Posted in Emerald, Imprudence, Phoenix / Firestorm, Second Life, Viewers

Viewer usage in Second Life, post-Emerald

As I wander around Second Life at the moment, I’m keeping my eyes open for what viewers people seem to be using. Not in a clipboard and notebook way, just getting a feeling.

Before the Emerald scandal, an awful lot of people would have been using Emerald. In fact, up until the point it was blocked there were still a significant number of people using it.

Now that Emerald has been blocked, I was expecting to see a marked increase in the usage of Phoenix and Imprudence, with possibly the odd Emergence from people who don’t realise it is a dead-end choice.

Instead, I’m seeing a handful of Imprudence, the odd Phoenix and a handful of “LGG Proxy” (which I assume is Emergence). And, amazingly, I’m still seeing the odd Emerald (which surely shouldn’t be allowed?)
Everyone else displays no Viewer tag which either means they are using an Official Viewer or else have suppressed transmitting their tag. I know a number of friends who do the latter so this is obviously skewing my results.

I am left with the feeling that public confidence in Third Party Viewers has been severely knocked and people are returning to the Official Viewers in droves. I’d be interested in hearing other peoples’ comments on this.

Posted in Emerald, Phoenix / Firestorm, Privacy & identity, Second Life, Viewers

Emerald Viewer to be Blocked From Second Life

Just posted on the Second Life blog:

As of 10am PT Wednesday, September 8, the Emerald Viewer will be blocked from logging in to Second Life as a result of violations of our Policy on Third Party Viewers. Residents who have been using any version of the Emerald Viewer will need to use a different Viewer to access Second Life. You can download the official Second Life Viewer, developed by Linden Lab, here. Or you can learn more about alternative Viewers, developed by third parties, here. There are several new Viewers listed in the TPV Directory, so there are many alternatives available to you.

We take Residents’ privacy, safety, and security very seriously and will take action to enforce the policies that help protect it. As our CEO, Philip Rosedale, has blogged about, we recently removed the Emerald Viewer from our Third-Party Viewer Directory due to violations of our Policy on Third-Party Viewers.

Since then, we have been in communication with the Emerald development team and have requested several changes in order to remedy violations of our policy, including changes necessary to meet our privacy requirements, and to address GPL license violations. Unfortunately, the team was unable to comply within a stipulated time frame. As a result, we have decided to block logins from the Emerald Viewer in order to protect our Residents. All versions of the Emerald Viewer will be blocked from logging in to Second Life as of tomorrow at 10am. Please be aware that attempting to circumvent our blocking to access Second Life with a banned Viewer is a violation of the Policy on Third-Party Viewers and may result in the loss of one’s account.

[Source: Second Life Blog]

Well, this isn’t a huge surprise. And given the number of people I see still running Emerald, it’s probably for the best. Yes, some will moan but I think LL have little alternative but to do this.
And now that Phoenix (Emerald without the bad stuff) is available then I don’t see what the big issue is.

Posted in Emerald, Privacy & identity, Second Life, Viewers

The Phoenix Arises – Emerald by a different name

Well, it seems Jessica Lyons doesn’t hang around and has assembled a team to take over where Emerald left off. And amongst that team is LordGregGreg.

According to her blog entry [here], Phoenix is starting out as a sanitised Emerald, like LordGregGreg’s Emergence Viewer, and will be developed from there.

In keeping with my recent post [here] on how an Open Source Project should be run, they’re running a publicly-viewable repository and full transparency.

This is very encouraging news indeed.

Posted in Emerald, Opinion, Second Life, Viewers

Emerald – so what went wrong?

[Disclaimer: This blog entry is personal opinion based on a personal understanding of current events. Should you feel any facts are materially wrong then please contact me, citing sources, and I will be happy to make corrections or retractions as appropriate]

I try to keep my RL separate from my SL, but I guess it’s not giving too much away to say that I work in the IT Industry and have direct experience with software development. So the self-destruction of Emerald has been very interesting for me.

So, where did it all go wrong? I think to answer that you need to look at how a proper Open Source Project is run.

Generally you have a version control system which is able to be read (but not written to) by anyone who cares to do so. Obviously members of the development team can write as well.

This open access ensures transparency, because anyone with the technical ability can examine and review the source code to make sure there is nothing nefarious in it. They are also able to download the entire codebase and compile their own version of the application rather than trusting that the pre-built binaries available for download were actually made from the source code.
Furthermore, the version control system has an audit trail of every check-in, showing what changes were made, by whom, and when. This makes it more difficult to introduce malicious code although there are ways round it, of course. However, even if the developer subverts the process to avoid the audit trail (if they have direct access to the actual files on the server hosting the repository), the code is still available for inspection and anyone can compare a previous snapshot of the code with the current one using an automated difference tool. So there is still transparency.

