When Larry Lessig
law" he was talking metaphorically. But for a virtual world,
constructed entirely out of bits, it is literally true: the laws regarding
what you can and cannot do there, both legally and even physically, are
inscribed in the lines of code that implement it. In this space, then, open
source has an added significance in that it not only lays bare the engines of
creation, but it potentially allows them to be hacked.
What some of the consequences of this openness might be was shown recently in
Second Life, when the
open source project
released a program called CopyBot. As its name suggests, this tool allowed copies
to be made of in-world objects - including the "avatars" that are used to
represent the residents of Second Life.
This was deeply problematic, since one of the attractions of Second Life is
that creators of digital content retain
unlike in most other virtual worlds. Many now make a good living from this
in-world activity selling virtual items, with
earning tens of thousands of dollars per year. However, CopyBot raised the
spectre of people replicating content for free, rendering digital objects
valueless, and undermining the entire Second Life economy.
The person leading the libsecondlife project is Jonathan Freedman. He took
over recently after John Hurliman, the previous lead, and still the main
contributor of code to the project, decided he didn't want to deal with the
public relations issues that CopyBot threw up. Freeman recalls: "he said to
me: 'I just want to code, I don't want to deal with this.'"
The libsecondlife project began six months ago, and was started by a group of
coders who "were interested in seeing a little more flexibility in what they
could do with Second Life," as Freedman explains. The idea was to create an
open source library that third parties could employ to create new Second Life
applications. To do that, the libsecondlife group started reverse-engineering
the Second Life protocols.
One by-product of this work was that they turned up security issues - "and
believe you me, they found quite a few," Freedman says - which they reported
to Linden Lab, the company behind Second Life. Partly as a result, "the way
the project had been run impressed Linden Lab, who were very happy with it,"
Freedman explains. "Back in the Second Life Community Convention in August,
they gave their unofficial
of the libsecondlife project."
And then along came the CopyBot incident.
"It was a debugging tool," Freedman says of CopyBot. "The developer was working on the
part of the Second Life protocol that was responsible for drawing avatars. He
needed a way to verify that the data was coming correctly: what better way to
verify that than just mirroring it back" down the connection to the system and
observing the result?
Freedman emphasizes that there were safeguards built into ensure that this
"mirroring" - copying of virtual objects - was kept within the terms of
service at the time. "You'd actually have to ask it before it would copy you,
and it would then give you a lengthy disclaimer explaining what was going on
so people could make sure that that was what they wanted. And generally people
were agreeing with that, and they'd be there for five or ten minutes dancing
There the story might have ended, were it not for the fact that CopyBot was
free software. "Anybody could get a copy and make use of it, and that's what
we saw happening: other people were modifying it to take out the disclaimer,
and generally shout stuff like 'I'm stealing your textures'" - the surface
elements of virtual objects.
As well as taunting victims in this way, a few of these "griefers" started
selling the modified, no-holds-barred version of CopyBot within Second Life.
Panic spread in some quarters of Second Life. Shop owners
hundreds of virtual stores, afraid that their inventory would be copied
endlessly and rendered worthless. But in practice, the
was minor, and the economy of Second Life continues to
not least because CopyBot itself had important limitations that were
consequences of the way Second Life operates.
Each "sim" or simulator of a portion of the virtual world in Second Life is
created on a server running Debian GNU/Linux, Apache, Squid and MySQL;
currently there are several thousand of these PC boxes. To allow for fast
response times, the virtual world is sent not as pixels or even as a mesh, but
as a series of 3D primitives - "prims". The Second Life client creates the
world by converting the stream of information about prims and their position
into a visual representation.
This means that the client has all the structural information about any object
visible to it; CopyBot works by taking that information, and replicating it.
However, in addition to the prims and the textures applied to them, more
complex objects add scripting to provide interactive behaviour that endows
Second Life with much of its richness. These scripts are run server-side, and
are not passed to the client, so CopyBot is unable to intercept them.
Nonetheless, the residents of Second Life who made money from their virtual
creations were understandably perturbed by the appearance of a piece of
software with the provocative name of CopyBot - "in retrospect it probably
could have been named something else," Freedman concedes.
At a November meeting held in-world, Second Life's creator and CEO, Philip
that nothing could be done about CopyBot using technical means: Second Life's
client-server architecture implied that CopyBot was not just possible but in
some sense inevitable. But he did promise other measures, including more
metadata, such as attribution and creation time-stamps, for virtual objects.
Since these would be stored server-side, and hence immutable, they would
provide clear proof of whether an object had been copied. To give this
approach some teeth, Linden Lab made
that anyone who used CopyBot or something similar in a malicious
manner faced the
prospect of expulsion from Second Life.
with Rosedale's response, and also see the CopyBot incident as part of a
deeper malaise involving cynical hackers exploiting loopholes in the Second
Life code to grief other residents. They accuse Linden Lab of a certain
complicity because of its encouragement of the external libsecondlife project.
Perhaps that encouragement is not so surprising given Linden Lab's stated
intention [PDF - look at final slides]
to make elements of Second Life open source. "Without speaking to specific
timing or plans - and we've thought and are thinking lots and lots where there
might be exceptions to this - it seems like the best way to allow [Second
Life] to become reliable and scalable and grow," Rosedale said
on the subject of opening up the code. "We've got a lot of smart people here
thinking about that." It's obviously useful to have smart people thinking
about it on the outside too - provided things don't get out of hand.
Freedman has instituted one important change in the libsecondlife project to
try to ensure that another CopyBot does not happen. "Previously, the way the
libsecondlife source tree was done was basically anybody who wants an account
can have one. That's the first thing I changed: just the
developers can have the accounts."
Freedman also has some clear-cut goals for the project, which will be
releasing all its code under the BSD license. "Short-term, the aim is to have
a workable third-party library that other people can make use of to interface
with Second Life. I believe that by the middle to end of December we'll have a
fairly decent third-party viewer that's comparable to the Second Life [client]
application. Longer term, ideally we'd like to see a completely open
implementation of Second Life, from the client, to the sims, to the assets -
Freedman believes "the use of open standards, if not open source, will go a
long way in the propagation of Second Life as an actual platform." This seems
to explain Linden Lab's enthusiasm for libsecondlife and patience with things
like CopyBot. At stake is the chance to help create the next online platform -
the 3D Web, sometimes known as Web 3.D.
Opening up the platform will also take some of the strain off Linden Lab:
currently, Second Life is growing at an unsustainable rate, with over a
million new members joining in the last couple of months. If users could host
their own virtual land, then Second Life could scale more gracefully. Beyond
that, open protocols would allow distinct but
virtual worlds to be created. The technical aspects of this are the easy part;
more difficult are working out social and economic issues like making
reputation and money portable between those worlds, and legal ones - as the
CopyBot episode made all-too clear.
Glyn Moody writes about open source and virtual worlds at
to post comments)