Archive for the ‘Crackers’ Tag

Emerald and the Death of Trust

Cracks in Emerald Viewer's reputation

The Emeraldgate incident, like most similar incidents, goes to the heart of one of the things that make the Internet work — trust.  Yeah, I know; Second Life is supposed to be a model for Net 2.0.  But even here, trust is one of the key things that rocks the planet.

Trust is one of the foundations of society.  We all trust each other that we’re not going to steal from each other’s houses, that our spouses aren’t going to cheat on us, that we won’t end up stabbed in our bed, that our bosses won’t simply fire us because they didn’t like the shirt we wore today.  Trust has glued civilization together since early men chose to work together to bring in the food on a hunt.  You just can’t get away from it.

Trust extends to computer systems as well.  The Golden Age days of computing, the era of the True Hackers of MIT and Stanford [1], provide one of the best illustrations of this.  If you’re unaware of such things, go and read Hackers:  Heroes of the Computer Revolution by Steven Levy, and find out some of the fundamental history of these machines we’re playing with.  In the beginning, as opposed to the “batch-process” methodology used on most mainframe giants of the time (re:  IBM machines), these ancient heroes would cut their program on a paper tape — the preferred storage medium of the day; it was read in by a Teletype or tape reader — and then just toss the tape into a drawer near the machine, be it the TX-0 or the Digital PDP-1.  If someone else pulled it out and used it, no problem.  If someone else started rewriting it, that was cool.  Social pressure among the hacker community kept them from doing something malign for the most part.  The same philosophy carried over to when they moved to the more advanced PDP-6 and -10 and implemented a time-sharing system, allowing users to share the computer’s resources.  Their system, instead of segmenting access to files, allowed anyone to see anyone else’s files by default.  And, for the most part, it worked.

Unfortunately in some ways, we’ve moved beyond the joyriding days of original hackerdom.  98% of us today have probably never written a computer program; we’re users, not crafters.  We want our software to be ready to use when we click on the file icon and to do what it’s supposed to do.  And here again, we’re trusting the people who’ve written the code to give us a product that performs, performs well, and doesn’t do things it’s not supposed to do.

Now we have Fractured Crystal and the last version of Emerald.  Crystal’s program was a fine program at first — but then he broke the unwritten law of trust with his data-mining library, and with the DDoS attacks on a competitor’s Web site.  (I still haven’t figured out for sure which competitor it is; can someone help me out here?)  The result:  a strong migration of Residents away from Emerald, toward workalike viewer Imprudence, Emerald getting booted off the Third Party Viewer List by Linden Lab, and a climate of distrust for at least the immediate future toward any future builds of the viewer.  You can bet that their next build will be decompiled by several someones and the code examined with an electron microscope — forget the source code they’ll release for public view — and even then, there will be some who won’t trust the program again.

Ain’t it amazing what great fallout can come from such supposedly small acts…?


[1] The term “hacker” is here used in the classical sense, as in the original Jargon File, later transported onto paper as The New Hacker’s Dictionary.  This meaning was lost when the mainstream media seized the term in the late Eighties or early Nineties and applied it exclusively to those who break into systems, especially for malicious intentions.  (That comes more under the term “crackers” today, according to some.)

QuickTime Exploit Found — URGENT

UPDATE, February 19:  I see this entry is still strangely popular, even after Apple has released a patch to the problem.  If you read this article at this late date, don’t freak!!  Apple has patched the bug.  (Of course, who knows what new bugs have appeared [shaking head….].)

Late in the time frame for news, but I just picked this up (11 hours later). The Lindens’ blog (written by Phoenix Linden in this case) announced that a flaw has been discovered in Apple’s QuickTime, which Second Life uses to stream video playbacks. This flaw could allow some evil progeny of slime mold to “exploit” your computer. The Lab does not say if any cracker has already tried this; but they are able to track attacks, and promise action if something happens.

This does not open your doors to an attack from every video stream on the Grid, only from one being sent with malicious intent. At this time, Phoenix suggests that you simply disable automatic playback of video through your Preferences panel. I’m assuming that Linden is banging on the true-hackers’ doors at Apple and calling for a fix. (The flaw rests in the QuickTime platform, not in the Second Life client!) I’m reading from this that you should still be able to watch video; it simply won’t play automatically. I already keep my video shut off anyway, for purposes of bandwidth, so the flaw shouldn’t affect me. Just pick and choose your streams intelligently, and preferably from the legendary “trusted sources.”

It’s sad that someone will surely try to do this kind of stunt, either for Evil Purposes, or just to simply get their giggles. We as Residents are faced with enough problems from the standard griefers (themselves progeny of slime mold — but of a higher evolutionary order in this case). There’s more I could say, but I’m a polite Resident, and prefer not to foul the aether with cuss words.

UPDATE, 10:57 a.m. local time:

There have been complaints that Linden Lab wasn’t doing more to notify the community about the danger. Those folks must have written before trying to log in — because when you go in, the first thing you see besides the cache picture of your last position is a new Terms of Service agreement that you must check off before continuing. The Terms themselves haven’t changed — but the news is up there in big flaming letters, along with a link to the Linden blog entry. So the news is getting out.

UPDATE,6:50 p.m. local time:

Reading the comments on the Lindens’ blog article, we’re seeing the usual reactions back and forth: castigation or praise of the Lindens, depending on how grouchy you are, tearing down of QuickTime and Apple, followed by equal dissing of Real, Shockwave, et al., and occasional attempts to spread oil on the waters. The best of the last is this comment, by the redoubtable Gwyneth Llewelyn (and not because she refers to my own comment above hers).

%d bloggers like this: