Archive for the ‘Distributed denial of service attacks’ Tag

Emerald and the Death of Trust

Cracks in Emerald Viewer's reputation

The Emeraldgate incident, like most similar incidents, goes to the heart of one of the things that make the Internet work — trust.  Yeah, I know; Second Life is supposed to be a model for Net 2.0.  But even here, trust is one of the key things that rocks the planet.

Trust is one of the foundations of society.  We all trust each other that we’re not going to steal from each other’s houses, that our spouses aren’t going to cheat on us, that we won’t end up stabbed in our bed, that our bosses won’t simply fire us because they didn’t like the shirt we wore today.  Trust has glued civilization together since early men chose to work together to bring in the food on a hunt.  You just can’t get away from it.

Trust extends to computer systems as well.  The Golden Age days of computing, the era of the True Hackers of MIT and Stanford [1], provide one of the best illustrations of this.  If you’re unaware of such things, go and read Hackers:  Heroes of the Computer Revolution by Steven Levy, and find out some of the fundamental history of these machines we’re playing with.  In the beginning, as opposed to the “batch-process” methodology used on most mainframe giants of the time (re:  IBM machines), these ancient heroes would cut their program on a paper tape — the preferred storage medium of the day; it was read in by a Teletype or tape reader — and then just toss the tape into a drawer near the machine, be it the TX-0 or the Digital PDP-1.  If someone else pulled it out and used it, no problem.  If someone else started rewriting it, that was cool.  Social pressure among the hacker community kept them from doing something malign for the most part.  The same philosophy carried over to when they moved to the more advanced PDP-6 and -10 and implemented a time-sharing system, allowing users to share the computer’s resources.  Their system, instead of segmenting access to files, allowed anyone to see anyone else’s files by default.  And, for the most part, it worked.

Unfortunately in some ways, we’ve moved beyond the joyriding days of original hackerdom.  98% of us today have probably never written a computer program; we’re users, not crafters.  We want our software to be ready to use when we click on the file icon and to do what it’s supposed to do.  And here again, we’re trusting the people who’ve written the code to give us a product that performs, performs well, and doesn’t do things it’s not supposed to do.

Now we have Fractured Crystal and the last version of Emerald.  Crystal’s program was a fine program at first — but then he broke the unwritten law of trust with his data-mining library, and with the DDoS attacks on a competitor’s Web site.  (I still haven’t figured out for sure which competitor it is; can someone help me out here?)  The result:  a strong migration of Residents away from Emerald, toward workalike viewer Imprudence, Emerald getting booted off the Third Party Viewer List by Linden Lab, and a climate of distrust for at least the immediate future toward any future builds of the viewer.  You can bet that their next build will be decompiled by several someones and the code examined with an electron microscope — forget the source code they’ll release for public view — and even then, there will be some who won’t trust the program again.

Ain’t it amazing what great fallout can come from such supposedly small acts…?

=====

[1] The term “hacker” is here used in the classical sense, as in the original Jargon File, later transported onto paper as The New Hacker’s Dictionary.  This meaning was lost when the mainstream media seized the term in the late Eighties or early Nineties and applied it exclusively to those who break into systems, especially for malicious intentions.  (That comes more under the term “crackers” today, according to some.)

Sic Transit Gloria Emerald Viewer

Cracks in Emerald Viewer's reputation

Cracks in Emerald Viewer's reputation

It’s been well reported in various locations about the scandal generated by Emerald Viewer.  The discoveries concerning data mining of IP addresses by Emerald’s developers and a distributed denial-of-service attack code aimed at a competing third-party viewer has knocked even some of the gripes aimed at Linden Lab off the radar.  In the time it’s been available, the third-party viewer had built up a heavy following of devoted users, many of whom loved Emerald for its richness of features not found in the official viewers.  Incredible amounts of power are available through Emerald, from a simple tab of worn items — pioneered by this client, I think — to double-click transport to many locations, down to the infamous “breast physics” available for female avatars.

Now, though, many of the previously faithful are feeling victimized and betrayed.  People’s information and computers were being used, dammit; and nobody appreciates that kind of move, unless they have some strange sociopathic tendencies.  Linden Lab appreciates it the least of all; the Governor has removed its link to Emerald from its Third Party Viewer List, with Philip Rosedale publishing a statement concerning the matter on the Big Blog yesterday. Comments I’ve seen in articles on the matter have Residents deciding to purge Emerald from their computers and download Imprudence, the TPV whose site was targeted in the DDoS attack, and whose code is based strongly on Emerald’s.

Modular Systems has attempted damage control, including an appearance on an SL talk show with Paisley Beebe that had to be taped in a “secret” location to evade griefers.  Emerald is vowing to get back on the TPV list after their lead developer, Fractured Crystal, has apparently left the team and handed over control of the Emerald server to Arabella Steadham. (An article at Sand Castle Studios noted that the Modular Systems site still claimed that Emerald was on the list; however, a check by me shows that this claim has been removed, and I think we can assume with charity that someone was simply slow in updating the page.)

I used Emerald Viewer at one time myself; it was pretty darn spiffy with the features that I used (nowhere near the entire set, but essential ones like double-click transport were nice).  I abandoned it, however, in favor of Kirstens Viewer some months back, because Emerald was taking a horribly long time to download textures or move my avatar.  Even a recent try of what they claimed was their latest showed that, at least on my box, Emerald had become a pig.  Now, with these revelations, I think I’m glad that I’m not using Emerald.  All the scandal has broken something vital to the functioning of anything on the Web, as in real life — trust.  People have to take your word that what you’re offering them is clean and pure, and won’t do things it’s not supposed to do.  Modular Systems has violated not only Linden Lab’s terms of service, but that bond of vital trust.  It will be a long time before I’m willing to extend that trust again.

Emerald probably needs to do at least three things to clean itself up:

  1. Make all of their code completely transparent. No encrypted libraries, no excessive iframes, nothing; just what is required to produce an efficient viewer.
  2. Reveal the RL identities of their developers. No more hiding behind the anonymity of the avatar; they’ll have to take responsibility for their actions, even if the ones there now were not the ones responsible for the things that got Modular Systems into the stew.  At the least, they will need to let Linden Lab know who’s behind this…especially if it ends up in court over the DDoS attack.
  3. Improve the performance of the viewer to an acceptable standard. No more needing to own a screamer system to get just adequate performance — although some of this may need to fall on the users as well.  Heaven knows that technology marches onward, even if bank balances don’t.

UPDATE, 1:21 p.m.: Modular Systems announces on their blog that they have received a list of requirements from Linden Lab before relisting.

%d bloggers like this: