ScienceSim leaves hypergrid

At a time when hundreds of new hypergrid-enabled worlds are coming online, it may seem surprising that some are turning off hypergrid access.

The Intel-backed ScienceSim has  recently backed away from hypergrid teleports, citing security concerns.

(Image courtesy Intel.)

(Image courtesy Intel.)

According to Shenlei Winkler, the CEO of the Fashion Research Institute, hypergrid teleports have been shut down due to a variety of security concerns.

Winkler runs some of the most high-profile regions on ScienceSim, and has received attention for her innovative work in pushing the boundaries of OpenSim. She also administers the land grant program on ScienceSim, which provides free virtual land to non-profits.

Hypergrid teleports allows visitors who don’t have accounts on a grid to visit with their off-grid avatars. It also allows these visitors to get content and take it back to their home grids. Both of these were a potential security concern, she said.

“The security issues with hypergrid are well known,” said Mic Bowman, the principal investigator from Intel who is leading Intel’s research in support of ScienceSim.

Another potential security concern with hypergrid is that ScienceSim users may be able to hypergrid out to visit grids run by hackers. These malicious grids may then steal inventory objects, or even delete objects from users’ inventories.

So far, no cases of such malicious grids have been reported.

In addition, any region owner can also take advantage of the management functionality built into OpenSim to give themselves “god status” and steal objects. This problem isn’t limited to hypergrid — it is a potential liability whenever total strangers are allowed to connect their own regions to a grid.

“This situation is the kernel of the belief that open grids are hopeless for a virtual-goods economy,” says the OpenSim wiki entry on hypergrid security. However, the entry goes on to add that similar issues exist on the World Wide Web as well, and that hasn’t stopped the growth of e-commerce.

In fact, the Internet is rife with security issues. Return email addresses can be spoofed. Emails are not encrypted and can, theoretically, be intercepted. Hackers set up fake websites that take over your browser — or steal your banking information.

Hypergrid security issues are minor in comparison, and, as a result, more destinations continue to enable hypergrid teleports.

According to Christa Lopes, 240 publicly reachable simulators are now registered with her Metaverse Ink search engine. Lopes, who is the inventor of the hypergrid, is also a professor of informatics at the University of California, Irvine and the creator of the Diva Distro of OpenSim, which is an easy way to create a standalone grid. The Diva Distro grids are, by default, hypergrid enabled.

SECURITY PRECAUTIONS

The lack of reported security problems doesn’t mean that the threats aren’t out there. If you don’t want to be the first to fall victim to a malicious grid, you can take the following precautions:

  • When traveling to an unknown grid, use a backup avatar, one without many assets in its inventory. All OpenSim grids currently offer free avatars, so there’s no extra cost to creating a new account — it just takes a little time. An avatar that’s not weighed down by too many belongings may also travel better, according to some reports.
  • If a stranger asks you to put up a link to their grid, check it out first before putting up a hypergate or a link region. They could be a hacker — or, slightly more likely, to be a spammer. Today, though, the odds are that they’re simply someone new to the OpenSim universe and are out there looking to make some connections.
  • Implement group access permissions on those parts of your own grid you don’t want to have accessed by strangers. For example, your company office building might be only open to employees, but anyone can come to the lobby and conference areas.
  • If you have valuable content that you sell to the public, keep an eye on the major distribution channels to ensure that thieves aren’t making money off your work.
maria@hypergridbusiness.com'

Maria Korolov

Maria Korolov is editor and publisher of Hypergrid Business. She has been a journalist for more than twenty years and has worked for the Chicago Tribune, Reuters, and Computerworld and has reported from over a dozen countries, including Russia and China.

  • Pingback: January Hypergrid List - Hypergrid Business()

  • Pingback: uberVU - social comments()

  • I appreciate very much the concerns over Hypergrid security and in general Opensim security.

    As a evolving platform it is frustrating for some looking for stability & security over anything to deal with new features that are untested. It is also frustrating to those trying to rapidly develop features during this early stage of development who are tied to legacy code they feel needs updating/refactoring.

