I’ve put the source for my previous XBAP experiment online on the OpenSim forge - we’ll move this over onto a dedicated system and setup SVN there. For now it’s just a convenient location for the code. In the process, we’ve christened it “Xenki” - it’s a mix of “X” (for XBAP) and “Enki”, an ancient god of crafts.

You can download the sources from the following URL:
http://forge.opensimulator.org/gf/project/xenki/frs/?action=FrsReleaseBrowse&frs_package_id=6

A warning in advance - the quality of this code is approaching rock bottom, the handling of triangles for instance is terrible (we create a seperate 3DModel instance for each triangle in the scene. You have been warned). It’s probably going to need a scrap and rewrite with a bit more forethought to the design - this was an initial “will this work?”

I’ve registered the domains, so we’ll have something up shortly - if your interested in contributing, leave a comment and I’ll get back to you once we’ve got some SCM up.

Enjoy.

Yes, It’s alive.

As previously posted - I’ve been playing around with doing a viewer in WPF as a XBAP Browser Application. The above is a screenshot from it - at the moment it’s pretty primitive. No textures or colours (everything is a black box), however scales and positions are set correctly.

This is about 2-3 hours work so far (most of which was learning the WPF SDK), but it’s showing promise already. One of the problems I have been having is that the security sandbox requires cryptographic signatures on each component (and there’s a valid reason behind this), but getting that signature on libomv  has been painful, so for the moment I have abandoned the sandboxed version and require a small installer on the first run.

I will post more as I finish bits and pieces. The code is very first-generation hacky and ugly, but in theory there’s some potential for promise here.

Update #1: Slightly better image

After discovering that everything was black due to a lack of light sources in the scene, I have added two and the results look a bit nicer.

So, I’ve discovered XBAP. It’s a little secret technology that Microsoft developed as a way of running WPF applications in a browser, and I do have to say it’s very useful and handy.

An XBAP is a full blown application running on the .NET platform. It can access everything .NET can access within a security sandbox - including the Direct3D API. The sandbox is a little bit annoying but quite understandable - and most awesomely - it runs under Firefox fine, I’ve been using Firefox to debug.

Why not Silverlight?

When Silverlight was first released - I was quite intriguided. Not only do you get C# and a .NET environment, maybe we could do a version of OpenViewer running in Silverlight? We’ll after careful examination - Silverlight is capable of neither decent network access, nor any hardware 3D rendering capabilities. (I do have to question someone investing all this time in a “Flash Killer” and neglecting to add 3D capabilities. But I digress…). So the idea’s been dormant ever since I discovered this.

A few days ago, after my friend Tish Shute mentioned a MS developer talking about tighter integration between Direct3D and WPF the other day, I dug up in my head this thing I’d heard of once before called an XBAP - it’s basically a WPF Application, but hosted inside your browser, and in the last year since I checked it out, XBAP has improved a lot.

For one, it worked inside my Firefox browser painlessly without me apparently having to install anything (.NET had already put the appropriate plugins in place). It also just-so-happens to support hardware 3D rendering, direct network access (Hi libsecondlife libomv!), and a few other shiny things as long as the application sticks in it’s sandbox.

OpenViewer - meet Lively.

One of the things I really do dig about Google’s lively client is just how seamless it integrates in your browser. It’s not a full blown 3D world no, but I think Google got one thing right: Make it as easy to get instant gratification as humanely possible.

I think this is one lesson that the OpenViewer project might be able to take onboard - and XBAP might be an easy way to get there (at least for Windows clients)

The drawbacks (and there’s some reasonable ones)

Nothings perfect, and unfortunately this isn’t a perfect solution either. There’s some problems that wont be completely easy to solve, and some aren’t solvable in the current form.

First is the security sandbox - unless the user downloads and installs the WPF application (then hosts the installed copy) you get no local storage meaning no cache or access to the local harddisk (including uploads). Big catch.

