Lex Neva's thoughts blog of Lex Neva in Second Life

January 8, 2007

Linden Lab Open Sources SL Client

Filed under: Miscellaneous — lex @ 3:44 pm

So, LL has gone and given away (some of) the goods: they’ve open-sourced the SL client. This is going to lead to a lot of interesting things, like largely obseleting the current modus operandi of LibSL and opening the door for lots of fun things like end-user security audits, resident-contributed features, and resident-released clients.

This just underlines the need for a trust metric in Second Life. If someone decides to release a client, I need to know that I can trust them. How do I know their client won’t steal my password and tell it to them so that they can run in and wipe my account of Lindens? How do I know their code won’t make a mess out of my computer? How do I know their code won’t inadvertently make me do something that LL’s servers consider griefing? What if their code stole all of my content and sent a copy to them?

Of course, any client that’s developed and released by a third party, due to LL’s licensing, must be open-sourced itself. However, that’s not necessarily enough to make it Safe. That code would still need to be vetted by the community to ensure that there aren’t any hidden trojans that do nasty things when you run the client. I don’t know about you, but I don’t have either the time or the energy to vette a third-party SL client’s code before I run it. I know other people are like me in that respect, and that means that a malicious programmer could release a trojan SL client and do some damage before the community caught on.

So, for now I won’t be running any client that’s not released by Linden Lab, because I have no way of knowing if I can trust the person releasing it. If we had a system like the Reputation System I proposed previously, then it would be much easier for me to make a quick and yet confident decision about whether to trust a client written by a third party. I simply need to check their Reputation Score, and think about how badly they would be affected if their reputation were tarnished. In the case of a big name in SL, someone who’s been around in the community for a long time, it’s pretty likely that they wouldn’t risk ruining their reputation by releasing malicious code in the form of a trojan SL client, because they would, essentially, lose the use of their entire SL identity in the process.

Powered by WordPress