Category Archives: Griefers

The kind of people who break Second Life for their own pleasure. Why do they do it?

The Trouble With libsecondlife

I touched on the libsecondlife project to a certain degree when I talked about CopyBot back in November, but a recent comment on that post reminds me that this subject is worth considering in more detail. (Oddly enough, when I tried to bring up that link to the project’s home page, it came back with an internal server error…and then with an infinite-redirection error from Firefox. Hmm. — UPDATE: And now it works. Go figure.)

Libsecondlife (so-named from the Unix convention for naming library files “libsomething.a” or “libsomething.so”) is, ostensibly, a project to reverse-engineer the protocol used by the Second Life client to communicate with the Grid and create a library, as open source code, allowing other programs, such as replacement clients, to be written. In this respect it’s a little like the various libraries allowing programs to communicate with proprietary instant-messaging networks, such as ICQ, AIM, or MSN. I did a little work with libicq back when I worked for Jabber, so I know something of the processes involved here. By capturing the network traffic flowing between the SL client and the Grid, they have worked out many of the details of the communications protocol and many of the functions which may be called upon in the server.

LL has stated, on at least one occasion, that the reverse-engineering work being done by the libsecondlife project is legit, and not a violation of the TOS. In fact, some Lindens are even involved with the project, and libsecondlife has been successfully used as a tool to expose bugs in the server-side implementation of SL. (The server code needs to handle anything the client can throw at it, even stuff which is obvious garbage, even if the real client would never even dream of sending such a thing. This is in keeping with the prime security rule for client-server software systems: You can never trust the client. libsecondlife allowed non-standard data to be thrown at the server, to see what happens.)

The creators of libsecondlife speak glowingly of possible applications of this technology, such as IM clients allowing people to send and receive real-time IMs in SL without using the complete client to do so. However, two of its best-known applications are, shall we say, somewhat more problematic. CopyBot was one of those, and, while the most dire predictions of various concerned individuals, including myself, did not come to pass, the aftereffects are still being felt by many. Another one appears to be the appearance of “CampBot” avatars, created and operated for, seemingly, no other purpose than to siphon money from camping chairs at casinos and other popular locations; indications are that these avatars are guided by “autopilots” created with libsecondlife. (While I’m not fond of camping as a general rule, I don’t think hordes of CampBots are fair to either the people deploying camping chairs or the newbies who seek them out to provide some manner of income, now that LL has completely shut off Basic stipends.) Still another involved the creation of “megaprims” larger than the 10-meter restriction for ordinary prims. (This illustrates the point I raised earlier: the megaprims could only be created because the server didn’t check the dimension values being fed to it by the client. LL has since fixed that hole, so no new megaprims can be created.) These megaprims are known to confuse the sim servers to a certain extent, yet people still use them, and, furthermore, sell them. There are some indications that LL may be cracking down on the megaprims, but they still exist. (A sky structure constructed using megaprims is visible from the Gin Rummy’s skybox office/conference room, for instance.)

There are allegations that many of libsecondlife’s project members are little better than griefers, or, worse, are griefers, or members of various griefing groups, and that they sit back in their private IRC channel and laugh while their tools are used to wreak havoc on the Grid. (Side note: “Griefer groups” are one thing we don’t need, no matter what tools they’re using. If I were in Philip’s shoes, I’d do everything I could to locate all identifiable members of these groups, then mass-ban and call in the FBI. These groups not only wreck the experience of SL for all the legitimate end users, some of whom are paying customers, they wreck it for all the companies coming in and setting up shop in SL, all of which are even higher-paying customers. This is one instance where “good business” and “the right thing to do” go hand-in-hand.) In my post on CopyBot, I argued that “the libsecondlife project needs to ‘clean house’ in a big way.” This does not appear to have happened, at least not to any great extent.

It’s a shame, really, because, from a purely technical standpoint, libsecondlife is working in an interesting and challenging environment, and I might have the ability to contribute something to their efforts. As long as the specter of griefers and griefing hangs over the group, though, I am leery of involving myself in any way with their project, even to the extent of downloading their code to try it out. And therein lies what should be a major cause for concern on the part of libsecondlife: if their reputation is such that potential contributors are scared away from their project, does this not run contrary to their stated goals? I quote from their own home page:

The libsecondlife project is an effort directed at understanding how Second Life works from a technical perspective, and extending and integrating the metaverse with the rest of the web. This includes understanding how the official Second Life client operates and how it communicates with the Second Life simulator servers, as well as development of independent third party clients and tools.

