Slashdot Mirror
Second Life Hit By Massive In-Game Worm
An anonymous reader writes, "At 2:46 CST today, the game Second Life was hit by a massive attack by a rogue programmer. Spinning gold rings began to appear in the air and on the ground, and as users interacted with them they began to chase and replicate. Apparently, most people are willing to touch an object they've never seen before and this invoked a worm script that was designed to multiply and spread across the 2,700+ servers run by Linden Labs in California, the game's owner. Many of the six hundred thousand active users experienced serious lag and lost connectivity to the servers, making it one of the largest known denial-of-service attacks in an online game. Linden Labs had to invoke martial law and lock out all logins by users except their staff as they began the task of cleaning the servers of what they began to term 'the grey goo.'" Comments in the SL blog entry indicate that Linden Labs had already deployed a "grey goo fence" before this worm struck, but someone found a hole in it.
Man, that's kinda funny.
Now what they need is some sort of illness that affects characters temporarily, just like real life! Imagine, your character gets a cold and slows down and sneezes every once in a while. Or hey, you go kiss another character (if that's possible) and your character gets infected with herpes! Wouldn't that be fun? Oh wait - that was me last weekend. Damn.
Proof that all it takes to kill the Internet is something shiny.
First off, there were only about 14,000 people on the system at the time, not 600,000 as indicated in the summary. Second, while they did lock out new logins, it should be pointed out that any user who was currently online was not kicked off - and the period of "martial law" lasted about 20 minutes.
Of course, if there were 600,000 users on at the same time, the "game" would be unplayable - it's tough enough when it gets over about 10,000 right now.
Poor means hoping the toothache goes away.
Second Life as the worm turns.
Now we have CopyBot and grey goo and it seems like SL is just another dodgy online game after all.
I just finished my homework and found this article!
Guess I'll go watch Family Guy and not play Second Life as usual.
I played once last year; I hear it hasn't gotten any better.
What's the draw?
Why so many articles on this stupid game?
This sounds like horseshit. It's like something you would see in a factually absurd hollywood movie about a programmer uploading a virus into the power grid. How does this work in these games that someone is ever allowed to inject a code that can run on someone elses session? Why would they allow that. Spining rings appearing in my session from some one elses code and my computer runs the code if I touch them. Praise Tron. I assume there is some explanation for this but since I'm not a gamer I am without a clue.
Some drink at the fountain of knowledge. Others just gargle.
What? No Screenshot from anybody?
-jX
Don't you just love politics? It's like a comedy of errors.
...for people to shut down their second life and move on to their third.
So who did it? Most people will probably blame the W-Hats, methinks.
Wow, so now they're blaming it on a "worm"... ok. SL is like watching an MMO flipbook, the packet-loss is phenomenal while they continue to supposedly attract corporations and live-weather map projects, host in-game advertising and I'm sure making money off people somehow with Linden cash transfers. Buy some freaking servers, or get rid of the 2,700 solar-powered calculators currently running the thing.
I'm fighting The War on Drugs!
This reads like something from Neal Stephenson's "Snow Crash".
I never thought we'd get real systems vulnerable to attacks with 3D visual components as an integral part of the attack. This is much closer to SF than expected.
Is there a video?
Wow, talk about reality imitating art. Or, art imitating art. Or technology imitating art. Or the virtual imitating the virtual.
Annnyway, this sure brings me back a few years. The first time I read Neuromancer, I thought, "Damn, what would it be like to live in a world where interacting with computers is so visceral?" We haven't developed networked, immersive 3d environments, but we've sure come a long way from the days when just getting on the Internet from home was a major accomplishment.
I'd say this attack is proof that no matter how creative and interesting and fun an environment you create, there's always going to be someone out there who will put a lot of time and effort into pissing in it. I'm sure the creator of the worm has some sort of wonderful rationalization, of course. I wonder, is it worse to attack networks in the name of profit (or patriotism), or to do so just because you can?
Read the EFF's Fair Use FAQ
Hey Kid, Want to try some Snow Crash?
This thread is worthless without pictures.
