Emerald Flack Arabella Steadham: “I Don’t Lie”
by Pixeleen Mistral on 21/08/10 at 8:05 pm
Protip: killing reporters makes you look bad
On my first visit to Emerald Point Friday night, I was killed by an unknown assailant within a minute of sitting down with the Emerald developers. I had dropped by hoping for comments from Emerald gang spokeswoman Arabella Steadham, and was pleased to see also in attendance several of the controversial developers – part of a group that many believe are distributing a malware-infested Second Life viewer.
Death is a routine part of reporting on the metaverse, so after I suddenly died and was returned to my home sim, I introducing myself again to Arabella via IM, and gingerly returned to the sim a few minutes later.
During the second visit, Arabella assured me that Emerald users are unlikely to be concerned by allegation that the client has been used for an attempted DDOS attack on an enemy web site — because she does not lie. Arabella’s claim seemed a bit broad – and Urizenus is never around when I need help with parsing these sorts of statements – so I filed this for later research.
Sadly, our 3 minute conversation ended abruptly when I was killed, so I suggested Arabella calm the excitable players for a few minutes. On my return I received assurances I would not be bounced from the sim again. On this visit, I learned that the Emerald gang does not consider silently turning their users’ computers into botnet for mass downloads from a target web site to be a denial of service attack – because the web site did not crash. This was good to know, but raised further questions.
What would their position have been if Hazim Gazov’s iheartanime.com site had been taken offline – or run up a huge bill? We are unlikely to ever know, because mentioning many web sites pay for fixed amounts of bandwidth seemed to touch a nerve, and I was killed for the third time. Whatever weapon the Emerald gang was using on me did not leave a trace, so it was difficult to know who was playing reporter-killer last night. This was convenient – whenever hard questions came up, I went missing and there was nobody specific to blame.
Could this lack of accountability be a common theme within the Emerald group – and the cause of some of their recent problems? If so, it will be interesting to see how long former Lab staffers Data Linden and Qarl Linden will last in the Emerald gang. On the other hand, Linden Lab’s lack of accountability for destructive actions has been a constant theme for my entire Second Life, so the ex-Lab staff may feel right at home.
the start of a 3 minute conversation which ends with a killing
Pixeleen Mistral: I’m sure you are busy
Pixeleen Mistral: but perhaps we ccan talk?
Arabella Steadham: not awfully flat out
Arabella Steadham: whats up
Pixeleen Mistral: well I was wondering about the shenanigans post you had
Pixeleen Mistral: what led up to that?
Arabella Steadham: as you can see by the blog post, it is a general apology to our users
Arabella Steadham: theres really not a lot more to be said
Pixeleen Mistral: Arabella – do you think they will believe it?
Arabella Steadham: I don’t lie
Pixeleen Mistral: I wonder if I can believe that statement
Arabella Steadham: well that is your choice
Pixeleen Mistral: so color me skeptical
Arabella Steadham: I’m sure there are many more salacious things you would prefer to believe
Arabella Steadham: or post
Jessica Lyon: it is a genuine apology, we hope people will see it as what it is.
At this point I am killed again, and find myself back at my home sim. Perhaps we can discuss this in person – if she can get those crazy kids to put the guns away for a few minutes – so we talk via IM:
Pixeleen Mistral: you know – you guys can keep killing me and I’ll report that
Pixeleen Mistral: or you can talk - its totally up to you
Pixeleen Mistral: maybe you want to calm those guys down
Pixeleen Mistral: I am up for about one more killing
Pixeleen Mistral: so I’ll give you a few minutes to get your boys to chill
Pixeleen Mistral: protip: killing reporters makes you look bad
Arabella Steadham: I don’t know who did that
Pixeleen Mistral: probably someone who has something to hide
Pixeleen Mistral: get those guys to chill out. I’ll be back in 5
If Arabella’s apology to the Emerald users is to be credible, she should be able to exercise at least some minimal control over the Emerald developers. Unfortunately, I soon learn that Arabella can’t get them to stop killing me – can really believe the her when she assures Emerald users that all is well?
Time passes and I return again to Emerald Point. Jessica Lyon assures me that I’ll be safe – and I am, right up until I ask if burning through another site’s bandwidth is fair play in the Second Life third party viewer wars.
Pixeleen Mistral: ok, let’s try one more time
Arabella Steadham: there’s really not a lot more to say
Jessica Lyon: Not sure who ejected you, but it won’t happen again today.
Jessica Lyon: How can we help you
Pixeleen Mistral: well, I have some questions. I write for the Alphaville Herald
Pixeleen Mistral: perhaps you have heard of it
Jessica Lyon: yes, we know
Pixeleen Mistral: from what I gather Hazim Gazov’s iheartanime web sites was DDOSed by the Emerald login page
Arabella Steadham: that is incorrect
Pixeleen Mistral: ok, so what happened?
Arabella Steadham: you can read the correct interpretation on the MS blog
Pixeleen Mistral: I read that – but it confused me
Arabella Steadham: thats a pity
Arabella Steadham: It was quite clear to many of our users
Pixeleen Mistral: can you help me understand how putting 32 hidden iframes in your login page which render to a 1 x 1 pixel square is all in good fun?
Pixeleen Mistral: because its a little hard to believe that this was an accidental goof
Pixeleen Mistral: but maybe I am confused
Arabella Steadham: I think your information is incorrect
Pixeleen Mistral: well I did look at the google cache for the page
Pixeleen Mistral: and I did see the iframes at the bottom that all point to iheartanime.com
Pixeleen Mistral: what is incorrect in that?
Arabella Steadham: then you have no need to ask me about it
Arabella Steadham: if you already feel you know everything
Arabella Steadham: I’m sorry I can’t really tell you a lot more Pixeleen
Pixeleen Mistral: I am asking you because I want to know what you think
Arabella Steadham: theres not a lot more to tell
Arabella Steadham: I think I have written an apology to our users, which I felt more important than anything else
Pixeleen Mistral: really?
Skills and Phox chill out – and reload
Jessica Lyon: I think what she is trying to say Pixeleen is that regardless of what she tells you, you will inevitably twist it in such a way as to generate the most controversial angle possible
Pixeleen Mistral: what about the owner of the iheartanime.com web site?
Pixeleen Mistral: does he get an apology too?
Arabella Steadham: what about him
Jessica Lyon: We made a public apology to our users, it is a genuine apology. We hope our users will take it as what it is.
Arabella Steadham: My concern is our users
Arabella Steadham: as I have said
Arabella Steadham: my concern is not for creators of malicious viewers
Pixeleen Mistral: but the web site that you ran the DDOS against – that is not your concern?
Arabella Steadham: there was no DDoS
Arabella Steadham: you know this
Pixeleen Mistral: true – it failed
Arabella Steadham: there was no DDoS
Arabella Steadham: bottom line
Jessica Lyon: the iheartanime website suffered no down time as far as I am aware.
Jessica Lyon: surely, you must realise if a ddos attempt was truly made.. there would have been downtime right?
Arabella Steadham: excuse me one moment please, I will be back in 2 minutes
Pixeleen Mistral: so its OK for other sites to do the same thing to modular systems?
Arabella Steadham: (door)
Pixeleen Mistral waits
Tyken Hightower: Back!
Tyken Hightower: Oh god, Pixeleen is here?
Tyken Hightower: Why?
Jessica Lyon: There was no damage done. The website in question suffered no downtime or lag. Thus if someone wanted to do the same to our website providing it was done the same way, there would be no difference?
Pixeleen Mistral: I have heard that some websites pay based on bandwidth consumed
At this point I am killed again, so the interviews will have to conclude via IM from a safe distance.
Fractured Crystal is missing – was he grounded for DDOSing?
Jessica Lyon: did you get ejected?
Pixeleen Mistral: why do you keep killing reporters?
Jessica Lyon: I did not, I’m asking if you were ejected.
Jessica Lyon: and by whom.
Pixeleen Mistral: this is the third time and that is my limit
Pixeleen Mistral: no way I can say this is an accident
Pixeleen Mistral: [17:57] Jessica Lyon: There was no damage done. The website in question suffered no downtime or lag. Thus if someone wanted to do the same to our website providing it was done the same way, there would be no difference?
[17:58] Pixeleen Mistral: I have heard that some websites pay based on bandwidth consumed
Pixeleen Mistral: what is your response to my question?
Pixeleen Mistral: besides killing me again
Jessica Lyon: the answer was, perhaps some do. However iheartanime does not afaik.
Pixeleen Mistral: thank you
Pixeleen Mistral: ok Arabella your guys killed me again
Arabella Steadham: I was away when you disappeared so I do not know. As it is, I feel everything has been said
Pixeleen Mistral: thank you for your time and I wish you luck in your future endeavors
Gaara Sandalwood
Aug 25th, 2010
Oh, in case anyone wants to reply, to get into specifics: I tested a few third party viewers and the SL 1.23 Viewer(TPV consisting primarily of Emerald, Kirsten, and Imprudence).
So far the ones I’ve had the least problems with were Imprudence and SL 1.23(I don’t think my setup/specs supports Kirsten particularly well, so that actually worked the least well for me), but Emerald in particular caused me a lot of trouble. I decided to re-install the latest version and for the first two days of testing it I got lots of green spam and my surroundings actually loaded slower than on viewer 1.23, and after those two days it seemed a tad better but still just on par with 1.23.
It may vary from person to person, but it’s useless to me as a viewer atm due to the questionable functionality and performance(it’s again uninstalled and I afterward did a couple scans and such to make sure nothing malicious was remaining), but basically the most recent release of Emerald actually seems to have worse performance than the older versions, possibly due to the suspected added code and such that is hidden form the public.
Bubblesort Triskaidekaphobia
Aug 25th, 2010
It would be interesting to see some benchmarks on something like what Gaara is talking about. I mean, my personal experience matches Gaara’s, so I don’t doubt her, I just think it would be interesting to see some serious benchmarking.
Madeline Blackbart
Aug 25th, 2010
Wow Arabella sounds like an arrogant JERK. And it seems like this reporter didn’t do much to make her seem that way either. Just this response
Arabella Steadham: you can read the correct interpretation on the MS blog
Pixeleen Mistral: I read that – but it confused me
Arabella Steadham: thats a pity
Arabella Steadham: It was quite clear to many of our users
Because explaining it to a reporter for cleaity to there readers (which you might WANT) is what? to much? Then the little Clone constantly saying the apology it’s in the apology does not help there case and only serves to make them look even more immature.
To be fair Pixleen reported this with all the skill and whining of a High school student. Wah wah you killed me! It’s a damage enabled zone dear it’s gonna happen deal. Technically you don’t NEED to be face to face anyway. and threatening to post the drama in your report and then doing it is sorta immature to. Post the facts not the drama. If your gonna play reporter do it right!
That said when I first starting using Emerald (the week before this whole thing. Have good timing :p) I did really like it. I used the beta which has all 2.1 features plus working search with less ram used (which is big for me since I have on gig of ram) buuut apperantly with this add immature maliciousness from them I geuss I’ll be going back to 2.0. Part of the reason I was weary of them to began with is because of negative reports I’ve heard and now this.. Well…
Kiddoh
Aug 25th, 2010
Madeline: I’ll have you know from the experience of an estate manager that a parcel won’t tell it’s residents when certain parcel options are changed. The only people who would know if the parcel changed to damage enabled would be the people who enabled the damage. There’s no way of knowing otherwise unless you are also the owner of that land or a mod of or by re-entering the parcel.
We
Aug 25th, 2010
@Madeline Blackbart
“Wah wah you killed me! It’s a damage enabled zone dear it’s gonna happen deal.”
There’s a lot of confusion about this. Look at the pictures, she includes the UI. You’ll notice that the land ISN’T damage enabled. Meaning that someone was either clicking it on, killing her, and then clicking it off, or she was using “killed” when she meant ejected. Either way, it wasn’t her going into damage enabled land and being surprised when she gets killed.
Also, getting ejected or shot in non-damage enabled land IS a fact, and worthy of reporting since it’s a very non-professional response from a group that really needs some good PR.
Jocelyn Pawpad
Aug 26th, 2010
Jocelyn Pawpad
Aug 26th, 2010
Whoah, dogpile. Well, if you dont like the heights, don’t climb the mountains.
*Gaara
- “The fact isn’t just what has recently been done but what has been done in the past as well, along with other matters. Personally, I felt that someone that used to rip content from other people has no right owning a system that uses a system exploit to ban people(some of whom have all but lugged their computer to Skillz and showed every bit of file data on their HD in attempts to prove they have not used TPV violating clients). That’s like, theoretically, hiring a robber to solve a robbery case. How is it their actions are justifiable and yet they have the power to bring judgment to others?”
Who is justifying? This may come as a shock to you, but I believe I stated emphatically in my last post what my position was. I don’t believe any automated software system can be 100% accurate, others do and are prepared to shell out Linden for the assurance.
I am still waiting to see why the Gemini CDS is being offered up as evidence of involvement, either in the EMKDU, the login screen or the Onyx project.
- As for the actions of Hazim, I honestly can’t see how you can sit there and account him for everything he ahs done while disregarding what the opposing party(the MS devs)have done.
Can’t you? That makes two of us. Not that I think I’ve disregarded a great deal. Is Fractured carrying the can for what he has done and the other Emerald devs moving on not a matter for discussion? Or is that fact too inconvenient for the tenuous and shadowy associations merchants who would assure me Emerald works hand in glove with everything? What of the spam attack? It would seem the ONLY person prepared to credit that here is me; everyone else jawing on appears (correct me if I’m wrong) to want to call it a DDoS. Some are even prepared to outright call other people liars for it (I’ll deal with *them* later).
Disregard requires the willingness to look the other way and is in fact the root of double standards and hypocrisy. Am I supposed to wildly point the finger at one subset of wrong and completely ignore the other subset that gave it a chance to distinguish itself? Fractured contrived to funnel data at another person’s site. It appears that the reason WHY he selected that site is because the owner of it hacked his first. Correct me if I am wrong, but isn’t hacking websites a felony? Doesn’t it fall under the same class of crime as say, spamming a website?
In the end, its all e-Freenis waving. Two boys behaving badly. One of whom admitted his fault and stepped down. And for much of the surrounding circus this simply isn’t good enough and so they start hunting for the next sacrifice.
- “The people execute their own members to cover their asses and make themselves look good, and when any heavy skepticism is brought up on their blogs they resort to heavy moderation to keep the shouting to a minimum.”
Yeah well no offence but I’ve seen some of the non-arguments that get presented HERE. And since no blog owner that I know of is under any obligation whatsoever to its readerbase, it becomes a case of “you pays your money, you takes your chances.”
Executing their own members – not sure what you mean here. Care to elaborate? Because the only head I’ve seen roll of late was that of Fractured and he fell on his own sword. A tilt of a hat if I may to your earlier insistance that I “disregard everything the Emerald Team has ever done” – Fractured for all his faults and failings was a competent programmer and as such an asset to the development of the viewer. In the end he demonstrated a strength of character is accepting responsibility for a specific couple of unpopular and controversial actions and stepped down. In doing so, he demonstrated a strength of character I find sorely lacking in a good many people today. He will be missed.
Sure, saying this is going to get a whole bunch of people screaming about the negative aspects of his involvement. Before any of them get going, I will take this opportunity to remind you of your earlier comments about disregard and suggest you answer for *yourself* where such disregard lies.
To answer the rest of your comment here would see me repeating myself. Given the length this post is expected to blow out to, you’ll understand if I decline a rehash on the topic of spamming, hacking and the e-Freenises of highly spirited individuals behaving badly.
I will however congratulate you on your good fortune with viewer 1.x and even admit a small amount of envy regarding same. Would that 1.x worked as well for me. I could add in a Mystitool, my ANA_Mations, Marine Kelley’s RLV and Crystal Gallacia’s extra attachment plugins. Assuming it still worked of course, she withdrew it out of concerns the advent of 2.0 broke it.
Or I could stick with Emerald and have all that functionality and more, no questions asked. Okay, I lose the third attachment point layer doing so, but at least it doesn’t render me a tar baby. Sometimes you just gotta make concessions I’ve found, the world is an imperfect place.
And speaking of imperfection…
*NELSON
- “I’m gonna point out that you’re wasting your time, and that I’m not going to respond to every last word (since, frankly, I get the impression that you’re not going to believe anything I say this time around, either).”
Well thanks ever so much for the heads up before we get started. I guess its lucky for both of us my time is mine to waste. Too bad you’re heading into it with such an obvious negative attitude towards the effectiveness of your arguments, but I’m prepared to work with that.
So you crossposted your previous effort from another post here. Well and good. No, I didn’t read it before then and I’m so glad you saught to wave it in front of my face, even if all it did was give you an excuse to go on another round of Emerald dev bashing. My sincerest condolences for your loss of Modular Systems from the equation, I can’t begin to imagine how much it must irk a grand poobah of LLC Fraudular Systems to learn that his cunningly elaborate lampoon of the name is suddenly no longer relevant. Maybe you might start a new group to cater to these changing times. Might I suggest “The Green Bug-Eyed Monster” as a more appropriate group title?
Of course I expect a level of antipathy. You’re obviously far more invested in this crusade than I am, though the “why” is a little difficult to discern at first glance. I don’t think its too much to expect a coherent argument to support your claims. Furthermore, I suggest the real reason why YOU are convinced I won’t believe anything you say is because that is in effect your attitude. You of course are absolutely right and anyone who disagrees with you is wrong, no matter what evidence is presented to refute your arguments. Is that an accurate assessment of your approach?
- “It’s crossposted from another post on AH. Had you done your homework, you would have noticed this.”
Ahh, how gracious of you to “do my homework” for me. So nice of you to look out for for those of us invested with our first and second lives and all. I’ll be the first to admit that wading through the rabidly frothing comment fields of eighty zillion blogs is not something I afford the requisite time for. Certainly nowhere near your level. And with the mixed messages I am getting from Phil’s latest email I am wondering if the decision has not indeed already been made. Doubtless that will put a massive ding in my plans for the wedding this weekend if the hammer comes down, though even in these troubled times I can still find time to share a thought for you. Tell me Grand Fraudulent Poobah, to what will you target the focus of your hatred on when Emerald is gone?
- “If you choose not to believe me, well, that’s up to you, really. Again, why anyone would trust these guys will remain an unanswerable question.”
