« Innovation I | Main | See Jose hit »

Apr 27, 2005



There are very few things which cause me to experience the sense of childlike awe which Einstein spoke of, but this is one of them. I want to have the author of this program's baby. I consider that since most likely we're both male, and I'm heterosexual, that could be difficult...however the offer still stands regardless. ;-)
In the words of Wayne and Garth, we most definitely are not worthy.


Looked through it quickly. Any commentary and analysis on the different implementations currently disclosed?


Petrus, in awe, wrote I want to have the author of this program's baby.

[Not intended to be mean] As a game of wordplay, think of the alternative meanings that come out of this string of modifers.

Intended meaning: This program has an author, and I want to have the author's baby.

Meaning based strictly on word order: This program has a baby. The baby was authored by someone. I want to 'have' the author.


Anyway - one thing that's either kind of cool about this or should seriously make me feel unlucky. I have the final pre-pub draft of my book sitting on my desk. In it, there' are lots of places where I write "Hoo boy, once P2P and MMORPG meet, it's going to be a hum-dinger!" So when the dang book hits the stands, this will already have happened. *Dated before publication.* [sigh]

The closest I come to predicting is saying "You know, these are not pie-in-the-sky forecasts, the two technologies are laying around right now and just need to be connected." So I don't know, maybe it will make me look smart if it's just bubbling up as the book comes out.

I do think peermogs are an almost scary concept. If they work. In the book (more shameless plugging SORRY) I coin this term 'toxic immersion' and discuss how peermogs could be serious trouble if they are addictive. We'll just lose people.


I wish this had come out before my talk at KTH Stockholm last week, which was basically asking for the technology that this seems to deliver.

(1.4mb of Powerpoint slides temporarily available here, and you'll need two fonts from here and here to read it).



I do think peermogs are an almost scary concept. If they work. In the book (more shameless plugging SORRY) I coin this term 'toxic immersion' and discuss how peermogs could be serious trouble if they are addictive. We'll just lose people.

The traditional client server model still has a great deal of utility and appeal that should insulate you for a while. P2P inherently has issues with authority (ie cheating) and consistancy that aren't likely to be solved easily.


The war between Kazaa users and the RIAA is a good case in point. Basically, the RIAA pays contractors to flood Kazaa with "fakes" of popular songs, so that if you try to download Britney Spears' latest, you get a 30 snippet segment of the song (legal fair use max for copying) followed by silence. Or worse; supposedly Madonna had the network flooded with an obscene diatribe against music pirates. Veteran Kazaa users are trying to fight back with things like swapping CRC stamps of "legit" files, firewalling known RIAA contractors, and the like. Aside from the various legal implications, it's a good example of how a peer-to-peer network can be subverted given enough motivation.

Beyond that, there's the model we've seen with 3rd party UO servers; most last just long enough for the owners to realize that the average MMG user can be somewhat demanding.


From the Solipsis wiki:

"The world is initially empty and only users will fill it by creating and running entities. No pre-existing cities, habitants nor scenario to respect..."

Is it just me, or does anyone else reading that hear, "no ... respect"?

"Solipsis is developed within France Télécom - R&D Division∞.

NB: The name 'Solipsis' comes from Solipsism∞, a philosophical doctrine that claims that reality only exists in one's mind."

Go ahead. Try to tell me those two things ("France" and "solipsism") are unrelated. I dare you.

Seriously, the peermog idea is intriguing. I have technical questions, mostly concerning security. (Scalability probably won't be an issue for homebrewed games -- creating enough content to fill the box will be a far more common problem.) But the notion of cutting out the slow, expensive middleman is probably too seductive a siren call to ignore.

Question: How will the big client/server players react if a few peermogs get a lot of positive buzz? Will the typical choice be "beat 'em" (ad buys to promote having more/better features than peermogs) or "join 'em" (create their own peermogs)?

Scott> the average MMG user can be somewhat demanding




The main idea behind Solipsis is to enable a web like cyberspace:
built by users contributions and running on users machines.
We are now like in early 90s with httpd + mosaic but no webpages.

The main differences is that:
1) In Solipsis "mosaic" and "httpd" are indeed the same program (the node), so "readers" are also "content" providers (next version will implement file sharing)
2) When you "surf" the web you are alone. In Solipsis you meet the other surfers

I don't know if Solipsis will be the system that will work but I am sure that there will be in a near future a system like this one.

-- Joaquin


I just finished reading Richard's presentation. It seems like a fair summary.

I'd agree that Solipsis seems to have the potential to be very cool. It is clearly in the realm of virtual worlds, not the in the realm of MMOGs.

