- by Paul Murphy -
I recently had the opportunity, as part of a review of what works in systems security, to look closely at a couple of massively multi-user on-line games including EverQuest and Star Wars Galaxies. Several of these now support up to half a million registered users and go beyond simple player co-operation to allow the exchange of virtual goods and information between thousands of players. That has some inherently interesting consequences: for example, what legal interest in, or responsibility for, the real world value of virtual goods or information in the game does the gaming company have?
More specific to my quest, however, are security consequences. For example, it is quite easy to hide an entire communications network inside one of these games without much risk that the uninitiated ever find out you've done it. I didn't come across a word like "steganography" (hiding information in images) to label this opportunity, but it's pretty clear that anyone working in security had better be suspicious of on-line gamers whose lifestyles and on-line behaviors don't quite fit the usual profiles.
On the other hand the industry as a whole has an odd characteristic: tremendous competition and innovation among people all trying to implement the same basic games using the same basic business models. It's a remarkable thing: some of the very best brains in applications computing using the ultimate in leading edge PC technologies to implement fundamentally the same ideas as people working with character terminals on multi-user simulations, chase games, or dungeons variants did at Berkeley and elsewhere in 1981. Some things we couldn't do then are routine now, including artifact trading and on-the-fly graphics, but otherwise little has changed. It's as if the world of romance novels had evolved the visual sophistication of Titanic or Lord of the Rings while failing to progress beyond the plots and structures characteristic of the Clarissa Harlow and Nurse Jones meets a Doctor genres.
The innovation takes many forms: mostly graphics linkages, background psuedo AI, and interface improvement, but there's lots of obvious stuff missing. For example, I didn't stumble on anyone offering a GRID style client to take advantage of the fact that the average gamer has three or more PCs - or any cable companies turning their security disadvantages into marketing strengths by offering community gaming support.
What's going on, of course, is that the up front costs for new development freeze old ideas into place, making it virtually impossible to get the money needed to implement a new business model. Since it's the business models that drive the play ideas the delivery methods have improved unbelievably over the years, but the underlying gaming concepts haven't advanced much, if at all, since about 1980.
On the face of it that looks terrible: an indictment of both venture capital and the gaming software community, but in fact there's a hidden good news message for open source here that shouldn't be over looked.
Consider Microsoft's defense for its embrace, extend, and extinguish approach to open standards and protocols. Their claim is that they embrace open standards as part of the general progress of computing but then have to first extend, and later obsolete, these standards in order to advance the art. In effect they use a cyclic model of progress with each new thing given a marketing half life of perhaps two years before the leading edge abandons it to move on to the next great new thing. To Microsoft's defenders, therefore, it's recent embrace of XML, its extension of the technology from SGML subclass to RPC vehicle, and its pending abandonment of webXML for document rights management, is both part of the cost of progress for users and proof of progress for Microsoft.
Look at all this techno-turmoil from the outside, however, and it's possible to argue that Microsoft hasn't actually progressed all that much in the twenty-five years or so since Bill Gates first abandoned Xenix for QDOS. Think about it: by about 1989 SCO had evolved Xenix into pretty much a standard, and highly reliable, Unix product that's still widely used -and still unequaled for performance, security, and reliability by anything from Microsoft. It's easy to argue, therefore, that Microsoft's defense of its behavior has nothing to do with technological innovation but is, in reality. a cover-up for an institutional inability to deeply assimilate standard technologies.
Think of them as the bright but lazy kid in class who voices a hundred alternatives to the ideas being discussed but hasn't read or assimilated the background material needed to understand the theory behind any of them.
In contrast financial restrictions on invention imposed largely by the lack of imagination and willingness to take risks among both the big gaming companies and the players they cater to, has led games developers to make genuine progress through the endless refinement of a handful of basic themes. That, of course, is exactly what open source does best too: taking something that's been done well, like Bill Joy's orginal TCP/IP implementation, and gradually making it better and better.
To some that unremiting focus on making good things better may seem uninspiring, but of course that's exactly what people like Sharespeare and Mozart did in their fields. Both, as you may recall, were plagerists who commonly built on other people's plots and thematic ideas - classic hacker behavior that not only didn't stop them from achieving pre-eminence in their fields, but may almost be considered a hallmark of genius.