Category Archives: News

Lab asks for feedback on new Transaction History page

secondlifeOn Wednesday April 9th, I reported (under “Transaction History Oopsie”) on an error with the Transaction History page on people’s SL dashboards which lead to some upset and confusion after the familiar page was replaced with one that failed to show totals, and which had the familiar .XLS and .XML download options replaced by a single .CSV option.

The change lead to understandably negative  forum comments and a JIRA report (BUG-5664).

As a result of the upset, the page was rapidly withdrawn, and as I reported on April 12th, the Lab blogged on the matter, indicating they would be seeking users’ input to the matter going forward.

In line with this, the Lab issued a further blog post on Wednesday April 16th, entitled Try Out the New Transaction History Page, which reads in full:

Last week, we made a new page available as a replacement for the old Transaction History page. Due to your feedback, we rolled back the changes to this page to allow us to gather more feedback, and we are now providing this new page for review, without removing the old Transaction History page.

We have not yet made any changes to the new page, because we would like time to collect your feedback and review it. We have created a wiki page giving background on why changes were made to this page, where the new page is, and how to provide feedback. We will be closing feedback on April 30, 2014, so please take a look before then.

The wiki page repeats the blog post information, and confirms the primary reason behind the change:

The new Transaction History page was created to allow more than 500 transactions to be displayed for Residents with very active businesses.

It also invites people to provide feedback via the original BUG-5664 JIRA report raised by Sera Lok, which is open to comment for feedback.

Please bear in mind when examining the “new” Transaction History page, that no changes have been made to it since it was first revealed on April 9th – it is given purely as an example so that people can better identify and report issues they may have with it when comparing it to the existing Transaction History page.

People have been asked to provide feedback by Wednesday April 30th.

Reading through the comments, some constructive points have been put forward, although the range of comments doindicate the complexity of implementing changes like this, with people falling almost equally either side of individual changes. For example, many feel that providing only a .CSV download isn’t a problem, but an equal number feel that .XLS (and .XML) should be retained, as .CSV can create problems when it comes to processing the data contained n the downloaded file. Were I to be asked, I’d suggest that retaining .XLS (/ .XML) alongside .CSV would offer the most flexible approach. Backwards compatibility and not breaking legacy content (including scripted processes) has long been a watchword for the Lab when making changes to the SL platform – and this attitude should be carried forward with supporting services as well, such as the Transaction History page, to accommodate all those who have processes reliant on receiving their transaction data in .XLS.

What is healthy is that the Commerce Team appear to be listening and making a genuine effort to understand issues and concerns. Coming so long after what seems to have been a deliberate policy of disengagement by the team from merchants in many areas, this is undoubtedly welcome.

One can only hope this willingness is further reflected in how the new page is refined and updated going forward.

Lab provides Heartbleed information

This is a little long in the tooth, but I’m caught playing catch-up on a number of things, so apologies on my part.

As most will be aware, there has been a lot of coverage about the Heartbleed OpenSSL vulnerability in the course of the last week, and the impact it may have had over the last two years in exposing what should have been secure information.

The vulnerability is so-called because it affects an extension to SSL (Secure Sockets Layer) which engineers dubbed Heartbeat. It is a server-side exploit which could affect almost any system running any version of OpenSSL from the past 2 years, and allows an attacker to gain control of up to 64kB of the server’s working memory at a time, enabling them to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.

Because of the widespread nature of the issue and the concerns it raised, the Lab issued a blog post on the matter on Thursday April 10th, which reads in full:

Many of you may have read about the Heartbleed SSL vulnerability that is still affecting many Internet sites.

You do not need to take extra action to secure your Second Life password if you have not used the same password on other websites. Your Second Life password was not visible via Heartbleed server memory exposure. No secondlife.com site that accepts passwords had the vulnerable SSL heartbeat feature enabled.

If you used the same password for Second Life that you used on a third-party site, and if that third-party site may have been affected by the vulnerability, you should change your password.