Then I had better answer it for you, shouldn’t I? Perhaps a little more bluntly than the last time I answered it, since you obviously missed it. For my part, I have been given no clear and compelling reason NOT to trust the Emerald team in its entirety. Spurious allegations of multiple devs involvement in a project devloped by Modular Systems and overseen by Linden Labs (Onyx) is not a compelling reason in my books. I’ve invited you to supply a list of the devs in question, presumably the information is something you aren’t privy to any more than I am. Given that it applies to a project that made regular reports to Linden Labs, I have to figure they DO know who is involved and for all I know the project is underway even as we speak AND with Linden Labs blessing. Or perhaps not. I don’t hear a lot of noise from that quarter, though I *am* hearing a lot of noise from you and have therefore invited you to state your case. If it is genuine and well founded, then it will stand up to scrutiny. Whether I believe it or not won’t make a lick of difference to the grid, though in either case I’ll have at least satisfied my own moral compass in the attempt to either promote your argument, utterly destroy it, or any of the juicy-poosey middle ground in between. Considering that my experience with the Em Dev team and its associates has been on the whole positive, they are already ahead of you on points.
So much for why anyone might “trust” the entity known as “The Emerald Devs”. What of the individuals? I’ve waded through the four character assassinations you’ve so thoughtfully provided me with and while you might find it necessary to make snide remarks about my ability to read, the truth of the matter is I’ve read it a damned sight closer than I think even YOU have. So you have a problem with people grandstanding over events that never happened (like breakins and getting people booted from their ISP’s). Big whoop, I can say the same of you when you scream about denial of services that never took place and start calling people liars. You don’t like Gemini CDS. So what? How does one person’s in world business link them to the Onyx project? Fractured contrives under his own recognisance to spam the site of a person who hacked his and concoct a meta data harvest which has the potential to harvest real life names of imbeciles who’ve employed them as their Windows logins. How exactly does this damn the entire EMerald team in perpetuity? Espeially when a number of them turned their back and said “enough”? Why should I trust the word of one imperfect individual over my experience with a score of others?
You see, I’ve read your screed a lot more closely than you appear ready to give me credit for and am picking the holes I find to see if it unravels. On sober reflection its probably not the wisest approach since it appears to have worked you up into a towering Jesus-based frenzy. That in itself speaks volumes to me. It says you DON’T have the ability to argue your point convincingly and coherently and must instead resort to generous lashings of bias and bullcrap. That will not win you the day, not with me.
- “For a start, I’d invite you to itemise exactly what evils are achievable from the humble IP address. Don’t start spouting a bunch of alarmist propaganda about geolocation either – you ought to know as well as I that it can *at best* only put someone in the general neighbourhood of the computer concerned. I don’t doubt there are people out there committed enough to go doorknocking in the hopes of eyeballing a particular user face to face. In my instance, there’d be at a rough guess some 150,000 doors you’d need to knock on to find me based on the amount of residences serviced by my point of presence. Good luck.”
- “You just proved my point. You can geolocate someone using an IP address. Geolocation doesn’t mean down-to-the-address specificity. Would you want people in-world knowing your hometown without your consent?”
Frankly Scarlet, I don’t give a damn. I provide far more identifiable information in my bathroom. Having someone peering through my windows kinda concerns me, having them know which particular group of 4 million people to start searching for me in, not so much. Maybe I’m missing something here. Why should I care what hometown I can be tied to? Unless its a wide spot in the road out in the middle of nowhere or some putrid stinking Vegemite Valley villa that inspires endless mockery from everyone else on the planet, I don’t see the concern.
You of course have my commiseration should the latter be the case for you. I am sure your vegemite valley is just fine and dandy.
- “The only person who was kicked out was Fractured, and he’s got alt accounts as lower devs anyways.”
Name them. I can’t for the life of me imagine why any developer would need a bunch of alts with lower access and strongly suspect this is another piece of warm peanutty goodness you’ve extracted from between your cheeks. While you’re at it, explain how him stepping down as head of the project equates to him being “kicked out”.
Your revisionist historical (hysterical?) account of even recent events astounds me. As does your continued unwillingness to join the dots where other Emerald devs’ alleged complicity is involved.
- “Similarly a nameless third party who (lets face it) HACKED a database that was being privately amassed is trotted out with an incongruous agreement which (correct me if I’m wrong here) could be paraphrased as “make your database public and scrub it from your server or I’ll publish it all for you”. Call me old fashioned, but act of throwing all that information out into the public eye is by magnitude a far greater act of irresponsibility than one man amassing the information for a private database in the first place. ”
- “Eye for an eye makes the whole world blind. Also, it’s called grey-hat hacking. The “faceless” third-party is Hazim Gazov, but I suppose you wouldn’t have known that”
I kinda already knew, the screencaps being a bit of a dead giveaway, I just wanted to hear you say it. For you to categorically put your hat in the ring in such a manner that makes it impossible for you to back out later without looking like a total ass. And what an interesting cliche you choose to use here. “Eye for an eye… makes the whole world blind”. Tell me, just how BLIND are you to the situation as it stands? You’ll happily squeal yourself blue in the face over Fractured’s involvement both present and past, yet when it comes to friend Hazim’s criminal activities you’re strangely silent?
Throwing your own words back in your face here, “why would you trust this person”? Mind if I supply you with an answer? “Why, because he’s a hacker of websites of course!” Never mind that hacking is considered illegal, never mind that he’s just furnished not just the entire grid, but also any asshole in the world with a database previously only available to ONE person, a database YOU EVEN ADMIT was a bad idea in the first place. No. In spite of everything, you’ll trust Hazim. You will trust this criminal to supply you with true and accurate accounts, you will trust his word they are so, you will trust him because IT SUITS YOUR PURPOSES TO TRUST HIM.
And there you have your answer to your earlier pretended bewilderment as to why anyone might trust the Emerald devs. Because it “suits their purposes to”. As to what those purposes might be is a matter for conjecture, though I’m here to tell for my part the fact that they supply a wildly popular viewer that beats the pants off practically every other one going (at least where I am concerned) is a powerful lure. The fact I have a great bunch of amicable individuals to draw on for tech support and at a moment’s notice is merely the icing on an already rich cake.
- “You then introduce vague threats of Phox threatening to commit a break and enter theft. Presumably this carried as much weight as any schoolyard threat to “blow up someone’s letterbox” or “get their daddy to bash up someone elses daddy”. E-freenis waving, or I am a n00b. I am left to conclude from the reported failed attempt to “harass” someone over the phone using a faked phone number that this database wasn’t anywhere near as damaging as its made out to be, not the least since these evil internet terrorists are in fact walking the earth as free men and *gasp* STILL logging into SL. Then there’s the a concerted attempt to deprive the third party HACKER of his internet connection. To hear you tell it, it was unsuccessful, despite your assurances Phox claimed otherwise.”
- “Again, believe me if you want, I really couldn’t care less if you’d rather put your trust in these shady characters. It happened, and he boasted about breaking into his neighbors’ homes regularly, as well. But right, I forgot, you just want to dispute everything I say.”
Its called “logical argument”. Perhaps you’ve heard of it? The ancient Greeks were big supporters of it and its enjoyed a long and colourful history right down through the ages. Ultimately it can be used to great effect, provided your argument hasn’t got FAIL stamped all over to begin with.
“It happened” you say. Very well, what proof do you have of it happening, why are you suddenly according Phox’s boasts the ring of truth you are loathe to grant any of his more tangible qualities and how exactly does this fit into the grand mosaic of why every Emerald dev ought not be trusted? I’m having a little trouble in understanding why this guy is still roaming the suburbs, presumably breaking into houses, ringing random numbers plucked from dodgy database and so on, boasting about it with malice aforethought etcetera etcetera. If I step back from the argument and eyeball the facts, I’m forced to conclude that Phox hasn’t *actually* done anything that his local law enforcement agency feels worth pursuing.
Now, break and enter is something I would call worth pursuing. Harassment as well. I am certain that whatever law enforcement agency polices the area where Phox operates feels the same way. If its a US law enforcement agency, I don’t doubt that just like officers of the law will roam the my space and facebook pages of juveniles to find where the next underaged drinking binge is scheduled for they are more than capable of tying Phox’s internet boasts to real life events. And I am 95% certain that Phox lives in the US. Maybe I watch too much COPS, but the general impression I get of US police officers is that they don’t take very kindly to people who even LOOK like they are about to break the law. Conclusion? Phox has done nothing he can be arrested for and you’re wishing like hell otherwise.
Simply boasting about ones exploits in itself is not a crime. So there’s a loudmouth or two in the team. A couple of them run side projects that have the haters blood constantly on the boil. Until you and your merry bunch of hacker-cuddling friendlies can pony up with some REAL meat as to why the individuals that comprise the Emerald team ought not be taken at face value AND do so with the superior moral platform you have just so eloquently demonstrated you lack, your entire circus might just as easily be tarred with the same “guilt by association” brush that you are so keen to whitewash the Emerald devs with.
Misrepresentation of another is a crime, particularly if it causes right thinking people to think worse of that person. When a person is misrepresented in the written word, it is called libel. Bear that in mind as we consider the following.
- “I can answer that in part for you by referring you to the DDoS that wasn’t. Pure panic-mongering this, since DDoS is an abbreviation of Distributed Denial of Service. And since the “service” wasn’t “denied” in this case, it cannot in the strictest sense be termed a DoS, distributed or otherwise. Then again, calling it for what it is (a spam attack) lacks that badly needed *oomph* required to incite a ruckus. DDoS sounds FAR more impressive, that I *will* admit.”
- “Oh, god, you’re one of these people. Is attempted murder not a crime? A DDoS refers to the attack, not the result.”
No, it doesn’t.
World English Dictionary
DDoS
— abbreviation for
distributed denial of service: a method of attacking a computer system by flooding it with so many messages that it is obliged to shut down
Collins English Dictionary – Complete & Unabridged 10th Edition
2009 © William Collins Sons & Co. Ltd. 1979, 1986 © HarperCollins
Publishers 1998, 2000, 2003, 2005, 2006, 2007, 2009
Thankyou dictionary.com. What we have here is a definition for the term DDoS, taken verbatim from a respected authority on “words wot mean things”. The definition confirms my stance in a previous comment as being true and correct, it confirms the stance of various IT professionals, presumably it reflects the stance of legal authorities in a wide variety of jurisdictions but MOST importantly, it confirms the stance of one person you outright called a liar for.
I think its high time you owed Arabella an apology for that oversight, don’t you?
And speaking of apologies, I’d like to extend my own for a typo yesterday. You are of course correct to point out it was GB and not MB. An oversight I should have caught in the final proof read, though like you I am anything but perfect. Though it still doesn’t change the figures I used (yours), I’m glad we tidied up that little minutae for the record.
And in dribs and drabs, you keep adding to the figures. 2.1TB I agree is NOT an inconsiderable sum of data and even Hazim’s previous hacking of Fractured’s website cannot be considered an acceptable excuse to go out and exact bloody vengeance on Hazim’s website bandwidth. Whether delivered over the course of an unspecified number of days (spam) or in a concentrated ten second burst (DDoS), its still bad form and every bit as illegal. I’m sure you are in agreeance on all of this, I would imagine that if you set your personal proclivities aside that you would admit fault in both parties for the way they conducted themselves, though I won’t be losing any sleep if you elect to afford Hazim his Get Out Of Jail Free card while denying Fractured his.
One thing that does beg the question though is why was it allowed to go on as long as it did? You say Hazim’s site was targeted over the course of more than one day. Very well, WHY wasn’t it stopped sooner? I’ve been in the unenviable position of adminning sites previously and know that a genuine DDoS attack is hard to beat, even with server level access (which presumably Hazim had, it being billed as his own site and all). Constant low level traffic loading of the type you are so quick to market as a DDoS on the other hand is a different matter. That is so easily dealt with it defies description. If you’re getting repeated hits on the same group of images, change the directory name, fire up an html editor, do a search/replace using the relevant strings, upload the new html. Somewhere in amongst all this you can decide for yourself if theres a bannable address within the stream of image requests AND provided you’ve kept traffic logs you can address complaint to your own webhost and perhaps more tellingly, the offending webhost.
How many days? Why did it take so long for anyone to catch it? I despise having to drag the information out of kicking and screaming people and wish someone would just come clean and ADMIT in simple, basic language even if it DOES make them look like putzes. I’d rather have a putz tell me what the true state of affairs is than someone trying to hide they are a putz by making something out to be something its not. If someone is guilty of manslaughter you don’t charge them with murder one. If someone rockets through an amber light at 80mph, you dont charge them with running a red light. And if someone contrives to leech someone elses bandwidth over the course of a few days you do NOT charge them with DDoS. You sure as hell don’t call other people liars when they refute a fallacious claim you’ve made, you admit your error (kind of like I did with the typo above) and you get on with it. There was no plan to take out Hazim’s site, any reasonable analysis of the events as presented proves there wasn’t and you standing up to rewrite the dictionary doesn’t cut it.
Jesus, the more I get into it, the more pitiful and pathetic this freakshow of chanting clowns becomes. Further along I challenge your assertion of there being 20% of users on the grid accessing Emerald. I reckoned it closer to between 40-60%, based in large part on the amount of Emerald tags I see during the course of my day. If you bothered to “know your enemy” by actually USING the client, this is something you could verify easily for yourself, though I’ve no doubt you’ll tell me Hell doesn’t freeze fast or something.
What I *DIDN’T* expect was for you to offer up the following.
- Oh, I see where you’re going here. You’re just going to base that number solely on your own private study, most likely in sims where noobs with Viewer 2 don’t hang out. And again, this didn’t occur over the course of a day or two.
Are you being strange? In the absence of viewer data from Linden Labs, just where do you expect me to find such a number? From someone who doesn’t use the viewer? Or maybe any one of the security tools that checks for alts?
You might as well know that my travels do indeed include the odd welcoming point. Back when I was perhaps a month old in SL I happened to encounter someone who for whatever reason decided to take me out shopping on her dime. And she sure wasn’t stingy when it came to shelling out the linden. I felt bad about it, like I was getting something for nothing but she just kept saying “shhh, shop”.
Hair from Truth, skin from Redgrave. A bunch of latex from Sintimacy and Latex Station. Neko gear from Urban Dare. Eyes from somewhere that escapes me for the moment (it will come to me later I am sure). All in all not a cheap trip. She bothered to introduce me to employers in SL, introduced me to the people who ultimately found me my dream home.
Now I extend that same courtesy to newbies I feel like helping. It costs a bit, but its worth it to see their smiles and I’ve made a few lasting friendships out of it. Plus I argue its combatting copybotting in my own small way, considering that these newbs are being put in front of genuine content creators work and getting a leg up into the SL metaverse.
Where might I find this raw, untapped resource of newb I hear you ask? Well, pretty much anywhere really. Welcome areas a good starting point. And strangeley enough, you finde a good many emerald tags there.
But you’re right, I should learn not to rely on the evidence of my own eyes. Here’s a pretty number from a non-CDS security system – 53%. An increase, if you MUST know of 4% since last I bothered to check. Taken from a readily avaliable, widely used, purchased off the shelf security system available in-world even as we speak.
You are perfectly at liberty to question the calculations that particular tool made to come up with that number, you can even question that I have access to such a tool or even that I just yanked that number out of thin air. I for one have no idea of how to verify the accuracy of such a number other than “my own private study”. Even if you cannot verify it for yourself (being that you likely don’t use the Emerald client and therefore don’t see viewer tags), you must admit that it would go a long way to explaining why Linden Labs and the present Emerald dev team are bending over backwards to certify the viewer as TPV compliant. I imagine the gentle nudge from Philip Linden for Emerald Users to try different clients, most of which enjoy grid user reaches that can be measured in fractions of a percent.
I don’t envy his position. Philip Linden’s I mean. Not all of the Emerald users will be able to make the transition to other clients (I certainly cannot) and many more simply will not make the attempt. That translates to a massive loss of logins overnight if he hits the eject button on the Emerald client, probably the largest the grid has seen, ever. The knockon effect would be incredible, grid economy would totter and possibly even collapse entirely. Shops closing, landowners unable to make tier, sim shutdowns and most tellingly, a lot of Very Unhappy Stockholders.
No, I don’t envy him. How could I? This is the LAST thing he needs right now. Far better to see Emerald established as a transparent and fully compliant entity, and you can bet the devs and beta testers are busting a gut to provide a clean, robust viewer. You’d have to prove every last Emerald user had horns and a tail at this point before he’d throw caution to the wind I expect.
- “You’ll forgive me if I suspect you of panic mongering. Based on your numbers and simple maths, I am presented with a scenario which defies description – close to ten thousand people simultaneously and repeatedly hammering a website at the behest of some evil DDoS orchestrating overlord… yet barely any of these bejewelled e-acolytes notices? Give me a break! As any IT professional could tell you, there exist tools FAR more effective at shunting the amounts of data claimed AND in timeframes a lot tighter than I expect you can claim here.”
- “No, I won’t. You’re just disputing everything solely to discredit my proposition so you can feel safe when you load up Emerald. But hey, I don’t really care. In any case, I never cited a timeframe, so I’m not sure where you keep pulling that one out of. (Ah yes, your ass, where most of your information seems to come.)”
Riiiiight. Like that figure of 20% you pulled out of yours? Or the claim I am disputing you solely to discredit your proposition? Awwww poor you, I had no idea you were so sensitive to being cross examined. Quit crying. Far from disputing “everything”, I have in fact limited myself in large part to the holes in your argument. I already know what parts work and asking you to explain them does nothing past making you feel good. I am NOT here to make you “feel good”. I am here to satisfy myself that your account of events is true and accurate and if by some miracle at the end you feel GOOD then so much the better.
True, you never cited a timeframe. Given the fact it can be measured in DAYS (not minutes, DAYS) it becomes nigh on impossible to establish an intent on anyones part to DDoS a site and pitifully easy to disprove. It is this inalienable fact and no other that decided me against scrolling past your crosspost earlier. When you called Arabella a liar for stating there was no DDoS, YOU WERE WRONG.
Again, the definition – “a method of attacking a computer system by flooding it with so many messages that it is obliged to shut down”. Obliged to shut down. As in turn off, crash, melt, become a doorstop. You will notice I trust, no mention is made of “dribble a few requests for one pixel images and wet yourself laughing as the bandwidth inches up and your opponents carry on like monkeys on acid”. Waving your arms in the air crying “OMG-DDoS!” makes you look like a cretin, which for the benefit of doubt I will assume is not your intent.
- “But let us for the moment presume we are all wrong and you are incontrovertibly right. Stranger things have happened after all. Well then, mind if I inquire as to what the source code for such an evil tool is doing in plain sight of any yahoo with a passing knowledge of html, access to proxy lists and the coinage required for a GoDaddy account? Let me guess – the readers of the Alphaville Herald are all fine upstanding citizens and would never ever contemplate such a heinous act? Pffft!”
- “What source code? if you’re talking about the Emerald login page, the overwhelming majority of users don’t check the source code for it on the MS website. Unless you’re talking about something else that you failed to mention.”
Pssst. Scroll up. See those pictures at the top of the page? The ones marked “source”? What do YOU think they contain? What do you think might happen if some random miscreant were to type it out, add a proxy list and set it in an infinite loop?