    I think Hypergrid, like Opensim, should be chosen on a use case basis after much thought about features vs security. In all systems ease of access is weighed against security and many times this boils down to the goals of the project.

    Hypergrid, in terms of connecting schools together, is magic for Opensim. When 2 schools who have been properly trained on backups and maintenance of Opensim worlds decide to connect for an event via Hypergrid this is world changing by definition.

    What we see happening on ReactionGrid is this very thing and in this case you have 2 very trusted world operators who have both done backups of their databases and other core files before any major change or event.

    With proper backups experimentation can begin in terms of connecting worlds, scripting, updates and more. Seeing virtual worlds beginning to connect on a global scale is amazing to us. The ramifications of this could mean a more peaceful, educated, greener world for all, if you see the vision long term and have glimpsed students and teaching making this happen as we have.

    However in the case of ScienceSim this is not the intended use case (linking many worlds) and as such needs to be evaluated on their own merits as far as Hypergridding and other pluggable choices.

    In this case Hypergridding shows no appreciable benefit vs the security issues so of course the smart decision is to disable the service. A testament really to the inherent, by design, pluggability of Opensim.

    What should not be drawn as a conclusion from this article is that Hypergrid is "not safe". It, like Opensim and Second Life etc are to be chosen based on a critical thought process you engage with your client/user on in advance of deployment. The right tool for the job is the ethos here.

    Choose your world platform and feature set wisely and your end users with get "the best of both worlds" cheesy pun fully intended, without extra liability from unneeded features.

    See you in 3D!

  • As far as I know for well over 6 months Hypergrid has not worked on Science Sim, OSgrid has taken a similar approach to Hypergrid, we only maintain 1 Hypergrid region. But Intel leaving hypergrid this is not really new news, this happened like i said 6-8 months ago maybe.

    [WORDPRESS HASHCASH] The poster sent us '0 which is not a hashcash value.

  • Lee Bryan

    Agreed on the above comment. Only thing I would add is to remind anyone setting up a Diva that groups functionality is not included in the distro. You can install using the flotsam xmlrpc project, but it's a bear to install. If you're looking to allocate security levels to groups (a pretty normal method) then you have some additional configuration to do.

  • Well spoken Kyle! Of course I am biased towards Kyle but because of his philosophy displayed in his comment. After being in Second Life for three years, having as many as 19 sims and doing numerous "big" projects for universities and corporations, Reaction Grid is the only option out there offering the balance of what I need in a virtual world.

    It is all still rather new and many possibilities exist. That's one thing Kyle has that Linden Lab no longer has. That drive to push boundaries and break paradigms. Along the way, expectations may fail but incredible and unseen possibilities will unfold.

    Being on the cutting edge is exactly that – a sharp and sometimes dangerous place. But if my greatest danger is in someone taking a chair or Ener's parasol (woe be the one to do that!), then it's not very dangerous at all.

    Kyle and his team are incredibly talented and driven. And they truly care and do the best by their people. For experimentation, consult them and they will help guide you. They see the current limitations but are also open to that fact that they don't know it all.

    You might just stumble across something pretty cool if you are willing to step forward.

  • Samantha Atkins

    The thing about being able to still objects is certainly true iff there is not a unified inventory and IP model. Just because I hypergrid to X should not mean that X or its local god[s] have any more privileges over my inventory than any other user does in my home grid. The only way I know to enforce this is practice is with some kind of validated permission data. But that implies validation logic in an immutable binary only module. Perhaps the problem could be partially addressed by something like a certification of avatar identity by external site and signed permission based on this identity? *scratches head* Security is hard, lets go build something. 🙂

    That would stop a determined cloner from making copies of course. This is a discussion on the entire family of OpenSim grids and SL as well. It is not a hypergrid only discussion. The impossibility of ridding even SL of something like copybot is a known issue. However, there are things that can be done to insure your inventory does not get messed up.

  • Pingback: ScienceGrid back on hypergrid – Hypergrid Business()