Emerald Flack Arabella Steadham: “I Don’t Lie”
by Pixeleen Mistral on 21/08/10 at 8:05 pm
Protip: killing reporters makes you look bad
On my first visit to Emerald Point Friday night, I was killed by an unknown assailant within a minute of sitting down with the Emerald developers. I had dropped by hoping for comments from Emerald gang spokeswoman Arabella Steadham, and was pleased to see also in attendance several of the controversial developers – part of a group that many believe are distributing a malware-infested Second Life viewer.
Death is a routine part of reporting on the metaverse, so after I suddenly died and was returned to my home sim, I introducing myself again to Arabella via IM, and gingerly returned to the sim a few minutes later.
During the second visit, Arabella assured me that Emerald users are unlikely to be concerned by allegation that the client has been used for an attempted DDOS attack on an enemy web site — because she does not lie. Arabella’s claim seemed a bit broad – and Urizenus is never around when I need help with parsing these sorts of statements – so I filed this for later research.
Sadly, our 3 minute conversation ended abruptly when I was killed, so I suggested Arabella calm the excitable players for a few minutes. On my return I received assurances I would not be bounced from the sim again. On this visit, I learned that the Emerald gang does not consider silently turning their users’ computers into botnet for mass downloads from a target web site to be a denial of service attack – because the web site did not crash. This was good to know, but raised further questions.
What would their position have been if Hazim Gazov’s iheartanime.com site had been taken offline – or run up a huge bill? We are unlikely to ever know, because mentioning many web sites pay for fixed amounts of bandwidth seemed to touch a nerve, and I was killed for the third time. Whatever weapon the Emerald gang was using on me did not leave a trace, so it was difficult to know who was playing reporter-killer last night. This was convenient – whenever hard questions came up, I went missing and there was nobody specific to blame.
Could this lack of accountability be a common theme within the Emerald group – and the cause of some of their recent problems? If so, it will be interesting to see how long former Lab staffers Data Linden and Qarl Linden will last in the Emerald gang. On the other hand, Linden Lab’s lack of accountability for destructive actions has been a constant theme for my entire Second Life, so the ex-Lab staff may feel right at home.
the start of a 3 minute conversation which ends with a killing
Pixeleen Mistral: I’m sure you are busy
Pixeleen Mistral: but perhaps we ccan talk?
Arabella Steadham: not awfully flat out
Arabella Steadham: whats up
Pixeleen Mistral: well I was wondering about the shenanigans post you had
Pixeleen Mistral: what led up to that?
Arabella Steadham: as you can see by the blog post, it is a general apology to our users
Arabella Steadham: theres really not a lot more to be said
Pixeleen Mistral: Arabella – do you think they will believe it?
Arabella Steadham: I don’t lie
Pixeleen Mistral: I wonder if I can believe that statement
Arabella Steadham: well that is your choice
Pixeleen Mistral: so color me skeptical
Arabella Steadham: I’m sure there are many more salacious things you would prefer to believe
Arabella Steadham: or post
Jessica Lyon: it is a genuine apology, we hope people will see it as what it is.
At this point I am killed again, and find myself back at my home sim. Perhaps we can discuss this in person – if she can get those crazy kids to put the guns away for a few minutes – so we talk via IM:
Pixeleen Mistral: you know – you guys can keep killing me and I’ll report that
Pixeleen Mistral: or you can talk - its totally up to you
Pixeleen Mistral: maybe you want to calm those guys down
Pixeleen Mistral: I am up for about one more killing
Pixeleen Mistral: so I’ll give you a few minutes to get your boys to chill
Pixeleen Mistral: protip: killing reporters makes you look bad
Arabella Steadham: I don’t know who did that
Pixeleen Mistral: probably someone who has something to hide
Pixeleen Mistral: get those guys to chill out. I’ll be back in 5
If Arabella’s apology to the Emerald users is to be credible, she should be able to exercise at least some minimal control over the Emerald developers. Unfortunately, I soon learn that Arabella can’t get them to stop killing me – can really believe the her when she assures Emerald users that all is well?
Time passes and I return again to Emerald Point. Jessica Lyon assures me that I’ll be safe – and I am, right up until I ask if burning through another site’s bandwidth is fair play in the Second Life third party viewer wars.
Pixeleen Mistral: ok, let’s try one more time
Arabella Steadham: there’s really not a lot more to say
Jessica Lyon: Not sure who ejected you, but it won’t happen again today.
Jessica Lyon: How can we help you
Pixeleen Mistral: well, I have some questions. I write for the Alphaville Herald
Pixeleen Mistral: perhaps you have heard of it
Jessica Lyon: yes, we know
Pixeleen Mistral: from what I gather Hazim Gazov’s iheartanime web sites was DDOSed by the Emerald login page
Arabella Steadham: that is incorrect
Pixeleen Mistral: ok, so what happened?
Arabella Steadham: you can read the correct interpretation on the MS blog
Pixeleen Mistral: I read that – but it confused me
Arabella Steadham: thats a pity
Arabella Steadham: It was quite clear to many of our users
Pixeleen Mistral: can you help me understand how putting 32 hidden iframes in your login page which render to a 1 x 1 pixel square is all in good fun?
Pixeleen Mistral: because its a little hard to believe that this was an accidental goof
Pixeleen Mistral: but maybe I am confused
Arabella Steadham: I think your information is incorrect
Pixeleen Mistral: well I did look at the google cache for the page
Pixeleen Mistral: and I did see the iframes at the bottom that all point to iheartanime.com
Pixeleen Mistral: what is incorrect in that?
Arabella Steadham: then you have no need to ask me about it
Arabella Steadham: if you already feel you know everything
Arabella Steadham: I’m sorry I can’t really tell you a lot more Pixeleen
Pixeleen Mistral: I am asking you because I want to know what you think
Arabella Steadham: theres not a lot more to tell
Arabella Steadham: I think I have written an apology to our users, which I felt more important than anything else
Pixeleen Mistral: really?
Skills and Phox chill out – and reload
Jessica Lyon: I think what she is trying to say Pixeleen is that regardless of what she tells you, you will inevitably twist it in such a way as to generate the most controversial angle possible
Pixeleen Mistral: what about the owner of the iheartanime.com web site?
Pixeleen Mistral: does he get an apology too?
Arabella Steadham: what about him
Jessica Lyon: We made a public apology to our users, it is a genuine apology. We hope our users will take it as what it is.
Arabella Steadham: My concern is our users
Arabella Steadham: as I have said
Arabella Steadham: my concern is not for creators of malicious viewers
Pixeleen Mistral: but the web site that you ran the DDOS against – that is not your concern?
Arabella Steadham: there was no DDoS
Arabella Steadham: you know this
Pixeleen Mistral: true – it failed
Arabella Steadham: there was no DDoS
Arabella Steadham: bottom line
Jessica Lyon: the iheartanime website suffered no down time as far as I am aware.
Jessica Lyon: surely, you must realise if a ddos attempt was truly made.. there would have been downtime right?
Arabella Steadham: excuse me one moment please, I will be back in 2 minutes
Pixeleen Mistral: so its OK for other sites to do the same thing to modular systems?
Arabella Steadham: (door)
Pixeleen Mistral waits
Tyken Hightower: Back!
Tyken Hightower: Oh god, Pixeleen is here?
Tyken Hightower: Why?
Jessica Lyon: There was no damage done. The website in question suffered no downtime or lag. Thus if someone wanted to do the same to our website providing it was done the same way, there would be no difference?
Pixeleen Mistral: I have heard that some websites pay based on bandwidth consumed
At this point I am killed again, so the interviews will have to conclude via IM from a safe distance.
Fractured Crystal is missing – was he grounded for DDOSing?
Jessica Lyon: did you get ejected?
Pixeleen Mistral: why do you keep killing reporters?
Jessica Lyon: I did not, I’m asking if you were ejected.
Jessica Lyon: and by whom.
Pixeleen Mistral: this is the third time and that is my limit
Pixeleen Mistral: no way I can say this is an accident
Pixeleen Mistral: [17:57] Jessica Lyon: There was no damage done. The website in question suffered no downtime or lag. Thus if someone wanted to do the same to our website providing it was done the same way, there would be no difference?
[17:58] Pixeleen Mistral: I have heard that some websites pay based on bandwidth consumed
Pixeleen Mistral: what is your response to my question?
