Dear Everyone,

It is daunting and unfortunate to see the fall of beautifully authored worlds caused by theft, exploits, or other vulnerabilities. Whether or not "our code was taken" will forever be a cliche within the community is uncertain, but regardless of how much intellectual property, source code, or binaries are protected, it still begs the question, "Why do bugs still make their way into our realms?"

I pose this question. In your experience, if you were to choose 5-10 different types of exploits / vulnerabilities, such as shell access, in-game inconsistencies, buffer overflows, players themselves, staff members, bribes in administration, politics, or others, how would you rank them both in terms of their danger to your world and in terms of their frequency? How often do they occur? How dangerous are they when they occur?

Finally, in your opinion and if you would not mind sharing, what was the cause of the exploit and how did you prevent it from happening again (or were you proactive in preventing it?)?

Perhaps one day the dissonance in the harmony will end. We're just trying to create a fun world, right?

Sincerely,

Raewyn

1. Owner ignorance. This involves the owner asking someone to code for them and the programmer 'steals' the code after getting access (Frequent) (Very damaging)

2. Immortal disillusionment. Immortal with access becomes disillusioned with the progress of the game, and acquires a copy of the source. (Common) (Most Damaging, because Immortal can lure players away)

3. Owner ignorance, v2. This involves the owner having s incorrect permissions set on their shell account, giving access to unscrupulous users within the shell. (Occasionally) (Limited Damage, those who do this usually are too ignorant to run the game)

4. In-game advantages. This is where there is a flaw in the design of the game, allowing the violator to advance significantly over their peers in a short period of time. Usually the result of improper programming or design. (Frequent) (Damaging until resolved)

I guess you really meant Crackers - instead of Hackers.

1. I guess the main thing to think about is to be very careful about WHO you let into your shell.
Never hire coders 'from the street'.
Never give anyone shell access at all, unless you know them well in RL, or have worked with them for a long time on line, and know that they are trustworthy, that you get along personally, and have basically the same goals for the Mud.
And make sure that your shell security is high.

2. Apart from shell security i'd say that the biggest danger of a Mud going bad is cheating and/or corrupt imms. Again it boils down to who you trust with an imm char. And if, despite your precautions, you end up with a bad egg in the imm basket, slam down on it hard. Throw untrustworthy imms out immediately. No second chances, they'll most likely abuse those as well.

3. As for the players, I think rumour mongers are the worst. Rumours spread incredibly fast in a mud, and if they are malicious ones, they can be really detrimental to the society, because they affect player relations and break down trust. A certain type of players seem to like to spread malicious rumours or blatant lies just out of spite, best keep an eye on those.

4. ddos is hard to protect against, even big companies have had their websites brought down by this. We had a couple of rogue players ddos the mud some years ago after getting into a brawl with some other players, and in the worst case, (which happened on a friday night when the coder was away for the weekend), the mud was down three days.  After that extensive measures were taken to make the server more safe against attacks, and they in turn have lead to some secondary technical problems that are a pain in the ass.

5. Bad scripting or  badly balanced features can lead to a lot of grief, if a few unscrupulous players find out about them before they can be fixed, and take advantage of them on a massive scale. (This is reasonably easy to remedy once you get aware of the problem, but you must know that it exists, before you can do anything). Try to get your players to report all bugs, it helps a lot.

There is one thing we have found very effective as a deterent against in game cheaters (the other problems were all solved long ago but despite stringent quality control new areas/items/spells/classes occasionally provide players some new bug to abuse).

That is that rather than fixing a bug immediately sometimes we just log everyone using it and leave it for a week or a month before fixing it.

At that point all people abusing it can expect to see characters deleted and/or suspended. Naturally people who reported the bug to us instead of exploiting it don't get in trouble :-)

It's amazing how many people start reporting bugs instead of exploiting them for a few years after we do that :-)

One potentially valuable tool that nobody's mentioned is statistical work. For instance, to take a simple example, if your in-game currency is gold, you can easily track how much gold is in the game, how much is produced daily and how much is consumed daily. A significant jump over your average daily production would tell you that you need to look for duping exploits or quest exploits or exploits in however players produce gold.

Can do the same thing with any resource in-game. For instance, we've found a few quest exploits by just ensuring we record all xp and gold gotten from doing quests and then looking for quests which are suddenly producing more xp and gold than they historically have.

Stats are your friend. You can't keep enough of them.

--matt

Short answer. You suck or whoever coded your game sucks. ;-)


All the advice on securing your server, your shell and your source is sound. Those attacking your mud from outside the mud are the problem children.

I personally don't consider anyone who exploit bugs or takes advantage of any flaw (or perceived flaw) in the game to be a cheater at all. Even repeatedly crashing the game is fair play as far as I'm concerned. IMO, the only people who can cheat in a mud are immortals (By can I mean have the capability).

"Cheater" is just a name, imbued with whatever value you choose to place on it.

Regardless, the reality is that the game operator has absolute discretion in terms of defining cheating in any meaningful way. You may not feel you're cheating if you're crashing the game repeatedly, but you' d be banned and, if you somehow found a way to do it such that you couldn't be quickly stopped, you'd also quickly be sued in the case of a commercial MUD, and you'd lose. I'm guessing criminal penalties would also be applicable but I'm not a lawyer.

So I mean, whether it's "cheating" or not doesn't really matter. It's semantics. If the developer feels certain players or actions are harming the developers interests (which are generally oriented around ensuring its players are generally enjoying themselves), the developer is going to take action (and reasonably so).

--matt

Don't joke - I've heard people who really thought that, and some readers might take your comment seriously.

“There is a myth that if we were really good at programming, there would be no bugs to catch. If only we could really concentrate, if only everyone used structured programming, top-down design, decision tables, if programs were written in SQUISH, if we had the right silver bullets, then there would be no bugs. So goes the myth. There are bugs, the myth says, because we are bad at what we do; and if we are bad at it, we should feel guilty about it. Therefore, testing and test case design is an admission of failure, which instills a goodly dose of guilt. And the tedium of testing is just punishment for our errors. Punishment for what? For being Human? Guilt for what? For failing to achieve inhuman perfection? For not distinguishing between what another programmer thinks and what he says? For failing to be telepathic? For not solving human communication problems that have been kicked around... for forty centuries?” -- Beizer, 1990, quoted in [Pressman-01].

A study by DeMarco and Lister (the authors of peopleware) concluded that professional programmers average 1.2 bugs for every 200 lines of code they write. Now remember that most muds are very large, and that most mud coders are not professionals.

Having your users test your software is a great way to track down problems, but they need to have the incentive to want the problems fixed. Take an example like Microsoft - almost all of their customers want to have a secure and stable system, therefore they're personally going to benefit from reporting bugs. On the other hand, imagine if it was a piece of banking software and you said to your customers "You can exploit bugs or take advantage of any flaw without repercussions". Do you really think anyone would report how they could make the machine give them free bank notes? On the other hand, if you said that such exploitation was theft, you'd find more people willing to inform you - and if you offered a large financial reward for such information, you'd find people deliberately trying to find and report the bugs purely to claim the reward.

In a mud, the usual approach is to punish those who exploit bugs, and/or reward those who report them. If the reward is greater than the benefit gained from the bug, and/or the punishment severe enough to not make the risk of being caught worthwhile, then the number of people exploiting bugs will decrease.

On the other hand, if you offer no punishment or reward, the player will be encouraged to keep using the bug and not reveal it. This can often be detremental to the enjoyment of the rest of the players, and also forces the developers to waste a lot of their time tracking down bugs instead of improving the game.

That's right. It's also a very localized perception of how a particular game ought to work by a subset of a game's players, and/or more importantly the admins running them. What constitutes cheating on your game, ain't cheating on my game, and may or may not be cheating on Buffy's game. Furthermore we ought to acknowledge that it is largely bereft on any real world moral value. The players shouting "Hey batter batter! Swing!" to rattle the batter in a baseball game go out on the links and shout "Hey duffer duffer! Swing" and suddenly find themselves to be dirty rotten cheatin' scoundrels at golf. Not so copyright infringement or unauthorized shell access. Those are quite different in my mind than what occurs within our games.

Of course it's only fair to acknowledge those things which we must assert which are beyond our control as well. Regardless of whether we agree, the laws of our country/state on the operation of an internet service, the terms of one's ISP, upstream provider or mud service provider give cause that we must assign and enforce a morality in our games.

And yet people who admin certain muds thoughts on what cheating is or is not, are remarkably similar and can often be shown to be a direct result of being imprisoned in procedures and practices associated with a particularly poorly designed or implemented game. Dare I mention that multi-playing and user scripting are great and wonderful features of muds in a crowded room of Diku admins? I recall reading a post sometime back where a mud admin was lamenting the scoundrels who designed foul clients like Zmud and MushClient that have *gasp* triggers, *gasp* scripting, and *gasp* multi-session capability. What sort of unscrupulous people would give players those powers?! Tut tut.

I'm less interested in admin's rights, but rather the effects. I and every other admin know that we can do pretty much anything we want to players, including breaking our own rules. We can torture, maim, mock, harass, delete, exile, imprison, jail, silence, and ban the buggers for any reason. We can make up the reasons. They don't have to be consistent, they don't have to make sense, they can be ex post facto, and they don't have to be, and rarely if ever are, objective. No it's not our rights, but invoking them every time something goes wrong in our narrow little worlds I find to be sad. I think it's more of a social design principle I'm trying to express:
Big brother really really sucks. The less you have to invoke your rights, the much better off your game and players will be. The more you extend powers to players or enable them to enforce their own rights, the happier both you and they'll be.

I would add that there are plenty of people playing muds who don't want freedom. Not to worry as there is little danger of games and mud admins who view themselves as big brother or sister that treat players like subjects will disappear. :-)

Well, morality is of course a personal thing. Quite a lot of people on these forums, for instance, seem to think there's nothing wrong with copyright infringement. I disagree, but will recognize it's a personal matter when it comes to morality. Happily, in the end, it's not the morality of it that matters, but the reality of it, which, as you recognize, is that the power is with the game operators and those whose side the law is on.

Better is as subjective as morality. What's better to one person isn't better to another. Remember LambdaMoo, after all. Their players were so unhappy governing themselves they turned power back over to the admins.

What is nice about having admins in charge is that the rights that need enforcing can be laid out from above. When put in the hands of players, there will be no consensus about what rights one has against other people that need enforcing. I may feel that it is my right to a free education on your dime, for instance. You may disagree. I may feel it's my right to be free of all OOCness around me. You may disagree. Admins are able to simply lay out what rights you have and don't have as respects other players, leaving everyone playing on the same field.

--matt

If you disagree, then why did you all but encourage people to violate the Diku licence?

I think it's fairly obvious to most of us that your definition of "morality" means anything that helps promote your games, and to be honest I'm getting thoroughly sick of your constant stream of veiled insults towards other forum members. Take your flamebait somewhere else.

