Making sure your prims belong to you

As I noted earlier, I'm going through some of the pain I dealt with in securing RPCS so would-be hackers won't exploit the system. Of course, no system is completely secure. But I've done everything I can to make it so expensive and difficult to hack that no one will bother.

So.. the first challenge was this: preventing people from both listening to the internal communications of the system, and preventing them from impersonating those communications. That's actually more difficult than it seems, for a number of reasons. First, even though every object and script in second life gets it own GUID (globally unique identifier), that can't be used for this purpose, because the entire system gets a new GUID every time it changes ownership or is rezzed in world.

This is complicated a bit further because the system itself contains multiple scripts. So I'll walk through the steps that were taken:

Resetting the device

First: reset the device. This happens every time it's attached, when you log in, or when it is rezzed on the ground. Resetting the scripts clears the memory (and any data, including passwords), and forces a startup from scratch.

attach(key f_ID) {
llResetScript();
}
changed(integer f_Changed) {
if ((f_Changed & CHANGED_OWNER)) {
llResetScript();
}

Ok... so now we've got a clean startup. However, this doesn't do anything with the _other_ scripts in the object. That's fine, because just about the first thing that will be done is resetting all of the scripts.

Now, since the script is being reset when a new person gets it.. when they rez it... when they wear it... we know we're starting from a clean slate. Next step is to start checking security. First, we ask for attach permissions, because if security checks fail, the object kills itself. Second, a password is set.

Note that the password uses an internal algorith that all the scripts know, so that they can independently arrive at the same one. We'll need that in a minute.

What we're trying to accomplish here is a couple of specific things.

First, one of the ways people hack objects in LSL is by replacing nonessential scripts. Second, they'll insert their own, which listens to what's going on inside. Third, they'll rip the scripts out, and place them in their own prim. We're going to address all of those things.

string securePass;


default {
    state_entry() {
     llRequestPermissions(llGetOwner(),(PERMISSION_ATTACH)); // (Ask for permission to attach, because if it fails, the object will commit suicide
     securePass = "whatever";
     llResetOtherScript("everythign"); // reset all the other scripts *except* for the security script, we'll get to that seperately
     checkSecurity();
        llSetTimerEvent(0.3);
}
timer() {
        if ((securityOK == 1)) state load;
}

Note what state_entry basically does: nothing. It calls the checksecurity function, and then chills. Unless the events in checkSecurity work out? The system never moves to loading or running states.

Next we'll take a look at the checkSecurity() function.

checkSecurity(){
    me = llGetOwner();
    if ((llGetCreator() != "put GUID of creating avatar here")) {disable();}
    integer perms = llGetObjectPermMask(MASK_OWNER);
    if (me != "put my own GUID here") {
              if ((perms & PERM_MODIFY)) {
             disable();
        }
    }
    llResetOtherScript("security");
}

Ok... now we're getting to our first actual checks. Notice we've had .. maybe 1 millisecond pass at this point. If that. The checkSecurity function starts, the first thing it does is sets a variable for the owner of the object.

Next step: we check llGetCreator() ... does it equal who the creator of the object is supposed to be?

Important point here. If you're like me, there's probably mod/transfer and full perm objects floating all over the place created by you. That won't do. What I did in this case was grabbed an alt... one who'd never made anything... ever... for anyone... and _that_ account created a prim and scripts and passed them over. So that's what I'm working with here. The only mod prim in existence created by that account belongs to me.

So.. the first check here says... if I'm running in a prim created by anyone else... then run disable() (which causes the meter to choke and die).

Then... just in case I screw up and hand out a mod version of it even once, it checks first... is the object owned by me? If not, it checks if permissions are modifiable. If they are? then it dies.

So this mostly deals with the issue of prim creator/owner. Next we move on to the tough part. We reset the script security, then sit back and wait, because that script takes control of the next phase.

