Tuesday, August 24, 2010

Why I not use emerald and neither should you.

Still not heard or convinced about Modular systems an emerald? Here is post that sums up perfectly.

Quote ----

Here’s the timeline for you guys that are just reading about this, before you make fools of yourself posting “oh emerld did nothin u guis r mean and distrot truths”:
– Fractured collected IP addresses linked to avatars in the Emerald Point sim and the RegAPI. This allowed Emerald devs (most of which used the system regularly) to geolocate specific SL users, among other things one can do with an IP address.
– Someone (let’s call them the third party) discovered this system. Phox and Fractured then hacked their voice account so they couldn’t use SL voice. They then stalked him from sim to sim (without map rights).
– Phox threatened to burglarize the third party’s house and steal his actual computer.
– Fractured illegally distributed chat logs of the third party, laughing at how he trolled him.
– Phox called a phone number that was listed in the third party’s Linden Lab user account. It turned out to be fake, and he only called the parent of a student. Unfortunately, harassment charges weren’t filed.
– The third party confronted Fractured and threatened to release the entire contents of the datamine to the public. They reached a compromise: Fractured would release the names of the accounts listed in the datamine and the people who had access to it, but no other information (such as IP addresses), in addition to removing it entirely from his servers. However, the contents were eventually released in full, and the names of those listed in the datamine were posted to the Herald a few months back:
– Phox and Fractured both conspire to get the third party’s ISP to cancel their service because of the leak, which they also did numerous times to the creator of the NeilLife viewer, but were ultimately unsuccessful. However, Phox still claims he was successful, and brags regularly about it.
– Fractured and several other Emerald devs (which are still on the team) begin work on the Onyx project, an entirely malicious viewer designed to find security holes in SL. It was also designed to harass and stalk users; however, this functionality was not discovered until its source code was leaked. The devs quickly claimed that it was an old copy and that the newer builds didn’t have those features, until the newest source code was revealed, causing the entire Onyx project to stop and the site to be taken offline. The Onyx viewer is still used, but only by spoofing the Emerald tag and channel name.
– Skills Hak begins selling the Gemini CDS Ban Relay, a system similar to BanLink, but instead it is fully automatic. It uses a QuickTime exploit to determine a user’s identifying information (which is technically illegal per SL policies) and hosts the data on the Gemini server, not unlike the incident with Fractured and Phox way back in the beginning. It’s still being sold, and false positives are being reported, despite Skills’s claims. The system has been cloned repeatedly, proving that it’s not a hard exploit, and that Skills is mostly just conning people by exploiting their fear of copybot.
– The emkdu.dll file, a driver that speeds up texture loading times similar to the llkdu.dll file, was discovered to leak information regarding any Emerald user’s window title and installation directory. (This was not original functionality in the licensed copy.) This allowed anyone that knew how to decrypt the simple encryption to view one’s installation directory, which (depending on the user’s Windows username) revealed one’s real life name. It also allowed users to determine which version of Emerald one was using, and, if it was another client based off of Emerald, what client it was (for example, Onyx).
– The Emerald devs claimed to have removed this functionality. However, they only strengthened the encryption, which was also eventually cracked to reveal that nothing had changed. The encryption was changed one more time, and has not yet been decrypted. With the dismissal of Fracture, Arabella claimed that the emkdu.dll file was replaced with the slower, open-source openjpeg library. It has not been determined whether the openjpeg library also includes similar functionality.
– Because of the entire emkdu.dll fiasco, LordGregGreg, a core Emerald dev, decided to voluntarily leave the project. He has since compiled his own viewer, Emergence, based off of the latest Emerald source code, evading any shady additions they may have put into the Emerald binaries as well. The Emerald team disparaged his position within the devs when he left and went on to defame his character, both officially and unofficially.
– Fractured decided to add 32 hidden iframes in a single pixel that loaded a little over 4.3 MB of data from that third party’s website that I mentioned before every time someone opened the Emerald viewer. In total, an estimate based on the number of hits the third party received placed the bandwidth stolen at 2.1 TB, not including the bandwidth stolen from the users (which would also total up to 2.1 TB). This code was inserted into the actual page on their website that all Emerald clients load on startup, so all stable and beta versions of Emerald were affected. This turned the entire Emerald userbase into an unknowing botnet to carry out a distributed denial of service (DDoS) attack on said third party’s server. It ultimately failed, which prompted Arabella to claim it was not a DDoS (because apparently, an attempted DDoS is not a DDoS in her eyes) and she released news articles stating such. Due to the nature of the DDoS, the server could have sent malware to the Emerald viewer if the webmaster desired, which was very possible since the Emerald devs claimed the website hosted malicious software. The Emerald devs, particularly Arabella, denounced the third party as malicious and a criminal, and refused to issue an apology for their attack. They still haven’t.
– Philip and Soft Linden begin discussing banning Emerald entirely from accessing the grid. The downside would be approximately 20% of Second Life users would be unable to connect to the grid, which may cause problems.
– Two more core Emerald devs left the team. Arabella claims to leave the team as well, however, she never officially does.
– Arabella continues posting to the Modular Systems blog, claiming it was done only by Fractured, and he was disciplined. She also starts up the story that it was only done to boast about Emerald traffic to the third party. Some Emerald users begin circulating the rumor that it was actually done to increase the third party’s website’s traffic, which is an even worse explanation. She also continues deleting comments on the Modular Systems blog that she deems as “negative”, i.e. they tell the truth. This was recorded on a YouTube video.
– Another YouTube video recording reveals that the entire Emerald dev team knew Fractured had been planning on adding the DDoS code, but did nothing to stop him until it was discovered. Arabella herself didn’t want to “scare the users”, so she made up the story about traffic.
– Yet another YouTube video recording shows Arabella debating whether or not to delete Pathfinder Linden’s comment (who is no longer a Linden due to the cuts). The comment asked some critical questions and she deemed it “negative”, but she decided to release (post) the comment and respond to it, confirming the jacked-up story she posted originally.
– Emerald is removed from the Third Party Viewer Directory. The Directory is a voluntary list of third-party viewers that conform to the TPV Policy. Emerald users (or perhaps the Emerald devs) began circulating the rumor that it was only removed to faciliate the change in ownership to Arabella, even though it was removed before that occured.
– Arabella is given ownership of the Emerald Viewer project from Fractured, who resigned from the project with a long blog post explaining how he was sorry for what had happened. Arabella continues to censor comments on this blog post as well.
– Arabella and Jessica (the project leader and support director, respectively) appear on treet.tv’s live streaming show, Tonight Live with Paisley Beebe. Nothing important is really discussed, except for how Emerald will now be in Arabella’s pseudo-control and that it is being totally restructured for transparency between devs (supposedly) and a more democratic system for code changes. The interviewer, Paisley, asks no critical questions, instead opting for “what is going on?” and “how do you feel about this?”. Jessica read from a script most of the time and started to cry near the end of the program, and Arabella seemed angry and vengeful. She continued to beg for mindless faith from her customers. The IRC server was attacked three times by an Emerald supporter, who disconnected everyone not using a standalone IRC client 3 times during the program.
--- end quote

So, you see, the Emerald deam – not just Fractured – has quite a colorful history, and Arabella is definitely not as trustworthy as she wants you to think she is. So please, to those of you that don’t know exactly what is going on, READ IT AGAIN

These people have your passwords, access to your accounts and untimitaly your bank account. Do you trust your Pin number with them? I sure not. Neither should you.

No comments:

Post a Comment