What I wrote is completely ethically neutral. There ARE people on this forum who see nothing wrong with copyright infringement. There are multiple members of the forum that openly violate the Lucas license, for instance. I think it's wrong, but if Lucas doesn't care enough to do anything about it, I don't either.

I have never encouraged anyone to violate the Diku license. I've stated, multiple times, that your interpretation of the DIKU license is naive and fatally flawed. You've taken offence at that. Understandable. Your entire MUD identity is built on your little crusade and nothing can be allowed to threaten that belief system. The DIKU license prohibits revenue, not profit in your mind. The DIKU license prohibits making money from it at all, not just making money from distribution. American law exists in statute, not in case law. These are your beliefs, and though they're not grounded in reality, you're welcome to take refuge in them.



So young, so bitter.

--matt

You listed a number of opinions which went against the stated wishes of the Diku team and claimed that they were "easy, essentially rock-solid ways to avoid violating the license" (while profiting from the code), and then went on to say that you'd "be happy to help any mud that wants it do this" and that "it's never going to get to court as the license holders suffer no damage from third parties generating revenue from DIKU".  That sure sounds like encouragement to me, and not at all "ethically neutral".

No, my mud identity is built on having created the most popular PK codebase on the net, and was well established long before you started creating your first mud.  My interest in defending the rights of mud developers is just a sideline interest.

So, what you're saying is that I offered to help show people how to not violate the license? Is that what you're accusing me of? My god, that's quite a strong accusation to make.

I realize you have historically had a difficult time understanding this, but what the DIKU team says is not really relevant to the license itself. (and it's not certain, by any means, that the DIKU team owns the license. It's reasonably likely that if it went to court it'd turn out to be owned by the university, whom Hans & company are not representatives of.) Licenses stand on their own, and in American IP law at least, the onus is on the contract drafter to spell out what the terms of the contract are before the contract is executed. What the contract drafter says afterwards is no more relevant than what the contract accepter says afterwards. It's not as if Raymond Feist could speak up now and change the terms of the license he granted us now just because he felt he left something out of the license.

What you constantly insist on is that people follow provisions of the license that don't exist. You're welcome to do that, but there's no reason for people to care about your version of the license.


You're not interested in defending the rights of mud developers. You're interested in restricting their rights by trying to impose non-existent license terms on them.

--matt

the_logos: I realize you have historically had a difficult time understanding this, but what the DIKU team says is not really relevant to the license itself.

There's always the issue of respecting the stated wishes of the people who provided the codebase to the greater community (*), rather than trying to invent ways to weasel around their words and intent.  However, I realize you have historically had a difficult time understanding ethics.

(*): Insert your tired "rising tide raises all ships" cliche here.  Not that you ever pass up chances to deride the rest of the community.  But we like to play along when you ooze up to the podium and smarm it out.  You're cute when you 'umbly get all Uriah Heep.

No, you posted your own personal intepretation of the licence as if it were fact - an interpretation which explicitly contradicts the wishes of the copyright holders - and then encouraged people to follow your interpretation.

And the saddest part of all is that you somehow believe you were being "completely ethically neutral".  I guess that says alot about your ethics.

Of course it is - if you disagree with their interpretation then you can contest it in court, and let the court decide the intent of the licence.  The same is true of any licence.

Ownership of the licence is irrelevent - the important question is whether they own the copyright.  And the answer is "yes" - their US Copyright No is TX 4-424-366, look it up.

If he reserved that right, of course he could.

But we're not talking about changing the terms of the licence - we're talking about applying different interpretations to those terms.  Are you really as ignorant as to believe you're free to interpret the terms of his licence however you wish?

No, I insist that people follow the Diku team's interpretation of the Diku team's licence, at least until such point as that intepretation is deemed legally invalid by a court of law.

Utter rubbish.  You're the one encouraging people to violate the intent of the Diku licence, not me.

Maybe I ought to quantify it with a specific type of bug.
Mud crashes daily: you really really suck, -20 to your saving throw
Mud crashes weekly: you really suck, -10 to your saving throw
Mud crashes monthly: you suck, -5 to your saving throw
Mud crashes a few times a year: you might not suck, no modifier

This handy formula can be extended to all bugs depending on their severity. The highest progression you can attain in is you might not suck. It's an unforgiving system designed to keep the coder's ego in check whether it be oneself or another. . ;-)

There's is something interesting in the Beizer quote. Maybe...

“Punishment for what? For being Human? Guilt for what? For failing to achieve inhuman perfection? For not distinguishing between what another programmer thinks and what he says? For failing to be telepathic? For not solving human communication problems that have been kicked around... for forty centuries?”

...that instead of taking the blame and punishing ourselves for our crappy code and misbegotten designs, let us instead take it out on our users and punish them! That's what I think the cop out is. "We're only human, therefore people who take advantage of our failings are bad."

Programmers should aspire to code stuff free from bugs, and fix them when they find them (unless of course the bug is one of those rare happy side effects we actually like).

I doubted that at one time but if you look at it closely, they are counting bugs revealed in all life-cycles of the product. The life-cycle thing was big in the early 90's, well still is. Does it mean that there are 15K+ bugs in Linux? No. Are there 127 bugs in Diku-Alpha? Yes and probably a lot more. Of course it might not be you that sucks just your codebase. How come a stock dikurivative out of the box can't make it past the "you really suck" level? I mean before the newbie coder gets their hands on it. How is that younger servers with far smaller user base, like Genesis ColdC and some others, easily surpass the "you might not suck" level? Bear in mind that some have moved that bug bar quite a bit by using higher level languages and unit testing.

