After-Hours Emerald Q&A Videos

TOBSDA, responsible for releasing a metric shitload of Emerald related videos has released a 4-part recording of after-hours questioning from the recent Emerald interview conducted by Phaylen Fairchild. The recording (parts 1, 2, 3, and 4) includes some relatively heated questioning (and, of course, the obligatory Emerald lovemaking from some as well). Unfortunately, writing up a transcript would be an immensely arduous task, so you’ll have to listen through all four parts if you’re interested.

The basics: most of the developers are now focusing on a v2 derivative (… hooray?), LGG is slightly apologetic, and Arabella happened to be AFK for most of the session, which wasn’t a bad thing because some serious Arabella-bashing went on. Jessica hosted most of the interview.

Some fun facts:

  • Jessica claims that the emkdu.dll fiasco was being resolved internally, even though it wasn’t for 6 months. There were a few tough comments that this should have been made public, which were mostly ignored.
  • Jessica continues to blame LGG for Emerald’s recent downfall – not the actions of the malicious devs. When told how it wasn’t LGG’s fault, she responded with “fair enough” and changed the subject.
  • LGG confirms that anyone can add malicious code into the binaries, despite the use of MD5 checksums (as they could just post the MD5 checksum from the binary itself). Jessica confirms that either she or Arabella will create the checksums.
  • Emerald will continue to use OTR (even though for most users it causes nothing but problems).
  • Emerald will continue to provide functionality for using xxkdu.dll, however, it won’t be including it in the installer. (Why this functionality will remain in Emerald is anyone’s guess.)
  • Jessica states: “As far as malicious code, I don’t know of any malicious code that Phox has done in Emerald specifically… the datamining stuff was not part of Emerald… the DDoS wasn’t even part of code, per se, it was done on an HTML page.”
  • A humorous Emerald fanboy pointed out that “every company” performs datamining, even Linden Lab – except he pointed out that the license agreement forces you to give them permission to mine data. (Note: Emerald doesn’t tell you that they mine data, nor do they require you to give them permission to do so.) “It’s not like this was a big major scandal.” The same user goes on to ridicule himself even further by claiming the FBI would be taking down Emerald if they were looking to find real life identities (they were, but the FBI was generally disinterested as they, unfortunately, have more pressing matters), laughingly stating “I work in the security field, I know what I’m talkin’ about when it comes to private protection and people getting arrested for computer crimes,” drowning out the person who had the floor asking a question. Apparently, he confuses “somewhat justifiable datamining for company use” with “malicious exploitative datamining for private use”.
  • Jessica confuses Google Analytics (geolocation, IP address, etc. that can be blocked through NoScript) with datamining using a QuickTime exploit through Second Life (that generally can’t be blocked).
  • Jessica also agrees that open-source viewers with public code shouldn’t be sold for profit. (Logic!)
  • One commentator wishes for people to use the Emerald source code to create “copybot” viewers to legitimately download items for archival and modification purposes (i.e. downloading a skin, touching it up, and re-uploading). Two problems with this: first, such viewers already exist, and second, they are much, much more often used as illegitimate copybot viewers. However, he does point out that switching to the LGPL license will make this more common and may be a problem. (The self-proclaimed “security expert” also manages to bring in a teen grid argument, pointing out that over 80% of items on the teen grid are copybotted, derailing the conversation into a copybot argument.)
  • Jessica claims that Linden Lab was working on a server-side algorithm to detect copybotting (i.e. prim creation timeframe flags, massive asset pulls, etc.), however, after the big layoff, the project apparently stalled. A commentator agrees with a bit more detail.
  • One commentator explains an asset theft exploit called “object injection”, basically tricking the sim into thinking the object is owned by you, which has not been patched yet. Some other commentators talk of “toasty” exploits, involving copybotting vendors instead of vendor contents, which were quickly patched. (At this point, the Q&A has disintegrated into an unmoderated conversation about copybotting. Within a few minutes, everyone gives their last goodbyes and goes to have dinner.)

~ by NJenkins on August 28, 2010.