Emerald Reassessment

This post is one I have needed to make a long time ago. This is totally in my eyes, my personal perception, as very few things were ever written down.

Emerald is no longer what It was for me, I have been dedicating a ridiculous amount of my time to this project for near two years now, and It’s been difficult to see it go the way it has.

It started off as a joint effort to bring talented people together to make something that people could really appreciate it, something that I could work on and give as a gift to my friends. All sorts of people have worked on it over the time, some people whom I trusted and respected, and some that I took things as they came. The similar thing was that it appeared that we were all working to be productive and helpful, to make an amazing viewer. Trust was never a critical point in the project, as everything that was done was transparent to everyone. Every code change was easily viewable by everyone, including the public, so there was really no issue with worrying about someone adding something nasty. Back when there were questions of the viewers integrity, I personally put my support behind it, promising that I would double and triple check code commits as much as I could to ensure that everyone was secure.

Unfortunately, I do not feel confident enough to support it any more, for a number of reasons. I did not realize at the time that emkdu was added, that it could be used to add in code I was not able to see. These things were done behind my back, it was found out by others that code was placed in that braodcasted your viewers title bar and executable path in a obfuscated manner. This was addressed, promised to be fixed, and (luckily) people broke through the now encrypted layer to find out that it was not.  Of-course, it has been promised to be fixed a third time, but now with an encryption level too high to be broken.  Although replacing or deleting emkdu would resolve this issue, I also have to consider that this was hidden in the code for months without anyone knowing..

Regardless of the intentions of those who placed this code there, It has made one thing inescapably clear. I am not able to double check everything any more. I tried to find a solution to resolve this matter, but it appears that most people do not care about this to the level that I do. I made sure the other emerald devs were aware of what is going on via this.   As mentioned there, closed source, hidden designs and single developer licenses have no place in emerald.  People can make mistakes, but it is important that others can double check without having to break through encryption.  Nothing has changed however. This issue of being able to transparently check up on everyone is only to get worse in my opinion, as all new builds are planned to be done from a central build server, where access is cut off from the other developers.  I consider trust issues with any binary of the highest importance, as even small library like this can have access to every file or memory on the computer, the same care must be taken with them as everything else.

Furthermore, there has been a issue with money, donations, advertisement profit, that has not been resolved how I felt that it should. Instead of the money being treated as a group project, and used appropriately (transparently to the other devs), it has been handled privately instead.

Additionally there has been some playful talk by a few developers to add services to emerald that would be used to profit certain developers. I have always felt that emerald should be a free project, both speech and beer, and that adding ways to make money off others free work was wrong in some way. Though, this is my personal opinion, and it is most defiantly not part of the GPL.

There have also been issues with public appearance and ignorant association. Although most intelligent people understand that the people who work on emerald do so separately, and that for the most part it is the only thing they work on together, this is not always clear, and there have been numerous times when I have had to fight to make it clear who participates in what, even on our own website. Before hand I could point out that what other devs have/are/will do is unrelated to me, but now even emerald now is moving in the direction they want it, to the extent that I feel it is important to distinguish myself from it.

I have had a few people ask me why I did not do something about this, something sooner, and the reason is that this is not my project more than it is all of the other developers, in my opinion. I have done my part to make sure that they are aware of this, but their decisions are their own.  I would have said something sooner, but I was trying my hardest to get this resolved internally.

This seems to have mostly been a misunderstanding on my part. I had assumed emerald was what I wanted it to be, when now it is very clear that it is not on a number of issues. Therefore I feel that it is my responsibility to make a few points clear from now on.

  • Emerald is beyond my ability to verify the integrity of the code involved.  For people concerned about spy-ware, adware, backdoors, etc, I strongly encore you to do your own research, as you should with every program you install, and make this decision yourself.  I am aware of two instances of what I consider bad code in emkdu, and have given instructions on how to remove this part from emerald, however in the future even that will not be enough.  A decent solution is to compile the viewer yourself, and only include components that you trust.
  • The money made by emerald has not, and will not ever go to me.  It has always been important to me that my work has been completely for free on this project.
  • The actions behind emerald, and other developers other projects, and any implied moral implications have nothing to do with me.  I personally disagree with the points in emerald that I have mentioned here, and for projects that I am unrelated in (like onyx, cds) I don’t have anything to do with them!

Furthermore, as you can probably guess, my involvement in emerald will be much less in the future, unless something is done to address these issues.  I would still love to help people as I always have with emerald support, and I will still be adding any features I think would help people out to emerald (though i think a good patch for other viewers will also be provided), but as far as the direction emerald is going, I am out of it.

It is very distressful to have to sever some ties to a project I have put so much dedication and time behind.. it has postponed this decision for a long while, but there is a time for everything, and I think I can find new ways to be productive better than working on emerald.

To the people who have took my word on emerald’s credibility, I apologize deeply for my claims.

It’s been fun, I have learned allot from people who code better than I probably ever will be able to, and there are times when it has been great, thank you very much to all the other developers, and supporters. I hope you understand.

(edit: no, i really don’t feel like forking or doing my own builds or taking anyone’s money to do so, im quite sick of emerald right now, if one were to do so, the code you can see in the svn is clean last i checked, the rest, i don’t know)

(edit: for the people who believe that I am doing this to cause drama, or that I am trying to destroy emerald, please reconsider.  This post was made to clear my conscience and bring the truth as best as I saw it to people who were relying on me.   I wish no harm on anyone, I am sorry that things came to this, but it was all stuff I could have fixed long ago, I do not hate anyone.  Please beware of people misquoting me or adding on to what I have said here, I have made this long an thorough for a reason, I do not need drama people corrupting it)

(edit: to be extremely clear, most devs in emerald do not have anything to do with emkdu.  The code was for a single developer, and it was passed around to no more than 3 devs that I am aware of, the rest of them are all in a similar boat as me afaik)

(edit: so apparently someone got my access removed from the svn and a few other things for posting this, sorry to the people who have pointed out the few last minute things I should have fixed, looks like they will have to wait)

(edit: to the other developers who feel like I have betrayed you and was foolish by making this public, I am very affected and would please ask you to consider my position.  I have tried every way I know of to get this resolved before hand, but I have been left in a position where I have people relying on my public words on this, keeping this to myself or trying to whisper it to all of them would have been betraying the rest of these people, and there wasn’t any other way to correct this)

Stealth Option in Emerald Removed -.-

Some emerald devs have decided that the option to not have the emerald tag should be removed, as the other alternative (how snowglobe 1.3 does it) allows your textures to be easily stolen.

However, instead of letting the other alternative be the default 2.0 behavior, they have decided that this was “lying” and for whatever reason, I am outnumber, a bit ridiculed, and it has been removed from emerald (till maybe 2.0 version, I don’t know).

what viewer you are on is not public information unless you choose to make it.  (name), you know quite well that it doesn’t have to be technically available to anyone other than LL.  I feel this is a privacy choice that should be up to the users to decide.  Not some developers who think they can foresee all possible reasons for such a feature.  I will go along with w/e the majority of the devs feel, but this is a core issue to me as it goes along with what i have in my head is a persons right to privacy where at all possible.  A stealth option in emerald is a feature that causes no harm to anyone else, it has been a valuable feature to people in the past, and I think it should always remain an alternative.

I am.. unreasonably upset over this.

Automatic Hidden Media

Second Life is a unique environment (compared to basic web browsing) for two reasons I want to mention.

1. IP addresses are NOT public information to the sim owner.

2. Sim owners can make users go to a web site without them knowing where they are being led

Normally on the web, your IP address is basically public information, it is critically required by any site you connect to, because without it, it doesn’t know where to send the data.  However sense SL is set up such that LL internal servers handle all of the routing, IP addresses are not necessarily to be known by sim administrators.

This lead’s to a few consequences.

1.  It makes it very difficult for the sim administrator to be able to identify individuals, which can lead to issues in security and control.  (Griefers using multiple alts that can not be linked together)

2. It provides users and visitors the perception that their alternate accounts are private information that they can control.

Now clearly, once you leave second life servers (by opening a web browser, media url, radio station, etc), the interesting phenomenon caused by LL taking care of the IP addresses is gone, and they are once again public information to the administrator.

Most people do not realize this, and possibly some education would fix any issues that are arising; but I see more to it than this. (specially when looking for a solution).  In secondlife, LL has provided sim owners the ability to run scripts that can direct it’s users to open up an external server, and for the best user experience (and by default) this is automatic.  The other mode is full manual (where the play/stop button at the bottom toggle the auto/none), an the last mode is totally off.

This really does not leave much security or control to the user, as when they have it turned on, it is automatic.

Perhaps as a power user (or paranoid) feature, I am planning on adding a third mode which will make the viewer prompt before each media change completes, and will let the user choose to let it complete or not.

For example, if you have media on and someone turns the tv in front of you to go to http://www.youtube.com, you will receive a dialog similar to “Media change requested to http://www.youtube.com, do you wish to continue?”  and options of “Yes”,”No”,”Always yes for this domain”,”Always No for this domain”,”Always yes for this parcel”,”Always no for this parcel”.

This would then allow the user to stop a media request to http://www.thisIsAIlligalBombMakingSite.com.

This is all great and shiny.. unfortunately there is a big complication, the brilliant people at LL decided it was a good idea to NOT ALLOW PEOPLE TO SEE WHERE THEY ARE GOING.  This is a check box setting that sim admins can set, which prevents the data from being viewable to the client interface (though of-course the backend must still have it to be able to load that page).

Emerald Devs were very strong against any bending of that rule, even to the extent that simply showing the domain that is about to be loaded would be a horrible sin.

The other issue is that there are some scripts that rely on a type of security that expects a very fast response time from the client (that would be lost if the user takes to long clicking apply), so basically, it might break some content.

Personally, I feel that (not just technologically) that people have a right to control every aspect of what they want, so far as that it doesn’t mess with other people.  If they want to block something and break that content, they should be allowed to.  If they want to choose which sites they visit and which ones they don’t, they should be allowed to.  And also, with undesirable thing’s on the internet, I think it is extremely important for people to be able to see where the data they are about to download comes from.

The final version of this in emerald will probably be just a third option, with the buttons mentioned, that will have to hide the URL if the land floater hides it as well, probably with a big warning box about how it might break content.

Ill be happy with that then nothing at least. Rant over. (P.S. Laura hasn’t been around for a week, exams and cramming now too, and ive just been on a really frustrated emotional streak that tends to drive me to my core.  Security issues and stuff have been pumping my blood sockets, I’ve already (stupidly and very rudely) reverted someones code that I didn’t agree with/ understand fully, broken down in tears over another issue that doesn’t even matter, as well as commit a patch to allow users to control what user agent information is sent to web sites (this was reverted as well, as aparently that is also a evil thing to do)) So I figured I’d rant it out here so I don’t do anything stupid.