17 November 2013

Some Mistresses are more equal than others

For a couple of years, I was a member of the Sisterhood of the Latex Dolls. The Sisterhood is a society devoted to the love of latex and BDSM in Second Life. As the name implies, it is a Sisterhood: male avatars may apply, but must be transformed to female before they begin the path to becoming a Sister.

To become a Sister, an applicant must pass an interview that's designed to see if she's interested in what the Sisterhood is. She then must spend at least one month as a Potential Latex Doll. During that month, she spends some amount of time bound to racks in public view at the Sisterhood's home, at Latexia in the Fetish VooDoo region, naked except for collar and cuffs. She gets a series of lessons about the Sisterhood's history and principles, and at the end of that course, she is given an examination by specially selected Sisters and, if she passes, granted the right to become a Sister herself.

Being a BDSM-based organization, there are Mistresses (in two flavors, Mistress and Switch) and Slaves, as well as Trainee Dommes (in training to become a Mistress or Switch). The uniforms are different among the ranks. in theory, Mistresses and Switches can give orders to Slaves and Potentials, though there are limits: the Sisterhood as a whole operates on the SSC (safe, sane, and consensual) principle, and limits and safewords are strictly observed.

Every Sister is identified by an ID designator. I was known as M12, holding the rank of Mistress, as well as being a Priestess of the Latex (qualified to preside at ceremonies and give final exams to Potentials), Senior Teacher, and (possibly ex-) co-Head of BDSM. I put in a lot of time and effort in the Sisterhood, and it, for quite a while, was a second home for me in SL, as well as for several of the subs in my family. My SL wife, Chibi Souther, was M924; Bridget Pobieski was 218; AliceTheKitty was 531; Molly (Molly808) was 509. Other Sisters passed through our family as well.

The Sisterhood has eight core principles, known as the Eight Obediences. In theory, every Sister, from the newest Slave to the two HeadMistresses, is equally bound by them. In fact, one of the Obediences is Obedience to Equality. The Sisterhood teaches that Obedience to Equality means that, while there is a hierarchy, every Sister is equally valuable and equally bound by her duty to the Sisterhood and to the other Sisters, and to society as a whole. No Sister is better or more important than any other.

Unfortunately, this is only true if you're not a HeadMistress. If you are, Obedience to Equality does not apply to you.

Alice was a controversial Sister. She did a lot to alienate people during her time as a Potential. After becoming a Sister, though, she settled down and worked hard, doing a lot to revive the weekly dance parties at Latexia and being there for people who had questions. There were a few who refused to accept her, but for the most part, she was doing well.

Then one day, she organized a play party. At that party, Riona inion an Bandia (Becky Baroque), M37, and Alice got into a disagreement about Riona not following SSC. Edit: Alice has since corrected me. The disagreement was about Riona monopolizing the available time and play resources. (Considering the serious nature of a violation of SSC, I needed to correct the record here.) Now, Riona is a proud, haughty Mistress who does not take any sort of backtalk from Slaves, no matter what the cause, good or not. (Remember Obedience to Equality? This is not the last time you will see it mentioned in this tale.) She objected strenuously. The dispute simmered for a few days, and wound up in a meeting in the office of one of the HeadMistresses, Lara Boyle (LatexGirlLara Boyle), M85. At that meeting, Lara and Riona hounded Alice mercilessly, to the point that other Sisters present were objecting. I certainly did, and got a warning from Lara for my pains.

Alice, not to put too fine a point on it, snapped. She made a very ill-advised comment about car bombings. For reasons that are not mine to disclose here, that struck a very personal nerve in Lara. Her response was to summarily eject Alice from the Sisterhood. The other HeadMistress, Kiriko Kiama, M829, intervened, and M85 reduced it to a suspension. At that point, Alice's temper got the better of her, and she made another ill-advised comment - and this time, Lara ejected her and Kiri backed her up.

The problem is that Alice's second comment was that she was being punished for doing the same thing Lara had also done, in public. And she was completely correct. Lara had publicly commented that the Boston Marathon bombing was deserved because of Boston's prior support for the IRA.

Now, to me, Obedience to Equality means that the HeadMistresses are subject to the same rules as every other Sister. This was a blatant violation of that principle. Further, the HeadMistresses must not only be unbiased, but must be seen to be unbiased. Lara is anything but.