I would hope the offending routine was incomplete. I have not the ability to fully understand the html and would guess a good many people here fall into the same category. But I have every reason to expect that there are those reading this who DO have the knowledge to understand it, of that there will be a smaller subset with axes to grind (motive) which leaves us looking at opportunity. And there is all the time in the world.
There’s even a URL in the address bar, though I have to figure there are those present who know full well how to google a cached page. Taking it down at this point is no guarantee in the short term either. There’s enough people present who know where to look and enough hints for any random surfer to fill in the blanks. You can claim all the culpability in the world for Fractured Crystal and even make a fair amount of it stick, yet infinitely closer to where you are browsing exists something far more potent and dangerous and pretending you have no idea what I am talking about will not make it go away.
Its a catch 22 that faces nearly every journalist. A good many adopt the maxim “publish and be damned”. Want to hazard a guess where we’re at now? I’m sure the Alphaville Herald, its journalists and editors are big enough to weather it, they’ll still be blowing the lid off real stories and drumming up frenzies for others for years to come. I and others expect that, its why we come here. To see a spectacle and to live vicariously through it. It might be a sad indictment of the media for some but that is what they do and I’m adult enough to recognise that Emerald will come under fire from time to time. It makes great press. It certainly got YOU in.
Am I offended they chose Emerald? Hell no! A proper role of journalism is to report the news and where necessary protect its sources. I believe it is possible they could have presented a partial screencap, partial address, omitted the fact it was a cached page and still more than adequately conveyed the proof that Bad Things were afoot. It would have broken the code while no room for reasonable doubt, I’d still have taken it at face value and expect all of us would have too.
Like the database that got hacked, reprinting the very code one finds so reprehensible is like screaming “FIRE” while pouring on the gasoline. Taking something you would have us believe is THAT BAD from one person and putting it in the hands of many is reprehensible conduct unbecoming of the mature and moral guardians you would have us believe you are.
- “Your claims are bogus and it doesn’t take an internet whiz to see through them. The worst you can claim in this case is that a site got spammed and MAYBE there were a small handful of Emerald clients involved. That I will agree with you is an appalling state of affairs, though it falls far short of your rabid cries that Arabella is lying about there being no DDoS. There wasn’t a DDoS. No service was denied, therefore there was no Denial of Service. Quit indulging in character assassination until you have something valid to assassinate a character over, lest you be seen as the boy who cried wolf when something REALLY nasty presents itself.”
- “What the hell? Did you not read that massive list of things I posted?”
Yeah, I did. And before I allow you to run your mouth again I shall remind you of the context of my quote. Your bogus claims specifically in this instance are your assertion of what a DDoS was, also that Arabella was lying when she said there was none. I have repeatedly beaten you over the head with logic, with the word of an IT specialist of some 25 years and most recently the dictionary itself to show you why such claims were bogus. You’re so quick to claim I refuse to read what you say, have you taken a long hard look in the mirror lately?
Now, your rant. I’ll need to break this up since you’re beginning to repeat a bunch of stuff which if blowing my post out into realms that would make even Prok shudder.
- They hacked someone’s SL account and threatened them
Who? When? Why is Linden Lab not taking them to task? Name names and link links, you’ve already given me plenty of reason to doubt your word over the Arabella incident.
- used exploits to obtain your computer’s data (IP, MAC, check your filesystem, etc.)
You mean like the standard data transfer that happens with countless websites and online games? I care, really. 0.0 <–see how much I care? Until you can offer me a single valid reason why I, an Emerald user, should be quaking in my boots that these people are in fact receiving this data that is available to every website I've ever visited, you'll forgive me for comparing you to Chicken Little.
(note: despite your earlier claim of this being a "massive list of things you posted", this is in fact the first mention I recall you making of MAC addresses)
- and stored it on an insecure server, allowed anyone to read your install path and viewer’s title bar
Yeah, as evidenced by the efforts of your friend Hazim who – of wait, I'm getting ahead of you here, do continue.
- lied about it
Yeah, those liars are terrible aren't they? Why, I had someone try to con me about what a DDoS was not so long ago!
- and claimed said functionality removed, did it again, “removed” it again, then removed it for good a third time (supposedly) just recently, then began using ALL Emerald clients – which I explained, but you apparently don’t understand, because you claim only a “handful” were affected
Mmmmm, this wouldn't have been around the time you were proclaiming the DDoS attempt? As has been shown (again and again and again) your understanding of what a DDoS entails appears radically different from the industry term, to say nothing of Harper Collins. Since a single DDoS attempt involves typically a bunch of fragmented requests (see? learn something new every day) at a target in a very short time frame, it is perhaps proper to expect that only a few Emerald clients could have been on hand at the time. Now you have kindly amended your account with the extra detail that this occurred over a period of DAYS, you do indeed satisfy the requirement that perhaps more Emerald clients were affected than your previous, unqualified assurances might have otherwise indicated at the expense of your already tenuous claims that it was a DDoS attack and not merely bandwidth leeching (as would have been a more proper claim for you to make).
– to [attempt to] DDoS Hazim’s website without provocation.
You don't see the act of someone hacking anothers website provocation? Oh dear, your people skills DO need work!
- Then, when they were caught, they lied about it again
You know, for someone who went all out to continue lying after his DDoS lie was exposed, you're awfully free with the epithet on other people. Are you having trouble sleeping straight at night?
- and instructed their users to spread rumors around
This must be another memo I missed.
- then faked a restructure and booted the bad egg
Another lie of yours? I've seen the "bad egg's" resignation letter where he hands control of the project over to Arabella. I can link you to it, though you might not like the amount of nice things that are said about him in the comments field.
- (even though he’s still in as a lower dev using an alt)
You can list those names any time you like. Granted its a ToS violation to do so, but hey – "its only Fractured, he doesn't count", right?
Besides, I feel like asking him myself why any senior dev would need a bunch of lower dev access alts. God knows, I'm not getting a straight answer from you on the subject!
- and bitched at LL for removing their TPV policy compliancy status.
I suspect the term "bitched at" to be a little artistic license on your part. I doubt they'd be making disparaging comments at LL at this juncture and think it more likely they'd be looking to placate the issue.
Maybe I should check your definition against the dictionary's. Are you game?
- How is that just totally ignorable?
Its not and I've bothered to break it down into itty-bitty bite sized chunks this time around in the hopes you might possibly digest it. Are we THERE yet?
- Oh, right… I keep forgetting, sorry.
No kidding? Your pretend apology is accepted.
- “Now, the emkdu.dll. It might please you to know that various Emerald users were coached on how to remove this. LordGregGreg may or may not have been one of these, I have never been privy to any attack on his integrity and I am a member of the Emerald, Emerald Lounge and Emerald Beta Users group. I only know the person who coached me on how to remove it, and this was well and truly *B*E*F*O*R*E* the questions of its leaking of installation folders became a de rigueurmortis for the masses.
- "Yes, some users were coached on how to remove it after the fact got out that it was broadcasting your private data."
Learn to read. I said "before", not "after".
- Sure, if it reports installation folders and there are people DUMB ENOUGH to use their real life full names as logins then maybe there is a problem. A problem which for the record might easily be resolved by more secure internet practices (like NOT using identifiable information for your computer login).
- "some users (particularly as members of educational organizations) are REQUIRED to make their username their actual, full name. I was required to do so all through middle school, high school, and college.
If you are defrauding your employer for playing second life when you ought to be working, I'd say you should be more worried about losing your job. Also, while I am not entirely familiar with your country's quaint little customs, I'm pretty sure that studying hard and getting good grades takes precedence over running a bunch of pixels about a metaverse on an educational institution's dime. Which, if you are in middle or high school, is a breach of that ToS you were waving in my face earlier.
However, I am fully aware that most children pay scant attention to the rules and regulations supposedly mature adults set out for them. Then again a bunch of them use their full names on Facebook and even publish street addresses of parties. Then the cops come along and haul away the underage drinkers, Mom and Dad get all embarrassed at the police station, haul them off back home and in some cases, beat the living crap out of them.
The moral of the story? Do something wrong, you run the risk of getting caught and taken to task for it.
I really want to cut you some slack here Nelson, but you are making it awfully difficult for me to do so, short of turning my back on you and walking away in disgust. A resonable course of action of NOT creating a login that uses your name and you trot out SCHOOLCHILDREN of ALL PEOPLE to make your point??? Fine. Allow me to suggest that if you're so concerned about protecting the little children from Big Bad Fractured and his happy-go-lucky sidekick Hacker Hazim (or anyone matching their descriptions) that you truck on down to the dollar store, buy a pair of sidecutters and spend the rest of your life going town to town like a latter day Johnny Appleseed, snipping the internet cables off computers on the outside offchance there might be any children who haven't learned internet ettiquette yet.
A ridiculous suggestion to make, but no more so than your argument. Your proposing the cessation of an incidence of (questionably) white collar crime so untold THOUSANDS of others might commit little acts of white collar crime of their own and completely unremarked by any third party is ridiculous. It's also purely academic at this point, since the affected DLL is no longer being distributed. With the intense scrutiny it has been subjected to I would be utterly amazed to find it had a parallel in the present release of Emerald.
- "Noone at grid management level seems prepared to bring the ban-hammer down on Skills and I haven’t seen any committed third party hacker linking us to databases either. Another furfy on your account? I don’t imagine for a single moment she would rank as a target on *your* radar if she had never laid eyes on the Emerald client and your whole “guilt by association” shtick falls flat on my ears.”
- "She’s part of the Emerald team. Do your research."
No kidding??? Wow, what newsflash! Stop the presses, the girl who makes the CDS also contributes to Emerald!!!
I belong to my local Lions club, I also belong to the local hockey team. If I break someone's ankle on the field, that must mean ALL the Lions club members break ankles?
No, I didn't think so either. So you cannot honestly expect me to hold the entire Emerald dev team responsible for the side project of one of its members any more that I might claim the entire grid being a bunch of shockingly bigoted alarmists simply because you happen to inhabit it.
- “Until you can categorically and emphatially provide a list of complicit individuals at the dev level AND have it confirmed by someone in a position to back you up, then your blanket allegations as to any imagined evils of the Emerald client and the perils for all who come into contact with it remains pure conjecture. I for one am unconvinced, though open to any smoking gun that blows it all wide open. I have yet to be shown anything remotely approacing this. At the time of writing, Emerald might be delisted, though it has not been outright banned. It might be argued that the net effect on the grid is something Linden Labs is not prepared to countenance and if such a discussion has already been undertaken then I will thank you to link me to it as you were so ready to link me to past Alphaville articles, not airily announce on Philip’s and Soft’s behalf that they have entered into discussions and let it go at that. One wonders why you might adopt such a clandestine approach.”
- "Do the research yourself. Nothing I say can prove anything"
Damn, had I read this abdication of yours first I might have have saved myself the keystrokes.
You are wrong of course, there is one thing you've proven to me. As loud as you rant about Emerald, in the end the courage of your convictions is sorely lacking and your ability to form a cohesive argument to support your claims is quite bluntly non-existant. Of the facts you claim to have presented, maybe a quarter of them I've satisfied myself to have any meritous basis in reality.
My only regret is you lacked the stamina to go the distance. I was only just getting warmed up. I'll pop past later on the offchance you've changed your mind. XOXOX
*sigh* Next cab off the rank please?
Jocelyn Pawpad
Aug 26th, 2010
*WE
-“You will note I trust my comment “it remains the most stable of all clients for ME and MY system.” Posting at ME and telling ME that I am wrong and that Imprudence is far more reliable on MY system is, I am afraid, rather arrogant and presumptuous of you, particularly given the fact that I HAVE used Imprudence and find an increased difficulty logging in to a good many sims that are script-heavy when I do. Yet these same sims (which by the way include my home sim) present far less difficulty to any of the Emerald releases I have had the good fortune to use. Additionally, I crash far less when using the latter client and while the removal of the emkdu library has forced a slower draw of the textures involved, I still must report a far more reliable experience from the Emerald client as a whole. I am not alone in this experience, so I know it is not peculiar to my setup. Though I will not pretend offer a blanket assurance that Impudence is an inferior client in ALL cases, I do find it rather insulting to my intelligence that you would insist to know my circumstance better than I do.”
- You’re the first person I’ve heard of to come to this conclusion
Yeah, I’m the only person who uses my computer. I’m not surprised in the slightest that you haven’t heard this conclusion before and if you had I would be looking at getting the locks on my house changed.
That isn’t quite what you wanted to say, is it? You of course MEANT to say “I’m surprise you find the Imprudence client to be inferior on your system Jocelyn”. Yeah, well maybe the next setup I get will handle it better. I’ve been promising myself a new one for a few months now and look forward to a ritual sacrifice of the current one. Something long and drawn out, maybe with lots of electricity. I’ll think of something creative, you’ll see.
- “however (which you can take as you will), generally due to the sloppy coding of the Emerald team and the haphazard adding of features, the Emerald client is unstable and full of memory leaks. This is confirmed by their own forums. So far since this whole fiasco I’ve seen many people switch from Emerald to Imprudence, and just about every one of them commented on how much faster and more stable it ran. But if you WANT to believe Emerald is better, I suppose you’ll see evidence for it.”
Well the ability to log into my own sim is as good a litmus test as any I suppose. I’ve seen one Imprudence user there in the entire two months I’ve been there. With a grid reach of 0.67% as of two hours ago (about the time I cited the Emerald reach of 53% at Nelson), I wasn’t aware that Imprudence was enjoying such a massive climb in popularity. I’m happy for you and the many Emerald to Imprudence converts who are enjoying its stability.
- “Even so, if you really want to stick with Emerald, there’s a fork made called Emergence, which is literally exactly Emerald split off by LordGreggreg (one of the devs who left in disgust of what the rest of the team was doing), which has all the features but none of the creepy stuff they had done, as well as, obviously, none of the current Emerald team in direct control of it.”
You know, I’m curious here and I guess if I went looking for LordGregGreg I could hear from his own lips what the exact state of affairs is. I remember him getting downright offended over the emkdu.dll and said it was the reason for his departure. The dll that Fractured licensed at the suggestion of other devs and later adapted. If LordGregGreg’s feelings run any deeper than that, then its a matter for him to clear up or not as he chooses. I certainly haven’t heard anything specific, but I’ve been busy. Feel free to educate me further.
Yes, I am aware of Emergence. No, I haven’t tried it, not yet at least. Again, this is something I will likely need to approach him directly about, if only to establish where the fork occurred and what changes have since been made to the viewer since then. The most stable release of Emerald I’ve used was a beta (2439) shipped with the emkdu.dll which was since deleted with no ill effects. If your definition of “creepy stuff” is that dll, I might as well tell you straight that was deleted not for privacy but because of an avatar glitch which was ultimately tracked back to a hairbase, not the client or the dll. I simply never got around to replacing the emkdu dll.
It was some time after all this that the inserted code in the dll became news. LordGregGreg dislikes it. I’m indifferent. If it benefitted me to have it on my system then with or without the adaptions from Fractured I would put it on. It doesn’t. I’m on a system thats ready to kick its heels in the air and on a relatively narrow bandwidth which is possibly why it doesn’t benefit me either way. The new release does not have it, and I’m not missing it. All is goo in Jocey-world.
A word on LordGregGreg – I’ve not had any direct dealing with him and what few comments I’ve heard have been positive. I don’t remember who it was that told me where to find the dll, I just know it wasn’t him. If there was any bad blood directed generally towards his erstwhile colleagues then I heard it from you guys first. Now THAT is creepy – I belong to three Emerald related user groups, the first I hear about antipathy is at The Herald? Wow.
- “Considering you seem to question whether there was a DDoS attack at all, or if someone with evidently a lot of free time just doctored up a bunch of screenshots, I have to imagine that you simply don’t want to believe any of this is true”
Hold it right there. By any accepted industry standard, the fact Hazim’s website completely failed to roll over and kick its little feet in the air should be proof enough that there was no DDoS. Furthermore, since the admission that the attack took place over an unspecified number of days, any attempt to prove INTENT to DDoS becomes ludicrous. Call it for what it is. If you say words like “spam” or “bandwidth leeching” then you have a point. Just because I call your misuse of semantics in question, it does not logically follow that I presume nothing to have happened at all.
If you’re still unsure, dial up dictionary.com. You’ll find the Harper Collins definition I posted twice in there. Talk to a random IT professional (someone who’s never played SL would be good if you’re REALLY looking for an independent opinion) and they will confirm it for you. You are “actually surprised this is still in doubt at all?” I’m totally astounded to learn of the herd mentality that refuses to have sense talked into it. Mooooo! DDoS! Mooooooooooooo!
- “Not to mention that Fractured and Arabella admitted to it in their own coy way.”
Which was what exactly? I saw Nelson calling Arabella a liar before when she said there was no DDoS. Only she didn’t lie because the WAS no DDoS. Bandwidth leeching? Apparently so. DDoSing? Are you kidding me? I *know* what a DDoS is, I’ve been the target of a few myself. Server shuts down, browsers report 404 pages, no sooner than you get the site back up and BAM, somebody packets your server offline again. There are tools which do this, are designed specifically to do this and are damned effective at doing this. They shunt thousands if not tens of thousands of data requests in seconds, much of it fragmented and (get this) MOST webhosts these days are set up to detect and discard any such attempt.
Contrast that with the algorithm at the top of the page. A dozen or so lines of code that look for all the world like image requests. If thats what you are calling a DDoS, then let me say it is the most pissweak attempt ever seen *EVER*. To hear you lot screaming about this evil “DDoS” effort would have you laughed off the net in other places. You would need to coordinate an abominable amount of viewers to all log in simultaneously to achieve a DDoS using that method and you would just as likely take the login page out if you tried.
- The fact that you’re trying to cast doubt on whether this evidence is falsified or if there even was a DDoS at all when it’s been proven repeatedly is highly suspicious.
Yeah, well I’ve proven the definition of DDoS repeatedly and find it highly suspicious that you’re still bullishly proclaiming you are right and the rest of the world is wrong. Que sera sera, I should know better than to converse with a bunch of close-minded trolls.
- “For a start, I’d invite you to itemise exactly what evils are achievable from the humble IP address. Don’t start spouting a bunch of alarmist propaganda about geolocation either”
- “Call me old fashioned, but act of throwing all that information out into the public eye is by magnitude a far greater act of irresponsibility than one man amassing the information for a private database in the first place.”
- Interesting. First you downplay the danger of a IP Datamine with “what harm could an IP do!”. But then, when the so called benign datamine is hacked and exposed for purposes of outing the Emerald team, it’s suddenly a magnitude of irresponsibility? What changed to make the data that was collected and exposed from benign IPs to irresponsible to let into the wild?
