InWorldz Halcyon Server 0.9.30 R6148

Changes In This Update

This update includes only the following changes:

• Problems preserving sit targets after some operations, identified in the 0.9.29 update, have (hopefully) been resolved.
• As an aid to testing, the llGetPrimitiveParams part of Linden Lab's recent PRIM_SIT_TARGET parameter addition has been implemented. (Note the Set part of that has not yet been implemented in InWorldz due to ambiguity in how PRIM_SIT_TARGET is supposed to be implemented.)

Also, while the InWorldz deployment was complete, the GitHub release was missing a critical merge from the intended 0.9.29 changes. That has been corrected for this 0.9.30 update, so it includes everything documented in the 0.9.29 update as well as the two changes above.

The 0.9.29 release should be avoided for several reasons; use this 0.9.30 release instead.

InWorldz Halcyon Server 0.9.29 R3136

WARNING!
After release of this update, a serious regression was found in the code that persists the sit targets assigned to prims, that can cause those sit target settings to be lost after a region restart. Please do not download this version.

A Halcyon 0.9.30 update is now available to correct this, and should be used in all cases instead of this version.

Overview

The focus of this update has been on crossings reliability, and also the start of a new round of work on crossing performance. The update also includes some followup fixes and improvements to the seated avatar work in the previous release, as well as several exciting new LSL functions.

CROSSINGS

• [Reliability and performance] Experimental changes to crossings, where the destination region confirms the crossing, rather than the users' viewer(s). Instead of waiting for the crossing completion packet from the viewer, the destination region itself confirms the crossing to the originating region, immediately, if entry is allowed for the avatar(s) and any object sat upon, and the region has upgraded the avatar to root/full agent. Fixes several crossing failures and timeouts.
• [Reliability] Fixed to make sure the agent (avatar) is only released from the original region once. There's a race between a fast viewer response and the region server response. The region will almost always come in first, but on a local test server it might not, or perhaps if the server was under load. It was seen a couple of times during local Dev testing. Solution: grab any non-null callback URI in a lock and clear the lock when grabbed.
• [Reliability] Fixed a deadlock regression seen on InWorldz Sandbox 1 during developer testing there. There was a very long "position info" lock that included some heavy calls that included nested locks. This is contrary to position info locks being very brief, leaf locks. Those calls have been pulled out of the lock and minimized it to position-related code only.
• [Reliability] Fixed it so that flying avatars cannot bounce back into previous region on corner crossings. Avoids the case where bounce-back during a corner crossing puts you in a seemingly random location.
• [Reliability] Fixed the "connection established" check to directly use the destination region from the transit arguments where possible. Avoids a consistency ambiguity and eliminates an error case.
• [Reliability] Also reverted to the original [i]full [/i] "connections established" check rather than only checking the destination region. On further discussions with Tranq, and after considering alternatives (such as the destination region sending enable/disable for whole chain of crossings), we cannot allow an avatar to initiate a new crossing while connections are still being established. The chronological order must be preserved, especially given the possibility of reentry into a region, and we cannot ensure that one an avatar leaves the region. It's a shame that we need to block and wait for more than just the destination region, but it is what it is, the alternatives are worse. We may revisit this if we can come up with new approaches to avoid waiting for all (up to 24) neighbor regions to establish connections.
• [Reliability] Fixed to not allow a prim crossing to even be [i]started[/i] if seated avatars weren't yet in the region. These are the same pre-checks that were done later on each avatar, [i]after[/i] the object was already committed to leave the region (or had). This one fixes several crossing failures.
• [Performance] One case of mesh loading wasn't passing the prim name, so performance reports could not report it. Fixing this may help track down the source of the high CPU usage on crossings.
• [Performance] Added a diagnostic to report which objects are tying up the CPU the longest. Useful for identifying which objects are giving us the most trouble on crossings.
• [Performance] Added crossing performance messages to the log and also to the user if the /!debug crossings command is provided in a local chat command to the server.
• [Performance] Added the ability to actually toggle /!debug crossings and preserve that status on crossings.
• [Performance] Mostly for tracking down crossing-related CPU usage, but general support for reporting operations if slow has been added, and diagnostics to report slow/inefficient operations in when applying physics to a new object in a region.

Sit Targets / Prims / Seated Avatars

• [Reliability] Fixed a problem where a new call to llSitTarget was clearing the reference to any avatar that was still seated. This was causing llAvatarOnSitTarget to return a NULL_KEY if called, even while an avatar was seated, if llSitTarget was called while the avatar was seated.
• [Cleanup] This shouldn't have any real affect on scripts, but is a good cleanup: Replaced code in several places that would fetch any prim, with a new more efficient and simpler code that specifically fetches a sit target. Also, in some legacy cases the seated avatar's visual parent is wanted (e.g. for updates of seated avatars), but in some cases (LSL scripting) the original sat-upon prim is often wanted (e.g. for runtime permissions checks for scripts). This is an attempt to differentiate more obviously in the code between the two different usage patterns. The most obvious place where this would mattered was in scripted checks for implicit permissions which could cause those implicit permissions to apply only to scripts in the root prim, however in that case the prim owner is checked, which should be the same for the child part and the root prim. The other place was in llPushObject where the position would have been incorrect for the seated avatar, but that wouldn't matter in llPushObject for a seated avatar.

