Second Life Goo and Dancing Pigs

The virtual world of Second Life has recently been suffering from a series of attacks from what has been referred to as "grey goo", a term which is a direct reference to the scenario of uncontrolled exponential growth in nanotech replicators. The result of a grey goo attack is that the world fills up with junk that prevents anyone getting anything else done.

I haven't covered this before because it is well known to the point of infuriation to most people connected with Second Life. What's been more interesting recently is that people outside that community have started picking up issues like this from Second Life, particularly people more commonly associated with security in general. For example, Ed Felten wrote a couple of articles recently about the "copybot", which allows you to make a copy of anything you can see in-world without paying for it (with some limitations, which aren't relevant to this discussion). Professor Felten is perhaps most well known for his work on the SDMI challenge, US v. Microsoft and more recently the (in-)security of electronic voting machines.

Directly on point to the grey goo attacks is Eric Rescorla's Beta-testing the nanotech revolution; again, this is a bit off what most people would think of as Eric's normal beat.

But that's my point: if you're involved however peripherally in security systems, you walk into something like Second Life and see a lot of problems waiting to happen; as Ed Felten puts it, these are really issues "from the It-Was-Only-a-Matter-of-Time file". New systems should be learning from the mistakes of the past, not blundering through a series of unworkable solutions every time until they get to something that works until the next bad guy comes along. Unfortunately, that doesn't seem to be how the world operates. Ed Felten has another appropriate quote for this: "Given a choice between dancing pigs and security, users will pick dancing pigs every time."

If you're interested in a bit more comment about the grey goo problem per se, I attach the comment I added to Eric Rescorla's article below.

The mechanisms used by replicators in Second Life are completely different to those that nanotech replicators might use, if they existed.

In Second Life, an in-world object can have an inventory of other objects; it can create in-world copies of those inventory objects and then hand them copies of themselves so that they can carry on the process. You can see that one difference here is that Second Life replicators don't have to be assemblers; it would be possible for them to replicate in vacuo as they don't need any kind of feedstock from the environment.

Restraining replicators has proven to be quite hard for Linden Labs. There has always been a limit on the number of objects per region, but although hitting that limit stops the goo from growing it also has the disadvantage of preventing any other users from doing anything (which is the whole point of the attack). Restrictions on the rate at which objects can create other objects, and algorithmic detection of an attack (the "grey goo fence") haven't stopped the outbreaks, which after all are driven by real people with an ability to adapt to new defenses.

One of the more recent suggestions by Linden Lab is that they may try and address this kind of problem by limiting the ability to perform certain operations to "trusted" users, whatever that means. Which I guess kicks the problem out of the realm of virtual physics into the realm of virtual identity. If I thought identity was more of a solved problem, I might be more confident that this would help.