How does their association with griefers and griefing mesh with this mission statement? Is this not a concern which should be addressed, post haste?

I still think, as I originally stated, that the ultimate solution to restoring libsecondlife’s credibility is for LL to assume administrative control of the project, setting up a sponsored “foundation” to manage the source tree, hold the copyrights (with availability under the same licensing scheme that libsecondlife uses now), and serve as an umbrella for development work on the project. This is similar to the arrangement that Jabber Inc. has with the Jabber Project, and it has been largely successful for both. (In fact, largely due to the synergy between the company and the project, XMPP, the Jabber protocol, is now an Internet standard.) However, in order for this to work, the existing leaders of libsecondlife would have to cede some degree of control of their project…and that would appear to be unlikely.

Still, it would be worth it to see LL make the offer, just to see how the libsecondlife people respond to it. The logical choice, if they truly are interested in what their mission statement says they’re interested in, would be to accept. After all, they would surely benefit from increased resources, increased cooperation from LL, an “official” imprimatur given to the project, and perhaps even to LL hiring some of the libsecondlife developers. If, however, they turn it down…some may then draw unsavory conclusions about where their true motives lie.

What can those of us on the “outside” do about this right now? Very little. Mostly, we can just watch…and wait.

“The price of freedom is eternal vigilance.” – Thomas Jefferson

“CONSTANT VIGILANCE!” – Mad-Eye Moody, Harry Potter and the Goblet of Fire

8 Comments

Filed under Griefers, Philosophy, Technical

Beyond the Abuse Report

If the numbers quoted by Daniel Linden can be believed, close to 2,000 times per day, Residents pull down the Help menu, select “Report Abuse…” and fill out the form to report abuse of one sort or another. But, once they hit the button to send those reports on their way, some Linden has to look at all those ARs…a Sisyphean task, to say the least. LL has concluded that “something must be done” about this, as, obviously, putting more people on reviewing ARs will work for awhile, but won’t work forever. Daniel’s posting on the Grand Unified Linden Blog says:

The main thrust of this project is to move our process away from the current one report/one resolution model and towards a system that with will quickly and accurately identity and manage those individuals and behavior that make Second Life feel unwelcoming or unsafe. The revised system will focus also on moving problems towards more useful paths for resolution – specifically by enabling and encouraging the development of inter-Resident mediation and dispute resolution options for those issues Linden Lab isn’t equipped to resolve. A further emphasis will be placed on self-resolution — by improving existing tools like mute and parcel-based access restrictions.

But what does that mean, exactly? Tateru, writing for Second Life Insider, seems to be waiting for the other shoe to drop. Prokofy, on the other hand, writing for the Second Life Herald, sees the specter of Resident government rearing its ugly head. Apparently, that’s been proposed at least once…and most Residents preferred the “benevolent dictatorship” of the Lindens. But if that threatens to devolve into anarchy because the Lindens are overwhelmed…what then?

Perhaps the answer lies, not in a full-fledged “Resident government,” but in a smaller-scale endeavor, a “peer court” system, if you will. Here are some sketchy notes on how such a thing might work; parties for whom this piques their interest are invited to comment on it and fill in any holes I might have left. (And I will not be banning anyone from this blog. I won’t even delete comments unless they’re obviously garbage, and I pledge to make a note of it if I am forced to do so. Akismet should catch all the obvious spam anyhow.)

Appointment to the “peer court” would be by petition, with each Resident wishing to become a peer judge required to submit the signatures (validated in some fashion) of N other Residents, where N is some relatively-large number, large enough to make gaming the system impractical, yet small enough that people won’t give up in frustration. I’m thinking N=100 for starters. Additional restrictions might be imposed on signatures, too, such as “no more than X% of signatures can share a group membership with the petitioner.”

Peer judges would be randomly assigned Abuse Reports to review, where they would make recommendations to LL as to what the consequences should be. (There should be a set of “best practices” for peer judges to follow, which would have to be carefully drawn up beforehand.) They would be permitted to question the victim, the accused, and any witnesses, but would be required to render a recommendation within some small time limit (72 hours?). Note that this would just be a recommendation, which LL would have to either confirm or not. The recommendation would include a report on anything the judge found 0ut in the course of investigation that would justify the intended consequence. At this stage, a lot of the obvious junk can be weeded out and the clear-cut cases handled quickly; extra time would have to be taken to review the ARs where facts are in dispute.

