[opensource-dev] Current Snowstorm commit builds
Oz & company, Would it be possible/easy to have the table of the most recent commit & build of Snowstorm enhanced to be more humanly readable by non-developers, like the one for Snowglobe "Development Snapshots"? That is, keep the table, but also have a simplified set of links for Windows, Mac, Linux. Thanks. ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
> PHOX and Fractured are very close. All the way back when it was VLife and > PhoxSL. they were nearly identical. So i would almost bet that its a blitz > attack on the public. Fractured walks away. PHOX stays. Fractured and PHOX > still have control over the program cause PHOX is still committing code. > and as far as the licensing goes. If PHOX is the developer of the > emkdu file( remember this is the bad file in the emerald viewer) and they > are still planning to use emkdu who is developing it? PHOX? According to a blog post on blog.modularsystems.sl, which was subsequently pulled (cached: http://bit.ly/9OfxUd), Linden Lab has demanded that Emerald cease use of emkdu entirely. ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
well the developer of the emkdu dll file is PHOX. From the interview on treettv, Fractured purchased the license to develop it, PHOX did the actual developing, Fractured was asked to step down, PHOX is still on the team of emerald developers. PHOX and Fractured are very close. All the way back when it was VLife and PhoxSL. they were nearly identical. So i would almost bet that its a blitz attack on the public. Fractured walks away. PHOX stays. Fractured and PHOX still have control over the program cause PHOX is still committing code. and as far as the licensing goes. If PHOX is the developer of the emkdu file( remember this is the bad file in the emerald viewer) and they are still planning to use emkdu who is developing it? PHOX? On Tue, 24 Aug 2010 17:27:40 -0400, Rob Nelson wrote: > They used a custom build of the KDU JPEG compression library to embed > information in baked textures, such as the installation directory and > the title of the window. The outrage around this is that Emerald > developers: > > 1. Disclosed private information without informing users about the > disclosure in their privacy policy (installation folder can contain the > username, usually on Linux, though). > 2. Obfuscated this system by hiding it within a closed-source library > 3. Continued to lie about the purpose of this system. > 4. LINDEN LAB CONTINUES TO IGNORE THE TPV VIOLATIONS. If I had pulled > this crap with my tiny viewer, I'd have been banned back into the stone > age. The double standard Linden Lab uses infuriates many who were > forced to do many difficult changes to comply with the TPV, only to find > out that Linden Lab has no intention of enforcing it. > 5. Reportedly, Emerald merely changed the encryption method used when it > was discovered. I don't even know if they changed their KDU library to > comply yet, or if they're covering their bums still by making a storm of > apologetic blog posts while continuing the same old crap. > > Rob Nelson > > On 8/24/2010 1:50 PM, Harold Brown wrote: >> What I find interesting is that people are neglecting to realize that >> ANY viewer, even a LL viewer could have been used to do the same thing >> by changing the WEBPAGE the login screen pointed to. Or for that >> matter distributing a object using the new Media functions to load a >> webpage with the exact same iframe set. >> >> >> >> On Mon, Aug 23, 2010 at 8:03 AM, David M Chess wrote: >>> Could we move all this stuff to a new "emeraldgate" list, or something? >>> >>> That I could then carefully not subscribe to? >>> >>> __ >>> ___ >>> Policies and (un)subscribe information available here: >>> http://wiki.secondlife.com/wiki/OpenSource-Dev >>> Please read the policies before posting to keep unmoderated posting >>> privileges >>> >> ___ >> Policies and (un)subscribe information available here: >> http://wiki.secondlife.com/wiki/OpenSource-Dev >> Please read the policies before posting to keep unmoderated posting >> privileges >> > > ___ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting > privileges -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
Yet another plea to move the endless offtopic Emerald discussions elsewhere. (Preferably fr elsewhere...) ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
They used a custom build of the KDU JPEG compression library to embed information in baked textures, such as the installation directory and the title of the window. The outrage around this is that Emerald developers: 1. Disclosed private information without informing users about the disclosure in their privacy policy (installation folder can contain the username, usually on Linux, though). 2. Obfuscated this system by hiding it within a closed-source library 3. Continued to lie about the purpose of this system. 4. LINDEN LAB CONTINUES TO IGNORE THE TPV VIOLATIONS. If I had pulled this crap with my tiny viewer, I'd have been banned back into the stone age. The double standard Linden Lab uses infuriates many who were forced to do many difficult changes to comply with the TPV, only to find out that Linden Lab has no intention of enforcing it. 5. Reportedly, Emerald merely changed the encryption method used when it was discovered. I don't even know if they changed their KDU library to comply yet, or if they're covering their bums still by making a storm of apologetic blog posts while continuing the same old crap. Rob Nelson On 8/24/2010 1:50 PM, Harold Brown wrote: > What I find interesting is that people are neglecting to realize that > ANY viewer, even a LL viewer could have been used to do the same thing > by changing the WEBPAGE the login screen pointed to. Or for that > matter distributing a object using the new Media functions to load a > webpage with the exact same iframe set. > > > > On Mon, Aug 23, 2010 at 8:03 AM, David M Chess wrote: >> Could we move all this stuff to a new "emeraldgate" list, or something? >> >> That I could then carefully not subscribe to? >> >> __ >> ___ >> Policies and (un)subscribe information available here: >> http://wiki.secondlife.com/wiki/OpenSource-Dev >> Please read the policies before posting to keep unmoderated posting >> privileges >> > ___ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting privileges > ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