Pixeleen Mistral: besides killing me again
Jessica Lyon: the answer was, perhaps some do. However iheartanime does not afaik.
Pixeleen Mistral: thank you
Pixeleen Mistral: ok Arabella your guys killed me again
Arabella Steadham: I was away when you disappeared so I do not know. As it is, I feel everything has been said
Pixeleen Mistral: thank you for your time and I wish you luck in your future endeavors
Brahm Streeter
Aug 22nd, 2010
@ All of them
*cries and jumps up and down* But I don’t wanna!!!!
Hahahaha! Overblown egos. It’s just fun, I tell ya.
Recalibar
Aug 22nd, 2010
Woh, I was there for that. Running around on an account named “Russian Secretspy” when I was passing through.
Pixeleen Mistral: well, I have some questions. I write for the Alphaville Herald
Pixeleen Mistral: perhaps you have heard of it
Jessica Lyon: yes, we know
Managed to catch that bit before running off.
We
Aug 22nd, 2010
@Brahm Streeter
“questions an official apology about an incident that’s been explained to probably hundreds, if not thousands, of people already”
The “official apology” deserved to be questioned, because it was utter bullshit. Therein lay the story, to see if they would stutter on the story they made up as to what happened, or how else they would react. Ejecting the person repeatedly rather than answering is an interesting response.
It really can’t even be called an apology, since it never acknowledged that they did anything wrong or what they did. It refused and denied calling it a DDoS, when anyone can tell that it was, and it downplayed it at every angle as “Silly” and “shenanigans” when DDoS attacks are serious and illegal.
Pappy Enoch
Aug 22nd, 2010
I bin killed dead 100 times. It don’t hurt bad.
Only thing what skeered me were when the Furries in Lustwood said they was eatin’ brains. My brain am rite small, but a brain am a brain am a brain, like ol Gerty Stein done said that time.
Keep at it, Miss Pix! This am serious! If’n we loses the Jiggly Cha-Cha-Bingo Viewer™, what will become of the fake world?
Kiddoh
Aug 22nd, 2010
@Pappy: Jiggly boobs now exist in alternate clients. Imprudence supposedly has them.
Bubblesort Triskaidekaphobia
Aug 22nd, 2010
Imprudence definitely has jiggly boobs, and they’ll probably make that feature more visible now that they’ve been getting so much feedback on their viewer. Imprudence responds fast, and they release weekly. LL is trying to emulate their release cycle with snowstorm.
SweetlySo Gealach
Aug 22nd, 2010
@Pappy
Ohmigod how cute are you?!
Looks like it’s a done deal, folks. Emerald has been removed from the TPV.
http://viewerdirectory.secondlife.com/
Emerald Viewer Debacle: More info, resignations « Mistletoe Ethaniel's Blog
Aug 22nd, 2010
[...] the blog post, PIxleen Mistral from the Alphaville Herald set out to get some answers. Despite getting ejected repeatedly while trying to conduct her interview, Pixleen did post her [...]
Nelson Jenkins
Aug 22nd, 2010
@ SweetlySo Gealach
Yeah, bit of old news. Good, though.
Bubblesort Triskaidekaphobia
Aug 22nd, 2010
The TPV list is just marketing. The TPV policy says as much. This doesn’t actually mean anything yet.
If LL enforces the TPV policy correctly and bans every member of Modular Systems, that will be something. Don’t hold your breath, though.
cookie monster
Aug 22nd, 2010
lonelybluebird / phox is just 2 of his accounts, he has several which are all him which are also about 1/3 of all the emerlad tech group all him.
i’ve known him ever since he was patteh phox on the furnation sims, back then he made scripted objects which force crashed ppl and in a worst case gave him actual control of your system remotely.
also this was one person who was invlvled in the lindenlab database hacking a few years back
We
Aug 22nd, 2010
Reportedly Emerald was only taken off the TPV list temporarily while the Emerald team changes leadership due to instability in the team and Fractured leaving.
Mary Elizabeth
Aug 23rd, 2010
Eshi is part of the Emerald group?
John
Aug 23rd, 2010
I hope the entire team gets removed…
How can anyone trust any of them?
I honestly hope Lindens removes your viewer and doesn’t allow it to be used. you have proven your team is untrust worthy to the community.
What the average user doesn’t get WE would have been blammed for the DOS attack until some one traced it back to emerald.
They are all to blame for letting this happen.
and seeing how they are to childish to sit and actually answer real questions make it even worse.
Uccello
Aug 23rd, 2010
When you say “killed” that made me think that the region was Damage enabled. Based on the pictures you posted, I know that at least two of the people there were smart enough to be able to turn off Damage if they had the rights. Didn’t anyone think of that? More likely you were simply sent home via the Estate tools. Members that can do that are visible if you know where to look. And whether your trips home were from being killed or from simply sent home via Estate tools, no viewer I’ve seen indicates which avatar did it. Only Eject shows who did it and then you are either sent to an adjacent region or to the null point of a standalone region.
Despite any answers or explanations on this point, the ejections makes me wonder how serious some members of the team really wish to be taken — and how their behavior reflects upon the team as a whole. Maybe the ejector didn’t notice that team members have resigned due to irresponsible behavior. The public release of the software is an implicit agreement by each voluntary team member that they held to some level of responsible behavior.
Emerald Viewer Mutiny – Fractured Crystal Thrown To Sharks | The Alphaville Herald
Aug 23rd, 2010
[...] to spin the attack as childish shenanigans by Arabella Steadham – who reminds us she does not lie – fell flat, and as word spread [...]
Echo Kinsella
Aug 23rd, 2010
I’d shoot anyone from this rag too if they showed up on my land! roflmao
Dave Bell
Aug 23rd, 2010
I find it hard to trust the Alphaville Herald, not just on this.
The big news is that, this time, the allegations turned out to be true.
There’s other stuff going on, involving Second Life and Linden Lab, which you choose to ignore. Maybe the bigger news is what you choose not to talk about.
Kiddoh
Aug 23rd, 2010
@Dave Bell:
Like what? No need to be vague, get specific.
Patasha
Aug 23rd, 2010
@Dave Bell
See the difference is. Pix reported what she knew, even gave us some pretty pictures. You just threw out vague “bigger news”. So.. hmmm… I will go with the Herald being trustworthy, and you just trying to throw a bit of hate on Pix’s big win weekend.
Patricie Sapphire
Aug 23rd, 2010
Emerald bashing just because it’s current breaking news does not make this worthy of calling it news. The reporter ( coughs ) shows none of the objectivity that is needed or required to be a reporter, I find is biased and slanted. Linden Labs itself has been guilty of behaviour in the past that would rival what has happened with Emerald. The story here is the ” rush ” to go out and DL ” other ” 3rd party viewers, obviously people are not running to DL the new SL V2 viewer as it continues to dissapoint the masses, I for one have truly enjoyed my SL and in a large part it is because of the emeral viewer. Quit your crusade against Fractured aside and look at the enjoyability Emeral
has brough to a large number of people, and get your sh*t together and act like an unbiased reporter!
Patasha
Aug 23rd, 2010
@Patricie
Umm, you might want to check other sources as well if you think this is just something the Herald is doing, say SLU and SL forums as well as the third party viewer list.
Oh, would Emerald be joining the crusade since they fired Fractured yesterday?
Kiddoh
Aug 23rd, 2010
Keep in mind Patricie, Pix keeps a rather unbiased view of all its subjects. It’s the comments on the other hand that do not. Don’t always think the public’s opinion is the same as the Herald’s. Also; keep in mind it’s hard to remain unbiased when people keep interrupting your interview during the good questions by killing you.
John
Aug 23rd, 2010
People what Emerald team did is Illegal.
They used Peoples computers to Attack and SPAM a website.
their are plenty of Blogs showing the Source code and the DOS Attack. Sure it did not bring the website down. But it was the attempt and they used YOUR computer to do it. The installed something on you computer with out your Knoweldge ( Malware, Spyware, Virus)
This is Internet Illegal activity.
If Lindens Supports Emerald developers in any form they are supporting Illegal activities.
It is the entire design team at fault at emerald they do not have the maturity to run a team correctly to Put out the product.
Do your fact finding its all over the web they Illegal activity and it would not suprise me that Legal action will not be taken against Emeralds “Prank”.
you desire to have a team that has proven they are not to be trusted access to your machine, don’t cry when your ISP shuts your connection off for spaming a website with a DOS attack.
you the end user are also the victim but you all think that Emerald is just the best viewer out their.
