October 2007

One matter upon which I have been thinking recently is the matter of Authentication between Objects within Second Life.

For many systems it is necessary for them to be able to communicate with each other only if they share a common secret - a “password” is an example, and one used here. For instance, with a combat system, a cannonball should only be able to tell a ship that it has been struck and should take damage if it is part of the same “network”, or game (though clearly Piracy is Not A Game) as the ship itself.

In cases where all items are owned by the same person this is simple - one merely checks that the owner keys, which are I believe unforgeable, are the same, using some line such as if (llGetOwnerKey(id) != llGetOwner()) return; in one’s listen() event, when hearing a command. However, when objects may be owned by pretty much anyone, this will not work, and merely having the objects communicating on an unusual channel (-894029345, say) will not provide complete security, as listening devices exist which can scan for these things.

I was thinking of something a little more secure, yet remaining in-world and not requiring awkward and slow communication with, say, a server that keeps a record of permitted owners. To this end I created a small script this afternoon which demonstrates a challenge-response system between objects.

The basic functioning works thusly: each object holds a password, and when object A wishes to instruct object B to do something, B says “Hold on a second! I don’t know who you are. We must compare passwords. But clearly we cannot do so on an open channel - anyone might be listening. Here is a random integer for you as a challenge, to use as a salt in an MD5 function.”

A hears this integer and applies that salt to the password, then says the resulted salted password again. The important point about the function llMD5String and MD5 encryption in general is that, when a string is encrypted with a particular salt, there is no practical way to return to the original string given the result. So, even if someone is listening in and hears the salted password, it is of no use in determining the original password - but B can also salt the password with the same integer and compare the two to see if the original passwords were the same.

If B manages to do this it then says “right, you seem to know the password properly, I will allow you to instruct me” and, for the next minute, allows communications from that key to act on it. A then must repeat whatever command was issued.

The above may seem a little baffling if one has never heard of this sort of thing but I dare say examination of the script may make it clearer. Contrariwise, I confess that I really do not know an awful lot about this stuff compared to the experts and would welcome comments. I have posted the script on my Scripting Colloquium for simpler discussion, but here is as good a place as any too I suppose.

I was recently considering the matter of Otherworldly Voices. There was an immense kerfuffle about the introduction of Voices to the Grid - admittedly, there is an immense kerfuffle about any introduction or removal of anything whatsoever, but in this case it was a kerfuffle promulgated by many Leading Thinkers and Commentators, and also myself.

Some predicted that the presence of Voices would lead to the elimination of “Immersionists”, dinosaurs - all New Residents would expect Voices and would relegate the silent to the dusty library corridors to which they properly belong and where they can say “shhh” to each other in private. There was the prediction that Voices would cause awful discrimination between those wishing to use them and those not, and huge social divides would occur. Would shopkeepers be required to have Voices on their lands or face bankruptcy? How would facilities for New Residents cope with the flood of New Residents wishing to send Voices from outside?

Some months have now gone by, a reasonable period of time I feel, the kerfuffle has been de-fluffled and, I must say, the overwhelming attitude that I perceive to the matter is, well, neutrality, if not boredom. I am not a particular fan of the presence of Voices, I consider it an irritating intrusion and furthermore it does not agree with the Hardware of my own Engine, and I was concerned as to possible implications but really - I have not encountered a single person even suggesting that I send Voices, and while I did see a few people keen to experiment (and all power to the experimenters, say I) now it is all old hat.

In short, nothing much appears to have changed. New Residents to whom I have spoken since the introduction have expressed no great interest in using Voices - I was always sceptical that they would, as the majority of Non-Residents, residing in the Shadow World, seem quite happy with Electronic Letters and Short Message Services and such, and indeed many use them far more than Telephony. Older Residents in my experience find Voices at most occasionally useful but mostly irrelevant. It is for both groups a tool which they may use at times as matters arise but mostly will not, and no seismological social activity has taken place.

I suppose, really, that this is not a particularly productive Entry in that it is really saying that things have not actually changed significantly. I am certainly open to any alternative experiences, as clearly my own perception is not representative (given that I am a peculiar scripting hermit) but all that I have seen shows that there were a few incidents shortly after the introduction of Voices, when it was still novel and could reasonably be used as a tool of social discrimination - and goodness knows there are enough people out there in the world who will take any opportunity to belittle someone else. Now that it is, as I said, old hat, there is not even false superiority to be gained, and such behaviour has diminished.

Whilst somewhat re-enabled in Aethernet terms, I am still unable to enter the Grid itself, and have been attempting to ameliorate the symptoms of my withdrawal with such things as the Scripting Section of the Official Forums.

To tell the truth I have been there infrequently of late. Previously I would spend many hours bickering over semicolons, but I have found it drawing me less and less in recent months until I barely ever participate unless at an extremely loose end. I am not entirely sure what caused this change; perhaps it was the closure of many parts of it and the enforcement of apparently somewhat arbitary conditions, making the place far less welcoming as a whole, or perhaps there was some Social Shift, with either the tenor of new participants changing or the departure of those I previously enjoyed engaging with. Or, perhaps, it is entirely down to a change in my own character.

“Frustration” by Sally Dunham

One thing that most definitely has put me off ever returning, or at least offering actual Script-Code Solutions, is the current impossibility of posting up any sort of Code in any sort of Legible Form. I fear that I became infuriated by this and vowed never to return, or at least never to attempt to put up examples again. This is yet another manifestation of the dread [#WEB-156] BBCode not working on official SL Forums, one the annoyance of which I had not fully appreciated (and believe me, I have been incredibly annoyed by it already). This one thing now makes the huge Scripting Library unreadable and greatly discourages any further contributions, as well as vastly increasing the effort required to actually help anyone with their own problems or post solutions. Short queries and functions and theoretical discussions are bearable, but the prospect of struggling through some poor novice’s hundred lines of unformatted code in order to chase down curly brackets is enough to make one simply not bother.

