Grid Issues: Old IMs Reappearing in Chat

We have had reports of old IMs, some as old as 2 months, reappearing in chat as if they were just resent. We want to assure residents we believe this is a technical problem and not associated with anything intentional or malicious. We are investigating the cause and if you wish to send in a support ticket with your experience we will pass that information on to the investigative team.

Posted on Wednesday, December 9th, 2009 at 6:11 AM on Grid Status Report.

This bit of news was already known to some, judging by the chatter in some groups, "You mean they just noticed that?" One lady claimed to have gotten someone's reply to a question a little late, five months late.

Post Christmas Grid blues

Each year, after the Christmas gifts have been unwrapped and all those people who treated themselves or family to new computers/Internet access, Secondlife sees a surge of new signups and more people using it than ever - the problem with that?
Quite simply the grid cannot handle it!
Most of us who spend regular time inworld are aware of the issues and mostly what is behind it - basically once the grid reaches 75k+ online everything goes down the toilet - teleports, transactions, rezzing, building even dressing becomes problematic.

Lets have a look at the last few days:

[RESOLVED] Logins and In-world Issues

Posted by Status Desk on January 6th, 2009 at 10:45 am PST

[Resolved 10:45am PST] - The database has recovered and all issues have been resolved.

[10:30am PST] - We are currently experiencing a problem with the database. There may be difficulties with logging in, rezzing objects, completing transactions, and searching. We are aware of this issue and our ops team are working to resolve it as swiftly as possible. In the mean time, please avoid making important transactions or rezzing no-copy objects.

[RESOLVED] Inworld Issues/Logins Disabled
Posted by Status Desk on January 6th, 2009 at 04:10 pm PST
[RESOLVED] Inworld Issues
Posted by Status Desk on January 7th, 2009 at 02:58 pm PST
[RESOLVED] Inworld Issues
Posted by Status Desk on January 8th, 2009 at 01:34 pm PST
[RESOLVED] Logins Disabled
Posted by Status Desk on January 10th, 2009 at 01:54 pm PST
[RESOLVED] Logins Disabled and Inworld Issues
Posted by Status Desk on January 10th, 2009 at 04:53 pm PST
[RESOVLED] Logins disabled
Posted by Status Desk on January 11th, 2009 at 11:20 am PST
[RESOLVED] Logins disabled
Posted by Status Desk on January 13th, 2009 at 03:39 pm PST

Each of these represents times when Logins have been restricted, a black week for any Secondlife business.
Some have called for allowing only premium accounts to log in at these times and yet others slam this notion as many who would like to go premium cannot do so, therefore making the idea unjust.
Then there is the question of bot activity, if as Linden Lab numbers suggest, 10% of those signed in are bots then surely shutting these out would allow real players more of a chance to log in?
But how do we or Linden Lab know which accounts are bots?
Age old question and one many have tried to answer - but to be honest our answers do not matter Linden Lab will do what Linden Lab chooses as always.
I am not technically minded but even I can see the grid is struggling - Linden Lab says 10% bots - most believe that is a very conservative estimate it is more likely to be around 25 - 30%. Now how about if the bots were registered? Then when the Grid is struggling bots are logged out? Wouldn't that make more sense than locking out paying Residents? Even those who run bots would rather have paying Residents inworld than their bots surely?
Hopefully with all the grid issues Linden Lab will finally make a move on the traffic scam that causes most to use bots - once the reason for them is gone it will make the need for bots redundant. But for now Linden Lab have chosen to chase their tails and deal with issues as they arise rather than dealing with the root cause (as always).

Dana Vanmoer

Eye on the Blog (even though it isn't)

I can't understand why this isn't posted on the blog - other than the already conjectured only keeping good news on there! But this is an issue everyone should be aware of and as such SHOULD be on the blog:

Today, we released an important update that improves the security of the Second Life viewer for all Residents. This update eliminates a recently discovered issue, and we’re requiring that all Residents download and install it to ensure that everyone remains secure while using Second Life. You will be prompted to download and install the update when you log-in, or you can get it from this Downloads page:http://secondlife.com/support/downloads.php

Linden Lab has released a Security Update to the Second Life viewer software today to address a potential security issue. This Security Update includes an additional security patch related to the Security Update issued on 26-Sept-2008.
Available for:Second Life Viewer 1.20.15 / 1.20.16
Second Life Release Candidate Viewer 1.21.4
Description:We recently updated the Second Life server and viewers to enhance the communications code. All transfer operations are now restricted to files that the user has expressly chosen, and specific directories that the viewer uses for transferring data.
For the safety of all Second Life users, we are releasing this updated viewer to all Residents.
Potential vulnerabilities had been identified in those message communications directed at a Second Life viewer over the previous protocol. By taking advantage of this vulnerability, while extremely difficult technically, a malicious user could potentially use the viewer to access files on the victim’s computer.
We currently have no evidence of this vulnerability ever being exploited.
This Security Update 2008-10-06 is required to continue to log-in to Second Life.
By downloading the update, you will upgrade the software on your computer to version 1.20.17:
* Second Life Release Viewer 1.20.17
For Residents who use the Release Candidate viewer, you are required to update to RC5, which also includes other latest bug fixes:
* Second Life Release Candidate Viewer 1.21 RC5
Earlier versions of Second Life (1.19.1, 1.19, and before) include the serious vulnerabilities and are no longer supported.
You will be prompted to upgrade to the latest version on your next login.
For any Residents who prefer / have been using earlier versions that do not include WindLight rendering, we have created a page on the Second Life Wiki that explains how to turn all related graphics settings to “Low,” effectively turning off WindLight in the current official viewer:
https://wiki.secondlife.com/wiki/Turn_off_WindLight_rendering
The source code for these new 1.20 and 1.21 RC5 viewers will be made available via the usual open source channels.

Again a forum thread has been created for discussion and questions this can be found HERE
On the question of non SL veiwers Prospero Linden had this to say:
Potentially other clients are vulnerable. It will depend on the details of those clients. We will have a new open source code drop soon with the fixes in it; anybody who has distributed a client based off of that open source code drop would be strongly advised to apply the patch. You will need to contact the people who build and maintain the clients other than the official SL viewers to get patched versions.If you *must* use a vulnerable client-- and we strongly recommend against this-- connect only to SL or to trusted OpenSim sites; do not connect to random OpenSim servers unless they are run by people whom you specifically trust. You must also disable your streams entirely in preferences (both audio and media), to protect your IP address.Please do see the wiki page on adjusting the settings for the 1.20 client. I know I found myself that I actually did better with Windlight on a very low-spec machine. I know that doesn't mean necessarily everybody else will, but give it a try.

Hopefully the spate of fixes will now slow down and LL can concentrate on making this client stable, but the questions must be asked - how long has this security issue been an issue? Is this a way to scare everyone into using the official client? This last is pure speculation and probably unjustified as we have all seen the rush to update in the last couple of weeks showing that something has been going on behind the scenes, so it is to be hoped that this hole has now been plugged and we can all log in securely.
Dana