Rebutting Zha Line by Line

Zha Ewry now has a post of that never references me, but which Saijanai and others view as a rebuttal of my various posts. The fact is, Zha is very good at making moderating and moderate statements that allay fears, but doesn't then run off to do the engineering to really accomplish tasks. For example, she says "we should make it easy as possible for creators to mark intent" but never specifies, ok, are you advocating that silly CC licensing crap that doesn't enable people to mark FOR SALE? Hello? Are you not voting for, and advocating, Saijanai's JIRA (which was likely put down more to provoke than solve the problem) to simply add a flag "to other grids" yes or no?

The first principle I think we need to take care of is to decouble intellectual property protection from the cyberconcept of "trust". "Trust" is truly an awful medieval concept in the hands of the cyber frontierists, as they really mean to return closeknit tribes and villages run by elders when they invoke trust systems, i.e. hoping to police freebie-sellers through social opprobrium or boycotts, or using an on-demand abuse-report system rather than policing globally. What is a trusted grid, beyond the technical specifics? A village. What is a trusted vendor, beyond the technical specifics? A village. And what Zha and others wish to do by invoking trust as a capacious and vague concept is demodernize the world (that's why they aren't progressives or futurists in fact).

What would this trust involve? Have everybody be able to rate everyone else by close, intimate proximity in a village, with all the subjective hates and loves that implies. Ebay, you say? But ebay rates not people, but transactions. It doesn't rate them in the round as people, as merchants, as builders, as vendors. It rates whether they delivered the product, and whether the product was what they claimed. It's a consumer rating on a very narrow transaction execution -- and no one in contemplating the more elaborate ratings systems of *people* and *grids run by people* place rating or trust in terms of transactions nor do they limit the concept a la ebay.

And "trusted" is a term in this industry with already a huge body of knowledge -- and controversy. I'd imagine that Zha would be a critic of "trusted computing" as she appears to lean more to Electronic Frontier Foundation belief systems, and yet...if "trusted computing" puts "too much control into the hands of encrypters (coders)" that's...the problem we have any way with AWG.

So I'm going to go through Zha's post line by line and show you what's misleading in the thinking, and the harder, simpler answers we need.

To get an equitable process where Linden Lab will meet the business requirements of the merchant and developers and broad user base, I'm coming to see that one must go outside the process of engineering, with its implied intrinsic copyleftist politics, and that means outside of Zha and Zero and Saijanai. Higher-level Lindens who don't lard up every session with tech talk and who are willing to listen to, and answer, rather than bat away concerns of merchants are desperately needed.

Currently, Linden Lab thinks of the problem this way: 1) let's open source and have Zero Linden lead us to glory doing that, even if he is a bit extreme in his ideas about this because he can get the job done 2) let's have other lower level Lindens like Hamilton come out and meet the crowd and assure them we'll take very great care with their stuff and 3) let's meet with really high end customers in private, i.e. corporate/enterprise level and give them whatever assurances they need. And that's why this non-public and phony process in fact leads to no. 3. Unfortunately, most corporations in a position to really confront LL with business requirements aren't going to have a deeply-felt need to protect the IP of residents, most of whom are at an amateur level and will not fight for their IP. But corporations such as Dell could be thinking more long-term and more abstractly, about their own builds, textures, prototyping, islands, etc. and how secure they are if LL opensources the server code and hops over to Opensimulator.

The process by which this is being determined is flawed, but the only way to fix it is if top creators get together and seek a meeting with M Linden. They are more likely than not to make that not a public process, but I invite them to do it and make it a public process. What's clear, however, is that they do need to go around Zero Linden's Office Hour and Metanomics and not be hijacked.

Zha's Post:

Posted in AWG, Musings, SecondLife tagged Identity AWG, Interop, SecondLife, Trust at 8:30 pm by zhaewry
Identity, trust and policy

>This was originally gong to be a part of my post on the interop teleport work. But.. it got out of hand and demanded its own entry, so here it is. The past few weeks, as I’ve been coding, have also been full of discussion and thought about other parts of the interoperability story. There have been a couple of very good chats at the AWGroupies meetings and Zero Linden’s office hours, about the technical aspects of managing to build out trust and policy between separately run grids. This tends to be a tedious area for discussion because it always happens at the intersection between the technology, and how one can use the technology. Goldie Katsu, has been very helpful in framing some good questions and thoughts, as has Latha Serevi, and many other people who have been in on the discussions.

This sort of statement, that privileges some -- like Goldie Katsu who is a tekkie herself -- and not others (deliberately not referencing my very pointed and legitimate questions) is part of the problem. Zha stresses that he "has been coding" while "others are making a discussion get out of hand". This is how we are always dismissed by coders. They are "working" whereas we are "talking". Tedious though it may be, we also don't have honest brokers here, as we can hear in discussions even in the heavily-controlled office hours, or on the SL Dev, or even from programmers weighing in on my blog, that there is a basic philosophical disagreement. Those working on open source and interoperability think there is a reason to do so -- they work on that first as a priority, and don't ask "why do we need to do this?" and bat away the deep question of why. They take it as a given -- even a driven necessity because of competition they see around them from other platforms.

Furthermore, they are biased in their view of obfuscation solutions -- they view these as futile, and refuse to discuss the engineering required for them or the implications of the interop for destroying IP. We are told not to "philosophize about what this will do to the world".

>Based on some of these discussions, here are some thoughts about both the technical approach, and some of the social/legal things that one might enable.
First, what we can, and should do

>So, lets start with a few thoughts on the possible, and desirable in this space. We are bounded by the limits of technology, so let’s start with a few bounds:

> 1. We shouldn’t be thinking about doing deep Digital Rights Management. Full up DRM is out of scope for what we can do, and mostly doesn’t work, it’s just a ongoing battle of stopgaps, measures and countermeasures, which annoy users, and don’t actually protect content.

