On Saturday April 12th 2014, the Firestorm team hosted a meeting and Q and A session to discuss a number of issues, including the OpenSSL issue and how it affects SL / Firestorm, Firestorm blocking, the next Firestorm release and more, and answer audience questions.
While the meeting was recorded, the Firestorm team are aware that many of their users have hearing difficulties, and / or prefer to read text, so this transcript has been supplied on their behalf.
When reading, please remember:
- This is not a word-for-word transcript of the entire meeting. While all quotes given are as they are spoken in the video, to assist in readability and maintain the flow of conversation, not all asides, jokes, interruptions, etc., have been included in the text presented here
- In the interests of readability, topics in the transcript are not necessarily presented chronologically compared to the video. For example: specific topics of interest raised in the Q&A session, and which are self-contained, are presented under their own heading outside of the Q&A section.
- If there are any sizeable gaps in comments from a speaker which resulted from asides, repetition, questions to others etc,, these are indicated by the use of “…”
- Timestamps are provided as guidance should anyone wish to hear the comments in full from any speaker on the video
- Questions / comments were made in chat while speakers were talking. This inevitably meant that replies to questions would lag well behind when they were originally asked. To provide context between questions and answers, questions in the transcript are given (in italics) at the point at which each is addressed by a member of the Firestorm team, either in voice or via chat.
Please note: This transcript is provided for informational purposes only. I am not an official member of the Firestorm team, and technical or support issues relating to Firestorm cannot easily be addressed through these pages. Such requests for assistance should be made through the in-world Firestorm Support groups or at the Firestorm support region.
With thanks, as always, to North for the video.
The TL;DR Summary
The following is a brief summary of topics discussed. Timestamps in braces refer to times in the video where the relevant commentary can be heard. All sections are expanded upon in the main transcript – click on the timestamp to go to them.
- 0:00:15 Ebbe Linden – a review of Ebbe Linden’s (LL CEO Ebbe Altberg) presentation and Q&A at the VWBPE conference on Friday April 11th (video and transcript)
- 0:05:15 Firestorm 64-bit download: an issue with the certificate for the 64-bit Firestorm expiring meant the download had to be temporarily pulled. It has now been restored.
- 0:08:22 Firestorm DUI: the dynamic User Interface is very proof of concept and requires a lot of work and if it is developed, will possibly require as much as a year before it is remotely usable, and this with the collaboration of over TPVs and developers. Right now, it doesn’t require bug reports.
- 0:23:04 The Heartbleed SSL bug: a error in versions of an OpenSSL extension called Heartbeat can be used to expose server-side information to attackers. The SL servers are safe, the Firestorm server is safe, however, people can be at risk when connecting to external sites using MOAP or the built-in web browser. Firestorm 4.5.1 and 4.6.1 use OpenSSL, but the chances of them being vulnerable are negligible, and because of the log-in hash, users names and passwords are secure. The very, very small risk will be removed in the next release.
- 0:39:21 Firestorm blocking: older versions of Firestorm are blocked to try to encourage users to keep reasonable pace with the latest updates and capabilities in the viewer, and to meet with LL’s requirement that as many users as possible are on up-to-date viewers. It is not a Trojan, backdoor, spyware or malware. Log-in IDs, etc., are not compromised, nothing is passed to the FS server. Period.
- 0:56:19: Why Firestorm doesn’t use an auto-update process and the pain of clean installs
- 1:02:00: Due to a coding error, Firestorm 4.4.2, 4.5.1, 4.6.1 will be blocked from accessing OpenSim when the time comes to block them. This is not deliberate; it is the result of the code required to limit blocking to Second Life not making it into the viewer, which will be rectified with the next release. Firestorm remains committed to support OpenSim.
- 1:09:30 Due to the use of automatically-generated SLurls with images uploaded to Facebook accounts using SL Share to Facebook, the snapshot upload capability was blocked by Facebook. This situation has now been resolved between the Lab and Facebook, and photo uploads work once more.
- 1:14:05: The Next Firestorm release hopefully will be available in early May, and will include updates, fixes and new features, including some Mac updates, the new Vivox files, etc.
- 1:31:36: bugs don’t get fixed in either Firestorm or the LL viewer without people filing bug reports via the JIRA. Please help in making Firestorm, the SL viewer and SL better
- 1:36:25 Oculus Rift is coming, but it’s coming via Linden Lab. If you want to have a play, join the closed LL beta, or try CtrlAltStudio (just make sure you have a headset!)
- 2:02:02 a look at the SL Share 2 capabilities, and why they won’t be in the next release of Firestorm
- 1:51:06 Ed’s reminder about Firestorm Classes
- 1:28:36 Start of the Q&A seesion
0:00:55-0:5:15 Jessica Lyon (JL) provides a summary of the session held by Linden Lab CEO Ebbe Altberg (Ebbe Linden) at the Virtual Worlds Best Practices in Education conference, where he discussed the ToS, the Lab and future directions for SL and spent over an hour answering questions from the audience in a sesion lasting a total of just under 90 minutes. Ebbe’s profile can be read here, and a full transcript and video of his VWBPE session is available here.
Firestorm 64-bit Download
0:05:15 Jessica Lyon (JL): We were having problems with our 64-bit download … we’ve just fixed it … we had a problem, our cert[ificate] was expiring, we had to pull the download. we’ve put up a new download and it’s working again.
Dynamic User Interface (DUI)
0:08:22 JL: Most of you are here to talk about Firestorm Dynamic User Interface. Am I right? … So Firestorm DUI. first of all we were talking about this just before we started recording, for those of you who are watching on the video, it’s kind of an unfortunate coincidence that DUI shares the same acronym as driving under the influence, and perhaps under hindsight, it was a mistake that I included that in the April Fool’s Day video. I couldn’t resist; I thought it would be funny crashing into the lamppost and apparently I offended some people, and for those of you I offended, I apologise. I can assure the name was not chosen because it shares the acronym with driving under the influence. Also I’ll point out, it doesn’t matter what acronym we choose, in some language, in some country, it’s going to offend somebody.
0:09:29 JL: It does stand for Dynamic User Interface, because essentially that’s what it is. Yes it is real. Those of you on Mac and Linux weren’t able to download and try it; you can consider that kind-of a blessing, because while it is real, it’s really broken, and that’s not a joke.
0:09:50 JL: It is an early prototype / proof of concept to demonstrate that it can be done. When I say prototype / proof of concept, basically the only thing that was done was the code that was needed to detach three windows from the viewer, to prove that three windows can be detached. It needs a lot of work …
0:10:44 JL: So the joke was … it almost was flawless, except for one thing. and Ed and I were in on this, and Nicky … for over a year. Believe it or not, this is a year of planning for April first. I was planning this before we actually did last year’s April Fool’s joke … If you guys remember with Firestorm Mobile? There were a lot of people who perpetuated the joke … So there were people coming into group saying, “I just downloaded it, and it’s real and it works really good!” And then people were like, “Really? Why can’t I download it, where’s the link?”