Open your eyes and read about what happen for real look at the Google info that was shown on Lindens and emeralds blogs unless Emerald has taken it down. Its all their and the developers are just trying to white wash you all.
Gundel Gaukelei
Aug 23rd, 2010
@John: you the end user are also the victim but you all think that Emerald is just the best viewer out their.
dolus eventualis: Form of intention in which the offender knows that the occurrence of the criminal result is a serious possibility and accepts that this may happen.
I don’t think “victim” will be the exact terminology here. Not anymore, now that the “serious possibility” has been widely published.
Pappy Enoch
Aug 23rd, 2010
@Echo, “I’d shoot anyone from this rag too if they showed up on my land! roflmao”
Hot dawg! Make it BIG and awful. We kin split the take from the story of my 101st bein’ killed dead and blame it on Miss Petunia. That gal needs mo’ jail time.
@SweetlySo, who done asked all coy like, “@Pappy
Ohmigod how cute are you?!”
Well, I are quite a looker, I reckons, case them gals keeps after me 24/7. But you am so coy and sweet in askin’ instead o’ tryin’ to jist tackle me fo’ some luvin’ that I reckons we got us a date! Hoo whee. I ain’t had nuffin’ but luck since I got out o’ jail.
Reconnoiter Demonista
Aug 23rd, 2010
May I ask how you were killed when, by proof of your screenshots, damage is not enabled?
Look at the top of the screenshots on the bar at the top. Do see a health meter? no.
Nelson Jenkins
Aug 23rd, 2010
@ Reconnoiter Demonista
Hellooo? Hellooooo? Think McFly, think! Someone could flip damage on for just a second.
Reconnoiter Demonista
Aug 23rd, 2010
Oh yes a coordinated effort to shoot the reporter and make themselves look bad after all the mess they are trying to fix. Genius. What is it with the paranoid conspiracy theorists out there? Grasping at straws attempting to find bad things in everything. Oh wait this is the Alphaville Herald…. Oh no! A butterfly flew by, the thing probably is attempting to destroy all peace on Earth and eventually implode the Sun. Remember: The Internet… Serious Fucking Business.
That being said, I’d probably do the same. I would never invite someone from the Alphaville Herald onto my land though. If they showed up.. I’d turn on damage too.
Count Ravenheart
Aug 23rd, 2010
http://www.youtube.com/watch?v=RYUi2I1Jzro
Kiddoh
Aug 23rd, 2010
“That being said, I’d probably do the same. I would never invite someone from the Alphaville Herald onto my land though. If they showed up.. I’d turn on damage too.”
Wow, you sound like a major douche, but that’s okay, It’s not like your interesting or important enough to actually make Pix come knock on your door or anything. :O
Meh
Aug 23rd, 2010
“Kiddoh: Keep in mind Patricie, Pix keeps a rather unbiased view of all its subjects.”
Considering you’re completely lacking in anything resembling a moral compass, Kiddoh, yes, I would suppose Pixeleen appears to you to be completely unbiased.
Patasha
Aug 23rd, 2010
@Count
That’s just wrong, so wrong.. why can’t I stop looking at it.
Kiddoh
Aug 23rd, 2010
“Considering you’re completely lacking in anything resembling a moral compass, Kiddoh, yes, I would suppose Pixeleen appears to you to be completely unbiased”
You got me on the moral compass part, however please explain how Pix is so biased. Also; explain what morals have to do with anything in regards to posting news.
Pappy Enoch
Aug 23rd, 2010
“May I ask how you were killed. . .Look at the top of the screenshots on the bar at the top”
I were killed by a bar a few times. Grizzy Bar, once, in fact. I ain’t walked rite since.
SweetlySo Gealach
Aug 23rd, 2010
@Pappy
Well now Pappy, I haven’t had such a fine offer since I’VE been out of jail. You bring the corn liquor and I’ll bring the handcuffs.
Yasmin
Aug 23rd, 2010
*chuckles*
Every noob has the right to defend the malware they install on their machines.
And as I mentioned on the Emerald forum, in a post that got immediately deleted; It is a sad state of affairs when the Trojan horse pulls your plow better than your trusty mules to the point where you walk behind and convince yourself that what you are stepping in is ice cream.
I know 14-year olds that can code the dust off double words, and yet they are the most inept at what most of us get right in terms of interacting with other people. I know at least one with certified psychiatric afflictions. The emerald team sounds much like these.
General Drama
Aug 23rd, 2010
Woodbury warned all you retards months ago that Emerald was up to no good, but NOOOO, none of you idiots wanted to believe that Woodbury would get massbanned by LL for exposing the criminality of their little juvies. Vindication is sweet.
Little Lost Linden
Aug 24th, 2010
I’m working on this song. It’s not quite finished yet, goes like this:
Arabella, Arabella, you make me sick.
Arabella, Arabella, you make me sick.
I only have the first 2 versus so far.
I could go for a pizza right about now.
Arabella, Arabella, you make me sick.
Jocelyn Pawpad
Aug 24th, 2010
@ General Drama – I’m going to say to you regarding Emerald the same thing I said of the Woodbury U group that was slung out on its ear not so long ago. Namely “there might have been the odd pain in the neck associated with the group, but there were also some very talented individuals included too.”
I continue to use what little trinkets I picked up from the old Woodbury build in Ravenglass along with some delightful pieces of cardboard furniture I picked up in the campus mere weeks before the hammer came down on the build. Are there any backdoor torjans associated with any of these? I’m sure if I asked that of someone like Prok or any of her schills that the response would be less than complimentary to the Woodbury group and as like as not driven by past vendettas.
I expect the same to hold true with the Emerald client. Quite frankly I am inclined to take both witch hunts with the requisite grains of salt they are no doubt afforded. The truth of the matter is that Fractured has been dragged up for public ridicule using screencaps of “evidence” I have no way of establishing the veracity of independently and therefore must decide for myself from the circus that is currently unfolding before my browser.
And you know, all these attempts to drag every last Emerald dev and their associates down with Fractured using these pretty little jpegs and tales of reporters getting booted out of sims for “asking the wrong questions” kind of makes me wonder just how much of it is real and how much of it is a beat-up. Face facts, the Alphaville Herald itself makes no secret of its lack of bias, it is a tabloid which trumpets the maxim “always fairly unbalanced” after all and no amount of e-freenis waving “nyah nyah, we told you so” from the little people (who for all I know might very well be script kiddies themselves) is going to lend a single jot of credibility to their claims.
Stick that in your pipe and smoke it. While you’re at it, chew on this also. For all the code in Emerald that might be considered surplus to the individuals requirements (what do I care if I can see jiggly bewbs or not) there are undenaiably ways for enterprising miscreants to incorporate aggressively antisocial subroutines into ANY client that supplies itself as uncompiled code. This includes anything Linden Labs releases under their own banner and I can say this with certainty having seen the amount of trojans doing the rounds of IRC years ago when I first spread my wings on the net.
I am also reliably informed by an IT technician of some 25 years standing that tools completely independant of any SL client might be employed to far greater effect than the mere failed *attempt* of DDOS attack we are supposed to be getting all hot under the collar about. Throwing Fractured under the wheels of the Emerald bus achieves nothing past making a few people feel good for a variety of reasons, but in the end we still have an (admittedly delisted) client with a bunch of useful bells and whistles on it which for the most part is used to benign effect by far more than the 20-30% of users reported to be accessing the 2L grid with it.
That’s what I am going with. I’m proud to stand tall and declare myself an Emerald user and let the cards fall where they may. Of all the viewers I have trialled, it remains (and I include the LL clients in this statement) THE most stable of all clients for me and my system. Say what you like about any of its developers, but you cannot take THAT much away from them.
Nelson Jenkins
Aug 24th, 2010
@ Jocelyn Pawpad
I’m going to go ahead and cross-post this, just in case you didn’t get the memo.
Why anyone would continue to trust these folks will remain an unanswerable question.
– Fractured collected IP addresses linked to avatars in the Emerald Point sim and the RegAPI. This allowed Emerald devs (most of which used the system regularly) to geolocate specific SL users, among other things one can do with an IP address.
– Someone (let’s call them the third party) discovered this system. Phox and Fractured then hacked their voice account so they couldn’t use SL voice. They then stalked him from sim to sim (without map rights).
