The Latest Second Life Drama… Coming After You.

If you have been in SL for a time you know a significant number of users are big on drama. Whole roleplay communities exist for the drama in storytelling. If you know a game master, you have no doubt heard some of their amazing stories of stupidity.

Unfortunately, drama often spills over into other parts of the SL world and results in RL legal actions that affect those of us that were minding our own business.

Feel good

Feel good – GA.EG

In January I wrote about the OpenCollar Drama in OpenCollar No Longer OpenCollar? The Nirea and Athaliah side of that dama got control of the OpenCollar group. Moderators and some others there claim they are the only real OpenCollar. Collar updates are now confusing.

Now. it seems we are bumping into another such situation, but with mesh heads. Catwa has filed a DMCA Take Down Notice against GA.EG and Akeruka. I’m not clear on whether they are at DMCA with Akeruka. But, Akeruka is in conflict with Catwa. I hear Stray Dog is also dealing with a DMCA from Catwa. Note 7/9: Gac Akina the owner of Stray Dog says he isn’t dealing with a DMCA. As best I can tell the comment/email address is Gac’s. Continue reading

DDoS Attacks of February 2018

The previously reported (Second Life DDoS Attack) DDoS is mostly over… for now. Oddly, I am having to search for news of the attack(s). It is there, but the media does not seem interested. On the net, you can find information. Like:

I suspect the reason for the lack of coverage is this type of information is too techy for most newscasters and writers to handle… maybe even understand.

Warriors... come out to play

Warriors… come out to play

From Internet searches, we can see a lot of people knew this type of attack was coming way before it happened. But, those that failed to protect their servers from misuse apparently didn’t. This failure of people to prepare for a known possibility is rampant in society.

Those of us that want solid Internet connections can take some steps to mitigate the impact such attacks have. The attacks often target the DNS servers, the units that translate secondlife.com into something the computer can use, IPv6 = 2001:578:3f::30 or IPv4 = 216.82.8.56. The bad actors get the most impact for their clicks by taking down DNS servers as without them your computer can’t find the machine addresses and cannot connect. Fail. Continue reading

News Update 2018 w09

Earlier I reported (ref) on the DDoS attack and linked to the Linden post on the subject. Things seem to be getting better. Concurrent use was back to the mid 40k users.

In the Server-Scripting UG meeting, Simon Linden told us this has been on-going for about 24 hours. April Linden tells us the same in the SL Blog post.

However, from a credible source, I understand the SL Forum went nuts with fake news. So, be aware there are nuts posting on the forum that enjoy creating havoc.  The sad part is some believe what they are saying and think they know something. Others know they are deliberately making mischief.

How do you tell which is real? If you go into the Answers section of the forum and look at the 3 to 6 posts threads, you will find a small number of people consistently answering questions. Those people are mostly trustworthy. When they don’t know, they have been known to say so…

So, the statement the asset servers went down and all SL content was lost was totally bogus. I’m not sure why anyone would make that statement. There are those always wanting to harm the Lab. Others think it fun to scare people. Others seem to believe whatever pops into their head.

I understand some new people will believe anything about SL and the Lab. But, I have the idea that with all the fake news, propaganda, and spin people would be more skeptical of what they hear. Silly me.

Second Life News 2018 w09

The last few days we have had some people complaining about login issues. I’m one of them. But, the problem is so erratic and apparently random I can’t put any useful information in a JIRA.

This morning there was some issue with logins. Only 17,000+ were on when I logged in at 10:45 Am SLT. On my trackers next update, 19,000+ were on. That 17k is an extraordinarily small number. The low for the day is about 7,000… but it may have been zero. My tracker only grabs data every 10 minutes. A lot can happen in the computer world and RL in 10 minutes.

Lauressa - Close-up

Lauressa – Close-up

I currently show 3,000 to 2,000 people logging in every 10 minutes. This is indicative of some grid wide problem.

Status only says they are investigating intermittent login issues.

Update 11:00 AM SLT – Seems the problem is a DDOS attack. See Unscheduled DDoS. This is not a Linden Lab specific attack. Early indications, often wrong, suggest it is possibly an attack on America. I would not be surprised to trace it back to North Korea. They will likely react to the sanctions just placed on the Democratic People’s Republic of Korea. So, appease them now and face a nuclear attack later or deal with them now?

Did you know the average duration of a mass shooting is three minutes? What is the response time of the police in your neighborhood, to your sports arena, movie theater, or school? Continue reading

AvaStar – Infected Download

WARNING UPDATE:2/9 – OK The original post is not quite right. Original:

The AvaStar people (wrong – wasn’t reading closed enough) have posted a warning about recent downloads of AvaStar being infected with a Trojan or computer virus. They aren’t clear on what it was just that it was a bad thing. See: AvaStar – infected download.

If you downloaded their version 2.3-2 update in the last 2 or 3 weeks… you are at risk. Get a new copy and replace it. Scan your computer…  Type DEFENDER in the ‘Ask me anything‘ or Search Windows field and run Windows Defender. Click Virus & threat protection. In place of a Quick Scan choose Custom Scan and point Defender to the place you keep your downloads.

Gaia commented below. Also, the original warning came from Casper Tech, not Machinimatrix. Also, the Casper Tech post has changed since I first read it.

Gaia and the Machinimatrix people seriously doubt the AvaStar code or package was infected.

Thinking about it, the programming code for Blender is Python. Blender add-ons, at least all those I have, are delivered as text files written in the Python language. So, the malicious code would have to be written in Python making it a specialized case, which is outside the normal pattern of malicious code for a web hack. So, I suspect Gaia and crew are right, the AvaStar programs and package were NOT compromised.

Doing some research this morning, I find that it is possible to embed malicious software in Blender files (.blend) and place executable code (.exe) in Python programs, but the Python has to call them and Windows intercepts the call and asks if it is OK to run it. Neither case is conducive to hackers. So, possible but unlikely.

However, Casper Tech is pointing out that the website hacks were sending people to a third-party site. They were attempting to inject malicious software into computers arriving at the site. But, a manual virus-scan of your computer will reveal any problem.

OpenCollar No Longer OpenCollar?

More SL drama. Unfortunately, about 100,000 SL users will be affected. It seems in November 2017 there was a sudden change in the OpenCollar programming team. Wendy Starfall and Garvin Twine were doing most of the work, programming, marketing, support, etc. for the last 6 years.

The early founders, from the history I can find, are Nandana Singh (now Nirea Resident) and Athaliah Opus. Several involved in the OC Project say they have ignored the project for the last 6 years or so. Leaving it to Wendy, Gaven, and others in the team to do the work and pay for websites and land (regions). But, we would have to define what the speaker means by ‘ignored’.

A point came when Nirea and Athaliah decided the OC project was going the wrong way. It seems that while the open source OC code was being maintained with no income for the programmers from it when the active programmers decided to sell an add-on under a brand name called Virtual Disgrace and some other things based on OC open source code.

“You can't stop the future You can't rewind the past The only way to learn the secret ...is to press play.” ― Jay Asher

You can’t stop the future You can’t rewind the past The only way to learn the secret …is to press play

The entitlement mindset folks decided it was an outrage that programmers working for free should even consider working for a profit and not giving them everything free… So, the great divide opened. The eventual result Nirea and Athaliah reclaimed the OpenCollar in-world group and kicked Wendy and others on the new path out of the group.

OpenCollar remained fee. But, the programmers were making other toys and selling them on their own. I could use the OpenCollar code and make a toy and sell it. But, you would still be able to get the free OpenCollar code and made your toys and sell them. Continue reading