by

The Client Is In The Compiler Of The Enemy

Beware gemstones bearing gifts.

Diary of a Second Life trainwreck:

Late 2006: Enterprising programmers begin trying to reverse engineer the Second Life client, with Linden Lab’s blessing. This work is promptly leveraged by equally enterprising and far less moral programmers to introduce content dupes which devastate the Second Life economy.

January 2007: Linden Lab releases the source code for the Second Life client, and encourages its community to help with further development.

“We feel we may already have a bigger group of people writing code than any shared project in history, including Linux,” says Rosedale. While this is often elementary code, it means, he says, that “we have an army of people waiting to work on this.” Adds CTO Cory Ondrejka: “Why wouldn’t we leverage our community and give them the opportunity to make Second Life what they want it to be?”

Over the next couple of years, a few projects move forward, including a client specifically designed for BDSM aficionados who want to give other people control over their freedom of movement and clients that are designed to connect to alternate servers or “grids”. Black-hat programmers also continue to release clients that are designed to copy content, crash servers, harass users, and other such charming uses.

May 2009: A new alternative client, called Greenlife Emerald, is released. It quickly becomes very popular due to a rich set of features which aren’t present in the official SL client or most of its derivatives.

October 2009: Greenlife Emerald adds a new feature: a simple physics model which causes the breasts of female avatars to ‘jiggle’ in a somewhat realistic manner when the avatar moves.

httpv://www.youtube.com/watch?v=jq28xLie5gw

In a complete coincidence, Greenlife Emerald immediately becomes the most popular client in Second Life.

As Emerald (as it is renamed due to Linden Lab insisting its “Second Life” trademark be removed from most third-party applications) becomes ubiquitous, rumors begin to swirl of its maintainers’ roots in the darker side of the SL hacking community. Prokofy Neva, SL commentator/scourge, frequently rails against Emerald’s creators, beginning with those rumors of black-hat association, and moving rapidly into everything from showing how the client itself is evil to how the developers kill her chickens (this makes sense, really).

February 2010: Linden Lab releases the next iteration in the Second Life client, Viewer 2. It is generally seen by most as bloated and difficult to use. Most SL users continue to use Emerald.

April 2010: The “Wrong Hands”, a group of “social engineers” associated with Woodbury University who previously engineered an infiltration and data dump of a group of users who roleplayed privacy-violating superheroes, release a Youtube video of members interrogating Fractured Crystal, leader of the Emerald project, who unashamedly admits to being involved in black-hat client projects.

The Wrong Hands then release files taken from Emerald’s web host which attempts to show that Emerald is trying to track IP addresses and geolocation data for Second Life users. Also included are emails between Emerald staff and Linden Lab, attempting to show a pattern of collusion.

Almost immediately afterwards, Woodbury University is banned from Second Life. Members of the Wrong Hands immediately claim a conspiracy involving Emerald and Linden Lab is responsible. Left unspoken is the assumption that thanks to most of Linden Lab’s customers using Emerald, Emerald has undue influence within Linden Lab by definition.

July 2010: Hazim Gazov, author of, by his own admission, a black-hat Second Life client, publishes proof that Emerald is encoding information about its users’ computers into textures that are uploaded into Second Life, which can then be harvested for further data mining purposes.

Karl Stiefvater, a well-known 3D programmer at Linden Lab (known as Qarl LInden) is laid off, and immediately joins the Emerald project, further blurring the lines between Linden and Emerald.

August 2010: Emerald uses a feature of the Second Life client – the initial welcome screen that is actually served from a web server – to embed dozens of hidden links in Emerald’s welcome screen to Hazim Gazov’s web server. Given that hundreds of thousands of people use Emerald on a daily basis, this is effectively a denial of service attack on Gazov. After initially claiming that this was simply a practical joke, the head of Emerald who was responsible for the attack resigns and turns over control of the Emerald project.

Today: Linden Lab removes Emerald from the list of approved third-party clients and sends an email to all users warning them not to use Emerald.

Late last week, we discovered a denial-of-service attack that was being served through the widely distributed Emerald third-party viewer. This is in direct violation of our third-party viewer policy (part 2, section d, paragraph iii).

We have removed Emerald from the list of third-party viewers, and are now in touch with the Emerald team to discuss what can happen next. We did this to do our best to protect the safety and security of Second Life users. We will not tolerate a viewer that includes malicious code, nor will we tolerate development teams with a history of violating users’ trust or disrupting their lives.

We take privacy, safety, and security very seriously, and we will act to the best of our abilities to protect it. We have not yet disabled logins via the Emerald viewer, but will do so if we feel the software and the team behind it is not able to meet the standards we’ve set. While Emerald is currently the focus of our attention because of what happened recently, all third-party viewers are held to the same standard, and must comply with the third-party viewer policy.

Wagner James Au, noted SL blogger and former Linden, estimates that now half of all traffic within Second Life uses the Emerald client.

Prokofy Neva, whose years of invective against Emerald was essentially proven correct, goes on to assert that the act of writing computer programs is corrupt by definition.