More Open Source: Our Web Services Libraries

Early this year, Linden Lab released the source for the Second Life
viewer. Programmers can download the source, make changes, and even add features and improvements by submitting changes that we incorporate in the main viewer. By the time we release our next viewer, we’ll have enjoyed hundreds of submissions from over fifty contributors, and we couldn’t be more thankful. (Thank you!)

This success has been encouraging, and we’re now opening the source of two key components in our web services infrastructure: Eventlet, and Mulib.

In addition to C++ code, the Second Life servers make extensive use of web services written in Python for a variety of back-end services, like the capabilities framework described in this previous post. These web services have proved to be easier to scale, develop and maintain than many of our older technologies, and as a result, they are playing an increasingly important role in the Second Life platform as we migrate our legacy code to web services. You can read more about how they fit into the larger picture of grid stability by reading Ian’s post earlier today on the subject.

Eventlet: The first of the components we’re releasing today is a networking library that achieves high scalability through non-blocking I/O. Non-blocking I/O implementations often have convoluted control structures consisting of countless chained callbacks, but Eventlet keeps the source code sequential, using coroutines, to increase programmer productivity. Bob Ippolito and Donovan Preston co-authored Eventlet, and Donovan has continued developing it at Linden Lab. You can download Eventlet’s source, and check out the documentation and examples on its wiki page.

Mulib: The second component released today, Mulib is a framework for constructing RESTful applications, built on top of Eventlet. While Eventlet takes care of the HTTP protocol-level details, Mulib takes care of locating the object that will handle the request, and negotiating the data format in which the response will be sent. Look to Mulib’s wiki page for some example code, and download its source from the repository.

In order to encourage the widest adoption, we’ve chosen to license these two libraries under a MIT license, which is compatible with the GPL. Our plan is to use the public version as the “source of truth” — in other words, we will do all of our Eventlet and Mulib development in the public source repository, and periodically pull code from the public repository for internal use.

We believe that Eventlet and Mulib are useful to anyone developing RESTful web services. They certainly are central to the continuing success of Second Life. We’re looking forward to collaborating on changes that improve this code, for Second Life and for a wider variety of developers’ projects. As always, we aim to give as good as we get!

This entry was posted in Announcements & News, Development, Web Development. Bookmark the permalink.

88 Responses to More Open Source: Our Web Services Libraries

  1. Liny Odell says:

    So when are you going to release the server code?

  2. Which Linden says:

    This is some of the server code, and more will be coming out sometime in the future, and I don’t really know any more detail than that. πŸ™‚

  3. Zen Zeddmore says:

    Every time i turn around these days, it’s Python this, and Python that… Why haven’t I got the messege yet to knuckle down and start learning it? … um, I’ll come back in a little while, i’ve got some studies to do. cya!

    Great posts lately. Keep on rockin.

  4. Excellent! While C++ is a bit killer for me, messing around with Python is way easier for me.

    P.S. – It would be nice if you used Python’s distutils feature to package Eventlet and Mulib in convenient tarballs instead of having to download each .py file one-by-one. Those who have the Subversion command-line client though can just do this: svn co [repository URL]

  5. Psistorm Ikura says:

    it would be nice if you would explain the possible effects this would have. also, I believe many residents are a little worried about any server code open-sourcing, fearing it might produce huge security compromises.

    Im thinking asset-destroying and/or money manipulating opensource-clients here which exploit the protocol or anything. sure I am no expert and do not know how possible such a thing would be, but Im confident many residents share this concern.

    I, personally would consider it better if some parts of the code would be kept closed source, solely for security purpose. we are dealing with a LOT of money and user created assets here, and if people realize this and exploit a fully opensourced server environment, then SL might truely face its demise because of that – at least, maybe.

  6. Zen Zeddmore says:

    @Psistorm, but that’s exactly why they’re so resistant to open sourcing, dude. because they care. i’d like the server opened very much i would like that. I think it would be a huge bump up to metaverse development worldwide. but yes it would be reckless and devestating to that cause for this first(semi)solid instance of metaverse to belly up and frighten everyone off them for ever.

    so, word? don’t be afaid. It’s not gonna happen.

  7. Ann Otoole says:

    they need to kill off unauthorized clients period. a client needs to be submitted and be tested before being approved to connect to the grid. and then there needs to be some sort of magic method of knowing the approved client wasn’t turned back into a camping bot. these camping bots and traffic need to go bye bye immediately.

  8. @ #3 ThaBiGGDoGG Richez

    Please deal with that privately; especially not here on the blog that isn’t related to your problem.

    — [On-topic]

    This -sounds- like great news! (Or at least great marketing :P). I’m curious as to whether or not any OSing planned could potentially put non-programming savy residents at an in-world disadvantage – At least, one that isn’t to be expected.

