So it turns out, that I need to make another post on this topic (although I’d like to say this is hopefully the last for a while - I do have some more interesting topics to talk about).
OpenSim supports C/M/T-style Permissions on Regions, by default (as it’s shipped), it’s enabled.
You can take a look at the code if you want. If you only read one line, read the one above. It’s important. Keep it in mind as I continue, please.
Now, yes - someone can come in and override those, and say “I want my region never to support permissions” and anything rezzed in them will never have any, however that is no different to someone taking the official server software (whenever it is released), opening it up in SoftICE and doing exactly the same thing.
The point I have been trying to make is: You cannot rely on permissions, even today, to be infallible - because they are not. Adding “copy protection” schemes (which are *not* the same thing as a permissions system) will not make it any different, because they simply do not work.
Permissions are different to copy protection
Both of these are technical terms, permissions mean “I the gatekeeper will allow you to do these things on my service”.That is, the service itself will say “No” if you try use them to do something they forbid, and all their assistance ceases (and you may be banned/disconnected/whatever)
Copy protection on the otherhand means “I’m forbidding you from touching this thing I give you”, one is enforcable becuase you need the gatekeepers assistance to do something and he wont provide it if you violate the permissions, but the second is not because there’s absolutely nothing stopping you from walking over and doing it anyway.
A better example might be say a key and a lock. A permissions system is setup so that you have a key, and the lock understands that key. It says “You can open this door, if you have the key.” - assuming solid enough construction, it’s a reasonable barrier to mischief.
A copy protection system is a locked box, with a key dispenser right next to it. It’s kinda pointless when described that way, but that is effectively what they are.
OpenSim supports the “gatekeeper” style permissions - SL does exactly the same thing.
Permissions have limits
The big problem here is, and something you may construe from the above is that permissions provide absolute protection. It’s something I have tried to clear up previously (and why I have been saying that it is not worthwhile to rely on these)
Limit #1: Permissions are only as reliable as the service that is enforcing them.
This means, that if someone decides to swap the default gatekeeper with one that’s less scrupulous, there’s nothing you can do. The best you can do here is pick a service that is going to be fairly rigid about making sure they behave properly. Second Life does this today, other services will likely do it too.
The key is probably going to be that services allowed to interconnect with popular reputable services are going to be legally enforced and contracted (and likely have large sums of money in the balance of it) to make sure they play together nicely.
Limit #2: You are only protected as strong as the weakest link.
At this point, the client is the weakest link. To use a phrase that has been repeated often enough “If you can see it, you can copy it.” It actually strikes me personally as significantly more difficult to go to the bother of connecting to a service as a server in order to rip content, when you could just take it from the client using reasonably well tested tools such as GLIntercept, Copybot, Cache rippers, and others - and do so without the service being able to easily detect you.
The above tools cause posts about content theft at least once a month in Second Life - your content is effectively “easy” to steal right now, and it wont get any easier. Yet people continue to make sales, to make new content - in the long run, this wont make anything substantially different than it is today.
OpenSim’s current permission support
OpenSim is still alpha software (as we keep saying), but it does have a permissions manager, as far as I’m aware at time of typing, it supports all the C/M/T permissions roughly as intended. As always however, there are probably bugs in our implementation - if something isnt working right (such as say sitting on an object suddenly makes it copyable) then reporting that as a bug is always appreciated.
The intent of the developers has been to provide modules to let you create SL-style environments out of the box, and part of that does include creating permissions managers which emulate SL-style functionality, the current permissions manager is based on two previous versions, and 90% of the ‘core’ developers have been inside of it at one point or another tweaking and adjusting it, there’s a group effort involved in it’s development.
Returning to the point I made at the beggining of this post:
Point #1: OpenSim supports a basic C/M/T permissions module right now. It’s not perfect, but there it is. It’s been there in some form for a while (probably 6-7 months at least.), it’s the current developers set of intentions to support this - it’s on the list (admittedly there is a lot of other things on the list too, but then again it’s alpha software)
Point #2: It’s enabled by default - that means if you download a precompiled version of OpenSim today, it will be in there and turned on. Yes someone can go into the code and turn it off - and being able to customise opensim is part of it’s design because not everyone is building SL-style worlds with it.
Finally, this is nothing that hasnt been said before.
By default OpenSim - right now, supports your standard SL-flavoured permissions as the default permission module, it’s there today - yes you can swap one permission module with one that doesnt respect those, and yes you could remove it entirely.
- Copy Protection NuancesThe presence of the Open Grid Protocols allows one more potential avenue of attack, but to a malicious individual, this is more difficult than just grabbing the asset from the local cache, or using a tool such as GL Intercept, because it requires connecting in additional servers and dealing with a lot more than you absolutely have to.
- Copy Protection NuancesInfact we’ve never ever said anything to this effect. The environment we build by default (and that’s the components we ship to do things like a Second Life™ environment), we’ll try our best to respect permissions infrastructure as best we can - but there are limits to what we can practically do, we cannot alter the fundamental laws of mathematics and computer science (see my previous post for more on this) for example.
- OpenSim is not a Virtual World
I think OpenSim should add filters that can be enabled to refuse to teleport copy-protected inventory to Free sims (and refuse to copy non-copy protected inventory into closed sims). They should be optional and give avatar users the choice of not teleporting to closed sims.
This would allow copy-protection fetishists to fade into irrelevance without imposing their dogma on more pragmatic sims.
Rob Myers
27 Jul 08 at 6:20 pm
I’m not meaning to be pedantic - but could I just highlight something Rob Myers said in his post above, which may be inaccurate, and therefore inadvertently mislead some readers.
Rob mentions not teleporting *copy-protected* inventory, however Adam highlights the fact that OpenSim uses *Permissions*, and as he says Permissions and Copy-protection are two completely different things.
So Rob, might I add that I agree with your idea in principle - assuming you meant to say that *OpenSim should add filters to optionally disable the teleporting of inventory which has certain permission set, such as no copy or no modify*
nixnerd
28 Jul 08 at 8:59 am
[...] has no proper permissions system (something I debunked thouroughly earlier), and that region operators have full permissions on anything in their regions. (Equivilent to how [...]
Adam Frisby » Blog Archive » Dodgy Characters
9 Aug 08 at 2:35 pm