0:11:30 JL: So I was kind-of counting on a percentage of people actually trying the link that I put in the video, and I was kind-of counting on these people would come into the groups and say, “Hey! Guess what? This is real, it really works!” And then other people would say, “Yeah, yeah, yeah, that’s what people said last year” … So there was two parts to the joke. I was hoping first of all that I’d trick a lot of people, and that also it would create a lot of chaos and confusion in all of the groups.
0:12:03 JL: I totally couldn’t predict how that would actually turn out, and in the end I think what happened was, the people that did download it, realised that it was real, and didn’t want to ruin the joke. And so there wasn’t that many people coming into the groups and claiming that it was real. So that part of it sort-of failed.
0:12:31 JL: DUI is real … so it is a proof of concept … and as I mentioned in the blog post, we’re really hoping that this will motivate inactive devs, because there used to be a lot more open-source developers working in Second Life and working on viewers than there are now. And why that number has diminished might be any number of reasons, or a combination of all of them. But there’s a lot fewer dev out there now who are contributing to open-source, specifically with Second Life and Second life viewers, virtual world viewers.
0:13:20 JL So I was hoping that DUI would provide a catalyst that might re-motivate people, because suddenly here’s this whole new world of possibilities you could do with this. But it needs to be developed.
0:13:25 JL: We’ve got a lot of people asking when are we going to release it. We’re not even thinking about when we’re going to release it yet. The other reason why I called out to open-source developers is because it requires a lot of work. And while Firestorm possibly has the biggest development team out of all the third-party viewers in Second Life, most of our devs are inactive; and even those who are active – we have lives; and this is a volunteer thing that we do in our spare time, and some of us have more spare time than others, and some of us have less of it.
0:14:20 JL: And so the bottom line is we can’t do this by ourselves. Okay, Nicky did the proof of concept and proved that it can be done, and we will continue to work on it, but we can’t do it ourselves because there is just so much work that needs to be done. And so we’re really hoping, and possibly the only way DUI can come to fruition, can actually be a real thing and be mainstream in Second Life and virtual worlds, which I really hope it will be, because it’s such a huge improvement to the user experience for most people, I think, Quite possibly will require that all the third-party viewers get together, work together, make it happen together.
0:15:04 JL: So that’s kind-of where DUI is; it raised a lot of excitement, and it should, because it’s pretty innovative, it really is something a lot of people have requested for a long, long time. Something that i can’t wait to use properly and anybody here that has more than one monitor … there’s even a possibility, it may not be realistic … please don’t quote me on this … it may even be possible to move HUDs outside of the viewer. Can you imagine? mean the potential is crazy with what could be done.
0:16:02 JL: So I hope there are open-source developers out there, watching this video, or maybe even in the audience, I hope there are people who maybe know a little C++, maybe they’ve tinkered a little bit with viewer code … Let this motivate you, really, seriously. Let’s work together and make something happen.
0:16:40: Is the implementation of DUI platform agnostic or will the current implementation require a unique implementation for OSX and Linux?
0:16:47 JL: I’m not sure how to answer that. [The] Windows operating system handles … we’ll say, folders … in a specific way, and Mac probably handles them a little differently and Linux probably handles them a little differently. We need to get Mac developers working on the Mac version of it, We need to get Linux developers looking at the code, because it will have to be developed a little bit individually from OS to OS. but I think most of the code is re-usable cross-platform.
0:17:43: Can you say what DUI is for people that don’t know what it is?
0:17:46 JL: DUI basically allows you detach floater windows or floater panels like Conversations, the People panel, Statistics, Inventory .. not necessarily detach them, but move them outside of the constraints of the viewer window itself.
0:18:05 JL: So if you’ve ever used GIMP, or any Adobe products allow you to undock any windows and throw them into another monitor, for example. Essentially, that’s what DUI is.
0:18:35 JL: By the way, I take pride is stating I tricked most of our developers here. There were a couple that got it straight away, Pantera and Futashy … they got it straight away … I’m saying it right for the record – Tank didn’t get it! Anyway, i thought it was fun, a good April Fool’s joke. I still think it’s the best one so far.
0:19:24: Do you think that adding some sort of LSL bridge to it?
0:19:26 JL: The bridge works with the viewer anyway, and the bridge is slowly becoming obsolete. I can’t say that we’ll get rid of the bridge right now, but the time may come where we might eliminate it. We can’t use it for teleports any more, properly, anyway.
0:19:54 JL: So a lot of people wonder why was it so hard to do this with the viewer when GIMP, PhotoShop, Adobe in general allows it? Well, because when they GIMP from the beginning, they made it with the expectation … that they’d be able to have the windows go outside the main window, so they did that from scratch. Whereas the Second Life viewer is tens of thousands of lines of code, probably in the hundreds of thousands … it was initially thought by most that to do it in the viewer would require a re-build, a start-over of viewer code.
0:20:44 JL: Somehow, I don’t know how Nicky does this stuff, she’s so far outside the box when she codes, and she just came up with some crazy way of thinking, “Hey! why not do it like this?” And it works, obviously. And if you look at the DIFF, which I posted on the blog post .., it’s not that much code. Keep in mind, of course, that it’s just the proof of concept and it is broken and by the time it’s coded to work properly and everything works, it’s going to be a lot of code.
0:21:17 JL: But the initial work to make it happen is actually not that much code, it’s crazy.
0:21:22: Do we have a repo for DUI yet?
0:21:23 JL: We do not have a repository for it yet. And thank you for reminding me of that, because actually the main point of this: please don’t file bugs for DUI yet. I say this because we know it’s broken, we don’t need bug reports to tell us that it’s broken. We’re not even at the point of taking bug reports yet. It’s beyond even taking bug reports. Everything’s broken, so if you guys are reporting bugs, you could just file one JIRA and say, “everything’s broken”, and we’ll reply with, “we know, thank you”. so don’t file bugs yet.
0:22:05 JL: There will come a time when we’ll probably do some public alpha, we’ll certainly do QA; it’s a long process. I expect DUI won’t … I’m totally guessing here, but maybe a year from now? It needs a lot of work, guys.
Heartbleed OpenSSL Vulnerability
0:23:04 JL: How many people have heard of the SSL bug? … well, we looked into what, potentially, in a very worst-case scenario, could happen. And I’ll tell you right now, your [SL] passwords are safe.
0:24:18 Arrehn Oberlander (via chat): My favourite explanation, in cartoon form http://xkcd.com/1354/
0:25:05 Techwolf Lupindo (TL): Yeah, with client in this case, I’m referring to the browser, not the viewer at all. When the browser communicates with your secure site, as part of the communications to check each other … so that no-one is sniffing-in on the communications. The bug is that as a part of the communications, you can send a request to get some information back, and if you send for more information than what the server has, there was no balance check, and so the server would serve-up its own memory which you shouldn’t have access to begin with, and because of that, what’s in that memory, all kinds of good stuff [is exposed].
0:26:27 JL: So in order for the person to do this, they either have to be the website you’re visiting, or they have to have access to the website that you’re visiting. So this leads us to what websites in regards to Second life were vulnerable. Linden Lab’s website was not, the Linden viewer was not, our website was not affected.
0:27:03 JL: Our download server was, but we don’t actually use SSL on our download server, so it was not affected.