  9. Dizzy Ahn says:

    I think that we should all highly appreicate LL for releasing even fractions of the game code. It helps programmers/developers a chance to see how to write their own games and develop their knowledge of programming. In addition it lets us (The Community) to find small errors,fixes, or changes they need and for us to give to them. This will allow the game to develop faster and easier.

  10. Dizzy Ahn says:

    I think that we should all highly appreicate LL for releasing even fractions of the game code. It helps programmers/developers a chance to see how to write their own games and develop their knowledge of programming. In addition it lets us (the community) to find small errors,fixes, or changes they need and for us to give to them. This will allow the game to develop faster and easier which in turn will make it more enjoyable. [Sorry if this was double posted, my laptop’s connection keeps cutting out.]

  11. Kerik Rau says:

    Get rid of traffic and there will be no need for camping bots. Either that or redo the algorithm such that people don’t give traffic for sitting around doing absolutely nothing.

    The alternative clients provide an interesting insight and provide new possibilities. it is simply being abused by people to make $$$.

  12. I can see that this is part of the server code, but without context (not to mention the documentation which even the Wiki admits is lacking) – it is hard to discern what use this is. I see this as part of the internal server structure – and from my quick glance of the code, it has no value to anything other than an *internal* server structure.

    In other words, it seems pretty useless on its own.

  13. Soraya Elcar says:

    @Ann: Um, no. Traffic just needs fixed, not done away with all-together. Consider “pageviews” on a website. How accurate do you _really_ think those little counters are? Trust me, the low ones are more accurate than you’d think πŸ˜‰

  14. PK Dailey says:

    One of the MANY benefits of open-source is that you have many eyes on the source who can identify and patch security holes in the source. By opening up the viewer LL is actually making the code MORE secure, simply because they can pull from the talents of many dedicated individuals rather than relying on a limited number of employed or contracted developers. Just compare any M$ product to it’s open-source counterpart for a clearcut example of what I’m talking about.

  15. Which Linden says:

    @Antonius, thanks for the info. I agree that we should use the standard Python packaging solutions, I’ll see if I can get that set up.

    The libraries are also available as (auto-generated) zip files (you can find the links on the respective wiki pages):
    http://svn.secondlife.com/trac/eventlet/changeset/8/branches/beta-1?format=zip
    http://svn.secondlife.com/trac/mulib/changeset/4/branches/beta-1?format=zip

  16. Liny Odell says:

    What i meant to say was the code for the sims.

  17. @Psistorm:

    The problem in your logic is the assumption that open source=malicious hacker’s playground. It fails to account for the fact that the servers were hacked last year, long before even the client was opened up.

    Keeping source closed up is absolutely no guarantee that malicious hackers won’t be able to hack it. Binaries can also be hacked as well via disassemblers, hex editors, and other tools. So using the “security through obscurity” argument doesn’t really work. Using a bank safe as an analogy, if you simply give the safe to a safe cracker and say “Crack it if you can” and he does, that’s not security. But if you give him the schematics to the safe as well and he can’t crack it, THAT is security.

    @Ann Otoole:

    If you want to find a true “unauthorized client”, here’s what to look for: a binary is offered, but no source containing the changes made is available. That’s a license violation, and should immediately be suspect.

    If Linden Labs took your advice, it would result in a cat-and-mouse game of breaking and patching the “magic method”(those in the know call it DRM) you suggest. It would ultimately be foolish and we would all suffer: Imagine having to download a new mandatory client several times a month, just because “the DRM was broken again”(This has happened to Blu-Ray and HD-DVD players, as a concrete example). Plus there’s the cost of Linden Labs to maintain the DRM. That takes away resources better spent on new features and bugfixing.

    I agree with you about camping bots though. I used to see two landbots close to my home, and it was very annoying. I think we just have to take the good along with bad and roll with it.

  18. mimi says:

    wow good news!

  19. Smiley Barry says:

    Ooooooo! Cool! I think we start to learn Python next year, woot woot ‘^_^. Until then, I stay with PHP, MySQL and HTML. I’m not quite the coder though so my site (SL Talk) is based off PhpBB. How noobish of me lol.

  20. Ann Otoole says:

    i hope some valiant and smart open source engineer can fix the constant viewer freezes that disconnect all active internet connections on the PC. Yes it is secondlife doing it and a lot of people are affected. something very bad id wrong with secondlife now. and it needs to either be fixed or “het grid” be removed end of story. this started with het grid. good going.

    FIX IT

    Oh btw it also forces a manual abend of the viewer and LL is not getting any crash reports on it. the crash detection tool does not pick these up.

