Past, Present, Future

  • Past:

I made a thorough post concerning lots of emerald related issues recently, however I feel i need to clue people in on the conclusions I have made based off it, and let you decide whether they are logical.
The recent discoveries have made it very clear to me that certain people find it ok to hide code behind both the developer’s, and the user’s back. Considering the circumstances and evidence that I have already provided, it is apparent that the binaries coming out of emerald can not be trusted regardless of the security methods used to check it. Packet sniffing would not have detected this, as it was encoded inside a normal clothing image already sent to the linden servers. Anti-virus software did not detect this because installed programs are allowed to access a wide range of files (including your saved password file) without any cause for alarm (as most programs use that ability legitimately, and restricting it would cripple nearly every program). Despite this, by some stoke of luck the hidden code in emkdu was discovered after months of it existing; however, considering how long this took to find, it is illogical to assume that other hidden code does not exist or should have been discovered by now. Which also means that simply removing emkdu is not an action that would give you a safe viewer (I apologize if my posts before appeared to be a solution). Code similar and far more malicious could and may be embedded in any binary with an even more cryptic way to hide it, and without going into crazy conspiracy nonsense, it is clear that having an untrusted binary running on your computer is absolutely unacceptable. A new tpv policy will be in place banning encrypted binaries in an attempt to help protect the users, however this is not adequate protection either considering how *hiding* the code had a far greater effect than *encrypting* it. (Hiding this code kept it from exposure for months, encrypting it kept it for weeks)
Also, concerning the latest modsys announcements, it appears to only be a PR stunt, the people involved still are.

  • Present:

Despite being sick of dealing with all of this, I have witnessed too many of my friends in a position where they are hurt. They either loose the features in emerald, or they have their computer placed at risk.
I have decided to do what I can to help, and have created my own private project, the “Emergence Viewer” which is simply a clone of the latest emerald source code I had, compiled and produced in a way where all binaries are either provided from a well known trusted source (such as linden lab or openjpeg), or myself. http://code.google.com/p/emergence-viewer/ Because of limited resources available, I will only be able to provide a windows binary. If you learn anything from this whole experience (I have learned numerous), do not ever trust binaries that you do not fully trust the source of! If you do not know me or have a good reason to trust me, do not use this binary! However, since I am the only developer on this project, I can fully promise that emergence will be entirely free of any malware or hidden code of any kind to the very best of my ability. I am happy to be fully responsible for everything in it directly, though I do not take the credit for it, as most of the code is from other generous developers who have given freely of themselves.
I do not plan on updating or making changes to this viewer unless absolutely necessary, this is a last minute salvage operation, nothing more.

  • Future:

I have had my trust broken by too many people who I honestly felt never would, it will take time for me to come to terms and process all of that in a way I can use it, and unfortunately some people who have always been there for me will have to wait for me to understand all of this. More importantly, I try to make it a rule to not make the same mistake twice, which is part of why I really have no plans on further developing emergence or any other third party viewer. I have however, had a great opportunity opened to me, and I plan to spend my time working with the people of Virtual Ability http://virtualability.org , as I really feel that this is a way I can do the greatest good for the greatest number. (It is actually really exciting, they have done some amazing things already (got a linden prize o.o), have been around and stable for a while, and get this. I asked a bunch of people to try and find as much crap/drama/dirt on these people as they could (everyone is evil at least a little bit right?), the contrast to what I was in before is staggering, I even ran into a second hand report (saying they actually do what they say!) It looks like I will be able to continue working on open-source viewer development for second life, just focused in a way make it more accessible to people who really need it. I hope it goes well, if anyone has any information (a first hand story would be epic) please IM me.)

Also, thank you so much to the people who have offered me any sort of support. I felt betrayed and abandoned and your help has really made a difference to me.

(edit: due to current events, I will be either updating emergence, or providing links via the login for a different viewer for people to switch to)