I don't have to imagine that. Banking software is what I do. It's the source of my nightmares (except for one where I'm being hunted down and eaten by tigers). You ought to treat exploiters of bank software bugs differently than those who exploit your games. Games are liesure activities, with little to no consequences. Banking is highly regulated activity with substantial real life consequences.

I'm suggesting one throw punishment model out the window. I've nothing against the reward model. Punishment never fixed bugs. It ain't socially productive neither. Instead of just a bug now you've got a bunch of angry players because you made some moral calculation based on the bug. Now you got bugs, social bugs.

I posted our IP expert's opinion. You know, someone who is a lawyer and who understands the law. And more than that, someone who actually specializes in IP law. Perhaps I should pay for an opinion that I can publish here verbatim. No doubt you'd not accept that though, as you're interested only in defending your position regardless of evidence.

Are we talking about the license or their current wishes? Two separate things. I'm talking about the license.

Again, I think you misunderstand how the law works here. You don't sue someone to find out if you're infringing or not. It's incumbent upon the owner of the IP to protect his or her IP. Aside from anything else, the DIKU guys have shown a lot less interest in defending their license than you have, it must be said. They don't care enough to take action, or don't view DIKU as worth enough to bother taking action to find out whether their interpretation has any legal validity.

That's right, but he didn't. Neither did the DIKU guys.

Hey, that's pretty convenient for you alright. Your position then is that until DIKU sues, the DIKU team can say the license means whatever they want. Funny, but that's ridiculous, of course.  

I'm interested in the license, not what the DIKU guys now say the license means or what they say their intent was upon writing it.

A license is a contract, and there are two parties to a contract. Someone using the DIKU code under the DIKU license has just as much right to their interpretation as the other party in the contract (the DIKU guys) does. When they disagree, the courts are there. The fact that the DIKU guys have chosen not to actually find out if their interpretation is correct says a heck of a lot to me, given that they're the ones who you allege feel injured.

Hey, I have an idea. Why don't we split the cost of hiring a recognized American IP lawyer and pay for a written opinion on the license. Wouldn't it be nice to have an expert opinion to rely on? Surely you'd like that, rather than having to rely on your layman's understanding of the law. We could ask him or her a couple things:

1. Is the DIKU license still enforceable given
   a. The inability of licensees to fulfill the provisions of the contract, through fault of the DIKU team (ie their email addys are no longer valid and the license requires people to notify the DIKU team when they start a new DIKU)
    b. The utter lack of effort the DIKU team has exerted in protecting their intellectual property.

2. Does the DIKU license prohibit profit (which is what it says) or does it prohibit whatever you think it says (revenue? I have no idea.)

So how about it? I'm serious, incidentally. I'm not scared of what an expert's opinion is going to be. Are you? I know I'm open to having my mind changed. Are you? Or is it easier to just hold fast to your opinion, intentionally not seeking the opinion of experts because they might kill your sacred cow?

--matt

No morality is an absolute thing. On this very basic principle of morality there can only be one correct position. :-)

IRT LambdMOO..as Pavel Curtis tells it the wizards got fed up and siezed power in a coup d'etat. But I'm not talking about player-governance at all; democracy just replaces one tyrant with a hundred tyrants. I'm talking about self-governance. What is self-governance in virtual world terms? Well it's simply giving the the means to enforce a simple right to the owner of that right. You cannot do this succesfully in the real world, I contend you can however do it in the virtual world because of it's very limited nature.

Just a for example... in the virtual world you can silence me with a press of a button. In the real world you have to use a gun. You can do it just for yourself in the virtual world, in the real world you make that decision for everyone. In the first case you are able to execute self-governence, in the latter it's what...anarchy...vigilanteism.

By "enable them [players] to enforce their own rights", I mean giving them the power to control their level of interaction or non-interaction with other players. The player who insists they have rights beyond their own virtual space will soon find themselves by intention or exclusion playing a single-user game. And that is where consensus lives. People left to their own devices will naturally come to consensus with a wide range of other people. Not on all issues, but on those they consider important when playing the game or their version of the game.

There are several rights you might extend to a player, the most basic right you could grant them is control over their communications. It's trivial to do, yet most muds suck at it. There are many other rights you might grant players, but if they don't have the means to enforce it, then it's a poor design decision, socially IMO.

Ok, fair enough. I thought you meant to say that the players should be allowed to choose what rights they have and don't have individually, which is a recipe for total disaster, of course, though would make for an interesting, if short-lived, experiment.


I'm guessing that by control over their communications you mean the ability to ignore communications coming from other players, rather than the ability to force communication on someone else, no matter what? I'd agree that should be done, though surely most MUDs give players some control over that already?

For the most part I'd tend to agree with the idea that once an admin has determined what rights a player is to have, it's up to the admins to give players methods of exercising those rights. However, I have no problem with human intervention either. For instance, one of the methods we've given our players is filing an issue (CS ticket basically). Code is terrible at recognizing the context in which something is taking place, and I think that human intervention is also appropriate just based on the fact that MUDs are services as well as products. Good service means being able to talk to a human about your problem if need be.

--matt

So how about it?

--matt

I think you are missing the point, Matt. Completely.

Well, no, I'm not. Kavir is always going on and on about "the license." I'm just suggesting we actually get an expert opinion, though I realize that may threaten his dogma.

