Second Life: Emerald Viewer DOS Fiasco
Lots is going on with Emerald now. I haven't had time to digest it all, but it's going wild. Here's few links to start you off with, i'll write a better report when i've done my research.
A Emerald developer “LordGregGreg” announced quitting, on his blog dated 2010-08-14. http://lordgreggreg.wordpress.com/2010/08/14/emerald-reassessment/
He's saying there's is a piece of code “emkdu.dll” that is not open source, and seems intentionally hidden from all other developers. (you can find this dynamic library in your Emerald dir, e.g.
c:/Program Files (x86)/Emerald Viewer/emkdu.dll
)
Besides that, he's also not happy that the money made by Emerald is handled privately and not open to all developers, even he wants none of it. (presumably the money mentioned is from ads running on the modular systems site)
I'll need to do research on this yet. However, there seems to be another major issue going on, probably not related to the above.
It seems that Emerald users have been used as a “Denial Of Service” attack on a website.
- http://alphavilleherald.com/2010/08/emerald-viewer-login-screen-sneak-ddos-attack.html
- http://nwn.blogs.com/nwn/2010/08/emerald-denies-ddos-attack.html
- http://secondslog.blogspot.com/2010/08/emerald-uses-loginpage-as-denial-of.html
Modular system's official response to this is here: http://blog.modularsystems.sl/2010/08/20/shenanigans/
About this issue, there's also this interesting voice recording on youtube.
Aug 21, 2010
TOBSDA
Emerald Off Linden Labs Viewer List; Emerald Team Restructuring
The DDOS attack incident has hit emerald hard.
As a result, Linden Labs has taken Emerald off the safe 3rd-party viewer list.
See: http://viewerdirectory.secondlife.com/.
Fractured Crystal (founder of ModularSystems), responsible for the DDOS attack, has resigned.
The Emerald group announced restructuring.
See: http://blog.modularsystems.sl/2010/08/22/emerald-resurgence/.
Here's some selected quotes:
From this point on, there will be no ONE single person running Emerald Development.
As of NOW, All affiliation between Modular Systems/Fractured Crystal and the Emerald Viewer have been permanently severed.
The website will be hosted at EmeraldViewer.net and should be online and operational shortly.
This address the DDOS incidence, but as well addressed the concern voiced by LordGreg about close sourced questionable code.
About Fractured Crystal
I know Fractured. He is a friend. I know him for close to a year, but not well. We chatted on voice for about 5 or so times, sometimes for over 30 min.
He is not a bad, greedy, guy at all. From my impression of him, he seem to be another typical programer, easily gets excited about coding and technology, but have no interest or understanding about business, making money, at all. (i remember when he first implemented the C++ templates system in LSL, he excitedly told me about it, and we argued about programing technology like a hour, because i don't like C, C++ technologies.) In fact i have tried to talk to him about making emerald a commercial entity, but that line of thought is often thwarted when talking to programers.
I don't know why he did the DDOS attack. I'm sure it's a mistake. It's common for programing geeks to piss fight with their peers. Btw, DDOS attack isn't something very serious in the spectrum of all online crimes, but by all means it is not something one should do.
Fractured has now made a official announcement about this:
http://blog.modularsystems.sl/2010/08/22/emerald-off-with-his-head/.
I would recommend that we forget about it, and thank Fractured for his past contributions, for as a leader bringing us the best 3rd party viewer by far, and made huge impact in Second Life. (Emerald brought us sim wide radar, breast physics, rez platform commands, click to tp, ability to disable tp blackout screen, cancel tp, … too many really useful ones to list) Hopefully, Fractured will come back later on and contribute code, when this is all forgotten. Thank you Fractured.
What is DDOS Attack?
DDOS stands for “Distributed Denial Of Service” attack.
You know, when you visit a website, your browser sends a request to the server the site is hosted on, then the server in return sends the content of the page back to your browser. Suppose, the server on average gets 5 requests per second. What if all of a sudden the site got mentioned in all major news, and got swarmed? So, it suddenly gets 100 requests per second. The computer running the server software can't handle it, so the site becomes super slow, or crash. Effectively, making it out of service.
A DDOS attack is exactly just that. You let lots of computers to access the site in a short time, effectively taking the website down or making it too slow to be usable.
How Emerald does DDOS?
When you login to Emerald, you get a splash screen, showing you a sim screenshot, as well as news, right? That screen is from this site:
http://www.modularsystems.sl/app/login/.
So, everytime you login, Emerald makes a request to the ModularSystems.
What happened was that, someone inside Emerald, modified the webpage so that the page also makes 30+ requests to another website “iheartanime.com” owned by Hazim Gazov (a critic of Emerald).
(for those familiar with html, it's 32 embedded iframes. See here: emerald_ddos_iframe.txt)
So, when each person using Emerald logs in to Second Life, the iheartanime.com site gets 30 requests. That's DDOS.
How many users are using Emerald? According various sites, Emerald users are about 20% to 30% of Second Life users. On a average day, there are about 40k to 60k users logged in (as can be seen in the viewer login splash screen.) So yeah, the DDOS is quite effective.
DDOS is not legal, of course. But one should understand this in making a judgement related to online crimes. In particular, simple DDOS as done in this incident is not some sinister, complex hackery, nor did this case involve viruses, trojans, etc.
Is Emerald Now Banned?
No, not really. You can still use Emerald, and my guess is that Emerald will soon be back on Linden Labs's 3rd-party viewer list.
For some detail, see this official blog from the Emerald team.
http://blog.modularsystems.sl/2010/08/23/emerald-and-the-tpvd/
Qarl Linden Laid Off by Linden Labs
On other news, it seems that Linden Labs recently laid off some 30% employees, according to: http://alphavilleherald.com/2010/08/emerald-viewer-login-screen-sneak-ddos-attack.html. One of them is Qarl Linden, a acquaintance of mine. See: and a linden is slain (2010-08-04), by Karl Stiefvater (aka Qarl Linden), at: http://www.qarl.com/qLab/?p=64
I knew Qarl, somewhat. Been on his friend list for about 3 years. I met him thru Seifert Surface (For Sei's work, see: Math in Second Life). Qarl runs the sim named Q. It is a giant 3D cube, that is actually a maze inside. Check it out with friends, it's quite fun. It took me 2 to 3 hours when i first tried to solve the maze (without cheating). (this was before Emerald, and before i knew all about dashing thru walls and tricks.)
Note that Qarl is largely responsible for bringing us sculpties.
Corporate environment can be harsh. One day you are hired, is a hero, and next day laid off. (i was laid off in 2002 at Netopia, and still haven't recovered. LOL)