Second big catch - it’s Windows only. Looks like Vista at that. While it may run on Firefox under Vista, this wont be a foolproof solution for Mac or Linux users, at the moment, Mono lacks a complete WPF implementation which means it might be a while before they get it (and even then it would be in standalone mode rather than in-browser)

Third catch - Performance doesn’t seem highly optimal when rendering complex 3D scenes. This one I think may come largely from the experiments I have been doing using a lot of brute-force methods, I expect this one to be somewhat capable of workarounds.

Toying as a viewer

Right now, I’m in the early early stages of getting a viewer up and running as an XBAP - text-only we can do no problems, getting 3D in adds a degree of complexity since we still cant use libprimrender due to LL licensing issues. I’ll be using the OpenSim Meshmeriser library instead here for the moment, although accurate rendering would be great.

I expect to post some screenshots in the next few days as I get this to a reasonable level - if you are lucky, I might even publish the XBAP file so you can play around with it. Source will be forthcoming after I’m happy enough with it.

It’ll go under a different name to OpenViewer - mainly because of the non-portable problem. I’m using the name internally XBAPViewer right now, but I’ll think of something better before it’s released.

I briefly touched on previously the concept of fingerprint registration as a method of verifying object legitimacy before. What I’d like to now go into is the technical side of things, first answering whether it’s possible, and secondly answering how much “tamper-proofing” one of these signatures can withstand before.

This post is aimed at researchers and programmers in the field. It contains lots of unashamedly technical language. You have been warned. Second warning is - we’re only going to cover Primitive Groups (”Objects” in Second Life) as things such as sound and texture fingerprinting have been covered in far more detail by researchers far more knowledgeable than myself.

Firstly: Is it possible?

The short answer here is yes - the long answer is still yes - but the solution isnt very good if a single change is enough to break the entire fingerprint. Most fingerprinting schemes such as MD5/SHA are designed to signify if any slight change has occured, but in our case we dont want to know if a slight change has occured so much as if it’s still similar to the original.

In the cases above, you can make very “short” fingerprints since you have very specific criteria you are matching against for tampering. In our case, if someone resizes the object slightly it shouldnt break the entire scheme.

So, onto some ideas on how to measure similarity between objects - any good fingerprint is going to take into account a number of these measurements and decide on how many are similar. The fingerprints should be easily comparable too - because searching a database of a million such fingerprints should be doable quickly and easily without too much database load.

Volume to container volume ratio

The idea here is to measure the volume of the entire object (that is, the space it would displace if dipped into a bucket of water), compared to the volume of a box big enough to fit it exactly. A square object would leave no water remaining, and hence have a ratio of “1.00″, but a sphere leaves a much more distinct mark.

Objects which are very similar are going to have very similar volume displacement ratios, resizing a single component (or primitive) of a larger set is going to do very little at changing the ratio unless it is a very significant change.

It is worth noting that you need a minimum complexity for this metric to be of much value - very simple objects are likely to generate lots of collisions and false objects (as there is only so many spheres and boxes that can be described), which brings us to point #2.

Caveat: The bounding box needs to be the smallest possible bounding box for any possible rotation of the object to be effective at comparison. Computing the optimal rotation may be expensive (although something that might in theory be doable with a boolean search through rotations)

Simple facts about the group - Minimum Complexity

Things such as the number of primitives, the types of primitives used, etc all form a group of simple facts - unfortunatley these are the most distortable and easily changeable - but again if you change too many you end up with a very different looking object.

It’s important to note however, it’s possible to add a lot of “invisible” primitives onto it to add numbers to this, but not change the object, so it’s key that we use this metric simply one way - the minimum complexity must be close to equal or exceed the original fingerprinted object (give it a say 20% fudge-factor for people who can clean off bits and pieces trying to dodge this metric).

Primitive “Levenshtein” Distance

In computer science, the Levenshtein distance is the number of characters you need to alter, delete or insert between two pieces of text to get the same string. It’s used in spell checkers to try correct common typos (ie it picks the thing closest to what you had).

I think it could have a practical application here too - if we consider two seperate objects as pieces of text, then we calculate the number of primitives that need to be changed, inserted or deleted to match the other object. If we consider each change seperately (size, rotation, shape, etc), an object derived from another object would have a fairly small distance, however this solution does break down when we consider objects with a very small number of primitives to begin with.