What Kavir wants is for people to do things that are not, I believe, covered by the license. That's fine, and it's certainly his perogative to request whatever he wants. He could request everyone mails him a ham sandwich because he believes that should be covered by the DIKU license, but I'm interested in the actual license, not what Kavir wants the license to say, or even what the DIKU guys now say they want the license to say.

As has been pointed out many times, a license is a contract, and unless that contract has a provision in it for retroactive, unilateral changes by one or the other party, those changes cannot be made.

Again, I understand that some people want things enforced that may or may not be in the license, but what's the harm in getting an expert opinion on the license? Neither Kavir nor I nor anyone else I've heard weigh in on the matter are experts in IP law. Wouldn't it be nice to actually have that information and THEN decide rather than sticking our proverbial heads in the ground and ignoring the opinions of people who are actually qualified to comment on how a court would likely (can't be sure without actually going to court, of course) interpret it? I mean, if you wanted to know if a certain kind of building could be built without it tipping over, you wouldn't ask a bunch of random forum members. You'd ask an architect who specializes in that kind of building.

Kavir and whoever else would still be free to complain that people aren't following what they think the DIKU team wanted when the license was written, or what they think the DIKU team wants now.

I just fail to see why there's any hesitation over consulting an expert on any issue, unless it's the cost, and Kavir claims to be quite interested in protecting the rights of mud creators. So, let's find out what those rights actually are vis a vis DIKU. That's all I'm saying.
--matt

That's largely because this thread touches on "What is proper?", as opposed to "What can I get away with?"  Once that comes into play, the whole thread might as well be written in Swahili as far as the_logos is concerned.  He's basically Unfrozen Caveman Ethical Expert.  The ways of your people confuse and frighten him.

So yes, the_logos, one could probably pay a lawyer or three, create enough paperwork to overwhelm the desire of the original DIKU team to defend their creation from it all (in a foreign country, even), and browbeat one's way into getting what one wants.  Some lawyers base their careers on this sort of thing.  It's legal to do so.

Nonetheless, I'll stick with Plan B: The people who created the codebase requested that it be handled a certain way, and since I benefit from it (admittedly in a very tortuous and distant way), I'm willing to respect those wishes.

If I thought of MUDing as my job and not as my hobby, I'd take the time to write my own codebase and profit from it, rather than weasel someone else's away from them.  I'm also pleased that the TMS staff and the other members of the MUD community act responsibly and actively discourage people from that sort of weaseling.  The MUD community as a whole benefits when independent coders feel comfortable releasing their creations, and that benefit disappears when you encourage people to violate their intent.

Then I'll spell it out for you:

1) I've already heard from several people over the years who claim to have consulted lawyers, and no two answers seem to be the same - I don't believe you would receive a clear-cut answer, and any answer you did receive would vary based on the phrasing of your question.

2) Not something I would have mentioned, but as you insist of repeating yourself until I answer... I have very serious doubts about both your honesty and integrity, and certainly wouldn't trust you with my money.

3) My interests lie in defending the interests of mud developers, and in that respect my overall views would change very little regardless of the outcome.

Ahh, lovely ad hominem attacks. Nicely done! You're such a little cutie.

I don't care what people can get away with. It's already the case that people who wish to gain revenue from DIKU codebases can do so. I mean, they are and have been for years. Your mud, for instance, gains revenue from running a DIKU, but presumably doesn't generate any profit. So that question is already settled. I'm certainly not interested in what I can "get away with" since I don't use DIKU and have no reason to use it. I'm just interested in a legitimate expert's opinion on what the license says.

Well, the thing is, the license is a contract, with two parties. One side of the contract doesn't get any more rights to dictate the content of the contract than the other does. It makes just as much sense to say that the person on the other side of the contract (the mud admin) can do whatever he/she wants from it because he or she had a different intent when agreeing to the contract.

But we're not talking about profit here. We're talking about revenue. We all agree that the DIKU license prohibits profit, assuming the license even continues to have any legal weight at all. Without seeing financial statements there's no way to know if a MUD like Medievia or even Carrion Fields is making a profit from the revenue they generate. Kavir's assertion is that just gaining revenue is against the license, despite the fact that all the license talks about is profit.

So I mean, if just gaining revenue is morally wrong, why does Carrion Fields have a paypal account set up to get revenue from its players? That's not an attack. I mean, I know you guys aren't making a profit, but you can't have it both ways. Either it's ok to generate revenue or not. If it's ok to generate revenue but not a profit (which is what a rational interpretation of the license gives you), then why all the attacks on Medievia without any proof they're generating a profit?

Anyway, all I'm suggesting is that we get an actual, legitimate expert opinion. I can't believe anyone here would argue against the benefits of obtaining greater knowledge about the subject matter. That kind of argument is usually reserved for religious fundamentalists for whom greater knowledge is a threat, as it may cast doubt upon their dogmatic assertions.

--matt

So why hear it second-hand? I'm also not talking about just "consulting a lawyer." There are probably people on these forums more in touch with intellectual property law than many lawyers who don't do IP work. I'm talking about consulting a true intellectual property expert.

That's pretty funny coming from a guy who constantly spews nonsense about the DIKU license, going so far as to set up a web page devoted to flaming another MUD. Besides, we'd be paying the lawyer, not each other.