Market research firm predicts population explosion for virtual worlds

From Massively.com. This echoes other reports I've seen (not to mention on the ground "virtual" experience of rapid growth).

They've predicted that by 2015, the overall population of virtual worlds will go from what it is now at 186 million people all the way up to 640 million

Developing a secure gaming platform in Second Life

Warning! Some geekiness ahead. One of the projects I've been working on heavily lately is RPCS, a roleplaying and combat system in Second Life. Not something I've blogged about here before, but it's actually proved to be a fairly fascinating project on a technical level. One of the biggest reasons is because hacking, particularly hacking of games, is a huge challenge. I want to spend a little bit of time writing about the specific challenges involved, and how I've addressed them here, because I had a great deal of difficulty finding much on the web which addressed these issues. This is a fairly new frontier in a rapidly growing area. So... the objectives were simple:

• Prevent people from being able to modify the system or to hijack it by impersonating commands (for instance, by stealing experience points, using hijacked commands to kill other players, etc.)
• Prevent people from accessing the source code or in an way modifying the system itself
• Secure communications between the meters which are worn by avatars
• Secure communications between the meters and the internet hosted database server

That's a lot to cover, and it's a challenging task. The fact is that the most popular combat systems in Second Life have been hacked to death, cheated, exploited on a regular basis. Going into this I knew that I had my work cut out for me. Not to mention that we're using multiple technologies, all of which have to be secure in order to keep the system from being exploited. The technology used in this project includes Microsoft SQL Server and Coldfusion 8 on the back end, and Linden Scripting Language (LSL) for the in-world portion.

For the internet side, most of the pieces are fairly well known (though I'll cover those)... the things I primarily needed to address were:

• Unauthorized access to the back end website which communicates with in-world devices
• SQL-injection attacks
• Internal permissions and access to specific portions of the public website

For the in-world portion, it gets more complicated. Some of the most commonly used methods of hacking an in-world system include:

• Listening to/impersonating meter-to-meter communications (open chat)
• Listening to/impersonating internal communications (linked messages)
• Insertion of unauthorized scripts
• Stripping scripts out of the device to recreate a new one

On top of that, as anyone who has scripted in LSL knows, both lag and available memory space are HUGE problems. Because each LSL script has a memory space of only 64k (if compiled in mono) for both the script bytecode and all variables, and because the average simulator runs thousands of scripts at a time, performance and memory tweaking are major priorities which can often come at the cost of security.

The next couple of entries will address these various risks and ways they can be addressed.

Giving Away My Book for Free

I've never been one for New Years resolutions. Quit smoking? Yeah, right. However, a New Years action I can deal with. Here's the plan: starting today, I'm going to be giving away the ebook version of Republic for free.

No more sample chapters, partial books that end in the middle, none of that. You can download and read the complete book. Share it with your friends, email it, do anything you want with it except sell it. Hope you enjoy the book and tell others.

Ebook Links: Adobe Acrobat PDF Mobipocket / Amazon Kindle HTML (Read online) RTF (Rich Text Format / MS Word)

Podcast Links: Subscribe with iTunes Podiobooks.com Feedburner

You can also order from Amazon: $16.95

Okay, so maybe you are wondering why? After all, I'm hoping that within the next few years, I'll be making enough money from book sales that I'll be able to write full time. Isn't giving the book away somewhat counterproductive to that goal?

I don't think so. Here's why: the biggest challenge most authors face isn't online piracy. It's not people out there diabolically copying their works and distributing them for free. In fact most authors (including yours truly) suffer from a different problem entirely -- no one has ever heard of them. After all, literally hundreds of thousands of new titles come out every year, and only a few hundred writers in the entire United States (if that many) actually live off their books full time. So, by giving away the book, I hope more people actually read it.

Want to share it with a friend? Feel free. Email it to them, send them the link, whatever. If you find that you enjoy the book, I'm hoping you'll order a copy, but that isn't required. You could also post a review somewhere. Post a link in your blog. Ask your library to order a copy, so more people can get it for free. Whatever. If you do post a link somewhere, let me know about it. I'd love to see lots of people reading the book, the more the merrier.