You tell me, it is after all your sudden shift in attitudes I am sending up here. You say the database is bad, well lets for the sake of argument pretend you are right. If it was bad for ONE person to have and to hold and possibly abuse, would it not be proper to assume it is far far worse for one BILLION to have and to hold and possibly abuse? All the more so because you haven’t a single idea where to point the finger at should some 12 year old foreign national in a country that doesn’t recognise US law decide to “have their wicked way with this evil data”? Muahahahahhaaaaaaa!
Tell me, are you still going to be blaming Fractured by that point? How is it magically HIS fault that it was hacked out of his hands by a script kiddie? Better security needed? Shouldn’t have made the database in the first place? Maybe, maybe not – I’ve already indicated the lack of genuine threat *I* think it poses. I just find it repugnant that you’ll happily castrate someone for collecting data for one while letting the felon who hacked it for multitudes (no matter how shady) off completely scott free.
Some might call you a biased hypocrite for that, though I am prepared to believe you’re just plain ignorant if you prefer.
- As PathFinder so eloquently put it: So if I stick a gun to a bank teller’s head and demand money, but don’t actually get any. I suppose it wouldn’t be considered a bank robbery?
Bad analogy. I like mine better. If you inadvertantly knocked Fractured out of a third story window tomorrow, would you go to the chair on a murder one charge? How about if he wasn’t killed in the fall, but just badly maimed? Attempted murder one?
The answer ought to be obvious, even to you. Murder one requires premeditation and malice aforethought. You accidentally knocked him out. Manslaughter. Not murder one.
Boy, I can almost feel the warm pantaloon-wetting fuzzies the readers will get from that scenario, even as I type it. But my message remains crystal clear. The more I hound the details out of you lot, the more I am convinced of Fractured’s total lack of intent to commit a DDoS.
That doesn’t mean I don’t think he didn’t contrive to leech bandwidth. But like I said in my earlier comment, DDoS sounds SO much more exciting. I guess its a shame for you alarmists that its the wrong term to use.
- I don’t see the fact that this or any other attempt failed as making things any better. It shows they have the intent, commitment, and attitude to do malicious things without considering the consequences to themselves or their user base (that’s you) in all this.
“They” being Fractured? Or are we back to casting the entire Emerald dev team as being responsible for the actions of one man again? If the former, then I wholeheartedly agree. I’ve never held with such practices, not as a kid, not as an adult. If its the latter? Quit wasting my time, I’m pretty sure the devs didn’t hold a gun to his head. He as good as says in his resignation it was done solely by him and for a laugh. I didn’t find it funny, then again it wasn’t being done for my benefit, was it?
- The fact that you’re trying to tack on that they’re incompetent as well
No, that’s YOU and YOURS trying to do that with your insistance “they” committed a crime that never actually took place. Start attributing the correct crime to the correct perp, mong.
- Had the victim of the attack been on a metered plan, he would have been required to pay hundreds if not thousands of dollars in bandwidth overage fees due to the extra server load from the [spam], whether or not the servers went down at all.
Correct. I trust you wont mind my correcting your terminology so I might agree with you on this score. This oft-repeated lie of a DDoS is beginning to make me wonder if I’ve logged into a ward of mental patients here!
- “That’s roughly 14 times the TOTAL amount of users currently logged in to the grid.”
- “These are not unique login attempts either. During the DDoS attack, every time you opened up the viewer (you didn’t even have to log in, but simply opening the viewer and loading the login page), downloaded another load of the data from the victim’s website. This means that everytime someone crashed, everytime someone just opened up the viewer, etc. Considering Emerald’s unstability, someone might be loading that login page a dozen or more times in a day.”
Thanks for the refresher course, Poindexter. Concentrate the amount of logins into a tighter timeframe and get back to me, we might have a genuine DDoS attempt by then.
- “As any IT professional could tell you, there exist tools FAR more effective at shunting the amounts of data claimed AND in timeframes a lot tighter than I expect you can claim here.”
- Again, you aren’t nullifying their intent with this statement, you’re just tacking on incompetence to their charges. It makes you wonder why you would want to use a viewer created by people who are provably malicious, childish (sometimes quite literally), criminal, and now with the point you’ve so thoroughly proved: completely incompetent.
Unless of course we consider the more likely probability that you refuse point blank to admit you called it the wrong thing in the first place. Hey-ho stupid, would it help it I beat you about the ears with your typing wand for a bit?
- “Sure, if it reports installation folders and there are people DUMB ENOUGH to use their real life full names as logins then maybe there is a problem. A problem which for the record might easily be resolved by more secure internet practices (like NOT using identifiable information for your computer login)”
- “Also, not using provably malicious third party software like Emerald.”
And not whining about anyone else who chooses to use it, or indeed those who make it available for others to use. Or is that too much of an ask?
Strange to think that the most vocal people screaming about the damage it might do to the average user are in fact people who (ha) “don’t use the client.” What a bunch of goons!
- “Here’s another choice bit that Nelson missed as well.”
What, you his messenger now, sent to coordinate a Distributed Denial of Sensibility? Go home, Nelson can fight his own battles if he chooses to, he doesn’t need YOU to wave his pom poms for him!
*DOC
- “That was a prokofotastic long post”
Prok is a pussy
- First, imprudence is a nice alternative to emerald, for people that are searching for an alternative. Some functions are a bit hidden, but it contains everything that SL-Ken-and-Barbie needs. If you dont like it, its ok.
Its not that, I just can’t get it to log in to a bunch of sims including my home one. I’m putting that down to hardware issues. Long and the short of it, Imprudence doesn’t work for me.
- Then the IP thing:
You and Nelson still dont get it right.
The dataminer was there to detect ALTs.
I see your ip, i see your alts ip, i see they use the same. i know who your alt is. its so simple.
The geoip was probably just there to scare kiddies off. …like: I KNOW WHERE YOU LIVE KID!!
Alt detection? Still not an issue for me. Like geolocation its not going to find some sweaty teenager (or fat balding paunch swinger) reenacting the shower scene from Psycho in my apartment.
- “Database blabla:
The database wasnt given out and wasnt ever ment to be given out. If it would have, i would have a copy of it.”
Yeah? I can’t see the point in it really. Most of the connections out here are dynamic IPs, but even if they were all static I’d still need access to account details at the ISP server level to truly geolocate someone. It sounds like a lot of effort for something which I have no need for. If I had a copy of the database it would just be taking up space on my computer.
- “Evil people are not evil blabla:
You can ignore it, you can believe averything is just made up info (you know that would be a lot of work right?)… or not, or you can do bit research.”
Sure. Its not as hard as you might think, though I do agree it takes a lot of work to pass muster. I don’t even know if that code up the top works. Most people here I suspect don’t. Like me they are presuming it works based on someone elses say-so. I understand part of it and there are none of the typical image distortions in a photoshopped image which suggests to me it is genuine code at least, though the source html might still be edited previously. When I factor in Fractured admissions of culpability in his resignation I can say with relative certainty that it is indeed the code in question. Enough of it matches the *facts* I am presented with to give it creedence and I am happy to afford it such.
I could research it more deeply. Sometimes its quicker to shake the tree and see what falls out of it. Lemons are my favourite.
- “ddos blablabla:”
Its amusing how you care about the numbers (which are quite wrong) and the definition of a ddos. But you totaly ignore, that your system was abused by a young adult, just because he was bored.
Shhhh. I was holding that one as an ace up my sleeve. The bit about a young adult abusing the system I mean. And system (unless you are referring to my client as being the system) was never commissioned by me, nor did I know of its existance until a few days ago. Not mine.
I don’t really care about the numbers either. They’re just abstract concepts being offered to me and they appear to vary depending on who I talk to. I’ve used them purely as reference points and been reasonably certain all along that they establish that the abuse of the system by the young adult in question was NOT a denial of service.
That’s really all I care about here, the misuse of nomenclature. I’m tired of watching the English language getting systematically butchered by persons of otherwise passable intelligence. It would have been nice if I’d had something useful to take away from this exchange besides
- “Transfering the installation directory isnt bad, the people are to dumb blabla:
Well, people would first have to expect that this could happen.
And the common SL user isnt a paranoid nerd, specially not the common emerald user.”
Maybe they should be. Not tinfoil hat, coathangers in the ceiling paranoid, but being commonly cautious would be a great help. Maybe my situation is unique in that I’ve never used any part of my name or address for login details, but when I was discussing the practice of people using their real life names last night I saw jaws dropping in astonishment. My contemporaries it seems don’t find that practice a wise one.
When I was young, I got the stranger-danger lecture. One of the things that stuck with me through all these years was “don’t give them your name”. I can give you any number of scenarios where this is rock solid advice and a the login details for a computer is one of them. Long before anyone questioned the security of Emerald, I understood the fairly basic premise that a computer transferred information, much like I used to swap notes in class. Sometimes the notes get read by people they aren’t intended for. Occasionally they never get to their intended destination. Therefore, don’t commit anything to them that you aren’t prepared for the rest of the world to know about.
That’s not paranoia, its common sense.
- “CDS is basicly Apples fault.
You can trust me if i say, cds if effectless against copybotters, because every “bad guy” in SL knows how to get arround it.”
716 identified instances of copybot on the grid. 0.075%. Still too many. How many of those are currently evading CDS and failing to evade the device I am looking at I couldn’t say. Hopefully the answer is “none” but I can’t in all honesty make a guarantee on that I don’t undestand the workings of.
That includes the accuracy of the figures I quoted. Still, theyre fun to wave about. Kinda like reports of people abusing their positions of authority. I like to think so at least.
Doc, I’d like to express thanks for the breath of common decency. I know you’re not a card carrying member of the I Heart Emerald LOLOMGROFLCOPTER brigade any more than I am and I appreciate the rational, measured approach. To you I say I don’t doubt there are shady instances in various individual Em Dev’s pasts since I’m pretty sure fault can be found in us all.
Is it right they should be held up for scrutiny? I believe everyone on the planet ought to be, at least every once in a while. Vibrant and *constructive* critique works wonders on a person’s direction, and in my experience at least, can bring about a mutually beneficial solution every once in a while. I sincerely wish more people would take this to heart.
[Scroll wheeeeeels....STOP!]
Yep
Aug 26th, 2010
“- Then the IP thing:
You and Nelson still dont get it right.
The dataminer was there to detect ALTs.
I see your ip, i see your alts ip, i see they use the same. i know who your alt is. its so simple.
The geoip was probably just there to scare kiddies off. …like: I KNOW WHERE YOU LIVE KID!!”
It is none of your business whose alt is whose. That right there is against the TOS as well as invading peoples privacy.
What an idiot.
Jocelyn Pawpad
Aug 26th, 2010
Relax, he said he never got the database, didn’t he?
Slayer
Aug 26th, 2010
Any bets on if Emerald is at it again?
“Post subject: Servers Compromised
PostPosted: Wed Aug 25, 2010 8:10 pm
InWorldz Founder
User avatar
Joined: Wed Feb 25, 2009 11:29 am
Posts: 1901
Ok, so some information, or at least what we know at this point. InWorldz was targeted by a botnet which successfully compromised 1 server completely, and all the regions on it (I will list those out here). 5 other servers were accessed, but unsuccessful, as we got ahold of our provider and they shut down those servers and worked with us to block out the intruders.
No data was compromised for assets, inworld items, inventories or anything else, that is the good news. We have taken a backup already of those, in case something more happens, all passwords have been changed to the site, grid, our accounts and so on. We do highly recommend changing your passwords, as although we do not have any evidence they got to the database, and the passwords in there are encrypted, we’d rather our residents not take any chances.
We are evaluating the information and logs we have of what was done already, and will continue to do so, security precautions that are even tighter will be enforced tonight before we bring the grid back up.
That’s as much as we know without boring you guys or compromising more information, and we’ll give you a heads up when we’re close to bringing the grid back up.”
had enough
Aug 26th, 2010
Sure, put me down for 50 that emerald did do it.
Pfft with emeralds history, that would be a safe bet.
Jocelyn Pawpad
Aug 26th, 2010
You know what they say about fools and their money
We
Aug 26th, 2010
@Jocelyn Pawpad
“it remains the most stable of all clients for ME and MY system.”
You may very well be right, the trouble with this entire set up however is, Emerald and Imprudence are not two wildly different programs. They’re both built from the same place, the default Second Life client, and thus share a lot of the same code. They only start to differ in terms of a relatively small amount of features, and even a lot of those features are patched in from the same source. It doesn’t quite follow that they should behaving so drastically different, unless the entire client has a seriously fatal crash bug in it, which it doesn’t.
This either means that your computer is oddly picky, and it’s 100% hardware issues (which means that the problem is with you, not with the client), or you’re exaggerating the issue because you don’t want to switch. I know this happens, you get comfortable with a viewer, you hear that the people behind it are generally bad people and have done bad things, and you’re getting talked into switching. You look at other viewers, and you’re just itching to find some critical flaw that will “force” you to stay with your viewer of choice. Every error is a catastrophe, every difference is detrimental, every missing feature is critical. But if they stick with it long enough, they settle down, and find out that it’s not as bad as they originally hoped.
“You know, I’m curious here and I guess if I went looking for LordGregGreg I could hear from his own lips what the exact state of affairs is. I remember him getting downright offended over the emkdu.dll and said it was the reason for his departure.”
The emkdu itself wasn’t as much of the problem as the attitude that came with it. When LGG first heard about the filepath showing due to the emkdu (and what this meant to Linux and some Mac users), he didn’t immediately quit the team. He reasonably informed Ph0x of the issue and asked that it be changed. Ph0x said he would change it, and that was accidental. Fair enough. The emkdu encryption gets cracked again and it’s discovered that nothing has changed. LGG asks again, and gets basically the same response. Obviously a pattern is emerging here.
This also wasn’t the first time LGG had a problem with what they were doing. He also had issues with Onyx, their griefer/ripper viewer side project, and was locked out of the team. Even after that, he stayed with them, perhaps in the hopes of being able to regulate some of the last thought out ideas and misguided behaviors. The emkdu was not a problem because of the file paths showing, it was a problem because it was a closed source depository where code could be activated that he could not control or oversee, and the Emerald team had immediately used it for privacy violation and refused to stop. That’s why he left the team.
Of course you’re not going to hear about it from an Emerald group. They’re still deleting and refusing threads and comments on the Emerald site, the group is the same way. If you were inclined to look, and not just on the Herald, SL Universe has had threads regarding pretty much every Emerald drama, and Lordgreggreg has commented on many of them, often times disagreeing with the Emerald devs.
“I will likely need to approach him directly about, if only to establish where the fork occurred and what changes have since been made to the viewer since then.”
Here’s a post he wrote listing the changes he made: http://www.sluniverse.com/php/vb/1002354-post107.html
Reportedly it’s based off Emerald 2270.
“Hold it right there. By any accepted industry standard, the fact Hazim’s website completely failed to roll over and kick its little feet in the air should be proof enough that there was no DDoS.”
The fact that they failed to do so doesn’t mean it’s not it. At best it’s “Attempted DDoS”, but it’s hard to tell “intent” with this, since the attack involved using the Emerald user-base as a bot-net, instead of a set number of bots. They put in the links, and whether the site crashed or just was spammed depended entirely on how many users happened to open Emerald during the period it was up. However, the fact that they did this with the possibility of a DDoS happening means that they accepted it as a possible if not likely outcome, which means while their intent may have just to spam (as highly unlikely as that is), they also accepted that their attack may have gone up to and included a full blown DDoS.
The attack took place between August 8th and August 17th, Hazim posted his bandwidth usage on SL Universe, showing the hyper-increased usage between those days. If you’ll notice, the shenanigans post didn’t come out until the 20th. Reportedly, the DDoS was discovered on the 17th and the user posted it on the Emerald forums. The DDoS was removed and the post deleted, and they spent the next 3 days trying to keep it under wraps (notice that Fractured in his post says: “Obviously, this was removed as soon as it was mentioned in our forum.” but if you search the forums, there’s no post like that). On about the 19th the evidence (the google cache for the page) moved to another forum, and it spread from there. Then they suddenly decided that “transparency” was necessary, and they did this by downplaying it as “silly shenanigans”. No one bought it that it was a silly prank, and you could tell they were easing off that story with Fractured’s post and the interview on the Paisley Beebe’s show.
Really though, even if we say that, somehow, this doesn’t count as a DDoS simply because it failed; It’s missing the real problem with this whole thing. The issue wasn’t just that they specifically did a DDoS on a targeted site, it was that they had the attitude and intent to use their viewer for malicious purposes (whether you want to call it ‘bandwidth leeching’, ‘spam attack’, or a DDoS), and not only that, but force their user-base to be an accomplice. It’s a breech of trust for their users, a breech of the TPV policy, and an attitude from the developers that shows they’re fine with criminal attacks on critics, whether it’s considered semantically a DDoS or not.
“You tell me, it is after all your sudden shift in attitudes I am sending up here. You say the database is bad, well lets for the sake of argument pretend you are right.”
I said my exact position on the IP thing. What’s bad about it isn’t the IP, it’s the connection of IP to the Avatar names. Though they were also fond of using Geolocation to spook people by threatening them with their real location.
I’ve not honestly even heard of the database being given out, certainly not on a massive scale. The worst I saw from it, was them giving out a list of names that were on it, which is a very reasonable thing to give out, since people should know if they were on it.
The fact that one person hacked it, and maybe even distributed it, doesn’t change that the other group had been knowingly collecting them. Just because I disagree with the actions of one doesn’t mean I agree with the actions of the other.
“Bad analogy. I like mine better. If you inadvertantly knocked Fractured out of a third story window tomorrow, would you go to the chair on a murder one charge?”
Accidental? That Fractured “accidentally” put 32 iframe links to Hazim’s site in the login page, and accidentally left it there for 10 days? The best he could claim was that he somehow “forgot” about it, but even that doesn’t change the fact that he knowingly and willingly put them in there in the first place, and the real issue behind that. That he had the intent and willingness to do it: he put the links in there, and he left them in there, knowing full well what it would do and what it would mean. The idea that any of this could have happened accidentally is frankly ridiculous, and is contradicted by Fractured himself in his post, he claims he did it out of “boredom” not accident.
““They” being Fractured? Or are we back to casting the entire Emerald dev team as being responsible for the actions of one man again? If the former, then I wholeheartedly agree. I’ve never held with such practices, not as a kid, not as an adult. If its the latter?”
Yes, but not on this particular offense, as it is not the first. Although even with this, it’s not entirely safe to assume that Fractured was the sole participant in this escapade. Chatlogs and youtube voice conversations suggest that the team knew about the DDoS but didn’t do anything to stop it. But no, the intent and willingness of the rest of the team comes elsewhere. Like Fractured, Ph0x, and Skills creating and developing Onyx for the purpose of having their own griefer/ripper viewer. Look hard enough and you could find this intent and willingness among most of the members of Emerald at some point or another, the rotten core of Emerald being Fractured, Ph0x, and Skills.
