Posted in Emerald, Phoenix / Firestorm, Privacy & identity, Second Life, Viewers

Emerald Viewer to be Blocked From Second Life

Just posted on the Second Life blog:

As of 10am PT Wednesday, September 8, the Emerald Viewer will be blocked from logging in to Second Life as a result of violations of our Policy on Third Party Viewers. Residents who have been using any version of the Emerald Viewer will need to use a different Viewer to access Second Life. You can download the official Second Life Viewer, developed by Linden Lab, here. Or you can learn more about alternative Viewers, developed by third parties, here. There are several new Viewers listed in the TPV Directory, so there are many alternatives available to you.

We take Residents’ privacy, safety, and security very seriously and will take action to enforce the policies that help protect it. As our CEO, Philip Rosedale, has blogged about, we recently removed the Emerald Viewer from our Third-Party Viewer Directory due to violations of our Policy on Third-Party Viewers.

Since then, we have been in communication with the Emerald development team and have requested several changes in order to remedy violations of our policy, including changes necessary to meet our privacy requirements, and to address GPL license violations. Unfortunately, the team was unable to comply within a stipulated time frame. As a result, we have decided to block logins from the Emerald Viewer in order to protect our Residents. All versions of the Emerald Viewer will be blocked from logging in to Second Life as of tomorrow at 10am. Please be aware that attempting to circumvent our blocking to access Second Life with a banned Viewer is a violation of the Policy on Third-Party Viewers and may result in the loss of one’s account.

[Source: Second Life Blog]

Well, this isn’t a huge surprise. And given the number of people I see still running Emerald, it’s probably for the best. Yes, some will moan but I think LL have little alternative but to do this.
And now that Phoenix (Emerald without the bad stuff) is available then I don’t see what the big issue is.

Posted in General, Opinion, Privacy & identity, Second Life, Viewer 2.x

Display Names – what could go wrong?

There’s a lot of buzz about the new Display Names feature that will allow you to appear to change your avatar’s name.

I’ve heard a lot of people remark that this sounds wonderful, because they’ll be able to call themselves “Sensible Name” rather than  “SomeStupidNameBigBoobies69 Sillyname” (which was funny right up until the point they realised they couldn’t change it).

Well, yes. But unfortunately they’ll also be able to call themselves “Jackie Graves”, “Stiletto Moody” or “Truth Hawks”. But not “Torley Linden”.

Why not “Torley Linden”? Because the Lindens recognise that could lead to confusion. That’s right, they are not going to put any safeguard in to prevent impersonation, Phishing, character assassination, smear campaigns or trashing someone’s reputation unless it’s one of them.

This just seems totally insane to me. If there is no issue with impersonation, as the Lindens want us to believe, then why stop people using the name “Linden” in a Display Name? Or, if is more obviously the case, there *is* an issue then why are they not taking steps to protect *our* identities as well as their own?

The response Linden Lab are making is that these are only Display Names and people can drill down into the profile to see the username. That’s all well and good, but in the Real World we know that email-based Phishing attacks are successful. Do ordinary users look at email headers to see what the actual email account is when the display name is “PayPal” or “Amazon” or <insert the name of your bank here>
Of course they don’t. Nor do they check the actual URL on a link that looks like www.paypal.com but which actually points to www.somedodgyphishingsite.com
So why on earth do the Lindens think users will be any different in Second Life? They’ll just file an Abuse Report against the person that they *think* is griefing them. Or buy dodgy counterfeit or malicious objects from someone they *think* is a legitimate seller.

There are several JIRA entries open on this subject, and as usual a lot of well thought out and well-explained comments and suggestions made by SL residents on them that will almost certainly be ignored by LL and ridden roughshod over.
http://jira.secondlife.com/browse/SVC-6194
http://jira.secondlife.com/browse/VWR-21053
(you may need to log in with your SL username and password to view those. It’s part of the Second Life website so safe to do so)

Likewise, there are a load of intelligent comments, suggestions and concerns in the feedback on the recent Second Life blog announcement on Display Names:
http://blogs.secondlife.com/community/features/blog/2010/08/31/display-names-project-viewer-now-available…

Personally I think the down sides of Display Names in their current form massively outnumber the up sides. However, I am depressively resigned to the fact that all reasonable debate will be ignored by the Lindens and they will press on regardless.

Posted in Emerald, Privacy & identity, Second Life, Viewers

The Phoenix Arises – Emerald by a different name

Well, it seems Jessica Lyons doesn’t hang around and has assembled a team to take over where Emerald left off. And amongst that team is LordGregGreg.

According to her blog entry [here], Phoenix is starting out as a sanitised Emerald, like LordGregGreg’s Emergence Viewer, and will be developed from there.

