Threat levels vs. experiences — how OpenSim’s take is better for small grids

This past week, Linden Lab announced the start of beta testing of “experience keys,” a new tool for creators that allows them to by-pass some of the scripted permission dialogs.

So, for example, if you’re interacting with a lot of objects in a particular build, you only have to give your permission once for the whole set.

OpenSim has long had functionality in place to bypass the permissions system when needed. It’s called threat levels.

The Second Life experience tools

Inara Pey has a great overview of the experience tools at Living in a Modemworld, but here’s the basic summary.

After getting blanket experience up front, scripts can do the following without having to ask permission again:

  • teleport avatars
  • animate
  • attach objects
  • track and control the camera

They cannot take money from avatars — that still requires a separate permission step.

Not everyone can create experiences, estate owners can approve them or block them, and individual users can cancel their experience permissions at any time.

There seems to be a great deal of administrative overhead involved, all designed to reduce the potential for griefing. It will require viewer changes.

The OpenSim threat level settings

OpenSim takes a very different approach, one that requires no viewer changes.

John Lester's hypergate, located on the Pathlandia region of JokaydiaGrid, is also known as a "blamgate" because it immediately teleports anyone who walks through it.
John Lester’s hypergate, located on the Pathlandia region of JokaydiaGrid, is also known as a “blamgate” because it immediately teleports anyone who walks through it.

Grid owners — or region owners with access to their region configuration files — can change the maximum threat levels settings allowed for their scripts. By default, regions are set to the “VeryLow” threat level. They can also allow or disallow individual scripting commands, in case a generic threat level setting isn’t close enough to what they need.

Note that the following only apply to OSSL functions — new scripting commands created just for OpenSim.

Threat level: Severe

  • Can execute console commands, such as changing avatar passwords, deleting sims, or changing terrains. However, even with the threat level set, only grid administrators — a.k.a. “gods” — can run scripts with these commands.
  • Can kick avatars. So, for example, you can have a scripted bullet or sword that kicks people off it if touches them. Definitely griefing potential there!
  • Can teleport avatars. This is very handy for instant walk-through hypergates — also known as “blamgates” — and in-world teleporters. But also can be easily abused, such as with scripted bullets that send everyone they touch to a hell region. Or a spam region. Well, same thing.

If the threat level is set to “severe” on a particular region, it’s a good idea to make sure that random visitors aren’t allowed to run scripts. A threat level also allows a script to run any command from the threat levels below it.

Threat level: Very high

  • Can play and stop animations of avatars
  • Can read an entire notecard, or particular line in a notecard
  • Can send a notice to the entire region

Threat level: High

  • Can create and control NPCs
  • Can restart a region and set water and terrain height level
  • Can create new notecards
  • Can force avatars to drop attachments

Threat level: Moderate

  • Can get the name of the grid the script is on
  • Can send messages to an avatar’s attachments without knowing their keys

Threat level: Low

  • Can look up an avatar’s name based on its unique key, and vice-versa

Threat level: Very low

  • Can create and break links
  • Can write text and draw graphics on the surface of a prim

Threat level: Nuisance

  • Can set the sun settings for the estate and the region

Threat level: None

All the other OSSL functions can run at any threat level at all.

  • Teleport the script owner somewhere
  • Get a list of all the avatars in a region
  • The the description of a particular item in an object’s inventory
  • Changes the sun settings just for the avatar

Full info on all these functions and more is here.

Which one is better?

For small grids, the OpenSim approach allows a great deal more control without requiring any permission checks at all. For example, the ability to instantly teleport an avatar who walks through a gate is extremely convenient and useful for everyone involved. Even instantly-teleporting bullets or swords can be useful, in the appropriate context.

As a result, the OpenSim approach allows grid owners to create a more fun and immersive environment.

The downside is that grid owners have to be careful about how they set up their scripts and threat levels to ensure that this functionality is not abused and the grid doesn’t get a bad reputation for griefing. Large grids — such as InWorldz — might have to implement a similar structure to Second Life’s to allow their users access to this functionality if griefing becomes a problem.

In addition, rogue grid owners can be annoying — similar to the way bad websites can be annoying to visitors. Even the most powerful of these commands can’t do permanent harm to an avatar from another grid, however, so hypergrid travelers who enjoy visiting strange new destinations will be inconvenienced at most.

Will OpenSim match Second Life’s experience keys functionality?

In the past, OpenSim has been quick to roll out functions that Second Life has added. These include outfits and other new viewer functionality, mesh, and media-on-a-prim.

Similarly, OpenSim can implement the experience keys function as well, but there are no concrete plans as of yet.

Justin Clark-Casey
Justin Clark-Casey

“As usual, it will be matched if someone has a need for it or contributes good patches for it,” OpenSim core developer Justin Clark-Casey told Hypergrid Business.

He also added that grid owners can do more than just set a particular threat level, or enable particular OSSL commands.

They can also enable individual commands for specific users, or specific roles, he said.

A large commercial grid, for example, might require users to request permission before they can use some of the more dangerous commands — and withdraw that permission if they abuse the privilege.

Maria Korolov