Here's where Zha takes the gloves off and stops pretending to be a moderate, which is what he does when he implies that by "marking intent" there will be somewhere some sort of interface that will *implement* that intent *the way copy/mod/transfer is implementing intent now within SL*. Most companies including his own, BTW, readily engage in stopgaps, measures, and countermeasures, and the idea that this overly annoys users strikes me as a red herring. They don't protect content fully, they require redoing, but they accomplish some of the goal. The refusal to adopt the real moderate position, which would involve a concession to preserving implementation of copy/mod/no transfer on SL and insisting that other grids that earn the title "trustworthy" also respect it, lets us know just sort of extremism we are dealing with.

Zha is wily in implying that there may be a "shallow DRM solution" -- is copy/mod/transfer a shallow DRM solution? Perhaps. But Zha, by laying the mines in the field to be against "deep DRM" in fact makes sure they blow up ANY TIME ANY DRM is mentioned. Oh, no, we can't do that -- too hard! too many measures!

And now that we can see that Zha is as extremist as Gigs Taggart saying "Let's retire the permissions system it doesn't work," then we need Zha to state unequivocally, "The future is one without copy/mod/no transfer". Linden Lab long ago stopped trying to close the exploits (they haven't explained this).

>2. We shouldn’t be thinking of this as a single solution. There are a broad range of possible policies, and our goal should be to create the protocols and design points to permit people to deploy a range of solutions, and get a range of possible behaviors out of the system. Different uses of the technology, will require different policies and behaviors, we should not merely accept this, but we should embrace it. Some people will deploy environments with very strong content protection policies, others with very weak ones. Some regions will be willing to allow anyone to enter, others will be very restrictive.

If we are not to think of this as a single solution, Zha, then why did you just kill off DRM as a solution? Oh, and if "shallow DRM" is still ok -- example of how to do that? And obfuscation? Why not leave them in as partial solutions while you work on other putative solutions (graphics cards being able to handle protection of IP as people often suggest)?

It's really a yes/no question that has to be put now, to cut through all the bullshit here with lingo about "design points" and "protocols" and "deploying a broad range of solutions".

Currently copy/mod/transfer is implemented, Zha. Implemented. Enforced. Set aside the issue of exploits and flaws. It is implemented. The average person cannot physically right-click and copy/mod/transfer what is marked to NOT copy/mod/transfer. Simple. Effective. Now, are you for porting that to other grids? Yes or no. And why? It's simple. It marks intent -- which you claim you can tolerate. It is easy to implement -- again, leave aside bugs and exploits or Glintercept. *It works*. So...are you or are you not for transferring this notion to other grids, and insisting that other grids have this simple system? Yes or no?

A "strong content protection policy" is...having copy/mod/transfer *work* Zha. *Work*. It means that in the software, on the objects, in the world, is *the same kind of permission system implemented just like SL*. There is no reason NOT to do this unless...you are ideologically against it. It's not like it's hard to program -- it's programmed already. If it is exploited currently, then you can deal with the exploit or not, but you can't deny that as a system that readily a) marks intent b) prevents casual overthrow of intent it's a gem. Yes or no, Zha.

And if you will NOT have other grids that protect copy/mod/transfer, which is as simple as it gets as a notation and as an implementation of a notation, then why will they be trusted?

Why would Linden Lab trust a grid that has copy-all? Because it's their friends in San Francisco in another company down the street? Because it's an educational institution and they think the value of education overrides IP concerns? Well, what is it? Let's not be coy here. Let's make a list, let's spell out what "trusted grid" means in these VW terms.

>3. We should plan for trust to be short term, and short range. The longer we hold a trust token, the less reliable it is, and the more links in a trust relationship, the less reliable it is. (Hat tip to Morgaine Dinova, for reminding me of this)

Sight unseen, I can be fairly certain that whatever Morgaine Dinova comes up with, will be extremist and wrong, as all her solutions involve the Extropianist canon (and Zha of course leans uncritically to extroprianism himself). Morgaine's default is NOT to protect IP because in her bright future of brainuploading, people work on collective work products or simply have different business models that don't depend on protection of copyright on individual products. Morgaine and Sophrosyne are all about control, elitism, keeping people out (I'm banned preemptively from Extropia in SL before I even heard of who Sophrosyne was). For them, social relationships and elaborate ritualistic clearances and ideological checks will serve the purpose to control IP, as it were -- it's essentially a high-end shoppers' club. It's like the beriozka concept under the Soviets. Obviously you don't worry about content thieves or rippers if they can never even get on your islands...

And...Who says IP protection has to be tied to trust? There is no reason to except in some goofy hippie commune that enjoys playing with totemic symbols. Transactions and global implementation of IP protective markings are what should instill trust, not people. The current copyright regime in real life law doesn't depend on "trust"; it depends on judicial enforcement! It is not about relationships. It's about process. Procedures. Global implementation. Yes or no, do you respect copy/mod/transfer by *having it inworld, too*. That's the sort of thing we're looking for, not somebody with lots of fluffy love pats and love machine tokes that show they are double-plus good.

I'd like to hear an awful lot more about this "trust token" to see whether in fact it is intrinsically good, and then to hear whether holding it longer or shorter is good. But if the reference here is to trust relationships established by ratings, or sets or principles that have no bearing on copy/mod/transfer implementation, then it should be decoupled. As I noted earlier, tying IP protection to trust tokens is the Oriental Bazaar and not the Occidental Flea Market, negotiation and haggling rather than price tag information sorting willing buyers and willing sellers automatically. The Oriental Bazaar implied by Zha's capacious trust and broad licensing procedures and endlessly baggy policies is all about creating a welter of one-on-one relationships and guilds. The Occidental Flea Market has an automatic interface -- a pricetag -- and you pay it.