Lara and I had had other problems in the not too distant past. I had done a lot of work making Sisterhood uniforms for use on OpenSim grids, especially LFGrid, where Dolma Dollinger, M30, had set up a Fetish VooDoo sim as a test and possible refuge in case Second Life became unusable for some reason. We set up an organized visit, known as a dollwalk, there one Sunday afternoon. Kiri attended it; Lara objected to it, for reasons I'm still not sure I understand. In the process, Lara accused me officially and publicly of acting in bad faith. She'd later apologized to me in private, but refused to do so in public.

Even so, I was prepared to continue until she showed that she does not consider herself bound by the Obediences. That was the final straw. I left the Sisterhood, publicly and finally.

After I did, I got notecards from a few Sisters and former Sisters. A couple of former Sisters who had gone on to do other things in the SL BDSM world told me privately that they agreed with my reasoning and similar experiences had run them off as well. Several Sisters said that my departure saddened them, and they hoped to remain friends. I still consider many Sisters friends, even though I don't see much of them any more.

I have a lot of respect for Lara when it comes to BDSM. In RL, she's a former professional domme, and her methods and understanding of BDSM are quite good and largely track my own. That's what attracted me to the Sisterhood in the first place. But when it comes to the Sisterhood, I just can't accept what she's done and how she's done it.

Dolma spoke to me the other day about what it would take to get me to come back. Put simply, I won't return until the HeadMistresses operate with all of the Obediences - including Obedience to Equality - firmly at the forefront of all they do. That includes Lara formally recognizing that she punished Alice for doing something she did herself and that doing so was wrong. I realize there might be other issues about reinstating Alice as a Sister, but that's what fairness demands - unless Lara is prepared to accept the same punishment herself, instead.

Sisters are taught that the Obediences are at the center of the Sisterhood. That, to put it simply, is a lie, and a repellent one. I can't condone such with my work and my presence.

Edit, 21 November: This was Kiri's response to seeing this post:
[2013/11/18 21:57] Kiriko Kiama: (Saved Mon Nov 18 10:15:45 2013)You have been ejected from 'The Latex Dolls' by Kiriko Kiama.
[2013/11/18 21:57] Kiriko Kiama: (Saved Mon Nov 18 10:16:14 2013)You have been ejected from 'Latex Sisterhood' by Kiriko Kiama.
[2013/11/18 21:57] Kiriko Kiama: (Saved Mon Nov 18 10:16:34 2013)You have been ejected from 'Latex Doll in Training' by Kiriko Kiama.
[2013/11/18 21:57] Kiriko Kiama: (Saved Mon Nov 18 10:17:18 2013)You have been ejected from 'Latex Sisterhood Teachers' by Kiriko Kiama.
[2013/11/18 21:57] Kiriko Kiama: (Saved Mon Nov 18 10:18:21 2013)You have been ejected from 'Latexia Mall Merchants' by Kiriko Kiama.
She missed a couple, but I left them myself when I saw this.

28 September 2013

*!:{[%CuteStoreName%]}:!* and other annoyances

I was digging through my inventory a while ago looking for some clothes I'd picked up. I knew what the store name and item name was, but I couldn't find the item itself. I had to resort to slogging through a stack of results returned by inventory search.

I have no idea why vendors insist on giving their items in inventory cute names with all sorts of special characters around them. It makes life more difficult for their customers. Yes, I know organizing one's inventory is a tedious chore. I know that damned few people do it, especially when compared to the large number of people who say they're going to do it or need to do it or get halfway through ti and quit doing it.

But making it basically impossible to find the vendor's name without knowing which sets of cute special characters they wrapped their store name in this week (yes, they do change, which just makes the problem worse) doesn't help. It just means that you have to look and look and look, manually.

Lokii Violet is a good friend (even if she does have an unhealthy attachment to flamingos! :3 ) who owns a store named Malfean Visions. Good stuff, and reasonably priced. But I sincerely wish she'd not gone with :{MV}: as her store tag. Gah.

To make matters worse, Jaimie Earst turns things around. At least if the store name comes first, once you find it, you've found everything else that vendor makes...but not Jaimie. Her stuff is named *item by Jaimie Earst. That means that it's scattered around everything else where the vendor used a * for decoration.

Why do vendors feel the need to get cute like this? I wish they'd stop.

