The wife has just secured a Wii from an undisclosed retail location in the greater Danbury area. Can’t set it up tonight because I’m going to the NYC meetup, so as you might expect I’m going to be “working” from home tomorrow.

Clay Shirky has been on a mission to debunk Linden Labs‘ claim of “two million registered users” for Second Life (or, specifically, Linden’s refusal to correct those who’ve made that claim), and has done so with icy effectiveness. He’s emerged as one of the leading Second Life skeptics, asking more questions about Second Life here and here. I should also say that Valleywag commenter tparisi wrote a thoughtful rebuttal to Shirky (one, however, that doesn’t question his statistical conclusions.)

IBM’s a great believer in the potential of virtual worlds; the team at eightbar created perhaps the best Second Life blog around, and Irving Wladawsky-Berger has offered some deep insight on what the growth of virtual worlds might lead to. Over 1,000 IBMers have joined IBM’s Second Life community; our CEO led an in-world event and most recently we introduced 12 new islands. All levels of the company - including some functions you wouldn’t normally expect - are aggressively exploring how to effectively use Second Life during the course of business.

With that level of participation comes the responsibility to ask tough questions. I think you’ll see IBM exert that kind of leadership as we continue exploring the potential of virtual worlds in the new year.

Nintendo says that it will replace 3.2 million wrist straps on its game controllers, in response to a rash of reports of controllers flying out of people’s hands during vigorous use.

This is a textbook case of something that on its surface seems like bad PR really being a home run. If you’re Nintendo, trying to hammer home the differentiated value of your console, can you do much better than admitting Wii users are being TOO enthusiastic with their controllers?

Several years ago, IBM launched a “wild postings” ad campaign in support of its Linux initiatives, where one of our agencies surreptitiously tagged (and I mean “tagged” in the pre-Web 2.0 context!) sidewalks with its “Peace-Love-Linux” slogan. The City of San Francisco had an absolute fit, and IBM was ordered to pay a small fine, plus clean-up costs. It was perceived as a PR debacle for the company.

But was it? The whole point of the campaign was to establish “street cred” with developers, that IBM was a champion of Linux, which at the time was considered an upstart, anti-establishment challenger to Microsoft. Developers who championed Linux were considered rebels (how times have changed!). So what could establish your rebel bonafides more than a government agency - “the Man” - coming down hard on you for expressing support for Linux? That fine was the best $100,000 IBM has ever spent.

The only way this could be better for Nintendo is if Congress launches an investigation into the company for encouraging kids and senior citizens to jump around in front of their TVs.

CrunchGear reports that Amazon will soon have large stockpiles of Wiis and PS3s, ready to be ordered and shipped.

If true, I wonder if this signals a shift by the manufacturers to giving priority to exclusive online retailers rather than brick-and-mortar outlets. Regardless, this is good news - except for those still hoping to make a quick buck on eBay…

A few IBMers involved with new media had the opportunity today to meet with our counterparts at Cisco to share ideas on blogging, video, Second Life and how enterprises can use them to connect better with customers and employees. The meeting was held via Cisco’s telepresence solution, with the IBM team participating from Cisco’s New York office and the Cisco team from their San Jose headquarters.

Wow. Like all great innovations, telepresence integrates several different technological advancements - in this case HD television and cameras, and integrated voice/video/data networks - along with ingenuous design to create something that looks and feels tangibly new and exciting (in a way, it’s like what Apple did with iPod - marry existing technology with great user-focused design to redefine a category.) Telepresence is really a simple idea, but it’s superbly executed, and once you participate in a telepresence session you can see the business value in it.

This is a high-end enterprise service, but can a gaming application really be so far behind? If you’re able to create the illusion of “presence” so effectively using off-the-shelf technology and basic optical design principles, why couldn’t you use the same principles to create a true “immersive” experience, where you’re surrounded by your game?

I once blogged about a company trying to do something similar to this, but I haven’t seen anything more about it. I assume that some gaming zealots at Cisco (and I’ve no doubt they have more than their fair share!) are tinkering with this idea; if they can find a way to create a new kind of gaming experience that’s as qualitatively different from “conventional” gaming as telepresence is from “conventional” videoconferencing, they’ll have the gaming world at their feet.

After all, I’m sure I’m not the only one waiting for the holodeck!

Well, we all knew it was coming but it has finally arrived. Recent issues around property rights in Second Life have led to real world repurcussions. An article in today’s Information Week talks about what people really do own in Second Life.

More importantly, I think the time has come to start fleshing out virtual world legal issues in general, from the online virtual markets that trade World of Warcraft goods to property rights in Second Life, to jurisdictional issues (e.g. if I’m a US citizen and did a virtual trade with someone in South Korea that went bad, or I live in Norway and a virtual world I have significant asset in is based in South Africa and goes bankrupt, where do I go for redress?) and more. I personally think if virtual worlds (and virtual markets) are to thrive beyond a niche for gaming, these kinds of legal frameworks are going to have to be resolved more clearly.

I guess it means we’re going to see a lot more penny loafers on Second Life, WoW and other worlds. I wonder if that Savile Row bespoke suit comes in chain mail…

I had the opportunity to sit down (virtually) with Steve Davis, CEO of IT GlobalSecure, a software publisher and consultant for security issues specific to the gaming industry. His company develops “SecurePlay“, a security middleware toolkit for online games. IT GlobalSecure is currently working to elevate awareness by unveiling a course covering the whole range of business and technical issues related to game security.