Commerical use would require a far more stringent set of features that would drift the arcitecture back towards client-server.. A clear delination of client content from server rules / content. Seperate trust lists to approve transmission of the server and client. And some authority established for publishing the trust lists. Handling of distribution and redundancy.. Probably a few other things that haven't even occured to me.

Its not that attractive commerically for any arbitrary client to be able to publish server data to others, or to act as an authority for rule interaction.

Also each commerical features acts as a limiting factor for how much growth a P2POG could handle. Someone could probably do well developing something along these lines targeted for sale to MMOG publishers as a 3rd party module


What am I missing here?

This sounds like something that wouldn't be very fun at all. There would be heaps of content, the overwhelming majority of which would be complete dreck.

You would never know when the server you were playing on would go down. Your favorite place could disappear tomorrow, or an hour from now.

Peer-to-peer is nice for going out and getting something you need on a one-shot basis, but for long term, continuous reliability it definitely is not the way to go.

Furthermore, I have absolutely ZERO confidence in the general public to create fun, compelling content. I am not saying nobody can, but the majority cannot.

Go visit Neverwinter Nights fan sites (like NWN Vault). 95% (or more) of the stuff is complete trash.

Maybe I am totally missing something crucial here about what would make this actually interesting rather than titanically boring and frustrating?


Come on. Don't be so pesimistic. The web is user generated.
Some users are more skilled than others some are boring other not.
Look at the blogs.

Sure we need stable solipsis nodes. Just co-locate solipsis nodes with your -stable- apache server.


Call me crazy, but with P2P why do you need a server machine at all?

One of the nice things about distributed processing is that you can lose a node or two without losing the entire system (as happens when a server coughs and dies). Look at the success (in terms of usage numbers) of the SETI@home project -- "graceful degredation" is a hallmark of a well-designed P2P system.

That said, it will probably limit the kinds of worlds you can create if everybody has to have a full copy of the executable and all data running on their home machine (or even their Apache/IIS server if you really wanted to do it that way). You'll also have issues with players being able to hack their client files, but some sufficiently burly encryption might prevent that problem.

In short, sure there'd be problems with a peermog approach -- so? What technology *doesn't* have inherent problems that need to be overcome?

The content creation problem is a separate issue, and that one I'm not so sanguine about. Sturgeon's Law will definitely apply; the question is whether there'll be enough hits amongst all the misses for the entire concept to retain buzzworthy status.



I think peer to peer worlds have a great future. I’m building one myself. Solipsis looks like an interesting effort. I particularly like the use of geometry to find missing neighbors. But looking through the protocol, I didn’t see any explicit system of cheater discovery. That worries me. As MMOGs amply demonstrate, there are people who will create cheating nodes “just for fun”.

Though absolutely pure peer to peer is intellectually satisfying, I’m not sure its entirely practical given that some nodes will be “in the hands of the enemy”. Myself, I think a lot of advantages can be got from mostly peer to peer with some central server for final authority. Plus in my case, using an already accepted 3rd party authority like DNS. Is there a cheater discovery package in the works as elegant and as the position discovery?


On reflection, I realise that you are correct about my grammatical gaffe in the earlier comment. Sadly I consumed a certain amount of marijuana some years ago, as part of the usual troubled youth that I believe many of us experience. However, I have noticed that my capacity for coherent grammar and sentence structure (indeed, my degree of intelligence in general) has genuinely never been at quite the same level that it was before I smoked.


I'm messing around with Solipsis at the moment. There are a couple of people on, I think, but I can't quite figure out how to communicate with them. There is a chat room, but they don't seem to be receiving my messages. Will keep trying, as I'm interested in this.


Just noticed your comment about toxic immersion re peermogs, and the threat of losing people. Based on some of the horror stories I've read about EQ, I'm not sure how a peermog could necessarily be much worse. (although if it could, I really don't want to think about it) I remember hearing recently about Sony supposedly granting people the ability to order pizza from within EQ...which in my mind is completely wrong.

Although the other thing re peermogs is that in my experience with eMule anywayz, you generally don't get anywhere near your full bandwidth capacity for downloading files. If this is the case, it's unlikely to me that a fully three dimensional environment would be feasible with a peermog...and although it's true that MUDs can be addictive, (I have a brother who failed his last two years of high school because of the amount he was playing Imperial Diku) from what I have seen, the 3D element seems to be a prerequisite for generating truly life-threatening addiction problems.


Peer-to-peer shared spaces aren't new, by the way. Croquet, being worked on by numerous educational institutions and led by Alan Kay and David Smith, is also peer to peer and seems quite a bit further along.