Creating a signature with these

It’s best if we consider each of these a seperate signature that is never combined, rather when you compare the signature, you actually compare a set of signatures like the ones above seperately, then you calculate how many of them hit a collision vs how many did not.

The ultimate caveat here is that none of the solutions work very well when the object is not very complex to begin with. I suspect on any object with less than 20 primitives this is not going to work too well (although the effectiveness of the measure will increase dramatically with each additional primitive in the group.)

It is also worthwhile to take watermarks of any associated assets such as textures and materials and handle those seperately as this should try to survive an object being retextured, or in the case that someone rips other peoples textures for an unassociated product.

For computational expense purposes, each signature should produce a number - ideally a nice integer number, a database table can then be indexed by each signature so that you can search for a range within say 10% of each and every index quickly and easily with minimal of lookup expense.

Final notes

The above can be used fairly indiscriminantly as checks that can be done on any client anywhere since the algorithms do not rely on any form of obfuscation. An agency setting up something to mark signatures of popular items would likely want to employ these style signatures, plus a bunch of hidden ones so that an attacker did not know exactly what they were looking for — however any good long-term solution should survive public scrunity of the algorithm as well, it just may be difficult to do so due to the lack of large amounts of data to compare (unlike say sounds of textures).

So, in my previous few posts on this topic - I have somewhat neglected covering the practical alternatives. Things that can be made to work, and can be difficult if not impossible to break. I’ve made some mentions before on things that can be done, but I’m going to elaborate on them here.

The Good, the Bad, and the Ugly.

To begin with, we’re going to need to make a divide between ‘good’ and ‘bad’ consumers - good consumers are going to be defined as your standard consumers - the people who like to purchase legitimate content from the legitimate sellers - and like to know that they have bought legitimate content.

The second group are the group who dont really mind if they purchase pirated content (or get it for free), this group is somewhat of a lost cause. They dont tend to buy content today, and they probably wont change that habit in the future.

What you want to target is not minimising the size of the second group (all that will do is waste time and is unlikely to get you any kind of extra revenue), but preventing as many of the first group from slipping into the second group (intentionally or unintentionally)

Signing content

Just like a signed copy of a book is worth more than the plain hardcover, it’s possible to sign a purchase with a “To <buyer>, I <content creator here> can affirm this is a legitimate copy that was sold to you.”, there’s a few ways of doing this, number one:

Verifying purchases via a server

Have a registration server - anyone can see the signature of your item and confirm it against the server to see if the person who has it legitimately bought it. This does have the downside that you need to maintain your server ad-infinium if you want people to be able to verify your content.

Verifying purchases via cryptography

This is a niftier solution, and should work for all time as long as people have a copy of something called your “public key”. This means that when you sell the item to someone, you add a digital signature to the purchase with “XYZ bought this from me.” and then sign that message with something called your “private key”. As long as your public key is public - anyone can use it to verify it was you who really signed it.

Pros of Signing Content

• People can verify that a purchase they made came from the original creator legitimately.
• Other people can verify it too - lowering the social value of possessing fakes.
• Helps build up a brand

Cons of Signing Content

• Relies on people recognising content to be able to say it was a fake of designer X.
• You need to probably rely on a mix of both cryptographic signatures and verification services which will likely involve a cost - for a identity-verified cryptographic keypair (such as the ones Verisign provide), and the cost of hosting the service.

Fingerprinting (”Watermarking”)

It’s possible to take a digital asset, and produce a fingerprint of it - fingerprints, like their physical counterpart are very good signatures of someone, but they arent someone themselves. In digital terms this means producing a smaller version of the asset that is unique to it, and registering it so that if any “clone” shows up, it can be said to be derived from the original asset.

Services exist already for print media which register these fingerprints so that if they are ever used elsewhere, someone can verify who originally made the asset.

Pros of fingerprints

• You can verify a fingerprint with a third party to see the original creator of the item.
• Help when filing copyright infringement notices because you have the registration to act as a “I did this first”.