Really? So you speak for all mud developers? How amusingly arrogant. Cause I gotta tell you, there are a LOT more people using DIKU than developing DIKU, and the course of action you insist on gives them less options than actually just following the license does. You wish to reduce their sphere of action by convincing them that they don't have rights they quite likely do. In fact, I'm a mud developer, with 4 successful MUDs, and you certainly don't speak for me. Sounds to me like you're interested only in the interests of a very narrowly defined segment of mud developers.

In any case, this is what I expected. You're not interested in what the license says. You're interested in shoving your point of view down everyone else's throat and by god, your opinion isn't changing regardless of the facts.

--matt

I've never "spewed any nonsense" - I've posted the interpretation of the Diku team, backed up by legal references. As opposed to you, who have posted your own views of how you'd like to see the Diku licence exploited^H^H^H^H^H^H^H^H^Hinterpretted, backed up by your ignorant rantings of how ignoring the Diku licence would make the world a better place.

And the webpage I set up was actually put there to stop the regular six-monthly flame wars regarding the mud in question - and it worked.

No, but I speak in defence of their work. As opposed to people like you, who would rather see such mud developers screwed. Why, one asks? Presumably because with less people contributing to the community, you'd have less competition to worry about. You're painfully transparent.

You expected me not to trust the mud community's equivilent of the slimey second-hand car salesman? Hardly a compliment, but better than nothing!

So I mean, if just gaining revenue is morally wrong

Never did I say that.  There's plenty of for-profit games which I have zero problem with, like Threshold, Everquest, etc.

why does Carrion Fields have a paypal account set up to get revenue from its players?

We accept donations via our webpage to pay the costs of operating the game.  We also sell merchandise (T-shirts, whatnot) to do the same.  The game itself is absolutely free- RL money has no impact on the "inside".  This is all consistent with the intent of the people who provided the database, as confirmed by their own words (in documentation, as well as conversations).  We're 100% in compliance with their intent.

You spew nonsense anytime you claim the DIKU license prohibits revenue.

I don't want to see mud developers screwed. I just want them to have access to real information about their rights. Then they can make their own decision. You, on the other hand, want to force your point down their throats and won't tolerate alternative viewpoints. Unlike you, I'd be quite willing to change my point of view if an IP expert told me I was likely wrong. I've got no agenda here besides just finding out what the license actually says, unlike you. Don't you want people to be able to make choices based on real information, or is it more fun to hold forth as if you're a zealot priest and cast stones at anyone who (quite reasonably) disagrees?

Man, you are so small-minded you just assume everyone else thinks like you do. Your ignorance of successful mud development is astonishing, though that's not surprising. I want more competition, not less. A rising tide raises all ships, regardless of how cliche, is true, and I've got nothing but confidence that a bigger text MUD market just means more players for us anyway, as we rock. My biggest nightmare is loudmouthed, small-minded people like you trying so hard to force your own personal viewpoint (which brooks no room for disagreement) on everyone that most serious, aspiring game developers forgo text MUDs and go work on graphical MUDs instead. This leads to even less quality text MUDs, which leads to smaller players, and, worse-case scenario, a death spiral for text MUDs.

No, what I want are more professionals. More people who -can- do this as a full time job. More people who have a serious vested interest in making great text MUDs. Hobbyists can definitely do this, of course, as witnessed by great hobbyist MUDs like Shadows of Isildur and Discworld, but it's a lot easier to remain dedicated for years and years if your livelihood depends on it. It's also a lot easier to work full-time on your MUD if that IS your full-time job.

Ah, your flames are about what I expect from you, but no, what I meant (as you well-know) is that it's to be expected that you'd choose not to get an expert opinion as that might risk discovering you're wrong. It's a shame. There's nothing wrong with being wrong. Happens to all of us.

--matt

If you believe I'm "spewing nonsense" then why do you keep trying to convince me to give you money so that you can speak to a lawyer? Looks like you've made your mind up as well - just the sort of hypocracy I've come to expect from you.

Yes, apparently you do, otherwise you wouldn't encourage people to ignore the usasge conditions of mud developers who have put in countless hours work in order to provide the mudding community with free codebases.

Oh, so would I - but I'm not going to throw money at you in order to get back a "Yeah, he said I was right" response.

Hardly - I've contributed plenty to the mud community. Several versions of two different codebases, numerous snippets, etc. What have you contributed?

Once again, I ran a popular mud - and closed it down - long before you ever started working on your mud. I've also released a codebase that's being used by over a hundred muds today - how many are using yours? 5 IRE clones? Not all people define "successful" by the same yardstick.

You know, if you're interested, KaVir, I'd be happy to print out the license and bring it to one of my law professors for an opinion. To be honest I'm quite curious about it myself at this point. Obviously it wouldn't be as well-developed an analysis as that given by a lawyer specifically paid to invest time in the project, but it's much better than anything any one of us could piece together.

Granted, I did just get hired by Matt so I'm not exactly a completely neutral third party here, but on the other hand I did recently release a good 20-30 thousand lines of code to the public that primarily relies on the strength of the DIKU license for its own licensing, so arguably I've got some amount of self-interest on both sides here.

Anyhow, just let me know. Tomorrow's the last day of class before spring break, so the second week of March is really the earliest I'll be able to speak with my prof about the issue.

Or... heck, I'll just do some research on it over spring break. I've got access to the same Westlaw my profs do, and enough basic grounding in IP law to find some secondary sources to point me in the right direction.

Yes, why yes, I am a nerd.

To clarify before I invest any time in this, what exactly are the legal issues here?