> 4. We should try to capture and make clear to all involved the intents of content creators, and have ways of marking content, and regions for compatibility, so content creators can say “I only want my content in regions which follow rules like X” where we provide for at least a good range of Xs. At the same time, we should not try to break out pick solving problems the semantic web community has not solved in a decade of effort.

Marking with...implementation or not? Zha. Yes or no. Copy/mod/transfer or just some goofy CC license that does not help me SELL a good but only helps me GIVE IT AWAY? Which is it? WHAT KIND of marking? We have a simple regime already: copy/mod/transfer. Will these "regions of compatibility" respect it or not? I mean, let's not get vague and creative here. Let's talk about the system we already have. Deprecate, or preserve this legacy, Zha? Yes or no. Here's some very clear semantics for you all in the "semantic web community": copy/mod/transfer. Yes or no?

> 5. We should, make it as easy as possible for creators of content to properly mark their content, and then, if that content is stolen, we should make it as easy as possible, to show the theft, and allow legal recourse.

As I keep saying: we have such an easy system already implemented. But Adam Zaius and others chose to junk it. Completely. Threw it overboard. So let's step through their thinking -- and your thinking -- in continuing to blather on about marking intent and creating "regions of compatibility" when the simple Lessig-inspired (!) system WE ALREADY HAVE called "copy/mod/transfer" is *scrapped and NOT RESPECTED* by these new open grids. Yes or no, Zha?

>Second, a road map of possible technical steps:

So, with those bounds in place, here is a thought on the technical underpinnings we’d want:

> 1. Define and implement a mechanism for establishing identity between components, and in particular, between collections of regions and services (domains) such that we can securely prove that service S, belongs to domain D. As much as possible, this should be built on top of existing, web based mechanisms.

I'm going to comment here that doing interoperability test runs before having established identity seems to be backward. Identity is everything.

> 2. Define and implement a common mechanism for expressing avatar/user identities across domains/grids. Candidates for such mechanisms include OpenId.

OpenID, from the user's perspective, is clunky, and a lot of alternatives should be considered. There is heavy geeky belief in the OpenId concept but using URLs instead of log ins and URLs or log ins that still have to be captcha'd creates user frustration. This is also anti-Internet. Currently, the Internet, as a free place, has a huge wealth of ID verification systems of every type. It is not mandated to follow any one by the Internet system itself--that would be impossible. Why impose this on virtual worlds? I'd really like to hear this one critiqued by those technically knowledgeable.

> 3. Create a policy language to allow us to express a range of behaviors between components. Again, as much as possible. based on existing work, Included in this work would be defining a set of policies which would met several common use cases, including permissions similar to those found in Linden Lab’s second life grid, fully open permissions, and use cases developed by the community.

Fully open permissions are made in Linden lab's permissions system, too. So you take that as a package: copy/mod/transfer as a system that can be open, closed, partially closed. I would also not be in a hurry to identify, round up, and close the list of use cases, which always happen on these tekkie expeditions. Left to their own devices, tekkies come up with bizarre or atypical use cases and ignore heavily used ones that people in business use. Example: "share with group" and the debate around that bug now being pushed as a feature by LL. I think rather than talk fancily with full obfuscation about "the need for a policy language expressing a full range of behaviours" blah blah, we need an unequivocal plain-English statement about copy/mod/transfer and its future: yes or no.

> 4. Design, and implement a set of services for storing, and fetching assets which uses the components built in 1-3.

This should be done before interoperability goes forward.

>Third some comments on code, services and choices

>The whole space involving moving digital assets between virtual worlds has stirred up a lot of concern, from content creators, content users, and various residents. Some of these concerns are about content being stolen. Some are about people being forced to adopt standards, and others imply that because the OpenSimulator (OpenSim )is an Open Source project, any objects brought to an OpenSim region would instantly become Open Source themselves.

Let me put this in political terms, since we're supposed to be designing a "common policy language" here. The tools define the social system. The tools in Second Life now permit for a range of social systems from capitalist to socialist to communist, from for sale, to for communal use, to for free. That's really starkly what it's all about. Tools define social systems, and yet social systems should also define tools democratically. And that's what's being removed from this process as engineers get ahead of social systems and weld into the tools their communist or socialist belief patterns, scorning capitalist beliefs as "unprogrammable". That's really what it comes down to, and of course, they know that, even as they pretend it's not about that.

There is the legal/moral component here as well. Libsecondlife reverse engineered Second Life, griefing people along the way, collecting lots of flotsam and jetsam, including people who continue to fly around actively griefing me and destroying my business and property while sporting the libsecondlife group title. Opensimulator has an intimate relationship with libsl and used their stuff; they duck the reverse engineering claim in that fashion by being one step removed. Zha, supposedly prevented by IBM lawyers from being able to look at certain code, can look at it over the county line, away from the dry county, in OpenSimulator.

>Open Source software refers to how the software is created and maintained. The OpenSimulator project is an Open Source project based on a very open License. Anyone is free to take the code and adapt it in any way they desire. Many people, myself included, view this as a collaborative process, and contribute back our work to the community. Various people contribute to the code, and they have a wide range of thoughts about how they will use the code. In the case of OpenSim, the code can be deployed to host regions, and many people are hosting private regions, or grids of regions. These deployments will be setup and run according to the taste and desires of the deployers.