0:27:11 JL: The Firestorm viewer – this is where we create a panic, oh my gosh! – version 4.5.1 and 4.6.1 do use that OpenSSL, and are affected. But, the likelihood of your viewer being utilised, or a hacker using the Heartbleed bug to get into a viewer … if it happens to you, then immediately go out there and buy lottery tickets, because you’re going to win three times. And even if it does happen, it can’t get your password, because the viewer does not handle the password. The password is sent in a hash, which is sent to the Linden servers, which are not affected.
0:28:10 JL: But if you want to be really paranoid, and I encourage paranoia to a degree, be cautious when you use Media on a Prim, because it can get you through Media on a Prim. Basically, if you connect to a website that’s serving-up Heartbleed and there’s somebody waiting behind it with some client that happens to be vulnerable, it’ll be through Media on a Prim, because you’re serving-up a web page in the viewer or through the viewer’s internal web browser.
0:28:40 JL: So if you want to be paranoid, be strict with your permissions on Media on a Prim, which by the way is OFF by default in Firestorm unless you change that, and when using the internal web browser. So go into Preferences > Network and tell the viewer to use an external browser.
0:29:11 JL: And if you’re really, really paranoid, you can roll-back to version 4.4.2, but I wouldn’t encourage it because then you’re missing out on materials and missing all kinds of fun stuff, fitted mesh, and really, you’re over-reacting if you’re going back to 4.4.2. And if anybody gets hacked through this, I will pay for a new computer for you out of my pocket. That’s how confident I am that you have nothing to worry about.
0:29:40 TL: To exploit the client is a lot more difficult because first you have to trick the user into a clicking a bad URL. that’s why my basic recommendation is to turn Media on a Prim off altogether, use an external browser, and make sure your external browser has been recently updated within the last few days.
0:30:12 JL: I should add to that promise I just made … You’re going to have to prove to me beyond a shadow of a doubt that the viewer was exploited using this exploit! I know I’m going to regret having said that!
0:30:32 JL: So really, you’re going you’re going to win the lottery before your viewer gets hacked. That’s not to say your computer or website or browser or something … it could happen that way.
0:31:14 Ed Merryman (EM): Just for the record, we will be updating our SSL on the next release.
0:31:57 TL: You’re OK with search. Lab Lab’s search page[in the viewer] is perfectly safe because Linden Lab is always checking that they’re OK and everything. for search or marketplace or anything that’s by Linden Lab, you can safely use the internal browser.
0:32:15 JL: So the bottom line is you guys know I’m usually a pretty paranoid person, especially running the project and everything that could possibly go wrong. And really, you’ve got no worries about the viewer. Especially if you take these precautions … The next version of the browser, it will be fixed … If I thought there was a risk, a real tangible risk, we would have a new release out right now.
0:34:03 I’m guessing that no anti-malware, anti-virus, Firewall etc can help against Heartbleed?
0:34:33 TL: That was the biggest issue of this Heartbleed bug; it left nothing in the web server logs and in the firewalls it doesn’t trigger anything because we had no way to detect it … as far as any anti-malware, anti-virus, they can’t detect it.
0:36:48: Heartbleed is limited to 64K chunks at a time too right? and random 64?
0:36:52 TL: It’s limited 64K chunks at a time … you can send more than one 64K chunk at a time. so in other words, you can start at memory point zero and go all the way until the server crashes and you have a complete copy of its memory, which holds all kinds of good stuff, including the SSL keys itself. That’s why it’s such a big deal.
Firestorm Version Blocking
0:39:21 JL: So why we block versions. Now we’ve talked about this before. I’ve talked about this before in this very same setting, and I’m going to talk about it again until I’m blue in the face. Recently, as you know, we blocked version 4.4.0, there was a little over 5,500 people on it, which was not a lot of people compared to some of the previous blocks we’ve done.
0:39:40 JL: Let me be the first to tell you that blocking old versions a not something that I generally enjoy doing. I don’t do it because i want to kick people off, I don’t do it because it makes our life easier. In fact it’s quite the opposite. Blocking versions becomes a significant load on the support team, it requires effort on our end.
0:40:19 JL: Our mission statement is “improve the user experience”. And generally speaking, when you force somebody off a version they’re comfortable with using, it’s not improving their experience. In fact if you’ve been one of those people, you will attest you’ve probably been pissed off when we blocked it.
0:40:39 JL: On the other hand, I’ll say straight-up, Linden Lab wants us to keep people on a modern version, and we’ll get back to that. But I want to talk about another reason why we do it. If you are content creator, and you make mesh clothing, for example, and let’s say you’re selling content which is fitted mesh, which is fairly new, and you got customer after customer after customer after customer … buying your stuff and they coming back and saying it doesn’t work. And then you’re spending all your time trying to work out why it’s not working, and they you realise it’s because they’re on a old version of a viewer that doesn’t support fitted mesh. You then come to me, angry, and perhaps rightfully so, because we are, in effect, breaking your content.
0:41:40 JL: Fitted mesh is on the grid, folks. It is live, it is full-blown, it is full steam ahead, and it is widely adopted. And if you’re using version 4.4.0, for example, you’re not seeing it. So it’s not just that we have pressure from Linden Lab, but it’s that we have perfectly legitimate pressure from content creators, and let me tell you it’s the content creators who are the people who have made Second Life what it is, and i take them very seriously.
0:42:10 JL: We wouldn’t have the couch I’m sitting on, we wouldn’t have the clothes you’re wearing if it wasn’t for these people … and if we’ve got a lot of their customers – I don’t want to drive them out of Second Life, and there’s enough content creators leaving Second Life as it is. So there’s that.
0:43:33 JL: Then there’s going back to Linden Lab. Linden Lab wants us to keep people on modern versions. Why are they not doing that for Singularity or Catznip or other viewers? Let me try to explain this in the best way I know how. 10% of even the second most popular third-party viewer, 10% of the user share, the users, on the second most popular third-party viewer, is maybe a couple of thousand people.
0:43:07 JL: 10% of Firestorm users is 10, 20, 30,000 people. So, I’m being responsible. When it comes down to blocking old versions, what I’m really doing is being responsible. and while on one hand, it’s not improving your user experience for those who are on the old versions, it is ultimately improving the experience of the majority of people in Second Life, and it ensures Second Life moves forward. Because believe it or not, there are more people on Firestorm than all other viewers combined. All of them. There’s a lot more people on Firestorm than any other viewer out there.
0:43:57 JL: It’s not necessarily a thing to celebrate. It really is a big weight on my shoulders, of responsibility. Because we can inadvertently ruin Second Life id we’re not carefully … we can break things really bad, and it has happened in the past.
0:44:22 JL: I’ll talk a little bit about why we have the functionality to start with. In the beginning, we had no intent to be blocking old versions. We fully expected that people would adopt new versions because they want to and because they’re cool and have nice shiny new things. And it turns out Firestorm has a really bad adoption rate.
0:45:07 JL: So there’s 5,500 people on version4.4.0, roughly. That’s not a lot of people, but when you consider that there is a percentage of those people who are complaining to content creators, and those content creators are complaining to us, so we have to do something about it. Let me get back a little bit to why we implemented the blocking technology to start with.