More importantly, the security aspects of p2p MMOs are pretty scary. While I am a huge fan of user-created content (obviously) a p2p MMO is different than using firefox to surf to apache. Imagine web surfing where you give every website you visit your identity, credit cards, and all your stuff for safe keeping. You have the delightful combination of hostile script code surfing to hostile hosts. The positive is that everyone is trying to solve this security problem -- the negative is that it might not be solvable.


Scott> The war between Kazaa users and the RIAA is a good case in point. Basically, the RIAA pays contractors to flood Kazaa with "fakes" of popular songs.

You understand what this is, right? This is force projection within the continuum. It's not dropping litigation or bombs on servers. It's going inside the comm network and working within its rules. And that's all you can do to project force in a P2P network. You realize what it means? The only way for, say, a government to influence a P2P fantasy world is to send agents into the world and use griefing or PvP rules to get the community to do what you want.

It's Marines in mithril armor.

Stealth and those wicked high-level AE spells have genuine security implications. 'Bind Sight' becomes a useful surveillance tool. The norms of PvP combat in today's worlds are ur-structures of conflict in real wars that will happen some day, in some system.

I floated some of this stuff to serious security people about 18 months ago. I don't think they bought it. But I can't get around it.

Cory> Peer-to-peer shared spaces aren't new, by the way. Croquet, being worked on by numerous educational institutions and led by Alan Kay and David Smith, is also peer to peer and seems quite a bit further along.

That's the other one. Julian Lombardi at Wisconsin is the name I associated there.

Hellinar> I think peer to peer worlds have a great future. I'm building one myself.

Gah!!!! That makes three! I'll retire to Bedlam.


Richard's vision and the aim of Solipsis , and perhaps Edward's (have to read the book), are probably what is going to happen rather than P2P Virtual Worlds, but what of P2P MOG like NWN?

On the gaming front, I envision more of connected game worlds hosted by a decent numbers of ISPs with protocols to move avatars and objects across worlds. The downside case is that people will start putting forth immigration & visit policies and end up looking very much like the RL.


The Solipsis system describes a peer-to-peer system. Richard Bartle's slides desicribe a client/server architecture where everyone can have a server with their own private world. The two are different, and I suspect Richard Bartle's proposal is more doable, or at least has the ability for more interesting content.

So... I wave my hand, add a few items to my VW's schedule, and the system is magically built and working. What does it give the user?

1) The ability to create their own worlds, which they have in text MUDs, the system I'm working on, and Second Life. (My system will have static 360 surround images like Myst III, no 3D accelerator or animated models.)

2) The ability to host their worlds on their own computers, as with text MUDs and my system.

3) Convenient way to portal between worlds. They don't have to type in a new URL, but can click on an in-game door. Easy to impliment.

4) The ability to port their character's visuals, as well as approved items, between worlds. This is where I run into non-technical problems:

a) 3D model - I wave my hands. Poof. Done. Except for some policing with too many polys, offensive models, etc.

b) Approved races and items - Poof. Done. However, the chances are that any unique item gotten from a world won't transfer over. A stock sword might, but a sword of vorpal undead slaying probably won't, UNLESS a group of VW authors gets together and defines a standard library of new stock objects, like D&D coming out with supplimentary rule books of magic items, monsters, and races.

c) What prevents one VW from being monty haul and destroying the VW economy of everyone else's world? Nothing. My VW can give players 1M GP just for entering. Of course, my VW can be blacklisted, and any character referred from my generous world can be denied. BUT, unless all worlds block my site, one of them can be used for "loot" laundering, carrying the loot from my world, to the Carribean shell world, to any other world. I can also change my IP address and be back in business until I'm blacklisted again. Conversely, a world subscribes to a list of trusted worlds and blacklists everyone else, but I suspect the average "confederation" of self-trusting worlds would be less than 20 members.

d) Minor problems, like: New PC enters world and finished in room A. Several weeks later the PC enters, but with different stats and the referral says to put the PC in room B. The default behavior is to use the new PC stats along with room B, but either case could be argued, especially if the new version of the PC had lost some items. Another minor problem: PC's or user's name is already used by someone else.

From a player perspective:

1) I think socializers will love it. It may turn into one of the many huge but empty 3D chat worlds out there, though. (Socializers may want mud-mail forwarding, which is a bit tricky.)

2) Non-competitive RPG will like the concept of taking their characters between worlds, but might not be so happy when their favorite magic item doesn't transfer. This can be mostly handled by logo-ing worlds that comply to specific magic-item standards.

3) Competitive players won't like it because there will always be an overly generous VW out there, and probably intentionally built.

4) Explorers will like it.