  21. The XO says:

    @Zen Zeddmore #4:

    Python is wonderful, I’ve just started using it myself. A lot of people slate it, but they don’t know what they’re talking about. Once you get your head around the “pythonic” way of doing things, it’s a breeze. It’s been called “slow” too – but thats just nonsense as well.

    It integrates well with MySQL (hence LL using it no doubt) but lacks some ODBC support – but you can get this using the ActiveState Python which has it included aleady. This makes it easy to connect to other databases like Ms Sql Server *shudders*

    Take a look here http://www.activestate.com/Products/activepython/

    It also has a few extra features that new people might well welcome, along with a massive help manual.

    Anyway, enough from me. Vive la Python! :-p

  22. Alister Harrington says:

    Didn’t know it was SL causing a loss of app connectivity. Yes, I had that issue yesterday, it’s the first time it’s ever happened though. Open source guys, START YOUR COMPILERS!!!! πŸ˜€

  23. The XO says:

    @Ann Otoole #17:

    Ann, this has very little or nothing to do with viewer crashes – I won’t say either way because I haven’t seen the code yet.

    C’mon though.. *every* single post of yours is negative. I like the fact LL are brining more of the community into the development.

    You’re just sulking because LL wouldn’t give you a job! Don’t deny it, I saw your post saying you got no response to your resume :-p Just be graceful and accept it, and be nice.

    Why not try and be a bit more supportive and constructive – go and LOOK at the code and see if you can see anything wrong.

  24. CyberTrooper Tran says:

    Opening the viewer codes was a major misstake, and opening the sever codes will be even a bigger One, because along with the good , allso comes the bad . Sl has allready become a heaven for Hackers and malicious softwear writers. This is not an opinion but a known fact to me. I’v had the experience of having my SL jeopardized and held hostage to the whims of a rogue scripter.

  25. Ann, now that’s ridiculous. Homebrew clients should not be allowed to connect to the grid, but homebrewers please fix bugs. Now how’s that supposed to work? That’s like: please fix my car, but please don’t touch it.

  26. Doxent says:

    Fantastic !!! One step further towards making SL truly created by its users. Making all the components open source will give fresh insight from other people. Sometimes genial. That will surely help eradicate ubiquitous bugs which are making our Second Life hard theese days.
    Especially teleports and search. Good job, keep on going.
    Waiting for independent server release that can be run at home without using internet.

  27. Hirohide Yoshikawa says:

    This is great, but what about the other side of the equation? Are there any plans to open up and publish the interfaces to the web services themselves? Having the RegAPI and Webmap API are good starts, but there is so much more you could to do open up SL through web services. For example, how about opening up the web services API for the friends list?

  28. Montana Corleone says:

    @15 Antonius Misfit – I agree with you about camping bots though. I used to see two landbots close to my home, and it was very annoying. I think we just have to take the good along with bad and roll with it.

    Right. So because it’s not closed and controlled, we have to just put up with it? lol. Currently, from my calculations, about 20% of users online are campers or bots. You can work that out from Key Metrics, and work out what % of people are in American timezones, and hence what % of people out of peak 48k users should be on when just the American continent is, and you’ll find substantially more.

    When they finally change traffic (promised since November/December?), I’m sure they’ll move on to something else. This is either money being leached out, or bots run by business owners to bump their traffic for free recycling money bettween alts.

    And if this is supposed to be the next internet? Ha. So billions of juicy suckers out there while hackers can hide behind anonymity and foreign countries? The public won’t go for it if they can’t trust it. Much the same way SL seems to be going.

  29. Patti Frid3 says:

    Wie kann ich meine Mitgliedschaft erneuern?
    Beim einloggen erhalten ich eine Fehlermeldung und werde aufgefordert meine Mitgliedschaft zu erneuern.

  30. Psistorm Ikura says:

    I see and really understand the points you guys bring up relating open source πŸ™‚

    I just figured I would ask for such explanations before another wave of “ONOZ YOU RELEASED SERVER CODE, WERE ALL GONNA DIIIIEEEE!!!” breaks loose, like it happened when the viewer software was opensourced and everyone assumed it was /all/ the code of SL πŸ™‚

    I see how it is a security gain if an open-sourced system isnt hacked – I mean, it does work with linux, which is infinitely more safe than windows. I just also think that not everyone will draw this conclusion, and assume that, once the “schematics of the safe” aka server/protocol code is published, someone will understand it and see a way to exploit it big time.
    but its good to see LL being careful about these steps – and I really hope that, when the server code goes opensource someday, it will be a huge benefit to all of us!

  31. I just want to compliment whoever is making your strategic technical decisions these days! (Who is it?) Dropping VPN for Web Services, choosing REST for asycnhronous Web Services, choosing Python over C++ — all EXCELLENT decisions!