From where I'm sitting it looks like they are as follows:

1. Whether the wording of the DIKU license is too ambiguous to be practically enforceable;

2. If not, whether any actual ambiguity in a license cuts against the licensor, even when their intentions regarding the ambiguity have been made explicitly clear outside the four corners of the document (i.e. the "profit" thing and the DIKU team's further clarification after the release), and;

3. If the answer to #2 is "no", whether a lack of enforcement on the part of the licensor in the face of blatant and repeated violations of their license (a la Medievia) invalidates their right to future enforcement of the copyright against infringers.

At the very least if I brought some of this research to my law professor she'd be more likely to spend the time to look it over, since all she'd really have to do at that point is tell me that I'm right or that I've gotten it completely wrong for reason X.

Thoughts? Any other issues of legal contention that I'm missing here?

That's a generous offer Traithe, although several people have already done (or claimed to do) the same over the years, with lawyers as well as professors, and their responses invariably seem to favour whichever view they supported beforehand with their evidence limited to "s/he said I was right".

If you do decide to ask your professor, I would suggest the following:

1) Try to phrase your questions as neutrally as possible, and:

2) Ask for references to back up any responses, then:

3) Post both the questions (exactly as asked) and the responses (complete with links to comparible legal cases) with as little 'opinion' as possible.

Links to neutral information would be far more valuable than a second-hand opinion, particularly as you could be accused of being biased in either direction.

Sure, not a problem.

Re: posting the sources for the research (probably in this case some statutes, cases and secondary sources), that may be more problematic. I can at the very least provide legal citations with all of it, so anyone with access to the proper materials can track it down and verify it with very little effort. Depending on some copyright issues I may not be able to provide copies of the actual documents, though, and I don't know if most of them would otherwise be available on non-commercial legal resource sites (i.e. Findlaw). Most online legal research is done on either Westlaw or LexisNexis, both of which charge serious chunks of change for their service. (Fortunately it's all free while you're a law student.)

So anyway, I'll see what I can do. Should prove interesting.

I'm not encouraging them to ignore the usage conditions. A simple command of English lets one see that the DIKU license prohibits profit, not revenue. Revenue isn't even mentioned in connection with an outright prohibition. Only profit is mentioned in connection with an outright prohibition.

Ahh, great! Then I'm sure you'll have no problem agreeing to change your mind if I pay for one myself, right? (Waits for you to accuse me of finding some recognized IP expert who I can pay tens of thousands of dollars to in order to buy off.) Traithe's idea is pretty good too, though as he points out, not as good as paid advice.


I had typed out a list, but realized that it just made me sound like a braggart. I'll skip this one.


Mmm, yeah, again, I need to refrain from commenting on this as you're going to be outrageously offended if I do.

As to your offer, Chad, I know I'd also appreciate you taking the time to do that. As we talked about, you're not an IP expert at all, but you have a professor or two who is, no doubt. Since Kavir isn't willing, I may be willing to just foot the bill for a paid opinion myself, but I'm not sure. It's awfully expensive and I don't have any vested interest one way or another.

I'd roughly agree with what Kavir in his requests except in that there is no such thing as "neutral information" in terms of interpreting anything. What I'm mainly interested in is a practicing IP attorney who can tell us how a real court is likely to interpret the license. I'd say we need the following questions answered:

1. Who actually owns the DIKU license?

2. Does it matter what Hans & company say about the license after it's been issued, both if they own the license or if the university owns the license?

3. Has their lack of enforcement attempts affected their control over the IP?

4. Does the reported (I've not tested, but I recall reading someone else did) impossibility of fulfilling at least one of the license conditions (emailing them at the addresses in the license in order to alert them that you're running a DIKU) affect their claim to control over the IP?

5. Does the clause about not charging money for distributing any part of DIKUmud apply here? [My note: Hrm, I'm not sure what kind of lawyer we need to answer this question. It's not an IP expert unfortunately though. Perhaps Chad can answer this: What kind of lawyer would one consult to get a reasonably valid opinion on what would constitute distribution of a codebase? Is sending text down the telnet pipe to the user client distribution? Or is it just sending source code to people? Are there even any precedents here? Is this an IP field question? A communications law issue? Something else?

6. What's the definition of profit likely to be used?

7. If profit is defined as revenue, is there any basis for MUDs to collect revenue to pay for server costs or personnel costs or whatnot?


Hrm. This seems to get more complicated than I thought. If you can get a professor to really investigate all of these on our behalf, power to you, Chad. Figuring out who really owns the DIKU license is going to be a particular pain in the ass I think, unfortunately.

--matt

You're encouraging them to use your interpretation of the conditions.

A simple command of English lets one see that the licence actually states "You may under no circumstances make profit on *ANY* part of DikuMud in any possible way", and a simple usage of a dictionary shows that one "possible way" of defining profit is "a valuable return : GAIN".

So "nothing", then. Unless you count hiring someone to write a codebase for you, then licensing it to other people for 5-digit figures plus royalties.

So I did a quick search - my mistake! Apparently there are only four IRE clones. Hopefully Traithe will be able to do something a bit more original.

Of course you have a vested interest - otherwise you wouldn't bother.

Once again, ownership of the licence is entirely irrelevent - the licence is simply a means to grant permission to use copyrighted work. What you seem to be trying to ask is who owns the copyright, and as I've already pointed out to you, it's the Diku team. The US Copyright number is TX 4-424-366.

You mean if the wording is unclear, and the original copyright holder later clarifies the actual intent, what is the likely outcome should someone attempt to use their own interpretation instead.



"5) "If you don't defend your copyright you lose it." -- "Somebody has that name copyrighted!"