Cons of fingerprints

• Fingerprints cannot tell if something is or is not legitimate alone.
• Fingerprints can be “smudged” by tampering with the asset, the more “smudge-resistant” you make it, the higher chance false positives can occur.

Make it as easy to buy legitimate content, reward those who do.

This one is more of a business opportunity for some individual or group - but make it possible to buy your content on an amazon/iTunes equivilent which is quick and easy to purchase from, and guaruntees legitimate content.

If your content is a pain to purchase, the chances of someone getting frustrated and either nor purchasing, or getting via less-than-legitimate means increases. Reward the consumers who do purchase legitimate content with updates and other services that people getting the false one wont - as a side bonus this will instill some brand loyalty and likely get them buying more content from you in future.

None of these ideas are mutually exclusive - they work best together.

Fingerprinting is complemented nicely when you have signatures attached - in doing so, you can combine them to say “This is not a legitimate item, the original was created by XYZ who’s signature is missing”. By doing so, you can place social pressure on people to purchase the real thing.

While there will always be a group (mentioned above) who dont care - the majority (the good consumer group) will, and will likely try purchase legitimate whenever possible. If merchants present their digital signatures and a third-party verification as part of the purchase process, then it becomes signficiantly more difficult to buy a fake unintentionally.

One last thing

This list is not a total list - it’s what I thought of in five minutes. There’s plenty of other ideas which can be made to work, a lot of it requires third party verification from reputable services, but thankfully neither of these is a new thing. Digimarc provide watermark/fingerprinting services with registration already today for print/web media, and Verisign provide the cryptographic keys nessecary for signing content. (The algorithms for which are very well documented already having been invented at least thirty years ago)

So it turns out, that I need to make another post on this topic (although I’d like to say this is hopefully the last for a while - I do have some more interesting topics to talk about).

OpenSim supports C/M/T-style Permissions on Regions, by default (as it’s shipped), it’s enabled.

You can take a look at the code if you want. If you only read one line, read the one above. It’s important. Keep it in mind as I continue, please.

Now, yes - someone can come in and override those, and say “I want my region never to support permissions” and anything rezzed in them will never have any, however that is no different to someone taking the official server software (whenever it is released), opening it up in SoftICE and doing exactly the same thing.

The point I have been trying to make is: You cannot rely on permissions, even today, to be infallible - because they are not. Adding “copy protection” schemes (which are *not* the same thing as a permissions system) will not make it any different, because they simply do not work.

Permissions are different to copy protection

Both of these are technical terms, permissions mean “I the gatekeeper will allow you to do these things on my service”.That is, the service itself will say “No” if you try use them to do something they forbid, and all their assistance ceases (and you may be banned/disconnected/whatever)

Copy protection on the otherhand means “I’m forbidding you from touching this thing I give you”, one is enforcable becuase you need the gatekeepers assistance to do something and he wont provide it if you violate the permissions, but the second is not because there’s absolutely nothing stopping you from walking over and doing it anyway.

A better example might be say a key and a lock. A permissions system is setup so that you have a key, and the lock understands that key. It says “You can open this door, if you have the key.” - assuming solid enough construction, it’s a reasonable barrier to mischief.

A copy protection system is a locked box, with a key dispenser right next to it. It’s kinda pointless when described that way, but that is effectively what they are.

OpenSim supports the “gatekeeper” style permissions - SL does exactly the same thing.

Permissions have limits

The big problem here is, and something you may construe from the above is that permissions provide absolute protection. It’s something I have tried to clear up previously (and why I have been saying that it is not worthwhile to rely on these)

Limit #1: Permissions are only as reliable as the service that is enforcing them.

This means, that if someone decides to swap the default gatekeeper with one that’s less scrupulous, there’s nothing you can do. The best you can do here is pick a service that is going to be fairly rigid about making sure they behave properly. Second Life does this today, other services will likely do it too.

The key is probably going to be that services allowed to interconnect with popular reputable services are going to be legally enforced and contracted (and likely have large sums of money in the balance of it) to make sure they play together nicely.

Limit #2: You are only protected as strong as the weakest link.