Yet none of them currently have copy/mod/transfer, or a buy/sell interface, or even a glimmer of a permissions regime. Hello? They all have that in common. This notion that because it's open, it represents 1,000 flowers blooming individually out of control is easily dispensed with when it comes to what they all have in common: no protection regime for IP, other than "call your lawyer".

>Saying, interoperability will mean X, or using OpenSim means Y, or all OpenSim developers have agenda Z, is non-sensical.

No, none of them have any marking or implementation of copy/mod/transfer. Therefore they are currently ALL untrustworthy if you are willing to define "trust" as "those who respect copy/mod/transfer".

If you are not willing to do that, say so. Then we know what we're dealing with.

No, currently all users of this system, and the software itself, is set up to: not have any economy. And has no copy/mod/transfer regimen in the object menu. So it's all pretty universal and pretty clear, Zha, without getting all hilariously lost in multitudes of subjectivity here. Sure, someone might graft on a PayPal button? But that's not putting it in the software. Right now, we have a very narrow range of manifestations coming from these people: a) copyrighting digital objects is a bad idea b) silence, but tacit consent to a.

>Service providers, including, perhaps Linden Lab, will, I assume, set policies about what they will permit, and what policies they will require of the grids that wish to connect to their grid. We will, likely see a large range of policies, a large range of opinions, and a process of people choosing which policies work for them.

Um, no, actually. There isn't some vast infinite range. After all, we aren't building the entire Internet here, Zha. Virtual Worlds are heavy and clunky and little-used things compared to proprietary games that you will NOT be hooking up with and hopping into. And within that range, there is a pretty clearcut division: a) worlds that heavily control content, either not allowing any user content whatsoever or not yet -- Google Lively; b) worlds that allow but control, on a range from heavy to light -- There, Second Life. Second Life would not exist if it were only the sandbox run by the few thousands people making freebies and living in communes. Most people on SL partake in a buy and sell economy that they respect.

Linden Lab cannot expect to hang on to its content-creating class if it cannot have a regime to enable them to protect IP and be able to implement intent to sell and not copy. It's just that simple. There isn't the wide range you imagine, as much as you are fantasizing about a glorious future in which Extropians prevail with communistic and fascistic principles mysteriously combined, eliminating property for all but a handful.

The reality of the engineering job now, Zha is far, far more simple: copy/mod/transfer so people can make money. So that other people can make money, Zha. Like you do. From your company, IBM. That is a company with proprietary code and...firewalls. Code that hackers are kept from, and firewalls that we can't get behind. What's good for the goose is good for the gander.

>In general, the protocols and the code which implements them will be quite disjoint from the people making the policies. The range of polices that the ecosystem supports will reflect the best guesses of the designers. Most of us, I suspect, know that we don’t know enough to simply get it right with one policy, or one set of policies. I certainly am striving to allow a broad range of choices, and I hope and expect that will be the overall approach taken by the community.

I don't see any broad range of choices, here, Zha. I see a sleight of hand. You whisked away DRM in the first paragraph. You ducked any real discussion of how copy/mod/transfer can be implemented, hiding it behind a swirl of rhetoric. Why is policy range so broad it can't control protocols and code? Everywhere else in the world, including on the Internet, policy controls code, Zha. Do you think you are in some Autonomous Zone?

Is IBM going to release all its blueprints, codes, plans, designs to open source, Zha? Of course not. And its status as a proprietary company that makes use of open source, but doesn't fully expose itself in an open source extremism is what enables it to take part of a capitalist economy that its *shareholders* respect. So...why should the maker of your dress or shoes have any less protection, Zha?!

Comments

"It is implemented. The average person cannot physically right-click and copy/mod/transfer what is marked to NOT copy/mod/transfer. Simple. Effective."

Maybe in your client. Nobody has to use a client that follows it. I could easily distribute a client that doesn't.

Posted by: Gigs Taggart | July 13, 2008 at 06:18 PM

Gasp, but Gigs if you did that the Lindens would have to realize how incredibly fragile their permissions system really is, and would have to either watch their world crash and burn, or do something about it fast.

Posted by: economic mip | July 13, 2008 at 07:21 PM

@Gigs - The current situation is just a blip, if virtual worlds ever truly go mainstream, there will be closed-source software at both the client and server once again, in the form of proprietary viewers (remember OnRez?) and plug-ins, no different than when you watch a video at Hulu.com or download an application to your iPod. Open source is just an expedient way of getting free labor to lay down the groundwork, once that's are in place, the virtual world equivalents of the iTunes and Flash models of content protection will be back. In fact, it wouldn't surprise me if IBM was one of the companies selling such software.

As a side note, you may be aware that Apple recently released it's iPhone App Store, by all accounts to great success. In fact, one of the largest venture capital firms in the world has an inventment fund just for companies building iPhone applications. The average iPhone app costs $5, about the same cost as a quality skin in SL or other piece of in-world content. The iPhone is packed to the gills with DRM and copy protection, yet thousands of developers are flocking to it. It's a very safe conclusion that the developers who are involved with open grid efforts are somewhat out of step with the rest of the technology industry, not to mention the millions of consumers who have demonstrated no aversion to buying in droves the DRM-based products built by that industry.

Posted by: Edward Artaud | July 13, 2008 at 07:51 PM

That's why FIrefox is such an unpopular browser...

Posted by: Saijanai | July 13, 2008 at 08:15 PM

Linden Lab doesn't care what anyone wants or thinks. They have their agenda and that agenda is to get out of the VR world business as fast as they can and then try to be a data service provider. The OGP "team" is moving to dauly meetings to ramp up the speed of the project to ship all the content out of secondlife to other grids with no IP rights.

It is all a farce and as I said before, in the end,m the lawyers will be the ones who make the money as they pick the bones clean.