Does anyone have screenshots of the alleged "grey goo"?
We all know what to do, but we don't know how to get re-elected once we have done it
Nice hack. Kudos to whomever pulled it off. The videogame generation is in danger of becoming a legion of conformist, rule-following lab mice, conditioned to obey and consume, differentiated only by which Big Media corporation they swear allegiance to. It's good to see someone somewhere is sowing discord. Eris would be pleased, but then who gives a fuck what she thinks ;P
Some people have been talking it up ever since several SomethingAwful users ran afoul of Second Life admins.
Second life allows users to create virtual objects which can be sold (or transfered) to others. These are much like physical objects in the game world, like body parts (to change the way you look) and can be sold from ingame vending machines or whatever. Most, if not all, have scripts associated with them to direct their behaviour and how they interact with other objects or users. I don't know if this is compiled to bytecode or what. Something like this probably resulted from a duplicate_when_touched() or something similar that worked around the grey goo protection.
SL is full of pervs
Linden Labs had to invoke martial law...
Some people seriously need to get a grip. This is all ones and zeroes - comparisons with "martial law" are just silly. Second Life needs to be renamed to give its users a much needed message - namely, Get A Life
Like my Mom always used to say: "Don't take virtual candy from virtual strangers".
Table-ized A.I.
I was online when this thing was attacking, and it never seemed to get to my sim - I saw the notices, and the web notice that they'd locked things down to linden login, but they let anyone there stay. It was laggy, but that's not that unusual these days. At least with this one, the grid was never fully down (if you were already in or didn't get booted) and the Lindens were able to contain and clean it up pretty quick (unlike some of the marathon outages caused by goo of the past). Total offline time for this one was about 1/2 hour.
A clarification - even if there are currently ~600k active user accounts there are usually only ~10K or so online any given time of day.
Anyway, I'd say the overreaction to copy bot did more damage to SL as a whole than this thing did.
Yawn.
MSRP - Tax, Title & Licence Extra Your Milage May Vary
honey, we shrunk the secondlife-kids...
Jesus Saves
It looks like the admins now have a "second job"....
I'm suprised this hasn't happened before. (Well, it did. But nobody cared. And rightly so.)
In a virtual world where you can script any object and have it any other player interact with it, there's bound to be an errant object which bounces 100ft into the air and splits into thousands of self-replicating drones. It's only natural.
Heck, I'd do that in my 'first life', but I'm not that good at origami.
Sonic the Hedgehog!
This appears to be related, at least in concept, to problem which sometimes comes up in network protocol design, Sorcerer's Apprentice Syndrome, which results in a cascade of copies that eventually overwhelms the ability of the connection to transmit and route the duplicates. The term originates from the Walt Disney animated feature Fantasia where the Sorcerer's Apprentice (Mickey Mouse in the red robes and wizard hat) accidentally causes the mops washing the floor to increase via geometric doubling. One wonders if other MMORPGs are vulnerable to similar attacks.
...to bring them all, and in the darkness bind them.
Take life easy: one bit at a time.
...find the key of the twilight. those worms can be data-drained right?
Move Sig, for great justice.
Uh oh, I think SkyNet just became self-aware... of its Second Life account.
... and then they built the supercollider.
It's not just the content, it's also the presentation:
"...Linden Labs in California, the game's owner."
Do Second Life users also grab at modifiers that are dangled in front of them?
- RG>
Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!
Is this anything like the Puffy Cat Virus?
It must be Windows. It needs half a gig of RAM and a hardware-accelerated graphics card just to run Solitaire.
Who cares if "martial law" is a misnomer? It's a video game. If someone called Valve "fascists" for shutting down the Steam master servers for a while, people would _laugh,_ not get huffy.
Now we just need something like this to happen to WoW.
-Michael, AKA Frankie.
"Apparently, most people are willing to touch an object they've never seen before"
You should be so lucky.
In snow crash, the visual component was being used to transmit information and reprogram computing machines, in that case the brain. It was an impressive leap of insight into interfaces and the nature of computing machines, not too different than the buffer overflows we've been plagued with since.