0:45:29 JL: Back in the Emerald days, and I hate to bring-up the Emerald days … and Emerald had far less users and Firestorm does … Emerald did a release, and there was some code in there … and not intentionally, it spammed the Linden servers … I think it was radar … anyways, it was spamming extra messages to the Linden servers. And within a couple of hours of releasing it, I think it was Soft Linden came, saying, “What the Eff have you done?” And unfortunately, we don’t know that we’re spamming servers because we don’t have access to the servers, and perhaps that’s a good thing. I’m sure that’s a good thing.
0:46:29 JL: But we didn’t know, and there’s no way for us to test if we’re going to spam the servers. We can try to be smart when we’re coding, think ahead, that kind of thing. But accidents happen. They do happen. And what emerald had to do was take out that code, and issue a new update immediately.
0:46:50 JL: And it didn’t happen immediately, because Emerald wasn’t able to block versions back then, and so it took some time, and the Linden servers were under a significant load because if that simple, simple little mistake.
0:47:06 JL: If we did do that, Firestorm, if we do that, we could potentially, very easily, knock Second Life off-line. Gone. Because there’s so many people on Firestorm … When we released Display Names, we broke the Display Name servers! And that’s an example of a legitimate code, well-coded, it was Linden Lab’s own code, and when we released Firestorm with Display Names, their servers were inundated for weeks … Display Names weren’t working because there was too much load coming from Firestorm users.
0:47:46 JL: It’s not because we did it wrong, it’s just because of sheer numbers. They did not anticipate that there would be that much load for Display Names. And there have been other examples as well.
0:47:59 EM: It was Phoenix. The other one is 4.4.1.
0:40:03 JL: It was Phoenix, yeah.
0:48:07 EM: 4.4.1 was a very good example.
0:48:11 JL: so 4.4.1 is another example. We were helping Linden Lab with some debugging on Server-side Appearance. And in that debugging we had to enable a setting that sent a little bit of extra information to the Linden servers about the avatar’s appearance … we forgot to turn that off when we released 4.4.1. And immediately we’re notified that we’re hammering the servers, we need to do something now, before more people get on Firestorm, and we released an update and we initiated a block.
0:48:50 JL: So this is why we have the block … we have the block because this is us being responsible.
0:49:09 JL: The block is not a backdoor, it is not a Trojan, it is not a virus. There was a blog post were some people were accusing us of backdooring a viewer and all kinds of crap.
0:49:28 JL: So I took the time to make a wiki page, and this shows you, in plain English, as good as I can write it about how our blocks work and you can even go in and see those files yourself; we’ve made no effort to hide them, we’ve always been transparent. so this show you how it works.
[jess profile and FS support chat showing team membership and FS version to demonstrate file usage, stress, file read don't in viewer initialisation, before log-in attempted]
0:49:50 JL: In English for those who don’t want to click on a link … when the viewer is launched, the viewer checks a list on the[FS] server to see if its version number is listed on a file. And if it’s on the list, it is blocked, and it will not log-in to [to the Second Life servers]. That’s all.
0:50:19 JL: So that’s how the blocking works. I hate that we have to block old versions … I hate that I can’t guarantee that the new release is going to work flawlessly for you. That’s what I hate. And I totally understand why there are people still using version 4.4.2, for example, especially Mac people – I totally get it.
0:51:01 JL: And in fact, we’re not going to be blocking 4.4.2. We’ve made an outright statement with Linden Lab that we’re not going to block it until the big Mac issues have been resolved. And I just hate that we can’t make a version that’s bug free for everybody. and that’s why I’m allowing three versions on the grid at any given time. This gives you the option that if you upgrade to the latest version that we’ve just released, and it doesn’t work for you, you have the option to go back to the previous one. And hopefully, within the next two releases, we’ll have these problems fixed for you. That’s the hope. That’s why we’ve got three versions.
0:52:28 JL: So we’ve had a lot of complaints that we’re blocking versions … can you guys understand why Linden Lab wants us to block old versions? Who questions that? … The bottom line is, whether you question it or not, because of the amount of usage Firestorm has, it is our responsibility to try to keep people on modern versions that support the latest code, because Linden Lab will spend tens of thousands or even hundreds of thousands of dollars on code or a feature, and if Firestorm doesn’t release it, they’ve wasted that money … Because if Firestorm does not adopt it, then two-thirds of the user base does not use it. And if the majority of the user base is not using it, then the feature’s pointless, and it’s been a waste of money.
0:53:22 JL: So we have to be responsible and we have to block.
0:53:28 JL: The only question then is which method do we use? We can use our method, which i think is the most fair we could come up with, which gives you three versions to choose from; or we can let Linden Lab do it. And i will tell you, I have more-or-less fought with Linden Lab, they really wanted to take over blocking our versions. They really wanted to be the ones to handle that. And if we give them that ability to handle that, that means that when we release 4.6.1, ALL other versions are gone. All of them. You will not be able to log-in with 4.5.1 or 4.4.2, and when you’re logging-in to that important meeting you have in 5 minutes and you’re late, and you launch version 4.5.1, and it saying it’s blocked and you have to download the new version, and then you have to go through the whole hassle of downloading the new version … you’ve missed you meeting. I don’t believe in that.
0:54:27 EM: I’d like to make a point. Not to contradict Jess, but Linden Lab can still block the viewer. What they’re doing is allowing us to block selectively and give you a warning that it’s blocked. Rather than it’s just not working.
0:54:46 JL: This was negotiated. This was basically Oz Linden saying, “we want to handle blocking it”, and me saying, “no, no, we can do it. Let us handle it. And we’ll prove to you that we can do is, so that you’re not taking over on us”. And that’s when we did the big block of all those versions. The was me proving to Linden Lab that we’re perfectly capable of standing on our own feet and blocking versions and we’re capable of doing it ourselves. And I’ll tell you that if we don’t, then Linden Lab is going to step in.
0:55:18 TL: One thing I would like to mention is that when I coded-up the block ode there, I made sure we could give you a reason why that viewer is blocked. It tells you why it’s blocked. I’m not sure Linden Lab does that or not.
0:55:34 JL: No. so the other thing I like about our system is that it tells you that it’s blocked because XXX, here’s the link. If Linden Lab were to block it, the message you get is, Whirly, what is the message …?
0:55:56 Whirly Fizzle (in chat): It just force downloads an update.
0:56:00 JL: It doesn’t tell you anything. It just doesn’t work, and it’ll lead you to think you’ve been banned or suspended from Second Life if you can’t log-in, because it’s a log-in failure message, as opposed to ours doesn’t let you get to the log-in point.
Auto-update / Clean Install Segue
0:56:19: The LL viewer does auto updates, why doesn’t FS do that?
0:56:22 Tankmaster Finesmith(TF) in chat : we haven’t coded to allow for auto updates.
0:56:25 EM: Quite frankly, as much as I would love everybody to be on the latest release, the latest release doesn’t work best for everybody … We’re about improving your experience. Auto-update? No.