Since LL would review recommendations before implementing them, it would act as both the “court of last resort” in appeal and a check on the performance of the peer judges; peer judges who diverged too often from the “best practices” would be required to justify themselves to LL, on pain of removal from their peer judgeships and other possible disciplinary action. If they can justify themselves…well, perhaps the “best practices” need to be revised; this possibility should be accounted for. There would also need to be a “grievance procedure” for Residents who felt they hadn’t received a fair shake at the hands of the peer judges.

Now, I will acknowledge that there are probably more holes in the above scheme than in a shotgunned Swiss cheese; in particular, I’m assuming that all participants are reasonable people. It’s probably closer to the truth that people would try to game this system six ways from Sunday. Griefers would try to get appointed as peer judges so they can let all their friends off scot-free; the random assignment of ARs to peer judges would make this a dicey proposition at best, but it must be considered. (One might be required to pass a “background check” with LL before becoming a peer judge…but would that encourage griefer groups to try a “carnival booth attack” to find someone that would slip past that requirement?) Peer judges might act capriciously in dispensing justice, letting their friends off and throwing the book at their enemies; would LL’s review of their actions against the “best practices” be enough to act as a check on this? And real troublemakers would be the type that would cry “foul!” on the judges even when there was no impropriety; would this result in more work for LL, having to deal with grievances filed by every two-bit cagegunner who doesn’t like the thought of being held responsible for his actions? There’s also a big issue to consider: what’s in it for the peer judges? Why would someone become one? Would they be compensated for this work? (Probably not…LL has been moving away from compensation schemes like that. Example: the end of Instructor subsidies.) And I won’t even get into the issue that LL itself may be biased towards or against certain people…though some who read this will no doubt be thinking of that.

Perhaps LL would implement such a scheme, if it does so, as a pilot program, sending some ARs through this system (at random) while handling the others in the old way. This would be necessary to keep the initial set of peer judges from being swamped, too, until their numbers can be ramped up (presuming the scheme is found to work).

Anyway, that’s just one possible way LL could choose to handle this. Is there another way that would work better? If I’m completely off-base (not out of the question), tell me why. If this scheme could be improved (highly likely), tell me how. Just remember: If LL intends to devolve some of these functions on Residents, it would behoove us to carry on a discussion beforehand as to how that might be accomplished, rather than wait until LL imposes a solution on us. (Which they may very well do anyway…but I’d rather see some discussion of this before that happens than none at all.)

3 Comments

Filed under Community, Current Events, Griefers, Philosophy

CopyBot: Endgame or Detour?

Unless you’ve been on the SL equivalent of Mars for the past week or so, you’ve probably heard about the brouhaha surrounding “CopyBot,” a program which is apparently capable of duplicating objects, right down to textures and animations. It relies on the Open Source libsecondlife effort, which is a library to interpret the protocol used by the SL client that is currently in development. I’m going to try and piece together what is known, and then offer a few observations.

When the news first broke about the existence of this device, there was a great hue and cry from the content creators of SL…spurred along by a response from Robin Linden that seemed lukewarm at best. She said “copying is not necessarily theft,” and, while she is technically correct, that was probably the wrong thing to say at that point. Eventually, LL clarified its position:

[...] the use of CopyBot or any other external application to make unauthorized duplicates within Second Life will be treated as a violation of Section 4.2 of the Second Life Terms of Service and may result in your account(s) being banned from Second Life.

But, by then, the damage was done. Reports started surfacing of businesses closing due to the potential for CopyBot abuse, and a spike on the LindeX at the same time indicated panic selling of L$ might have begun. The affair gave every sign of turning into a full-scale witch hunt, which even ensnared an innocent maker of vendors. Some businesses issued stern warnings about the use of CopyBot (incidentally, after seeing the warning from GuRL 6, I crafted a similar one on behalf of Don’t Panic! Designs). Others put up “CopyBot blocker devices” that repeat the “!quit” command over and over, in an attempt to force any instance of CopyBot that might be listening nearby to close down. And, while the libSL developers protested their innocence, pointing out that they had pulled the source for CopyBot out of their development repository, evidence surfaced that the developers were gleefully anticipating the havoc they would wreak with their “object stealer.”

