Open source gets a Second Life

Linden Labs has released its popular Second Life 3D virtual world client as open source. Why did they make this move? What are the security implications? What license did they chose? Read on for answers to these questions and more.
Written by Ed Burnette, Contributor
Linden Labs, creators of the hugely popular 3D virtual world Second Life,
Second Life
released the software last week as free and open source under the GNU General Public License (GPL) v2. Currently only the client side (the part that runs on your desktop) is available, though the company is considering releasing the server code in the future. The code is written in C++, and runs on Windows, MacOSX, and Linux. Here are some of the highlights from the FAQ:

Q. Why are you releasing the source code for the Second Life viewer?

A. An open source approach has always been part of Linden Lab’s long-term strategy, having always operated as an open community. This initiative will allow deeper industry and community collaboration, advise the development of market-driven standards, and may one day spur the development of the viewer to accelerate beyond the resources and direction of Linden Lab. The potential of Second Life is vast and the way in which residents wish to use it varies enormously. This provides immense opportunities for residents, many of whom are adept developers and many of who have built profitable businesses around Second Life.

In the short term, we look at this as a way of improving the processes we use to build Second Life, creating greater transparency, and giving the community the means to participate in and improve the way we create software. In the long haul, we hope this move will accelerate innovation in Second Life, enabling anyone to enhance the viewer in all sorts of ways.

Q. Lots of companies open source software components. What makes this different or in any way notable?

A. This is the first time a market leading company has made its sole product available to the open source community. We believe it is unprecedented and pretty audacious, but believe we're making the right decision. While Linden Lab will continue to be the sole source of the official client, this initiative provides tremendous opportunity for experimentation and innovation that have always been the hallmarks of Second Life.

Q. What does this mean for the long-term future of the Second Life platform?

A. We hope that the viewer will become something of a standard for 3D virtual worlds. We’re the leading virtual world with the most sophisticated viewer – we think that’s a good basis to become the standard for new worlds and for those considering developing their own viewers. 

Q. What source code will you be releasing, and how will it be licensed?

A. Second Life consists of two major components: the viewer, which is the software that residents install on their computers to access Second Life, and the server infrastructure, which is the collection of software components running at Linden Lab's datacenters.

Linden Labs is planning to make the source code to the viewer generally available under the GNU General Public License (GPL), as well as a separate license for entities that wish to reserve the ability to create proprietary extensions for the viewer. Due to third party licensing restrictions, some proprietary components are still necessary for an optimal experience. We hope to fix this problem, in some cases, convincing the creators of those components to license their code similarly, or by working with the community to ensure that the open source counterparts improve to become viable replacements for the current components.

Q. Won’t this lead to serious security issues? What are you doing to counter that?

A. Security was obviously a major factor to consider when preparing to open source the Second Life viewer. We’ve spent significant time preparing and testing to ensure the stability and continued robustness of the client software.

This move will eventually increase the security of Second Life since there are now more people looking at the code, highlighting potential exploits and providing bug fixes and updates. There will always those who wish to crack any type of software for malicious purposes. Opening the source code doesn’t change our exposure to that, since these crackers reverse-engineer proprietary code anyway. In fact, it takes some of the sport out of doing just that.

Q. How can you prevent malicious programmers from finding flaws in the code to exploit security problems?

A. There is a risk that publishing will make it slightly easier for malicious programmers to find security vulnerabilities in the Second Life viewer. However, withholding source code access doesn't seem to be much of a deterrent to criminals hoping to exploit problems in the viewer. Our old approach of "security through obscurity", by withholding source code and prohibiting reverse compilation of the viewer ensured that only those people who don't respect rules would inspect the viewer's security. Our new approach of publishing the source code creates a much larger group of people inspecting the inner workings of our viewer. Since that group has our explicit blessing, this group is likely to be (in aggregate) a much more law-abiding group, and more inclined to discreetly report problems to us. For a more thorough discussion of this subject, see: "The secrets of open source security." by Chad Perrin at TechRepublic .

Q. Why did you choose the GPL instead of other licenses?

A. We threw a dart at a wall with licenses on it, and that's the one it landed on. Just kidding. We felt that the GPL was the best license for ensuring that members of the community share changes with one another (and with us). The GPL is a de facto standard among free software/open source licenses, used by over 66% of nearly 42,000 projects listed on Freshmeat.net.

Q. What source code won't you be releasing

A. We don't (yet) plan to release the code that runs our simulators or other server code ("the grid"). We're keeping an open mind about the possibility of opening more of Second Life; the level of success we have with open sourcing our viewer will direct the speed and extent of further moves in this arena.

There are limited portions of viewer code we've licensed from third parties that also will not be released. We believe we can eliminate proprietary dependencies in the viewer code, either through relicensing or replacement, and are working toward that end.

Q. Will contributing lots of quality development work mean I'm more likely to be hired if I apply for a job at Linden Lab?

A. Yes, that's one of the best ways to get noticed if simply submitting a resume isn't enough. We receive a lot of resumes, so standing out in the crowd can be tough. Visible participation in the community is a great way to get noticed and prove your ability as a developer.

Related articles:

Editorial standards