5) Builders will like it. Again, they may end up building too much. 1 billion virtual worlds and counting, for only 1 million players.

Any comments? I'd like to be convinced.


I do think peermogs are an almost scary concept. If they work. In the book (more shameless plugging SORRY) I coin this term 'toxic immersion' and discuss how peermogs could be serious trouble if they are addictive. We'll just lose people.

Don't worry, Sturgeon's Law to the rescue. 90% of what the peers will produce will be crap, because 90% of anything is crap. And peers don't have a quality control department to sort it out.


I like the idea. However, relating it to the Metaverse in Snowcrash is a bit over the top for me. It seems that this current setup is complex and that in order to truly "enter" this virtual world you need to have a certain level of technical proficiency. It is one thing to let advanced users hack stuff and add new content but in order for this to be successful you need to have something for everyone.


1) Crosbie Fitch has been talking about distributed virtual worlds since the mid-90's, and wrote a series of articles about design considerations and the various issues surrounding massive persistent worlds in a p2p environment (including, if I remember correctly, some of the security concerns mentioned here) which were published at least five years ago on Gamasutra.

2) As others here have noted, Alan Kay and the Croquet crowd have been tackling this sphere for a while, at its most basic and critical points, and made some striking progress.

3) Distributed VW has always been the assumed architecture for our Mars First! project and is also one of the architectures under consideration for a foundation-funded educational MMO for which I'm beginning to assemble the advisory and development teams.

I'm not suggesting that we or anyone else has already solved the thorny problems or already built a viable, scalable, peer-based VW. Just pointing out that peer-based architecture has been part of the strategic thinking of some virtual world developers for a while now. It is a natural application of our increasingly P2P culture (not to mention an inherently democratic and decentralized architecture that might/should lead thinking about mmo design away from the authoritarian, centralized and paranoid model it currently exclusively inhabits, toward a trust-based, heterarchical and cooperative model of development, creation, community management and administration...)

All of which is not to take anything from this latest effort, in any way. But it probably should not surprise this crowd that quite a few, similar think-outside-the-box efforts are well underway outside the mainstream, risk-averse game industry.

Perhaps it just reminds us all of the importance of staying inquisitive and looking beyond the "usual suspects" to keep abrest of new ideas and new research, and of the danger of living within our assumptions, lest we find ourselves intently perfecting the horse-driven carriage while others are dreaming of rocketships to the Moon.

Incidentally, security is only a major concern in an adversarial relationship.


Cory> a p2p MMO is different than using firefox to surf to apache. <

What if the architecture was similar to using Firefox to surf Apache? That’s what I am aiming for in my world. In my personal vocabulary, I’d divide Net protocols into Watcher protocols and Listener protocols. A web browser is a Watcher. The client looks at a particular place of its own choosing at a time of its own choosing. Most MMOG client use Listener protocols, they open an ear to the world, and wait for someone else to send them at message. My theory is that Listener protocols are inherently less secure than Watcher protocols. Solipsis protocol has a strong Listener component to it, which in my view decreases the security.

Listener protocols are widely adopted in MMOGs because they lead to a faster, exciting world. But my world supports a gardening game, where speed is not such an issue. My perception is that current MMOGs are aimed at people who have had a boring day at school and come home and want some action. My game is aimed more at people who have had a frazzled day at the office, and want some beauty and tranquility. With perhaps some quiet but creative puttering around. I think a Watcher type protocol provides enough speed for that application. Whether it provides the security benefits I expect, time will tell.


EC Habitats (c. 1997) was initially p2p and had secure distributed objects. Each system hosted it's own objects, and you could carry your objects (avatar, pocket contents, etc.) on to other people servers. This is a Damn Hard Problem and something Chip and I have been remiss in writing about.

The star connection problem becomes unwieldy, so we rearchitected around a proxy-host model - When you carry an object you host to another server, that host recieves host authority over the object. This massively reduced the connection mess.

Solipsis has a long way to go and (if it starts to succeed) is about to hit a raft of nasty problems, like the one I described above.

I must take issue with one naïve statement in this thread though:

galiel> "Incidentally, security is only a major concern in an adversarial relationship."

This is demonstratively and utterly false.

Any time you offer your machine for connection in a distributed network, ALL connections are a security concern. How do you think software viruses spread? Someone you trust gives it to you!

Security is a design constraint in a distributed system, not a layer, not an afterthought.


> This is force projection within the continuum.

I fear the day when class balance issues are settled by summits in Geneva.

> This is force projection within the continuum.

I fear the day when class balance issues are settled by summits in Geneva.

...but, but, isn't that metagaming ?
Eek !