“And not whining about anyone else who chooses to use it, or indeed those who make it available for others to use. Or is that too much of an ask?”
The issue with people using it even beyond all these breaches of trust, is that a.) it sends a bad message to the developers, essentialy that no matter what the developers do, the users will continue to use the viewer and b.) It gives them support that gives them a form of power that they’ve thrived off of. The reason LL didn’t crack down on them like this so much sooner is very likely that a large amount of users of SL use the client, and banning it would mean ticking off these users. Therefore, anyone using it even beyond all these violations of trust is not only giving them power, but saying that even if they continue, they will not stray.
“What, you his messenger now, sent to coordinate a Distributed Denial of Sensibility? Go home, Nelson can fight his own battles if he chooses to, he doesn’t need YOU to wave his pom poms for him!”
In case you haven’t noticed, I’m fighting the same battle as Nelson. Have any comment on this event or would you prefer to ignore it?
Nelson Jenkins
Aug 26th, 2010
@ Jocelyn Pawpad
The only thing that you proved to me was that yes, you DO have some serious time to waste.
No, I take that back: you have proved to me that I should unsubscribe from all articles you post in so that you don’t crash the gmail app on my phone.
I will, thus, concede to you: you have an extensive future in literature and may, perhaps, become an artist someday. Otherwise, you have no talent and you’re full of shit.
By the way, I did manage to catch your “definition” of DDoS. It doesn’t mention at all that it must be successful, so let’s check out the Wikipedia article (as, generally, dictionaries are not always up-to-date with the exact definitions on tech-related subjects):
“A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.”
Now…
“Denial-of-service attacks are considered violations of the IAB’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.”
And, of course, don’t forget the TPV Policy. Hey! Fun little tip. If your ISP was in a bad mood today, it could’ve revoked your internet service over this. Isn’t that neat?
However, let me be frank. Your opinion does not matter. The Lab determined that it was a DDoS, and if you wish to fight that, be my guest. In a practical sense, though, you are still wrong, and it was a DDoS.
In any event! Please don’t bother responding to this, as I simply don’t feel like spending any more time arguing over these things. If you want to be an Emerald fangirl, that’s all fine and dandy. We’ll see what happens, and if Emerald is still around, good for you, your #1 client is still allowed to access the grid. However, when the next Emerald scandal pops up, I sure do hope you at least consider that you’re being shafted once again.
As for anyone else who bothers responding to her, you have my utmost sympathy.
W
Aug 26th, 2010
I don’t get why people are reporting problems with imprudence. I never had issues with the latest stable version. Though I’m actually using kirsten’s primarily because I enjoy the multiple attachment and multiple clothing layer features, and the graphics are fun to play with. I still have imprudence installed as a back up, and as a way to test how things look on the older viewer base by signing in with an alt.
imprudence also UPDATES a lot. Unlike Emerald. They have weekly releases where you can test new features, and if you don’t want a beta viewer just use the latest stable until they update it with the new stuff. While imprudence isn’t as feature-heavy as emerald, it is still being developed and will probably have a lot more in the future. Be patient!
Hell, if that still doesn’t work for you, give kirsten’s a try. It’s not so bad. really.
I actually prefer kirsten’s over emerald now since it has support for the official LL multi-attachments, so anyone with a v-2 based client can see them properly, not just other kirsten’s users. With emerald the extra attachments were hacked, and not only could only other emerald users see it but you also had to adjust them. The new way is better. No adjusting needed since multiple things can go on the same point.
Nelson Jenkins
Aug 26th, 2010
@ W
I’m pretty amped over media-on-a-prim myself, too… if only it could be implemented into v1.
Bubblesort Triskaidekaphobia
Aug 26th, 2010
@ Nelson: It is being implemented on the snowglobe code base by Imprudence. Look for it very soon.
Also: Cross-posting is lame.
Nelson Jenkins
Aug 26th, 2010
@ Bubblesort Triskaidekaphobia
Can’t wait… it’d open up a lot of opportunities.
By the way, if anyone is seriously interested:
http://emeraldscandal.wordpress.com/
Judge Joker
Aug 26th, 2010
Please join me in telling Linden Labs: Persona non grata Emerald, From Second Life http://bit.ly/d4Ic5r
Judge Joker
Aug 26th, 2010
You need to be logged into Facebook to view it.
Gaara Sandalwood
Aug 26th, 2010
“Can’t you? That makes two of us. Not that I think I’ve disregarded a great deal. Is Fractured carrying the can for what he has done and the other Emerald devs moving on not a matter for discussion? Or is that fact too inconvenient for the tenuous and shadowy associations merchants who would assure me Emerald works hand in glove with everything? What of the spam attack? It would seem the ONLY person prepared to credit that here is me; everyone else jawing on appears (correct me if I’m wrong) to want to call it a DDoS. Some are even prepared to outright call other people liars for it (I’ll deal with *them* later).”
For all that Fractured has done, just going “I realize my wrongs, sorry for the trouble, kthxbai”, is not an apology that would suffice. Or, in simple, just saying “I’m sorry” doesn’t exactly mean he really cares, and even more importantly, doesn’t mean that he should be immediately forgiven. I’m not focusing on the group as a whole atm, they seem to be too crippled to perform anything collectively(although I wouldn’t be surprised if they were still able to at this point), I’m not saying “oh god, they could be preparing their next move with these public announcements on their blog”, but rather just picking at who each person is and what they seem to have done on their own and with the help of others so far, and it’s a lengthy list of nothing but pure illicit actions and attempts to either apologize for them openly while behind the scenes planning whatever next thing they should do or just blatantly using simple things to cover their asses.
And ONLY you? I believe I stated earlier that I wouldn’t consider this purely a DDoS attack, but as an IT student I know how important bandwidth is and the fact that it’s not exactly okay to attack a site’s bandwidth, even if it doesn’t deny service.
“Yeah well no offence but I’ve seen some of the non-arguments that get presented HERE. And since no blog owner that I know of is under any obligation whatsoever to its readerbase, it becomes a case of “you pays your money, you takes your chances.””
But the general idea is that if anyone says anything in regards to criticism or brings up anything about recent scandals that have been occuring with Emerald at the center, they’re dealt with as if they got on the site and started bashing the shit out of Emerald and every one of the devs. I mean, if someone just came onto a blog I owned ranting mindless hate and rage I’d moderate them, but if it was just criticism and a bit of skepticism, I wouldn’t perform heavy moderation. For some it may be different but it just seems like heavy action is being taken for the simplest of posts there.
“Executing their own members – not sure what you mean here. Care to elaborate? Because the only head I’ve seen roll of late was that of Fractured and he fell on his own sword.”
LGG, who left and shortly after was presented as the subject of a blog post by the remaining devs(Arabella in particular), that downplayed on him and his own reputation and telling everyone he was practically useless and making hints that it was his own fault he ended up leaving.
“A tilt of a hat if I may to your earlier insistance that I “disregard everything the Emerald Team has ever done” – Fractured for all his faults and failings was a competent programmer and as such an asset to the development of the viewer.”
He also created a bandwidth attack, in the past one or two illicit viewers, and in general had a self absorbed god complex.
In the end he demonstrated a strength of character is accepting responsibility for a specific couple of unpopular and controversial actions and stepped down. In doing so, he demonstrated a strength of character I find sorely lacking in a good many people today.
Like I said, just making a well worded blog post doesn’t necessarily mean he really means it. Now if he does, more power to him, but the changing over a new leaf he has been done was just too sudden to make it look realistic. To explain:
*Fractured attacks the bandwidth usage of a site owned by a person that his group has had past run-ins with*
*Fractured gets the devs in general a lot of flack over this*
*Fractured suddenly goes “I’m sorry, please forgive me, I understand what I have done wrong”, practically overnight after the news gets out of the attack*
Not buyin’ it right now.
“He will be missed.”
*Guffaws*
“I will however congratulate you on your good fortune with viewer 1.x and even admit a small amount of envy regarding same. Would that 1.x worked as well for me. I could add in a Mystitool, my ANA_Mations, Marine Kelley’s RLV and Crystal Gallacia’s extra attachment plugins. Assuming it still worked of course, she withdrew it out of concerns the advent of 2.0 broke it.
Or I could stick with Emerald and have all that functionality and more, no questions asked. Okay, I lose the third attachment point layer doing so, but at least it doesn’t render me a tar baby. Sometimes you just gotta make concessions I’ve found, the world is an imperfect place.”
I don’t exactly need bouncing boobs, extra attachment points, and all the other stuff Emerald provides to have fun though, so just stick with whatever you find is best.
“And speaking of imperfection…
*NELSON”
I feel like I’m part of a comedy central roast now. hehe.
doc
Aug 26th, 2010
@yep
It is none of your business whose alt is whose. That right there is against the TOS as well as invading peoples privacy.
What an idiot.
i know, i just explained what the dataminer was made for.
What an idiot. 8D
Jocelyn Pawpad
Aug 27th, 2010
@ Gaara
- “For all that Fractured has done, just going “I realize my wrongs, sorry for the trouble, kthxbai”, is not an apology that would suffice. Or, in simple, just saying “I’m sorry” doesn’t exactly mean he really cares, and even more importantly, doesn’t mean that he should be immediately forgiven.”
You’ll get no argument from me there.
- “I’m not focusing on the group as a whole atm, they seem to be too crippled to perform anything collectively(although I wouldn’t be surprised if they were still able to at this point), I’m not saying “oh god, they could be preparing their next move with these public announcements on their blog”, but rather just picking at who each person is and what they seem to have done on their own and with the help of others so far, and it’s a lengthy list of nothing but pure illicit actions and attempts to either apologize for them openly while behind the scenes planning whatever next thing they should do or just blatantly using simple things to cover their asses.”
Kind of like I am doing here. I did say to Doc that I felt everyone on the planet deserved such a consideration every once in a while. If you do it too much more than that you run the risk of creating the kind of environment where the subject of scrutiny is just as likely to say “I’m already presumed guilty before I start so I may as well do what I please.”
- “And ONLY you? I believe I stated earlier that I wouldn’t consider this purely a DDoS attack, but as an IT student I know how important bandwidth is and the fact that it’s not exactly okay to attack a site’s bandwidth, even if it doesn’t deny service.”
You’re right, I do apologise. I’m sure you’ll understand its difficult to keep track of individual members positions when there’s half a dozen of them bombarding you with massive blocks of repeated content that needs to be explained ad infinitum. Remind me of you position again if it appears I’ve lost sight of it.
Bandwidth is important of course and ANY misuse of it reprehensible. Fractured is one specific instance. So is Hazim. In both instances bandwidth was misused for different purposes – one to breach security and steal content, the other simply to increase usage charges. I dispute the assertion there was any intent to take the sites offline though.
- “Yeah well no offence but I’ve seen some of the non-arguments that get presented HERE. And since no blog owner that I know of is under any obligation whatsoever to its readerbase, it becomes a case of “you pays your money, you takes your chances.””
- “But the general idea is that if anyone says anything in regards to criticism or brings up anything about recent scandals that have been occuring with Emerald at the center, they’re dealt with as if they got on the site and started bashing the shit out of Emerald and every one of the devs. I mean, if someone just came onto a blog I owned ranting mindless hate and rage I’d moderate them, but if it was just criticism and a bit of skepticism, I wouldn’t perform heavy moderation. For some it may be different but it just seems like heavy action is being taken for the simplest of posts there.”
Define what you mean by “heavy moderation”. I spend more time in the Jira than on the blogs traditionally and don’t have a massive amount of time to check all the blogs that relate to SL or even Emerald. If we’re talking about removing comments which appear placed solely to drag a thread off topic then I would suggest that moderation is justified otherwise each comment section becomes a free-for-all. And that’s not me excusing Emerald blogs, its me defending the right of any blog or related messageboard server owners right to do with the data submitted to them what they will.
Think for a minute who is actually footing the bill for this service here. If I were hypothetically to go from comment thread to comment thread on the Herald with a bee in my bonnet over something the Alphaville site owner had done then (guilty or otherwise) they would have every right to delete my comments. In fact, they don’t even need that much reason. They could delete or edit anything that is posted here by anyone because it is hosted on a service they pay for. I don’t contribute a single cent to their ongoing operating costs and I have no reasonable cause for complaint as to what they do with the content I entrust to their keeping, though I do have limited redress in choosing not to continue the arrangement if *I* choose.
Emerald’s blog is no different. NO website is any different. You may criticise any for how they are run in any place that allows you a soapbox to do it from, but unless your complaint has any financial component to give it that extra clout then your options are limited to “do I post here or not”. That much ought to be obvious.
- “Executing their own members – not sure what you mean here. Care to elaborate? Because the only head I’ve seen roll of late was that of Fractured and he fell on his own sword.”
- “LGG, who left and shortly after was presented as the subject of a blog post by the remaining devs(Arabella in particular), that downplayed on him and his own reputation and telling everyone he was practically useless and making hints that it was his own fault he ended up leaving.”
I understood Arabella was a communications officer, not a developer of the Emerald client. I also seem to recall her admission somewhere that she did not have the require knowledge to understand the code. Might it not be reasonable to suggest that this unlinked and therefore unread blog post might be the same kind of unfounded comment we see from people who malign the Gemini CDS project without ever having seen the source code for example?
Even so, I come back to my original question. “Executing their own members, care to elaborate?” Let me quote your own words back at you “LGG who left and shortly AFTER was presented as the subject of a blog post”. If he’d already left of his own volition (as did Fractured) then he could scarcely be considered a member at the time any subsequent blog post went up. You’ll need to point me at something a little more concrete I’m afraid.
- “A tilt of a hat if I may to your earlier insistance that I “disregard everything the Emerald Team has ever done” – Fractured for all his faults and failings was a competent programmer and as such an asset to the development of the viewer.”
- “He also created a bandwidth attack, in the past one or two illicit viewers, and in general had a self absorbed god complex.”
None of which can reasonably be said to negate the comment of mine you quoted. “Fractured for all his faults and failings was a competent programmer and as such an asset to the development of the viewer.”
- “In the end he demonstrated a strength of character [in] accepting responsibility for a specific couple of unpopular and controversial actions and stepped down. In doing so, he demonstrated a strength of character I find sorely lacking in a good many people today.”
- “Like I said, just making a well worded blog post doesn’t necessarily mean he really means it.”
Irrespective of whether he “really means it” or not, he accepted responsibility for it and stepped down.
We (well I at least) are not arguing about any apology for his actions, nor any “make good” proposals. The contention is he accepted responsibility for two actions which might reasonably be laid at his doorstep and left the development team.
It takes a lot of guts to publically admit error and wash your hands of a project that has effectively been your own baby from day dot. THAT is what I meant by demonstrating strength of character and you would do well to exercise a little of your own by conceding my point.
Take a look around you. This place is brimming over with people who practically want his head on a pike and all trace of him and his associates expunged off the grid forever. Do you seriously wish to confuse the issue with a debate the value of any apology or assurance he might make that it would never happen again? I don’t think Fractured would. I don’t think I could be bothered either. Too many people here are their own worst enemies for this. Genuine sorrow and remorse would be wasted on such a group that refuses to point blank to listen or afford any chance of redress.
- “Not buyin’ it right now.”
And there are those who never will, even if he could keep his nose clean to the ripe old age of ninety.
- “I will however congratulate you on your good fortune with viewer 1.x and even admit a small amount of envy regarding same. Would that 1.x worked as well for me. I could add in a Mystitool, my ANA_Mations, Marine Kelley’s RLV and Crystal Gallacia’s extra attachment plugins. Assuming it still worked of course, she withdrew it out of concerns the advent of 2.0 broke it.
Or I could stick with Emerald and have all that functionality and more, no questions asked. Okay, I lose the third attachment point layer doing so, but at least it doesn’t render me a tar baby. Sometimes you just gotta make concessions I’ve found, the world is an imperfect place.”
- “I don’t exactly need bouncing boobs, extra attachment points, and all the other stuff Emerald provides to have fun though, so just stick with whatever you find is best.”
I intend to. I would also champion the right of everyone else here to do the same.
- “And speaking of imperfection…
*NELSON”
- “I feel like I’m part of a comedy central roast now. hehe.”
More like the Salem witch trials I think.
@ Nelson
- “The only thing that you proved to me was that yes, you DO have some serious time to waste. No, I take that back: you have proved to me that I should unsubscribe from all articles you post in so that you don’t crash the gmail app on my phone.”
Try the Opera Minibrowser instead. I mean if you’re making a genuine observation and not merely complaining for the sake of complaining. It doesn’t cost a cent, its incredibly stable and (you’ll like this bit) guaranteed 100% Emerald-free.
Always happy to be of help.
- “I will, thus, concede to you: you have an extensive future in literature”
Hold that thought.
- “By the way, I did manage to catch your “definition” of DDoS. It doesn’t mention at all that it must be successful”
Firstly, it the 2009 Harper Collins Dictionary definition. Not some open-source project whose legitimacy might reasonably be challenged (sound familiar?), but a recognised and current government approved authority. And it infers success of the attack when it says “that the computer is obliged to shut down.” Don’t mess with me over this, I “have an extensive future in literature” apparently.
As to your invocation of the Linden Lab gods as some sort of final authority on the matter, might it be proper to ask where your voice was when they were in direct and ongoing contact with Fractured over the results of the Onyx project? We all know the answer to THAT. By your actions, you were by proxy questioning Linden Lab’s judgement in the matter of Onyx. How strange that you would so blithely afford Linden Labs nomenclatoiral authority on website attacks, yet when it comes to issues directly affecting their bread and butter like SL and TPV security, YOU of all people know better than they?
And you have the hide to tell me I’M full of shit. I’m smiling Nelson, that’s the funniest joke I’ve heard all day.
Now, given that this is the second time you’ve begged me to leave your comments go unquestioned in much the same manner as you’ve avoided questioning the bulk of my previous post, I’m going to let you in on a little secret. If you REALLY don’t want me to post at you, the BEST way you can demonstrate this is to turn your back and walk away from the argument completely uncommented, without as much as a keystroke regarding me or anything I have said in response to you. Remember who approached who here. I didn’t invite your comment in the first place, however you felt your comment worthy of directing my way and for my part I was prepared to extend you every courtesy for formal argument. I didn’t get where I am today by meek acceptance, I’ve fought hard for the knowledge I have attained.
If you feel your are not equal to the task of educating me further, you know where the door is. Otherwise feel free to continue and be assured I am listening closely and more than prepared to question anything that you say.
*smiles*
And yes, I will be leaving it up to the Alphaville Herald’s disrection as to what is “too long” to bother with. If my screeds, as comprehensive as they are out of the necessity to avoid claims that I “neglected to mention” this and “totally avoided” that were indeed to long, they wouldn’t have set the comment box character limit so high in the first place.
Jocelyn Pawpad
Aug 27th, 2010
@We
- “it remains the most stable of all clients for ME and MY system.”
- “You may very well be right, the trouble with this entire set up however is, Emerald and Imprudence are not two wildly different programs. They’re both built from the same place, the default Second Life client, and thus share a lot of the same code. They only start to differ in terms of a relatively small amount of features, and even a lot of those features are patched in from the same source. It doesn’t quite follow that they should behaving so drastically different, unless the entire client has a seriously fatal crash bug in it, which it doesn’t. This either means that your computer is oddly picky, and it’s 100% hardware issues etc etc
Which I have already attributed it to. Hardware issues. Numerous times, possibly in posts you’ve scrolled past. Why are you wasting my time with this when you know how the natives feel about longwinded contrary opinions?
The system I use is due for retirement and I accept that as being the prime reason why one variant of an application might fare better on it than another. I did qualify my statement by saying that it applied to ME. So far this hasn’t been a problem as Emerald has sufficed for connection to the grid where I am concerned. I have trialled other clients. They didn’t work as well. I will no doubt trial them again in the future when the priority of a new system overrides more pressing concerns. I suspect at that point connection speed will play more of a factor and possibly another client might perform better against it, though for the moment I am proceeding with the latest beta of the Emerald viewer and it is meeting my requirements just fine.
But to hear you downplay my experiences with jet black avatars and the inability to log in to my own sim in the manner you have done is downright puerile. “Stick with it and maybe it wont be as bad as I hoped?” Don’t be ridiculous. Fractured and LordGregGreg might enjoy roaming the grid as obsidian entities, I don’t. You’d think that I’d be afforded the chance to enjoy the hours of creativity, talent and downright hard work thats gone into making up my avatar, not be told that getting stuck at some random telehub looking like a shapely golliwog is “not as bad as I hoped”.
On the other hand your comprehensive insight into LordGregGreg’s departure is greatly welcomed. It hasn’t been a topic thats received a lot of comment off the forums and with so many of them to wade through I just haven’t the time to do my own research into the matter. Understand that while I don’t dispute your account, I’d still welcome the chance to hear it from the main players themselves. If you’ve ever played the game Chinese Whispers as a child you’d have to agree the surest bet is to get it straight from the horses mouth. As things are understandably hectic at this point, what with the new client to be tested and approved and all, I don’t see there’s going to be any opportunity for the kinds relaxed fireside chats with any past or present devs I’d want for a better understanding in the immediate future and LordGregGreg has no reason to trust my bona fides either way since we’ve never even met. It should prove an interesting conversation though. There’s obviously going to be differences of opinion and as a relative outsider (I beta the viewer, I don’t code for it) I imagine my understanding of events is going to be limited to what information the main players are prepared for me to hear or explain for my better understanding.
- “By any accepted industry standard, the fact Hazim’s website completely failed to roll over and kick its little feet in the air should be proof enough that there was no DDoS.”
- “The fact that they failed to do so doesn’t mean it’s not it.”
Remembering I still have only heard this was done under Fractured’s whim and on his own server. A point was made earlier in the comments (to paraphrase Doc) that it was the whim of a young adult acting irresponsibly. That much I can believe in light of Fractured’s own admission and the reports of people like Arabella walking from the project.
I’ll openly admit I haven’t first hand knowledge of who enjoys that level of access to the webpage login and I am a lot closer to ground zero than many here. I can accept Fractured’s involvement based on the fact the domain was his. There’s opportunity. His site was the previous target of a hacking attempt. There’s motive. If I am to presume he is in part like so many males his age that have an interest in scripting I can also presume intent. All of this is before me, even before I read his resignation letter wherein he claims full responsibility before handing control of the project over to a person who only hours before turned her back on the project.
That an attack of some description happened I do not deny but with my previous experiences and understanding of current events I find it incredible that a good many people would paint it to be something it so obviously is not. Particularly when what it ACTUALLY was is every bit as ill advised and deserving of remedial action. A lot here have mistaken my continued insistance no DDoS occurred to mean no attack occurred in spite of my repeatedly calling it for what it was.
Bandwidth leeching. Spamming. These are the proper terms for what occurred. That the triggers were “Distributed” across a number of clients does not automatically confer an intent to deprive service, there simply being not enough concurrent “attacks” to constitute one. I’ve proven the math already, offered independent testimonial from an experienced IT professional, even brought out the dictionary. Tellingly enough, it was dismissed with “tl;dr”.
I believe the real reason why so many refuse point blank to call the attack for what it was can be attributed to a burning desire of an exceptionally vocal minority to stamp out Emerald, no matter the cost. We as humans have a long and violent history of attempting to destroy that which we most hate and fear. We close our eyes and pray to Gods we invent to righteously smite our foes for us. That is NOT rational behaviour and I for one am not prepared to stand idly by and watch a community I have invested my own blood, sweat and tears in degenrate to the level of dogs and sheep.
- “The attack took place between August 8th and August 17th, Hazim posted his bandwidth usage on SL Universe, showing the hyper-increased usage between those days.”
Here I come back to the question “why didn’t he DO something about it?” NINE DAYS???? A guy who in his spare time hacks the databases of evil, data-mining uber-overlords (read young American male, presumed bulletproof), waves them about for all to see, leaves his digital derriere dangling out in the wind to be molested for ….nine….days.
You’re gonna hate me for this, but I’ve got no sympathy at all.
None.
Nada.
Zip.
Listen, we can debate many things until the cows come home and gobble my petunias but what a maroon! NINE, count them NINE DAYS!!!! At any point during which time the budding hacker might have discovered this bona fide attempt to drive his Alexa ranking up and put a stop to it in the manner I described earlier. Far out! I mean changing the name of a directory and doing a search replace in notepad of the relevant html files might take a few minutes if you’re a slowpoke but… NINE DAYS????
And this guy Hazim is claiming grievance against a guy he hacked? A young, high spirited creator of clients, all but one of them either banned or at least severely restricted? You really, truly, expect me to believe Hazim had no idea?
Don’t even think you can take me for that much of a fool, We.
It never occurred to Hazim to adopt a more proactive level of interest in his own website’s security after he so blithely compromised that of another and held it up for public ridicule? If you truly believe that then you are a cretin. I put it to you that Hazim knew exactly what was going on, moreover he allowed it to continue to happen before launching himself at SL Universe to cry crocodile tears at the masses. And of course everyone just lapped it up.
Nobody, not Hazim, not his webhost said “hang on, where’s that extra 3MB/s coming from?” That is just plain retarded. NINE DAYS!!!
Nine days.
Jeeeesus.
If I were Hazim, I’d be laughing myself sick at the lot of you. That’s the biggest snow job I’ve heard in all the time I’ve been here. How many of you are in on the gag may I ask, and how many of you are just nodding your head and letting others call the shots? Leeching bandwidth is wrong, hacking websites is similarly wrong, but this just takes the biscuit. Outstanding. A truly stupendous black comedy. Well done everyone. Do I dare dig any further?
- “Really though, even if we say that, somehow, this doesn’t count as a DDoS simply because it failed; It’s missing the real problem with this whole thing.”
No kidding. I’m still reeling from your disclosure of the period of time it happened across and the ever present assertion this is something the Emerald devs are somehow responsible for. Finishing off this reply to you and leaving the Alphaville behind to concentrate on my 2L and 1L seems to be the choice to make. Unless there’s a pending announcement that Hazim and Fractured preplanned the whole Punch and Judy show, I don’t see how you can top yourselves here.
*exhale*
Ooooookay, your comment about the database being given out. You can argue it is proper to do so in any of the forms it might have appeared in but none of these arguments will change the fact that it was illegally obtained in the first place. Hacked. Or to use a more general term, stolen. Real life law carries penalties not only for theft, but also for being in possession of stolen goods. Using this argument, we might reasonably presume that anyone who saw the database in question as provided by the hacker (a process requires it to be cached inside your internet browser) is in fact in possession of stolen goods and is therefore guilty of a crime. Your assertion that everybody has a right to see the contents of the stolen database is as good as proclaiming that everyone has a right to break the law. I know a few policemen who would have a problem with your claim.
In-world there are a sizeable number of proprietary security tools which are used to match the IP addresses of different avatars against each other. These tools purportedly exist to combat griefers and copybotters and do so to varying degrees of success, presumably under the tacit approval of Linden Labs. Gemini and Onyx are but two examples, there are as I understand it many others. Should I choose to, I may purchase any of their number an be more or less reliably informed from the respective database if avatar X is in fact a clone of the one who griefed me two months back on my land AND what other names to watch for.
I have no way of knowing the character of the people who maintain these databases. What I *DO* know is that having access to this kind of information carries with it a grave responsibility not to abuse the privilage of having it at my fingertips. It is offered in the strictest of confidences for the express purpose of keeping troublemakers out. If I chose to, I might take my pick of the commercially available ones on XStreet right now.
Think about that for a minute.
You are quick to raise the issue of trust. Very well. I trust that my avatar is on not one, but MANY databases and I also trust that more than I know probably incorporate my IP address alongside of it. Tools to view a percentage of these databases are readily available through an approved outlet maintained by Linden Labs itself (XStreet). Of the ones available for open purchase in this manner, stringent requirements of non-disclosure apply. These requirements are quite rightly employed in accordance with the Linden Labs Terms of Service, who in turn limit their legal liability for the collection of such data (which includes IP addresses).
- “The worst I saw from it, was them giving out a list of names that were on it, which is a very reasonable thing to give out, since people should know if they were on it.”
Interesting position to take. How many unsolicited hacking attempts might we expect from Hazim, (or indeed anyone else) for the “very reasonable” purpose of knowing if we are on any of these other databases?
The answer is of course “none. Someone arbitraily decided for themselves that Fractured Crystal made a worthy target and promptly set about breaking US law to get at his database. This same someone then saw fit to disclose such information in direct defiance of the Linden Labs ToS on a third party website while people hungry for Fractured’s head cheered enthusiastically and playing join the dots on the rest of the Emerald devs. And when vigilante “justice” was later served, those same enthusiastic cheers turned to the boos and hisses of condemnation.
That is the height hypocrisy in anyones language, though I know full well I’d be hard put to get anyone here to admit it. If you’re looking for a prima facie case of guilt by association, the way so many of you closed ranks about Hazim’s felony (and that is after all what hacking is) makes each and every one of you felons. You don’t need the Emerald devs association with Fractured, not when you have such a glowing example in yourselves. Of course, its something altogether different when its yourself.
The blatant and unashamed double standards of the “moral” majority. It has a nice ring to it, probably because of the complete lack of substance of so many who haunt the comments sections here with a mob mentality, fighting each others fights with closed minds and empty endless parroted rhetoric. “Welcome to Alphaville, Jocelyn. Now get at the bottom of the dogpile and don’t get TOO smart or TOO wordy, we might block our ears at you!”
*laughs*
The only reason I don’t pity you is because you *like* it that way.
- “Bad analogy. I like mine better. If you inadvertantly knocked Fractured out of a third story window tomorrow, would you go to the chair on a murder one charge?”
- “Accidental? That Fractured “accidentally” put 32 iframe links to Hazim’s site in the login page, and accidentally left it there for 10 days? The best he could claim was that he somehow “forgot” about it, but even that doesn’t change the fact that he knowingly and willingly put them in there in the first place, and the real issue behind that. That he had the intent and willingness to do it: he put the links in there, and he left them in there, knowing full well what it would do and what it would mean. The idea that any of this could have happened accidentally is frankly ridiculous, and is contradicted by Fractured himself in his post, he claims he did it out of “boredom” not accident.”
I think you missed my point here. Possibly on purpose, possibly not. I think I might make a good guess which. The distinction was being drawn between a clear-cut case of murder three and murder one, both crimes but of different degrees and of course different outcomes. If you’re getting the wrong end of the stick on this, it is perhaps not surprising you’re having trouple telling a bandwidth leecher from a DDoSser.
- ““They” being Fractured? Or are we back to casting the entire Emerald dev team as being responsible for the actions of one man again? If the former, then I wholeheartedly agree. I’ve never held with such practices, not as a kid, not as an adult. If its the latter?”
- “Yes, but not on this particular offense, as it is not the first. Although even with this, it’s not entirely safe to assume that Fractured was the sole participant in this escapade. Chatlogs and youtube voice conversations suggest that the team knew about the DDoS but didn’t do anything to stop it.”
First I’ve heard of it, but that’s not an unnatural experience for me here I’ll admit. I’ve heard a lot of mostly unsupported claims over the last few days of events I’ve no reference for or which have totally flown in the face of things I either know or have good reason to expect are true. Sometimes I’ll get lucky and someone with throw me a link but too much of the time I’m expected to accept the word of someone who snarls at me to “do my own research” when my questions get too nasty for them.
- “But no, the intent and willingness of the rest of the team comes elsewhere. Like Fractured, Ph0x, and Skills creating and developing Onyx for the purpose of having their own griefer/ripper viewer.
This I *do* remember the video for. A bunch of people from Woodbury I think had cornered Fractured and one guy offered to buy it off him for “twenty dollars and like fifteen cents”. As I recall, Fractured declined the offer. I’m pretty sure he also indicated in the same video that he regularly met with Linden Labs to discuss matters arising from the Onyx client. My *impression* of the client was that it was more or less a research tool to find exploits and report them back to Linden Labs. The few screencaps I saw pasted up would appear to support this. Griefing and ripping are issues that have plagued this grid since well before I got here. Onyx *probably* had those capabilities as the research tool Fractured claimed it to be. If it did, I expect Linden Labs kept a very close eye on proceedings.
I’ve asked a few times here for names to be named and you’re the first to oblige me. You’ve claimed its use for three of the then Emerald devs. That’s not ALL of the Emerald devs of course, its three admittedly high profile names. I can only reasonably agree on one of those names and leave your claim to the other two to stand uncontested until they can be proven either way. There could have been more people in possession of the client. I have no way of knowing if there were, but if I were the CEO of a large metaverse like Second Life then I’m pretty sure it would make good sense have an up to date and unbroken copy of such sensitive software so I could at least satisfy myself what it did and have my own developers come up with effective fixes. I’d also want to keep in close contact with all people operating the client.
When I need a job done, I want someone who specialises in that field. Fractured has a reputation for writing code and he’s previously been kicked out of SL for some applications of it. Who is better to handle the task of hunting down exploits in my software than someone with a demonstrated track record of having done it? All I would really need is some kind of assurance that this person wasn’t about to go nuts with the toy I allow him to have and the idea begins to look workable. Its cheaper than hiring a high priced IT specialist and its almost certainly going to get the job done faster. Linden Labs may or may not have adopted this approach. If they have then they aren’t the first. I don’t know what agreement was reached between them or even if there was any agreement at all. All I have to go on is a private client was being developed, that Linden Labs knew of it and were kept abreast of it through weekly updates which would be right and proper given the nature of the client.
You’ll tell me its wrong to allow someone of Fractured’s pedigree to have that kind of leeway. Okay, what’s the choice? If the option is playing catch-up with hundreds of 12 year old script kiddies actively trying to destroy your multi-million dollar business then wouldn’t you say “better the devil you know”? I know I would. And as the executive with the power to throw him to the wolves at a moments notice I wouldn’t be too forthcoming with the details of any deal I struck with him either.
I’m down here with the rest of the regular folk. I’m not required to make those kinds of choices. That’s Linden Labs’ job. Whatever choices they’ve made its got them this far.
- “And not whining about anyone else who chooses to use it, or indeed those who make it available for others to use. Or is that too much of an ask?”
- “The issue with people using it even beyond all these breaches of trust, is that a.) it sends a bad message to the developers, essentialy that no matter what the developers do, the users will continue to use the viewer and b.) It gives them support that gives them a form of power that they’ve thrived off of. The reason LL didn’t crack down on them like this so much sooner is very likely that a large amount of users of SL use the client, and banning it would mean ticking off these users. Therefore, anyone using it even beyond all these violations of trust is not only giving them power, but saying that even if they continue, they will not stray.”
Yes, I recognise the inherent dangers and if we check my previous War and Peace effort there’s a good stack of comment to indicate our opinions are not alien to each other. I can well understand the recent gentle nudges of the current CEO for Emerald users to consider other clients even as he assures us all reasonable opportunities are being provided for Emerald’s core devs to bring the client back to TPV compliance level. I haven’t seen the list of issues to be addressed, though in deference to your comments about the quality of messages being sent to developers, a stark and crystal clear one I believe has been more than adequately sent to those responsible for the coding of the client.
I can imagine a certain amount of jaundice on your part though I am a little more willing to wait and see. I’ve never considered Emerald to be a griefing client, though it may please you to know (if you haven’t already read this by the time my comment is up) that one of the Lab’s conditions is the removal of the controversial third party KDU (emkdu.dll, llkdu.dll) to facilitate compliance with the GPL. Earlier, Emerald users were invited to demonstrate a show of good faith with the manual removal of the aforementioned library (I’ve not had it installed for many weeks myself), a new release of the Emerald client without it is expected soon with older clients to be shut off from accessing the grid at the developer’s timely requests. Sadly, my beloved 2439 will likely be one of them.
Even with the increased scrutiny currently being undertaken LL I’m sure there will be those who’ll continue to point to the past, rehashing old vendettas for want of anything more immediately worthy of criticism. I expect all the Emerald devs will continue to be bracketed together by the same pious voices and demonised for the real and imagined past transgressions of a select few, just as the Woodbury crowd were. Some things evolve and some things just never change. A few of us make the attempt. Thanks for honouring me with that much We.
- “What, you his messenger now, sent to coordinate a Distributed Denial of Sensibility? Go home, Nelson can fight his own battles if he chooses to, he doesn’t need YOU to wave his pom poms for him!”
- “In case you haven’t noticed, I’m fighting the same battle as Nelson. Have any comment on this event or would you prefer to ignore it?”
You’re funny. I like you.
Cue the tl;dr’s
Nelson Jenkins
Aug 27th, 2010
@ We
omg tl;dr wtf
@ Jocelyn Pawpad
A good rule of thumb is if the comment is larger than the article, you might want to consider just writing a new article.
In any case, I’ll stick to the CERT and Wikipedia definitions myself, both of which do not cite any necessity for the success of the attack, while you stick to a non-technical dictionary. Agree to disagree.
Otherwise, I will be taking your suggestion. Can’t argue with a fangirl, I guess.
Gaara Sandalwood
Aug 27th, 2010
“They could delete or edit anything that is posted here by anyone because it is hosted on a service they pay for. I don’t contribute a single cent to their ongoing operating costs and I have no reasonable cause for complaint as to what they do with the content I entrust to their keeping, though I do have limited redress in choosing not to continue the arrangement if *I* choose.”