    Hearing the news makes me more confident that SecondLife is on the track to major success. Thanks!

  32. Kati says:

    Hello!
    β€œLogin failed: Second Life cannot be accessed from this computer. if you feel this is an error, please contact support@secondlife.com” 😦 help me please

  33. GoogleMama says:

    Ah, yes, already several incidents that were clearly “attacks”, so now, we’ll give them the SOURCE so they don’t have to be clever… they can just build in their backdoors and feed on the paying SL residents at their liesure… Under now circumstance would I EVER give LL my phone number now, not that I would have before, either, but this is just the clincher….

    Not to mention that it smacks of just being too lazy to do your own work, though I must admit, this fits in well with the Tao of Linden…

  34. Dirk Felix says:

    Pathetic, ne need for customer service, If this what yout military cumtoers use? ;0

  35. Kyzaadrao Skall says:

    ThaBiGGDoGG Richez will you “stop” spamming the blogs with your silly gambling machine woes, this is between you and LL, not the rest of us.

    Great work on open sourcing.

  36. Rick Marikh says:

    IM sorry SL having big problems at the moment….

    why has a NOT linden have to notice this worldwide?!?!?! noobs

  37. Can I put this on my burger?

  38. dactarus kamachi says:

    I wanted announce you a disappearance since your new setting has joure of these objects in my inventory, all my animations, all my body shares, all my photographs, all my scripts, all my sounds, all my textures to import, and a very large part of my objects. thanks for making necessair it to return any Ca to me

  39. Decker Burt says:

    It sounds like a great idea and it gives residents a way to get their ideas through a little easier… Which can be a problem. malicious hackers probably wont touch it because it wont be a challenge but that doesn’t mean that it cant be misused. There are many people out there in RL and SL that seem to exist for the sole purpose of attacking people and groups. Giving them the source would only serve to give them a more affective means of assaulting, or even leaching, off of other other residents… If it weren’t for those few then this would be a great idea.

  40. Coventina Dalgleish says:

    Interesting, the normal spread of useless one liners that only take space from others who, just might, have something constructive to add and totally off topic subjects that do not add one thing to do with this blog message. Then there are those who appear to have valid information and concerns. I, possibly shovel more grief toward Linden Lab when the system is non functional than most. I run what I consider a nice down the middle system so when I have problems many seem to also be enjoying them. I just checked the grid and for those of you who are having problems it might be time for you to analyze your system. Have you run an error check on your drives lately, (ok linux guys I know you have a real system), but most of us do run Bills folly. Clearing the cache, while it is a lame help desk answer, does help. You might be surprised if you take a look at the cache on your hard drive. Check your settings, don’t run 64meg if you have 256. If you have anything less than a 128 meg video card don’t bother. Also do a speed check on your ISP they cause more problems than you might expect.

    Another thought in passing I do not know if the change to Havok 5 is going to seriously change the server code. One might make the assumption that it will therefore a completely re written base code and thus the release of the current code is of little consequence.

    As for the comment that let us connect to the database I do not ever see that becoming a reality until the database can be kept secure. This is one of the major hurdles in the current stand alone system if a person can add zero’s to their cash balance it will not transpire or I will be first in line ))

    In conclusion I was down hard on them for the network level patch on Wednesday but after observing the way the game is operating now it appears to have been a very successful endeavor.

    Oh and one minor pet peeve of mine this now supports spell check it is the red dotted line under the word )) use it please and appear intelligent.

  41. zebadee says:

    Chat Lag
    Movement Lag
    Client Freezes
    Client Crashes

    and like most of my attachments when crossing sims or teleporting you can stuff your non essential “open source” web code up your butt.

  42. Awesome, Which. Thank you so much for doing this.

  43. Aeris Yue says:

    Hello, can anyone tell me if this Sofeware is ok to use for SL? Its called Optitex and Its a fashion Sofeware thing, I thought It would be alright to use, Making clothes with the Sofeware and try to put them on sl?. If its ok for sl please let me know

    Thanx πŸ˜€

  44. Pussy Dailey says:

    You lost me after the first sentence πŸ™‚

  45. I never understand people having security concerns about opensource: the Apache webserver has been opensource for years, and is one of the most secure servers webservers around. Would you trust a closed source Windows server to be more secure than an opensource Linux server? Code secrecy is an inherently inefficient security technique, and, since the opensource community can readily find bugs and security flaws more quickly than a limited set of developers, opensource applications tend to be more secure than closed source ones.

  46. Chino Yray says:

    I think it’s easier to use python.

  47. Alyx Sands says:

    Seriously, why are people whining about stuff they clearly don’t understand? If you don’t know anything about what these pieces of code mean, don’t touch them. (Like me!;) My programming abilities definitely lie elsewhere)

  48. Aeris Yue says:

    Optitex a fahsion Software is that ok for sl?

