1. SUPRA-RD Security System Overview for Second Life
The SUPRA-RD Security system (and its Extreme variant) is a modular and highly configurable **IT-Security solution** designed to offer multi-layered **griefing protection for your land in Second Life**. It combines a robust core **SL security framework** with an advanced "Supra Extreme" engine (in the Extreme version) for enhanced **threat detection** and **avatar analysis**. Learn more about our Second Life IT-Security products.
Core SUPRA-RD System Features:
- Avatar Detection (Area, Parcel, SIM). Adjustable range + height.
- Flexible Access Control (Group, Whitelist, Blacklist, Mixed)
- Automated Responses (Kick, Teleport Home)
- Customizable Warning System & Notifications
- Visitor & Intruder Logging with search function
- Revolutionary Anti-Fast-Track Engine
Supra Extreme Add-on (SUPRA-RD Security Extreme only):
Significantly expands capabilities with advanced avatar resource monitoring, including limits on attachments, prims, render weight, scripts, memory, and CPU time.
2. Installation & Initial Setup of your Second Life Security System
Setting up your SUPRA-RD security system for optimal Second Life protection is straightforward:
-
Unpack & Rez
Unpack the product and rez all components on your land.
-
Ownership
Ensure you are the owner of all rezzed prims.
-
Initial Boot
The system will perform an initial boot, loading configurations from notecards. The owner receives status messages. This can take up to a minute.
-
Positioning
Place the main system prim strategically.
-
Notecard Configuration
While most settings are menu-driven, core settings are in `Config` and `SupraExtremeConfig` (for Extreme version). Lists are in `Managers`, `Whitelist`, `Blacklist`. It's recommended to use in-world menus.
You can use in-world menus either to enter the UUID of an avatar or to store it permanently. Additionally, you can store the UUID in the manager, the whitelist, or the blacklist notecard.
-
Licensing & Activation
When you first click the security device, follow the on-screen prompts from the main menu to activate your system using the one-time license fee. Your license (hash key) is securely stored in our cloud service. You have two options to purchase and activate your license for this device:
-
Activate for Self (OWNER)
This is the most common option for most SUPRA-RD Security owners. IMPORTANT: Ensure you have landowner rights to EJECT and BAN people.
-
Activate for Group
A group is tied to a DEED for a piece of land. The security device will be DEED later. Enter the EXACT Group UUID to which this device will be licensed and DEEDED. After successful license activation, DEED the security device to the group. The device will automatically reboot to begin the DEED configuration. Please wait until the system is ready.
Important! Make sure you add yourself (the buyer of the license) and other managers, if needed, to have access to the security device after you DEED it to the group. Otherwise, no access will be granted, and you will need to rez a new device to change the Managers notecard. Then, apply the license and DEED the device to the group again.
-
-
Store Your License Key
IMPORTANT!: After receiving your license key, please store the entire key (copy it from the Description field of the security device) in a safe place. If you lose your SUPRA-RD device, you will need the license file to reattach and assign it to a new SUPRA-RD Security (or Extreme) device. The license file format is as follows, for example: LK=0298xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx?EK=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx?ET=A?OI=26fexxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-
I already have a license key
Rez a fresh new copy of your Supra-RD security device. Then, copy and paste the entire license key into the description field. Perform a reset of all scripts to initialize the boot sequence and wait for the relink process to attach the license to your Supra-RD security device. You will find this reset option in the viewer menu under Build → Scripts → Reset Scripts.
-
Attention:
If you rez another copy of your SUPRA-RD security device with the same license key, the new device will become the active licensed model, and the older one will stop working after the next license check.
-
Lost your license key:
If you lose your license key, please contact our support team.
-
3. Main System Operation
Interact with SUPRA-RD primarily through its dialog menu system.
The Supra Core Menu:
Accessed by clicking the main system prim (owner/managers). Provides system status and access to sub-menus.
Arming/Disarming:
Toggle system activity via "Power ON/OFF" in the Core Menu.
4. Core System Configuration (Settings Menu)
Access the "Settings" menu from the Supra Core Menu to configure:
- Scan Modes: Area, Parcel, SIM. Set Range, Height, Interval, and Anti-Fast-Track Speed Limit.
- Access Modes: Group, Whitelist, Blacklist, Mixed.
- Action Modes: Kick, Teleport Home. Set Ejection Delay.
- Ban Settings: Enable/disable, set number of tries, and adjust duration. These settings do not affect the Supra-RD Security Extreme Engine, which has its own dedicated ban configurations editable via the notecard.
- Custom Warning Message.
- Notification Settings.
- Reload Configuration.
- Attention! When reloading the main configuration, the system will load the system configuration (including managers, whitelist, and blacklist) into memory, overriding your current settings. To avoid data loss, ensure all changed settings or added avatar UUIDs are saved in the specified notecard before proceeding.
- In scan mode "Area" you can define the range and height up to 100 meters.
- In scan mode "Pacel" you can define the height up to 5080 (full protection) meters.