False. Copyright is effectively never lost these days, unless explicitly given away."

You mean "If the licence says I have to send an email, and that email bounces, does that mean I don't have to follow the licence any more?"? Come on, are you honestly telling me you believe that?

Your licence requires that the mud owner pay you a large amount of cash. Do you think that, if they send you the cash and for some reason your account refuses the payment, they are free to ignore your licence from that point on?

I believe these two are the crux of the situation.

Come now KaVir, give credit where credit is due. Lusternia although of the same engine and mediocrely different features, has quite the storyline. Estarra has created  an imaginative and immersive world, it is just too bad the price of playing in it is a bit high. My hat definately tips in her direction though, and I expect equally great things from Traithe after examining Shadows of Isildur.

Although I must admit, I share your disdain for Mihaly here. For a professional developer within the MUD community he sure has a way of acting like a pugnacious teen, especially when his statements are challenged. C'est la vie, though.

If you do decide to go through with your research Traithe, I'd be interested in hearing the results. You seem like the unbiased type that could put his boss's bias aside while researching.  Although I have a feeling we may find that KaVir is more in the right on this issue than IRE is.

I recall reading an interview done on some of the original Diku team on Orion's own site, perhaps someone could just get in contact with them and try to settle this little dispute once and for all.  Although I must wonder if even a definate answer from one of the Diku team will settle the qualms of either side.

It won't. The argumentation goes like this: "The Diku team has botched up their licence and they have no say in the matter any more."

Well, I can already tell you that KaVir's correct about the ownership issue: the license itself doesn't explicitly transfer ownership to anyone (the mention of the University doesn't serve this purpose), and the copyright record number he provided gives their names as the owner of the copyright interest.

Regarding unenforceability due to the impossibility of fulfilling a clause in the license, I couldn't say generally without some research on the matter. However, in this case I think it's pretty easy to sidestep the issue completely; the plain language of the says that "you must send us a message"; it doesn't state anything about the need for the message to actually be received or acknowledged in any way in order for the license to have been fulfilled.

At any rate, I just emailed the Lexis rep at our school to find out if it would be possible for me to include the source materials as PDF files that I dig up with my research, so people without access to legal databases can still read for themselves to judge the accuracy of my findings. I'll probably get started on this thing in a couple days or so.

Quite possibly, but if someone took a Diku mud, created new areas, added a few new classes and skills, than claimed to be something amazingly new and original, they'd be laughed off the forums (I've seen it happen).

Oh I've spoken to the Diku team at some length (or at least, the two of them that are still active) - I wouldn't have tried to defend their interpretation if I didn't know what that interpretation was.

People can do that as it is - it's just that they have to have the skill and dedication (or the money and dedication) to actually create a mud from scratch. Nobody's putting a gun to your head and forcing you to use the Diku code.

Hmm you are missing the point. Of course people can do that as it is. Without the license it would be easier, and more people could do it. Not just skilled people, or rich people, but your kid next door that has a vision or the rest of the 95% of the mud developers that could never pull something like that as it is.

Yeah, there are dozens of publicly available (and free) mud servers that have licenses amenable to commercial exploitation. There are even commercial muds running on them. The Eternal City for example runs on the ColdC server.

And really there are only ~70 Dikumuds running today. Most Dikurivatives are running under several additional licenses. For example, there are ~300 CircleMud derivatives running under a license that is quite explicit IRT commercial use and donations.

I'd wager very few people download Diku, as it no longer even compiles on modern Unix systems.

Yeah. A number of people in this thread are pretending that the DIKU team ran into a room like the legendary runner of Marathon, handed the license over, and collapsed dead. They've spoken at length on this topic (including their disgust at exploitation of the kind promoted on this thread) and their intent was made clear. Disputing their intent is rather moot in light of that.

Actually that's also a very good point.

By "Diku" I was also refering to its derivatives, which are also bound by the same licence.

True, although AFAIK only Circle elaborates on commercial use.

I couldn't agree more Hephos. I'm perpetually unsure what the objection is to people making money in a way that doesn't take anything away from you. Is it ego? I honestly have no idea. But what you write is dead on. Allowing more people to focus their energies on text by freeing them from worrying about day jobs would be a huge boon to the text community. And as you say, it's not like valhalla is making anyone any money. Releasing a codebase even with commercial restrictions is a cool thing to do, but it'd be a lot more helpful to the community if they were released without that kind of prohibition. What I would have done in their shoes is release it without commercial prohibition and just say that you owe a flat royalty percentage on any revenues earned in connection with the codebase (obviously with much more legalese involved). That way they still benefit and people are free to commercialize. (Although given that Medievia is still operating without any hassle from DIKU, it's pretty clear people can commercialize already, whether that violates the license or not.)

But, I don't actually know if it's possible for the license to be released. I dunno how that works. Is that a retroactive change of the contract terms? I suspect that could be gotten around if the DIKU team just released a signed statement stating that they will never take action against DIKU offenders, but I don't know. Definitely a question for the IP lawyers, not me.

--matt

That's an interesting point aside from the license. If you did grant that one party to the license contract could validly interpret it while the other couldn't, then are 2 members of the team enough? How is copyright ownership split up in terms of control? What kind of legal arrangement do they have among themselves in terms of control? What if another member disagreed? How does control get divvied up in the probable absence of a passable legal agreement between them?

Yeah, both Merc and ROM, for instance, just say you have to follow the DIKU license and make no mention of revenue or profit or whatnot beyond that.

--matt