« Second Life Community Convention: The Street View | Main | Last Chance to Nominate Your Favorite Folk/Bluegrass/Country/Blues Second Life Performers! »

Friday, August 20, 2010

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Adeon Writer

The source of the the apparent DDoS was a series of 31 iFrame tags found at the bottom of the html document.

(Resisting urge to say Emerald Dev was framed.)

Frans Charming

You could put some more in it Hamlet. what do you think about it? do you support such a act? Does their apology even make sense, dive a little deeper.

Ordinal Malaprop

That really is a terrible attempt at justification; it doesn't make any sense at all. Multiple hidden iframes to assorted content on someone else's site is "boasting"?

Hamlet Au

Frans, I think it's worth blogging about, so here it is. I also think it's the weekend now and I'd like a fucking martini.

Katharine Berry

This does, indeed, make no sense whatsoever.

Why would you "boast" by invisibly including 24 links? I mean, really?

Their apology, regardless of its truth does not make sense. Furthermore, claiming to have included "the other page" are somewhat misleading, including "the other page" twelve times, as well as twelve images, would be more accurate.

At some point you have to draw a line. This would be a good one.

Toxic Menges

The allegations are pretty watertight if you go and look at the source on the code of the login page they give you on SLU, you clearly see 24 iframes linked to the site in question.

http://webcache.googleusercontent.com/search?q=cache:jD_B973EpVUJ:modularsystems.sl/app/login/+http://modularsystems.sl/app/login/&hl=en&strip=0

I am an Emerald user (although I was is probably more of an effective term now), I love the client and the interface, but I can't be party to DDoS'ing. It's illegal in the UK being a party to it can mean a jail term of up to 10 years.

This act is also in direct contravention of the TPV policy - where? The bit where it says you cannot use the viewer for griefing or any other type of net attack.

It's beyond silly shenanigans. it's illegal behaviour and implicates every single user of Emerald.

Katharine Berry

Oh, apologies, it was 32 iframes, not 24 iframes.

Ordinal Malaprop

Oh, for anyone interested and also lazy, here is a quick link to a DOM view of the archived page

Adeon Writer

YouTube user TOBSDA has posted a video related to these events, due to mild language I won't link to it here.

Velvet Bikcin

I liked the Emerald viewer. But it's off my computer now, never to be put back on.

I want no part of this, prank, DDOS, boasting, whatever you want to call it, manipulating your user base to harm a third party is immoral at best, illegal at worst.

Lum Lumley

+1 vote for Imprudence. Similar feature set, far less drama.

Loraan Fierrens

Hear, hear, Hamlet! Enjoy your martini.

John "Pathfinder" Lester

Hamlet says: "... I think it's worth blogging about, so here it is. I also think it's the weekend now and I'd like a fucking martini."

Fucking solid, man. Pour one for me too, my friend.

The only thing that really matters is how all of Emerald's customers feel about these events. The customer is king, and it is the king who ultimately decides the fate of a kingdom.

Ann Otoole InSL

I'm trying to wrap my brain around all the former Lindens joining that team while certain others quit.

It is quite interesting.

Valentina Kendal

Emerald gives me the willies - I don't use it for just this sort of reason.

Galatea Gynoid

I <3 Cool VL Viewer. No nonsense, just a solid viewer with a few cherry-picked enhancements (rather than entire Walmart warehouse fill of kitchen sinks).

Fogwoman Gray

Bah, I really, really liked the Emerald viewer. Even more so when LL rolled out the 2.x viewers.
But this is immoral unprofessional bullshit that a 5 year old child would know is wrong.
If LL is going to drive off other TPV developers with their very strict policies and requirements then they have NO CHOICE but to ban the Emerald viewer in light of this illegal act.
I am quite pissed off to think that I was used in this way, and will not ever knowingly do business with the individuals purportedly running Modular Systems again.

Nica Pennell

This has hit my tolerance limit too. I liked Emerald as a viewer very much, and I ignored the various reports of drama and shadiness regarding its developers because I figured its open-source nature would prevent any significant fallout from affecting it. But now I've seen two significant holes in that transparency - a closed-source DLL and a web page that gets loaded dynamically. And I've now seen that the Emerald devs aren't above using those holes to pull some stupid and dirty crap.

Fortunately, my favorite other other viewer Imprudence is on the TPV list again and the latest version now has most of the features of Emerald that I'd left it for. More, in fact - Imprudence supports Alphas whereas Emerald doesn't. And it's been developing in conjunction with OpenSim, so it's got neat new features that _no_ Linden Grid viewer has. Finally, someone has implemented the ability for regions to change visitors' Windlight settings!