At this point, the client is the weakest link. To use a phrase that has been repeated often enough “If you can see it, you can copy it.” It actually strikes me personally as significantly more difficult to go to the bother of connecting to a service as a server in order to rip content, when you could just take it from the client using reasonably well tested tools such as GLIntercept, Copybot, Cache rippers, and others - and do so without the service being able to easily detect you.

The above tools cause posts about content theft at least once a month in Second Life - your content is effectively “easy” to steal right now, and it wont get any easier. Yet people continue to make sales, to make new content - in the long run, this wont make anything substantially different than it is today.

OpenSim’s current permission support

OpenSim is still alpha software (as we keep saying), but it does have a permissions manager, as far as I’m aware at time of typing, it supports all the C/M/T permissions roughly as intended. As always however, there are probably bugs in our implementation - if something isnt working right (such as say sitting on an object suddenly makes it copyable) then reporting that as a bug is always appreciated.

The intent of the developers has been to provide modules to let you create SL-style environments out of the box, and part of that does include creating permissions managers which emulate SL-style functionality, the current permissions manager is based on two previous versions, and 90% of the ‘core’ developers have been inside of it at one point or another tweaking and adjusting it, there’s a group effort involved in it’s development.

Returning to the point I made at the beggining of this post:

Point #1: OpenSim supports a basic C/M/T permissions module right now. It’s not perfect, but there it is. It’s been there in some form for a while (probably 6-7 months at least.), it’s the current developers set of intentions to support this - it’s on the list (admittedly there is a lot of other things on the list too, but then again it’s alpha software)

Point #2: It’s enabled by default - that means if you download a precompiled version of OpenSim today, it will be in there and turned on. Yes someone can go into the code and turn it off - and being able to customise opensim is part of it’s design because not everyone is building SL-style worlds with it.

Finally, this is nothing that hasnt been said before.

By default OpenSim - right now, supports your standard SL-flavoured permissions as the default permission module, it’s there today - yes you can swap one permission module with one that doesnt respect those, and yes you could remove it entirely.
- Copy Protection Nuances

The presence of the Open Grid Protocols allows one more potential avenue of attack, but to a malicious individual, this is more difficult than just grabbing the asset from the local cache, or using a tool such as GL Intercept, because it requires connecting in additional servers and dealing with a lot more than you absolutely have to.
- Copy Protection Nuances

Infact we’ve never ever said anything to this effect. The environment we build by default (and that’s the components we ship to do things like a Second Life™ environment), we’ll try our best to respect permissions infrastructure as best we can - but there are limits to what we can practically do, we cannot alter the fundamental laws of mathematics and computer science (see my previous post for more on this) for example.
- OpenSim is not a Virtual World

Disclaimer: This is probably a bad idea in motion, I make no claims as to how well this could hold up in the long run or real world - I have some personal concerns about how Amazon is able to scale their S3 service effectively, and the recent downtime should give cause to think first before putting this into production.

If you want to be a cool geek these days, you absolutely have to insert the words ‘cloud computing’ into every other sentence. It’s no suprise then that one of the more adopted and interesting toys in the last year or two has been the Amazon Simple Storage Service (S3 for short).

It’s a “cloud” based storage solution, where you can upload files onto the cloud relatively cheaply. It’s being used in places Akamai used to be used for mirroring and proxying of frequently accessed files. (Even Linden Lab uses it for distrobuting their updates.)

The price is right, and the solution is fully programmable via a convenient web API, so it’s snuck itself into all sorts of places. What I’d like to experiment here is using it as a complete grid asset server, for those who havnt toyed much with the OpenSim asset server under the hood - it’s effectively a webserver with two supported operations: “PUT” and “GET” - funnily enough this overlaps nicely with any network accessible storage system, S3 included.

Building a new asset storage module from scratch

First thing we need to do is go hunting for another asset storage module in OpenSim so we can take a look at the interface we are required to implement. After a quick hunt for “asset_database” (the OpenSim.ini setting) it turns up that we need to create a class that derives from AssetServerBase which in turn derives from IAssetServer.