30 August 2013

Worse than useless

Ever since we announced that we would be concentrating exclusively on Firestorm and ending work on Phoenix, back in 2011, there's been one group of users who have been complaining loud and long: users of the OTR instant message encryption facility. They've been demanding we port it to Firestorm ever since that day and refusing to migrate until we do.

There's one major problem: OTR, as implemented in Phoenix, is worse than useless. That's because there's a major flaw in how it handles the encryption key exchange: it does it in-band, over the same channel that's about to be encrypted. There's no reason to believe that LL didn't crack it within hours of it being released.

(There's another, smaller problem: The code itself is, to put it bluntly, unreadable crap. That can be cleaned up, though.)

Cryptography is incredibly hard to get right, and incredibly easy to almost get right. The difference is that almost right is worse than no encryption at all. It gives the users a false sense of security, so that they say things over the supposedly secured channel that they would not say if they knew it was insecure.

The OTR code in Phoenix is almost right. Because of the flaw in the way it handles the key exchange, anyone who can listen to the traffic can simply snag the key as it floats by and use it to decrypt the messages, undetectably.

There are well-designed protocols to handle key exchanges and the like, as well as well-designed cryptosystems that, when properly implemented, can provide reasonable security against real-time eavesdropping. Cinder Roxley is working on implementing such a system in Firestorm, to serve the folks who think they need to encrypt their messages. This is harder than it looks, because there are a couple of constraints that don't apply to the usual case. Not only do we need to make it work without using some sort of central service, but we also need to do it without revealing the user's IP address to his intended communication partner, which a direct key exchange would do. The problem's not insoluble, but it's not easy, either.

I don't know why people think they need to hide their IM traffic from LL. Really, now. If you don't trust LL, then why are you using SL in the first place? Use some other way of getting your messages through that don't involve a third party. Some folks argue that everyone should encrypt everything as a matter of course both to confound those who would look for encrypted traffic (usually, this is immediately followed by a rant against the surveillance state) and to remove the stigma associated with encryption. I'm not entirely unsympathetic to such an argument, but it smacks of paranoia.

Personally, I think the people complaining about a lack of OTR in Firestorm need to get a life, and assess the true risks of interception are, and the costs of having their traffic monitored by LL or others. Fundamentally, such an analysis would reveal a much simpler reason that neither LL nor anyone else is monitoring what they say: they just don't care. They've got much better things to do than listen in on your steamy gay furry BDSM scene. (And if that's truly what you're worried about, how about embracing it and being proud of it instead?)

We'll do OTR, or something secure, in Firestorm soon enough...but the kind of complaints we've been hearing are just simply out of proportion.

29 August 2013

"Self-defeating, if not horribly unproductive"

(For reasons that will be obvious, this post, even more so than most on this blog, is explicitly my own personal opinion and not that of the Firestorm team as a whole.)

For a while now, the Firestorm default grid selection hasn't included InWorldz. The reasons for this are varied, but center on a series of changes IW made to their server software that had the effect of rendering it incompatible with Firestorm, as well as pretty much every other viewer that will run with Second Life or a stock OpenSim grid. Those bugs have been there for more than a year now. When we heard about them, we went to the IW folks and asked if we could help resolve them. We never heard back, so we assumed they weren't interested. That assumption was reinforced when we heard that the IW team had forked Firestorm for an IW-branded viewer.

Because of that, some folks had reached the conclusion that we weren't pro-IW, or even IW-friendly. I can see why; OTOH, I hope they can see why we thought they weren't exactly Firestorm-friendly, either.

There's another reason that some of us, I especially, aren't exactly fond of the InWorldz team. Their lead viewer developer - who, I'm told, gets paid something for the work - is McCabe Maxsted, formerly of Imprudence. At least at one point in the past, McCabe was on record as claiming that Phoenix was nothing more than a griefer viewer because of its Emerald heritage, and because some of the same people were involved in the project.

He made this accusation on an interview show with Paisley Beebe, with me in the audience. (I was there because of a preceding segment, where my good SL and RL friend Axi Kurmin was being interviewed about something or other.) This was nine days after the launch of Phoenix and shortly after the banning of Emerald. Essentially, he said that people shouldn't trust Phoenix, and should use Imprudence, because of its open nature and embrace of "free software". (My opinion of soi-disant "free software" is another rant.)