  49. Alyx Sands says:

    Aeris, how is this relevant for this blog entry? GO POST IT IN THE SL FORUMS!

  50. Close Comments says:

    CLOSE THE COMMENTS. People are too stupid here to have anything useful to say.

  51. Al Sonic says:

    I may not be frequently involved in programming, but at least I understand “open source” and its benefits. As I read through the comments made about open-sourcing, I’m often surprised to find that not everyone does. Perhaps the Lindens need to start linking to some sort of layman’s explanation of open source.

    But it’s pretty simple; the security of open-source is, like Antonius said, comparable to a bank’s safe, after the plans for how to build the safe are made public. It doesn’t give you the password that was later setup into the safe, nor any x-ray vision to help you read that password. It only exposes the structure, so that if it has flaws, everyone has the access to look through and point them out. This usually means that crackers have to be MORE clever, as they’d have to hurry to find a flaw, craft an exploit, and execute it before ANYone sees that flaw and submits an urgent patch, which the Lindens would fairly swiftly implement into their code.

    Aeris Yue: Don’t ask here on the blog. Ask the forums. For clothing, go to http://forums.secondlife.com/forumdisplay.php?f=109. But your answer is probably ‘No, not unless someone makes a plugin for it’.

  52. Aeris Yue says:

    Thats all I needed no ok……………. Fine

    ………….

  53. GoogleMama says:

    All you Linden fanbois and “code kiddies” seem to believe there are no “bad apples” in your precious “open source” community… and it only takes ONE. Believe me, there are FAR more than that. Your assumption that someone “in charge” will check out all code thoroughly before implementation might be right…. dealing with ANYONE but LL. They’ve already proven they don’t check their OWN code.

    So, you go right on believing how “safe” and “secure” things are when every hack in the world can have access and every fool at LL is in charge of “security”… and I hope you have some sort of fraud stop on your credit cards…

  54. Some examples of the new released stuff in action would be nice…..

    I dont understand what the libs actually do for the linden site….

  55. o and bring back the stipend and you get less campers……

  56. Magi Merlin says:

    This is great to see, please keep it comin’ Lindens.

    Barry@36/37: This is secret geeky nerd business – it’s all backend server stuff – nothing to see hear (nothing new – just a chance to see what goes on under the hood)

    Magi.

  57. Magi Merlin says:

    …and GoogleMama:- sorry but that is just pure paranoid dribble.

    this creates no security risk that is not already inherently in any online activity on the internet. Get real or get offline! – Yikes!!! Listen to Al Sonic who makes a very sensible summation of the issues about.

    Releasing this code to the open source community can only lead to a better online experience for us all. There are many arguments , for and against, as to whether this will ultimatlely benefit Linden Labs, however, it can only be good for the online community as a whole and, mark my words, the implications to the wider melieu of the web may well turn out to be very significant.

    If you want to know more about SecondLife style open source projects check out http://www.opensimulator.org and http://www.openmetaverse.org, they are doing some great stuff.

    Magi

  58. Kil says:

    The fact of the matter is that if someone REALLY wants to hack secondlife, then they will. With or without opensource. Reverse engineering has been around for a long time.

    I personally would love to see opensource server system with the option to be able to link your server to the SL universe for a nominal connection fee. Im sure that, should this fanciful dream every occur, that the lindens can test and verify that the server requesting linking is not doing anything malicious. I know its how they make money, but being able to put up an island and add to the diversity of the metaverse on my own hardware without the huge cost of “island purchase” is appealing.

  59. inacentaur says:

    Which Linden is Which?

    And, what of Asset Libraries — will those servers be open sourced O_o?

  60. GoogleMama says:

    You said it yourself, Maggie Merlin… “no security risk that is not already inherently in any online activity”… except most of those activities has checks and balances, and for those that don’t, we have our virus scanners, spam filters, firewalls etc. etc. etc.

    What already have evidence that this is NOT the case with LL and the SL software, that virtually NOBODY is “minding the store”, that they don’t check or test code sufficiently, if at all, before releasing it AND there have already been at least two attacks on SL that have, for the most part, been covered up by LL and your type, who believe they can do no wrong.

    Paranoia is “Suspicion of others that is not based on fact”. I am indeed suspicious, but it is not baseless. The days of believing people are basically good are gone for all but the weak minded…. So, if you want to risk your identity, your life savings, your credit history… you go right ahead, but “Joe Average” better keep what he can to himself.

    If LL is too lazy or imcompetent to do their own coding, fine, but I wouldn’t give them one piece of personal information to be passed around to that fine, upstanding, totally anonymous “community” open sourcers….