This looks relatively painless so far, we need to make a class which implements all five of these functions. The next step is to go take a look around and see if there is a decent .NET library for interfacing with S3. Turns out there is - .NET S3. (Post-authoring note: Apparently Amazon have an official library which looks easier to use, for one it doesn’t require the delegate hackery seen in the GetAsset function)

This library, while not fantastically documented does seem to do the job quickly and easily.

Implementing the asset client

Now we are at the point where we can actually write our class, using the above library, I’ve skipped ahead and written the class as presented below:

As you can see, the meat of the function sits in the StoreAsset and GetAsset functions, in this case we’ve overridden them to save to an EC2 Bucket (”directory”). We’ve made the directory a parameter of the constructor, as long as each region on the “grid” uses the same directory, they will act as one giant asset database.

Final Steps: Hooking it up

If we head back to OpenSimBase.cs where we first went looking for “m_assetStorage” originally, on line 412 we see:

Below this, let’s add a new statement

Now, if we change the ini setting to read “s3″ our brand spanking new S3 client should fire up.

In Conclusion

I need to make some notes here, first hard coding classes like the above is a bad idea. We shouldnt be doing it for the grid asset server (and instead should be loading a class via reflection). Second we shouldnt be hard-coding the login keys - moving that up to an ini setting is preffered (and not too difficult to do properly). Third this is a untested bit of code, use it at your own risk, this was done as an experiment in approximately 45 minutes.

However, for all the above warts - this shows off the power of OpenSim for rapid prototyping, one of the great features of OpenSim is just how flexible it can be, and how little work is needed to do something completely crazy with it quickly and relatively easily.

As a contributor and member of the body which is developing the Open Grid Protocol, I’m expected to keep up to date, read chat logs, mailing lists, attend meetings and otherwise spend a lot of my day looking at information, ideas and opinions coming from the various bodies surrounding the AWG.

You’d be surprised how much there is. There’s six reasonably important meetings a week I try read or attend, each produces potentially a 10,000 word transcript. Ignoring mailing lists, and other forms of discussion, that alone is a good healthy paperback each and every week, of course there’s at least now three active mailing lists on top of that and discussions on IRC, Group Chats and elsewhere.

It’s absolutely no suprise then when people get daunted when approaching this, there’s simply too much to keep track of without turning it into a fulltime job.

Signal to Noise Ratio

That is why I’d like to ask everyone who’s contributing, not to stop - but to try help keep the discussions focused. Most of these meetings have a defined spectrum of what is and isnt the topic of the day, and some forums are better than others for specific discussions. (No, I’m not just talking about Permissions here)

That’s not to say what’s being said isnt important - just that when the topic is the value of one specific serialisation format over another please only comment if you have something to say relating to serialisation formats, as mixing and matching topics all over the place is partly one of the reasons that keeping track of comments is so difficult - they are imbued everywhere.

So, here’s a bit of an overview of whats generally discussed where

The Weekly Meetings

• Mark (”Zero Linden”) office hours - The Tuesday office hours tend to be a fairly wide-topic discussion, with the agenda announced at least the week beforehand. You can see what’s going to be discussed on his wiki profile page. The Thursday morning ones tend to be very specific to individual technical items on the specifications themselves.
• OpenSim Office Hours (Tuesday, 1900 UTC, Wright Plaza on OSGrid) - These don’t concern the OGP protocols directly, however the topic of how to add OGP support is often championed here, and Linden Lab maintains a small but regular presence. This is more applicable if you are interested in the OpenSim side of OGP affairs.
• Which Linden office hours - These have recently shifted to people involved in the early beta of the OGP prototyping, SysAdmins and other individuals who will be directly running regions compatible with the OGP spec. If you are interested in being involved in this, this is the meeting to read and attend.
• AWGroupies - If it’s not in the above, the AWGroupies tend to be the best forum. Policy, direction and others are the kinds of discussions most appropriate here. While the other meetings tend to have a very strong technical influence (given it’s related to designing the languages that computers speak to each other with), the AWGroupies has a more social issues and ethics bias.