Needless to say, this offended most of the team.

Fast forward to a few days ago, when the subject of an InWorldz Viewer release that was pretty thoroughly broken came up on the IW forum. The general consensus was that it was best to roll back a release, but then the discussion turned to Firestorm and how we were supposedly anti-IW. Cinder Roxley posted what was really happening to the forum, and that got things out into the open, and hopefully resolved. But there's one loose thread, yet...

McCabe posted:
I've said this elsewhere, but it bears repeating here: I have no interest in any kind of viewer wars, viewer blaming, or anything of that nature, and at best I'd call that kind of rhetoric self-defeating, if not horribly unproductive. We all care about the virtual world platform, and want to make it the best place possible for people. People should focus on that, instead.
I'm happy to hear that. Now, how about apologizing for that slam you laid on the team for the world to see?

The Firestorm team is fully committed to supporting OpenSim grids into the future. We want to be the go-to viewer for OpenSim, as well as Second Life. That includes InWorldz. We'll be happy to make sure Firestorm works as well on IW as it does everywhere else, as long as the IW grid isn't gratuitously incompatible with OpenSim as a whole (or even if it is and the incompatibility doesn't require a pile of code to handle). I hope that IW does what it takes so there's no technical need for a separate viewer for their grid. I've been asked to bring one of my products, the Tonya's PASS skin management system for petite avatars, to IW. I'm considering it; one of the things getting in the way right now is that I have to run a specific viewer for IW. If that changes, I'd be a lot more inclined to do it.

The ball's in your court, IW.

27 August 2013

Exports and imports and permissions

Recently, there's been an increase in misinformation surrounding the export of objects from Second Life. Part of the upsurge is because the Singularity viewer's latest release includes the ability to export a linkset as a COLLADA .DAE or Wavefront .OBJ file, which can then be fed to things like Blender for hacking on and eventual reimport as mesh objects.

The baseline for this discussion is paragraph 2.b of the Third Party Viewer Policy, which says:
You must not use or provide any functionality that Linden Lab’s viewers do not have for exporting content from Second Life unless the functionality verifies that the content to be exported was created by the Second Life user who is using the Third-Party Viewer. Specifically, before allowing the user to export the content, the Third-Party Viewer must verify that the Second Life creator name for each and every content component to be exported, including each and every primitive or other content type, is the same as the Second Life name of the Third-Party Viewer user. This must be done for all content in Second Life, including content that may be set to "full permissions."
That's pretty simple. If you didn't create it, you can't export it, even if it's full permissions. (Much full-permission content in SL is licensed only for use within SL.) This applies to prims, textures, scripts, and anything else.

Exporters have been around for a very long time. They predate the Emerald viewer. The first copybot tools predate even the open-sourcing of the viewer code. LL had been trying unsuccessfully to get a handle on them for as long as they'd been around, and the Third Party Viewer Policy finally gave them some leverage.

Exporters are good things for some content. While any animations, textures, and the like you create, you should have on your local computer already, there are other things that get created that don't exist outside of SL unless you export them. Some, like scripts, are easy to export with a simple copy and paste. You can't copy and paste a prim, though, much less a full linkset (an object made out of multiple prims, from a chair to a full castle) with all of the complexity that goes with it (texture parameters, scripts, colors, you get the idea).

Emerald and Phoenix had an exporter. With their demise, though, there's a void in the content creator's toolset. We've been working for quite a while on adding export capability to Firestorm. Techwolf Lupindo has written an exporter, designed to be rigorously accurate and to honor the TPVP to the letter, while still giving meaningful capabilities to the user. There's a whole framework involved for selecting what's to be exported, checking the creator of every component and only exporting those components that are created by the user, and getting the data out and back in. The point is to allow a creator to back up and restore whole creations so that they could be replaced if an inventory corruption or account problem destroyed the originals, as well as permitting copying things to other grids.

It got disabled in Firestorm at the last minute because it didn't pass QA. Cinder Roxley is working hard on fixing the problems so we can enable it in 4.5.1.

Meanwhile, Singularity's Latif Khalifa wrote a function to export linksets to mesh files, and included it in the latest release. I haven't tried it myself, but I think it's a good thing overall. It lets a creator prototype in prims in SL and then refine the result into a nice mesh object. We've asked for, and gotten, permission to include it in Firestorm, though Cinder's reworked it a bit to integrate it seamlessly into the existing exporter framework.