In the second life case, the visual component exists because pretty much everything in second life is required to have a visual component of some sort. In this case, the visual component of a ring existed soley as an icon would in an outlook express virus... "click here to infect your system!" And people did. The ring icon is not integral to the attack in any way other than as hot tennis players have been integral to attacks in the past.
Not to burst your bubble, but it isn't exactly a technological marvel.
The ______ Agenda
When I read this I immediately thought Matrix Revolutions where Agent Smith sticks his hand into people to infect them with the computer virus; you gotta admit - it's similar; triggering actions through "physical" actions in a virtual environment ... interesting.
I tried Second Life for the first time last week; gave up after 5 minutes - average ping of 9000 ms.
Take one look at some of the screenshots from that game and *boom* say byebye to your cerebral cortex. Think of the ugliest possible art stretched into three dimensions doing things that would make Japanese tentacle monsters say "Hey, that just ain't right".
Help poke pirates in the eyepatch, arr.
What do you expect it is a faithful recreation of the world we live in. Next you'll by catching typhoid and watch people taking rice stools. In fact thinking about it, so you think the developers have a god mode where they can introduce plagues, frogs and such?
To what appears to be a screenshot of the worm. Description seems to match... If the site goes down I'll put it up on an image sharing site.
Second, while they did lock out new logins, it should be pointed out that any user who was currently online was not kicked off
It's now misleading to use standard english? Locking out " new logins" carries the connotation that only new login attempts would be affected.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
This sort of thing happens all the time in Second Life. Why is this news?
"A good compromise leaves everyone mad." -Calvin
If you get 100 rings do you turn into Super-Sonic? ^_^
With 2700+ servers they have a hard time handling more than 10k users? Less than 4 users per server is tough enough? Um, I think there's Opportunities here.
--
*Art
on a related note, why can't we moderate stories as "-1 posted by an idiot"?
The Second Life marketing department have been very active recently.
This story smells funny.
- It is just a virtual world, just a game.
- The vulnerability of the system was demonstrated, possibly a good thing. It makes you consider the consequences about DOS-attacks in the real world.
- It lets people think about what is important in First Life: Maybe it is not a computer game?
- Some things has to be tried, sort of like climbing Mount Everest.
- I was not affected.
:-)
Nevertheless, this may ruin someones evening of good-hearted fun, affect SL's legitimate business and possibly (somewhat tangential) even ruin it. That is not fair and right.Is this event really so easily forgiven? Why are we not condemning this action with as much venom as we do with spam?
Reality or nothing.
http://en.wikipedia.org/wiki/Captain_obvious
Jesus Saves
and you know this how....?
Apparently you are unaware of the millions of CS kiddies who cry when the Steam servers go down, but maybe that is not getting huffy either.
Fascism should more properly be called corporatism because it is the merger of state and corporate power. -- Mussolini
The 600,000 refers to the number of accounts that were active in the last 60 days, as per the counter on their homepage. Apparently the overhyping of Second Life now extends to their system outage reports.
you go kiss another character (if that's possible) and your character gets infected with herpes
Genitals are manufactured objects in Second Life, but your normal face's lips are not, so genitals will almost always carry scripts of their own.
This means that kissing another character is unlikely to be a vector for viral infection, but there's a related activity that could easily do this.
Incidentally, waxing your carrot can of course trigger any scripted action in the object, so climax can be rather more visually impressive in Second Life than in your first one.
The first time I saw something like that happen it was really bad. Performance was very badly affected, and the objects would launch people into the air, so the only thing that could be done was sitting (you can't be pushed if you're sitting) and talking until they fixed it. And after a while the whole grid had to be brought down for hours.
Now all that happens is that things slow down for a while, they close logins for a few minutes, and soon everything is back to normality. Some areas aren't even very noticeably affected, because object creation is disabled, so the stuff doesn't get to run on those sims in the first place. The only effect felt there is the degradation of the central servers.
While it's certainly annoying, it's not nearly the problem it used to be.