But they don’t, is the point. For example, Persephone made arguments that almost no one agreed with before, her posts were still allowed. I’ve actually never had a post here moderated heavily, or at all, in fact.
And to explain, some people have posted on their blog simple questions like, “What happened with this recently alledged DDoS attack, what’s that all about?”. Instead of even bothering to say it was nothing, they deleted the post. Someone even made a topic from what I heard asking lots of questions about the recent events, the topic was locked and deleted immediately.
Like I said, not bashing, but even comments and attempts to request simple answers about what has been going on that even reference negative events that have been made on their sites were usually deleted and swept aside. That’s what I mean by heavy moderation.
“More like the Salem witch trials I think.”
I’m not exactly persecuting Fractured here, I really, and I seriously often ponder how he’d respond to this, don’t give two shits about his existence one way or another right now. I’ve got more important things online and irl to worry about than a 17/18/however year old guy in an apartment messing with code. I mean, the Emerald viewer had great features and promise, but then it was used for things like the recent events and such.
As for Fractured manning up, I heard it’s quite possible to just make a new account, and for someone who’s as good a programmer as you say he is it wouldn’t be too big of a deal to just slip back in.
However, this occured very recently, so I can’t just jump the gun. Even if it’s possible that this whole taking the blame thing is just a public ruse, I also think it’s possible(even if only slightly), that it could be true. All I can say is the only way to be certain is to wait and see, unless he’s actually learned how to be stealthy and not brag about everything we’ll know in a while if he has resurfaced or not.
We
Aug 27th, 2010
@Jocelyn Pawpad
“These are the proper terms for what occurred. That the triggers were “Distributed” across a number of clients does not automatically confer an intent to deprive service, there simply being not enough concurrent “attacks” to constitute one.”
What is most odd is why you’re splitting hairs on the semantics of this at all, if you accept that the intent, effect, and criminality is the same regardless of whether it’s a DDoS or a Spam attack. Not to mention that the real problem here wasn’t attacking Hazim’s server, it was using their entire userbase to do it, and that doesn’t change no matter what you want to call it. The only reason that I can think of is that “Bandwidth leeching” sounds like a much better spin than DDoS. Nelson is right however, in that the CERT definition only says “attempts to “flood” a network, thereby preventing legitimate network traffic”, which suggests that it doesn’t matter if it fails or not, if the intent is there to screw up their servers, whether by taking them down or by filling them with traffic that it’s hard to use them, then it’s considered a DDoS.
“Here I come back to the question “why didn’t he DO something about it?” NINE DAYS???? A guy who in his spare time hacks the databases of evil, data-mining uber-overlords (read young American male, presumed bulletproof), waves them about for all to see, leaves his digital derriere dangling out in the wind to be molested for ….nine….days.”
First off, how exactly do you know a DDoS attack is going on, if in the point you’ve been trying so hard to push: it never brings down the servers? Unless you happen to be the type who looks at your bandwidth usage every single day, chances are you’re not going to notice it. Secondly, Hazim says he doesn’t use the server that much, so he probably wasn’t even looking at it at all when the attack was going on. In fact, he wasn’t even the first to find out about the attack. It was discovered on the 17th by an Emerald user and posted on the forums, after the Emerald team deleted the post and gagged the user, it wasn’t heard of again until the 19th when presumably that user came over to SLU and posted about it. Then the thread exploded and it wasn’t until a few hours later even that Hazim found out about it, and looked at his bandwidth stats.
So I’m not sure why you think it’s so odd that he wouldn’t know about a DDoS attack that failed to bring down the servers that he never uses or updates.
“It never occurred to Hazim to adopt a more proactive level of interest in his own website’s security after he so blithely compromised that of another and held it up for public ridicule?”
How exactly do you defend against a DDoS? Especially since no one thought that they’d use the client for it. Not to mention the “hacking” was like half a year ago.
“And this guy Hazim is claiming grievance against a guy he hacked?”
Actually no, he’s not. He says he doesn’t particularly care and doesn’t want to go through the trouble of going against it. He’s simply going to call his host and explain that he got DDoSed, and then he intended to call the ISP Jcool was using and tell them he had done a DDoS attack. Besides that, he mostly just thought it was amusing, since reportedly by his account, they’d tried and failed a few other attempts to piss him off, like getting his Vivox account in SL revoked, and claiming that they got his ISP to take down his service (they hadn’t, obviously).
This was his response when he found out: http://www.sluniverse.com/php/vb/999157-post69.html
“You can argue it is proper to do so in any of the forms it might have appeared in but none of these arguments will change the fact that it was illegally obtained in the first place.”
None of the arguments ARE trying to change that fact. As I said before, just because I’m using the evidence obtained, doesn’t mean I agree with the methods that it was obtained by. And while evidence that was illicitly obtained may not be admissible in a court of law, I’m not one and I can’t unsee something and disregard it as evidence just because someone hacked it.
“Your assertion that everybody has a right to see the contents of the stolen database is as good as proclaiming that everyone has a right to break the law”
…Where exactly did I make that assertion? At worst, I said that people should know if they’re on the list, which isn’t knowing the contents of the database exactly, only if you’re in it.
“These tools purportedly exist to combat griefers and copybotters and do so to varying degrees of success, presumably under the tacit approval of Linden Labs.”
You would be presuming too much then.
“Gemini and Onyx are but two examples”
Gemini is an example, Onyx isn’t. Onyx is a grieffer/ripper client made by the Emerald team.
“These requirements are quite rightly employed in accordance with the Linden Labs Terms of Service, who in turn limit their legal liability for the collection of such data (which includes IP addresses).”
There are no requirements for non-disclosure, as this idea of finding avatar’s IPs based on a quicktime exploit is not explicitly approved by LL. As such, they’ve made no requirements on what is to be done with the information. If someone has claimed that there are non-disclosure agreements or requirements, then they’re self-imposed ones.
“The answer is of course “none. Someone arbitraily decided for themselves that Fractured Crystal made a worthy target and promptly set about breaking US law to get at his database. This same someone then saw fit to disclose such information in direct defiance of the Linden Labs ToS on a third party website while people hungry for Fractured’s head cheered enthusiastically and playing join the dots on the rest of the Emerald devs.
“And when vigilante “justice” was later served, those same enthusiastic cheers turned to the boos and hisses of condemnation.”
Are you considering this DDoS against Hazim to be “Vigilante Justice”? Besides the fact that this DDoS happened almost half a year after the hacking attempt had been done and forgotten (Kind of late for “justice”). By your same token, wouldn’t Hazim’s hacking attempt be Vigilante Justice as well, since it was not at all random, it was targeting a group that was using their power illicitly against him and his group. I find it interesting that you are at once condemning Hazim’s actions as illegal, but praising Fractured’s as “vigilante justice”.
If Hazim is guilty and they knew he was guilty, why wouldn’t they have sent the authorities on him? Think about that.
“I think you missed my point here. Possibly on purpose, possibly not. I think I might make a good guess which.”
You used the word “Inadvertantly” and “accidentally” in comparing a crime to Hazim’s, what is there to miss? You’re either comparing an accidental crime to an intentional one, which makes it a poor analogy, or you’re attempting to indirectly suggest that Fractured did this accidentally. Don’t blame me for your poor choice in words.
“My *impression* of the client was that it was more or less a research tool to find exploits and report them back to Linden Labs. The few screencaps I saw pasted up would appear to support this”
That is certainly the excuse they were using for it, and it’s a good one. You must have gotten a highly different impression from the screencaps, the ones I saw featured various kinds of attacks that would be no good for testing purposes, but excellent for more efficient griefing.
But really, the big problem with this excuse is: who appointed them as official exploit testers? Considering that everyone on Onyx had a background of creating griefer/ripper clients for decidedly NON-testing purposes, or using ripper clients to steal content, they would be the WORST people for this job.
As far as I know, LL knew very little about Onyx and Modular Systems wasn’t required to tell them much of anything, since it was a closed-source side project.
“I can only reasonably agree on one of those names and leave your claim to the other two to stand uncontested until they can be proven either way.”
These are the people that were listed as being in charge of the Onyx team before they took the site down after it was revealed what Onyx really was.
One of the things that was pulled from the hack was the Onyx SVN which had entries from all three of those people as well as Discrete. I also note that a lot of the comments weren’t so much “here’s a griefer feature for testing” and more “LOL GRIFFER”, especially from Phox, who you might note is still on the team.
Here’s the thread about it: http://www.sluniverse.com/php/vb/general-sl-discussion/44468-onyx-source-code-has-been.html It lists the names of all the people who contributed to Onyx based on the SVN.
“When I need a job done, I want someone who specialises in that field. Fractured has a reputation for writing code and he’s previously been kicked out of SL for some applications of it. Who is better to handle the task of hunting down exploits in my software than someone with a demonstrated track record of having done it?”
I might have agreed with this in different situations; but there’s two problems here. The first being that no one appointed them to do this, they simply did it on their own. That’d be like having an ex-burglar test the security of people’s homes by breaking into them, without anyone actually asking him too. The second problem is, the people who do these kinds of jobs are EX-burglars, EX-hackers, and EX-griefers, but Jcool and Phox show no signs of being EX anything.
“All I have to go on is a private client was being developed, that Linden Labs knew of it and were kept abreast of it through weekly updates which would be right and proper given the nature of the client.”
Again, the team had no requirement to tell LL anything about Onyx. The meetings were in regards to Emerald.
“I’ve never considered Emerald to be a griefing client, though it may please you to know (if you haven’t already read this by the time my comment is up) that one of the Lab’s conditions is the removal of the controversial third party KDU (emkdu.dll, llkdu.dll) to facilitate compliance with the GPL. Earlier, Emerald users were invited to demonstrate a show of good faith with the manual removal of the aforementioned library”
I never have considered Emerald a griefing client either, but I consider a lot of the people in charge to be malicious and short sighted, and willing to use it for their own ends, like Jcool did.
Interesting you mention that they were asked to remove the emkdu, and that as a show of good faith they earlier asked people to remove it themselves. Because even earlier than that, Phox was suggesting in the emerald forums that it was okay to use the emkdu and giving links to an “updated and clean” version including an full installer AGAINST that rule and that show of faith.
The post is listed here: http://emeraldviewer.net/forum/index.php?topic=4199.0
“Emerald devs will continue to be bracketed together by the same pious voices and demonised for the real and imagined past transgressions of a select few, just as the Woodbury crowd were”
I can certainly forgive one’s spotted past, when Emerald first came out, I knew about what the devs had done and what kind of people they were. But Emerald was a good client, and it seemed like they were trying to turn over a new leaf. I used it for probably over a year, and I didn’t switch off of it because of concerns with the devs, I switched to Cool Viewer because they had Alpha layers and no one else did besides 2.0, and I found those extremely useful.
However, after of which, the devs seemed to be on a mission to prove that they had not changed at all, and more and more evidence came out to that fact like datamine and Onyx. If they could actually prove that they’d changed, I’d be fine with them, but it seems like everything they do is proving that they’re the same as they ever were.
They say, “Fool me once, shame on you, Fool me twice, shame on me”. Well they’ve fooled their users about 6 times now, how many more are you going to take before you accept they haven’t changed, and in fact are only getting worse?
thecow
Aug 28th, 2010
Jessica Lyon: surely, you must realise if a ddos attempt was truly made.. there would have been downtime right?
NOPE
failed DDOS attempt is still a DDOS attempt lol Jessica
Jocelyn Pawpad
Aug 28th, 2010
@ Nelson
- “A good rule of thumb is if the comment is larger than the article, you might want to consider just writing a new article.”
Another good rule of thumb is the character limit of the comments box, along with any concerns you “may have missed something” from the person you are responding to.
- “generally, dictionaries are not always up-to-date with the exact definitions on tech-related subjects”
- “In any case, I’ll stick to the CERT and Wikipedia definitions myself, both of which do not cite any necessity for the success of the attack”
The former being an archived document from 13 years ago which also says things like “not all service outages, even those that result from malicious activity, are necessarily denial-of-service attacks”. The latter being as open source as the client you claim to be corrupted.
- “…while you stick to a non-technical dictionary.”
Which as we learn is more current your former source and far less likely to be discredited for tampering as the latter. Sure thing.
- “Agree to disagree. Otherwise, I will be taking your suggestion. Can’t argue with a fangirl, I guess.”
Or it would seem a dyed in the wool Emerald hater. Thankyou for your time Mr LLC Fraudular Systems, I am taking away more from this exchange than you appear to be giving me credit for.
Gaara
- “They could delete or edit anything that is posted here by anyone because it is hosted on a service they pay for. I don’t contribute a single cent to their ongoing operating costs and I have no reasonable cause for complaint as to what they do with the content I entrust to their keeping, though I do have limited redress in choosing not to continue the arrangement if *I* choose.”
- “But they don’t, is the point.”
No, the point is they are entitled to, not that they may or may not have done so.
-“More like the Salem witch trials I think.”
“I’m not exactly persecuting Fractured here, I really, and I seriously often ponder how he’d respond to this, don’t give two shits about his existence one way or another right now. I’ve got more important things online and irl to worry about than a 17/18/however year old guy in an apartment messing with code.”
Same here. I only pick up the baton here at the implied insistance of the people who challenged my comments to a Woodbury U member who had called them all retards and idiots. On the whole I think I’ve been reasonable in my representation of the players and have even picked up a little trivia for my efforts.
-” I mean, the Emerald viewer had great features and promise, but then it was used for things like the recent events and such.”
Cars and guns have the capacity to do a lot more damage in the wrong hands.
As for Fractured manning up, I heard it’s quite possible to just make a new account, and for someone who’s as good a programmer as you say he is it wouldn’t be too big of a deal to just slip back in.”
As *I* say he is? You presume a lot there. I’m making that observation of his competency based off what both his supporters and detractors have said of him, good AND bad. Did he know how to code? To hear the older hands tell it, he had a hand in the development of four clients (I think). I can barely understand the script for a door, let alone an entire client. Then there’s his recent caper with Hazim. 9 days of undetected bandwidth leeching is a lot. As bad and wrong it was for him to do, he still managed it, though I honestly wonder how long it was undetected and how long it was *allowed* to continue by the owner of the affected site. Hazim did after all have a prior run-in with Fractured in the matter of the hacked database and for Hazim not to be keeping an exceptionally close eye on his own interests in the wake of that is something I find hard to believe. Noone in Hazim’s position could be that incompetent and even if he was then his website would have picked it up using methods including those in the CERT definition Nelson is so quick to put his trust in.
Leaving all that aside, Fractured did admit to irresponsible and illegal behaviour. If the point was not made especially clear before, he has stepped down from his involvement with Emerald and even if he were to return under an alt, I don’t believe the appearance of a newly registered unknown name suddenly being made head of the Emerald project would go unchallenged. He has *lost* his project. Think for a moment how you might feel if you were compelled to walk away from something you had created and knowing you could never return to it because of something you had done. That’s not a call for sympathy, but to understand exactly what Fractured has lost by his admission of action and stepping down from the project. I don’t think Arabella is about to hand it back to him either. She wasn’t very happy with the affair and was already on her way out the door when Fractured handed it to her. Not long afterwards she was removing Modular Systems names from at least one Emerald user groups that I know of.
- “However, this occured very recently, so I can’t just jump the gun. Even if it’s possible that this whole taking the blame thing is just a public ruse, I also think it’s possible(even if only slightly), that it could be true. All I can say is the only way to be certain is to wait and see, unless he’s actually learned how to be stealthy and not brag about everything we’ll know in a while if he has resurfaced or not.”
I agree with this approach in its entirety. Others will tell me I am wrong to think this way and maybe they have good reason to think this, though they too have yet to prove their stance to my satisfaction. You’ve seen the labels that are so readily tossed about in irrational displays of anger by people who excuse themselves as being bipolar and psychotic elsewhere and naturally you would be right not to jump the gun and question what they say also.
Jocelyn Pawpad
Aug 28th, 2010
@We
- “These are the proper terms for what occurred. That the triggers were “Distributed” across a number of clients does not automatically confer an intent to deprive service, there simply being not enough concurrent “attacks” to constitute one.”
What is most odd is why you’re splitting hairs on the semantics of this at all, if you accept that the intent, effect, and criminality is the same regardless of whether it’s a DDoS or a Spam attack. Not to mention that the real problem here wasn’t attacking Hazim’s server, it was using their entire userbase to do it, and that doesn’t change no matter what you want to call it. The only reason that I can think of is that “Bandwidth leeching” sounds like a much better spin than DDoS. Nelson is right however, in that the CERT definition only says “attempts to “flood” a network, thereby preventing legitimate network traffic”, which suggests that it doesn’t matter if it fails or not, if the intent is there to screw up their servers, whether by taking them down or by filling them with traffic that it’s hard to use them, then it’s considered a DDoS.”
I don’t feel like repeating myself on this. Read my previous comments on the subject.
- “I’m not sure why you think it’s so odd that he wouldn’t know about a DDoS attack that failed to bring down the servers that he never uses or updates.”
Yet the very next thing you quote from me is in fact the reason why I find it so odd. Since you’ve done me the favour of repeating me here, I see it even less necessary to waste the keystrokes.
- “It never occurred to Hazim to adopt a more proactive level of interest in his own website’s security after he so blithely compromised that of another and held it up for public ridicule?”
- “How exactly do you defend against a DDoS? Especially since no one thought that they’d use the client for it. Not to mention the “hacking” was like half a year ago.”
Read the CERT definition for further details. If you are still claiming what transpired here as being DDoS, feel free to read my previous comments where I explain how you might fix it inside of five minutes.
-“And this guy Hazim is claiming grievance against a guy he hacked?”
- “Actually no, he’s not. He says he doesn’t particularly care and doesn’t want to go through the trouble of going against it. He’s simply going to call his host and explain that he got DDoSed, and then he intended to call the ISP Jcool was using and tell them he had done a DDoS attack. Besides that, he mostly just thought it was amusing, since reportedly by his account, they’d tried and failed a few other attempts to piss him off, like getting his Vivox account in SL revoked, and claiming that they got his ISP to take down his service (they hadn’t, obviously).”
So my previous comments (feel free to read them) are in fact more or less accurate. No need to repeath them here then.
- “This was his response when he found out: http://www.sluniverse.com/php/vb/999157-post69.html”
Thanks. I’ll read them later, I’m a little busy in-world right now.
- “You can argue it is proper to do so in any of the forms it might have appeared in but none of these arguments will change the fact that it was illegally obtained in the first place.”
- “None of the arguments ARE trying to change that fact. As I said before, just because I’m using the evidence obtained, doesn’t mean I agree with the methods that it was obtained by. And while evidence that was illicitly obtained may not be admissible in a court of law, I’m not one and I can’t unsee something and disregard it as evidence just because someone hacked it.”