0:56:46 JL: Well, the auto-updater is also not going to give you the 3-version option. If you try to use an older version, every time you launch it, it’s going to try to auto-update. We nag you with that little Post-It note, I’m sure you’ve all seen it, that we put on the screen. That Post-It note doesn’t prevent you from using the viewer; you don’t have to click it away … it’s just there to remind you that there’s a new version. It’s a nag, but that’s because I don’t want to block you. I would prefer that you update to newer versions so that when we do block, we’re not affecting many people.
0:57:35: What about manual updates instead of clean installs?
0:57:37 EM: We would love not to have to tell you to do a clean install … However, having done support for four years, I can tell you right now, the vast majority of problems we see after a release are people who have not done clean installs. That’s why we have the back-up feature now. You can back-up your setting now. all the settings that are safe can be backed-up and restored on the next release.
0:58:15 JL: there’s also in an auto-updater, we’re not really able to reach you, because it doesn’t take you to our website, and the website pays the bills by the way. You guys coming to the website covers our server costs. We have two servers now we’re paying for. It’s really good to drive people to the website, it’s really good to drive people to our blog, it’s good to drive you to our wiki pages, because it all benefits you, it all has pertinent information that will improve your user experience, should you so take the effort to actually read it.
0:59:22 JL: It is the bane of my existence that support ask people to do clean installs. every time I do a blog for a new release, Ed sits there nagging me, “Don’t forget to tell them to do a clean install!” And I really hate that we have to ask you to do that, and it is unprofessional that we have to ask you to do that. And we’ve put a lot of work into initiatives to find out why and how settings get corrupted which end-up requiring a clean install, because it shouldn’t happen in a properly coded application. But is does, and we’ve never been able to properly figure out why. It’s not for lack of trying; it’s one of these ghosts in the machine.
1:00:25 JL: So I hate that we have to ask you to do that, but as an alternative, we brought you the setting back-up. At least that way you don’t have to spend hours going through settings and trying to set it back up the way it was. If you do a clean install, you can launch the viewer and go in and recover your settings and re-log and you’re there.
1:00:55 JL: Granted, not all settings get backed-up. Most of them do; not all of them. And there’s a reason for that; the ones that don’t get backed-up, we’ve discovered over time learning why clear settings works, are intentional, because those tend to be the settings that get corrupted. So we don’t want you to save corrupt settings, and then do a clean install and then restore corrupt settings. So some settings don’t get backed-up because they are commonly culprits for causing corrupt settings.
Blocking and OpenSim
1:02:00 JL: A while back we had set-up the initiative to have the ability to block the viewer from Second Life and not affect OpenSim. And that was supposed to have gone in to version 4.4.2. And this morning, when I was preparing for the Q&A and I was looking into the code so I could show you where it is, I discovered it’s not there.
1:02:31 JL: I don’t know what happened; I don’t know why it’s not there, it was supposed to be. One way or another, it didn’t get done, I assure you it’s going to be done for this next release that’s coming.
1:02 50 JL: The consequence is though, that eventually we will block 4.4.2, 4.5.1, and 4.6.1, and those will also end up blocking for OpenSim. And for that, if you are an OpenSim user, I am so sorry.
1:03:11: What is “Open Sim”?
1:03:12 JL: OpenSim is a another virtual world grid like Second Life but not as big.
1:03:19 JL: So I … did state in the 4.4.0 blog post at this would be the last time that OpenSim would be affected by a Second Life viewer block, and I’m going to have to retract that, and I will.
1:03:34 So Firestorm won’t support OpenSim anymore?
1:03:36 EM: We will still support OpenSim.
1:03:33 JL: We are still fully supporting OpenSim. I’m all for OpenSim, I’m all for virtual worlds of every kind. We made a promise a years-and-a-half ago that we would put interest into OpenSim and I don’t make promises lightly, and I’m not pulling out of that.
1:04:08 JL: I heard a thing that kind-of disturbed me a little bit a couple of days ago from somebody well-known in OpenSim that apparently the owners of OS Grid and a few other OpenSim grids are calling Firestorm “anti-OpenSim”. That ticked me off, quite honestly, because we’ve made a lot of effort to be OpenSim compatible … and [that's] something I want to straighten-out with them.
1:04:44 JL: We are still fully supporting OpenSim. It just means that future blocks for the next couple of releases are still going to affect OpenSim.
1:04:54: Can that selective blocking code be backported into 4.4.2?
1:04:55 JL: No it can’t. I really wish it could … it requires some viewer-side code. And I can’t tell you why it’s not there yet, because i haven’t had a chance to speak to the developers who were implementing that. At some point I’ll find out; probably an honest mistake. In the end, it’s not their fault, it’s my fault because I made the assumption it was there, I made statements … and I am CEO here, and the crap floats to the top. So I’m to blame, and if it ever comes out what developer did or did not do, it should still be me who’s blamed.
1:05:56 JL: I don’t know that’s “bad” information coming from OpenSim, just that there are apparently people in development positions in OpenSim who think that we’re anti-OpenSim. And I don’t even know where that comes from, because we’ve made a lot of effort for OpenSim. But I’ll deal with that another time.
1:09:30 JL: you guys remember the SL share thing? There was a big issue with it? That’s another example of Firestorm overwhelming something. So Linden Lab had SL Share released for a number of months, I believe, an all was fine and peachy – SL Share is your ability to link to your Facebook page, and you’re able to upload snapshots directly to your Facebook page.
1:10:02 JL: So everything was fine there, and then Firestorm released SL Share, and when we did so – and I will quote – they “received a huge spike in usage”. And it prompted them [Facebook] to take a look and see what was going on. The Linden server was sending a whole lot more stuff than it had been in the last couple of months.
1:10:38 JL: So that made Facebook staff look to see what was being posted, and then they discovered there was one of their terms of service violation, which is that if you use this API that allows an application to post to your Facebook feed, that it not include a pre-typed text. Any text that’s included with the image must be manually typed by the user, and Linden Lab was auto-typing the SLurl of where the picture was taken. So it prompted Facebook to take a look and say, “Wait a minute, that’s a terms of service violation”. They got hold of Linden Lab, Linden Lab got hold of us to say they’ve been blocked from Facebook.
1:11:28 JL: So it was looking as though we would have to block, once again, 4.6.1 which we had released and issue an emergency update. Fortunately, they found a better way and were able to strip that text data from being posted.
1:11:46 JL: So the reason this is here now is that Linden Lab’s ban on Facebook ban has been lifted, and SL Share will work again.
1:11:55: Please tell me this SL Share thing won’t become a THING-we do not need Zuckerberg and his ilk here.
1:11:56 JL: No, you don’t have to use it … If you don’t want to use SL Share, don’t. If you do, go for it. I might suggest, tho, that you use it with a real Facebook account. Because it is a terms of service violation to have an account that does not have a real name [you can have a Facebook page associated with an avatar name, but you cannot upload to Facebook pages using SL Share.]