New LSL functionality
For InWorldz-specific functions, more documentation will be provided very soon:

• Implemented llGetAttachedList as per SL. See llGetAttachedList for more. Note: the LL documentation appears to be incorrect; it returns "NOT FOUND" for all error cases (it does not return "NOT ON REGION" for avatars in neighbor regions). The Halcyon implementation matches the SL behavior (not the docs).
• Implemented llTransferLindenDollars, including support for transaction_result events. See llTransferLindenDollars and transaction_result for more.
• Implemented iwGiveMoney and factored the code that is common with llTransferLindenDollars. The main difference is that iwGiveMoney does not require (or generate) a transaction_result event, but returns the transaction ID from the transaction history directly, or one of the error tags on an error (both as strings). Note: The transaction ID when transferring to yourself is always "0" as it is not logged in the transaction history. It should be considered an error case if ((result != "0") && ((integer)result == 0) i.e. not a number. The new function is defined as:

string iwGiveMoney(key destination, integer amount)

• Added support for stand targets and LSL functions: iwStandTarget and iwLinkStandTarget. The new functions are defined as:

iwStandTarget(vector offset, rotation rot)
iwLinkStandTarget(integer link, vector offset, rotation rot)

• Added stubs for llReturnObjectsByOwner and llReturnObjectsByID, as well as PERMISSION_RETURN_OBJECTS, and the other constants documented for those functions. Work is 80% complete, however it is unlikely to be completed in time for this release, so at this time they always return ERR_GENERIC. (We'll try to complete this for the 0.9.30 update, but at this time everything should compile but return an error.)

Other Behavior Change

• Changed parcel bans to not be enforced for Estate Managers. Fixes Mantis 3249 as discussed earlier.
• Also prevent Estate Managers from being banned from that estate, but allow removal of bans (even for EO or EM). The latter also allows cleanup in the event that the EO/EM changes after the ban list is in place.
• Changes to match SL's banned parcel implementation, as outlined in Mantis 3250. The minimum height over a parcel where avatar is in the ban list is now 5000m above the terrain height (the new limit is much higher). The minimum height over a parcel with "Public access" disabled is now 50m above the terrain height (generally lower than it was). It used to be a fixed 100m in InWorldz for both of those cases. This also required splitting the constant value into two different values, and adding code to determine which case applied.
• Fixed runtime permissions to avoid changing to 0 when a new permissions popup is sent to the user. (It needs to only be updated on the response (which it is already doing), or if there is nobody present to respond (as per SL). Fixes Mantis 3255.
• Fixed some confusion in the code over script (runtime perms) answer handling. The script answer handler was not cleared if a new avatar was targeted for a permissions check. Then the test for existing request was comparing two different kinds of objects for equality, which may have resulted in trying to add the same handlers repeatedly, every time a new runtime permissions prompt was issued. The negative effects of this are not clear, but the problem code has been fixed.
• Fixed a shallow copy (reference copying) in region objects. Changes to things like sit target lists (e.g. llSitTarget), or LSL scripted targets (e.g. llTarget), bounding boxes, and other references in one copy of an object affected all copies of that object that were shift-copied. This resulted in @mdickson's report of sit targets ...

InWorldz Halcyon Server 0.9.28 R6115

There are two major areas of change, and then a couple of other changes:

1. The first is the Avatar-as-a-Prim (AaaP) changes, which allow a script to treat a seated avatar as if it were another prim on the end of the link set. This enables all kinds of seated avatar positioning, without, for example, the need for furniture to rez pose balls to sit on (which are then repositioned instead of the avatar).
2. The second area of change is to support remote console logins based on JSON Web Token (JWT). This is a feature that allows the MOSES team to move to InWorldz Halcyon-based servers for their core production systems.

There are also some fixes and even enhancements included with the avatar-as-a-prim changes that aren't technically directly related:
• Sit target handling is much improved, both in terms of performance and in terms of SL compatibility. The most noticeable change is that many avatars can now sit on a single prim. If there is an unoccupied prim with a sit target, the avatar will be seated there first, but otherwise the presence of a seated avatar no longer produces the That seat is taken by another user. error.
• Various improvements to the LINK_ "wildcards" handling to allow them to be used in more cases now, more consistently. These also now include seated avatars where they match.
• Unlike SL, llGetLinkPrimitiveParams supports the above LINK_ wildcards, so for example, that you can pass LINK_SET, [LINK_NAME, LINK_POSITION] and get a list with prim and seated avatar names and positions. Any reasonable combination is supported. This differs from SL where the response is not useful; SL always returns an empty list: [ ].
• Where a list of object links are provided in some form, the links are now ordered by link number. This is most evident in llGetLinkPrimitiveParams, where wildcard LINK_ values result in a list. For example, LINK_SET, [PRIM_NAME] might now return ["A", "B", "C", "D", "E"] in the correct order of the link numbers. Fixes .
• Updates to llGetLinkName and llGetLinkKey to be consistent with the other similar functions, as well as to support seated avatar "links" now.
• Fixed a long-standing bug that could cause updates from an avatar to not be sent to other avatars. (I believe this is only some unusual edge cases like region startup or shutdown, but could possibly cause a updates from a bot to be skipped if the script rezzed a bot too early in the startup process.)

