Category Archives: News

SL project updates week 43/1: server, viewer, group chat

Asalia House (November 2013) - blog post

Asalia House (November 2013) – blog post

Server Deployments Week 43

As always, please refer to the server deployment forum thread for the latest news and updates.

Main (SLS) Channel

On Tuesday, October 21st, the Main channel was updated with the server maintenance release previously deployed to the LeTigre and Magnum RCs in week 42. This update includes a crash fix and improves the delivery pipeline for abuse reports.

RC Channels

On Wednesday, October 22nd, the release candidate channels should be updated as follows:

  • BlueSteel and Snack will remain on the CDN project, but should also be updated with the same server maintenance package being deployed to the Main channel
  • LeTigre and Magnum should both be updated to the CDN for texture and mesh fetching.

SL Viewer

On Wednesday, October 15th, the Lab issued a Grid Status update on potential problems accessing external websites using the viewer’s internal browser.  The notice was issued as a result of the Padding Oracle On Downgraded Legacy Encryption (Poodle) vulnerability reported by Google.

At the time the notice was released, the Lab indicated they were working to fix the issue (via the removal of SSL v3.0 support within the viewer’s browser). This work was completed at the end of week 42, and resulted in the release of the Browser Fix RC viewer, version

On Monday, October 20th, the Browser Fix viewer was promoted to the de facto release viewer.  Further information on it and the POODLE vulnerability can be found in a separate article in this blog.

MAC Yosemite Issues

There have been some mixed results for those Mac users updating to the 10.10 Yosemite version of OS X, which reached a consumer release status on October 16th.

While most of those updating have found it relatively smooth, there has been a report of keyboard shortcuts borking, although there is a workaround should others encounter the same problem – see here.

A potentially more widespread issue people may encounter is that with Yosemite, Apple have apparently reverted to older nVidia drivers (as reported by Cinder Roxley at the Open-source Developer’s meeting on Monday, October 20th). One JIRA on the matter has already been filed (see BUG-7575), although if Apple have chosen to roll back some / all of their default drivers, there’s not a lot the Lab can do about matters. Cinder also reports that Yosemite makes greater use of OpenGL, which she indicates can tax GPUs further.


Following the scheduled Wednesday deployment, all of the RCs should be using the CDN. This represents around 30% of the total grid, possibly a little more, given the existence of Snack. The BlueSteel deployment does not seem to have resulted in the kind of performance issues experienced during the expansion of Snack to 250 regions, suggesting the latter problems were most probably down to overloading the sim hosts with too many high volume (in terms of avatar numbers) regions. If all goes well in the coming week, it is likely that the Main channel will gain CDN support in week 44.

Group Chat

“Today we also finished an update to the group chat servers,” Simon Linden announced at the Simulator User Group meeting on Tuesday, October 21st. He continued:

Many of you have helped us test that at Thursday’s beta user group, and that’s now on the newest version. Those are back-end servers … when you send something to group chat, it goes from the viewer to the region you’re on, then to the (new) back-end chat servers, and from there it’s distributed to everyone in the group.

While no promises are being made as to the overall improvement – or how visible improvements may be to users, Simon went on to note, “I know [from] looking at the metrics and data we can gather … the systems are running much nicer than before.”

As well as working on the update issues (see my previous group chat updates), the Lab has been brainstorming ideas on how groups might be configured differently. There are a lot of groups that have very heavy chat usage, and others where chat is actively discouraged in favour of outgoing notices; however the latter are handled exactly the same as those where chatting goes on, generating updates as people log-in and out, etc., even though these aren’t actually required. Exactly what might be done is unclear at this time, but it would appear ideas are being put forward and discussed.


Poodle vulnerability: Lab issue RC viewer with browser fix

On Wednesday October 15th I blogged about the Lab having issued a Grid Status update warning, those who use the viewer’s built-in browser may not be able to access certain websites. The notice was issued by the Lab as a result of the Padding Oracle On Downgraded Legacy Encryption (Poodle) vulnerability reported by Google.

