So today was the first day of work for my former coworker benoc at Linden Labs, the makers of the complete waste of time known as Second Life, and he mentioned that of the many perks he gets there is some sort of crazy god mode powers on the production servers. This highlighted a concern I've had since the t20 incident in Eve last year. Why is it that game developers, sysadmins, database admins, etc. seem to have "superuser" privileges on MMO production servers? Shouldn't these sorts of things be compartmentalized?
At work, we have a security policy that basically dictates that people need to have as restricted of privileges as possible. We don't put development tools on production machines, we separate the duties of service developer and service manager, and we don't let developers have access to production boxes, among other things. While this is unfortunately not as common in the IT industry as maybe it should be, I think it is generally accepted that this is the best practice. And yet it seems like incidents like the t20 affair could have been avoided if similar measures had been implemented and safeguards acted upon.
Second Life and Eve are two very different games (if Second Life can even be called a game), and I don't think a developer giving a certain item in Second Life would do as much to tilt things in someone's favor as t20's misconduct in Eve did. On the other hand, the linden-to-dollar direct conversion makes the stakes for some sort of misconduct quite a bit higher as well. Now, I'm sure Linden Labs has an extensive system of auditing (and unlike Eve, it sounds like they have outside auditors keeping an eye on things), but an ounce of prevention is still worth a pound of cure.
Surprisingly, in all the game development books I've read, even those focusing on MMO development, security and transparency doesn't really seem to have a central focus in the development process. While security in IT has become more and more of a concern since the late 1980s, it seems like MMO development hasn't adopted many of the basic concepts. Some of this, I think, is because the MMO industry is still somewhat immature and the mentality among some development houses is still that of MUD implementors years ago, when games were run for free on a college server on the QT. Everyone does everything and friends get privileges they don't really need just because they are friends.
But compartmentalization is only part of the solution -- companies need to treat tampering with the game seriously and make it clear to their customer base (or at the very least, their investors) that they do so. The big problem with the t20 affair and the other issues that have come up with Eve is that to many people, it seems like the only response from CCP has been a slap on the wrist -- and the revelation that the company knew of the issue months before it became public and apparently did nothing only compounded the problem. The "scandal" that came up earlier this year with regard to alleged intervention against GoonSwarm and ISD misconduct after the t20 affair became public actually turned out to largely be less of an issue than many people were claiming. However, the perceptions that the t20 affair was horribly mishandled eroded the trust of many players for CCP, and allowed others (most notably GoonSwarm) to make more of it than it actually was, because now people were all too willing to believe that cheating had been institutionalized within the halls of CCP.
Frankly, I'm a huge fan of Eve and I think the game is overall a well-designed product with some very standout differences from the normal MMO crowd, and I hate to see the game suffer because the company doesn't want to treat the game like a business and a product whose integrity must be preserved. Unfortunately, I suspect CCP's problems are hardly unique, but I wonder how much misconduct is either caught and quietly dealt with by other companies before it can become public, swept under the rug and ignored as acceptable, or simply not caught. As the industry matures, and more and more real monetary value is traded in these game economies (a trend I don't really endorse, as I don't like the idea of RMT, but a reality that will always exist I'm afraid), MMO companies are going to have to start taking more and more measures to secure their economies against tampering. When I briefly dated a law professor last year, one of the things we talked about was how this is a rapidly emerging field of law -- if real value is being created, and can be destroyed (or severely disrupted) almost at a whim, the number of lawsuits that could be filed if one of these companies goes under or sufffers some sort of unrecoverable data loss could be staggering, regardless of what safeguards they try to put in their EULAs.
At work, we have a security policy that basically dictates that people need to have as restricted of privileges as possible. We don't put development tools on production machines, we separate the duties of service developer and service manager, and we don't let developers have access to production boxes, among other things. While this is unfortunately not as common in the IT industry as maybe it should be, I think it is generally accepted that this is the best practice. And yet it seems like incidents like the t20 affair could have been avoided if similar measures had been implemented and safeguards acted upon.
Second Life and Eve are two very different games (if Second Life can even be called a game), and I don't think a developer giving a certain item in Second Life would do as much to tilt things in someone's favor as t20's misconduct in Eve did. On the other hand, the linden-to-dollar direct conversion makes the stakes for some sort of misconduct quite a bit higher as well. Now, I'm sure Linden Labs has an extensive system of auditing (and unlike Eve, it sounds like they have outside auditors keeping an eye on things), but an ounce of prevention is still worth a pound of cure.
Surprisingly, in all the game development books I've read, even those focusing on MMO development, security and transparency doesn't really seem to have a central focus in the development process. While security in IT has become more and more of a concern since the late 1980s, it seems like MMO development hasn't adopted many of the basic concepts. Some of this, I think, is because the MMO industry is still somewhat immature and the mentality among some development houses is still that of MUD implementors years ago, when games were run for free on a college server on the QT. Everyone does everything and friends get privileges they don't really need just because they are friends.
But compartmentalization is only part of the solution -- companies need to treat tampering with the game seriously and make it clear to their customer base (or at the very least, their investors) that they do so. The big problem with the t20 affair and the other issues that have come up with Eve is that to many people, it seems like the only response from CCP has been a slap on the wrist -- and the revelation that the company knew of the issue months before it became public and apparently did nothing only compounded the problem. The "scandal" that came up earlier this year with regard to alleged intervention against GoonSwarm and ISD misconduct after the t20 affair became public actually turned out to largely be less of an issue than many people were claiming. However, the perceptions that the t20 affair was horribly mishandled eroded the trust of many players for CCP, and allowed others (most notably GoonSwarm) to make more of it than it actually was, because now people were all too willing to believe that cheating had been institutionalized within the halls of CCP.
Frankly, I'm a huge fan of Eve and I think the game is overall a well-designed product with some very standout differences from the normal MMO crowd, and I hate to see the game suffer because the company doesn't want to treat the game like a business and a product whose integrity must be preserved. Unfortunately, I suspect CCP's problems are hardly unique, but I wonder how much misconduct is either caught and quietly dealt with by other companies before it can become public, swept under the rug and ignored as acceptable, or simply not caught. As the industry matures, and more and more real monetary value is traded in these game economies (a trend I don't really endorse, as I don't like the idea of RMT, but a reality that will always exist I'm afraid), MMO companies are going to have to start taking more and more measures to secure their economies against tampering. When I briefly dated a law professor last year, one of the things we talked about was how this is a rapidly emerging field of law -- if real value is being created, and can be destroyed (or severely disrupted) almost at a whim, the number of lawsuits that could be filed if one of these companies goes under or sufffers some sort of unrecoverable data loss could be staggering, regardless of what safeguards they try to put in their EULAs.
MarkJ sent me this article from the Chronicle yesterday that sort of looks at the same type of issue in other areas as well. I don't really understand why a university professor would be using Second Life as a teaching tool, except to try to appear "hip" to his or her students perhaps, but it's still an interesting discussion. Seems they don't really consider "security" in terms of things beyond their own system, either--like personal safety and interpersonal relationships that occur in or related to their virtual world. Like the L$ example you use, these things aren't going away, and the problems they create in the real world are unfortunately going to get worse and will need to be addressed.