I have asked my husband to write in my blog to try to explain to me in layman's term about the CopyBot issue.
So for those interested, here is what he had to tell me.
The CopyBot created a lot of controversy in Second Life the last few days. Some people are calling Linden Labs to do something *now*, and expect a fix is possible. In this article I will try to explain how I see this development as a software developer to people who are not software developers. I hope it helps people to understand the current situation. Perhaps I will also be able to influence their thinking about what should be done about it.
Second Life consists of two parts. One is the part you need to download and install(and regularly download again and upgrade), the Second Life *client*. The other part is the Second Life *server* (the thing Linden Labs keeps upgrading frequently making you unable to access SL for a while). The Second Life server consists of a vast amount of computers that keep track of where you in the virtual world, and what you look like, and what everything else looks like in the virtual world and where it is. Information about what you're currently seeing is sent by the server over the internet to your client. Your client then uses this information to construct a 3d image for you. The client constructs what you see from the information it gets from the server: descriptions of the 3d objects you're seeing, and the colors and textures of these objects.
You can compare the way the Second Life client works with something else you are familiar with: a web browser such as Internet Explorer, Firefox or Safari. When you click on a link in a web page (or type in a URL in the location bar), the web browser sends a request for information to the server indicated in the link. The server then responds to this request by sending back information to the client over the internet, in the form of the text of the web page, layout information, and any images that are to be shown in the page. The client then assembles what you see according to the information and instructions it received from the server.
There are multiple different web browsers (such as Firefox and Internet Explorer) you can use to browse the web. Since the way web browsers and web servers talk to each other is openly described, it becomes possible for different browsers to exist that can display web pages for you, and for different server systems to exist that can
generate the information to send to the browsers. Competition between different browsers and servers is therefore possible, each doing certain things better than the others. This competition has been very healthy for the development of the web, as different parties strived to make their browser or server the best.
It is also possible (and easy) for a programmer to write a program that downloads (parts of) a website and saves it to the hard drive. To the web server on the other end, the program doing it is just another client application, just like a web browser. In fact, your web browser probably has this download functionality built in (in Firefox, it's under file-> save page as). You could then take this information and put it on some other web server, effectively copying someone else's
People don't like it when you copy their website. In fact, it's probably a copyright violation in most cases. Not always though; it can actually lead to very useful things. Google for instance has special software (the GoogleBot) that downloads websites and indexes web pages, making the Google search engine possible. Web site copying is often done as well for a variety of reasons, such as the the need to back up websites and to allow people to do offline browsing when they're not connected to the internet.
The way the web works makes it really extremely easy to copy content from a web page. When you look at a web page, this is in fact a copying operation all by itself -- the web page gets copied from the server to the web browser. The ease of copying information is one of the main reasons why the world wide web was so successful, especially early on. People learned by looking at how other people did it. The information on the web is all open, allowing third parties to build applications that do something with this information in ways the original creators of the web sites possibly didn't expect but added a lot of value. Search engines such as Google, alternative browsers, web site copying tools, and so on and so on.
The success of the web (and other internet applications) made people really appreciate the value of openness in an environment of many different pieces of software, organizations and end-users; it lead to great creativity and innovation.
What is libsecondlife? libsecondlife is an alternative client for Second Life. You can connect to Second Life with it, logging in as an avatar, just like you would do with the normal Second Life client. libsecondlife is very low level though, so it's experience is much worse than the official Second Life client, and in fact no use at all for normal users. You see no pictures at all. It's only useful as a foundation for programmers to build other things on, as it allows a program to connect to Second Life, not just a human.
The programmers of libsecondlife have been diligently trying to figure out how the official Second Life server talks to the Second Life client. They wrote down what they learned in a formal way turning it into this "library" (libsecondlife) of useful functionality that can then be used by other programmers to build more software. This kind of work is called "reverse engineering" and it's not easy. Unfortunately and unlike the world wide web, nobody has published the specifications yet on how the Second Life Client talks to the server.
libsecondlife is very exciting for programmers. It allows programmers to build all kinds of new applications on top of Second Life. One example is alternative 3d clients (just like we have Safari and Firefox and Internet Explorer and Opera and others). Perhaps someday in the future this development will make it possible to log into Second Life from, say, your cellphone or your portable game computer. Even an alternative client just for PCs would be great news for many:perhaps someday in the future you will have an alternative to turn to if the official Second Life client keeps crashing, or doesn't work at all. The message on the libsecondlife site by the developers talks more about what they're dreaming of accomplishing:
So, your Second Life client talks to a second life server much the same way as your browser talks to a web server. What you're seeing is actually constructed by the client, in real time and in 3d, from descriptions being sent to the client by the server. Second Life is also unique in that it allows users to create objects in it. In that case, the client tells the server that it wants to create a new object
in a certain place, of a certain shape, and with certain dimensions; let's say a ball 1 meter big right in front of me. The server then responds by adding the information about this object to its database.
The description of the new object is then sent back to your client to display, along to the client of anyone else who may be watching. If end-user content creation wasn't possible, it wouldn't be Second Life.
It would be more like World of Warcraft, where players cannot really
create new content at all.
The combination of the two, display and creation, makes the CopyBot possible. The CopyBot takes the information that the SL client needs in order to display what you're seeing, and then builds this up again in the world using the creation tools that makes Second Life into the unique environment that it is. This is why the creators of the CopyBot were so proud to show this off: the CopyBot is a demonstration showing that libsecondlife is successfully able to decode the descriptions the server is sending, and apparently also successfully is able to use
SecondLife's creation tools to reconstruct this information.