There's been some confusion recently about having export capability and what it does to content security in SL. The biggest claim is that all it takes is removing two lines of code and it's a free-for-all. That's always, always been true in SL, ever since the viewer was open sourced. Textures, in particular, have always been vulnerable. Scripts aren't, simply because they're never sent to the viewer unless the user has the ability to edit them. (They execute on the sim host, not in the viewer.) The exporter doesn't add anything new here.

Another claim is that the mesh exporter will export any mesh object. I wish it did, actually; there's an item that's freely available and uploadable, but can't be edited in Blender, that I'd love to let SL export in a form that Blender can work on. (No, there are no licensing restrictions that would prohibit this.) But no, nobody's got an exporter that will do mesh objects. Edit: I was incorrect. Singularity's exporter, and therefore Firestorm's, will indeed export mesh objects. They will not export rigging information, however, so rigged mesh clothing and the like would have to be rerigged by any putative copybotter.

At one point, it was claimed that the Firestorm exporter was in violation of 2.b because it allowed export of a linkset that wasn't entirely created by the user. Siana Gearz even went to LL to complain about it. Since Firestorm does not export any component that was not created by the current user, and the policy says "the Third-Party Viewer must verify that the Second Life creator name for each and every content component to be exported", LL agreed that we're following the letter and spirit of the TPVP.

This is ironic, because Singularity's exporter will happily export a sculpted prim with a sculptmap that was not created by the current user. We will, of course, fix that in Firestorm.

So, to sum up, the exporters in Firestorm and Singularity don't add any ways to steal content that didn't already exist in other forms. (I'm certain Singularity will fix that one hole I just mentioned.) They do add capabilities for content creators, and that's a Good Thing. No need to get alarmed.

24 August 2013

SSA is a success, first time out

We've all had reason to bitch at LL in the past for doing things that have, to be charitable, been less than successful in not royally screwing up the grid. To their credit, they've gotten things worked out and running well again, each time. Even so, the experience has been less than promising.

Eventually, you'd think they'd feel snakebit and shy away from big changes. Thankfully, they haven't. They took on one of the biggest problems in SL, bake fail, and seem to be well on the way to banishing it from the grid once and for all.

Oz Linden has said that SL is the only place where it's not unheard of for someone to go to a business meeting and ask, "Where did my pants go?". That's not a recommendation, folks. What it is is bake fail: your avatar's appearance doesn't turn out the way you'd intended it to from wearing clothing and such because some parts of it fail to be shown properly.

That's the whole idea behind server-side appearance. Its purpose is to fix bake fail once and for all.

The original way of doing avatar appearance, before multi-attach, was that your viewer would select the system clothing layers (shirt, underpants, skin, etcetera) to wear, either from your selection as you were putting things on or from a message from the server at login time. It would obtain the information from each piece and assemble them, then tell the server "all right, I'm wearing this list". Your viewer would then put them all together, make one texture for each major body section (head, upper torso/arms, and lower torso/legs), then upload that texture to the sim and let it pass that out to everyone to show on your avatar. That last process is called "baking".

The limitation is that the first way of doing it could only handle one attachment per attachment point. That was fine until you got to things like furry avatars who wanted to wear accessories and furry body parts on the same attachment point at the same time. The Emerald viewer came up with one way of addressing this problem, namely to define secondary attachment points at the same location as the primary; this worked, as long as the user looking at the avatar was running a compatible viewer. Needless to say, many weren't. Without server-side support, though, ti was the best that could be done.

LL added the server-side support to go along with an early release of Viewer 2. Part of that support was the Current Outfit folder (COF), which regularized and standardized handling outfits no matter how many things were attached on any given point or any clothing layer. Phoenix added proper multiattach support and dumped the old way quickly; everyone else added it as well except for the CoolVL Viewer, which did it its own, incompatible way. (But that's another flamewar we've already had.)