Argue all you want but Linden Lab has sentenced Secondlife to death already and the gas chamber is the number one priority. Nothing else matters. Only a public reversal on all this open source intent would change it. Then again... Who owns the patents for 3D virtual worlds anyway? Maybe that is your clue.

Posted by: Ann Otoole | July 13, 2008 at 08:15 PM

Just to be reassuring, Linden Lab has said that it's not going to implement anything that doesn't respect the rights and expectations of content creators. I realize that you don't believe them :) but it would be such a bad idea even purely from the point of view of their own self-interest that it's really hard to imagine them violating that.

I think most people realize this, and that that's why we haven't seen alot of worried serious content-creators at the various meetings about it, as you pointed out a posting or three ago.

There are, and I imagine that there will continue to be, OpenSim-based regions that don't enforce c/m/t permissions. In order to respect the rights and expectations of content creators, the only objects that would be allowed to travel to such sims (at least in my own favorite version of the policies) would be objects that are (a) full-perm, and (b) the rights owners have indicated directly or indirectly that it's okay for the object to go to that sim.

(That's assuming that Linden Lab decides to connect to any such sims on the first place; as far as I know there have been no decisions made as to which non-LL regions SL might get linked up with.)

On one of your specific questions, no, "trust" does not mean "implements c/m/t". It would be entirely possible, for instance, for a region run by someone that I didn't trust at all to implement c/m/t. I wouldn't want my non-full-term objects to go there because, even though they might implement c/m/t as far as anyone can tell, they might decide tomorrow to copy my stuff I run off with it; that is, I don't trust them.

There are lots of different opinions on how all this stuff should work, as you know. It may be that someone somewhere did suggest that SL's permission system change to allow only Creative Commons licenses, and not allow things to be sold. But if someone did, that is a very small minority opinion, and I don't think LL is giving it serious consideration.

Being able to buy and sell objects is a deep and important part of what happens in SL; taking that away would be a huge disruption, and even if someone somewhere did once suggest it, it would be unfair to conclude that therefore anyone who ever mentions CC licenses at all must be secretly plotting to bring it about.

(For the record, I think CC is a very nice way to let people get access to good licenses for their stuff, and I am not at all in favor of getting rid of object buying and selling in SL.)

I realize that given your opinion of me it's probably pointless for me to try to change your mind on this subject :) but I couldn't bring myself to let this posting go unanswered, and perhaps give someone the impression that it's an accurate reflection of, well, anything...

Posted by: Dale Innis | July 13, 2008 at 08:20 PM

(Oh, and I should say again that although I do work for IBM, my statements here are just my own opinions and impressions of what's going on, and aren't official pronouncements of IBM, or anyone else but me.)

Posted by: Dale Innis | July 13, 2008 at 08:24 PM

@Saijani - Not sure your point, I love Firefox, but the minute I surf to Hulu.com, Firefox is just providing a viewport for Flash to render into. Even Microsoft's Silverlight runs in Firefox. I'm increasingly thinking that the best way to address this whole issue is to allow third-parties to build whatever sort of protections they want. The *only* reason why this isn't happening already is that the viewer license prevents people from adding the closed source code necessary to protect content into the viewer. If you're in favor of a true open grid, ask LL to release the viewer under the Apache license or BSD like OpenSim, then we could fix it ourselves.

Posted by: Edward Artaud | July 13, 2008 at 08:52 PM

I think they could do a better job at defining what they mean when they say "trust". I think that I understand what they mean, but I am someone who can also set up and run virtual worlds from a business as well as a technological perspective.

Here's what I take it to mean:

Let's say I am Grid X. I want to become a "trusted" grid operator and want to interoperation with SL, allowing selected content to flow from LL's grid into mine (and maybe vice-versa, but let's not get ahead of ourselves here). I would expect to have to make an application to LL that pretty much would amount to a mortgage application-level of detail about my personal life, my finances, my business, etc. Basically, I want them to trust me, my technology, my business, and my finances with something that they consider critically important. I wouldn't expect them to just give "trust" relationships out to just anyone who asks. I presume they would apply some very stringent litmus tests to my application, and would reject it over ANYTHING they felt was a risk.

A "trust" relationship, in technology terms, is a very stringent set of checks and protections, usually backed by very strong encryption, where one system trusts another to make privileged requests of it. It is not set up lightly, or without great forethought by the operators of either system, and in many cases is bound via legally-binding contractual negotiations.

I am certain that any such trust would entail legal obligations to Linden Lab, to do whatever they say with regard to the content they are "trusting" me with obtaining and managing for them on my grid. They will make sure that I am aware of all the legal ramifications of the relationship and, most importantly, what will happen if I fail to adhere to them.

Think of this example: I am a trusted grid operator of Grid X. LL allows content from Creator A to be transferred to my grid. Something Bad Happens and Creator A's content is infringed on my grid. If I don't do something about it, not only am I in danger of losing my "trusted" status (which would be very bad for my image and business), but I also could then be liable to Creator A, should he/she decide to file suit for said infringement.

As such, I don't expect very many people to want to host SL content on their grids, and the ones that do, will have to be REALLY serious about doing it and respecting the rights of creators.

One other thing: Any implementation of "trusted" grid content transfers will necessitate an addition to the perms system which allows content creators to specify EXPLICITLY that it is allowed to copy their content to another grid, and I fully expect the default for all existing and future content to be "disabled". IE, the only content which would be shared would be content the creators themselves flagged as "export-allowed".

Posted by: Talarus Luan | July 13, 2008 at 08:57 PM

Talaurus... You are effectively suggesting a "trusted grid" be a franchise. I.e.; Linden Lab franchises Secondlife. I agree. If it cost a potential grid operator $75,000 US to get a license and undergo the training and certification and background investigation then the sort of people we DO NOT want operating grids WOULD NOT QUALIFY.