Your blog tracks the proliferation of exploits and vulnerabilities in the gaming world. Have you quantified any loose trends in your survey that you could share?

I have been tracking game security incidents since the late 1990’s. At that time there were usually a half dozen incidents per year. By 2004, the pace was up to about one per month. In 2005, there as about one incident every two weeks. This year (2006), I have said the pace was about one per week. This is actually very conservative. The pace is closer to an average 2-3/week. Part of this apparent increase is attributable to my closer monitoring since I started my blog, so one per week is a good/bad-enough number.

Methodology - My threshold for an “incident” is something that is announced via a press release, a regular news article, or a major online site. Occasionally, I’ll pick up something smaller if I find it particularly interesting or informative. I do not go hunting into warez or hacking sites to find attacks though I will use borderline hacker sites if they provide useful details on the nature of the attacks (usually, I find these sites via major online sites as their reference for the story).

Seeing as how there are more online services available, this increase isn’t particularly surprising. Can you draw any conclusions about the most prominent type of attack, or perhaps characterize the most typical of targets?

Actually, the growth of the problem is pretty impressive, at least to me. Publicly disclosed incidents have been doubling every year for the past several years. The problems have been spreading across the board. The most surprising, and disappointing, is the number of code compromise incidents. This is one of the most damaging problems and probably the easiest to fix. I am most interested in the areas where we haven’t been hearing much: casual games, tournament games, and, of course, online gambling. Serious cheaters are going to “follow the money” as they do everywhere else.

By code compromise, you mean hacking of the game client, right? How can this be easily prevented?

No, by code compromise I mean the disclosure of the game’s source code base. Typically, these losses have been by the game developer, though publishers have been guilty as well. It is a failure of basic IT security. Game code and raw art assets can be worth hundreds of millions of dollars or more (or less). They should be protected appropriately during the development and publication process.

What are your thoughts on the emphasis on security in the game industry, today?

“Generally speaking, game publishers own the security problem in this industry. This has serious implications. Developers are compensated for delivering a product on-time and typically get the bulk of their compensation for completing the game on-time. Therefore, they do not have real incentives for good security design or practices unless such incentives are written into their contracts Also, because game publishers still see themselves in the “publishing” business where most revenues are earned in the first 30 days after a product release as opposed to a longer sales and services cycle, they have allocated security into the QA or distribution side of the business where there is little power or incentive to address security strategically.

“This leaves out some great revenue “tails” – tournaments and other “secondary” markets for games could extend their shelf-life by adding more traditional sales and open up additional revenues from licensing and royalties.

“There are a lot of ways that good security can grow revenues, not just try to protect against loses.

Are middleware vendors indifferent to security? How many breaches, how much downtime, how many lost users and revenue will it take?

“The middleware guys haven’t focused on security because the developers and publishers are still struggling with the decision to use middleware at all. As the middleware market matures and game publishers really come to terms with the opportunities and implications of online play, security should become more clearly important.

“People have been telling me for years that the game industry needs a “Pearl Harbor” incident. Part of my motivation for writing my blog is to show that, while Pearl Harbor hasn’t happened, the industry has experienced a number of Dunkirks, Polands, and North Africas.

Based on your observations, what is your general appraisal of security amongst the MMORPG developers, themselves?

“Security is being taken more and more seriously by MMOs once they are in operation. After all, this is where security failures cost real money. I am not so sure about MMOs in development. It is much easier to change PowerPoint slides and specifications than a running game service. However, the development team is not typically rewarded for good security. They are paid to get a game out the door as quickly as possible. Even worse, they are often not the guys who are stuck with the security problems once the game is in the field. This is the same problem faced by other types of games as well as other software services with a security component. It is hard to make developers accountable for security.

What are the “wins” that we’ve seen towards security with respect to online gaming? What are the success stories that you feel should be told here?

“Even Balance has been doing a great job in the US with PunkBuster. It may not be what you or I would consider the “right” solution from a security purist perspective, but they have raised awareness of the issue. In some sense, their model is perfectly suited to the way the industry thinks about security. Hopefully, publishers will start looking at their PunkBuster budget and consider if there is a better way. There are similar stories in Asia with nProtect’s GameGuard and AhnLab’s HackShield.

“There has also been some interesting data out of Korea from NCSoft. According to some public articles, they spend 10 billion Won (out of 350 Billion Won in revenues) on security. This doesn’t include the marketing costs associated with lost customers (I don’t know if it includes customer service costs for security related incidents either).

Finally, what is the most important thing that MMORPG developers and middleware developers can do to increase the security of their offerings?

“The biggest thing developers can do is to begin to consider security in their designs from day one. There aren’t any magic bullets, just good engineering and business strategy.

Thanks very much for your time!

“My pleasure.”

For interested readers, a related discussion took place in early October over at covertcreations. The article is titled, ‘MMORPGs, Security and the Grand Promise of Middleware’.

Technorati tags : games security, steve davis, secureplay, it globalsecure, game middleware

IBM Rational PurifyPlus a finalist in the 2006 Front Line awards. Click here.