I imagine SL Admins looking at their screens showing scrolling pages of code or random characters, green on black of course, wildly hacking on their keyboards, shouting "IT BREACHED THE THIRD FIREWALL! IT'S GOING FOR THE CORE!"
I wonder if all the companies that now have a "presence" in Second Life are thinking about suing? What if a big press conference was scheduled for today to occur in the online game?
You are welcome on my lawn.
Yeah. Why the hype? I thought VRML died out with Netscape.. but apparently it lives on in Linden's ultra-shitty proprietary variant. Perhaps people who have bought into this crap are in massive denial about it.
Certainly these Linden people seem keen to lie about the number of users they have - 600,000 when they mean something closer to 10,000. Are they also lieing about corporate interest?
It seems that the system scales very poorly. With hundreds of servers, they should be able to support many more people than that, especially as the game appears to be divided into very small sectors (islands, I think they are called). This could all be done so much better.. and perhaps one day it will be, it's just a shame that these Linden jerks will get the props for "doing it first".
Under an hour from recognizing the problem to fixed. If this were WoW, the servers would have been down 3 or 4 days!
no text
you beat me to it :-) grandparent poster is obviously from some agrarian economy, haven't got as far as paper money yet.. mind you one day somebody will manage to explain the financial "futures" market to me as well!
I've been seeing an awful lot of stories about second life lately. First it was businesses opening virtual stores, then the copybot and now this. Is it all coincidence, or has Linden Labs been pushing their marketing campaign into high gear?
The problem is that the world is Zone Based, meaning each server is responsible for a equal size geographic portion of the world. The result is that processing power is spread evenly over the whole world. The problem is that people like to congregate causing some geographic areas to have more players, and other servers to have none. Where you have more players, you have more work for the server causing everything on that server to slow down. So the result is that the places players most want to be are also the places with the greatest lag. The unfortunate result is that many players have a negative experience right away.
Really, the whole server architecture needs to be reworked to behave more like a proper cluster, but that is too large of a change to ever consider implementing without starting over from scratch.
Slashdot is an anagram for Has Dolts, and I am Dolt number 468543
It's business as usual in Second Life. NEWS would be if there WASN'T an exploit for a whole week.
This latest attack isn't the newest or most severe Second Life has experienced. In October 2006, a glut of attacks followed a vague "terrorist" threat uttered by self-replicating objects. In April 2006, three major attacks took place. Almost a year ago today, Linden Lab blocked a DoS attack by deploying a giant virtual firewall in-world, but I don't think that method is still used. Linden Lab had suggested earlier this year it would bring DoS attackers to the attention of law-enforcement agencies, but the results (if any) have not been publicized.
It really is. Which is why I won't associate with anyone who has an account... at the very least it shows a lack of fiscal responsibility.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
... Or your computer?
It would at least seem possible to make the zone size a server is responsible for variable, and then eventually, dynamic. That would look just like it scaled.
Nerd rage is the funniest rage.
no text.
jk ;)
Fuck our spinning shiny ring overlords. Why can't we be welcoming our amazonian leather-clad dominatricies?! But noooo we have to have spinning shiny cock-rings of death. Freakin homos.
The whole thing was managed in about an hour, which is pretty good. Hard to believe this was Slashdot fodder. Quick, someone post a 'Ballmer is an idiot' story!
Well, it must be a Tube Worm then.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Good morning, The Worm, Your Honour, The Crown will plainly show, The prisoner who now stands before you, Was caught red-handed showing feelings. Showing feelings of an almost human nature. This will not do.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Self inflicted wounds to get attention.
Bingo. Among others, "Bad Girls Dance and Fetish" and "Club Arsheba" were the two places I could hardly walk. Keys wouldn't respond and there were like shitload of drifters like me.
Spinning gold rings began to appear in the air and on the ground, and as users interacted with them they began to chase and replicate.
Any chance this was accompanied by a sound, something akin to sharpening knives?