– Phox threatened to burglarize the third party’s house and steal his actual computer.
– Fractured illegally distributed chat logs of the third party, laughing at how he trolled him.
– Phox called a phone number that was listed in the third party’s Linden Lab user account. It turned out to be fake, and he only called the parent of a student. Unfortunately, harassment charges weren’t filed.
– The third party confronted Fractured and threatened to release the entire contents of the datamine to the public. They reached a compromise: Fractured would release the names of the accounts listed in the datamine and the people who had access to it, but no other information (such as IP addresses), in addition to removing it entirely from his servers. However, the contents were eventually released in full, and the names of those listed in the datamine were posted to the Herald a few months back:
http://alphavilleherald.com/2010/05/emerald-devs-modular-systems-data-mine-tracks-16740-avatars.html
– Phox and Fractured both conspire to get the third party’s ISP to cancel their service because of the leak, which they also did numerous times to the creator of the NeilLife viewer, but were ultimately unsuccessful. However, Phox still claims he was successful, and brags regularly about it.
– Fractured and several other Emerald devs (which are still on the team) begin work on the Onyx project, an entirely malicious viewer designed to find security holes in SL. It was also designed to harass and stalk users; however, this functionality was not discovered until its source code was leaked. The devs quickly claimed that it was an old copy and that the newer builds didn’t have those features, until the newest source code was revealed, causing the entire Onyx project to stop and the site to be taken offline. The Onyx viewer is still used, but only by spoofing the Emerald tag and channel name.
– Skills Hak begins selling the Gemini CDS Ban Relay, a system similar to BanLink, but instead it is fully automatic. It uses a QuickTime exploit to determine a user’s identifying information (which is technically illegal per SL policies) and hosts the data on the Gemini server, not unlike the incident with Fractured and Phox way back in the beginning. It’s still being sold, and false positives are being reported, despite Skills’s claims. The system has been cloned repeatedly, proving that it’s not a hard exploit, and that Skills is mostly just conning people by exploiting their fear of copybot.
– The emkdu.dll file, a driver that speeds up texture loading times similar to the llkdu.dll file, was discovered to leak information regarding any Emerald user’s window title and installation directory. (This was not original functionality in the licensed copy.) This allowed anyone that knew how to decrypt the simple encryption to view one’s installation directory, which (depending on the user’s Windows username) revealed one’s real life name. It also allowed users to determine which version of Emerald one was using, and, if it was another client based off of Emerald, what client it was (for example, Onyx).
– The Emerald devs claimed to have removed this functionality. However, they only strengthened the encryption, which was also eventually cracked to reveal that nothing had changed. The encryption was changed one more time, and has not yet been decrypted. With the dismissal of Fracture, Arabella claimed that the emkdu.dll file was replaced with the slower, open-source openjpeg library. It has not been determined whether the openjpeg library also includes similar functionality.
– Because of the entire emkdu.dll fiasco, LordGregGreg, a core Emerald dev, decided to voluntarily leave the project. He has since compiled his own viewer, Emergence, based off of the latest Emerald source code, evading any shady additions they may have put into the Emerald binaries as well. The Emerald team disparaged his position within the devs when he left and went on to defame his character, both officially and unofficially.
– Fractured decided to add 32 hidden iframes in a single pixel that loaded a little over 4.3 MB of data from that third party’s website that I mentioned before every time someone opened the Emerald viewer. In total, an estimate based on the number of hits the third party received placed the bandwidth stolen at 2.1 TB, not including the bandwidth stolen from the users (which would also total up to 2.1 TB). This code was inserted into the actual page on their website that all Emerald clients load on startup, so all stable and beta versions of Emerald were affected. This turned the entire Emerald userbase into an unknowing botnet to carry out a distributed denial of service (DDoS) attack on said third party’s server. It ultimately failed, which prompted Arabella to claim it was not a DDoS (because apparently, an attempted DDoS is not a DDoS in her eyes) and she released news articles stating such. Due to the nature of the DDoS, the server could have sent malware to the Emerald viewer if the webmaster desired, which was very possible since the Emerald devs claimed the website hosted malicious software. The Emerald devs, particularly Arabella, denounced the third party as malicious and a criminal, and refused to issue an apology for their attack. They still haven’t.
– Philip and Soft Linden begin discussing banning Emerald entirely from accessing the grid. The downside would be approximately 20% of Second Life users would be unable to connect to the grid, which may cause problems.
– Two more core Emerald devs left the team. Arabella claims to leave the team as well, however, she never officially does.
– Arabella continues posting to the Modular Systems blog, claiming it was done only by Fractured, and he was disciplined. She also starts up the story that it was only done to boast about Emerald traffic to the third party. Some Emerald users begin circulating the rumor that it was actually done to increase the third party’s website’s traffic, which is an even worse explanation. She also continues deleting comments on the Modular Systems blog that she deems as “negative”, i.e. they tell the truth. This was recorded on a YouTube video.
– Another YouTube video recording reveals that the entire Emerald dev team knew Fractured had been planning on adding the DDoS code, but did nothing to stop him until it was discovered. Arabella herself didn’t want to “scare the users”, so she made up the story about traffic.
– Yet another YouTube video recording shows Arabella debating whether or not to delete Pathfinder Linden’s comment (who is no longer a Linden due to the cuts). The comment asked some critical questions and she deemed it “negative”, but she decided to release (post) the comment and respond to it, confirming the jacked-up story she posted originally.
– Emerald is removed from the Third Party Viewer Directory. The Directory is a voluntary list of third-party viewers that conform to the TPV Policy. Emerald users (or perhaps the Emerald devs) began circulating the rumor that it was only removed to faciliate the change in ownership to Arabella, even though it was removed before that occured.
– Arabella is given ownership of the Emerald Viewer project from Fractured, who resigned from the project with a long blog post explaining how he was sorry for what had happened. Arabella continues to censor comments on this blog post as well.
– Arabella and Jessica (the project leader and support director, respectively) appear on treet.tv’s live streaming show, Tonight Live with Paisley Beebe. Nothing important is really discussed, except for how Emerald will now be in Arabella’s pseudo-control and that it is being totally restructured for transparency between devs (supposedly) and a more democratic system for code changes. The interviewer, Paisley, asks no critical questions, instead opting for “what is going on?” and “how do you feel about this?”. Jessica read from a script most of the time and started to cry near the end of the program, and Arabella seemed angry and vengeful. She continued to beg for mindless faith from her customers. The IRC server was attacked three times by an Emerald supporter, who disconnected everyone not using a standalone IRC client 3 times during the program.
So, you see, the Emerald team – not just Fractured – has quite a colorful history, and Arabella is definitely not as trustworthy as she wants you to think she is. So please, to those of you that don’t know exactly what is going on, READ THE ABOVE.
Bubblesort Triskaidekaphobia
Aug 24th, 2010
@ Jocelyn: You are wrong. Imprudence is much more stable than Emerald, and it has all of the functionality of Emerald.
Also, Modular Systems did not invent all of Emerald’s features. they were invented a long time before Emerald began. I’m not saying they shouldn’t use open source modules from other people, I’m just saying that you are giving them too much credit.
Modular Systems is full of criminals who need to be prosecuted.
Jocelyn Pawpad
Aug 24th, 2010
@ Bubblesport
Thanks for telling me I am wrong. Now allow me to return the favour.
You will note I trust my comment “it remains the most stable of all clients for ME and MY system.” Posting at ME and telling ME that I am wrong and that Imprudence is far more reliable on MY system is, I am afraid, rather arrogant and presumptuous of you, particularly given the fact that I HAVE used Imprudence and find an increased difficulty logging in to a good many sims that are script-heavy when I do. Yet these same sims (which by the way include my home sim) present far less difficulty to any of the Emerald releases I have had the good fortune to use. Additionally, I crash far less when using the latter client and while the removal of the emkdu library has forced a slower draw of the textures involved, I still must report a far more reliable experience from the Emerald client as a whole.
I am not alone in this experience, so I know it is not peculiar to my setup. Though I will not pretend offer a blanket assurance that Impudence is an inferior client in ALL cases, I do find it rather insulting to my intelligence that you would insist to know my circumstance better than I do.
I also don’t remember saying Modular Systems invented ALL of Emerald’s features and for you to say that I did is again arrogant and presumptuous. Kindly stop putting words into my mouth, kindly stop pretending more knowledge about my circumstance than you possess.