A while ago there was an exploit, exposed by libsecondlife, that allowed users to create prims much bigger than you're actually allowed to. How as this possible? This was because only the official Second Life client was enforcing these restrictions, not the server itself as should have been the case (and as I believe is the case now). With an alternative client you can bypass restrictions in the official client
and ask the server to do things that the official client would just never ask as it's been programmed not to. The proper response to this is to fix the security issues in the server in not trusting the client so much anymore. This is what Linden Labs has been doing.
I am not sure about this, but I believe currently the CopyBot may be exploiting some insecurity in the Second Life servers that allows clients to do more than they really should be doing. This is bad and should be fixed. The servers should for instance not allow any client to use a texture that the user doesn't actually have any rights to use directly. The server is currently probably not advanced enough to keep track of all this properly, and it's likely that fixing the server to do this properly will take some time.
Fixing this in the server, while necessary, won't stop future incarnations of CopyBot from being created though, as the copying ability is fundamental in the way Second Life works. Second Life *needs* to be able to send descriptions of 3d objects to the client, and the client *needs* access to the creation tools in Second Life. So while right now the way the CopyBot reuses existing textures appears a little bit insecure, even with that security problem fixed it won't stop people from writing a CopyBot. Since the Second Life client needs to download the textures from the server they could be stored on your hard drive, and you could then upload them again using the normal texture uploading tool (or potentially use libsecondlife to do this automatically for you).
So what can be done to fix this problem then? There doesn't appear to be a way: it's fundamental in the way the Second Life client and server communicate with each other, and fundamental to the basic functionality that Second Life offers.
What about encryption, you say? Encryption is a technology that allows the communication between two programs (such as the Second Life client and the server) to be secret. Prying eyes such as libsecondlife cannot access this encrypted data, as they don't have the right encryption keys. This would stop anyone from reverse engineering Second Life and would stop projects like CopyBot dead in its tracks.
This sounds attractive, but in my opinion is unwise and is still not a
true technical fix.
Encryption can be broken. Software can be cracked. Computers internally *are* about copying data, and trying to stop them from doing so without making them useless is a very hard task. Therefore, copying copyrighted content happens all the time. Enormous
organizations like Apple, Sony and Microsoft try to use encryption to protect their music, movies and software from being copied. This technology is called "Digital Rights Management", though could also be called "Digital Restrictions Management". So far they haven't had much luck stopping people as the same stuff is still available for free if you know where to look online.
DRM also has a very negative effect: it tries to restrict users from doing things which may be perfectly legitimate in an attempt to stop them from breaking copyright. DVDs are a good example. DVDs with movies on them are typically encrypted. This didn't stop people from copying DVDs in various ways, as after all, the image in the DVD still needs to displayed on a screen and you can copy this information. It
also still remained possible to copy the DVD as a whole, encryption and all, and of course the copy being identical to the original, it would work just as well.
What it *did* stop was independent Linux developers from writing free and open DVD player software for the Linux operating system. Then someone broke the encryption on DVDs and now people can play DVDs on Linux.
So, since encryption by itself doesn't really cut it, big companies lobby governments to mandate encryption in devices by law. This will probably stop independent developers and normal users from doing perfectly legitimate things in the future for a while until the encryption gets broken or some other loophole gets found and the cycle continues. This trend actually worries me: I personally do not want to
make my computer beholden to any external organization trying to protect its own interests and not mine. I want my computer to be beholden to *me*, for reasons of ease of use, but also of privacy and freedom.
DRM is imperfect, it's hard to make work and it's probably not going to stop people from copying things for long. Linden Labs is a relatively small company and I think it should be spending its time better than on a race even huge companies so far haven't won.
So, encryption is probably not going to work in the long term, and it also would be, I think, a move in the wrong direction considering the general course of Second Life. Second Life works so well because it's *more* open than the competition, allowing users to create contents without interference. It's not as open as the web (yet), but it's far more open than any other equivalent system out there. This is its strength, its flexibility and its beauty, and has lead to great creativity on the part of its users. libsecondlife will lead to more creativity and has the potential for making it *more* open in a positive feedback cycle.
Possibly some day Second Life *will* be more like the web itself, and Linden Labs will have less control over the way Second Life develops (instead it being shared by a vast number of organizations, just like the web is), but in a market place so vastly increased Linden Lab's loss of some control is more than compensated for them. This is a future that I'm hoping for. I think people with a stake in content creation in Second Life should share this hope with me. They should also realize that libsecondlife is a key development towards this openness.
Does that mean that I think people should wantonly copy objects and designs people worked hard to create and sell at a low rate? No. Openness doesn't mean copyrights go away. Me being *able* to copy your website doesn't mean it's legal for me to do so. Me being able to copy music or movies or software that the original user didn't allow me to copy doesn't mean I should be. Normal legal recourse stays in power.
Respect for creator's rights can also be socially encouraged.
Luckily it appears as if the designer labels and Hollywood and record companies are still alive and well and making a profit, even in the face of extensive copying of the stuff the create and sell. Likewise I think an open Second Life allowing developers to innovate is not incompatible with Second Life being a thriving market place allowing creators to sell their creations. I think Linden Labs believes this
too, though perhaps they're not always doing a good job of explaining their beliefs. Realizing that the ability to copy information is hard to stop completely, they are trying to find ways for creators to deal with the *effects* of the copying that they know will be taking place one way or another in the future anyway: to make it more easy for creators to identify illegal copies and prove that they originally created the object.
So Second Life is again much like first life: illegal copying and rip-offs exist. Business thrives too. For an example of this working, just take a look at the world wide web.