Avatar-as-a-Prim (AaaP)
This update includes major changes for avatar-as-a-prim (AaaP). Should be mostly backwards-compatible with existing scripts, other than a couple of very exceptional cases. Please let us know if you encounter any incompatibility.

The way it works is that if a script positions or rotates an avatar as if it was a prim, that avatar switches into "avatar-as-a-prim mode" (which means that the avatar becomes parented to the root prim as in SL, and no longer moves with child prim movements). This AaaP mode resets to "legacy" InWorldz mode (avatar moves with any seated prim) if the avatar stands and sits again.

This also includes a reworking of sit targets where there is now a separate list of sit targets for the object (which much more closely models SL semantics).

This update may also fix obscure problems with culling missing or including some prims inappropriately, as well as several timing problems on region crossings/entry that could place the avatar in the sky, or at 0,0,0.

Details
• Per-object and per-prim collections of seated avatars maintained, compatibility mode flag (set by default), avatar still moving with prim moves and rotations.
• Prims now support multiple avatars on the same prim, once any sit targets are occupied (as per SL).
• Implemented llGetLinkName, llGetLinkKey, llGetLinkPrimitiveParams, llSetLinkPrimitiveParams, llSetLinkPrimitiveParamsFast and all prim param setters for seated avatars. This includes support for avatar "link numbers", and full support for param getters. Also includes full support for PRIM_LINK_TARGET changes including avatars, etc. (llGetPrimitiveParams and llSetPrimitiveParams always refer to actual prims and therefore are not connected to AaaP support.)
• Support for recognizing both "AaaP mode" and "legacy IW mode", defaulting to legacy mode on each sit operation, and switching avatars into "AaaP mode" after changes via prim-based position/rotation functions.
• The affected LinkPrimitiveParams functions now supports tracking the params list offset to keep the index in the params list in sync with expected parameters even when ignoring prim params, such as PRIM_TEXT on an avatar (as a prim).
• Much more efficient Order(1) implementation of finding a seated avatar and the corresponding prim on an object.
• Replaced all the code that used the sit target parent rather than the avatar parent to identify where an avatar was seated (e.g. on crossing).
• Added support for preserving AaaP/legacy mode for a seated avatar across region crossings. This was done in such a way that should give us "old-region to new-region" compatibility during the rollout, but not "new-region to old-region" (avatars will revert to legacy mode if crossing into a region which has not been upgraded yet), although there probably won't be any objects expecting the new behavior until after the rollout completes anyway (except on the InWorldz Sandbox regions).
• When downgrading a full agent to child agent (crossing away from the current region), the region now saves the former position as the recovery location for reentry failures rather than 0,0,0. Also sets the avatar parent position to 0,0,0 within the lock when clearing the parent prim. This should avoid some crossing failures putting the avatar at 0,0,0 if unseated.
• The CompleteMovement packet no longer overrides the position if there is a parent prim, if the avatar is in AaaP mode, or if the requested sit target ID is zero.
• The avatar "Reset" method no longer sets the absolute position to 128, 128, 70 since that had all kinds of unintended side-effects.
• An avatar's child agent position update now finishes updating the avatar position before calling the object culling code to check for distant entities to show. This may fix some strange quirks with drawing far objects rather than near objects, depending on your position in the region.
• The code that grabs an avatar data is now much more careful to grab consistent data (inside a position info lock), and reorder some of the other assignments for maximum safety and consistency.
• When sending an avatar state to another region, SendChildAgentUpdate2 only updates (overrides) the position if there is no "ride-on part" and no longer ever updates the data indicating which prim the avatar is seated upon variables. (i.e. The code has been simplified to avoid problems.)
• Fixed duplicate CHANGED_LINK messages although these were likely a regression in the code changes above. Moved the event sending from the prim to the object since we need to do it all once per object.
• Major reworking of the sit target handling. The object now tracks a list of specific sit targets, fixes logic, also much more efficient Order(1) operations instead of requiring Order(N) searches of all prims in an object in some (but not all) cases. We may be able to do more there as well, but mostly just making it work in this update and improving the obvious inefficiencies. The sit target changes handle link/unlink/take/rez/crossings/restarts etc.