Ah, competition. It drives everyone to do better.

Little Lost Linden

...Hitler = Bad

...Emerald = Bad

...Mozzerella triangles at the Olive Garden = Good

eddi haskell

If this is a case of some immature jerk working at Emerald who buried some code --- which was quickly found and rectified -- then perhaps the move to implicate the management of modular systems is a bit hasty. I do not know.

Also, I would not worry about being implicated in a DOS attack if it is unintentional This means that everyone infected by a Trojan or other malware used in a similar manner by a remote device can also be implicated. It is not going to happen.

Emerald has helped me as a photgrapher being the first to ad all these cool new settings. But the nature of the beast is such that perhaps a bit tighter control is necessary on the source code in the future.

Katharine Berry

Modular Systems has gone from "a developer" to "Fractured Crystal". Though given their wording ("a plan was hatched"), it seems that they were quite clear on what was going on.

In any event, if it was an "immature jerk who buried some code" and everyone else managed to be completely ignorant of it, I would note it to be the immature jerk who runs the project.

Nini

There have never been so much scandals about Emerald than since LL failed to imposed the viewer 2.0. Strange isn't it?

Metacam Oh

What do people expect? These third party viewers don't make money, they are just for fun projects sadly, sadly I don't know why Qarl Linden joined this "for fun" project but how on earth Emerald makes money or how they are commissioned is beyond me. I've seen enough BS from them to stay clear of using their viewer. One day a "for fun" developer from Emerald will log in to everyone's account send their Linden to themselves and withdraw and fly to Mexico.

Mako Mabellon

More than 24 files. The Google Cache copy appears to no longer be available (probably someone from Emerald requested it to be removed) but the full list is: http://pastebin.ca/1921405

There are 20 requests there just for one dynamically-generated page on the victim site, almost certainly with the intention of generating excessive server CPU usage and bringing the site down that way. Then there's another 12 images totaling about 1 megabyte. The person who was targeted spoke up, and apparently this adds up to about 800 GB of data transferred over the week for which he still has records. That would've cost about $1600 for just that one week if he didn't have "unlimited" transfer on his hosting plan. Remember that this ran for a fortnight, and would probably have continued for longer if the issue hadn't become public.

Talwyn Mills

I've had enough of Emerald too, its a good viewer but some of the people behind it are just too damn dodgy and this just goes to show what they are willing to do. Imprudence for me too now.

shamus

@Metacam well the code is open source so if your worried look through it and examine it for yourself. Hell for that matter compile it yourself.
http://code.google.com/p/emeraldviewer/source/checkout

Steel Halasy

Yay... another PRIVACY issue in Emerald.

As a part of this attack, they provided the IP addresses of their users during this time period to a third party. Think of this... to do the attack, the user would have had to connect to the 3rd party site (which they would not have gone to normally), which likely logged the IP address as a part of the website logging.

Are you guys still using Emerald? WHY? I think they have shown they are not mature, not professional, and are flagrant with your private data.

It's a shame. But a few rotten apples always ruin it for the rest.

The team should kick out the team member responsible, to show they are willing to regain the trust of their user community.

John Lopez

That "excuse" for what happened is the lamest thing I have heard in a long time. The pastebin source linked to in Mako's post makes it very clear nobody was "boasting" about anything.

Traffic fraud doesn't include the same page repeatedly because the goal is to get as many unique IP/URL combinations as possible. Instead, the targets are high CPU and high bandwidth, the exact *opposite* of what a traffic fraudster "boasting" about traffic would do.

These guys are bad mojo. Either they are rotten to the top or they aren't managing their minions, but either way they keep creating "incidents".

One such "oops" I could understand, but the string of them simply shows they are incapable or unwilling to act ethically.

Uccello

I've been telling my friends for a while now about various security issues and rumors that seem to dwell in the Emerald sphere. Only now are many dumping the Viewer. I like the official v2 viewer but when I go 3rd party is it with Imprudence or with Kirstens. Recent posts about all three viewers are on my blog for the bored or the mildly curious (just click my name below).

Whatcha Eaton

@shamus You are correct: anyone may inspect the Emerald code, but unfortunately not all of us have the expertise to do so. I wouldn't know where to begin looking for "bad" stuff, however I have used Emerald in the past assuming (hoping?) that other people with the necessary skills would be keeping an eye out for malicious code. Moreover, I assumed (hoped?) that the Emerald devs would police themselves. After all, as you pointed out, anyone can inspect and build this thing themselves; why would the Emerald devs risk getting found out?

Sadly, my faith in this team has been degraded in light of recent events -- one event alleges that an Emerald dev left the group when he TRIED to police the code and was not able to do so.

Realizing that anytime I install a compiled binary I am taking a risk, I have to evaluate that risk using what I have heard and to balance that against the product's utility. I certainly can't prove that it contains malicious code (anymore "we promise!") but instead have to rely on what has been reported by people who DO know how to inspect its behavior. I suspect the majority of Emerald users are in this same boat.

Morgan Kochel

Yeah, me, too! I'm really angry at Emerald!

What did they do?

(I'm serious. I'm not a computer geek, just an SL "resident." Can someone explain this in English, please?)

Oh, Kirstens S20 is my viewer of choice. :o)

Mistletoe

What a shame. I really really REALLY enjoyed their product. But I can't even see in a best-case scenario how that which Modular Systems has admitted to is a good thing. Uninstalling now. Damn it.

John Lopez

@Morgan Kochel's "What did they do?"

Someone configured it so when the Emerald viewer is launched many requests were made to another website. These requests would be created from the user of Emerald's computer, creating what is known as a DDOS, or "Distributed Denial of Service Attack".

The "Distributed" part because they were using the viewer users computers to process the requests. (All of the Emerald viewer users would be generating these requests).

The "Denial of Service" part because those requests were design to increase the hosting costs for the targeted website and even cause it to go offline (once the user's paid for allowances were exceeded or the volume simply overwhelmed the server).

From reports, they burned over a thousand dollars worth of bandwidth before being detected.

Their excuse doesn't hold water either, as I mentioned earlier.

Mako Mabellon

John: to be precise, they would've burned through $1000 or so of bandwidth if it wasn't for the fact that their victim website was hosted on a provider with an unusually high (nominally "unlimited", in fact) amount of inclusive transfer. The more damaging part of the attack in this case was actually the CPU consumption one.

OtherGuy

the bad thing about it, it's the project leader, fractured, who did all the bad things to his/her own project. she/he rent/run/own the servers and domains and (if it exist anyway) the company. that is a total abuse of the peoples trust, it is bad for lindenlab, it is bad for the users, it is bad for the free/open source approach in general. go away with your emerald client, i like to see you 2 regions far from me.

SoyaKnow

The developers of Emerald are banking on the majority of its users ignorance to continue what they are doing.

Ask the average Emerald user what they think of recent events and you get something like : "Huh? What? Emerald is cool. STFU!"

I personally would love to see Emerald scrubbed from the TPV directory, its devs banned from SL. I do not feel that would be too harsh a reaction in light of what has happened.

Anyone who defends them at this juncture is just being stupid and is highly misinformed on the matters at hand.

SoyaKnow

I forgot to add this in the first post..but if LL acknowledges these goings on, at what point do they become legally liable for continuing to allow Emerald to access SL? I mean, Emerald has been essentially used as a botnet-it is malware.

Surely they care enough about their users to not allow something like this? Or do they...

II Singh

Like many respondents to this article, I was a user of Emerald for a while. This is about the fourth scandal by my reckoning this year in regards to Emerald and the Modular Systems crew.
I moved away from using Emerald in January and their recent behaviors and scandals cements my intention to stay away. The over-the-top immaturity and hubris of it developers is reaching almost epic levels and frankly big daddy Linden will eventually have to intervene and probably pull a hugely unpopular move by banning the viewer. The other option is to something even more unpopular by ignoring the antics of these now self-admitted unrepentant cyber-criminals. Time for the gene pool to be cleaned of these scum-bags.

Nat Merit

Imprudence has temp uploads, client side AO and even support for alpha and tattoo layers, so I'm really finding it hard to think of a reason to stick with Emerald now it's probable spyware and proven malware (using traffic from users to attack a rival website? There's no other word for that than malware).

If we want the Emerald team to take these concerns seriously, the best approach seems to be voting with our feet.

Disappointed

This is pretty pathetic, I hope you don't support any of this. There is no way to deny what has happened.

argo nurmi

I used emerald all the time until this. I hope to use it again, but, thats not going to happen until I get a real explanation. So far there's been three security screw-ups at Modular. 1. Secretly creating an IP-SL name database, 2. the pathname broadcast exploit, and 3. this dumb scheme. In my view the most serious is once the secret code was pointed out to them they simply morphed it to an encrypted forms yet let it remain. LGG quitting turned on all kinds of warning bells. A viewer has a lot of access while running on a resident's PC. Modular and Emerald should know by now that they have an unspoken trust relationship with their user. A trust that is now breeched. When and How are they going to establish trust once again? Ignoring it only gets people angry.