  61. Gil Druart says:

    Well, I come down on the side that open-source makes you more secure not less. Something like 60% of all documented frauds and hacks come from the *inside* .. the more eyes there are scrutinizing the source code the better .. it only takes one disgruntled Linden …

    .. and what funny ideas there are out there .. open source doesn’t mean the *data* is more accessible .. neither does it mean code changes that aren’t *reviewed, approved, and authorized*.

  62. Lomgren Smalls says:

    GoogleMama, your complaints don’t seem to have a basis in reality. No coding team can find all the bugs in one go. That’s what patches are for. Bugs can get through both alpha and beta testing quite easily in any program. And one as complicated as Second Life? There *will* be problems.

    Look at Linux. People have tried to insert backdoors and such before, but the community was able to catch them and take them back out. There are news articles out there on that, that I can’t be bothered to look up right now. That’s the kind of work that open source can bring.

    And no one minding the store? I’d say that’s wrong. They’re trying to boost the level of support, but it’s hard when you have such a big influx of accounts. Even though there are plenty of throwaways, you have to police what those throwaways do. Yes, I’d say LL is understaffed. But they are doing what they can to alleviate that problem. I’d say open source is one way of doing that.

  63. Marissa Akula says:

    wow… okay, time for ‘GoogleMama’ to sign out completely. if you have so little trust for LL or the work they’re doing, why are you here? don’t answer, I know the answer. You’re a flaming troll.

    On to the topic, I’m rather happy to see the open sourcing proceeding, and just as glad LL is going slow about it. For my part, I’ve seen some good things come out of open sourcing so far… someone mentioned the nicholaz client, which I’ve used a few times, very smooth performance, love it! Also love the fact that his fixes are being implemented by LL as well. with the whole point being… LL gains a LOT more coding power than they could ever hire by open sourcing! I’ve also heard of an “IM only” client. haven’t tried it yet, but wow, how useful!

    I’m looking forward to seeing this trend continue, with the community helping to make things better. (which by the way is not accomplished by flaming trolls. get out of my internets!) As long as LL is tying up security concerns before each source release, this is like… a gold mine of possibilities for all of us!

  64. GoogleMama says:

    I don’t understand why you people think you are oposing what I’m saying with your comments. You are EXACTLY right, Lomgren, they can’t POSSIBLY keep track of it all… so opening it up for every Tom, Dick and Harry to tinker with hardly makes for a “safe” environment, does it? If you can’t keep track of what YOU yourself have done (LL being the “you”, not you), how can you EVER keep track of what 20 or 30,000 other people are doing?

    And, as you said, they can’t keep track of it all… so they keep sticking in MORE and MORE and MORE?? What sense does that make?

    The Linux community has caught the backdoors before… in a time when there weren’t people working in concert to take whatever they can. Perhaps you’re not in America, but we have people who would GLADLY band together to create, hide and protect a source of funding that was untracable… and we all know where those funds would end up…

    It’s like saying that keeping your dogs in your yard with a ring of people holding hands is more secure than running your OWN fence, preferably electrified… If just one of those people decides to let your dogs out, they can do it, and maybe the others would get them rounded up and put back before any harm was done… but if half a dozen of those people acted together, not only to let the dogs out, but to conceal the fact that they are out from the rest of the group….

    Well, you can either see it or you can’t… if you can’t, I think it’s more a case of you won’t, and no warning I can give you will ever open your eyes…

  65. Chronic Skronski says:

    Windows is not open source. Linux is. Which is the more secure OS? Hint: it sure as hell is not Windows.

    Same could be said about the IE vs. Firefox – which browser did the Dept. of Homeland Security say to avoid at all costs? Hint: it’s not the open source one.

  66. The XO says:

    Slightly off topic from my previous post but….

    I notice the download for Windows and Mac OSX is version 1.18.2.0 but the Linux version hasn’t been updated and still resides at version 1.18.1.2.

    So now we have “la liberacion” and the Het-Grid, along with view independence it means as usual, the Linux users get ignored. Again. As usual. Well thanks a frickin bunch!

    I hope the open source community will pick up the slack and get things moving again. Shame really that Linux users always, *always* have to fend for themselves – and the irony… all the servers (sims), databases and web services run on Linux….

    Thanks LL – nice to know that you’re looking out for and supporting open source. Oh look, a pink flying elephant.

  67. Melanie Milland says:

    I’m an active open source developer in a number of projects and I just can’t see what you’re paranoid about.

    Open source doesn’t mean that just anyone can commit to your production repositories, and that every bit of code submitted will immediately make the production platform.