I suggested this before and the script kiddies went nuts so it must be the right way to go.

I.e.; Sure some perv can go run a russian kiddie porn grid all they want but there will be no movement of anything from trusted grids to the perv grid or from the perv grid to a trusted grid.

Such an infrastructure will cost money so franchise royalties will be required. People with no business acumen or business expertise will decry this solution as a violation of their c0d3G0d given right to all data for personal exploitation.

Posted by: Ann Otoole | July 13, 2008 at 10:37 PM

Presumably Linden Lab would have the good sense to block a rogue viewer such as the one contemplated by Gigs Taggar that undermines the permissions regime. This is within their capacity. And maybe that's how it has to be done.

Given that no trust system whatsoever has been built, but the interoperability already prototyped and tested between SL and Opensimulator, I have to wonder how serious they really are about any trusted computing in the sense of any kind of encryption -- especially when Zha knocks DRM out of the box in his first paragraph.

LL taking applications for trust with information similar to a mortage? I doubt they'd ever subject Adam Zaius, who has been their favoured son since time immemorial, to anything like such a rigorous process. That's just it. Trust to them is people who were in beta, people whom they trust *in the SL context* which is about fierce tribal loyalty.

I'm not so sure that grids *will* be liable in the way imagined here if they are common carriers. Their job is to honour a takedown notice. Not honouring it might entail RL legal consequences but all the while LL, which has already said it will form a variety of relationships, some of whom "may" protect IP, will not necessarily retaliate.

It's good if there is a checkoff box that says "transfer to trusted grids". But...what is trust? And...what are those other grids? The person who bought the item for use in SL will -- so we are told, as peer pressure is already being incited by the extremists -- demand that he be able to port his stuff to other grids. No matter if those grids don't respect permissions. He will feel "entitled".

It's like this entire fake conversation around DRM and CDs. I marvel at how far people like Cory Doctorow have gotten shilling this crap. They say, oh, if you have to make a copy on your machine, if you can burn your own copy, why, that undermines the entire thing and therefore you shouldn't have DRM. I find this circular and self-justifying thinking. I fail to see why you can't have DRM that in fact doesn't enable you to burn a copy for personal use. Nowadays with all the iphones and ipods and such, you can order the tunes on the phone and download to the device. It can be set up so that you aren't faced with this issue of "but how can I transfer it" or "how can I eve use it" -- can it not? I find this a very literalist parsing of an issue that I think is being thrown up as a roadblock to conceal a different agenda, which is copyleftist in general: the end of all digital rights.

Whenever Dale or Saijanai or anyone tells you "Oh, but we don't work at LL and can't tell what they'll do" or "assuming they will connect up" -- I have to say, please, hold the bullshit. LL has stated explicitly this is the direction it is taking. It *will* hook up with other grids *and is doing so*. Indeed, it has a notion of running the hookups in general. So to pretend that LL will not do this and will keep content locked up as Robert Bloomfield keeps saying is absurd. Trust me, we haev the opposite problem.

This is a very interesting statement: "he *only* reason why this isn't happening already is that the viewer license prevents people from adding the closed source code necessary to protect content into the viewer. If you're in favor of a true open grid, ask LL to release the viewer under the Apache license or BSD like OpenSim, then we could fix it ourselves."

Are you saying that you couldn't build an obfuscated code into the viewer even if you were willing to?! And what is it that you would "fix" then?

Dale, again, your reputation preceeds you. Are you Zha's sock puppet here?! No one EVER counters Morgaine or Gigs or any of these extremists *in every meeting* -- it's not "somebody said in a meeting once*.

Oh, buying and selling is a big part of Second Life and the Lindens appreciate that and want to protect it?

But...in the original OGP design it was said the LindEx might have to be retired as incompatible with other grids! And that only got modified likely because somebody in finance said, hey, that's where we make our money you bozo, cut that out!

And...if the Lindens care about preserving the buy/sell interface, why the unseemly haste to hookup to OpenSimulator that does not have buy/sell/economy/c/m/t?! Why indeed!

There is nothing "very nice" about CC. It is a distraction from the problem faced here: how to preserve the ability to SELL. Not GIVE AWAY. But SELL. and SELL WITH RIGHTS/PERMISSION. That is the design challenge here.

I'm amazed at the level of discussion that takes place on my blog comments sometimes. I'm obviously not a tekkie and not a coder, as Zha will hastily remind me. Yet I question his thinking because I sense it comes out of a certain political school of Internet technology that isn't representative of the mainstream. I can't even be sure it's representative of mainstream IBM. Other coders come along and question this extremism. Even OpenID is debunked as a panacea on Zha's blog -- on technical grounds. We're constantly steered and railroaded into OpenID by all the geeky blogs around SL, even though it's clunky and stupid -- and here somebody debunks it technically, and you begin to wonder: why are we constantly trapped by this bunch?

Why aren't more technical people coming up to this situation and really questioning the hell out of it? Why would it take me to do it?

And listen to the utter bullshit Dale Innis is shovelling here. Linden Lab has said they will "take care" and that's why no one is complaining? No, of course not. The problem is the usual one that adheres in weak civil society, when totalitarian ideologues take it over:

1. lack of information
2. lack of empowerment
3. atomization and splintering
4. effective propaganda from the center
5. violent peer pressure

and so on.

Posted by: Prokofy Neva | July 13, 2008 at 10:39 PM

Prokofy - the first interop test had 0 assets or inventory transfer, they're not jumping in without looking at how to handle permissions etc as you say because they haven't transferred anything whatsoever yet.