SoyaKnow

For all those who still don't believe: this appeared for like 5 minutes on the Modular Systems blog and was yanked. I found it via Google cache..will put up screen shots too in case the cached page disappears. Shady shady.

http://webcache.googleusercontent.com/search?hl=en&q=cache%3Ahttp%3A%2F%2Fblog.modularsystems.sl%2F2010%2F08%2F22%2Femerald-off-with-his-head%2F&btnG=Search

Toxic Menges

Hamlet, this really deserves a more indepth look - as you can see a lot has happened over the weekend, and you are the biggest blog on SL goings on. I really hope you do an updated version of this post to take into account all that has happened so the casual reader who doesn't have time to go look at everything that has happened can see and make up their own mind.

Thanks from the whole of the SL population.

SoyaKnow

And the post is back up at the blog. I dont know why it was pulled to begin with.

I agree with Toxic, please do more indepth on this!!!

http://blog.modularsystems.sl/2010/08/22/emerald-off-with-his-head/

Hitomi Tiponi

Emerald has been withdrawn from the TPV directory , Fractured resigns - the whole saga is a mess - we need Hamlet to tell us the inside view.

Gwyneth Llewelyn

I think that this time you have been too candid, Hamlet. Modular Systems have fired people before because of way less harmful things, like exhibiting a funny message of the day (but which Emerald users failed to capture the humour in it). Launching a carefully orchestrated DDoS attack on a site created by a "rival" cracker who is known to release an illegal viewer, just because he made some snarky comments about Emerald, is not to be taken so lightly.

Emerald has always been under an "arms race" against former developers, or developers who branched their code and released their own Emerald spin-offs, but included illegal features (if not actually illegal, at least, not compliant under the LL ToS). A lot of effort has been made to detect those spin-off viewers, intercept them, and eliminate their users. As more and more people use Emerald, the rate of success of keeping those spin-offs off the grid has increased dramatically. On the other side of the "code war", the illegitimate viewer developers, having full access to Emerald's code, are always looking for ways to elude Emerald's hunt-and-kill strategies.

What are those strategies? Usually they flood a user with a blacklisted viewer with special requests until the user drops the connection, or the sim crashes, or both. Over time, these strategies have become more evolved and more efficient; although LL might have worked against that "arms race" by introducing some security patches which would render those strategies ineffective. Which would require that the Emerald developers invent new strategies to attack the spin-off viewer, which in turn would develop better defences, and so on... a LOT of the code in Emerald is just to deal with this.

Hitting the source — crushing websites where those spin-off viewers can be downloaded from — is just another strategy. It might have failed, and the problem is that it was so visible, but I'm sure they'll think of something else. After all, with 20,000-30,000 users regularly using Emerald at all times of the day, it's very tempting to have all these users send DDoS requests every second or so to an external website. Most likely none of the Emerald users would be seriously affected by that; they might not even notice. But hitting a website with 20,000-30,000 hits per second, specially if it's not well protected to deal with such an intense load, should bring most of them down, one way or the other. Even a site hosted on a service with unlimited bandwidth would attract the attention of the system administrators, as they see their incoming network traffic be clogged with such attacks, and might remove the offending site well before it crashes all the network (thus accomplishing the intended purpose anyway).

It's not exactly "nice", and just shrugging it off "as a joke" is really not enough.

Well, Fractured Crystal resigned, and so did Arabella. I wonder how long Qarl ex-Linden will remain with them. Unless he's going to take charge of Modular Systems, kick all the crackers out, keep the few remaining legitimate developers, and turn Emerald into the best viewer ever without any more nasty side-effects.

I find that highly unlikely.

But I also find it curious that all this has happened so recently, and, as some noted, seems to time perfectly with LL's launch of the SL 2.0 viewer, which continues to lose residents to Emerald, which has so much more functionality and a cleaner interface...

Gwyneth Llewelyn

Slight mistake on my part: Arabella didn't resign.

Renmiri

wow, 1 megabyte of data generating 800 GB of traffic would be 800,000 logins over the week. Give or take a few. Supposing a "worst case" where the real size of the page was 2 mb, we get 400,000 logins, over a week. That is between 57,000 to 114,000 logins a day.

Emerald popularity is pretty impressive.

I guess this explains LL's patience with it

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name is required. Email address will not be displayed with the comment.)

Wagner James Au VR MMO blog New World Notes
Sinespace Unity MMO
Ample Avi  SL avatars
SL fashion blog Cajsa Gidge
6a00d8341bf74053ef01b7c8d83a87970b
my site ... ... ...