InWorldz Halcyon Server 0.9.27 R6078

This release provides both user-visible and administrative/background improvements:

User Logins
• Fixed a problem with stale connection info being used when fetching user profiles. Fixes "last location" logins not going to last logoff location, and probably other cases where the cached info was stale.
• Fixed a problem where repeated attempts to enter region by a banned user could cause the region to be marked as unavailable to all users. See the forum report here for more.
• If the specified login location is not available, the User login service now try user's Home location before falling back to alternative default locations (like IDI).
• Fixed a null reference exception that could occur if the user has no home region at all.
• Added support for IP network bans in the central User login server itself (rather than region servers). Supports specific IP addresses as well as IP ranges, and does not require User service restarts for changes.

Other Behavior/Functionality
• Added support for the "HomeLocation" CAP (region capability). This is a server-side fix for the Firestorm Viewer regression in the Firestorm 4.7.9 update. See the FIRE-19894 report in the Firestorm JIRA for more. Fixes the inability for the latest Firestorm viewer to be able to "Set Home to Here" (at least on InWorldz).
• Eliminated the superfluous "Notecard saved." messages. Fixes Mantis #3228. These were now causing multiple viewer popups that need to be closed when connected to InWorldz servers, and have been removed from SL servers. (These messages were only added to match previous SL behavior, so InWorldz servers have now changed to match the new SL behavior again, by removing these extra popups).

LSL Scripting
• Fixed llGetObjectDetails(id, [OBJECT_OWNER]) to return NULL_KEY for deeded objects, as per the SL wiki and tests in SL to confirm it.
• Changed llGiveMoney to skip payments of zero and simply return a 0. This makes llGiveMoney compatible with the Second Life implementation.
• Fixed botFollowAvatar to return BOT_USER_NOT_FOUND if the user wasn't present. It only returned that previously if the user account didn't exist at all. Fixes Mantis #3227.
• Fixed llMoveToTarget to support 3-D movement (Z changes). Removed the 2-D restriction on llMoveToTarget for avatars. This may not completely solve Mantis #3231, but it's a step forward, at least it attempting to resolve the Z location too, now. Also fixed to avoid applying air brakes if a move to target is in progress. Applies a local linear force to help the movement and counter gravity (mass-based and FLY_LAUNCH_FORCE used elsewhere if lifting off from ground). Needs but does not yet implement a critically-dampened motion (wasn't in the previous 2-D movement either, but is planned).
• Implemented llGetEnv for region_size_x,region_size_y,region_size_z which return 256, 256, 10000 from the Constants module. Resolves Mantis #3135.

Halcyon Open-Source Project / Grids
• Fix for issue #251 to include a console/log message if the PermissionsModule is skipped (reported as GitHub issue #251 by the MOSES team). Also abort startup if no permission module is used, even with permissions bypassed. The DefaultPermissionsModule (PermissionsModule.cs) supports bypassing permissions entirely, if that is desired. However it is considered a configuration error to have (probably accidentally) fail to load ANY permissions module at all. (Avoids problems where a region can start with all permissions checking accidentally disabled on other Halcyon grids.)
• Added a teleport user console command to allow a grid administrator to force-teleport a user session (e.g. in the event of trouble in a region). The console command syntax is teleport user <first> <last> regionName x y z.
• Improved the error handling for XML commits for default configurations on first time setup situations (where the file will be missing).
• Added some Swagger documentation for the RESTful remote console and Remote Admin interfaces.
• Includes Postman tooling for testing the two remote APIs. The Postman XMLRPC collection now uses the username and pass set in the environment.
• Added a note to the default INI file about the various consoles that can be activated.
• A start to the inline code documentation & Doxygen documentation for LSL.

InWorldz Halcyon Server 0.9.26 R6031

This release provides mostly background, server-side improvements, although there are a couple of things for users.

Behavior/Functionality
• Fixed the infinite "Loading..." message on the World Map when clicking on invalid region locations. With this change the viewer now displays "Invalid Location" when the user click on map tiles that have no region associated.

LSL Scripting
• Fixed problems related to llJson2List handling of an JSON object with a null value for an element.

Administrative/Server-side
• Implemented detailed statistics gathering on asset-related operations on cloud storage. Added an implementation for the show assets console command to dump these statistics, or to reset them with show assets reset. In the event of performance-related reports, this will provide definitive information on whether any issues were related to cloud storage delays or something else, and if so, more info on the specific trouble case.
• Added support in the Cassandra-related inventory code for purging and recreating empty folders. This is not used in the regions, but is for use in the internal inventory scanner utility (used on Support escalations).

Halcyon Open-Source Project
• Added Test support for the Phlox scripting Engine including a Mock for the Engine. Added JSON tests for LSL script engine testing around JSON handling. Added an initial failing test cases and some positive cases for llJson2List handling an JSON object with a null value for an element. Added code to get the failing test passing.
• There were copies of the Prebuild utility in both the Halcyon code tree and in LibOMV, that have deviated. This update takes the most up to date copy from Halcyon (which includes the InWorldz-specific changes) and puts a copy in ThirdParty. Also made a nukpkg package from it as well. The copies in Halcyon and LibOMV have not been removed yet. There are some other changes that are coming to the LibOMV version first.