You're talking as if they've done a full test when they haven't.

Posted by: Gareth Nelson | July 14, 2008 at 05:22 AM

"Presumably Linden Lab would have the good sense to block a rogue viewer such as the one contemplated by Gigs Taggar that undermines the permissions regime. This is within their capacity. And maybe that's how it has to be done."

Actually it's trivial to build a viewer that looks to the login server identical to the original viewer. Even without the viewer source being available one can do this using libsl. If you want to enforce permissions, it must be done server-side.

You also mention "trusted computing" as if that's the solution. Personally, if LL ever implement "trusted computing" in the way the term is normally defined I will be leaving SL permanently and i'm guessing many others will:
http://en.wikipedia.org/wiki/Trusted_Computing

Of course, i'm hoping that you aren't being one of those evil literalists and simply mean "computing that's trustworthy" ;)

Posted by: Gareth Nelson | July 14, 2008 at 05:27 AM

Assuming that some system is in place that says "no transfer/copy off SL grid" as default, I can see a fait accompli anyway that will mean I'll be forced to allow my stuff to go out.

What I mean is, if people keep telling me they are buying from Stolen Prefabs Ltd because they can copy the house to World of Ken and Barbie as well as SL Grid, then I'm just cutting off my nose to spite my face by refusing to allow my stuff to go out too. In much the same way as we "have to" sell copy/mod to landlords, we'll have to sell with outward permissions.

If you can buy your shoes from someone who lets you wear them when you visit another grid, you'll choose them over the similar, but more restrictive competition, right? Unless you have other reasons like brand loyalty or friendship, respect for that specific creator.

Posted by: Ace Albion | July 14, 2008 at 06:04 AM

As I've explained over and over again, the fact that assets were not transferred on this first experimental hop doesn't mean they couldn't transfer them. They could. They didn't for reasons of propriety. I don't see that they didn't do this due to technical limitations; it's merely limitations of propriety, that it wouldn't be right for them to undo permissions on whatever they happened to be wearing. But...they could.

The "trusted computing' article which I linked myself in this post strikes me as being one of the more skewed Wikipedia article. I'm not getting why it is so terrible, except that I realize I'm supposed to geneflect and bow before the horror of things like copyright never expiring -- which strikes me as a trumped-up, faked issue here in order to argue against it in principle.

Doesn't IBM use trusted computing? Isn't the entire notion of "trusted grids" that LL keeps invoking part of this concept? Haven't we just seen this example of iPhone as Edward Artaud points out? Sorry, but I don't stampede easily.

Ace, I think that indeed merchants will be placed under pressure to check off permissions to go to other grids or be seen as spoilers. Especially if there stuff winds up there anyway.

I don't understand the swipe at landlords, however. End users just as much as landlords need to have copyable prefabs because they break apart all the time! Placement on SL terrair is very hard; in general placement of houses of many pieces linked or rezfooed is hard, and you need back-up copies.

Few landlords run rentals that have identical rows of houses. Most people won't move into them. And if a landlord does rez out more than one copy one more than one sim, what of it? It's a living free advertisement, as people see it and buy it and that tenant often buys his own land and then wants to buy the house he used to rent.

I simply won't buy from prefab makers who won't put their items on copy/no transfer because I lose money when their single copy, for which I've paid anywhere from $3500 or more these days! -- breaks in SL for all kinds of reasons which always happens. Every single rolling restart in fact usually winds up returning at least one sims prims.

I don't think you can compare a situation where landlords pay you for copy/no transfer to one in which people who see your stuff for free due to hacking demand that you sell it compatible to other grids.

Posted by: Prokofy Neva | July 14, 2008 at 06:48 AM

"As I've explained over and over again, the fact that assets were not transferred on this first experimental hop doesn't mean they couldn't transfer them. They could"

It hasn't been implemented yet, there's no external interface to LL's asset server. It wouldn't take much to implement it of course, but that doesn't change the fact it's not been done yet.

"The "trusted computing' article which I linked myself in this post strikes me as being one of the more skewed Wikipedia article. I'm not getting why it is so terrible, except that I realize I'm supposed to geneflect and bow before the horror of things like copyright never expiring -- which strikes me as a trumped-up, faked issue here in order to argue against it in principle."

Trusted computing is bad because it removes control of your own hardware and hands it over to 3rd parties. Regardless of your views on copyright most people generally respect private property. My computer right now is under my complete control and I take great care to ensure it remains that way by keeping up to date on the latest potential exploits and auditing my own systems for them. I also refuse to run any software that has hidden spyware or rootkits in it.

"Doesn't IBM use trusted computing?"
IBM sadly sell machines with TPMs built in and supply open source toolkits to use them. Luckily, the full vision of trusted computing hasn't been implemented yet.

"Isn't the entire notion of "trusted grids" that LL keeps invoking part of this concept?"
No, a trusted grid is one that's trusted based on a contractual relationship or user preference, not because it's owners don't control their own computers.

Posted by: Gareth Nelson | July 14, 2008 at 07:18 AM

"Trusted Computing" has little or nothing to do with a "trusted grid".

See http://www.schneier.com/blog/archives/2006/05/who_owns_your_c.html and http://www.lafkon.net/tc/ .

The reality is that for DRM to be effective it cannot depend on anything on the client side.

I do wish the valuable and useful
concept of open source software wasn't tarred with the brush of those who want LL to abrogate the agreement they have with those who create content in Second Life; namely that the grid won't let people copy or transfer stuff that isn't marked +copy or +transfer.

This must happen completely on the server side, and there must be reasonable assurance that any server that receives content from the main grid will respect those markings. Not an easy thing to do, but not impossible either.