Sorry, I got into a bit of a rant in my last post. The idea of a distributed world is technically interesting to me. Unfortunately, I can't find enough player benefits to outweigh the downsides and difficulties of implimentation. Many people here obviously think the benefits outweight the costs. So what am I missing?


>I didn’t see any explicit system of cheater discovery. That worries me. As MMOGs amply demonstrate, there are people who will create cheating nodes “just for fun”.

It seems that if you could distribute all world decisions over random multiple nodes (and not just ones local in virutal space)... you would have the ability to improve cheater detection greatly. If player A from node A suddenly starts killing everyone around through using some cheat on her server... Servers B and C randomly picked to audit that data will disagree with the results (minority reports automatically dropped, or some such rule), and automatically invalidate Server A's inputs. This could also be used as sort of a RAID server to backup content from any world (node) that goes down. Just make sure there's at least three copies of everything (or more, depending on demand/load balancing). Easier said than done, of course.


Minority Report: Didn't anyone see the movie!

The implementation is probably more like what they are doing for micropayments: arcane statistical probabilistic quantum analysis :)


There are some works on preventing cheating in distributed multiplayer games. See for instance NEO (pdf).

Solipsis is far to be a funny world ready to welcome gamers. It just provides a good infrastructure for such peer-to-peer virtual world.

By the way, I guess that it aims to create a "meeting place" rather than a "shoot'em up"...


> Security is a design constraint in a distributed system, not a layer, not an afterthought.

Randy is correct, of course, and my intentionally provocative statement was poorly worded, and thus did not communicate my intent. I think the point I *meant* to make is still valid:

There are many aspects to security, and many layers of implementation. I was addressing the gameplay-sociological considerations, intending to make the point that games centered around violent confrontational competition, which also assume an antagonistic dynamic between developer and player, tend to have a rather large administrative nightmare. Some aspects of security are purely structural, as Randy points out, but others are a matter of design and group dynamics.

For example, IP theft is a problem in a proprietary system, not an open one. Piracy is a problem when units sold are the prime revenue base, as opposed to a purely subscription-based business model. Certain hacks are only a problem in a game based on power dynamics such as strength, defense, offense, etc. - they are less of a problem in a game designed around other human dynamics. (It was the latter I was thinking of primarily when I made my poorly worded pronouncement. In a game that is not zero-sum and not about individual accumulation of power and wealth, many forms of "hacking" have less of a meaningful effect on gameplay.

Many security issues can be solved with intentional social architecture, that was my point. It seems that, in today's game designs, ALL security is of the military mindset - armed guards, punitive measure, and an assumption of venality on the part of the "enemy" (our audience and customer!) What I am suggesting is that there are other forms of security that follow a different model. Not everyone in every community has to put seven locks on their door and own a doberman.

In real life, I don't have to worry about my wife hacking my bank account - we share the same account and know all of each other's passwords. We have to, we are a partnership raising a family, and if anything were to happen to one of us, the other would need access to everything we share.

Similarly, when I was in the military, I didn't have to worry about locking up my belongings when I was deployed with my own close-knit unit.

Security is not purely a technical problem, it is also, in many case even predominantly, a human relationship problem.

We should, perhaps, look at what in our design models exacerbates security issues and what in our design considerations could ease them.

That is the point I was attempting, in my awkward short-hand, to make.


A real example of non-defensive security management in a multi-player game:

In Terra, an early MMOG, I largely solved the problem of bug exploits through a social approach rather than a technical one.

I simply nurtured a culture where there was greater reward in being a "bug discoverer" than in exploiting the bug for game advantage.

We celebrated our "Bug Hunters", lauded them to the community, and even let their clan, with our supervision and within reason, enjoy the exploit for a short time before expecting them to disclose it. No one ever abused this privilege, and, I found, it turned those most apt to damage the game into its greatest protectors. Publicity and fame turned out to be more powerful than the impetus to cheat.

Of course, it helped that we had also designed the game as a group v group, rather than a PvP, environment. I found that this created a dynamic more like sports competition than bloody combat - even though Terra was a tank war game.

Obviously, you can't protect a server from a DOS attack with good will and wishful thinking. But what makes the real world work is more than just police with guns, it is the norms of civilization and the consensual agreement to behave within certain parameters. Design and social architecture have determinative influence on behavior--areas which don't seem to be adequately considered in these kind of discussions.


Peer worlds could tag their "money" objects with public key encryption of serial numbers so that they'd be able to have currency issuers with peer specific exchange rates. That way a world that gave money out too freely would find its issued currency was not very valuable... 1000 gold issued by free money city might be worth 1 silver in work for your money land... I think this could be done but it'd get complex of course :)

The comments to this entry are closed.