The Current Outfit folder and multiattach/multiwearables made life a lot simpler, but they didn't change how the avatar textures were baked. Things were still shipped back and forth between the SL servers and the viewer. Each time something was sent over the wire was an opportunity for things to screw up, and when they did, you saw the Ruth shape, or the infamous poo-colored cloud, or last week's outfit, or just plain gray. The same thing could happen for lots of different reasons on the user's computer, including things as prosaic as running the viewer on a secondary monitor. (The bake process actually used the normal viewer's avatar display routines to draw the various textures on the avatar, then read the texture back out of graphics memory. This didn't work on a secondary monitor.)

SSA (originally called server-side baking, and now you know why) is designed to eliminate that kind of error. The key is that, with the COF, everything needed to create the avatar's appearance is present at the SL servers. Since it's there, they can simply add another set of servers, called the "bake ovens", to bake the textures and ship them out. No need to traverse the Internet multiple times, each time risking the data getting lost by some $6 consumer-grade cable router that can't handle a real workload or having DNS croak in the middle of things or any of the myriad failure modes that make SL such joy to troubleshoot. Just look in the COF, tell the oven to bake the textures from this list of assets, get the baked texture back, boom, you're done.

Of course, it's not quite that simple in practice. Not only did the bake ovens have to be built from the ground up, but the viewer code had to be rewritten to deal with not having to do the pile of work needed to bake the texture and then upload it. There was a lot of code refactoring that went into the viewer side of SSA. You heard us talk about how it was a big change? This is why. This is also why we chose not to add it to Phoenix, because it would have been a lot of work we'd have had to largely pioneer.

LL did all this, and they did something unusual: they coordinated their SSA efforts closely, and carefully, with the TPV community. That's because this would not work unless the viewers were ready first, before the server components were turned on. Then they were careful to test thoroughly. And test. And test some more. Then they got the TPV community involved in testing. And we tested every way we could think of. Only then did they start rolling it out to the grid. Even that was done differently from normal. They rolled it out to one or two RC channels, from 5 to 15 percent of the grid, and left it that way for a few weeks, to get lots of experience with how it was working before they flipped the switch for everyone.

All that care paid off. Yes, there are a few problems, but those are of much lower magnitude and severity than those associated with other recent big server rollouts. There are some folks who are showing up as gray; those who are actually running SSA-capable viewers (yes, we do get complaints from folks who appear gray, only to be surprised when they get told that Firestorm 4.3 isn't going to work any more!) usually have other issues like inventory loading and such that aren't related to SSA.

Folks, LL got this one right. They took their time to test thoroughly, they coordinated with the TPV community before dropping it on the grid, they listened to feedback, and they introduced it slowly and carefully, measuring as they went.

Will this be the end of bake fail? There's still work left to do, but there's good reason to believe that yes, it really will be.

And people who complain about LL adding features before fixing basic problems: This is an example of fixing basic problems. Bake fail was the single biggest cause of support questions for the Firestorm support team. Nobody will be more happy than they are to see it go away.

We complain at LL when they screw up. Let's cheer them on when they get it right. This time, they got it right.

19 August 2013

Last call

Linden Lab has announced that server-side appearance will go live across the entire grid this week.

This is it, folks. No more dithering. No more procrastination. No more excuses.

Fish or cut bait. (I started to use an expression the second half of which is "or get off the pot", but decided to be a bit more civil.) This is a major change to Second Life, and your viewer has to keep up. If you don't run a SSA-capable viewer, you're going to be left behind. Over 85% of the users on Second Life are already on SSA-capable viewers. Nobody's going to be sympathetic to those who aren't.

I'm really hoping that older viewers will get flushed out of SL by this change. The platform needs to advance, and it can't as long as people cling to 4-year-old viewers running on 10-year-old computers. That does not mean that they need to change how they interact with their viewer. Don't like the V2 user interface? Run Firestorm in Phoenix mode. Not good enough? Kadah Coba's doing excellent work with his Latency skin to make it even closer; that should appear in Firestorm 4.5.1. Still not good enough? Get Singularity, or CoolVL Viewer (now that Henri seems to have straightened out the current outfit folder handling). There are plenty of choices to run a modern viewer.

Yes, you might have to upgrade your 2003-vintage PC. You've been uncommonly fortunate in being able to run it as long as you have on SL. There are myriad options to get a computer good enough to run any modern viewer - yes, even Firestorm - for not a lot of money these days.

But if you're waiting till you can't use SL any more to upgrade, your wait is over. The time to upgrade was a while ago, but now you're rushing headlong at the brick wall.

Upgrade. Now.