and those lindens you see before you, are mostly anarchists, and a very large percent of slackers. the remainder are just secretely pn.org spies so as to leak data to the masses. flapping lips sinks titanic ships? we all know it was lindens fault in the first place for not treating as it truly should be at first, a game, a new toy to be played with. when u wrile hackers and anarchists up over nothing and impose laws with weak security. thats asking for it. end of line.

“I don’t think I want to use web-on-a-prim”

If people are still under the impression Emerald is a singular furrie issue, The technical term would be “fap-on-a-prim”.

Technically it’s possible that it was an oversight, but if it was, it’s still something that you would expect only from a complete amateur, not from the professionals the Emerald team wants us to think they are. That’s like if a Windows update simply used old files on the basis that they were already in the system32 folder, so why bother checking them?

And yes, it would be a VERY interesting concept if someone ripped the xxkdu.dll and wrote up some sort of drive-by-download hooked into the Emerald login page, which would turn every single Emerald client into a total mess. (I wouldn’t go with negative though… maybe replace everything with child porn or something? Not that I have any.) (Yes, that is a joke, albeit a bad one.)

The fact remains, they’re leaving the xxkdu.dll functionality in the viewer, so obviously they’re just tempting people to download emkdu.dll and install it manually, because they think it somehow doesn’t violate the terms LL set forth, as Phox did:
http://emeraldscandal.wordpress.com/2010/08/28/phox-instructs-user-to-re-install-emkdu-dll/

Ouch! If that’s true, there’s no guarantee that it isn’t a hacked version of the Kakadu library. Was there some deliberately sneaky code in the installer that left this Temp folder intact when Emerald was uninstalled, with lurking “bad” code.

In any case, this is why it is a dreadful idea for Emerald to look for an “emkdu.dll”. If it can use “llkdu.dll”, fair enough. If the code is looking for a wildcarded filename, “??kdu.dll”, or there’s a list with “emkdu,dll” still in it, they’re asking for trouble. (No, I don;t know how to write an “aakdu.dll” which opens JPEG files with the colurs changed to a photographic negative.)

I found the Temp/emerald/ folder in my system. Why did a SecondLife.exe get left in it? This little business is beginning to look as straight as a three-dollar bill.

Here’s a summary, taken from http://emeraldscandal.wordpress.com/2010/08/28/after-hours-emerald-qa-videos/

The basics: most of the developers are now focusing on a v2 derivative (… hooray?), LGG is slightly apologetic, and Arabella happened to be AFK for most of the session, which wasn’t a bad thing because some serious Arabella-bashing went on. Jessica hosted most of the interview.

Some fun facts:

* Jessica claims that the emkdu.dll fiasco was being resolved internally, even though it wasn’t for 6 months. There were a few tough comments that this should have been made public, which were mostly ignored.
* Jessica continues to blame LGG for Emerald’s recent downfall – not the actions of the malicious devs. When told how it wasn’t LGG’s fault, she responded with “fair enough” and changed the subject.
* LGG confirms that anyone can add malicious code into the binaries, despite the use of MD5 checksums (as they could just post the MD5 checksum from the binary itself). Jessica confirms that either she or Arabella will create the checksums.
* Emerald will continue to use OTR (even though for most users it causes nothing but problems).
* Emerald will continue to provide functionality for using xxkdu.dll, however, it won’t be including it in the installer. (Why this functionality will remain in Emerald is anyone’s guess.)
* Jessica states: “As far as malicious code, I don’t know of any malicious code that Phox has done in Emerald specifically… the datamining stuff was not part of Emerald… the DDoS wasn’t even part of code, per se, it was done on an HTML page.”
* A humorous Emerald fanboy pointed out that “every company” performs datamining, even Linden Lab – except he pointed out that the license agreement forces you to give them permission to mine data. (Note: Emerald doesn’t tell you that they mine data, nor do they require you to give them permission to do so.) “It’s not like this was a big major scandal.” The same user goes on to ridicule himself even further by claiming the FBI would be taking down Emerald if they were looking to find real life identities (they were, but the FBI was generally disinterested as they, unfortunately, have more pressing matters), laughingly stating “I work in the security field, I know what I’m talkin’ about when it comes to private protection and people getting arrested for computer crimes,” drowning out the person who had the floor asking a question. Apparently, he confuses “somewhat justifiable datamining for company use” with “malicious exploitative datamining for private use”.
* Jessica confuses Google Analytics (geolocation, IP address, etc. that can be blocked through NoScript) with datamining using a QuickTime exploit through Second Life (that generally can’t be blocked).
* Jessica also agrees that open-source viewers with public code shouldn’t be sold for profit. (Logic!)
* One commentator wishes for people to use the Emerald source code to create “copybot” viewers to legitimately download items for archival and modification purposes (i.e. downloading a skin, touching it up, and re-uploading). Two problems with this: first, such viewers already exist, and second, they are much, much more often used as illegitimate copybot viewers. However, he does point out that switching to the LGPL license will make this more common and may be a problem. (The self-proclaimed “security expert” also manages to bring in a teen grid argument, pointing out that over 80% of items on the teen grid are copybotted, derailing the conversation into a copybot argument.)
* Jessica claims that Linden Lab was working on a server-side algorithm to detect copybotting (i.e. prim creation timeframe flags, massive asset pulls, etc.), however, after the big layoff, the project apparently stalled. A commentator agrees with a bit more detail.
* One commentator explains an asset theft exploit called “object injection”, basically tricking the sim into thinking the object is owned by you, which has not been patched yet. Some other commentators talk of “toasty” exploits, involving copybotting vendors instead of vendor contents, which were quickly patched. (At this point, the Q&A has disintegrated into an unmoderated conversation about copybotting. Within a few minutes, everyone gives their last goodbyes and goes to have dinner.)