@ Nelson
No offense, but who are you and exactly what level of creedence am I supposed to give your heads up regarding the memo I never received? Head of the Fraudular Systems Group? I’m having a little difficulty keeping the smile off my face at the premise I am expected to get all up in arms over from somebody I don’t know from Adam crossposting content from a blog I’ve never visited. Content which, if truth be told, appears in more than one instance to be outrageously biased rhetoric based on circumstance and hearsay, if not outright panic mongering. I’d at least afford you the opportunity of doing me the favour of establishing why your interpretation of events should influence mine in any way shape or form. Besides having a group who’s name lampoons the OLD webhost of the Emerald Client I mean. According to the last “memo” I received at least.
For a start, I’d invite you to itemise exactly what evils are achievable from the humble IP address. Don’t start spouting a bunch of alarmist propaganda about geolocation either – you ought to know as well as I that it can *at best* only put someone in the general neighbourhood of the computer concerned. I don’t doubt there are people out there committed enough to go doorknocking in the hopes of eyeballing a particular user face to face. In my instance, there’d be at a rough guess some 150,000 doors you’d need to knock on to find me based on the amount of residences serviced by my point of presence. Good luck.
Nameless Emerald devs are trotted out as being complicit in the fiasco, yet when push comes to shove all I am offered is wild fingerpointing and conjecture about a group of people who if as dangerous as you would have us believe would have been booted off the grid by LL interests long ago and NOT afforded the blanket opportunity you appear willing to credit them with to ferret out security concerns a-la Onyx client. Where are the countless heads being offered on a platter to placate the issue? I count one so far, and he only became a casualty when his own team reportedly turned their back on him in droves.
Similarly a nameless third party who (lets face it) HACKED a database that was being privately amassed is trotted out with an incongruous agreement which (correct me if I’m wrong here) could be paraphrased as “make your database public and scrub it from your server or I’ll publish it all for you”. Call me old fashioned, but act of throwing all that information out into the public eye is by magnitude a far greater act of irresponsibility than one man amassing the information for a private database in the first place. No wonder the whistleblower remains a faceless third party. They have, to hear you tell it, taken ONE shady character’s private database and handed it to MANY shady characters. And apparently the “always fairly unbalanced” Alphaville Herald has had a hand in publicising it. Just who am I supposed to be scared of here?
Forgive me if the idea of someone laughing over IMs pales into insignificance in light of all this.
You then introduce vague threats of Phox threatening to commit a break and enter theft. Presumably this carried as much weight as any schoolyard threat to “blow up someone’s letterbox” or “get their daddy to bash up someone elses daddy”. E-freenis waving, or I am a n00b. I am left to conclude from the reported failed attempt to “harass” someone over the phone using a faked phone number that this database wasn’t anywhere near as damaging as its made out to be, not the least since these evil internet terrorists are in fact walking the earth as free men and *gasp* STILL logging into SL. Then there’s the a concerted attempt to deprive the third party HACKER of his internet connection. To hear you tell it, it was unsuccessful, despite your assurances Phox claimed otherwise.
So far, thats all I have – assurances. Many of them telling me that these “colourful figures” had all the intent, yet in the final analysis NONE of the ability, irrespective of how much data they had at their disposal. I hate to admit it, I hear the same complaints of the LAPD. Who do *you* think is the greater threat?
I can answer that in part for you by referring you to the DDoS that wasn’t. Pure panic-mongering this, since DDoS is an abbreviation of Distributed Denial of Service. And since the “service” wasn’t “denied” in this case, it cannot in the strictest sense be termed a DoS, distributed or otherwise. Then again, calling it for what it is (a spam attack) lacks that badly needed *oomph* required to incite a ruckus. DDoS sounds FAR more impressive, that I *will* admit.
Are you trying to promote a ruckus? I do believe you are. Here’s why.
The numbers you provide to support this attack when held up to scrutiny are to put it mildly “perplexing”. 4.3MB per login, okay I’m prepared to accept that number, a grand total of 2.1TB of data (which is significantly above the 800MB figure I’ve seen previously quoted, but no matter). I’ve done the math, divided the 2.1TB by the 4.3MB per login and come up with *whoah* close on half a million indivivual login attempts.
That’s roughly 14 times the TOTAL amount of users currently logged in to the grid.
Later you pull a random number of 20% of this TOTAL. That’s one in five users on the grid. What you are in a sense claiming is that this number averaged (get this) around 70 logins per capita during the failed DDoS attempt. I’m *pretty* sure the rank and file of Emerald users might have noticed this.
Now, I can effectively halve those logins for you simply by logging into an Emerald client and observing for myself how many Emerald tags I encounter. For the record, I make it around two to three in five, depending on where I happen to be meandering. That’s still an average of 35 logins for each client – still a sizeable amount of logins for each user.
You’ll forgive me if I suspect you of panic mongering. Based on your numbers and simple maths, I am presented with a scenario which defies description – close to ten thousand people simultaneously and repeatedly hammering a website at the behest of some evil DDoS orchestrating overlord… yet barely any of these bejewelled e-acolytes notices? Give me a break! As any IT professional could tell you, there exist tools FAR more effective at shunting the amounts of data claimed AND in timeframes a lot tighter than I expect you can claim here.
But let us for the moment presume we are all wrong and you are incontrovertibly right. Stranger things have happened after all. Well then, mind if I inquire as to what the source code for such an evil tool is doing in plain sight of any yahoo with a passing knowledge of html, access to proxy lists and the coinage required for a GoDaddy account? Let me guess – the readers of the Alphaville Herald are all fine upstanding citizens and would never ever contemplate such a heinous act? Pffft!
Your claims are bogus and it doesn’t take an internet whiz to see through them. The worst you can claim in this case is that a site got spammed and MAYBE there were a small handful of Emerald clients involved. That I will agree with you is an appalling state of affairs, though it falls far short of your rabid cries that Arabella is lying about there being no DDoS. There wasn’t a DDoS. No service was denied, therefore there was no Denial of Service. Quit indulging in character assassination until you have something valid to assassinate a character over, lest you be seen as the boy who cried wolf when something REALLY nasty presents itself.
Now, the emkdu.dll. It might please you to know that various Emerald users were coached on how to remove this. LordGregGreg may or may not have been one of these, I have never been privy to any attack on his integrity and I am a member of the Emerald, Emerald Lounge and Emerald Beta Users group. I only know the person who coached me on how to remove it, and this was well and truly before the questions of its leaking of installation folders became a de rigueurmortis for the masses. Sure, if it reports installation folders and there are people DUMB ENOUGH to use their real life full names as logins then maybe there is a problem. A problem which for the record might easily be resolved by more secure internet practices (like NOT using identifiable information for your computer login). Anecdotal evidence offered me some time back said that a certain high-placed purveyor of a commonly used operating system didn’t trust its security enough to conduct his own e-commerce through it. Honestly, from what I have heard over the years I am reluctant to trust ANY alleged “security” offered, though others don’t share such cautiousness and are prepared to leave such concerns to… someone else. Plenty of third party firewalls and anti-v/rus software make good trade over this market. So too does CDS.
Now, I cannot lay claim to CDS’s effectiveness, though I share a healthy skepticism at it nailing copybotters with 100% accuracy. Be that as it may, there are creators in this world who have balanced the threat of content theft against the promises made of the various software creators who claim to combat it. I’m not prepared to tell them they are wrong to do so, though if its off the back of a Quicktime exploit then I suspect its effectiveness to be limited for as long as Apple allow the exploit to go unchecked. Then again, I refuse to let any Apple software near my machine after watching the aptly named bonjour.exe say “hello” to some 4,000-plus cacheing services operated by a reputable distributed computing platform to the tune of up to 25GB a day. No doubt that hole has been plugged, as I suspect the present “hole” will be in time. though if forced to admit it I’d say this particular “hole” seems likely to be producing more of a positive effect than negative. Noone at grid management level seems prepared to bring the ban-hammer down on Skills and I haven’t seen any committed third party hacker linking us to databases either. Another furfy on your account? I don’t imagine for a single moment she would rank as a target on *your* radar if she had never laid eyes on the Emerald client and your whole “guilt by association” shtick falls flat on my ears.