- In scan mode "SIM" you can define the height up to 5080 (full protection) meters. Lower the height to define a zone to let people pass the area at higher altitude. For example for land owners on the mainland is it a helpful option.
The "Mixed Mode" combines the advantages of both the "Group" and "Whitelist" modes simultaneously. For example, this is ideal for clubs: staff on the whitelist can wear different group tags, while guests must wear the main group tag assigned to the security system.
5. Managing Access Lists for Second Life Security
Manage `Managers`, `Whitelist`, and `Blacklist` through dedicated menus accessed from the Supra Core Menu. Add, remove, view, and reload entries from their respective notecards. For higher security, the system only accepts the user’s UUID. You can add comments by starting a line with the # character.
6. Supra Extreme Add-on (Extreme Version)
Access the "Supra Extreme" menu to enable/disable the engine and adjust avatar resource limits defined in SupraExtremeConfig. Furthermore, you can add up to 10 avatars to a separate whitelist to exclude them from the resource scan. Managers are always excluded. Access detailed logs via the "Logs" menu. The system retains 50 entries for intruders, with automatic log rotation. Newest entries appear first. For convenience, you can search through log entries.
Supra Extreme Configuration
Controlling the Supra Extreme Engine Availability
This setting determines whether the Supra Extreme Engine feature can be used.
- If OFF: The Supra Extreme Engine is completely deactivated. You will not be able to turn the engine on or use its features through the Supra Extreme menu. The ON/OFF control for the engine in the Supra Extreme menu will be disabled.
- If ON: The Supra Extreme Engine feature is enabled and available for use. You can freely turn the engine ON or OFF whenever you wish using the controls within the Supra Extreme menu.
Setting: Supra_Extreme_Engine = 1
Scan Interval (Seconds)
What it does: This setting controls how often the system automatically checks your land. Every few seconds (as set by you), it looks at all avatars present, verifies if they are allowed to be there, and removes any that aren't.
How to set: Enter a number between 10 (for frequent checks) and 120 (for less frequent checks).
Setting: Scan_Interval = 15
Notifications for Avatars Needing Correction
Warn Message: A warning message sent to the intruder (max. 150 characters). It will be sent along with the reason for the correction.
Example Reason: Too many running scripts (64 > 50)
Setting: Warn_Message = Your avatar is consuming too much resources. Please check your avatar before returning. You are welcome back.
Ban Avatar: Enable or disable banning (0 = OFF, 1 = ON).
Setting: Ban_Avatar = 1
Ban After X Tries: Number of attempts before banning (1 to 10).
Setting: Ban_Tries = 3
Ban Duration: Duration of the ban (1 to 8000 hours).
Setting: Ban_Duration = 1
Limits Defining Excessive Resource Usage
The following settings define limits for avatar resource usage to identify those consuming excessive resources.
Maximum Avatar Attachments
This setting lets you decide the absolute maximum number of items an avatar can have attached simultaneously (e.g., shoes, hair, jewelry, mesh clothes, Animation Overrides, accessories).
Platform Limit: Second Life allows up to 38 attachments, but you can enforce a lower limit.
Allowed Range: 20 to 38.
Important: Avoid setting this limit too low, as avatars often wear multiple items. A restrictive limit may prevent attaching essential accessories.
To Allow Maximum: Set to 38 to use the platform's built-in limit.
Setting: MaxAttachments = 38
Avatar Maximum Prim Count
Purpose: Controls the total number of prims (components) attached to an avatar to manage performance and stability.
Why it Matters: Avatars with excessive prims (e.g., in hair or shoes) can cause performance issues or be used for griefing.
Finding the Balance: Efficiently designed clothing and accessories typically don't require excessive prims.
How it Helps: Setting a limit prevents performance issues from overly complex avatars.
Understanding the Limit: Each attachment point has a technical limit of 255 prims, but this setting controls the total for an avatar. A high value (e.g., 9999) effectively disables this check.
Recommendation: Lower this value in crowded areas if performance issues occur.
Valid Range: 200 to 9999.
Setting: MaxPrimCount = 450
Maximum Render Weight
Purpose: Limits the rendering complexity of avatars to improve performance.
How it Works: Sets a maximum "complexity score" for avatars (in thousands, K). Lower scores reduce detail, freeing resources; higher scores allow more detail.
Setting Range: 100 (lowest detail) to 600 (highest detail).
Good to Know: The application caps complexity at 500. Setting above 501 removes the custom limit.
Recommendation: Keep at or below 500 for stable performance to prevent issues from overly complex avatars.
Setting: MaxRenderWeight = 350
Avatar Complexity Limit (Maximum Streaming Cost)
Purpose: Controls how graphically complex avatars appear on your screen.
Effect: Higher values allow more detail but may slow performance; lower values prioritize smooth performance.
Recommendation: Keep below 1000 for a good balance. The default is a good starting point.
Default: 650 (Range: 300–3000).