In keeping with my recent post [here] on how an Open Source Project should be run, they’re running a publicly-viewable repository and full transparency.

This is very encouraging news indeed.

Posted in Flickr, Photography, Second Life, tips

Second Life Photography

[Originally posted 19-Mar-2010 here]

Photography is one of the many things I enjoy in SL. At the time of writing I have over 660 pictures on my Flickr account

Torley Linden has a great wiki page on various tips and tricks here:
wiki.secondlife.com/wiki/Snapshot_Help

One trick I use a lot is to take a snapshot using the dialog and then use the mouse-based camera controls to get the angle just right and then refresh it again. There’s a simple tutorial on it here. If you’re into SL photography then it’s a great technique to master.

Something that has annoyed me for ages is the foot shadow. I’m forever trying to correct it in post-production because the invisiprims on a lot of my boots cause the shadow to come out wrong. This problem will start to go away with the new alpha masking for feet in Viewer 2.0 but it will still be around for a while. So imagine my delight (and annoyance that I only just found this out) when I discovered you can turn off the foot shadow!
It’s Advanced menu > Rendering > Features > Foot Shadows
D’oh!

For my next set of photos I’m planning on making use of the depth and object matte capture modes and introducing depth of field in post production. Should be a new challenge for me and I’m really looking forward to it. Watch this space!

Continue reading “Second Life Photography”

Posted in Emerald, Opinion, Second Life, Viewers

Emerald – so what went wrong?

[Disclaimer: This blog entry is personal opinion based on a personal understanding of current events. Should you feel any facts are materially wrong then please contact me, citing sources, and I will be happy to make corrections or retractions as appropriate]

I try to keep my RL separate from my SL, but I guess it’s not giving too much away to say that I work in the IT Industry and have direct experience with software development. So the self-destruction of Emerald has been very interesting for me.

So, where did it all go wrong? I think to answer that you need to look at how a proper Open Source Project is run.

Generally you have a version control system which is able to be read (but not written to) by anyone who cares to do so. Obviously members of the development team can write as well.

This open access ensures transparency, because anyone with the technical ability can examine and review the source code to make sure there is nothing nefarious in it. They are also able to download the entire codebase and compile their own version of the application rather than trusting that the pre-built binaries available for download were actually made from the source code.
Furthermore, the version control system has an audit trail of every check-in, showing what changes were made, by whom, and when. This makes it more difficult to introduce malicious code although there are ways round it, of course. However, even if the developer subverts the process to avoid the audit trail (if they have direct access to the actual files on the server hosting the repository), the code is still available for inspection and anyone can compare a previous snapshot of the code with the current one using an automated difference tool. So there is still transparency.

The trouble with Emerald is that the version control system was not open and there was no transparency. Yes, the source code was published periodically but in a snapshot form. You were expected to trust that this source code was the real deal and not some sanitised version. And that trust was betrayed.

Because there was no transparency, certain members of the Emerald team were able to inject undesirable code (which is well documented elsewhere so I won’t bother going into it here).

Worse still, Emerald also used some Closed Source software which meant that only the developer(s) of that code knew what was in it and the members of the Emerald team were expected to trust that it was non-malicious. Again, that trust was betrayed.

It also appears to me that the team weren’t really following good Software Engineering process. This isn’t too surprising as, as far as I understand, they were all programming for fun and were all fairly young. So there were few controls in place to audit what was going on. I genuinely believe that the more respectable members of the team (and I’ll leave it for you to decide who they are) didn’t know what was being put in by the less respectable members. This is why we have processes, checks and safeguards in professional Software Development and I simply don’t think they were in place for Emerald.

And I’m not even going to comment on the clash of personalities, egos, hidden agenda and motivations of the actual developers of Emerald. That’s not something I want to explore as this piece is really more about the technical side of things.

In many ways, the Emerald project was a nuclear reactor being run without control rods or safety systems, and it went critical and suffered a meltdown.

So, where does this leave Third Party Viewer Development? Are we doomed to use Linden Lab’s awful Viewer 2.0? The short answer is no!
Emerald was not the only Third Party Viewer and some of the others are being run properly. Imprudence, for example, is fully transparent and Open Source. They are by no means the only one, of course, but it’s the one that springs most readily to mind.

Finally, I just want to say that this blog entry may seem very negative about Emerald. However, I don’t mean it to be because I do genuinely believe that Emerald was truly innovative and really moved the Second Life Viewer game onwards. The developers added some very good features (the nefarious ones notwithstanding) and they should be praised for it; they’re clearly very talented. However, as I’ve said, I think the project was very badly run and was very open to abuse. And that abuse was made.

Posted in Emerald, Privacy & identity, Second Life, Viewers

Farewell to Emerald

[Originally posted 01-Sep-2010 here]

As you know, there has been a lot of worry and concern over Emerald with regards to privacy issues, data mining and illegal activities.

