That’s getting into a more complicated situation, probably a slight redesign is going to be needed there.

As far as I can tell there’s two issues at hand:
- 1. The permissions manager does not differentiate between say, being able to move/return/delete/reposition/mod objects, and being able to swipe them back to inventory - that definetely needs some fine tuning. (It also sounds like the inventory take code is not copying inworld permission bits properly, that’s definetely a bug.)

- 2. Region owners/operators are equivilent to your standard webhost, when you upload content onto a webserver (say like the one I put this site on), then the people with access to that server are going to be able to tweak it.

Estate/region owners have had powers over their regions for the same reason that webhosts do, but in some situations there will be cases where that’s not desired functionality - in that case, being able to disable the overrides via an option is probably a good feature to have.

I’ll go have a chat about it with the other devs and see if we can get those overrides set to a config option. (Although getting more detailed configurable ACL’s for the permissions manager is on the agenda at the moment, I think Melanie herself is working on that.)

http://opensimulator.org/mantis/view.php?id=1784

Thank-you.
Terry Ford - aka Butch Arnold
http://www.3rdrockgrid.com

The difference is, we’re supporting that because it’s a happy medium - it indicates what a content creator wants to do with something, but it doesn’t go into a technological cat and mouse game.

Trying to support something “Stronger” however is pretty much futile becuase breaking those permissions will be no more difficult than it is today. The idea that something stronger can be possibly implemented is a bit of a myth.

Tools like “Copybot” will always exist for those who want to get them, and there’s nothing (literally nothing) on the server side that can be done to stop those tools from working. Ditto for GLIntercept and others.

Enforcing the creators intent to the degree that permissions are handled correctly by default is about the best that can be offered - it’s what we support right now. (I do need to add however, that it is always possible to disable that)

However, it’s important that it gets publicized that this is *no different to SL today*.

The SL permissions are very much indicators of the creators intent, and how the system should handle them by default. People get around these permissions with fervency just by using things like GLIntercept, cache-rippers, copybots, etc.

So returning to my original point in summary:
- Protection is only as strong as the weakest link, in this case the client is the weakest link so anything done elsewhere is somewhat pointless.
*** - We support the same as SL does today since it is not copy protection, but permissions - permissions are something handleable. ***
- Efforts to obfuscate content on the back end is also rather pointless because it would never take much effort to decode, and once it is decoded, everything obfuscated is now decoded and a new scheme needs to be implemented.
- The copy protection industry has been noting the above and actually backing away from trying to protect content like this because of the futility of it. The “big four” music companies now release their content “protection”-free on all the major music sites, their reasoning being that trying to protect content was both annoying consumers and rather pointless - take a look at say the iPhone 3G, within two days of the release people had already produced cracks for it and it’s new-and-improved protection.

Moreover, most people are not professionally schooled coders who also want to defeat a copy protection system and steal other people’s stuff. In practice, that is not a very large group.

Those are not the people these systems are designed to protect against. You might as well say that there is no use putting a lock on the department store door because a professionally schooled locksmith could open it.

Any world (or whatever you want to call it) that refuses to take the most elementary precautions against content theft, but insists that people form guilds and whatnot instead, is a world I would not be interested in creating any content in.

If you want more people, you have to satisfy these basic needs, rather than continually coming up with various worst-case scenarios and other arcane reasons why you shouldn’t have to.

coco