Prokofy Neva, of course, is utterly ripshit, accusing the libSL group of being nothing more than a glorified griefer group, and accusing LL of being, at minimum, utterly clueless, if not outright malicious, for associating with such. On another side of the issue, the esteemed Ms. Ordinal Malaprop contends:

To be quite honest I doubt that there will be many instances of copying and distribution resulting from these tools in practice; the vast majority of residents have no interest in such activities, and the vast majority of those left have not the technical abilities to carry them out or the knowledge that they are possible.

[...]

To be honest it is too early to tell what sort of development of the Copying Facilities and changes to the world will result, and I would say that it is *certainly* premature to shut up shop, but the mere idea is disturbing to many.

And now we have some hard data on the impact of CopyBot: just uner 100 complaints total, involving some 50 individual Residents, over the course of a few days. While even a fraction of that number of complaints would certainly be cause for some heightened concern, the fact that so few people were involved–less than 1% of the typical number of people logged into SL at any given time, let alone the total number of active or registered accounts–would scarcely seem to mean The End Of The World As We Know It. Perhaps Ms. Malaprop’s statement is closer to the truth of the matter…as is Tateru Nino’s:

The most severe effect that copybot will have on Second Life will be our reaction to what we /fear/ will be done with it, rather than anything that is actually done.

The first observation I could offer is that Cory Linden is right: There is no way to completely stop someone from copying an object, or at least the physical properties and textures thereof, in SL. If it can be displayed, it can be copied. This is like the old axiom about scrambled cable channels: no matter how badly the video signal was scrambled, somehow it had to be capable of being de-scrambled so it could be sent to a normal TV set. People have already had success in copying textures from SL by intercepting the stream of information going from the SL client program to the graphics driver that displays it. You can’t stop that without a fundamental shift in the way the graphics subsystem operates…something which falls firmly into the realm of Things That Are Not Going To Happen.

Which leads me to another fundamental point: you cannot assume a secure client. Even if someone runs the unmodified client as downloaded straight from LL, you have to assume that this client will be run on “Satan’s computer.” People will packet sniff, they will disassemble, they will do anything they have to to try and break your protocol or data format or security system, if they want to badly enough. They could even be running the client inside a VMware virtual machine or equivalent, with their debugging tools on the “outside” of the VM, and the client would never even know it was being watched.

Given the above two points, an effort like libsecondlife was pretty much inevitable…and, in this day and age, since the power of Open Source is apparent in many ways these days (see: Linux, GNU, Mozilla, OpenOffice.org, etc. ad nauseam), it was natural for the interested parties to combine their efforts into an Open Source project. Some people have held that they shouldn’t have opened the source, since it makes the code far too accessible to those interested in griefing. My response to that: Open Source is not to blame here. Not having the source would not make griefers’ tasks impossible, just more difficult. At least, in this instance, people, including LL, have some knowledge of what the libsecondlife developers were up to. Another group, working in secret and sharing their knowledge only between themselves, could have accomplished the same thing, albeit slower. CopyBot might have appeared, not today, but several years down the road…say, when SL had become even more successful and accepted by RL corporations…and when a successful security attack would be far more damaging than it is today. And combating the efforts of such a group would be more difficult; you might have to reverse-engineer their attack program to figure out what the vulnerability is and stop it.

This is not to say that we’re in the best of all possible worlds now. It looks to me like the libsecondlife project needs to “clean house” in a big way. In fact, I would go so far as to recommend that LL, which has some interest in libSL right now anyway, should take over the administration of the project entirely, and should eject developers from the project who are using the tools to intentionally violate the TOS. If it’s that valuable of a tool to them, for use in spotting possible exploits and such, why aren’t they administering it? They might, for instance, establish a “libsecondlife foundation” to hold the code in trust and coordinate its further development; this would be similar to the relationship that currently exists between the Jabber project and its corporate sponsor, Jabber Inc. of Denver.