InWorldz Halcyon Server 0.9.25 R6002

• Fixed the regression in Mantis 3213: The initial appearance of bots was not showing correctly. Also fixed a second case where full updates for bots were not sent correctly (e.g. botChangeOutfit). From what I can tell, both of these problems were caused by failures of the Git/GitHub version control software we (and most of the world) use.

• Fixed a case-sensitivity issue with all users' name lookups. Because MySQL is case-insensitive, lookups of normal user profiles would be successful, but would bypass the user profile cache. This was making them slower than they needed to be, and adding unplanned load on the core database, although it was not problematic. It is possible that this had some other negative effects as well in terms of functionality reliability. This has been resolved, to be case-insensitive as intended, and thus take advantage of the user profile caching again for improved performance. The case-sensitivity of the user lookups also caused bot-related name lookups to completely fail if they were not specified in the same case as the bot was created with. So these fixes also resolves Mantis 3215.

• Fix a regression in llGiveInventory and the other Link and List variants that added unwanted new delays when the delivery was directed to an object. Fixes the problem reported in the forum here.

• Fixed some race conditions related to removing bots. Fixed two cases of null reference exceptions if botRemoveBot is called at the wrong time. Also tightened the lock on removing bots to avoid another possible race condition on removal. This change should hopefully fix the reproducible region crashes reported here.

• Provides an SL-compatible llDetectedGrab() implementation for InWorldz. (The ObjectData.GrabOffsetInitial field coming from the viewer was always 0,0,0 and yet llDetectedGrab works in SL without it. Looks like a protocol design feature never implemented, or broken in the viewer and never fixed. We now do what I'm assuming SL developers had to do; store the initial grab position on the ObjectGrab packet and use the saved one from there on ObjectGrabUpdate to calculate the relative grab vector at llDetectedGrab-time.) Resolves Mantis 2544.

• Added a new InWorldz-specific constant for llGetObjectDetails and iwGetAgentList, named IW_OBJECT_SCRIPT_MEMORY_USED. It functions like the OBJECT_SCRIPT_MEMORY constant, but instead of assuming each script is using the maximum amount of memory, it instead reports the actual memory usage of the scripts. The behavior of OBJECT_SCRIPT_MEMORY could have been changed to support this, but that would have been different than the SL implementation and could have broken scripts imported from Second Life, if they were coded to assume SL behavior, so a new constant is provided instead. Also, a new InWorldz specific constant was added because the existing OBJECT_SCRIPT_MEMORY request will return twice the value it normally would report in SL, because script memory here is 128K (instead of 64K as in SL).

InWorldz Halcyon Server 0.9.24 R5977

This update includes the following changes:

Owner-Configurable Region Avatar Limit
There are two limits on avatars in a region. The first is a hard limit set by InWorldz (currently 100 avatars). That limit will deny even the Estate Owner and Estate Managers.

This update adds support for the second, soft limit, which can be set or changed on the Region/Estate form. The InWorldz implementation differs from the implementation on other grids such as SL, in that it will still allow the Estate Owner, Estate Managers, and anyone on the region access whitelist to enter the region. This works for cases where a club or performance group may always want its club staff or performers to get in after a crash, but otherwise apply an agent limit to the region as a whole.

Other Fixes

• Fixed a problem with bots sometimes not actually deleting attachments when removed (DeleteAttachment not called).
• Fixed the initial/default appearance to use Current Outfit folder (COF) version of -1 like the viewer expects. The viewer defines the initial/default/unknown appearance serial number (version) as -1 (not zero).
• Appearance changes to avatar layers was incorrectly resetting the COF version number to 0. (This has been fixed, to leave it alone.)
• Several references were not being cleared in session Close methods, holding
  references and prolonging object memory usage (leakage).
• Fixed a case where scene presence (avatar) event handers were added twice.
• Several existing log messages improved, and others added to help us diagnose appearance Mantis 3162.
• Implemented iwDeliverInventory and iwDeliverInventoryList, as well as the IW_DELIVER_* series of error return code constants (more info below).

Details on iwDeliverInventory and iwDeliverInventoryList
These two new functions are really small enhancements to iwGiveLinkInventory and iwGiveLinkInventoryList (folder version), which themselves are enhancements over the normal SL llGiveLinkInventory and llGiveLinkInventoryList functions. The two new iwDeliver functions provide deep tracking of the delivery of the items to user, returning an error code to the caller if the delivery is not successful. (Note: It is considered successful when the item(s) are delivered to the recipient user's Inventory, regardless of whether the user later declines the inventory or not, which could happen days, or months later.)

The new functions are:
integer iwDeliverInventory(integer link, key target, string inventory)
and
integer iwDeliverInventoryList(integer link, key target, string folder, list inventory)

The parameters and operational semantics match those of iwGiveLinkInventory and it's multi-item (folder) variant, iwGiveLinkInventoryList.