Linden Lab have removed Emerald from their Third Party Viewers list and advised everyone to use other Viewers.

As of today the developers of Emerald have folded the project due to mutiny, disagreement, and Linden Lab demanding that certain developers be removed which they were unwilling to do.

I’m sad to see Emerald go as, for all it’s warts and dodginess, it was a very good Viewer and was very innovative.
It’s just a shame that it was ruined by a bunch of immature Script Kiddies who couldn’t resist messing it all up for everyone.

I’m sure the hard work will be back-ported into other Viewers. LordGregGreg has a version of the full source code for Emerald that he has released as “Emergence” although has stated he will not be actively developing it.

Meanwhile Jessica Lyon has resigned from Emerald and has set up a blog to discuss her side of things – jessicalyons.wordpress.com

Posted in Imprudence, Second Life, Viewers

Imprudence – a review

[Originally posted 26-Aug-2010 here]

Well, I’ve been using Imprudence for a few days now.

I’m pretty impressed. It has a lot of Emerald’s features, and some are better resolved – I like the fact the client-side radar is much smaller and hung off the bottom of the mini-map. Although I’d like to be able to increase its size without increasing the size of the mini-map (ie. stretch it vertically)

It’s lacking Emerald’s hacky multiple attach points – the Imprudence developers are planning on back-porting proper multiple attach support from Viewer 2.0 and state that they are not interested in hacks and dodgy code. I rather like that attitude.

It’s also lacking Emerald’s spell checker and command-line mode (so you can’t type “dd 256” to set your draw distance to 256m). This means that the quick-rezz gesture that many of us use doesn’t work. However Imprudence appears to have a quick-rezz built in (I’m basing that on the fact there is a checkbox to turn it off in the Advanced settings).

Like Emerald, it is possible to hide your LookAt and PointAt beacons. However, unlike Emerald it is not presented in a nice friendly setup page. To, say, make LookAt private you need to go to
Advanced -> Character -> Private LookAt

Likewise it supports Emerald’s famous “Breast Physics” but the settings are all hidden away in the Debug menu rather than being in a nice friendly setup page.

Imprudence also support the new tattoo and alpha layers from Viewer 2.0 and I think that will interest a lot of people.
Emerald v1.23.5.1636 (the last version I used) didn’t have this, although I’m told the very latest Emerald does.

One feature I do like in Imprudence that I haven’t seen in other Viewers is the title bar of the Communicate window shows how many unread IMs you have. This is very, very useful when you get IM hell and the tabs go off the end of the window. No more missing an IM because the tab that is flashing is off the screen.

In summary:

Imprudence is a little rough round the edges, being only a Release Candidate rather than a full stable release, and did crash on me several times when changing settings. However, I think it has a lot of potential and I felt instantly at home with it. I would certainly recommend it to Emerald refugees like myself.

Update:
I wrote the following in response to an nice email from someone and thought I would share…

“It’s true that Imprudence isn’t as friendly as Emerald – there are less whizzy menus and stuff is hidden away in menus more. However the Imprudence team do seem to be better on documentation and they have a FAQ on their Wiki that tells Emerald users where stuff is. You’ll find Imprudence has more features than you think.”

Posted in Emerald, Opinion, Privacy & identity, Second Life, Viewers

Emerald and alternatives

[Originally posted 26-Aug-2010 here]

Oh dear. Just when we thought Emerald was ok, it turns out that it (or possibly just one developer) had nefarious intentions after all.

http://alphavilleherald.com/2010/08/emerald-viewer-login-screen-sneak-ddos-attack.html

http://alphavilleherald.com/2010/08/emerald-viewer-mutiny-fractured-crystal-thrown-to-sharks.html

http://blogs.secondlife.com/community/features/blog/2010/08/24/malicious-viewers-and-our-third-party-viewer-policy

http://blogs.secondlife.com/message/369842

I love Emerald and it has some fantastic features, but this is very concerning. I think that it’s laudable that the remaining members of the Emerald team are making very positive noises about restoring confidence in the viewer, but I think perhaps it is time to investigate other viewers. Not least because of questions on whether Fractured Crystal was working alone or in collusion with developers who are still on the Emerald team.

Talk on the blogs and stuff is that the Imprudence Viewer is worth a look as it has a lot of the features Emerald has, including a client-side radar, RLVa, temporary texture uploads, Disable Login/Logout/Teleport Screens, See object’s Last (previous) Owner, IM autoresponder, and Breast Physics. Yes, we all claim that Breast Physics is no big deal but we all know it is. LOL.

So I’m going to have a play with it tonight. Imprudence, I mean. Not my breasts.

Have fun
Becca