Will giving it away cut sales and make me a poorer person? I don't think so. There's plenty of evidence out there that giving away the book will actually boost sales. If you don't believe me, check out Eric Flint's column in Jim Baen's Universe, which actually runs the numbers and takes down some of the myths associated with Digital Rights Management, publishing, encryption, and copyright fanaticism.

http://www.ericflint.net/index.php/2007/04/27/eric-flint-on-drm-and-copyright/#more-316

Update:

I did not expect this to end up on the front page of Digg. That is excellent. Someone asked about the license -- it's under the Creative Commonse 2.5 Attritibution, No Derivatives license. In other words, read it, give it to other people, but don't make money from it. Thanks to those who mirrored when my server went down last night!

Reviving the Bonus March

About ten years ago, I picked up a long out-of-print copy of Walter W. Water's account of the 1932 Bonus March. Waters was one of the leaders of the original group that travelled from Oregon to Washington, DC. The book had been out of print since before I was born, but is now back.

Walter W. Waters was an Army sergeant who had served in Europe during the first World War. Like millions of other Americans during the great depression, he struggled to find a livelihood for his family, with little luck. In 1932, he led 300 veterans in a cross-country odyssey to petition Congress for release of the promised bonus for World War I veterans. Eventually, more ten thousand veterans gathered in DC. They were driven out. From Waters’ account of the tragedy: “The troops stopped at the buildings in the Pennsylvania Avenue area and took them one at a time. Each one housed forty to a hundred men. The men were chased out with drawn bayonets and gas bombs. The men of the B.E.F. had come to Washington, hoping to get something from the Government. They were getting it—the most modern type of tear gas.” While a number of accounts of the Bonus March exist, this is one of the only first-hand accounts, written by one of the leaders of the movement. I'm very proud to be involved with bringing this book back into print, and hope you'll check it out!

http://www.amazon.com/B-Whole-Story-Bonus-Army/dp/0979411459/ref=sr_1_7?ie=UTF8&s=books&qid=1245149705&sr=8-7

Irritated this morning (or why Chris Hedges pisses me off)

About 2 days a week, I work from Cup a Joe Hillsborough in Raleigh, rather than driving all the way home after dropping my son off at school. This morning, I sat down at my table to see a copy of the Triangle Free Press, which the previous occupant left behind. The headline: "Top Commanders Oppose Iran Attack." So far, nothing too surprising. But then I read the first paragraph of the article, written by Chris Hedges. Here it is:

When military command is the voice of reason in a debate about a new war, you know our democracy is in trouble.

Chris, Chris, Chris. Come on. Where have you been the last decade? Here's the point you miss -- the last person who wants to go to war is the people who have to live through it. It's the stay at home couch commandoes who yell for war. The soldiers go where they’re told, and no doubt if they have to go to war, they do it without question and with absolute loyalty. But our recent history demonstrates all too well the fact that those who have to do the shooting (and dying) want to see reasonable steps taken before they are sent into combat. Here's a quick review. It was the Chief of Staff of the Army who gave the only realistic assessment of how many troops would be needed to have a successful occupation in Iraq. It was the Marine commanders who argued against stupid and unnecessary punitive expeditions to level Fallujah instead of a genuine counterinsurgency -- and the civilians who overruled them. It was the soldiers, who argued strongest against the use of torture, and it was a soldier who reported abu Ghraib and risked his life and future to make sure the right thing was done. It was the military lawyers who fought the Department of Justice (!) against the use of extreme interrogation techniques, and the counterintelligence experts who argued publicly that torture wasn't going to get us anywhere. In Congress, it was the military veterans, including John McCain, who argued most aggressively against failed techniques that violated the Geneva Conventions. It was veterans groups like Veterans for Common Sense that made the most cogent and reasonable arguments against going to war in the first place in Iraq. Chris, this is coming from an avowed left-of-center American. It's comments like that, which make the left look like a bunch of latte-drinking Volvo driving America haters. When you base your argument off an assumption that all too many in the left make, that the military is made up of a bunch of gun toting thugs who love to go to war and KILL KILL KILL, you miss the whole fucking point. You hand ammunition to the culture warriors, and take us all a step back into the time warp of the 1960's that all too many of the culture warriors on both sides want us to stay in. Finally, you alienate the very people who have the most to lose in any conflict -- the people who have to fight in it.

