There's a powerful new addition to Second Life's scripting codebase, with as much transformative potential as anything in the SL 2.0 viewer: it's now possible to add Twitter authorization to scripted objects in SL via OAuth. It was created by a number of Resident coders working with Babbage Linden, the company's UK steampunk coder with one brass robotic arm, who demonstrates how it works in this video below. As he says there, this script makes it possible to instantly share SL activity to Twitter and other social networks that have Twitter integration:
It reminds me of the Twitter function recently added to the SL game Combat Cards, but the library that Babbage shows off here increases the potential many-fold. "The difference is that this library sends updates to Residents' Twitter streams," Babbage tells me, "whereas Combat Cards sends updates to its own Twitter account. While sending updates to the Combat Cards account is useful, it means that only people who already know about Combat Cards hear about games. Using this library, all followers of the people playing games would be able to hear about Combat Cards games, which makes it properly viral." With OAuth, "[Twitter f]ollowers who may or may not be Residents find out what people are doing in SL."
The big innovation is adding OAuth to this functionality, a secure authorization process-- which also means people can manage Second Life objects from their Twitter account. "[I]t uses HTTP-In and HTTP-Out, which means you don't need to have an intermediate web server. If you have a Second Life object, it can safely Tweet to the followers of people interacting with it."
This is a giant leap in bridging the walled garden of SL to the wider Internet; interestingly, it was originally developed as an internal demo. "I mentioned it to Residents in my office hours and with the help of Cale Flanagan, Latif Khalifa and Strife Onizuka we ported it to LSL. So a great Linden Lab-community link up!"
For all the details on using it, go to this LSL wiki page, Twitter OAuth Library.
Residents have been able to tweet from inworld to their list of Twitter followers (SL residents and non-residents) out on the web for quite sometime now, thanks to devices like Twitterbox. It's an easy wearable HUD that lets residents receive and send tweets, and stay up to date on their timeline.
I don't see much new about OAuth. I only see the difference of transmitting from an object rather than from a HUD on oneself.
Posted by: Arif Emor | Tuesday, March 02, 2010 at 02:37 PM
That probably means that you fail to see the security of not handing your login details to a party that is not the one you're meant to use them with directly.
Encouraging sharing of login details with a third party other than the one you're meant to use them with is bad security and encourages phishing in fact! Jeremy Keith outlines in his blog exactly how this is securityfail:
http://adactio.com/journal/1357
Posted by: Patchouli Woollahra | Tuesday, March 02, 2010 at 03:37 PM
> I don't see much new about OAuth.
the advantage of oauth is the security model. you don't need to enter your password into a script using oauth. (and so you don't need to worry about malicious scripts sharing your password with hax0rs.)
when time comes to disable a script from tweeting, it's a simple matter to tell twitter to stop allowing it.
Posted by: qarl | Tuesday, March 02, 2010 at 04:29 PM
What they said. Twitterbox worked on the basis that I and others trusted Ordinal Malaprop not to steal our passwords. Which was a safe bet, but this does represent an improvement.
Posted by: Samantha Poindexter | Tuesday, March 02, 2010 at 07:21 PM
Looking at the possibilities of this, I've knocked up a quick'n'dirty "tweet your visits" tool that, when installed on your land, lets any visitors tweet the news of their visit via their own account. And it should only require them to authorize it for the first one they ever use.
More here: http://weblog.siliconcerebrate.com/cerebrate/2010/03/im-here-for-second-life.html (a.k.a. the URL on this post)
Posted by: Athanasius Skytower | Tuesday, March 02, 2010 at 10:11 PM
Would be nice to have a similar thing that would publish a message to facebook, like "Babbage Linden completed this task in New Babbage, you can do by visiting here! SLURL"
Posted by: Loki | Wednesday, March 03, 2010 at 01:43 AM
qarl:
There's also the consideration that the longterm roadmap for Twitter calls for the forbidding of account-detail-based logins that cannot be determined to originate from a page that falls under Twitter's control, and only OAuth-keyed access allowed outside of Twitter's "via web" option.
It will take some time, but Twitter will eventually force this issue, so might as well get on the boat like, right now.
Posted by: Patchouli Woollahra | Wednesday, March 03, 2010 at 08:21 AM
While it is useful to have access to a GPL LSL script library for OAuth, I am not sure if this is something that wasn't possible before - or, if this is technically new technology.
Twitter API auth has converted to OAuth for some time now, and moreover the LSL HTTP-in (llHTTPResponse) function has been on SL for some time now.
It's a kind gesture that LL would open source an OAuth library, but to bill this as an innovation is not accurate... imho.
(Re: Qarl - I see the security advantages of OAuth, but the point is, anyone can write an OAuth library that uses HTTP-in instead of, traditionally, in pre-http-in days, using an external server as intermediary. OAuth is great, but it's old stuff. I don't see an intrinsic llOAuth function or something truly global, so there is no new innovation here... or at least I am not seeing it here.)
Posted by: ina | Wednesday, March 03, 2010 at 12:05 PM
How totally useless. Integration with a flashy gimmick like twitter does not impress me. I don't think I'm alone here when I say that Twitter is crap. There's a reason why it's smaller than farmville, even with the media buzz about it. Not that I like farmville either, but Twitter's functionality and user base does not warrant the coverage it gets.
If LL really wants to integrate SL with the rest of the internet they need to get rid of the client and run SL in my browser and let me put different web content on every face of every prim on a parcel. I get the feeling that LL is wasting a lot of energy trying to integrate social media tools into the SL client.
LL should just let us use web resources in world better and we'll decide on our own which social media sites are worth using in SL. LL can take economic rent from us now by giving us a narrow window with which to interact with social media or they can provide a platform and let us access and create web sites for use in SL in a way that is more natural to us. Given how well the secondlife.com redesign went, who do you think can build a social media site better: Residents or Lindens?
If they won't do it there are a lot of webGL and XML3D startups out there who will be more than happy to provide the tools I just described. I can't wait to see which browser based 3D protocol comes out on top. The change to a 3D internet will be low level, on protocols, scripting languages and browsers. It will not happen on a high level in individual web pages, blogs and social media games. I hope LL is spending their energies well so that they can be part of the change when it happens.
Posted by: Bubblesort Triskaidekaphobia | Wednesday, March 03, 2010 at 04:42 PM
Is that the fourth LSL twitter Oauth library or the fifth now?
Posted by: Tateru Nino | Wednesday, March 03, 2010 at 09:43 PM