The Next Firestorm Release
1:14:05 JL: In lieu of the OpenSSL bug, we have some really cool stuff that we’ve done since our 4.6.1 release. Not that we’ve done. Some of it Linden Lab has done, some of it is updating certain things, like Vivox to the latest version …
1:14:38 JL: How many of you will launch more than one version of the viewer at a time? You do realise that is totally unsupported, right? Because one viewer is tough, two viewers? You’ve got to have a really good computer. But for those of you with a really good computer, this next update will give you the ability to have voice running on both viewers. That code comes from Latif, from Singularity.
1:15:40 EM : The stuttering is fixed with the new voice files.
1:15:49 JL: There’s also an option to hear voice equally from all speakers, which is hugely requested … you know when you’re in a room like this and you have the viewer set to hear voice from camera position, and you move your camera away and it gets fainter? This feature makes everybody’s voice the same volume … It’s coming via Singularity, it was implemented in Firestorm by Ansariel.
1:16:41 JL – 1:27:20 A general discussion on updates and fixes – please refer to this Google Doc for the list referred to in the video.
1:27:22 JL: The moral of the story is, we have a release coming that has some really cool stuff, some really important fixes, some really important improvements, and it’s coming really quickly. We generally have a 4-month turnaround and this will come out in the 2-month turnaround. I’m hoping we’ll be able to release it sometime early into May, like the first week of May, somewhere around there … That’s just hoping.
1:53:39 JL: Webkit is being updated as we speak. So you know on Media on a Prim and you’re on a YouTube page, and you get that warning? So Nicky is updating webkit which fixes a bunch of bugs. and we found out at the TPV developer meeting when we told Linden Lab that we’re updating webkit, they said, “oh what a coincidence! So are we!” So they’re working on it as well … So that’s being updated and it’s long overdue and it’s been generally thought that Linden Lab is going to have to do this, but Nicky being Nicky decided she was bored, so she was going to do it … She’s updating it for Mac as well, and she’ll probably do it for Linux.
[Webkit is a third-party plug-in used within the viewer for a number of tasks. For example, it powers the built-in web browser, and is used to display profiles (unless you’re using a viewer supporting legacy profiles). It is also used with like Media on a Prim (MOAP) and many in-world televisions.
[There have been an increasing number of issues with webkit. The libraries used within SL are out-of-date, for example, something which has caused the Lab and TPVs a considerable amount of pain (see BUG-4763 and FIRE-12642, and FIRE-11057).]
A Note On Reporting Issues
1:31:36 JL: I often see and hear and come to me saying “I’ve got this problem”, and I’ll say, “Ah, that’s an interesting problem” … and I’ll ask support, and they’ve not heard of it either. So I’ll tell this person, and this person will say to me, “well, it happened on 4.6.1, so i just went back to 4.5.1, and maybe it’ll be fixed in the next release”.
1:32:11 JL: Let me tell you right now, it will not be fixed. And I’ll tell you why. We’re not psychic and we can’t read your mind. And if you come across a bug, especially in the case of a bug is new, or not a common bug, if you don’t file a JIRA on it, we don’t know about it, and we’re not going to fix it. So i appreciate there are optimistic people out there, I love you for being optimistic, I’m glad that you are. But there’s also a realistic bit that has to come with optimism, and just saying, “I’ll let somebody else report it” is not going to get it reported because that someone else also says, “I’m going to let someone else report it” … and it’s not going to be fixed.
1:33:04 JL: And i love that you are, “maybe in the next version” … But it won’t. We need you to help us. We go to great lengths to fix bug for you, and for us as well … we use the viewer too … for the bugs that we know about. Bugs we can’t reproduce, we don’t know about, we can’t know about, we can’t fix unless you file them.
1:33:35 JL: And I know filing a JIRA can be intimidating for people. It seems a lot harder than it actually is, it’s really not that hard. I can promise you – and a lot of people think, because of Linden Lab’s history – “I’ll file, but it’ll never be looked at”. I can promise you, as long as Whirly is alive, it will be looked at. And it will be filed and categorised and put in the right place appropriately, and she will bring it to our attention, no matter how insignificant it is. File it, really. It’s not going to be fixed in the next version unless you file it. It’s going to take you five minutes … it’s going to take us hours to fix the bug … so the least you can do is file a JIRA.
1:34:32 EM: What Jess just said about our bugs … Linden lab has a tonne of bugs out there, and we’ve have a significant number of people who have performance issue on 4.6.1. We talked to Linden Lab about it, we found a workaround, a debug setting that you can change that’s a workaround for it. We talked to Linden Lab about that, and it’s going to cause problems. If a enough people use it, the servers will die. The only way they can fix it is if they get JIRAs with logs. It’s not just us, it’s Linden Lab that needs your help as well. If you don’t tell them where the problem is, and help them out to find the problem by submitting JIRAs with your logs, and doing what they ask you to do, then the bugs are not going to get fixed. It’s as simple as that.
1:37:47 TL: Please do not use the JIRA for political ranting.
1:37:54 JL: We want to know about your bug, not about your mood … We get a lot of people saying we need to fix the current bugs before we work on something else. Let me tell you something: the current bugs will never, ever, all be fixed. There will always be bugs, especially in a Second Life viewer. Some of them aren’t us; some of them are; some of them are server-related. There’s always going to be bugs. We can’t fix all of them. And anything that is new is going to create more bugs! That’s just the way it goes! That’s software development!
1:36:10: For issues that are LL specific, is there anything that can be done to highlight or draw LL’s attention to said issues? *cough* OSX alt+zoom *cough*
1:36:25 Will there be Oculus Rift support in near future?
1:36:28 JL: As you know, Linden Lab is working on that. It’s a pretty big news item at the moment. They’re working on it, so we’re not working on it, because there’s no point in two parties doing the same work, and I can guarantee you that Linden Lab will do a better job because the Rift costs money, and we’re not rich. Linden Lab can afford to buy them to test with them, to code with them, we can’t. So Linden Lab is going to develop Oculus Rift, and like everything Linden Lab does, eventually it falls into Firestorm.
1:37:07 JL: We will not have it before Linden Lab. And probably Linden Lab will have it released for a period of time … before us, because it takes us time to merge that stuff in. But Oculus Rift is most definitely coming to Second Life. And although I have not seen it with my own eyes, I hear it can be very cool, very disorienting and even make some people uncomfortable.
1:38:12 LL are looking for extra Rift owners for testing their closed beta.
1:39:15: Apologies for the confusion on my part – are you saying that the Firestorm viewer already supports 3D viewing – i.e., anaglyphic?
1:39:16 JL: No, Firestorm does not already support it. However … there is a viewer out there called CtrlAltStudio … and he is working to implement Oculus Rift, Leap Motion, all kinds of cutting-edge stuff. It is based off of Firestorm … so if you go grab it, you’re basically on 4.6.1 with coolness stuff.
1:40:11 JL: I hate to say it, but if you’re on CtrlAltStudio, we’re not on it and if you find issues with it, and they’re not issues that happen in our Firestorm, we can’t help you. It’s important to know that CtrlAltStudio is a cutting-edge viewer. You remember Kirsten’s viewer, a cutting-edge viewer that had like the latest tech, whether it was stable or not. CtrlAltStudio is kind-of the same thing; it’s cutting-edge. and we need to have developers in the community like this in the community. Because these are the guys that pave the way for the rest of us.