Setting: MaxStreamingCost = 650
Avatar Script Usage Limits
Purpose: Limits the number of scripts an avatar can run to prevent performance issues (lag).
Limit: Maximum of 160 scripts active at once.
Effect: Exceeding this limit may cause avatar functions or attachments to fail.
Recommendation: Manage active scripts to stay within this limit.
Setting: MaxRunningScripts = 150
Maximum Memory Usage
Purpose: Sets a guideline for the maximum memory (in KB) used by an avatar’s scripts.
Why it Matters: High memory usage from complex scripts can contribute to lag.
Understanding the Value: Second Life provides a rough estimate of script memory usage, not an exact measurement.
Recommendation: Avatars with extremely high memory usage may be overly complex. Consider using simpler avatars or removing script-heavy attachments.
Setting Range: 500 to 30000 KB (default: 7000 KB).
Setting: MaxMemory = 7000
Maximum Script Time
Purpose: Prevents lag from brief, intense script calculations.
How it Works: Defines the maximum processing time (in microseconds, µs) an avatar’s scripts can use at any moment to catch resource spikes.
Default: 400 µs (Range: 250–2500 µs).
Keep in Mind: Targets short-term usage spikes. Measured script time may increase in laggy regions, causing avatars to hit this limit more often. Frequent triggers may indicate a need to review server performance settings.
Avatar Processor: The SUPRA EXTREME engine is analyzing new avatar arrivals in a separate process to determine whether the avatar is causing a spike due to the current render process or not. After a short period, the avatar will be handled by the AP and ACT processors and monitored.
Setting: MaxScriptTime = 1300
(a good value for business and club places)
Whitelisting Avatars for Security Bypass
Purpose: Add avatars to a whitelist to make them immune to security system ejections.
Identifier Needed: Use the avatar’s unique Avatar Key (UUID).
How to Add: Create a new line for each avatar in the format: WhiteList=<Avatar Key (UUID)>
Example: WhiteList=11223344-aabb-ccdd-eeff-556677889900
Capacity: Maximum of 10 avatars can be whitelisted.
Effect: Whitelisted avatars are ignored by security and are never ejected. Also, managers of the security system are excluded from resource scans.
Setting: Whitelist=8ca73fab-1220-4822-a9d9-5d4ca1a50c0b
7. Specialized Security Engines: Anti-Fast-Track & Visitor Logs
Anti-Fast-Track Engine:
A specialized AI engine that monitors avatar movement speeds, instantly neutralizing those attempting to bypass security through high-velocity exploits.
Autonomously detects and acts against avatars exceeding the configured speed limit, using immediate actions and main system ban settings.
Visitor & Intruder Logs:
Access detailed logs via the "Logs" menu. The system retains 50 entries for visitors and intruders, with automatic log rotation. Newest entries appear first. For convenience, you can search through log entries.
8. Understanding System Alerts
Alerts are sent to the intruder (if enabled), owner, and managers, detailing the reason for the alert (e.g., "Access denied", "Fast movement", "Too many attachments").
9. Tips: Understanding & Countering Fast-Tracking in Second Life
Fast-Tracking involves moving through a secured area at high speeds to bypass detection. SUPRA-RD's Anti-Fast-Track Engine uses advanced motion tracking, a configurable speed limit, immediate actions, and randomized detection intervals to counter this.
10. Troubleshooting & System Information
Boot Sequence:
Core script initializes, loads notecards, distributes settings, checks license. Owner receives status updates.
11. Frequently Asked Questions (FAQ) about SUPRA-RD Security
Q: How do I activate my SUPRA-RD system?
A: After rezzing the system, click it to access the main menu. If unlicensed, you will see an "Activate System" option. Follow the prompts to pay the license fee to the device.
A: If you already have a license key, REZ a fresh new copy of your Supra-RD security device. Then, copy and paste the entire license key into the description field. Perform a reset of all scripts to initialize the boot sequence and wait for the relink process to attach the license to your Supra-RD security device. You will find this reset option in the viewer menu under Build → Scripts → Reset Scripts.
Q: What's the difference between SUPRA-RD Security and SUPRA-RD Security Extreme?
A: Both offer core AI security and Anti-Fast-Track. The Extreme version adds the Supra Extreme Engine for detailed avatar resource scanning (attachments, scripts, render weight, etc.), offering maximum protection against resource-based griefing in Second Life.
Q: My system says "ON (LIMITED - Activation Required)". What do I do?
A: This means the system is licensed but may have encountered an issue during its last check, or initial activation is pending confirmation. Try the "Activate System" option or "Reset scripts" from the object. If issues persist, contact support.
Q: Can we decrypt the hash attached to the license file?
A: No, we cannot "decrypt" the SHA hash to get back the original Object UUID or Owner UUID. The process is not like encryption where you have a key to lock and unlock the data. Once the data is hashed, the original specific input is effectively "lost" in a way that's designed to be irreversible. The security of not storing the raw UUIDs on a server relies on this one-way property.