There’s also several others which are often worth reading and attending.

The Mailing Lists

• SLDev - This is generally focused towards the viewer itself and the features it supports, initially it started as a technical list, but over the course of the last year it has become a more broad spectrum forum open to a larger number of discussions on everything from intellectual property rights (something I have posted about with a suprising degree of frequency lately) to how to compile the viewer on Dead Badger Linux.

• OpenSim-Dev - This is geared towards the OpenSim developers, although topics do spring up here as to the best policies towards default systems, best practices on being a flexible framework that anyone can use. If you are interested in the nitty gritty behind OpenSim there’s a lot of good solid discussion going on here.

• Gridnauts - This is a new mailing list which complements Which’s office hours (listed above) for people who are in the beta and testing the initial region-crossing support on the Linden Beta grid.

At the moment there’s no policies mailing list - which might be something that someone should consider setting up as a legitimate forum for these discussions is clearly needed.

A plea to those involved

Please be relatively concise where possible - brevity always makes it easier to read your (and everyone elses) opinions.

Post your opinions in the right forum at the right time - suddenly changing the topic away while issues are still outstanding on the current topic is somewhat poor form.

Condensed transcripts and summaries help a lot - I personally would appreciate if someone would take up the mantle of providing a summary of each of the meetings above (and possibly mailing lists too) with links into the chat transcripts where appropriate.

I had a very interesting discussion with David Levine (SL: Zha Ewry) last night at the Metaverse Meetup, several luminaries were present, including Prokofy Neva, Tish Shute, and others. We had a varied discussion ranging from the possible future of Virtual Worlds to an informative discussion on the feasibility of copy protection in open standards and worlds.

Reuters has some interesting coverage over here, however I do feel the need to make some corrections on a few points made. While Eric has got lot of interesting points covered, some of them are a bit more nuanced than first appear and I’d like to cover a few of them.

In OpenSim, by default, no copy protection will exist at all. “You cannot know what a foreign piece of software will do with a piece of digital content once it receives it,” Levine said. To insert a digital rights management tool into OpenSim is to invite criminal hackers to find ways to circumvent it and undermine the credibility of the software, he argued.

This isn’t quite true - at least some of it anyway. While he’s spot on with David’s comment that you cant tell what a foreign system will do with a piece of data. OpenSim does support permissions by default - the nuance here is that permissions do not equal copy protection. Copy protection (also known as DRM) I’ve covered in more detail previously.

By default OpenSim - right now, supports your standard SL-flavoured permissions as the default permission module, it’s there today - yes you can swap one permission module with one that doesnt respect those, and yes you could remove it entirely.

Unfortunately as I’ve stated before, there’s no rule of computer science that stops someone from modifying something. Good or bad it is always possible, even if you need to go down to the level where you have a soldering iron installing a “mod chip”. With open source software this is admittedly easier - but any professionally schooled programmer will have all the grounding needed to defeat a copy protection system.

This is why both myself and David Levine believe that the solution is to engineer something that involves assisting and speeding up legal systems. Modern societies decide to respect copyright laws, and therefor they built institutions such as courts to handle disputes, however Prokofy does raise the point that lawyers tend to be expensive, and if the only way to sell content is to have a professional lawyer, then we’re back to old media conglomerates.

As I have stated before, I’m not entirely sure this will be the case, there’s a number of reasons for that, first - something being broken is somewhat black and white - if there is any way to get content under terms not licensed to you, then you can do it. It doesnt really matter that suddenly there is an additional method for doing so, because it was already possible.

The presence of the Open Grid Protocols allows one more potential avenue of attack, but to a malicious individual, this is more difficult than just grabbing the asset from the local cache, or using a tool such as GL Intercept, because it requires connecting in additional servers and dealing with a lot more than you absolutely have to.

Returning to my point - I think we will find that actually people want to be legitimate, purchase content from legitimate providers - and hosting companies (who are actually powering the systems running the World) will have big financial incentives to obey the law and not have copyright infringing content on their systems (since it makes them liable, and corporate lawyers really don’t like that.)