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Sorry I don't have an account here, but that's ok :) I am Traven Sachs in Second Life, and I run Wolfhaven Productions, a Second Life based business. For those of you who don't know - Second Life is a 3D Virtual world with a contiguous 'grid' of 'regions' (think counties) we call "sim's" (short for simulator). A person can literally 'walk' from one side to the other... takes a while, but oh the sights you'll see!
In any event, objects and items created in-world by someone can be 'scripted' or programmed by the creator to DO different things. Sometimes the programming added to items can be set up to do malicious things like create a self-replicating device that runs amok and complete out of control. The same programming could be used to make self-spawning CONTROLLED objects as well that are by no means malicious.
You might say at this point... well - if it can be used to do harm like that, why leave it at all? Because MOST folks interacting with Second Life are responsible individuals that are there to enjoy themselves. The creators of Second Life have been improving the in-world controls over the past year to help prevent malicious attacks and code from spreading and downing the grid.
Some will point out that the grid WAS down. Actually it wasn't... It was Closed to NEW logins... but anyone already in-world was still there, including the clean-up crews. The grid didn't go down... folks just had to wait in line until they swept the theater clean of refuse (so to speak). :-)
Now, on a final note let me point something out... I have been in Second Life since September of LAST year (2005). The first 'grid attack' I experienced downed the grid completely for HOURS and caused major amounts of content to be deleted in-world... entire buildings and structures just 'vanished' before my eyes (just before I was kicked off)....
Now, we have a grid attack, and 9 times out of 10, most residents who are currently logged IN to Second Life may not even be AWARE one is happening, because the clean up crews at Linden Labs have developed ways to stop them that much quicker. Not perfect, but... FAR better than it used to be.... and STILL improving. :-)
If you want to know more about Second Life, check out http://www.secondlife.com/. :)
With warmest regards, I remain
~Traven Sachs
Wolfhaven Productions
http://www.wolfhavenproductions.com/
This is a great funny story.
I guess the real lesson is that Linden Labs needs to figure out how to make instance instansation in SL expensive so it would be worthless to try these types of attacks.
Like forcing a confirmation whenever you wanted to create a new object. (or giving each new creation a price, like 1 Linden dollar or something)
Then second life could be exactly like real life...
Cheers
Ben
It's strange for me, that nobody mentioned .hack//SIGN, or Tad William's "Otherland" yet. We just need some comatose kids in front of screens... :)
Hmm... anyone seen a bracelet around? :)
Ummm. . . VMWare ESX server clusters under the virtual Zone based servers? Maybe not even have separate clusters, but make all 2700 servers Virtual, run them in ESX cluster that is 2700+ servers, and let ESX handle the proper clustering? Would that work?
Opera, Proxomitron-Grypen,GPG 0x0A1C6EE3
Reminds me of Hack Sign anime series, where a gold ring started killing random characters of "The World", a virtual immersive MMORPG.
The geniuses at Linden Labs, and their fanbase, have been calling stunts like this terrorist attacks from the start. These people are out of touch with reality - if you don't want your players to bring down your servers by spawning ungodly numbers of objects, you don't give them effectively unlimited scripting access.
Rather than put in simple code to check for and prevent this problem, they're happy to scream about terrorism and insist the FBI hunt down these evil terrists.
My god, I wish I was joking, but I'm not. Seriously. Google. Gape in awe. Shake your head in disbelief.
there: 1. at or in that place; 2. toward, to, or into that place; 3. used in impersonal constructions in which the real subject follows the verb.
their: The possessive form of they.
they're: The contracted form of they are.
5. ______ are no excuses this time, Buddy!
There
Their
They're
6. I can't imagine where __________ going after the movie.
there
their
they're
7. It's ________ car, so let them decide where we're going.
there
their
they're
8. Wherever ________ are two or more firefighters in the same room, you know what they'll be talking about.
there
their
they're
9. Whatever ________ doing to this highway, it seems to be taking forever to finish.
there
their
they're
10. These students have a poor attendance record. I'm worried about ______ being absent during next week's exams.
there
their
they're
A lot / Alot / Allot
A lot means "a lot": "A lot of pancakes." Note that this is an informal expression.
Allot means "to divide" or "to give out": "They allotted six square feet per family."