    Every open source project has a maintainer, plus a number of contributors.
    Commonly, the contributors will submit patches to the general public, or to a developers list, for review and comment.
    This is where any deviousness will be caught, as people who don’t understand a bit of code ask for clarification.
    In the end, the maintainer reads the patch, ad will either accept and commit it, or reject it and throw it back to the submitter for corrections/clarifications.
    If the patch is applied, it will go to alpha, then beta testing, resulting in a release candidate (in SL they call it FirstLook).

    Then, the final step is release. By the time the release witht he patch in it comes out, many eyes, interested and competent eyes, will have been over it a number of times.

    In the case of a server side patch, LL themselves will be the maintainer. I don;t think that they would easily commit anything that appears to make requests for confidential information, or attempts to directly update linden balances, or some such skulduggery.

    As for people reading the existing code and finding ways to exploit it, by releasing the code piecemeal, LL assures that each bit will have had it’s once-over by the communitiy, and eventual flaws, that would be exploitable from highers layers, are found and fixed.

    Like, if the coroutine package released now had a flaw, that allowed a certain programmatic construct to pass control to an unintended location, and that a carefully crafted data packet could trigger this, it would be found now, so that later, when the higher level code is opensourced, and it may become apparent how to funnel such a packet into the system, the hole will be long closed.

    This is the benefit of open source, and the benefit of peer review, the process that makes open source work.

    Recently, in-world items were stolen by an exploit, which was not discussed further. It is likely that, in an open source world, this exploitability would have been found before ever making production code!

    Also, the part of the SL server system that directly deals with credit card and contact information enjoys specific protections in law. It may never be opensourced at all, LL themselves may be under NDA for certain parts of their billing code.

    So, don’t worry, don’t troll and don’t spam, sit back and enjoy the show!

  68. sirhc DeSantis says:

    Totally flag this as off topic but woo Hoo! Voice will be down. Good. Stick a stake thru its heart and bury it at the crossroads. Oh and all you open sourcers – thank you

  69. @Melanie Milland:

    I couldn’t have explained the open source process any better than you just did. Thank you. πŸ™‚

  70. Trackieman says:

    This is fantastic news. Open source is the way to go. LL must be praised for this move.
    I hope that someday people will come to understand that open source is not the threat that they first perceive. Why do people think LL or any open source organisation for that matter would implement submitted code that was potentially malicious? There is far, far too much at stake to implement dangerous code.
    Open is the way to go for all, whoot!

  71. Christos Atlantis says:

    Wow, this is incredible, I am sure that the open source comunity will enhance out SL experience!

    Keep up the good work lindens, some off us back you up 100%.

    I have not found anywhere on the net anywhere else where you can have some fun, be creative socialize and make a living.

  72. The XO says:

    I wonder if *any* of the Lindens would like to respond to my previous post #46????

    Why are the Linux customers being left out in the cold, again??? I mean, it wasn’t voice enabled for ages – not that I use it, but the point is this open source O/S is being ignored by those who claim to champion open source, and the open source community.

    Why is it that the Linux client is lagging behind the others? If people ever want a decent alternative to Windows then they must make their software multi platform. However there is simply not enough resource going into the Linux branch;

    1. It’s a version behind
    2. Sound is buggy
    3. Graphics are buggy (settings need tweaking)
    4. The auto update doesn’t work

    Can someone please respond to this?

  73. Which Linden says:

    The XO, the current Linux version isn’t incremented because 1.18.2.0 contains Mac- and Windows-specific fixes, so it would essentially be a no-op for Linux. It’s not that we’re ignoring Linux, it’s just that getting it right is hard, and right now most of our development effort is directed at grid stability.

  74. Melanie Milland says:

    Well, how about giving us some sort of a timeline for voice functionality in Linux?
    We got the godawful “Communicate” window, but not the voice functionality… when will that be there?

  75. Argent Stonecutter says:

    A lot of the code on the servers is already open source. Python and Perl, Linux, MySQL, Squid. These are all used by the SL servers, and they’re all open source. The components just released are similar to these… standalone applications and (in this case) libraries that the servers use. These ones happen to have been written by Linden Lab, but they’re not “the servers” any more than MySQL is.

  76. @Melanie:

    Check the forum here(http://forums.secondlife.com/showthread.php?t=206270). Tofu Linden has the binary blob needed for voice, it’s only now a matter of getting through internal testing and debugging before it’s released to us.

  77. SimonRaven says:

    I’m tired of people thinking open source anything equalling insecurity. I’m afraid that people that do that equation have been lied
    to, and/or are ignorant of the real facts, instead of the FUD micro$oft and others put out. I worry more about closed
    source software, frankly. You can’t go check if there’s a backdoor in that thing, or say “hey, you know, this is a potential for
    trouble in this file foo.py here, line 42” or “you could speed this section up a bit by doing this instead of that”, or such things.