Several return values are defined:
IW_DELIVER_OK = 0
The inventory was successfully delivered to the user's Inventory.

IW_DELIVER_BADKEY = 1
The 'target' parameter is not a valid key.

IW_DELIVER_MUTED = 2
The recipient user has muted the sending object, or its owner.

IW_DELIVER_ITEM = 3
At least one of the specified item(s) was not found in the Contents.

IW_DELIVER_PRIM = 4
This is mostly an internal error meaning the prim with the script could not be found. This could probably happen if you did a Take or Delete of the sending object just as it called this function.

IW_DELIVER_USER = 5
The specific delivery recipient does not exist.

IW_DELIVER_PERM = 6
The permissions of one or more items does not allow delivery. This can occur if the Contents item is no-trans, or if the item is no-copy and the object itself is no-mod.

IW_DELIVER_NONE = 7
There were no matching items were found in the Contents for delivery.

The R5977 Update
The following R5969 change has been reverted (removed), and the previous behavior restored:

• Fixed the missing permissions pre-check on Contents item moves. Either the task item must be copyable (for a copy operation), or the enclosing object must be modifiable (for a move operation). If neither of those is true, the operation now fails with "Cannot remove a no-copy item from a no-modify object." Fixes Mantis 3192, which was a problem that allowed users to accidentally damage no-mod objects if there were no-copy objects inside.

InWorldz Halcyon 0.9.23

LSL Scripting

• Implemented iwValidateURL function, which allows a scripter to verify if a URL is formatted correctly according to the HTTP, HTTPS, and WWW schemes.
• Improved argument handling in iwStringCodec to allow codec names to be case-insensitive, and allowed cryptographic hashes to be specified with or without a dash (e.g.: sha512 vs sha-512).
• Relaxed botGetPos to not require ownership of the target bot. This makes botGetPos consistent with botGetName, etc. in that any script can get the position of a bot in the region. It is not only available to the owner, and is not privileged info. See the forum discussion for more.
• Tweak to error message of llRemoteLoadScriptPin when PIN is wrong. The error now differentiates from failure due to the wrong PIN being set and failure due to no PIN being set.
• For performance and security reasons, llRemoteLoadScriptPin will now give an error message and return if the PIN is zero.
• llGetMemoryLimit respects Phlox's recent increased 128KB memory limit.
• Fixed llJsonSetValue with zero values, empty strings, and other cases. (Fixes Mantis 3174 and Mantis 3182.)
• Fixed the format of the User-Agent from LSL scripts calling llHTTPRequest, which was not accepted at some servers, notably Shoutcast servers. They would reject (with a 403) calls from InWorldz scripts that would work unchanged in SL. (Fixes Mantis 3194.)
• llHTTPRequest now supports many more custom headers: "accept", "content-length", "content-type", "expect", "host", "date", "if-modified-since", "range", "transfer-encoding" (auto-enabling chunked sends), and "connection" (including recognizing keep-alive).
• Duplicate custom headers passed to llHTTPRequest now append as comma-separated values if that custom header already exists. This matches SL behavior.
• Much simpler implementation and cleaned up region chat methods used by llSay, llRegionSay, llOwnerSay, llShout, llWhisper, etc.
• [R5942] Restored previous "(Mozilla compatible)" suffix on User-Agent headers from llHTTPRequest. The User-Agent change fixed some Shoutcast servers and broke others. The best combination is SL-compatible prefix, with original IW "(Mozilla Compatible)" suffix. We will continue to need that for other server types anyway.
• [R5942] Disabled the blocking of User-Agent headers in llHTTPRequest calls, i.e. allow them to be specified in custom headers, since we don't support the SL kludge of appending them to the end of the URL in a multi-line hack (and won't be, since it seems like a major security risk anyway). Allows scripters to provide a specific User-Agent as needed by the destination server.
• [R5955] Fixed the region position associated with llDialog replies (button presses), which was causing them to sometimes appear to be out of range to be heard by the listener object, resulting in dialog menu buttons being ignored if the owner was in the region. Fixes Mantis 3206. Thanks to Judy Muircastle, Chuck String and Ayiana Cerna for helping us track this one down.

Behavior and Reliability

• Fairly significant fixes to the memory management of bot clients, avatar "scene presence" objects and region "scene view" objects to avoid sending updates to bot clients which did not recognize or process them, and hanging on to object references, resulting in possibly large region memory leaks.
• Fixed the implementation of the teleport routing value: "Blocked". (Fixes Mantis 3201.)
• Fixed the server to recognize a region restart time of -1 as a region restart abort request.
• Viewer protocol fixes to add support for missing AlertInfo parameters. Proper implemenations for HomePositionSet and RegionSecondsRestart alerts.
• Fixed a possible null reference exception in the user friend permissions checks. Seen on IDI when there were bots.
• Changes to XML files (especially region.XML) are now committed out-of-place. This avoids cases where a 0-length region.xml file was created when the VM is out of disk space.
• Changed the code that saves the last map UUID to not rewrite the whole XML file twice.
• Added a more informative server console error message on netacl errors.
• The "forcegc" console command now includes command options to specify the maximum generation, and forced mode.
• Fixed SQL field and trigger creation issues in new Halcyon installations.