It all infuriates me even more as there are dozens of people eager to help with this, perhaps the most opaque skill within Second Life for a beginner or Non-Technical Sort to deal with, yet they face obstacles which even have the effect of making previous stored advice less valuable. A grid full of professional Old Resident engineers, lonely newer auto-didacts and terrible ancient scripts handed down from generation to generation due to the lack of anything more recent and efficient is not the sort of vision I have ever had, and discussion and mutual education at least goes some way to preventing this dystopia and helping the broadest group and greatest number of people. Even if one has no intention of dirtying one’s hands with any sort of Coding, one may still benefit from proper samples to be cut and pasted directly into an In-World Device.

As a small sticking-plaster I have now set up my own Scripting Colloquium, where one might post Code in a manner which can actually be Read (as well as Images and Links and Things In Italics and So On). These things rarely survive for more than a few weeks, and it may die an undignified death, but I would encourage anyone with scripts and questions about scripts who is put off discussion within the Official Forums by this or other matters to visit and participate. At the least it may build up some useable examples.

Tragically, circumstances have resulted in my opportunities to enter the Grid being somewhat curtailed. Well, in practice, almost completely curtailed. I fear that the Messages are building up and it may be some time before I am able to even answer them, let alone act upon any.

I must say that we have not had a Good, Old-Fashioned, Update-Related Scripting Function Break for some considerable length of time, and it is good to see that Tradition is re-establishing itself with the most recent “Rolling Restart”.

I had been considering the announcement of a small product that I had produced, a simpler variant of my as-yet-unreleased-and-generally-exceptionally-tardy Galvanic Swordstick designed for use with Rifkind Hapsburg’s “En Garde” game. Whilst I have been both busy and distracted recently, I was charmed by En Garde, which combines simplicity and depth most pleasingly. The game allows the use of alternative weaponry to the standard épée, more as an Especial Effect than anything else as they will only give one an advantage in terms of Fashion, and I tinkered with the Swordstick for a little while, adding a few animations and such for good effect, to make it compatible.

Whilst I was absent over the weekend of En Garde’s release (engaging in a business in Europe of which it is best not to speak) and was forced to rush the crafting somewhat, I put the En Garde Swordstick up for sale on ShopOnRez, and also in a little box at the main En Garde stadium, for L$50, with the promise of adding a few more features in future days and weeks.

Unfortunately I discover today that a particular, and at first glance minor, use of a particular scripting has been disabled - the ability to change the position of a linked avatar using llSetLinkPrimitiveParams. Reactions to that previous sentence I would suspect to be one of:

1. “Pardon?”
2. “Why would that matter?”
3. “OUTRAGEOUS! THIS IS AN UTTER DISGRACE AND I DEMAND SATISFACTION!”

For those responding in manner number One, I should explain that llSetLinkPrimitiveParams is a very useful little function allowing a script to change an awful lot of the details of a Prim that is linked into an Object - anything from its position through its type and sculpt texture to whether it emits light or not. In the past one was forced to use a subscript in that particular prim to change these things, and instruct it via a Link Message, but being able to do this from a central script is far more efficient and convenient.

For those responding in manner number Two, I should point out that, as most scripters will be aware, when an Avatar sits upon an Object, said Avatar is actually linked into that object much as any other prim and may be treated as one as far as Scripts are concerned - which is why the changed event triggers with CHANGED_LINK should someone sit on something, a Vehicle may only be 31 primitives including passengers, and so on. One may find the link number of the avatar (a simple loop through the prims suffices here, checking their names and keys) and then use llSetLinkPrimitiveParams to move them around, which otherwise is completely impossible. The use of llSitTarget defines where an Avatar first appears when initially sitting down on something, but changing it does not affect their position after that unless they stand up and sit down again.

(I will add a note of reassurance at this point that it is not possible to use said function to change other parameters of an avatar, merely its position. No script will be able to turn a hapless sitter into a torus.)

This function is widely used these days for all sorts of purposes. I myself have used it to adjust someone’s posed position when standing on a vehicle according to their height, so that their feet do not go through the floor and they do not appear to be hovering in mid-air; it is also used in different types of furniture, and in the case of Mr Habsburg’s En Garde, it is required to move the players back and forward as they engage in their swordplay. Clearly its removal is not cricket.

Why, though, one might ask, would this be removed at all? It appears that some sort of exploitable aspect existed which could be used to crash Sims, clearly something that no right-minded person would desire to remain. However, I wager that it is not at all impossible to restore the useful part of this function.

For those responding immediately in manner number Three, or those who have taken an interest on account of the preceding paragraphs, I humbly suggest that you visit the Jira Page “[#SVC-750] Avatar sitting on a prim no longer able to be manipulated with llSetLinkPrimitiveParams” and therein vote for the matter to be resolved. I am sure that it will be mere moments until we are all content once more; Mr or Ms Soft Linden has already stated that

There’s no plan for this to be permanent, and I’m asking for this functionality to be added to the test plan for future releases. (I’m bothered too - it broke some of my furniture!)

Well quite.

I should not finish this piece without at least mentioning that certain New And Improved Laws Of Physics are currently available for - and definitely requiring of - thorough testing within the parallel world known as the “Beta Grid”, but I dare not actually name them lest this cause them to disappear into the mists for another hundred years.