1:40:53 JL: If CtrlAltStudio wasn’t doing this and getting the stuff out there, it would take longer for TPVs like us who have to play a little bit on the safe side because of the way we can affect the grid. And so we have to play safe and not be cutting edge. So it’s really call that there’s people like him [Dave Rowe / Strachan Ofarrell in SL] who do this kind of thing.
SL Share 2
2:02:02 JL: SL Share 2 is the Twitter button and Flickr thing and filters and stuff, it’s really cool. I’m so impressed with Linden Lab lately, because as much as people criticise them, and even i do sometimes. Lately, you have to admit, they’ve been doing a really good job … They gave you the mesh deformer; they fixed avatar appearance more-or-less, we don’t see bake fails anymore … HTTP work, which has improved networking speed and all kinds of stuff.
2:02:44 JL: Linden Lab’s been on the ball! And they’ve been doing a really good job . and I’m not trying to be like a fan girl or anything … because I’ll criticise them when criticism is due … so using this SL Share as an example … this stuff is really, really cool.
2:03:14 JL: We asked Linden Lab at the TPV Developer meeting, and they said, “yeah, we’ll have it released by the time you have this release out”. so I was really hoping that we could have SL Share 2 in this upcoming release, because it’s just really shiny and cool.
2:03:27 JL: It turns out they’ve also mixed it in with a project called [Google] Breakpad], which is supposed to improve the accuracy of crash reporting, and it doesn’t. And on top of that, it’s absolutely horrible and has all kinds of nasty bugs (see: BUG5707) and weirdness, and we totally do not want that.
2:03:57 JL: And because they’ve mixed Breakpad, which is epic fail, in with SL Share 2, which is epic win, we can’t really use SL Share 2 yet, because it need to be fixed … Even Linden Lab has told me, “don’t take Breakpad yet”.
2:04:19 JL: So … people will say, “Well how come you don’t have it? how come you don’t have it?” Linden Lab has, in fairness, a small percentage of the user share in Second Life, so for them to release with a bug, it’s going to affect a small percentage of the users in SL. If we take that bug and release it, it affects a very large percentage of users on the grid, and so we have to have a really high standard.
1:51:06: Ed issues his usual encouragement for people to attend Firestorm classes, which are held at the Phoenix Firestorm Support region classroom and at Junkyard University. Class times are scheduled throughout the week at different times to meet the needs of different time zones, and recordings of classes can also be obtained on the Firestorm YouTube channel. There is also the help area on the Support region where assistance can be sought.
1:28:36: How’s group bans coming?
1:28:39 EM: Group bans is coming along. There’s still a few bugs to be ironed-out. Baker Linden is working on it, but it’s getting close to being out in a release candidate viewer from Linden Lab. That’s what Oz told us on Friday.
1:29:00: So voice is borked until we get new files and / or new Firestorm?
1:29:17 EM: If you’re having the voice issue on 4.6.1 on Windows, it’s an easy fix; it’s on the voice page. You can simply download a zipped folder and unzip that in the [Firestorm] program directory, and let it replace any files that it wants to.
1:30:31: You’re saying adding those files will overwrite the ones that are there?
1:10:32 EM: Yes, that’s exactly what you do.
1:41:37: Just curious if the Firestorm dev team ever does code reviews and are they seriously helpful?
1:41:47 JL: Yes and no on both parts of that question. We don’t do a formal code review; quite often we will discuss things internally, we’ll talk about it, and we’ll come to a decision of a way to approach something … One of our coders will work on it, and test it …
1:42:12 JL: One of the nice things about being a TPV is that we can be really agile, and we can make changes very quickly. Which is something a bigger company like Linden Lab can’t do so well, because they have to go through all these code reviews and all these processes and steps and approval from this department and approval from that department. we can sort-of bypass that, but we have to be careful when we bypass that; there are consequences to doing it wrong. But if we can do it right, they we’re able to get things out much quicker. So by going in our own loose kind-of a way that we do, we can be more agile and react a little bit quicker.
1:43:00 JL: And then we get to merging-in Linden code, which really slows us down. So where we benefit in one area, we kind-of get set back in another … I will say while we lack in code review, we benefit in QA. We have a very strict QA process, which i think is much more effective than Linden Lab’s QA. but it’s also the reason it takes us longer to get releases out, because they hold stuff back because they keep finding bugs!
1:44:42 JL: I don’t know if they [LL] that they have a QA monster any more … I’m looking at Breakpad, which is sitting in a project viewer, I believe, and it somehow passed QA.
1:45:23: Is there a voice issue with the 64 that is not in 32?
1:45:24 EM: It’s the same files in both the 32-bit and the 64-bit, but each individual install of Firestorm is treated as a separate instance of SL Voice, and if your firewall blocks it, you get no voice.
1:46:04: Can we move the save button and refresh button [on the snapshot floater] right next to each other in FS like Singularity?
1:46:05 JL: That’s a good question. I haven’t used Singularity in a really long time … I guess the simple answer is yes, we could do that, to a degree move things around. The real question is will we do that or would we do that … this is a case of file a feature request or an improvement to an existing feature, and that’s something we could take a look at and add pictures that we can see fully understand. It’s important that we understand what it is that you’re saying and what you’re requesting … and please don’t be upset if we close as we won’t do it.
1:47:52 JL: One of the nice things about there being alternative viewers out there in a case like this is that there are different viewers out there, and they’re different to each other, and that’s what is really cool. So I wouldn’t want to be exactly like Singularity and I wouldn’t want them to be exactly like Firestorm. The nice thing about it is that you can go to one or the other.
1:48:16 JL: we hear this a lot from other TPVs … where their users will complain to them saying, “why can’t you put in this feature like Firestorm? That feature? This option like Firestorm?” And they come to me and they get really pissed off and say, “tell your users to stop requesting features in our viewer from Firestorm!” So that issue goes both ways.
1:48:47: Can there be a Cancel button between TP’s? because since 4.6.1 I sometimes get stuck in a TP (progress bar taking for ever) and there is no Quit or Cancel button, so I have to kill Firestorm in task manager…
1:48:48 JL: There is a cancel button, but you have to have the teleport progress bar enabled to see it. and it doesn’t always work. It all depends on what point of the teleport you’re in. There’s a handshake that takes place when you teleport from one region to another, and that handshake is a simulator thing, and depending on where it is when you click cancel will determine whether it works. Sometimes it will actually just get you logged out of Second Life. There’s nothing we can do about that, we can’t improve it because it has to interrupt the communications in the handshake.
1:49:50: How about an Undo button? Put the floor back I was picking up the apple?
1:49:51 EM: That would require server-side support from Linden Lab. We used that have restore to last position, but in the course of fixing a bug that allowed griefing, unless you have rezzing rights at 0,0,0 in a region, restore to last position will not work.
1:50:27 JL: CTRL-Z does undo minor edits; not take to inventory. If you’re editing something and you moved it up or turned it all crooked … if you use CTRL-Z it’ll undo that, as long as you’re still selecting it. If you unselect it, it will no longer work … and if you’re building a house and it turns physical, it’s not going to work.