    Open sourcing something has tremendous benefits, and most big hardware and software corporations are getting into it, or into it
    already. The ones that aren’t are going to turn into dinosaurs (if you’re into that kind of “cred”); for me, it simply means that I
    can go look, or others can, and publish their findings on it, and contribute to it in whatever form they like, be it source,
    helpful bug reports (that actually get followed up on, instead of getting ignored intentionally), or other contributions. I suspected
    LL and SL were into F/OSS when I heard their servers run on Debian ;).

    I think people will see the truth of what I say when they start seeing improvements in security, stability, and responsiveness. Hell,
    I have on my old slow P3/500 MHz 256 MB RAM box, client side. I know it’ll happen server side.

    I just hope LL and SL get real on what really matters in the end, instead of acting like a typical corporation.

    BTW, Linden people, I would seriously consider sticking the sims on xen, everyone will benefit, and can save on Earth’s resources
    *hint hint*.

  78. SimonRaven says:

    OT: I agree, GoogleMama is just trolling. Go ahead, rant and rave, you’re just showing yourself to be a fool.

    On-topic:
    As for the slow release of bits and pieces, whomever mentioned that a few comments ago is hit. nail. head. on that one. Good
    explanation BTW, thanks for that. Every project big and small does it that way or another (basic format is similar). In no way shape
    or form is anyone that submits backdoor code let onto the committer group (in one project form), they’d get their cyber-ass kicked πŸ˜›
    ;). Nor is someone like that ever tolerated in some of the other project group forms, they just aren’t welcome.

    The F/OSS community “cred” is based on your merits, and contributions (and behaviour towards others more, nowadays). If someone
    doesn’t understand that, they should re-learn how to share. Yes there are bad rotten apples, but how many do you actually think are
    on those committer/submitter groups, and actually get to stay there? 0. Like the other person said, it’s called peer review, the
    scientific community has been doing this for years. I’m not saying there isn’t any politics, but in those 2 communities, that
    sort of thing is frowned upon.

    Off-topic:
    I would suggest a killfile or /ignore on GoogleMama ;).

  79. Momoko Market says:

    How about voice functionality for all the residents? Those with linux and those of us who enjoyed it in first Look only to have it taken away when it went grid-wide? What’s up with that? Huh?

  80. Asmo Aya says:

    She may be a troll, but she, and I, will be two people who won’t lose everything when SL is hacked but good, either because of the “open sourcing” or whatever other reason LL allows to happen from their own incompetence…

    Bye, SL, good riddance LL… I’ve cleaned this particular “virus waiting to happen” from my system.

  81. Nulflux Negulesco says:

    Don’t tell me I’m the only one that noticed the built-in backdoor eventlet code that creates arbitrary connections to arbitrary addresses and ports… I almost can’t believe it’s named Backdoor.py! Umm… Are you sure that’s safe guys, giving us the backdoor code? roflmao

  82. Pingback: Taylor Davis Website - tdavis.net » Blog Archive » links for 2007-08-28

  83. Which Linden says:

    It’s just demo/debugging code, you’d have to tinker with it a bit to get it to run. (i.e. the existence of this code does not imply that a backdoor [which is just a listening socket] is actually running anywhere)

  84. CyberTrooper Tran says:

    The majority of the posts in this discussion are being made by Open
    Source enthusiasts’ blinded by their zealorty. The idea that Linus is
    infinitly more secure than Windows is just plain wrong
    You will never be able to stop top tier Hackers from invading systems (slow them down) , but never stop them, howwever when the source code is readily availible it’s an invitation to the less skilled to ply their trade
    I am an Open Source enthusiast, but the reality of the world we live in can not be denied, proprieiary softwear system are absolutly essential to the heath of a major web sevice like SL.

  85. The XO says:

    @ Which Linden #52:

    Thanks for clarifying – it’s appreciated.

    Obviously everyone prefers grid stability rather than fancy viewers. I’m still using 1.18.0 (6) from July as I don’t get on with the layout on the voice one.

    That being said, it would be nice if the Linux once worked as well as Mac and Windows, but I can live with it if the grid is more stable πŸ™‚

    I feel like a ranting **** now, but I wasn’t aware there was no necessary update for Linux.

    Thanks for your time, and keep up the wonderful work πŸ™‚ I have actually noticed and commented on grid stability being better and less down time, so it’s all good πŸ™‚

  86. Well, it’s been a long time since I did any development, but I must say that opening up the project to the open-source community is a step in the right direction. As As was posted earlier, every open source project has a manager (perhaps “coordinator” would be a better phrase) so that wild insane stuff won’t get incorporated.

    I hope stability becomes more of a priority from now on.

Comments are closed.