Posted by: Maggie Darwin | July 14, 2008 at 08:45 AM

It wasn't a swipe, just an observation on commercial realities. It's part of doing business in SL, and it's not necessarily a bad thing- more visibility is good, and in return a lot of these customers buy more different houses for variety. I say landlords, because I expect they're the part of my customer base that's much more likely to want to be able to expand out of the SL grid than the single/couple of avatars type, and they're a strong economic group with a lot of influence and buying power.

Likewise I think anyone involved in creating and selling avatar accessories/clothes will be under similar pressure from people who want to grid hop without being disrobed.

Posted by: Ace Albion | July 14, 2008 at 09:46 AM

@Prokofy - To clarify my previous comment about the viewer open source license. Right now, if Gigs wants to create a rogue viewer that more effectively steals ("backs up") content, he's free to do so as long as his viewer is also open source. On the other hand, if I wanted to create a "Secure Life" viewer, that perhaps had some sort of closed-source code in it that worked with encrypted textures, and then gave content creators a tool for encrypting their textures for use with my viewer, the current viewer license would prohibit me from doing this, unless I too released my source code, which would make the whole effort pointless since Gigs could read it to figure out what I was doing and add it to his "Theft Life" viewer. If LL had not open sourced their viewer, they could have taken this path themselves, and perhaps added a new revenue stream from offering a "secured content" feature to content creators, but they were persuaded that such an approach would lead to an "arms race". My analogy to Apple's strategy was that other very successful companies that are respected for their technology seem to see the merits in taking such an approach without hand-wringing about the possibility of such an arms-race with hackers. The problem is compounded by the fact that not only does LL not want to implement content security, they really don't want to make it particularly easy for anyone else to do it either. Which, alas, is a decision based on philosophy, not business.

Posted by: Edward Artaud | July 14, 2008 at 10:36 AM

On the issue of how far off the technical ability to transfer assets is, I think both Profoky and Gareth are underestimating the remaining difficulty.

The fact that it hasn't been done yet is definitely not just for reasons of propriety, and the remaining work is, in my opinion, enough that "it wouldn't take much" is also an understatement.

Propriety aside, the code just doesn't exist yet to transfer assets via OGP. The design doesn't exist, for that matter, nor the detailed protocol description. The architecture pretty much exists, although it's not firm. (Come to AWG meetings and help firm it up!)

The current prototype was intended just to test basic interoperation, and it sidesteps a bunch of hard problem that are easy to sidestep in the case of AVs, but will he harder in the case of assets. Even AV transfer is by no means finished; it's working only enough to test the basic interop codepaths, and is far from ready for routine use outside an extremely controlled environment.

AVs have unique names, assets don't; AV names are only unique within a particular grid, but that was easy to code around for the prototype. AVs and assets both have UUIDs that are unique within a particular grid, but there's currently no design (unless people have been really really busy at a couple of meetings that I've missed) for getting a UUID that's unique across all grids, for finding the grid master URL given a UUID, for verifying that the target grid supports the object's perms and that those perms get transferred correctly, etc.

Having inventory transferred will be *comparatively* easy (since inventories are really just metadata about the assets, not the assets themselves), but having inventory without the ability to rez it (which is where the harder problems are) would be sort of futile. :)

So it's not the case that asset transfer hasn't been done just to avoid annoying Prokofy, nor is it just a little coding that no one's gotten around to yet. There's still lots of design and coding work to be done, and people who want to chip in and help are more than welcome to attend the meetings, contribute to the Wiki, etc.

Posted by: Dale Innis | July 14, 2008 at 11:10 AM

"The problem is compounded by the fact that not only does LL not want to implement content security, they really don't want to make it particularly easy for anyone else to do it either. Which, alas, is a decision based on philosophy, not business."

How do LL make it difficult for 3rd parties to implement DRM systems?

Note also that even if the viewer was not open source, it's still not feasible to put ANYTHING clientside security-wise.

Posted by: Gareth Nelson | July 14, 2008 at 11:23 AM

"You also mention "trusted computing" as if that's the solution. Personally, if LL ever implement "trusted computing" in the way the term is normally defined I will be leaving SL permanently and i'm guessing many others will:
http://en.wikipedia.org/wiki/Trusted_Computing" Garth

If this is what it takes to rid the grid of the Open Source extremists that are hell-bent on 'information wants to be free', then sign me up!

And let me be blunt, the many others wouldn't be missed.

I'm not out there hacking protection schemes, crowing about how I could create a hacked client, how it'd be trivial to make a hacked client look real (for which I blame LL for opensourcing the client), etc.

Sure, the Garth's and the Gigs' would bail for the hacker-friendly realms of Opensim (and would we REALLY be the worse for their kind's loss on the MG?), but Trusted Computing would not harm me in the least.

Posted by: Maklin Deckard | July 14, 2008 at 11:25 AM

"On the issue of how far off the technical ability to transfer assets is, I think both Profoky and Gareth are underestimating the remaining difficulty"

I'm not underestimating :)
I said it'd be trivial to implement, but it just hasn't been done yet.

Posted by: Gareth Nelson | July 14, 2008 at 11:25 AM

Maklin Deckard - Feel free to hand over control of your private property (your computer) to the complete control of third parties, personally i'll fight for my right to control my own property.

Posted by: Gareth Nelson | July 14, 2008 at 11:27 AM

Gareth, my point, which I'll keep making over and over, is that the foundations of your belief system are not commonplace within the technology *industry*, although perhaps technology academia. Interestingly, even Google decided to lock down their virtual world.

I just want LL to be like Google and Apple, is that so bad?

Posted by: Edward Artaud | July 14, 2008 at 12:34 PM

Next »