http://blogs.msdn.com/johnmil/archive/tags/Security/default.aspxTags: Securityen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/johnmil/archive/2007/04/20/second-life-slashdot-stream.aspxFri, 20 Apr 2007 12:00:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:2204690John L. Miller1http://blogs.msdn.com/johnmil/comments/2204690.aspxhttp://blogs.msdn.com/johnmil/commentrss.aspx?PostID=2204690http://blogs.msdn.com/johnmil/rsscomments.aspx?PostID=2204690<P>I stumbled across a recent <A class="" href="http://developers.slashdot.org/developers/07/04/19/1611252.shtml" mce_href="http://developers.slashdot.org/developers/07/04/19/1611252.shtml">Slashdot posting about Second Life</A>. There are&nbsp;some interesting comments amidst the dross, worth a read if you're interested in virtual worlds or Second Life in particular. </P> <P>The gist is, Second Life has <A class="" href="http://lindenlab.com/press/releases/01_08_07" mce_href="http://lindenlab.com/press/releases/01_08_07">made its client side open-source</A>, and the article claims it'll be doing the same for the server side. Very interesting for someone who wants to research distributed systems and distributed system&nbsp;security. Getting the servers correctly federated and working well together is an interesting enough problem. </P> <P>If the client code and the server code are both really open sourced, it may be worth a peek to see what would be required to make a P2P implementation. No doubt there are a plethora of legal and logistical requirements for servers to support monetization and integrity of the world, but heck, that just makes the problem that much more interesting!</P> <P>While looking up pointers, I stumbled across a<A class="" href="http://www.businessweek.com/technology/special_reports/20070416virtuallife.htm?campaign_id=rss_daily" mce_href="http://www.businessweek.com/technology/special_reports/20070416virtuallife.htm?campaign_id=rss_daily"> tech special report</A> from business week online which is centered around 'Virtual Life,' with lots of Second Life articles. Looks like time for more reading...</P><img src="http://blogs.msdn.com/aggbug.aspx?PostID=2204690" width="1" height="1">P2PSecurityVirtual EnvironmentsCyberspaceSecond Lifehttp://blogs.msdn.com/johnmil/archive/2006/05/16/using-schannel-and-tls.aspxTue, 16 May 2006 16:00:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:598856John L. Miller1http://blogs.msdn.com/johnmil/comments/598856.aspxhttp://blogs.msdn.com/johnmil/commentrss.aspx?PostID=598856http://blogs.msdn.com/johnmil/rsscomments.aspx?PostID=598856<P><FONT face=Arial>A few areas of computer science are especially intimidating. The two worst for my money are networking and security. Networking because it involves LAL of TLA's, and security because, well, it's security.</FONT></P> <P><FONT face=Arial>Just because these areas are intimidating doesn't mean they're difficult. Especially if you follow the golden rule: don't invent it yourself. </FONT></P> <P><FONT face=Arial>What does this mean? Security protocols and models have been around for ages. There's a few very solid implementations of authentication protocols built into every copy of Windows. Don't write your own when you can use one that has already been tested, and deployed by millions of people!</FONT></P> <P><FONT face=Arial>How hard is it to use these? Not hard at all, as long as you skip becoming intimidated. If you know what a public key is in the abstract (not necessarily how to use it), then in the space of three days I think you can learn to write an authentication engine that uses TLS for authentication. Neat!</FONT></P> <P><FONT face=Arial>I enjoyed learning more about security, and would be happy to share what I learned here, if anyone is interested. If so, then drop me a line or leave a comment, and I'll happily write a few 'how to learn it' blog entries, which will no doubt reference many of the other 'how to do it's out there.</FONT></P><img src="http://blogs.msdn.com/aggbug.aspx?PostID=598856" width="1" height="1">NetworkingSecurity