The trouble with Emerald is that the version control system was not open and there was no transparency. Yes, the source code was published periodically but in a snapshot form. You were expected to trust that this source code was the real deal and not some sanitised version. And that trust was betrayed.

Because there was no transparency, certain members of the Emerald team were able to inject undesirable code (which is well documented elsewhere so I won’t bother going into it here).

Worse still, Emerald also used some Closed Source software which meant that only the developer(s) of that code knew what was in it and the members of the Emerald team were expected to trust that it was non-malicious. Again, that trust was betrayed.

It also appears to me that the team weren’t really following good Software Engineering process. This isn’t too surprising as, as far as I understand, they were all programming for fun and were all fairly young. So there were few controls in place to audit what was going on. I genuinely believe that the more respectable members of the team (and I’ll leave it for you to decide who they are) didn’t know what was being put in by the less respectable members. This is why we have processes, checks and safeguards in professional Software Development and I simply don’t think they were in place for Emerald.

And I’m not even going to comment on the clash of personalities, egos, hidden agenda and motivations of the actual developers of Emerald. That’s not something I want to explore as this piece is really more about the technical side of things.

In many ways, the Emerald project was a nuclear reactor being run without control rods or safety systems, and it went critical and suffered a meltdown.

So, where does this leave Third Party Viewer Development? Are we doomed to use Linden Lab’s awful Viewer 2.0? The short answer is no!
Emerald was not the only Third Party Viewer and some of the others are being run properly. Imprudence, for example, is fully transparent and Open Source. They are by no means the only one, of course, but it’s the one that springs most readily to mind.

Finally, I just want to say that this blog entry may seem very negative about Emerald. However, I don’t mean it to be because I do genuinely believe that Emerald was truly innovative and really moved the Second Life Viewer game onwards. The developers added some very good features (the nefarious ones notwithstanding) and they should be praised for it; they’re clearly very talented. However, as I’ve said, I think the project was very badly run and was very open to abuse. And that abuse was made.

Posted in Emerald, Privacy & identity, Second Life, Viewers

Farewell to Emerald

[Originally posted 01-Sep-2010 here]

As you know, there has been a lot of worry and concern over Emerald with regards to privacy issues, data mining and illegal activities.

Linden Lab have removed Emerald from their Third Party Viewers list and advised everyone to use other Viewers.

As of today the developers of Emerald have folded the project due to mutiny, disagreement, and Linden Lab demanding that certain developers be removed which they were unwilling to do.

I’m sad to see Emerald go as, for all it’s warts and dodginess, it was a very good Viewer and was very innovative.
It’s just a shame that it was ruined by a bunch of immature Script Kiddies who couldn’t resist messing it all up for everyone.

I’m sure the hard work will be back-ported into other Viewers. LordGregGreg has a version of the full source code for Emerald that he has released as “Emergence” although has stated he will not be actively developing it.

Meanwhile Jessica Lyon has resigned from Emerald and has set up a blog to discuss her side of things – jessicalyons.wordpress.com

Posted in Emerald, Opinion, Privacy & identity, Second Life, Viewers

Emerald and alternatives

[Originally posted 26-Aug-2010 here]

Oh dear. Just when we thought Emerald was ok, it turns out that it (or possibly just one developer) had nefarious intentions after all.

http://alphavilleherald.com/2010/08/emerald-viewer-login-screen-sneak-ddos-attack.html

http://alphavilleherald.com/2010/08/emerald-viewer-mutiny-fractured-crystal-thrown-to-sharks.html

http://blogs.secondlife.com/community/features/blog/2010/08/24/malicious-viewers-and-our-third-party-viewer-policy

http://blogs.secondlife.com/message/369842

I love Emerald and it has some fantastic features, but this is very concerning. I think that it’s laudable that the remaining members of the Emerald team are making very positive noises about restoring confidence in the viewer, but I think perhaps it is time to investigate other viewers. Not least because of questions on whether Fractured Crystal was working alone or in collusion with developers who are still on the Emerald team.

Talk on the blogs and stuff is that the Imprudence Viewer is worth a look as it has a lot of the features Emerald has, including a client-side radar, RLVa, temporary texture uploads, Disable Login/Logout/Teleport Screens, See object’s Last (previous) Owner, IM autoresponder, and Breast Physics. Yes, we all claim that Breast Physics is no big deal but we all know it is. LOL.

So I’m going to have a play with it tonight. Imprudence, I mean. Not my breasts.

Have fun
Becca