5 Dec 2007 Paul Sulivan Charles, Congratulations that your book is featured at Borders! Let's make some money on your talent! And happy birthday to your older brother! (I vote for the baby picture.) Regarding Chris Heges, you are correct, that it is the soldiers who do the fighting. And you are absolutely right when you say the military is not a bunch of gun-toting thugs who want to kill, kill, kill. Those of us who have been there know better. However, our military is infiltrated with just dominionists religious fanatics, especially chaplains, demanding and fighting for their religious holy war to destroy the globe and bring about their rapture. They are led by an insane criminal and warmongering miliary deserter. In defense of Chris, he often writes for the rich and forgets his time in several combat zones as a reporter. I think he is trying to say that it is bitterly ironic that the out-of-touch military leadership that remained nearly unanimously quiet (except Shinseki) about Bush's lust for war, at least for a few retired brass, found some balls and dared to say that another pre-emptive war against Iran would become yet another debacle. Paul.

5 Dec 2007 Charles Sheehan-Miles Yeah, I know he's well intentioned. But too many people are too slipshod in both their language and assumptions, and this opening sentence was a classic example.

Remembering Oxford Books

For about ten years – from 1984 until ’94, I was a regular at Oxford Books in Atlanta. It’s been on my mind the last few days, because Veronica and I have pretty much made the decision that we want to be closer to family, and we’ll likely move back there once the school year is over. It’s hard, however, for me to imagine an Atlanta without Oxford Books. I realize the population of the city has near tripled since I was in high school, and many of you in Atlanta now never knew Oxford. It was a literary paradise – a wonderful independent bookstore, originally at Peachtree Battle shopping center, then expanded into the space next door, then they expanded more into a huge old house nearby for the used books, then much later they opened their flagship store on Pharr Road. The rapid expansion in 90-92, combined with the recession, did a lot of harm financially, and the company finally went bankrupt. What I remember – living just a few blocks away in middle school, Oxford was a regular hangout, because we could get good sci-fi, new and used there. In high school, virtually every girl I dated (or at least wanted to) worked there at one time or another, and I remember long, late nights sitting in the Cup & Chaucer (the upstairs coffee shop) writing, talking, and, of course, smoking. Later, it became a refuge when I was in the Army, and very often I drove from Fort Stewart (near Savannah) to Atlanta on the weekends just so I could hang out there. After the Army I returned to Atlanta, and spent I don’t know how many hours there in the coffee shop: making friends, relaxing, reading, writing. I worked there for a while, in the receiving department at Peachtree Battle and later as a cashier on Pharr Road. In the fall of 1993, I was sitting in the coffee shop reading a book called “Among The Thugs,” about England’s famous football thugs, when a young yankee woman (sorry, northerner) kept bumming lights from me. Turned out she actually had a lighter, but wanted to say hello. Six months later we got married right there in the coffee shop, and we’re still together today. I suppose it’s a truism that you can’t ever really go home, and I know that Atlanta is certainly not the same city it was when I was free and in my early twenties. I’m certainly not the same person I was in my early twenties. I understand there’s a new, large independent bookstore in Decatur called “Wordsmith’s,” which I’ll be sure to check out. But part of me will always grieve a little that Oxford is gone. The slideshow is a few shots from our wedding at the Cup & Chaucer.