Tiyuk's Second Life Adventures

…. so please don’t interpret this post, as a flame.

As luck would have it, Katt Linden received my topic for the 1st Annual SL Bloggers Mix’n Match which wrapped up with the vast majority of the postings coming through in the November 11 - 13 timeframe. This post is an amalgam of “Hello, Katt? Are you alive"; “My thoughts on the mix’n match"; and “Well, if you won’t talk about my topic, I will!” – all thrust into one, long, indigestible post. Enjoy, or not; same to me.

Follow up:

The topic I submitted had to do with llHttpRequest, which is the name of an LSL (Linden Scripting Language) function. But this function is not an ordinary function with ordinary capabilities; oh no. Nor is it esoteric: its results are directly observable all over the virtual landscape. I think it important that residents be informed about what llHttpRequest can do, so that they have a little more insight into how stuff works in SL. Even if you never intend to write a single line of code, informed residents will have the knowledge that their interactions in SL may involve not only Linden Lab owned servers, but any number of remote hosts interfacing with the simulator.

Now, I know that Katt is a PR person and not an engineer. But she works with some extremely bright individuals who could, in 5 minutes, summarize this idea and give her enough to go do some research and find the most interesting uses of llHttpRequest. That is what my topic bid her do; however, I’ve seen neither head nor tail of an article from Katt on the lovely Kanomi’s blog.

Besides, wasn’t the point of the Mix’n Match to get people to go out of their normal comfort zone, and be challenged by an article that doesn’t really fit their domain of expertise or their normal way of thinking? I, for one, felt very challenged writing my post for Ari Blackthorne’s blog, and I am fortunate in that Ari found the time to post this on the day it was due, even though I submitted it that very day. I am a full time student, Free Software hacker, and avid gamer – so with a topic that I find nearly intractable, there’s no question that I was putting this off and doing anything else I could possibly do to pass the time, even if it meant senselessly tearing apart robots with missile launchers until 6 in the morning – using a crowbar.

But I digress – here’s the kicker. Linden Lab has, for all intents and purposes, “slashdotted” us. In the real world, important/interesting geek/tech articles get posted to the extremely popular news site SlashDot. Websites that get targeted by slashdot often experience what appears to be a denial of service attack, because so many users are trying to download their content at once. I have to wonder if the same happened to Vint or ArminasX’s blogs when we got splashdotted on the login screen of SL! So, wow – we’re pretty hot stuff, right?

Maybe not.

Katt Linden’s blog post has yet to appear on Kanomi’s blog, and Kanomi has assured us this is because Katt has not delivered on her end of the bargain. Sort of ironic considering the entire event was so widely publicized, eh? And Torley Linden had the gumption and grace to post his article, too.

Looks like Katt dropped the ball on this one. Was my topic really so hard? Could Katt not find 10 minutes to go to an LL engineer, or Torley, and ask them what llHttpRequest is? It’s a little-known piece of core functionality, and although most people have interacted with objects that use it extensively, few people have what I call an “intuitive knowledge” of when an object is using this functionality.

But rather than gripe about Katt’s failings, I figure I may as well pontificate about my own topic in her stead. Here goes!

I am grateful for the very interesting and useful situational assessment tool, SWOT, that Mr. ArminasX introduced to me in his blog post about OpenSpaces. I find the tool to be a compelling way to present a new technology or issue. On that note, I’m going to let you figure out what SWOT is by reading his article, linked above, and I’ll use the tool here. It’s an apparently noteworthy technique, so I’m glad I learned about it!

llHttpRequest’s SWOT:
Strengths:

• Can let objects store an unlimited amount of data. By default, each script can only store a small amount of data; any script which intends to collect more and more data over time – that is, if it has an unbounded data set – will eventually run out of space.
• Does not involve your computer making contact with computers on the Internet which are not owned by Linden Lab or Vivox. This is good for security.
• Does involve the simulator you’re on making contact with computers on the Internet which are not owned by Linden Lab or Vivox. Also potentially beneficial for security/privacy; the simulator has the “keys” to your avatar’s data, and it can hand that information out judiciously.
• Some forms of bad behavior (such as stealing textures) is only possible with client side scripts, usually written as a “bot” client that does not use the main SL Viewer. llHttpRequest is a server side script, and is orders of magnitude less worrisome to content creators than client-side bots.
• Can not be used to follow you around the grid endlessly, unless llHttpRequest is used in one of your attachments! Objects in the world can’t follow you once you teleport away, be it to a different parcel or a different sim.

Weaknesses:

• Can be used, without your knowledge, to track and record your avatar’s movements, actions, and non-IM chat. There is the potential for many sinister activities to be performed by having scripts gather data and push it to a remote server using llHttpRequest.
• Has a limited capacity and frequency. An average of one llHttpRequest per second can be sent, and the data payload can be no more than 2KB. This is acceptable for most workloads, but it puts a cap on more exotic uses of the function.
• Can increase network load and lag on a simulator – but, this scripting function is not unique in that regard, since most of the other script functions also impose some sort of performance cost. It’s all about moderation.
• LSL’s flexibility is also its weakness: the simulator is rather forthcoming with the data it can acquire from scanning and analyzing the environment around an object.

Opportunities:

• Entire businesses can be built around this technology. Xstreet SL relies on it heavily. From gameshows, to Scramble, to Tiny Empires, to trusted bans, to shoutcast stream metadata on a prim, none of these things could exist without llHttpRequest.
• Lets vendors collect anonymous statistics about traffic without worry of their scripts running out of space. In other words, it’s possible to use some of the data without intruding on privacy.

Threats:

• Linden Lab may, at any time, decide to increase the data available to scripts at runtime. In turn, all of this data can be captured and ultimately uploaded to a remote server using llHttpRequest. If you can get at it in LSL, then you can store it, analyze it, and track it to your heart’s content on a remote server.
• Linden’s simulators are not bullet-proof, and the LSL APIs have bugs. It’s hard to eliminate the threat of scripts getting too much power, or too much data, through exploits or little-known features.
• Those who’ve built businesses on llHttpRequest need to have fallback plans in case Linden decides to remove the API in the future, or make it restrictive to the point where it can’t be used for their purposes.

I’d give some real examples, pictures, etc. of actual uses of llHttpRequest, but the problem is – it’s always rather transparent when you’re interacting with an object that is using llHttpRequest, as opposed to one that’s not. To the uninformed, these interactions are indistinguishable, because it doesn’t make a difference where the object/script is getting its logic from. So I can post screenshots of someone interfacing with an Xstreet SL terminal, or playing a gameshow, but unless you get the crux of this post, it’s all for nigh.

Well, I hope you’ve learned something. My own uses of llHttpRequest are still in (not so rapid) development, but stay tuned!

Tiyuk