It's the new "in" thing. Yet another feature coming soon to Second Life® that will revolutionize the solutions made in this virtual world - "HTTP-in" (now known as LSL HTTP Server).

Apparently it's ready for testing on the preview grid. Get your information about LSL HTTP Server and start playing!

This week I've been considering what it really means when you upload and/or apply a texture to an object in a virtual world such as Second Life® or any OpenSim grid.

Second Life's approach is to host and manage an asset server which is committed to storing and serving the uploaded textures. It has defined size constraints and an artificial limiter to prevent infinite uploads (an upload costs L$10). You do not have web on a prim in a way that the prim contains the URL, but the parcel of land's properties contain the URL for a single URL only. More details on that can be found on the Second Life web site.

OpenSim's approach is to allow any object texture to be web on a prim. No artificial constraints. Some might question why Second Life doesn't do that too.

I'm not claiming that any of the following is Linden Lab's thought process (even if it is, I have no idea), [Edit]and whilst we're at it, let's be clear that I don't work for them either[/Edit], but I'm going to present to you my own perspective and opinion about why Second Life's approach is better.

Consider a situation where someone makes a product with a web URL for an image texture on that object. Let's also say that it goes globally popular and people love to leave it rezzed in millions of simulators everywhere. The web URL that it points to might be served by a single web server on average bandwidth. With millions of people needing to view it all the time it will effectively DDoS that web server. It might not even be the owner of the web server that made the product that went global.

My thinking is that when you upload a texture or apply a web URL as a texture, that's a kind of contract that says you will commit to serving that image from your domain, for as long as it takes. If you want to get out of the "contract", you have to contact each grid owner and have the URL removed or replaced (whether they will actually do that or not per user is questionable and possibly not even thought of yet). If your server gets DDoS'ed by texture requests and you can't afford to scale it out then you've effectively lost that host name in that domain. You would have to drop it from DNS to restore your server bandwidth.

As a server owner who isn't expecting one of your images to be used, you would end up hopefully finding user agent HTTP headers that give a clue as to what's causing the DDoS - that is unless you're being SYN flooded by these requests then you simply won't know what hit you. As with real contracts, it's very unusual and unacceptable for someone to sign it on your behalf without first having given them power of attorney. You'd want to contest a fraudulent contract made in your name without your knowledge. Will the user agent headers give enough information on who you can call to make it stop (the grid owners)? Will average web administrators know what an OpenSim grid is and what patterns to look for to spot this kind of thing?

Yes, it's still early days and I don't think we've reached that kind of scale just yet for it to be a problem at all. We should at least think about it as we design the software of the future.