Sure true but the differences is for a normal sl viewer to do this they need to specify their own login screen using url parameters or someting while with Emerald has there own custom login screenpage with users see evrytime they login into Emerald while what you say is true but that user count is WAY lesser then thousand of emerald users loging in continue it was stupid to do but this also proven the point is that Emerald (or anny other viewer) can do what they whant with SL's code it gives wrong view of what Third party viewer should be and to fix this so it never hapens again disalow custom login page's to be hosted on the viewers server but instead allow it so it can be hosted on secondlife servers (for a fee maybe idk) and everey time they wanna update the page, let LL control it to see if its user safe (could allow dynamic xml stats for custom news and stats but limited to basic html code with it) annyway my 2cents -- From: "Harold Brown" Sent: Tuesday, August 24, 2010 10:50 PM To: "David M Chess" Cc: Subject: Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything? > What I find interesting is that people are neglecting to realize that > ANY viewer, even a LL viewer could have been used to do the same thing > by changing the WEBPAGE the login screen pointed to. Or for that > matter distributing a object using the new Media functions to load a > webpage with the exact same iframe set. > > > > On Mon, Aug 23, 2010 at 8:03 AM, David M Chess wrote: >> >> Could we move all this stuff to a new "emeraldgate" list, or something? >> >> That I could then carefully not subscribe to? >> >> __ >> ___ >> Policies and (un)subscribe information available here: >> http://wiki.secondlife.com/wiki/OpenSource-Dev >> Please read the policies before posting to keep unmoderated posting >> privileges >> > ___ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting > privileges > ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
Yes, but most viewers have decent legit developers who won't put that stuff on the login page. On Tue, Aug 24, 2010 at 9:50 PM, Harold Brown wrote: > What I find interesting is that people are neglecting to realize that > ANY viewer, even a LL viewer could have been used to do the same thing > by changing the WEBPAGE the login screen pointed to. Or for that > matter distributing a object using the new Media functions to load a > webpage with the exact same iframe set. > > > > On Mon, Aug 23, 2010 at 8:03 AM, David M Chess wrote: >> >> Could we move all this stuff to a new "emeraldgate" list, or something? >> >> That I could then carefully not subscribe to? >> >> __ >> ___ >> Policies and (un)subscribe information available here: >> http://wiki.secondlife.com/wiki/OpenSource-Dev >> Please read the policies before posting to keep unmoderated posting >> privileges >> > ___ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting privileges > -- “Lanie, I’m going to print more printers. Lots more printers. One for everyone. That’s worth going to jail for. That’s worth anything.” - Printcrime by Cory Doctrow Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
Re: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
What I find interesting is that people are neglecting to realize that ANY viewer, even a LL viewer could have been used to do the same thing by changing the WEBPAGE the login screen pointed to. Or for that matter distributing a object using the new Media functions to load a webpage with the exact same iframe set. On Mon, Aug 23, 2010 at 8:03 AM, David M Chess wrote: > > Could we move all this stuff to a new "emeraldgate" list, or something? > > That I could then carefully not subscribe to? > > __ > ___ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting > privileges > ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
[opensource-dev] New Weekly Office Hour for Product Backlog & Viewer Idea Discussion
Starting tomorrow, Wednesday Aug 25 from 8-9am PT, I'll be holding weekly office hours for discussion of the Snowstorm Team Backlog and to discuss ideas for the Viewer. If you have ideas for Viewer improvements, usability enhancements, new features, or just have questions about our backlog, this is the meeting for you! SLURL: http://maps.secondlife.com/secondlife/Hippotropolis/201/115/21 You'll find this meeting listed on our Snowstorm Team calendar, here: http://www.google.com/calendar/hosted/lindenlab.com/embed?src=lindenlab.com_k0e2g2gmqrhm0esbrh31f0qbac%40group.calendar.google.com&ctz=America/Los_Angeles (Note: This meeting will replace Q's weekly office hour. When he returns to work in a few weeks, he'll join us at this OH!) See you tomorrow! Esbee___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
Re: [opensource-dev] Draw Distance - TPV Solution Example - SLIDER Correction