Alot means nothing, and therefore is not to be used under any circumstances.
Spinning gold rings
One ring to start them off, 4,294,967,295 rings to bind them
In the land of Second Life where the EULAs lie.
I had an intervention for my brother.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
i was there, and the worm itself knocked people offline and they couldn't get back on after the lockdown. i was one of them. lucky for you if you got to stay, i'm guessing your area wasn't as heavily drowned in rings. it was a fog for us.
The very first post in the fine article mentions that the author,"heard a bunch of rings being collected". What is the significance of the rings being collected, whose rings are they, and why is the author listening to them?
the NPG electrode was replaced with carbon blac
Actually this happens every few months in Second Life and it's not like we just started calling it grey goo this weekend. Second life is turning out to be a good simulation of some of the issues we might have to deal with in real life with universal (or at least really flexible) fabricators and the collapse of scarcity economies. The problems, and the responses to issues like the big red rubber balls, rings and springs or even drifting lotus flowers that occaisionally (sometimes accidentally and sometimes maliciously) plague the game are giving us some good insight into what balance of rules and incentives might help control similar problems fifty years from now with atoms instead of bits.
and that's just my two,
[-- Trust the Monkey --]
...there's hooks and bubbles and whatnot that appear as the far end result of divination and summoning spells to other planes like the elemental planes...
That's what came to mind...
It is almost as though artificial life is mimicking art now. VR people falling for casts into their plane of existance...
"I'm afraid we can't get your son out Mrs. Thompson. He was pulled from his instance to someplace else and if we cut him off now, it would be neural overload. We're trying to find where he was abducted to and we will then dive in and rescue him, get him to an exit portal or try to do what they did and present him with a hook out of there."
Hmmm...
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
It's pretty useful for shoving bits around here there ad everywhere.
Teh rest is up to whatever Turing Complete thingamajigs you plug into the tubes.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
It's the same shit that has been happening about every week on average since the game was in beta 3 years ago. The one reported on wasn't even that big a deal. How about the rash of them a few months back that took the game out for the better part of a DAY repeatedly for a week?
Jeez.. what passes for "news" these days...
-SS "Teach the ignorant, care for the dumb, and punish the stupid."
Not quite, but close.
You wouldn't want 2700+ new servers, that would defeat the purpose of using ESX.
What you would want, is to take a smaller number (perhaps 500) of more powerful, large multiprocessor systems and use those. Multiple existing instances (zones, regions, whatever they are) would run on each. With vmotion, you can move an instance and it's containing virtual machine to a different host machine at will, so the objective would be to consolidate the "quiet" areas: put many of them on a single host. This would leave the "busy" areas with a dedicated or nearly dedicated host, which we've already established to be more powerful than the existing systems. It could all be done for less electrical and maintenance costs, as well as saving colo space.
I won't say it will be cheaper. ESX with vmotion is not inexpensive. Large multiprocessor machines are not inexpensive, although without knowing existing workloads it's hard to say just how beefy they would need to be. Perhaps 2x dual core blades would do. Even so, it's 10k plus per box, with ESX in the mix.
Is it just me, or do statements like that (and the fact that continual replication is possible on such a huge scale) seem like Linden really isn't thinking of this in terms of real-world programming, and more like movie virtual reality? That's not really a good thing.
ADVENTURERS! - ANTIHERO FOR HIRE - CARDMASTER CONFLICT
I don't know why it should be such a big change that it means starting over. Certainly they should be able to break out certain sub-systems so that they can scale over several systems (possibly shared) without needing to rewrite the whole thing. For example if they use some sort of database to store the data a machine is tracking they could modify it to invisible split that task across several machines. If they use a standard db like MySQL or Oracle this could be as easy as making some configuration changes. If they can store and access such data when stored on multiple machines then a lot of tasks such as object movement should be able to be processed by multiple machines.
Having a machine per area does seem an odd design decision. I can see that it might speed things up a little when overhead is low, as you'd have less passing of data around their internal network, but as overhead rises it seems it'd be better to have everything distributed across multiple machines.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.