Until you can categorically and emphatially provide a list of complicit individuals at the dev level AND have it confirmed by someone in a position to back you up, then your blanket allegations as to any imagined evils of the Emerald client and the perils for all who come into contact with it remains pure conjecture. I for one am unconvinced, though open to any smoking gun that blows it all wide open. I have yet to be shown anything remotely approacing this. At the time of writing, Emerald might be delisted, though it has not been outright banned. It might be argued that the net effect on the grid is something Linden Labs is not prepared to countenance and if such a discussion has already been undertaken then I will thank you to link me to it as you were so ready to link me to past Alphaville articles, not airily announce on Philip’s and Soft’s behalf that they have entered into discussions and let it go at that. One wonders why you might adopt such a clandestine approach.
I await your reply with eager anticipation.
Gaara Sandalwood
Aug 24th, 2010
Pawpad:
The fact isn’t just what has recently been done but what has been done in the past as well, along with other matters. Personally, I felt that someone that used to rip content from other people has no right owning a system that uses a system exploit to ban people(some of whom have all but lugged their computer to Skillz and showed every bit of file data on their HD in attempts to prove they have not used TPV violating clients). That’s like, theoretically, hiring a robber to solve a robbery case. How is it their actions are justifiable and yet they have the power to bring judgment to others?
As for the actions of Hazim, I honestly can’t see how you can sit there and account him for everything he ahs done while disregarding what the opposing party(the MS devs)have done.
The people execute their own members to cover their asses and make themselves look good, and when any heavy skepticism is brought up on their blogs they resort to heavy moderation to keep the shouting to a minimum.
“Your claims are bogus and it doesn’t take an internet whiz to see through them. The worst you can claim in this case is that a site got spammed and MAYBE there were a small handful of Emerald clients involved. That I will agree with you is an appalling state of affairs, though it falls far short of your rabid cries that Arabella is lying about there being no DDoS. There wasn’t a DDoS. No service was denied, therefore there was no Denial of Service.”
Regardless of that, as an IT student I can easily say that costing someone else bandwidth is not exactly peachy keen either.
“Quit indulging in character assassination until you have something valid to assassinate a character over, lest you be seen as the boy who cried wolf when something REALLY nasty presents itself.”
I’m not one to cry wolf over simple things, but the calculations were made. If you had a website and found out that you owed about 900 USD in bandwidth costs or potentially, in some theoretical fashion, owed that much, then you’d likely see a problem there.
Nelson Jenkins
Aug 24th, 2010
@ Jocelyn Pawpad
I’m gonna point out that you’re wasting your time, and that I’m not going to respond to every last word (since, frankly, I get the impression that you’re not going to believe anything I say this time around, either).
“No offense, but who are you and exactly what level of creedence am I supposed to give your heads up regarding the memo I never received? Head of the Fraudular Systems Group? I’m having a little difficulty keeping the smile off my face at the premise I am expected to get all up in arms over from somebody I don’t know from Adam crossposting content from a blog I’ve never visited. Content which, if truth be told, appears in more than one instance to be outrageously biased rhetoric based on circumstance and hearsay, if not outright panic mongering. I’d at least afford you the opportunity of doing me the favour of establishing why your interpretation of events should influence mine in any way shape or form. Besides having a group who’s name lampoons the OLD webhost of the Emerald Client I mean. According to the last “memo” I received at least.”
It’s crossposted from another post on AH. Had you done your homework, you would have noticed this. However, all you seem to be doing is trolling this single post. If you choose not to believe me, well, that’s up to you, really. Again, why anyone would trust these guys will remain an unanswerable question.
“For a start, I’d invite you to itemise exactly what evils are achievable from the humble IP address. Don’t start spouting a bunch of alarmist propaganda about geolocation either – you ought to know as well as I that it can *at best* only put someone in the general neighbourhood of the computer concerned. I don’t doubt there are people out there committed enough to go doorknocking in the hopes of eyeballing a particular user face to face. In my instance, there’d be at a rough guess some 150,000 doors you’d need to knock on to find me based on the amount of residences serviced by my point of presence. Good luck.”
You just proved my point. You can geolocate someone using an IP address. Geolocation doesn’t mean down-to-the-address specificity. Would you want people in-world knowing your hometown without your consent?
“Nameless Emerald devs are trotted out as being complicit in the fiasco, yet when push comes to shove all I am offered is wild fingerpointing and conjecture about a group of people who if as dangerous as you would have us believe would have been booted off the grid by LL interests long ago and NOT afforded the blanket opportunity you appear willing to credit them with to ferret out security concerns a-la Onyx client. Where are the countless heads being offered on a platter to placate the issue? I count one so far, and he only became a casualty when his own team reportedly turned their back on him in droves.”
God, you just don’t read, do you? I listed Phox, Fractured, Skills, Arabella, and Jessica, if not anyone else. The only person who was kicked out was Fractured, and he’s got alt accounts as lower devs anyways.
“Similarly a nameless third party who (lets face it) HACKED a database that was being privately amassed is trotted out with an incongruous agreement which (correct me if I’m wrong here) could be paraphrased as “make your database public and scrub it from your server or I’ll publish it all for you”. Call me old fashioned, but act of throwing all that information out into the public eye is by magnitude a far greater act of irresponsibility than one man amassing the information for a private database in the first place. No wonder the whistleblower remains a faceless third party. They have, to hear you tell it, taken ONE shady character’s private database and handed it to MANY shady characters. And apparently the “always fairly unbalanced” Alphaville Herald has had a hand in publicising it. Just who am I supposed to be scared of here?”
Eye for an eye makes the whole world blind. Also, it’s called grey-hat hacking. The “faceless” third-party is Hazim Gazov, but I suppose you wouldn’t have known that, because you continue to astound me with your lack of research. I think his name was actually mentioned in a recent AH post, as well. Are you telling me that we shouldn’t recover and release the documents of the old Soviet-era KGB, simply on the grounds that it was their private data?
“Forgive me if the idea of someone laughing over IMs pales into insignificance in light of all this.”
It’s called disclosure. It’s a ToS violation.
“You then introduce vague threats of Phox threatening to commit a break and enter theft. Presumably this carried as much weight as any schoolyard threat to “blow up someone’s letterbox” or “get their daddy to bash up someone elses daddy”. E-freenis waving, or I am a n00b. I am left to conclude from the reported failed attempt to “harass” someone over the phone using a faked phone number that this database wasn’t anywhere near as damaging as its made out to be, not the least since these evil internet terrorists are in fact walking the earth as free men and *gasp* STILL logging into SL. Then there’s the a concerted attempt to deprive the third party HACKER of his internet connection. To hear you tell it, it was unsuccessful, despite your assurances Phox claimed otherwise.”
Again, believe me if you want, I really couldn’t care less if you’d rather put your trust in these shady characters. It happened, and he boasted about breaking into his neighbors’ homes regularly, as well. But right, I forgot, you just want to dispute everything I say.
“So far, thats all I have – assurances. Many of them telling me that these “colourful figures” had all the intent, yet in the final analysis NONE of the ability, irrespective of how much data they had at their disposal. I hate to admit it, I hear the same complaints of the LAPD. Who do *you* think is the greater threat?”
More unwarranted skepticism.
“I can answer that in part for you by referring you to the DDoS that wasn’t. Pure panic-mongering this, since DDoS is an abbreviation of Distributed Denial of Service. And since the “service” wasn’t “denied” in this case, it cannot in the strictest sense be termed a DoS, distributed or otherwise. Then again, calling it for what it is (a spam attack) lacks that badly needed *oomph* required to incite a ruckus. DDoS sounds FAR more impressive, that I *will* admit.”
Oh, god, you’re one of these people. Is attempted murder not a crime? A DDoS refers to the attack, not the result. If you pushed a button on a website labelled “Click Me to Crash The Server!”, would you call it a DoS, simply because it denied their service?
“Are you trying to promote a ruckus? I do believe you are. Here’s why.”
Go on.
“The numbers you provide to support this attack when held up to scrutiny are to put it mildly “perplexing”. 4.3MB per login, okay I’m prepared to accept that number, a grand total of 2.1TB of data (which is significantly above the 800MB figure I’ve seen previously quoted, but no matter). I’ve done the math, divided the 2.1TB by the 4.3MB per login and come up with *whoah* close on half a million indivivual login attempts.”
Not sure why you think that’s a bad thing. People crash often. And I’ve seen 700 GB thrown around, but it didn’t have any evidence to back it up. 800 MB is way, way too low. More than 200 logins occurred. Think, McFly, think!