It s XML. I've been dropping in this replacement XML file into all the viewers I download/install, which adds a Draw Distance slider along with Land and Sky buttons to allow easy access to the About Land & Advanced Sky controls. It would be fantastic if there was an ability to choose in preferences whether they appeared in your viewer. Land & Sky could be off by default (no need to complicate things for new residents), and DD could be on by default perhaps. XML file (in zip archive) - http://www.blakopal.com/dd-slider.zip Tutorial video - http://www.youtube.com/watch?v=j_wSK0PMbPQ On Aug 23, 2010, at 11:33 PM, Science Fiction Computer - SCi-Fi PC wrote: > Apologies all, correction, the SLIDER is located, off-center, TOP RIGHT. > > SF. > > -Original Message- > From: opensource-dev-boun...@lists.secondlife.com > [mailto:opensource-dev-boun...@lists.secondlife.com] On Behalf Of Lance > Corrimal > Sent: Tuesday, August 24, 2010 4:25 PM > To: opensource-dev@lists.secondlife.com > Subject: Re: [opensource-dev] Draw Distance - TPV Solution Example > > Am Tuesday 24 August 2010 schrieb Science Fiction Computer - SCi-Fi > PC: >> If you find the time, download the latest "Kirsten's Viewer" >> S20(33). >> >> There is a neat little Draw Distance slider located in the TOP-LEFT >> of the Viewer UI, which conveniently provides an EASY TOOL for >> adjusting detail vs performance. >> >> It's simple, elegant, and most importantly, "Functional on the Fly" >> - ergo, would be great to see this slider in Snowglobe or Main LL >> Viewer. >> > > its in the starlight skin, so it can only be a pure xml thing. > > > bye, > LC > ___ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting > privileges > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 9.0.851 / Virus Database: 271.1.1/3090 - Release Date: 08/24/10 > 04:34:00 > > ___ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting privileges ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
Re: [opensource-dev] Draw Distance - TPV Solution Example
Miro Collas :
> FWIW, I still prefer a type-in field to a slider for this. Much faster.
I do, too. In general I miss various of Emerald's chatbar commands
when I use V2.
Draw-distance, and gth (Go To Height) and flr ("floor"; go to ground
height) the most.
fwiw,
Dale (finally posting from my personal address instead of accidentally at work!)
___
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/OpenSource-Dev
Please read the policies before posting to keep unmoderated posting privileges
[opensource-dev] VC Express/2008 request for testers/code review
Hey everyone, I've spent way to much of my time recently trying to fix up the builds initally for 2005 Express, but that very rapidly became tangled with needing to fix the build process to be aware of which compiler version it was using so this naturally led to 2008 support being addded. I really would like to get some input from Brad on this as this is one of his areas. But also testing from express and 2005/2008 compilers would be helpful The revelant JIRAs are VWR-20879 - FTBFS: find_vc_dir() fails with Visual Studio Express SNOW-788 - Fix cmake files to correctly include boost on VC2008 windows builds VWR-20914 - Allow the MS CRT dlls and manifest location to be manually specified to work around VC Express limitations VWR-20915 - Remove hardcoding of VC80/8.0 from cmake and python files VWR-20921 - mt.exe is not found when building with visual studio 2008 You can find the complete patch bundle applied to viewer-development at http://bitbucket.org/robincornelius/viewer-development-vwr-20879 Additional instructions are on the wiki page - https://wiki.secondlife.com/wiki/User:Robin_Cornelius/viewer-development_VC2005_Express , these instructions work around fundimental limitations of Express and the fixes i have documented would then apply to any viewer branch in future so they can be considered system wide fixes. I do not believe these workarounds should be corrected in the viewer code, it is not something the viewer is doing wrong. If you decide to try to build 2008, please note that express users still need the winres.h fix from the above wiki link and also you need to copy the precompiled boost libs detailed at the end of http://jira.secondlife.com/browse/VWR-9541. My test environments have completed builds to an installer sucessfully with 2005 and 2008 Express. There is one final issue if you use 2008 express which i believe at this time is out side the scope of viewer fixes. The LL supplied prebuild libs are build against VC80 CRT v 4053, if you build with 2008 you will have dependencies on both the VC80 4053 CRT and your current VC90 CRT. So the installer if distributed to a 3rd party may fail to run as it will not copy the VC80 CRT to the installer. If and when LL decide to update to 2008 internally this should all just fall in to place without changes. Thanks ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
Re: [opensource-dev] Draw Distance - TPV Solution Example
FWIW, I still prefer a type-in field to a slider for this. Much faster. On 08/24/2010 02:14 AM, Science Fiction Computer - SCi-Fi PC wrote: > If you find the time, download the latest "Kirsten's Viewer" S20(33). > > There is a neat little Draw Distance slider located in the TOP-LEFT of the > Viewer UI, which conveniently provides an EASY TOOL for adjusting detail vs > performance. > > It's simple, elegant, and most importantly, "Functional on the Fly" - ergo, > would be great to see this slider in Snowglobe or Main LL Viewer. > > SF. > > ___ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting privileges > ___ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