InWorldz Halcyon 0.9.22

Crossings

• Replaced a very expensive call that was invoked once on a crossing, once for every prim in an object, if there were any seated avatars. The total sum of these expensive operations would cause significant delays in crossings, and in some cases could cause crossing timeouts to be detected by the sending region, causing a crossing to fail and the avatar to be left in an inconsistent state. (See the forum discussion.) This problem is also suspected to be one of the primary causes of Mantis #3180, if not the complete source of the trouble there.
• Added a second crossing optimization while checking friend permissions to avoid a potentially expensive call on crossings where the friend and the owner were actually the same user.
• Added a third crossing optimization to only send the forced immediate updates to the passengers of an incoming object with seated avatars, rather than to all avatars.

Rezzing by Attachments on Group Land

• Fixed Mantis #3028, inability for attachment to rez on group-enabled land. This wasn't technically a bug, but it was not consistent with other places where we relaxed the requirement for rezzers to wear the land group tag when compared to SL.

Outfits

• Added a CofVersion (Current Outfit folder) field to the login responses. Also added support for the CofVersion/Serial from inbound/outbound appearance packets, and removed some unused COF cleanup code that was was no longer being used.

Materials

• Fixed the materials code to do a deep copy of on a duplicate operation. This fixes problems with materials after an object shift-copy.

Server Reliability and Performance

• Fixed null reference exception in prim media seen during region persistence backup, which could cause the storage to fail and the object to be lost. This problem is not believed to have a problem on the main grid, but only in some of the intermediate 0.9.22 test versions (e.g. on the beta grid).
• The server now auto-repairs the case where we should have a locally-cached cloud-based asset, but don't. This can happen if the local disk drive is full for unrelated reasons, so the cached item is 0 bytes (or missing). This fixes some cases where a region will not come back up after an automated restart.
• Fixed a problem where a script calling llEmail in an object that is then removed or leaves the region can cause the script engine to terminate (failing to load further scripts or run existing scripts). This was an old OpenSim bug, seen on I'z Straits 8 and has been fixed (and will be reported to OpenSim as it is still a problem there and a possible vulnerability in all OpenSim regions).
• [R5910] Fixed a possible serious performance problem caused by many overlapping profile fetch requests that could occur when a user profile was needed but not already cached (cache miss). Reported earlier on Sandbox 2.
• [R5911] Fixed a concurrency problem with overlapped user profile fetches.
• [R5911] Fixed an regression resulting in unwanted looping fetching profiles after lock conflict.
• [R5911] Removed a long-standing needless XML-RPC call to the User service to do a user profile lookup for bots when botCreateBot was called. It doesn't need to check with the User server if that UUID already exists, given it just made a random UUID up. (That operation is now conditional on NOT being a bot.) This extra call is what was causing all the User service profile lookups to fail.
• [R5917] Fixed to avoid removing user profiles unless we've searched again, inside lock. (Fixes a race condition with botCreateBot.)
• [R5917] Performance optimization to avoid a costly friend edit perms check for bots.
• [R5917] Performance improvement (perhaps lower memory as well) to continue to report the inventory link "not found" error case, but not with a full traceback. That's a costly operation for a very very common case and also pollutes the log preventing scanning for errors.
• [R5917] Performance optimization to skip the god permissions checks on bots.
• [R5917] Fixed botCreateBot prechecks to address a race condition allowing the same name, and to tighten the checks for null-named bots, etc.
• [R5917] Fixed incorrect removal of bot profiles on remote lookup failures. (Bots are only in this region, should not be removed because storage couldn't find them, and are explicitly removed.)
• [R5917] Closed a race condition where profile cache was checked outside the
  lock then assumed inside the lock.

Friend Permissions

• [R5910] Fixed a an earlier regression in this update which broke friend edit permissions in some cases.
• [R5910] Fixed a long-standing problem where the tests for online status visibility notifications for friends was inverted.

InWorldz Halcyon v0.9.20 Release

InWorldz Halcyon 0.9.20

This update provides full support for materials, LSL script support for materials and projection lighting functions, increased LSL script memory limits (128K per script), lower Land Impact calculations, and many reliability and performance improvements.

Materials Support

• Adding support for materials, for adding materials to a scene, Thoosa protobuf serialization, and the caps to support viewer set/get.
• Added a cache for the calculated value for MaterialID and only recalculate it when the data in the material changes.
• Added test cases for render materials to and from Thoosa serialization for bytestream serialization.
• Added missing materials-related tunables to SimFeatures for the viewers on region entry.
• Many additional changes to further tune and tweak the materials implementation.