“That’s roughly 14 times the TOTAL amount of users currently logged in to the grid.”
And? It’s not like this attack occured over the course of a single day.
“Later you pull a random number of 20% of this TOTAL. That’s one in five users on the grid. What you are in a sense claiming is that this number averaged (get this) around 70 logins per capita during the failed DDoS attempt. I’m *pretty* sure the rank and file of Emerald users might have noticed this.”
Downloading 4.3 MB doesn’t leave a sizeable impact on your computer. Arabella claimed it was as high as 35%, but I decided to cite the most-common estimate of 20%. Oh, that’s right, I forgot, you’re just disputing every single point I’ve made without any claims to back it up.
“Now, I can effectively halve those logins for you simply by logging into an Emerald client and observing for myself how many Emerald tags I encounter. For the record, I make it around two to three in five, depending on where I happen to be meandering. That’s still an average of 35 logins for each client – still a sizeable amount of logins for each user.”
Oh, I see where you’re going here. You’re just going to base that number solely on your own private study, most likely in sims where noobs with Viewer 2 don’t hang out. And again, this didn’t occur over the course of a day or two.
“You’ll forgive me if I suspect you of panic mongering. Based on your numbers and simple maths, I am presented with a scenario which defies description – close to ten thousand people simultaneously and repeatedly hammering a website at the behest of some evil DDoS orchestrating overlord… yet barely any of these bejewelled e-acolytes notices? Give me a break! As any IT professional could tell you, there exist tools FAR more effective at shunting the amounts of data claimed AND in timeframes a lot tighter than I expect you can claim here.”
No, I won’t. You’re just disputing everything solely to discredit my proposition so you can feel safe when you load up Emerald. But hey, I don’t really care. In any case, I never cited a timeframe, so I’m not sure where you keep pulling that one out of. (Ah yes, your ass, where most of your information seems to come.)
“But let us for the moment presume we are all wrong and you are incontrovertibly right. Stranger things have happened after all. Well then, mind if I inquire as to what the source code for such an evil tool is doing in plain sight of any yahoo with a passing knowledge of html, access to proxy lists and the coinage required for a GoDaddy account? Let me guess – the readers of the Alphaville Herald are all fine upstanding citizens and would never ever contemplate such a heinous act? Pffft!”
What source code? Most Emerald users use binaries, for one, which don’t necessarily mean that the source code is what’s being used. Second, the emkdu.dll file is encrypted for a reason (hint – it’s PROPRIETARY). And if you’re talking about the Emerald login page, the overwhelming majority of users don’t check the source code for it on the MS website. Unless you’re talking about something else that you failed to mention.
“Your claims are bogus and it doesn’t take an internet whiz to see through them. The worst you can claim in this case is that a site got spammed and MAYBE there were a small handful of Emerald clients involved. That I will agree with you is an appalling state of affairs, though it falls far short of your rabid cries that Arabella is lying about there being no DDoS. There wasn’t a DDoS. No service was denied, therefore there was no Denial of Service. Quit indulging in character assassination until you have something valid to assassinate a character over, lest you be seen as the boy who cried wolf when something REALLY nasty presents itself.”
What the hell? Did you not read that massive list of things I posted? They hacked someone’s SL account and threatened them, used exploits to obtain your computer’s data (IP, MAC, check your filesystem, etc.) and stored it on an insecure server, allowed anyone to read your install path and viewer’s title bar, lied about it and claimed said functionality removed, did it again, “removed” it again, then removed it for good a third time (supposedly) just recently, then began using ALL Emerald clients – which I explained, but you apparently don’t understand, because you claim only a “handful” were affected – to [attempt to] DDoS Hazim’s website without provocation. Then, when they were caught, they lied about it again and instructed their users to spread rumors around, then faked a restructure and booted the bad egg (even though he’s still in as a lower dev using an alt) and bitched at LL for removing their TPV policy compliancy status. How is that just totally ignorable? Oh, right… I keep forgetting, sorry.
“Now, the emkdu.dll. It might please you to know that various Emerald users were coached on how to remove this. LordGregGreg may or may not have been one of these, I have never been privy to any attack on his integrity and I am a member of the Emerald, Emerald Lounge and Emerald Beta Users group. I only know the person who coached me on how to remove it, and this was well and truly before the questions of its leaking of installation folders became a de rigueurmortis for the masses. Sure, if it reports installation folders and there are people DUMB ENOUGH to use their real life full names as logins then maybe there is a problem. A problem which for the record might easily be resolved by more secure internet practices (like NOT using identifiable information for your computer login). Anecdotal evidence offered me some time back said that a certain high-placed purveyor of a commonly used operating system didn’t trust its security enough to conduct his own e-commerce through it. Honestly, from what I have heard over the years I am reluctant to trust ANY alleged “security” offered, though others don’t share such cautiousness and are prepared to leave such concerns to… someone else. Plenty of third party firewalls and anti-v/rus software make good trade over this market. So too does CDS.”
Yes, some users were coached on how to remove it after the fact got out that it was broadcasting your private data. Closing the gate after the sheep have left. Also, some users (particularly as members of educational organizations) are REQUIRED to make their username their actual, full name. I was required to do so all through middle school, high school, and college.
“Now, I cannot lay claim to CDS’s effectiveness, though I share a healthy skepticism at it nailing copybotters with 100% accuracy. Be that as it may, there are creators in this world who have balanced the threat of content theft against the promises made of the various software creators who claim to combat it. I’m not prepared to tell them they are wrong to do so, though if its off the back of a Quicktime exploit then I suspect its effectiveness to be limited for as long as Apple allow the exploit to go unchecked. Then again, I refuse to let any Apple software near my machine after watching the aptly named bonjour.exe say “hello” to some 4,000-plus cacheing services operated by a reputable distributed computing platform to the tune of up to 25GB a day. No doubt that hole has been plugged, as I suspect the present “hole” will be in time. though if forced to admit it I’d say this particular “hole” seems likely to be producing more of a positive effect than negative. Noone at grid management level seems prepared to bring the ban-hammer down on Skills and I haven’t seen any committed third party hacker linking us to databases either. Another furfy on your account? I don’t imagine for a single moment she would rank as a target on *your* radar if she had never laid eyes on the Emerald client and your whole “guilt by association” shtick falls flat on my ears.”
She’s part of the Emerald team. Do your research. And I’m pretty sure CDS doesn’t work against experienced copybotters… there have been stories of workarounds up the ass. It’s certainly not 80% accurate as Skills guarantees, but unfortunately there’s no way to know what the real accuracy rate is.
“Until you can categorically and emphatially provide a list of complicit individuals at the dev level AND have it confirmed by someone in a position to back you up, then your blanket allegations as to any imagined evils of the Emerald client and the perils for all who come into contact with it remains pure conjecture. I for one am unconvinced, though open to any smoking gun that blows it all wide open. I have yet to be shown anything remotely approacing this. At the time of writing, Emerald might be delisted, though it has not been outright banned. It might be argued that the net effect on the grid is something Linden Labs is not prepared to countenance and if such a discussion has already been undertaken then I will thank you to link me to it as you were so ready to link me to past Alphaville articles, not airily announce on Philip’s and Soft’s behalf that they have entered into discussions and let it go at that. One wonders why you might adopt such a clandestine approach.”
Do the research yourself. Nothing I say can prove anything to you, apparently, because you have not believed a single point I have made so far. Emerald WAS delisted (quite some time ago, in fact, which I stated, as did even the Emerald team themselves). Also, if you had checked the opensource-dev mailing list, you would have seen said discussions. Which would have been a result of – oh yeah, more research on your behalf.
“I await your reply with eager anticipation.”
I don’t. I’m done with trying to prove anything to you; you’re welcome to stay an Emerald fangirl for as long as you like.
Nelson Jenkins
Aug 24th, 2010
@ Jocelyn Pawpad
Also, if you continue to refuse to believe me, perhaps Philip’s blog post will shed some light on the subject:
http://blogs.secondlife.com/community/features/blog/2010/08/24/malicious-viewers-and-our-third-party-viewer-policy
We
Aug 24th, 2010
@Jocelyn Pawpad
“I am not alone in this experience, so I know it is not peculiar to my setup. Though I will not pretend offer a blanket assurance that Impudence is an inferior client in ALL cases, I do find it rather insulting to my intelligence that you would insist to know my circumstance better than I do.”