As noted in my original article, the Poodle vulnerability exploits a flaw in the design of the SSL 3.0 protocol, which despite being 18 years old, is used as a fallback security protocol within most browsers. By using a series of connection failures between a browser and website, an attacker can trigger what is called a “downgrade dance” where the browser eventually falls back to using the SSL 3.0 protocol to maintain communications. When this happens, the attacker can use the exploit within SSL 3.0 to grab sensitive data.

How a Poodle attack works (image courtesy of Critical Watch)

How a Poodle attack works (image courtesy of Critical Watch)

There are a couple of caveats to the vulnerability; for the attack to work, the attacker must be on the same wireless network as you or in the path of your communications (as shown above), and your client must be running JavaScript. However, it caused Google to issue an advisory that SSL 3.0 support is disabled or that tools that support TLS_FALLBACK_SCSV (Transport Layer Security Signalling Cipher Suite Value) are used be websites, which prevent the “downgrade dance” attacks. This prompted some websites to remove / disable SSL 3.0 support, which in turn resulted in some websites becoming inaccessible when using the viewer’s internal browser or browser-related services.

At the time the Grid Status update was issued, the Lab indicated they are working to fix the problem within the viewer’s browser capability. This has now been done, and release candidate version of the viewer, referred to as the “Browser Fix” viewer, removes SSL 3.0 usage from the viewer’s internal browser, allowing it to connect to sites which have disabled SSL 3.0 support.

If you do use the official viewer and prefer accessing websites using the internal browser, you may want to download this RC. For those not using the official viewer and who have experienced issues accessing websites through the viewer’s internal web browser, try switching to using an external browser to open web links (set via Preferences), as per the advice on the original Grid Status update from the Lab.

Related Links

“I believe I can fly”: the empowering freedom of virtual worlds

The single image Jay Jay

The single image Jay Jay Jegathesan used in his 3-minute presentation on his PhD research on community and collaboration through virtual worlds

I’ve frequently blogged about the work of the University of Western Australia in Second Life; with an active presence in SL since 2009, the University has gained a first-class reputation for sponsoring and promoting art in virtual worlds through initiatives such as the MachinimUWA competitions, and activities such as their current Transcending Borders challenge, the Freedom Project, and Project Homeless, as well as supporting the LEA’s Full Sim Art series, all of which I’ve had the privilege of covering in this pages.

The Freedom Project, one of many community-focused activities undertaken by the UWA within Second Life

The Freedom Project, one of many community-focused activities undertaken by the UWA within Second Life

The UWA’s involvement in Second Life came about as a result of PhD student Jay Jay Jegathesan (), who founded the University’s virtual campus in Second Life, which has grown to include academic teaching activities across Business, Law (including the use of SL machinima in a post-graduate degree course), the Arts, Anatomy, Physiology & Human Biology, and Education (including providing resources essential it helping educators and new users get started with SL).

In particular, as a result of Jay Jay’s work the University has become recognised as a world leader in global community development through virtual worlds technology. This in turn has encouraged Jay Jay to make the topic of global community development and collaboration through virtual worlds, particularly in reference to people with disabilities, the focus of his PhD thesis.

Currently, Jay Jay is participating in the UWA’s 2014 3-Minute Thesis competition, in which students were asked to speak for 3 minutes on their PhD research using no technology or props aside from a single image. His presentation, directly referencing the power of virtual worlds to help those with disabilities – indeed, all of us -, is both beautiful and direct; so why not take a moment to listen to his impassioned explanation of the empowering freedom virtual worlds offer?

I’d also like to take this opportunity of thanking Jay Jay for his generosity and kindness in sending me a copy of the Freedom Project book, which is a fabulous publication, lavishly illustrated with pictures of the works submitted to the project, biographies of the artists, and much more besides. It is very much a must-have for anyone with and appreciation of virtual world art. Copies can be obtained for L$5000 (around $20.00 US), shipped anywhere in the world. Those wishing to purchase a copy should contact Jayjay Zifanwe in-world for ordering information.