1:52:55: Multi thread and multi-core support for CPUs?
1:52:57 TL: Basically the viewer does it. It does do a few things that are multi-threaded, but the entire viewer is not multi-threaded, that’s why a few things tend to lock-up the viewer. but quite a few things are properly threaded and it works, especially texture downloads … so that that way, downloading your textures doesn’t affect the viewer. As far as everything else? I’m not sure about … and Linden Lab is trying to thread a few things at a time, because once in a while we’ll see a commit where they added a new thread, so they are trying to make the viewer more responsive to multi-[core] CPUs. And eventually that filters down to us.
1:56:54: Anything for Linux?
1:56:55 JL: The Linux 64-bit will probably not be beta; we’ll put it out in an official release. I don’t know if there’s any specific changes to Linux; Linux doesn’t have too many bugs, and Linux people will say that with a great deal of pride. There is the sound problem with Linux.
1:57:19 TL: I think there’s a sound problem, but I haven’t heard any reports about it lately, so i don’t know if it is still a problem or not with my 64-bit builds.
2:01:21: Is 3.7.4 an absolute ceiling for what’s being merged into 4.6.5 or just where 4.6.5 stands ATM?
2:01:25 JL: Our Linden merges are becoming a little less frequent because their releases are becoming a little less frequent and are becoming more and more … they’re not to our standard.
2:05:13: Who should I ask about the pauses I get every time I turn my camera around in 4.6.1 (and 4.5.1 before it)?
2:05:14 TL: I’ve been having the same thing on my particular set-up and I’ve been troubleshooting it; you’re not the only one who’s been affected by that particular bug where you move your camera or your avatar around, your frame rate drops to about one. But i haven’t been able to find the cause of it yet.
2:05:41: Is it true that the Firestorm viewer will be integrated into MS Windows 9? :P
2:05:42 JL: Ask me again around the end of March 2015! … I don’t have a plan for April 1st next year, so I’m open to ideas …
2:11:38: Why do I get the sense you all hate MOAP, and why?
2:11:39 JL: That’s not true. I really like Media on a Prim. When I first heard about LL working on Media on a Prim, I thought, “it’s about time!” Because we should have been able to do this a long, long time ago. This issue with it is security. It’s not that i have anything against Media on a Prim, it’s how it was implemented, and that is not very secure … that’s what really killed Media on a Prim.
2:12:18 JL: Now as far as why have I suggested earlier in this Q&A not to use Media on a Prim, I’m not saying not to use it. I’m saying if afraid of being hacked from the Heartbleed vulnerability, if you’re afraid of that happening, don’t use Media on a Prim and don’t use the internal web browser, the odds are nil.
2:12:42 JL: The odds are nil anyway, but if it makes you feel more comfortable, then don’t use media on a prim.
2:12:49 TL: I remember when Media on a Prim first came out and thought, “Oh, this is great!” Then anyone who works in network security stand down and thought about it for 5 seconds, thought, “wait a minute, this auto-loads a web page … When Linden Lab first released Media on a Prim, the viewer automatically loaded a web page, without user interaction.
2:13:14 JL: So let me give you an example … On the Internet, there’s all kinds of websites you do not want to visit. And most anti-virus or firewalls will warn you when you try to visit those pages, that this is an untrusted page, or that there’s this risk or that risk … And the thing about that is that you actually have to click a link to go visit that site.
2:13:40 JL: In Second Life, with Media on a Prim enabled by default, I can create a website on a prim, and put it in plain sight of everybody, any website i want them to see, and maybe not even notice they’re looking at it. I can make the prim so small that they won’t even see the prim, but that web page is still loading. And if there’s some kind of exploit or some kind of hack or something evil or bad on that website, you’re looking at it when you don’t even know you’re looking at it.
2:14:17 JL: And if there’s 50 people in the region, and they all have Media on a Prim running, that’s 50 people looking at the webpage. They did nothing to click it, they have no idea they’re looking at it, they have no idea it’s loaded on their system, and you can do all kinds of nasty stuff. That’s why Media on a Prim was considered such a good feature that was botched.
2:14:41 TL: And it was rapidly exploited real quickly after that by RedZone being the number one candidate for someone exploiting that.
[Historically, RedZone primarily attempted to exploit music streams rather than MOAP.]
2:15:49 JL: It’s not that we don’t like it; I love the idea, and it opened up a whole lot of possibilities in Second Life, but it just wasn’t done securely. I’m not sure how it could have been done securely.
2:16:20 JL: The other thing is, you don’t have to rez the prim. You can just wear it and go somewhere popular.
2:16:39 JL: I get a kick out of a lot of people who think that we’re not out there to protect you, and we’ve done huge steps to protect the users over the years. Sometime I resent it when I see people are accusing us of doing something that’s to violate them, because we’re totally the opposite of that. We’re absolutely all about the user. And although something like blocking a viewer might affect a couple of thousand people, it’s advantageous to the rest of Second Life.
2:17:21 TL: Also, when Media on a Prim first came out… one of the things that was done was that we put the media filter in there [on Phoenix] and enabled it by default. when we released that, it was soon after that … Linden Lab wanted our code to put in their viewer …
[The media filter was originally coded by Sione Lomu in direct response to the RedZone situation. He subsequently submitted the code under a Contribution Agreement to Linden Lab, who ultimately did not adopt it. It is a good safeguard against people attempting to exploit audio streams. However, it does not provide protection where MOAP is concerned.]
2:18:02 WF: It doesn’t work with MOAP, though.
2:18:04 JL: to be clear, though, and it needs to be said, We’ve never been able to get media filter to work with Media on a Prim. While media filter will warn you and request that you want to see it, it still allows it anyway. I can’t remember what the reason for that was, but we but we were never able to get past it … And Linden Lab looked at it, and they were going to try to fix it … it opens it [the URL] before the warning … it was something we weren’t able to do.
2:18:41 JL: Last I heard, Cinders [Roxley] … is back in SL – she’s not a the team per se, she’s freelancing with all the viewers – and she mentioned she wanted to fix Media on a Prim in media filter.
2:19:03 EM: Just to be clear folks, if you really hate the media filter, make sure you have Play Media Attach To Other Avatars disabled. And have your media disabled to start with, also have Allow In World Scripts To Play Media disabled. If you’re not playing the media, you don’t have to worry about it.
2:19:29: If TV media players are not necessarily legally streaming, who gets in trouble, the merchant or the folks who buy them?
2:19:31 JL: That’s a great question, and as a photographer, that has crossed my mind many times. There’s a lot of use of content in Second Life … Most DJs likely have the legitimate right to play the music that they play … but I also know there are DJs who play music that they don’t have the legal right to play. It’s such a grey area because it’s in a virtual world, I have no idea. That’s something a court would have to decide …
[There follows a conversation on rights, attributions, the fact that the TVs are only providing a link, not hosting the streams, and the stream hosts would likely be liable, etc. Some expansion on rights and fair use can be found in my transcript of an SLBA presentation. The conversation then broadens into general chat, a return to Ebbe Altberg's VWBPE presentation before finally winding-down.]