). > > > > > > > For example in gaming, if you run over, or strike an object > (possibly > > > > > give all objects a "bump value"), so if you strike an object, then > you > > > > > get a certain number of Karma points deducted. > > > > > > > Like if you hit someone (punch, hit, or hit with a baseball bat, or > > > > > shoot with a gun, etc.) then each object you hit, would subtract > Karma > > > > > points (based on the "bump object properties"). For example, if a > car > > > > > was given a "bump object value of 20 karma points" and you hit the > car > > > > > with a baseball bat (a sound effect could be played upon bump), and > > > > > also visible damage could be displayed (upon bump) and also 20 > karma > > > > > points could be deducted from the user's score/Karma point rankings > > > > > (for damaging a vehicle). > > > > > > > This could be applied to guns, baseball bats, or various other in- > > > > > world weapons (even fist fighting, punching, kicking, etc.). > > > > > > > Like maybe there would need to be two different fields, a "bump > value" > > > > > and also a "lethal value". So a fist would have a much less > "lethal > > > > > value" than a gun, or a baseball bat. But also certain objects > like a > > > > > car would have a much higher "bump value" than somelike like a > garbage > > > > > can (less valuable). > > > > > > > So that way if you kick a garbage can, you may only lose 1 Karma > point > > > > > (very little damage to the garbage can, and the garbage can is of > very > > > > > little value). But if you kick a car, then you cause a little bit > of > > > > > damage to the car, but the bump value of the car/vehicle is much > > > > > higher than a garbage can (car is more valuable), so it would > affect > > > > > your Karma ranking more. So maybe kicking a car would result in 2 > > > > > Karma point reduction. > > > > > > > A baseball bat would have a much more "lethal value" thus if you > > > > > strike a garbage can with a baseball bat, it would display more > > > > > damage, and it would also subtract 2 Karma points (instead of 1 > Karma > > > > > point) because you have used a much more lethal force (higher > "lethal > > > > > value" based on the weapon). > > > > > > > So basically every object, and every weapon in the world could be > > > > > assigned a "bump value" and a "lethal value" (for weapons). > > > > > > > Standard weapons such as foot, kick, punch, hit, slap would all be > > > > > assigned a "lethal value" of 1. > > > > > > > But using various weapons would have a much higher "lethal > > > > > value" (assigned to each of the weapons). > > > > > > > So in-world "gun shops" could actually sell weapons to citizens. > Good > > > > > honest citizens could actually tote a weapon around (responsibly). > > > > > > > But if that weapon were used to shoot a Garbage can then they would > > > > > lose 1 Karma point. If the weapon were used to shoot a car, then > the > > > > > person would lose maybe 10 Karma points. If the weapon were used > to > > > > > shoot a person, then the person would lose maybe 50 Karma points. > If > > > > > the weapon were used to shoot a police officer, then the person > would > > > > > lose maybe 100 Karma points. > > > > > > > Do you understand what I am saying? > > > > > > > Is there any way to implement some form or "Karma System" (for in- > > > > > world behavior) and also an in-world currency system? > > > > > > > So that way users could give each other in-world currency, (which > > > > > could be used to purchase things like a car, or furniture), and > also > > > > > an in-world Karma system (which could be used to reward users for > good > > > > > behavior and punish users for in-world bad behavior). > > > > > > > Any ideas on how such a system could be implemented? > > > > > > > Thanks, > > > > > > > Mark- Hide quoted text - > > > > > - Show quoted text - > > > --~--~---------~--~----~------------~-------~--~----~ this list: http://groups.google.com/group/realxtend realXtend home page: http://www.realxtend.org/ -~----------~----~----~----~------~----~------~--~---