You’re the first person I’ve heard of to come to this conclusion however (which you can take as you will), generally due to the sloppy coding of the Emerald team and the haphazard adding of features, the Emerald client is unstable and full of memory leaks. This is confirmed by their own forums. So far since this whole fiasco I’ve seen many people switch from Emerald to Imprudence, and just about every one of them commented on how much faster and more stable it ran. But if you WANT to believe Emerald is better, I suppose you’ll see evidence for it.
Even so, if you really want to stick with Emerald, there’s a fork made called Emergence, which is literally exactly Emerald split off by LordGreggreg (one of the devs who left in disgust of what the rest of the team was doing), which has all the features but none of the creepy stuff they had done, as well as, obviously, none of the current Emerald team in direct control of it.
“Content which, if truth be told, appears in more than one instance to be outrageously biased rhetoric based on circumstance and hearsay, if not outright panic mongering.”
“The truth of the matter is that Fractured has been dragged up for public ridicule using screencaps of “evidence” I have no way of establishing the veracity of independently”
Considering you seem to question whether there was a DDoS attack at all, or if someone with evidently a lot of free time just doctored up a bunch of screenshots, I have to imagine that you simply don’t want to believe any of this is true, and will therefore question any conclusion despite the evidence. I’m actually surprised this is still in doubt at all. For about 3 weeks after the DDoS, the code showing it was still on the google cache (it’s what the screencaps are of), and I believe Bing might still have it cached right now. Not to mention that Fractured and Arabella admitted to it in their own coy way.
The fact that you’re trying to cast doubt on whether this evidence is falsified or if there even was a DDoS at all when it’s been proven repeatedly is highly suspicious.
“For a start, I’d invite you to itemise exactly what evils are achievable from the humble IP address. Don’t start spouting a bunch of alarmist propaganda about geolocation either”
“Call me old fashioned, but act of throwing all that information out into the public eye is by magnitude a far greater act of irresponsibility than one man amassing the information for a private database in the first place.”
Interesting. First you downplay the danger of a IP Datamine with “what harm could an IP do!”. But then, when the so called benign datamine is hacked and exposed for purposes of outing the Emerald team, it’s suddenly a magnitude of irresponsibility? What changed to make the data that was collected and exposed from benign IPs to irresponsible to let into the wild? Which is it? Is collecting IPs benign or malicious, or is this trait decided entirely depending on whether or not it’s Emerald that’s collecting them?
I’ll answer it for you: IPs on their own are fine, there’s not a lot that you can do with them, and you toss yours everywhere whenever you visit a site. You can’t tell about a person from an IP alone besides a vague area of where they live. In a rural area you can almost pinpoint it to a house, in an urban one you’d have almost the entire city eligible. However, they weren’t just collecting IPs, they were collecting IPs and attaching Second Life account names to them. With that, they could use it to figure out alt accounts and general location. Both Fractured and Ph0x were particularly fond of threatening people by claiming they knew where they lived due to this.
“And since the “service” wasn’t “denied” in this case, it cannot in the strictest sense be termed a DoS, distributed or otherwise. ”
As PathFinder so eloquently put it: So if I stick a gun to a bank teller’s head and demand money, but don’t actually get any. I suppose it wouldn’t be considered a bank robbery?
I don’t see the fact that this or any other attempt failed as making things any better. It shows they have the intent, commitment, and attitude to do malicious things without considering the consequences to themselves or their user base (that’s you) in all this. The fact that you’re trying to tack on that they’re incompetent as well doesn’t make them saints. It just makes them incompetent douchebags. Had the victim of the attack been on a metered plan, he would have been required to pay hundreds if not thousands of dollars in bandwidth overage fees due to the extra server load from the DDoS, whether or not the servers went down at all.
“That’s roughly 14 times the TOTAL amount of users currently logged in to the grid.”
These are not unique login attempts either. During the DDoS attack, every time you opened up the viewer (you didn’t even have to log in, but simply opening the viewer and loading the login page), downloaded another load of the data from the victim’s website. This means that everytime someone crashed, everytime someone just opened up the viewer, etc. Considering Emerald’s unstability, someone might be loading that login page a dozen or more times in a day.
“As any IT professional could tell you, there exist tools FAR more effective at shunting the amounts of data claimed AND in timeframes a lot tighter than I expect you can claim here.”
Again, you aren’t nullifying their intent with this statement, you’re just tacking on incompetence to their charges. It makes you wonder why you would want to use a viewer created by people who are provably malicious, childish (sometimes quite literally), criminal, and now with the point you’ve so thoroughly proved: completely incompetent.
“Sure, if it reports installation folders and there are people DUMB ENOUGH to use their real life full names as logins then maybe there is a problem. A problem which for the record might easily be resolved by more secure internet practices (like NOT using identifiable information for your computer login)”
Also, not using provably malicious third party software like Emerald.
Here’s another choice bit that Nelson missed as well.
Fractured Crystal was asked by Darling Brody to steal the source of one of her competitors products, she not only intended to just steal it, but also to accuse the other person of content theft of her own product. Fractured, being the unscrupulous person he is, heartily agreed and succeeded in obtaining the source code, sending it to Darling with this message:
“Email would have been preferable for all those IMs about source you don’t legally possess, especially since your planning to accuse Ariu of content theft. I hope you didn’t load those up in your inventory.”
doc
Aug 24th, 2010
@Jocelyn Pawpad
That was a prokofotastic long post.. I will try to answer it shot..
First, imprudence is a nice alternative to emerald, for people that are searching for an alternative. Some functions are a bit hidden, but it contains everything that SL-Ken-and-Barbie needs.
If you dont like it, its ok.
Then the IP thing:
You and Nelson still dont get it right.
The dataminer was there to detect ALTs.
I see your ip, i see your alts ip, i see they use the same. i know who your alt is. its so simple.
The geoip was probably just there to scare kiddies off. …like: I KNOW WHERE YOU LIVE KID!!
Database blabla:
The database wasnt given out and wasnt ever ment to be given out. If it would have, i would have a copy of it.
Evil people are not evil blabla:
You can ignore it, you can believe averything is just made up info (you know that would be a lot of work right?)… or not, or you can do bit research.
ddos blablabla:
Its amusing how you care about the numbers (which are quite wrong) and the definition of a ddos. But you totaly ignore, that your system was abused by a young adult, just because he was bored.
Transfering the installation directory isnt bad, the people are to dumb blabla:
Well, people would first have to expect that this could happen.
And the common SL user isnt a paranoid nerd, specially not the common emerald user.
Hmmm. i think i will have to speak to the computer guys in our company, and tell them, that they are FUKKIN IDIOTS to use my RL name for my user account.
CDS is basicly Apples fault.
You can trust me if i say, cds if effectless against copybotters, because every “bad guy” in SL knows how to get arround it.
The only nice thing is that skills now has bannrights on hundreds of sims.
Which she likes to use on people that tell those EVIL LIES about her and her friends.
Apple cant really do anything against it, its just some information that the viewer passes to the “mediaserver” …in this case ownerd by skills.
@ topic.
In my opinion it doesnt really matter if jcool left emerald or not, as long as the other well known persons and their TOTALY MADE UP HISTORY are in it.
They didnt apologize until they had no other way to deny it. Spinelss in my eyes.
Irregardless their history, theres a easy way to check their reliability,
try to tell them a critical opinion.
You post it on their blog: it gets removed.
You post it in the groupchat: they remove your writing rights.
You post it on emerald point: they kick you.
And if you are one of the lucky guys, you get CDS banned at the end.
Thats not the behavior of adult, reliable persons.
Thats something that dumb children, prokofy and some dictators do.
There would have to change a lot more in the emerald team to make it trustworthy.
Gaara Sandalwood
Aug 24th, 2010
“I am not alone in this experience, so I know it is not peculiar to my setup. Though I will not pretend offer a blanket assurance that Impudence is an inferior client in ALL cases, I do find it rather insulting to my intelligence that you would insist to know my circumstance better than I do.”
I like this part. I could just as easily counter:
Emerald’s speed was probably around as good for me, if not just barely on par with, the original SL 1.23 Viewer.
See? Simple.
I could easily
Anatomy of a scandal « Second Life Shrink
Aug 24th, 2010
[...] angles to allow people to use the story as a hook for their characteristic preoccupations; thus Pixeleen was able to reprise her Woodward & Bernstein act, and Prok could roll out another semi-coherent rant about… well, I’m not sure to be [...]