People would also do well to remember that the CopyBot as it currently exists is not capable of making perfect copies of all objects. It cannot, in particular, copy scripts. This makes sense, as scripts are designed to be executed on the server; the only time the client ever sees the script source is while it’s being edited. In this limitation might lie the key to recognizing copied objects. I can envision a system, for instance, where each object would contain a script capable of answering a “challenge” from outside and responding with a message indicating that the item was the genuine article. A counterfeit object would not contain the script (assuming the script itself could not be copied by other means) and hence would not respond to the challenge, marking it as a fake. There remain many practical details to be resolved here (not least of which is the communication method to use for the challenge/response…having the object listening on a channel at all times for the challenge would cause many people to start screaming “LAG!”), but a scheme like this could provide at least some method of detecting unauthorized copies and act as a stopgap until LL can beef up their own means for doing so.

In Neal Stephenson’s Snow Crash, Hiro Protagonist recognized that the coming of the Snow Crash digital virus represented a need for a fundamental shift in the design of the Metaverse, with more emphasis on security. We may face a similar moment here in the history of our own Metaverse. But, just as the Chinese character for “crisis” is a combination of the ones for “danger” and “opportunity,” so too does the CopyBot crisis represent both a danger and an opportunity…one which I hope LL, the libSL developers, and others will rise up to the challenge of. In the meantime, stay the course. Content creators, keep watch for anyone trying to use CopyBot to steal your creations, and give some thought to technical measures whereby such may be detected. Residents, pledge yourselves to refrain from violation of copyright, and urge your peers to do likewise. And keep your eyes on LL and the libSL developers…encourage them to do the right thing.

“These things pass. The trick is to live through them.” – Lazarus Long, Time Enough For Love, Robert A. Heinlein

8 Comments

Filed under Business, Current Events, Griefers, Technical

Unnerving Developments

Everybody knows what happened five years ago today.

For my part, I was still in bed when I got the news. I had just been laid off the previous Thursday, and we had just brought home our second cat the day before. Pamela woke me up to deliver the news and turn on CNN in the bedroom. I felt sickened by the sight…and pissed off.

Maybe the fact that this is the anniversary of that horrible day is what makes this report from Reverend Triste Bertrand all the more disturbing:

It seems that nearly all of the Christian areas on the Grid today were attacked in some way. ALM CyberChurch was particle-bombed at least four times while I was there during worship and during the afterglow, and Christian Gide mentioned that a lot of Christian ministries were being attacked today. There were two Residents at the church this morning dressed in Taliban or Muslim garb attempting to disrupt the service. [emphasis mine]

If taken at face value, this report is profoundly disturbing.

I’m trying to warn myself, “Don’t make too much stew from one oyster.” There’s no evidence that those two griefers he described actually were Muslim; they just wore the clothes. It could easily have been just two random Resis out to get their jollies by disrupting a church service, for any reason or none. (Heaven knows there’s a lot of anti-Christian sentiment in this country, most of it having nothing to do with Muslims. But it could have been a truly random attack as well, just picking the church service as a target of opportunity.)

In fact, I hope it’s just that. Because the alternative is that Muslim terrorism has now come to Second Life.

And the thought of that makes me sick. And pissed off.

(Please, no political thrashes in the comments…if you want Electric Minds, you know where to find it.)

UPDATE: Triste elaborates on the attackers in his own 9/11 tribute post:

[...] the two I mentioned were actually in muslim-oriented groups in SL (I checked both their profiles early on the moment I noticed them). The bomb during the fellowship time was actually kinda funny. The particles were pictures of Bill Cosby holding a Jell-o® Pop with the caption “JELL-OWNED!”. Since they are particles, it’s easy to shut them off using menu commands. I did take a few moments to step outside and turn on the ability to view particle sources, to see where it came from if they attacked again. They didn’t try after that. But then, that was probably also because a Linden arrived shortly thereafter.

While I’m relieved that the attack was not particularly destructive, merely annoying at best (and yes, Triste, particles can be textured; I have a custom particle poofer that emits floating Electric Minds icons), the fact that the attackers were, in fact, associated with Muslim groups is a worrisome step along the path of the “Muslim terrorism” explanation. Again, let’s not be too hasty; they may not actually be Muslim themselves, just sympathetic to or friendly with Muslims…but that’s a big problem in and of itself. My advice to all Residents: Remain watchful, and AR as necessary if you are the victim of an attack. (Probably good advice at any time…)

1 Comment

Filed under Downtime, Griefers