Re-read my comments in regard to being in posession of stolen goods.
- “Your assertion that everybody has a right to see the contents of the stolen database is as good as proclaiming that everyone has a right to break the law”
- “…Where exactly did I make that assertion? At worst, I said that people should know if they’re on the list, which isn’t knowing the contents of the database exactly, only if you’re in it.”
And you establish that how again? Oh yeah, “by looking at it”.
-“These tools purportedly exist to combat griefers and copybotters and do so to varying degrees of success, presumably under the tacit approval of Linden Labs.”
- “You would be presuming too much then.”
Am I wrong in presuming Linden Labs owns XStreet?
- “Gemini and Onyx are but two examples”
- “Gemini is an example, Onyx isn’t. Onyx is a grieffer/ripper client”
Which employs a database. Read my comment again.
- “made by the Emerald team.”
Incorrect.
- “These requirements are quite rightly employed in accordance with the Linden Labs Terms of Service, who in turn limit their legal liability for the collection of such data (which includes IP addresses).”
- “There are no requirements for non-disclosure, as this idea of finding avatar’s IPs based on a quicktime exploit is not explicitly approved by LL.”
Or for explicitly forbidden for that matter. Linden Labs insists that this sort of thing might occur and that you not hold the Lab responsible for it. Read the ToS again.
- “The answer is of course “none. Someone arbitraily decided for themselves that Fractured Crystal made a worthy target and promptly set about breaking US law to get at his database. This same someone then saw fit to disclose such information in direct defiance of the Linden Labs ToS on a third party website while people hungry for Fractured’s head cheered enthusiastically and playing join the dots on the rest of the Emerald devs. And when vigilante “justice” was later served, those same enthusiastic cheers turned to the boos and hisses of condemnation.”
- “Are you considering this DDoS against Hazim to be “Vigilante Justice”?”
I’m considering the bandwidth leeching attempt to be a vigilante act. I haven’t seen any evidence of a DDoS.
- “Besides the fact that this DDoS happened almost half a year after the hacking attempt had been done and forgotten (Kind of late for “justice”).”
There’s some statute of limitation you are going to quote at me?
- “By your same token, wouldn’t Hazim’s hacking attempt be Vigilante Justice as well, since it was not at all random, it was targeting a group that was using their power illicitly against him and his group. I find it interesting that you are at once condemning Hazim’s actions as illegal, but praising Fractured’s as “vigilante justice”.”
I’m not praising anything. I expressed my contempt for the act for placing quotes around the word “justice”. You are wasting my time here with this line of inquiry.
- “If Hazim is guilty and they knew he was guilty, why wouldn’t they have sent the authorities on him? Think about that.”
I have. Its the same argument I can use for Fractured. I do remember saying at the outset that the whole argument was e-freenis waving.
- “I think you missed my point here. Possibly on purpose, possibly not. I think I might make a good guess which.”
- “You used the word “Inadvertantly” and “accidentally” in comparing a crime to Hazim’s, what is there to miss? You’re either comparing an accidental crime to an intentional one, which makes it a poor analogy, or you’re attempting to indirectly suggest that Fractured did this accidentally. Don’t blame me for your poor choice in words.”
Or indeed yours.
- “My *impression* of the client was that it was more or less a research tool to find exploits and report them back to Linden Labs. The few screencaps I saw pasted up would appear to support this”
- “That is certainly the excuse they were using for it, and it’s a good one.”
I know it is.
- “But really, the big problem with this excuse is: who appointed them as official exploit testers?”
Ask Linden Lab? Fractured was supposedly in dialogue with them the whole time (i’ve actually indicated this before too).
- “I might have agreed with this in different situations; but there’s two problems here. The first being that no one appointed them to do this, they simply did it on their own.”
You have proof for this of course?
- “All I have to go on is a private client was being developed, that Linden Labs knew of it and were kept abreast of it through weekly updates which would be right and proper given the nature of the client.”
- “Again, the team had no requirement to tell LL anything about Onyx. The meetings were in regards to Emerald.”
Thats not my recollection of what was said in the video.
- “Emerald devs will continue to be bracketed together by the same pious voices and demonised for the real and imagined past transgressions of a select few, just as the Woodbury crowd were”
- “I can certainly forgive one’s spotted past”
And I can entertain academic argument, even of the circular type. But only when I’ve the time to do so.
“They say, “Fool me once, shame on you, Fool me twice, shame on me”. Well they’ve fooled their users about 6 times now, how many more are you going to take before you accept they haven’t changed, and in fact are only getting worse?”
You mean here on the blog answering the same questions over an over on something that didn’t interest me greatly to begin with at the insistance of a person who doesnt read my posts?
I think you have your answer. I’ll be back sometime soon and you are more than welcome to try and fool me then too.
Charity Stohr
Aug 28th, 2010
Are these real posts or is someone placing copypasta of War and Peace?
We
Aug 28th, 2010
@Jocelyn Pawpad
” feel free to read my previous comments where I explain how you might fix it inside of five minutes.”
Sure, you can fix it once it’s going on, he already did. But I don’t know of any way to defend yourself from any potential DDoS, especially this one using the Emerald user-base as a bot net, since it comes from all different sources and just looks like a normal download from the page.
“Read my previous comments on the subject.”
I read all of your posts, I replied to anything that was worth replying too.
“Am I wrong in presuming Linden Labs owns XStreet?”
You’re wrong in assuming that because it’s on Xstreet, that suggests Linden Labs approves of it, it simply means that they neither approve nor deny it. Approval suggests that LL has looked at the system and agreed with the claims that it works.
“- “made by the Emerald team.” Incorrect.”
You’re right there, I should clarify: made by key members of the Emerald team.
“Or for explicitly forbidden for that matter. Linden Labs insists that this sort of thing might occur and that you not hold the Lab responsible for it. Read the ToS again.”
Which is my point, there’s no “non-disclosure” or special agreements for what they do with the IP, because LL has a pretty neutral stance on it. So no, I don’t quite trust people to be maintaining databases like that when they have a history of griefing and don’t necessarily have any requirements to behave.
“I’m considering the bandwidth leeching attempt to be a vigilante act. I haven’t seen any evidence of a DDoS.”
You’ve seen evidence, you just don’t believe it, because you’re splitting hairs semantically. Everyone is calling it a DDoS except you and some of the people behind the DDoS. Even Philip Linden referred to it explicitly as a DDoS.
The idea you’re trying to spin this into a “vigilante act” is kind of absurd, since they’re the ones who started this in the first place by violating privacy (another thing Philip Linden said) and starting up a griefer/ripper viewer with no consequences due to their user base. The hack wasn’t done for no reason, it was done to find out the truth of what these people were up too. By your own logic here, the hacking was vigilante justice as well. You see the problem with applying this “heroic spin” to criminal acts?
Again, I do not condone hacking in this case, but the information is out there, and people are going to react to that information regardless of how it was obtained. Seeing the information is not a crime, nor is having it on your computer. Hacking is the crime. Since the information is not formally copyrighted, nor could they, since things like the Onyx source are based on Second Life’s code and the SL Professional Edition griefer client code, they couldn’t claim it’s a crime just to see it.
“Or indeed yours.”
Nice dodge. “I know you are, but what am I!”
“Ask Linden Lab? Fractured was supposedly in dialogue with them the whole time (i’ve actually indicated this before too).”
The “Weekly meetings with LL” seem to be your go-to in terms of question on where LL gave approval for anything. Unfortunately, no one but LL and Emerald is quite sure what happened at those meetings, and they’re not interested in talking about it, especially since most of the people who held the meeting were fired. All information leaked suggest they were entirely about the Emerald client, and had nothing to do with what was going on with Onyx, at least not until the info was leaked. As I’VE indicated before, Onyx is a closed source private project, and they had no obligation to mention it to LL at all.
“You have proof for this of course?”
Yes, it’s called basic logic. I highly doubt LL said it was okay for a bunch of griefers and rippers to create a ripper viewer and run around Live grid with it, “testing”. By the ToS they’re not even allowed to be on the grid, since they were all permabanned.
“You mean here on the blog answering the same questions over an over on something that didn’t interest me greatly to begin with at the insistance of a person who doesnt read my posts?”
Ah, to be naive. The Emerald devs must love you, blind faith and willful ignorance mixed in one. You’re pointless to debate with, I’m sure you’ll hang on no matter what Jcool or Phox does to you, and will continue to blindly support the team until Philip finally locks it from the grid (which is becoming a more and more real possibility, Philip isn’t interested in being as lenient with Emerald as M was.)
We
Aug 28th, 2010
@Jocelyn Pawpad
I notice you ignored this choice bit:
“I’ve never considered Emerald to be a griefing client, though it may please you to know (if you haven’t already read this by the time my comment is up) that one of the Lab’s conditions is the removal of the controversial third party KDU (emkdu.dll, llkdu.dll) to facilitate compliance with the GPL. Earlier, Emerald users were invited to demonstrate a show of good faith with the manual removal of the aforementioned library”
I never have considered Emerald a griefing client either, but I consider a lot of the people in charge to be malicious and short sighted, and willing to use it for their own ends, like Jcool did.
Interesting you mention that they were asked to remove the emkdu, and that as a show of good faith they earlier asked people to remove it themselves. Because even earlier than that, Phox was suggesting in the emerald forums that it was okay to use the emkdu and giving links to an “updated and clean” version including an full installer AGAINST that rule and that show of faith.
The post is listed here: http://emeraldviewer.net/forum/index.php?topic=4199.0
Jocelyn Pawpad
Aug 28th, 2010
@We
- “I notice you ignored this choice bit:”
How observant.
Judge Joker
Aug 28th, 2010
@Charity Stohr
They are real, I can validate for the collective intelligence of just the hardcore fan boys/girls of emerald being below average, based on how many blogs/forums/urls of comments I have read over the last week.
The super hardcore ones don’t seem to be able to understand ethics and morality’s, or even what Philip meant when he said to try another viewer.
They are actually crying saying he’s threatening them personally with a ban, when in actual fact they have been told over and over again that it’s just the viewer if it don’t comply with LEGAL regulations.
But of course they just don’t get it, and if this is what’s left of Second Life I personally feel disheartened to not want to carry on with any projects or even teach such people.
I not logged in for more than a week, not actually sure but it’s Fucking depressing… what these people can’t grasp.
I certainly don’t wish to discriminate but really? fuck me come on there like in a permanent vegetative state about Emerald.
Gaara Sandalwood
Aug 28th, 2010
“As *I* say he is? You presume a lot there.”
Considering you called him an essential programmer in the making of an online video game client, I’m not presuming much, really.
Lok Mistwalker
Aug 28th, 2010
With any luck, we can get emerald locked from the grid and the team permabanned once and for all (read: finally)
That should just about solve having to debate with the mindless idiots defending emerald (hopefully)
We
Aug 28th, 2010
@Lok Mistwalker
“That should just about solve having to debate with the mindless idiots defending emerald (hopefully)”
Yep. And it’s still very possible to happen. They apparently have a list of requirements they need to complete by a certain date or they get locked out.
Considering that Phox, mere days after LL sent them some of the requirements, violated one of them by asking people to download the emkdu separately and giving them links to an installer, it seems unlikely they’re going to be able to meet them.
Really, none of my argument with Jocelyn mattered as much as the last bit, where she wholly and completely ignored that detail when it was brought to light and proven. It proves to me that she has no interest in the facts or truth, and I imagine there’s a lot of blind Emerald fans like her around. Unfortunately the only way to send a message to those people and to the Emerald team that their conduct will not be allowed is going to be to ban the viewer, temporarily if not permanently.
Emerald Gang Implodes – Viewer Ban Hammer Next? | The Alphaville Herald
Sep 1st, 2010
[...] viewer to Second Life. But in a desperate bid to keep Emerald alive, Arabella Steadham – who does not lie – and Lonely Bluebird felt it best that Lonely Bluebird remain on the team – and so [...]
Buh-Bye Emerald? | Whatcha's Doings
Sep 2nd, 2010
[...] Calm the hell down, go to the Third-Party Viewer Directory and select again. I’m guessing there will be even more choices showing up there over the next weeks and months. My goodness, nobody died! [...]
Arabella Steadham « Starflower Bracken's Blog
Sep 8th, 2010
[...] charge, and one I’d like to see Jessica’s response to. Both Arabella and Jessica covered up the DDOS, which assuredly did happen, even if it did not bring the attacked site down. The comments about [...]
Oisin Daffyd
Sep 10th, 2010
I do have to admt to being slightly bemused by the notion that a failed DDoS attack isn’t an attack because it failed. Does that mean that Rommel didn’t attack at El Alamein because the attack failed or that Napoleon didn’t attack Russia because that failed too?
To attack something doesn’t mean it has to succeed – the mere attempt is an attack – whether it’s a DDoS attack or not
Kinoko
Oct 3rd, 2010
Question is when is Ph0x Alts, and Skills Hak going to be banned for violation of peoples privacy. I am sick and tired of them doing harassment to residents of the grid, and preventing people from shopping, sending people random Im’s which say I know who your alts are Banned from over 100 Regions, and such. We are sick of this, and honestly there are many copybotted sites dedicated to copybotting creactors who use such systems, and really I don’t care when a creator using these systems gets ripped it’s their problem. I only care about those who are innocent and do not deserve such.
Also I do have my own exploits btw, I know quite a few people who know how to hack hippovend, in fact I know the person who hacked it in 2009, and I know other ways to obtain creators items full permissions just by knowing a few details of the object data, without a copybot, aka permissions exploit. Very few people know this, and I plan to keep it that way. And those who think they are safe behind hippo vend, or any other vendor system, Think again… You think BloodLines, GOR systems, OR any other RP system is not be able to cheet then think again, unless all of them verify their potions with their web servers using MD5 like their blood tanks, Yep I can duplicate, and resell anything from their store without copybot, and make tons of money 100% Undetectable by Linden Lab. I just simply dont. Also what do you think about Ozzy’s Pets or wut ever, I can do t3h same with those, and anything else that people claim can’t be done anymoar.
Not saying that I would abuse these, Im simply saying I know about them all, I know about the thieves motherload, and what the 3 creators who were hiding the details caused. Stroker, Rebel Hope/RH Engel, and Trish, all Held back details which could have got many copybotters banned. I obtained a few details of those responsible for all the thefts that day by using some LSL, and client HAx0ring like skills does a bit, and those botters are still playing SL today. So you see Its not just botters, its the ignorance of SL. When it came time for LL to black list the ripped content, they only reported the Root Prim which got the black list, but held back all the rest from the public, and the result was everyone got away with thousands of stolen items, which at the time I could have had a Linden Employee down there to make sure that did not happen. Even Today I have all those items in my inventory including Full Perm beds from TNT SexGen, Skills Hak, Akeyo, and many others. Nothing they can do because they are permissions exploited, but if they would have done this properly this content wouldn’t have made it to me, even though they tried to hold it back they ultimately failed.
& Again all Skills Hak Does is feed the Trolls & The Pirates. Skilsl hak updates CDS, we Update our Copybott kinda crap. It wont stop until SL Is dead, and then it will move on to the other grids as well so no point in going there.
Nelson Jenkins
Oct 3rd, 2010
@ Kinoko
It’s comforting to know that the dirty secrets of permissions exploits and vendor hacking are resting in the hands of someone who claims not to use them for their own benefit, but apparently refuses to reveal them to the Lab, instead just teasing them with vague explanations that result in failure to protect the income streams of us content creators.
Believer
Oct 3rd, 2010
Man the air-raid sirens, we have an unidentified jayden sockpuppet in the vicinity.
Yep
Oct 3rd, 2010
Big deal. I read about another program that runs under any viewer and does the same thing ,while acting as a proxy. The developer claims that Linden Lab or CDS cannot detect it because it is not a viewer.
With mesh, all of the copybotted items as well as legit items on the grid today will be outdated and have as much value as freebee’s from 2006 in a few months. Once the 3-D modelers enter the market place, everything that is not mesh will look like lego blocks anyhow.
Maybe this is why Linden Lab has no concern about copybots.
Yep
Oct 3rd, 2010
Here is the Program that I am talking about. Since it is not a viewer, it falls through the harmful viewer loophole in the new TOS and should be legit to use until you copybot something.
“ZEROPROXY is a unique toolbox for whom needs a big change for their limitations. It is totally undedectable (CDS included). It can do anything and everything that is avalible in any other “viewer”, plus more ! It’ll be updated frequently, and it will give you the ability to be way beyond others. In other words, this is what you need.
Please note that, ZEROPROXY is not a viewer, but it is a proxy. You’ll be able to “plug” it to your favourite viewer, and have the force it gives you, with a few simple mouse clicks. We know it is not fair. We know it is not controllable. Then why are we offering you this bloody toolbox ? Because we’re sick and twisted, you’re sick and twisted, and we want you to have a messy good time. Bon appétit!”
Kinoko
Oct 3rd, 2010
LOL I know all about Nicholas Mafia, King Goon, & Senera Mafia or whatever, as well as Zero Proxy crap offered by INF, Lets just say that Anything Zero Proxy can do with spoofing viewers, which is the only reason its worth having I can do without it on my own with any source code, which is also illegal. I also know about all the little kiddie gangs & wanna b3 nub ch3@ters/Hax0r clanz.
When LL Grows some balls, and starts to take actions I have said then they will be given the info to patch some of these exploits, including the biggest exploit of all being able to use anyones key without consent in LSL, and such. I dont mean avatar key like Texturs,Sounds & Anims.
Oh yeah, and if I wanted SL gone, it would be really easy, Just Imagine what would happen if all of a sudden every creators store was packed into multiple boxes & Sent full perms to every resident in Second Life. (Yes I said it) And yes it can be done thanks to the key databases like W-Hatt which almost every hud in SL uses different key DB’s. Stuff that LL can’t black list or control. Im talking about Thousands of items, Multiple accounts hundreds fo accounts in a carefully planned attack, which would cripple SL as we know it today.
Tell me? IF you were Bare Rose, or Mallory/any other creator in sl, and every product of yours was magically sent all around sl in multiple boxes including yourself with 1 box as proof? What would you do, Legally you cant file a DMCA because they are your own creation you would be black listing, and who would play SL Today.
@ All The Little Kiddies using Zero Proxy & Threats.
I Laugh…
Yep
Oct 3rd, 2010
@ Kinoko
I am sure there are many ways to copy things without being detected. But all of this is pointless. Why copy some content today that will be yesterdays throw aways?
Once mesh is out, all of these xml files stored in the torrent sites or ripping will be worthless. Who wants last weeks leftovers? Everyone will be wanting the better looking new mesh products that are out. Pfft all of the items that you are discussing boxing up and giving away will either be boxed up or deleted to make way for mesh any how.