LSL Scripting

• Increased the memory limit of scripts from 64K to 128K. This is due to the possibility that some (large) scripts from Second Life may not function under Phlox, due to strings being UTF-16 instead of UTF-8, and provides additional memory for other cases.
• Added full support for LSL materials constants, including their implementation in llSetPrimitiveProperties, llGetPrimitiveProperties and their variants.
• Added new (InWorldz/Halcyon-only) support for scriptable projection lighting. See viewtopic.php?f=19&t=21955&start=0 for more.
• Fixed functions accessing prim inventory to try to locate the item by name first. Allows an inventory item named like a key to be used by name.
• Fixed script errors being disregarded by the viewer.
• [R5868]: One of the recent updates caused llRegionSayTo messages to be heard by everyone in the region, contrary to the "SayTo" part of the name. (This can potentially reveal information that was not intended for all, such as tip jars reporting the user and amount to everyone rather than just the DJ or host, etc.) This update restores the correct behavior of sending the message only to the specified recipient.

Land Impact calculation

• The calculation for Land Impact has been changed to ensure lower values even when mixing prims that have extreme combinations of higher streaming cost vs higher server weight.
• The new calculation is based on the historical lower value of either, in each prim.
• It now usesa summed value of each of those individual (prim) to calculate overall Land Impact (object cost) so that linking prims generates expected LI values.
• Previously prims that had each of those costs at opposite ends of the spectrum could generate larger LI. Fixes Mantis #3113.
• [R5853]: Fixed a problem in botFollowAvatar where a failure to find the target avatar by name would allow the code to try to continue without an apparent error. It now correctly returns BOT_USER_NOT_FOUND.

Reliability and Performance

• Fixed a regression that caused bot profiles to not be found. The fixes for user profile caching missed a special exception case for temp profiles which left them unable to be returned from a search. Special check restored, and fixes missing bot names, profiles, and ability to create a second bot with the same name, etc.
• Use the new immutable timestamped items for the the byte buffer pool, and implemented aging. This should hopefully prevent garbage collection activation in cases like the UDP stack, where items will be rapidly requested and returned to the pool.
• Implement cache aging for the asset cache. This allows regions to use much higher cache values, helping to negate any negative performance impact from cloud storage of assets, while continuing to enjoy the many benefits.
• Fixed local chat messages from objects to have the correct owner ID for viewer use (when you clicked on the chat source).
• Significant improvements to the way avatars were tracked as chat sources.
• Significant rework of object parts lists (prims) to replace all locking with the use of lock-free immutable collections. This should reduce lock contention, avoid possible future deadlock conditions, and also improve performance slightly.
• Fixed a deadlock case (seen on Events Scenic 35).
• Fixed parcel checks for avatar movement to properly test descent into parcels from above in all cases.
• Fixed a problem managing local profiles and temporary profiles.
• Removed unnecessary locking from the LRU cache, since all callers are either single-threaded, or do their own locking.
• Fixed a problem seen during beta testing (Mantis #3149) in the mesh uploader that resulted in confusion between uploaded prim parts, seen in testing the new immutable collections change above, but may have also occurred in the past in some cases (however it believed to be new in this update, either way, fixed now).
• [R5848]: Fixed user session information not being cached by region servers. Caused significant performance and lag problems when attempting to terraform.
• [R5851]: Fixed IMs sometimes not being able to follow users for a period of up to 5 minutes after the IM recipient has moved to a new distant (non-neighbor) region. Fixes problem reported in the forum thread here.
• [R5851]: Fixed some server-side problems handling the Export permission exposed by IW3 testing and reported in the forum thread here.
• [R5855]: Added support for viewers that pass new land access flags. This fixes problems loading the Access and Ban lists in the land properties form (About Land) when opened in IW3 and other recent viewers.
• [R5868]: We have a possible fix for a region crash in the physics code handling collisions with objects being deleted. (This crash was seen on the Mare Volcani region about a week ago.)

Other Fixes and Changes

• Implemented AGENT_CONTROL_STOP in the viewer status update (viewer "airbrakes").
• Improved support for OpenSim-compatible OAR files, especially in the area of archived mesh (courtesy of the MOSES team).
• Added server-side support for web-based user profiles. (Now TPV viewers on Halcyon servers won't be trying to connect to SL servers for avatar profiles.) Viewer is informed only if a web profiles URL is provided; this does not add web profiles to InWorldz, but would allow it in the future without server changes.
• Fixed a deadlock and local/temp profile problem.
• Cleanup of AbsolutePosition calls, to avoid calling the calculation three times. (It's an expensive operation.) Also fixed some related code to be thread-safe.
• Cleaned up unnecessary config options from the Halcyon.ini file that were already covered by the region XML file.
• Lots of other cleanup, tidying and small tweaks to the server code itself for better maintainability in the future.
• Fixed some admin console messages related to user teleports that indicated the wrong information.
• Added support for Basic Physics on Linux-based Halcyon servers, in order to enable native testing of other code changes.