The solutions I’ve mentioned before still hold, first - you can keep on keeping on, in all probability sales will increase rather than decrease because you will be dealing with a much much wider audience. Second - hosting providers will want to be allowed to receive content from top creators, and that means signing contracts which indicate they will enforce permission models wanted by creators (and moderated by consumer demands).

I think for us, the developers the key is to make it possible for people to say “Well, I want my content handled in these five ways.” and be able to host a world that interoperates obeying those laws. Likewise we need to make the inverse easy too so that people who want to share content themselves can, and do so easily. This part comes down to tools - which is in the domain of the technical, however if someone violates that contract, then that’s the moment that social systems need to be employed.

Social solutions do not necessarily mean legal systems - it’s possible that it’s as simple as “Well, you violated our contract, therefor we’re never sharing any more content with you”. Legal contracts will likely be the mainstay at the higher levels (as they always are), but there is nothing stopping the establishment of guilds or other groups which represent groups of content creators to enforce en-masse.

Certainly commercial pressures will cause people doing hosting services to enforce these, because if they do not, their customers will be denied access to new content which will hurt business.

It’s also possible for people to consider alternative models of distribution, including the possibility of say subscriptions to content providers, for instance paying a regular fee to be allowed access to the content creators library of content (done either per user, or per region, I can see plenty of use for this).

For those of you interested in hearing more, and exactly what myself and David discussed, a video of the presentation has gone online - you can hear our exact words and all the nuances therein (and unfortunately with a topic this complex, there’s a lot.).

It’s a simple enough question - often when I see a company or group get involved in OpenSim, the first thing that springs to their mind is “Well, we must launch our own grid!”, with each grid having it’s own isolated set of users, inventory, assets and regions the question must be asked: “Why?”.

But in most cases, this often isn’t the best of ideas, and short of internal uses it’s often counterproductive duplicating effort others have undertaken already. Running a grid properly takes a lot of work - especially if you are doing frequent updates, if your intent is on making it a popular destination for random visitors, then you have extra work publicizing and convincing people to create an account and login.

All in all, it’s a lot of work for relatively little benefit.

Alternatives to starting your own grid

Attach your region[s] to an existing grid - I personally like recommending OSGrid.org - one of the downsides to this approach is that you are relying on the grid provider for your infrastructure - if they either neglect to update frequently you may run into problems, likewise if they have downtime or stability problems, you are tethered to them good and bad.

So, why do it then?

The short answer is to do it for your users, if you require users to register an account on your grid to come view your trinket, you have effectively annihilated any chance of instant gratification so to speak. The difference between opening a map on a popular grid, and logging out then relogging onto your grid is huge. It requires a good deal of effort to to so.

The longer answer lies in pooling resources - in this case users, users may log in to view your trinket, but after they are done with it, go visit someone elses trinket nearby, the key here is that people who come for other peoples shinies may end up visiting yours too - there’s no zero-sum game here, and offering a multitude of attractions is more powerful a drawcard than yours alone.

When you should make your own grid?

There’s plenty of reasons to run your own grid however - the biggest one is privacy and wanting to run something entirely behind a single corporate firewall. Protecting intellectual property and trade secrets requires making reasonable protections when possible, and public grids are not well suited for this.

Another reason is when you want to run something solely independently - such as say a specific concert or event, where you know that your demands require customisations on the grid software itself. In these cases unless you are able to make an arrangement with the grid operator you may run into problems and hosting oneself is a good idea.

So which grids allow outside regions to connect?

OSGrid.org is the best for this since the entire grid is hosted externally - making sure this works smoothly is a goal of the osgrid admins. Connecting a region is free and there are no real terms of service at the moment to speak of, other than “don’t break the law.”

DeepGrid has allowed regions to connect since the beggining - although the grid server software is updated less frequently than the OSGrid ones. A common terms of service do apply for this and region spaces need to be reserved via the website first before connecting (rather than first-come-first-served, price is still free).

CentralGrid offer region connections too however connecting a region invokes a large fee that isnt charged anywhere else, for as far as I can see no advantage. I’m not impressed, but you may be.