SL project updates week 42/2: Monty’s HTTP update and the HTTP pipelining viewer

On Wednesday October 15th, Monty Linden blogged about his HTTP work and the CDN, using the rather unusual title, The Sky Over Berlin (and Elsewhere). It’s a great piece of reading, although I can’t help thinking that Monty’s sign-off at this end of it would have perhaps suited the subject matter far better: nous sommes embarqués – “adventure is ours for the taking”!

The first part of the post recaps on Monty’s initial work in improving Second Life via the HTTP project. This started as far back as mid-2012, with the first pass focused on improving the   mechanism by which textures could be obtained for rendering via HTTP, which entered widespread use around  November 2012, with the release of the 3.4.3267135 viewer.

This work was followed by Monty labouring to improve mesh fetching as well, and to improve the overall reliability of HTTP, which I blogged about in March 2013.

At the start of 2014, Monty blogged on his work up to that point, and looked ahead to future activities. As a part of the post, he included a graph showing how the work carried out up to that point improved texture and mesh request handling.

The HTTP project has improved "under the hood" performance in SL in a number of areas, starting with texture fetching, anf through greater robustness of connections through the use of "keepalives"

In January 2014, Monty blogged about his HTTP work, and indicated how the work had raised the request rate ceiling within the viewer for texture and mesh data from A up to the blue line of C

In his latest post, Monty picks-up where his January post left off, demonstrating how more recent improvements are starting to improve things further – notably through the use of HTTP pipelining (the release candidate viewer for which has now been issued – see below), and the ongoing deployment of the Content Delivery Network service for texture and mesh data delivery.

In his latest blog post, Monty indicates how both HTTP pipelining and the use of the Highwinds CDN service should further help improve data transmissions and  performance

In his latest blog post, Monty indicates how both HTTP pipelining (the “post 3.7.16″ markers, denoting the introduction of the pipelining viewer) and the use of the Highwinds CDN service (denoted by the DRTSIM-258 markers) should further help improve data transmissions and performance

All told, Monty’s work has been a remarkable undertaking which benefits Second Life enormously, and helps to set the path towards possible further improvements in the future. As such, he really is one of the heroes of Second Life and the Lab.

HTTP Pipelining RC Viewer

The HTTP Pipelining viewer was issued as a release candidate viewer shortly after Monty’s post went to press.

Version enables the viewer to issue multiple asset fetches on a connection without waiting for responses to earlier requests. This should help inprove things like initial scene loading quite aside from any additional benefits gained through the CDN deployment work. In addition, the viewer includes improvements to inventory fetching, as Monty noted in his blog post:

The HTTP Project has focused on textures and meshes. But the inventory system, which maintains item ownership, is often described as… sluggish. So as an exercise in expanding the use of the new HTTP library, the pipelining viewer was modified to use it for inventory fetches. As with textures and meshes before, inventory is now fetching in the ‘C’ region of its specific performance graph. The difference can be surprising.

Having had the opportunity to test the pipelining viewer somewhat prior to its appearance as an RC, I can attest to this. While I keep my “active” inventory to a modest size (around 10,000 items unpacked, the rest boxed until needed), I found that an inventory download with a cleared inventory cache (nothing saved on my computer) averaged 9-10 seconds using the pipelining viewer, compared with an average of 2 minutes 50 seconds to 3 minutes with the current release viewer ( Whirly Fizzle, using a 105K inventory had even more impressive results: with a cleared cache, her inventory loaded in under 3 minutes on the pipelining viewer, compared to 16-18 minutes on the release viewer.

The release notes for the viewer contain additional information about the updates, again written by Monty, and these make worthwhile reading alongside of his blog post.

Related Links