Supporting sites such as Second Life profiles are hosted on cloud hosting services. Some of these sites were previously vulnerable to Heartbleed, which may have exposed one of these servers’ certificates. As an extra precaution, we are in the process of replacing our SSL certificates across the board. This change will be fully automatic in standard web browsers.

Thank you for your interest in keeping Second Life safe!

Due to the weekend, there has been no further news as to whether the Lab has completed replacing the SSL certificates for those services which may have been exposed. Hopefully there will be a further update on Monday April 14th. In the meantime, if you have used the same password for SL that you used on a third-party website and wish to change your SL password as advised in the blog post, you may want to refer to the Lab’s password protection page on the wiki.

Lab to seek feedback on Transaction History page changes

On Wednesday April 9th, I reported on an error with the Transaction History page on people’s SL dashboards which lead to some upset and confusion after the familiar page was replaced with one that failed to show totals, and which had the familiar .XLS and .XML download options replaced by a single .CSV option. The change lead to forum comments and a JIRA report (BUG-5664).

The page itself was reverted around an hour after concerns were first raised, and Ebbe Altberg stepped into the forum to offer apologies and an explanation:

In an attempt to improve we made a few mistakes and caused some misunderstandings as well. We rolled back the changes and will work on getting it right. The team is looking at feedback and will communicate a plan for how to get there.

On Thursday April 10th, the Lab issued a blog post on the matter, providing further information on the situation, including the fact that they will be seeking input from users on proposed changes to the Transaction History page.

The post reads in full:

Earlier this week, we rolled out a few changes to the Account Management web pages for logged-in users at SecondLife.com, which were aimed at improving these tools for users. One of the changes we made updated the Transaction History page, and we heard lots of feedback that not all of the changes to that page improved our customers’ experiences or met their needs. So, we quickly reverted to the old Transaction History page.

We’d like to get some additional user feedback on the new Transaction History page so that when we make the changeover, the functionality best matches what Second Life users want and need. Once we are ready, we will post instructions on how to review the new page and provide feedback. We will not take down the old page until we have had a chance to review feedback and make appropriate changes to the new page. Check back on this blog for more details as they become available.

This is a positive step by the Lab, both in rectifying the error rapidly and in admitting their mistake. Hopefully, I’ll have a further follow-up once the additional information is published by the Lab.

LL Terms of Service: Ebbe – “we’re working on it…”

Update, April 13th: the full transcript of Ebbe’s VWBPE 2014 address is now available.

On Friday April 11th, Ebbe Altberg, Linden Lab’s CEO addressed a pack amphitheatre at the 2014 Virtual Worlds Best Practice in Education (VWBPE) conference in Second Life. Some 200 people were in attendance in what was around a 90-minute session which comprises an opening statement from Ebbe, followed by a Q&A / discussion session.

I’ll have a full transcript of the meeting available shortly. However, as a part of his opening statement, Ebbe made a series of comments relating to the Lab’s Terms of Service, which I think are worth highlighting on their own. So here is a full transcript of his comments on the subject:

Terms of Service. I am working with my Legal Counsel to try to try to figure out how we can make it more obvious – or very obvious – that the creators of the content own the content, and we obviously have no intent of ever stealing your content or profiting off of your content independently of the creators in some fashion.

The current terms might indicate that we might somehow have some plan to steal people’s content and somehow profit from it for ourselves, without benefitting the creator, and that’s obviously not our intent at all. It would be very damaging to our business if we started to behave in that way because this whole platform is all about the content you all create. And if you can’t do that, and trust that it is yours, that’s obviously a problem. So I’m working on that, and I can ask you right now to trust us that we’re not going to do what the current clause might suggest we’re going to do, but we’re working on some simple tweaks to the language to make that more explicit.

We also have no interest in locking you in; any content that you create, we feel you should be able to export, and take and save and possibly if you want to move to another environment or OpenSim, that should be possible. So we’re not trying to lock you in either. Obviously, it’s very important to us to get content both in and out, so I just want to put that right out there.

Quite what will come out of this obviously remains to be seen, as will whether or not the changes successfully quell all concerns. However, it would appear that the wheels are finally in motion, and that hopefully, an equitable resolution will be forthcoming.