Where was that again?

Wednesday, September 1, 2010

He said WHAT?!? This might take a while o.O

Now making it’s way through various interweb channels is a notecard with two separate but related conversations between Loney Bluebird (aka Phox) and Soft Linden. The majority of us will read them and say ‘I don’t really know what it all means, but it doesn’t sound good.’ and they’d be right... but not in the way they’d initially think. Read on to see what I mean.

2010-03-18 16:41:57]  Lonely <3: Speaking of which, has Fractured mentioned EmKDU/OnyxKDU to you at all?
[2010-03-18 16:42:12]  Soft Linden: Nope
[2010-03-18 16:42:46]  Soft Linden: We haven't talked much of late. I think he was annoyed that I offered to rename groups for the *Life viewers, after asking him to get clearance from Kyle for a group rename before
[2010-03-18 16:43:19]  Lonely <3: Ah, well, we needed some way to identify people using our kakadu library, we came up with something really clever: The Emkdu variant encodes the window title into the j2c comment.
[2010-03-18 16:43:32]  Soft Linden: Nice!!!
[2010-03-18 16:43:41]  Lonely <3: The OnyxKDU variant contains the other end of the cipher, and an exported function to retrieve said comment.
[2010-03-18 16:43:44]  Soft Linden: I'd figured that library would be the place to hide things. So it shows up in their baked texture.
[2010-03-18 16:44:07]  Lonely <3: Yup, Linux variants encode 128 characters of the path, since window title depends on window manager etc.
[2010-03-18 16:44:27]  Lonely <3: I've got it nicely tied in to the radar here, it's fun to see the various names I get when all I see on people is a shiny emerald tag.
[2010-03-18 16:44:45]  Soft Linden: I'd look at other places you might store that. We were at least planning to start encoding some info there to help us with DMCA takedowns
[2010-03-18 16:44:56]  Lonely <3: We caught the HXO/Sl Black edition creator that way.
[2010-03-18 16:45:11]  Soft Linden: Does the jpeg2k format support arbitrary tag/value pairs?
[2010-03-18 16:45:12]  Lonely <3: Hmm, well there are various places we could encode that.
[2010-03-18 16:45:21]  Lonely <3: Yes
[2010-03-18 16:45:25]  Lonely <3: At least I think it does
[2010-03-18 16:45:33]  Soft Linden: You could make something misleading like "encode parms" or w/e
[2010-03-18 16:46:38]  Lonely <3: Unless someone starts poking at it with a disassembler all they'll find is a string of mixed printable and unprintable characters in the comment.
[2010-03-18 16:47:18]  Lonely <3: We figured it was a good way to keep track of who's using the proprietary library without a license, not to mention identifying those viewers that want to hide, which is always a goal.
[2010-03-18 16:47:29]  Soft Linden: :3
[2010-03-18 16:47:33]  Soft Linden: I love that you guys are doing this
[2010-03-18 16:47:55]  Lonely <3: Saves you guys some work I guess.
[2010-03-18 16:49:01]  Soft Linden: I'd also be inclined to get the end of the path for Windows & Mac builds too. Odds are people are going to rename the viewer filename, even if they don't change the window title, etc
[2010-03-18 16:49:12]  Lonely <3: Yeah that's what I said >_>
[2010-03-18 16:49:15]  Soft Linden: just w/e is in **argv
[2010-03-18 16:49:19]  Lonely <3: Zwagoth and Fractured wanted the window title.
[2010-03-18 16:49:19]  Soft Linden: I thought you said you just did it on Linux?
[2010-03-18 16:49:27]  Soft Linden: Gotcha.
[2010-03-18 16:49:32]  Soft Linden: Yeah, I'd shoot for both.
[2010-03-18 16:49:35]  Lonely <3: Only because linux doesn't offer a single function to grab the window title in all window managers.
[2010-03-18 16:49:55]  Lonely <3: Yeah I know the path is more useful.
--- next conversation---
[2010-03-25 16:35:40]  You sense a disturbance in the force...  (Soft Linden is typing)
[2010-03-25 16:35:51]  Soft Linden: Are the marked textures in the current release version?
[2010-03-25 16:36:01]  Lonely <3: Yes
[2010-03-25 16:36:06]  Soft Linden thumbsup
[2010-03-25 16:36:27]  Lonely <3: After we spoke I decided to make a bit of a change to kdu
[2010-03-25 16:37:40]  Lonely <3: I made it check the top corner of the image for transparent pixels, if it finds any it encodes the folder name like the linux lib originally did.
[2010-03-25 16:37:50]  Lonely <3: If not it encodes the window title.
[2010-03-25 16:38:28]  Soft Linden: ah cool hack :3
[2010-03-25 16:38:56]  Lonely <3: That hasn't been released yet, but it can go out at any time since the pack is seperate from the binary.
[2010-03-25 16:39:00]  Soft Linden: the transparent pixels specifically - last I knew you were only doing the meta tag
[2010-03-25 16:39:04]  Lonely <3: We are
[2010-03-25 16:39:08]  Lonely <3: Just the image comment
[2010-03-25 16:39:14]  Soft Linden: right

Okay, if you’re anything like me, you’ve read that more than once and still couldn’t make out sense of the technical aspects of it. If you understood most or all of it, then here’s your imaginary cookie lol, you’re a few steps of where I was. However, if you’ve read my first post you’ll know that I wasn’t going to stay in the dark any longer than I had to. With that said, let’s see how well I’ve come to understand what it all means and if I can relay it to all of you properly so you can start to make sense of it as well.

So let’s start at the top, pointing out that both conversations took place in March of this year. I want that little tidbit to stay in the back of your mind as you read on. What you’ve read is a conversation between an Emerald developer and a Linden Labs employee. In it, the two use terms such as ‘hide’, ‘tied into’, and ‘misleading’... terms which can be scary when taken out of context. We live in a time where the potential for identity theft via the internet is a huge reality, and anything that makes people wary about their safety and security is something that should never be taken lightly. Let me interject the addage ‘Knowledge is power,’ at this point, because it’s oh-so-appropriate thought out this entire ongoing situation. The more you know, the less likely you are to make decisions based on fear.

So the technical side of this starts almost immediately in the chatlog. “The Emkdu variant encodes the window title into j2c comment.” The first thing to explain here is j2c is short for jpeg2000, an image compression standard and coding system. The “comment”, simply put, is a field in the file that’s designed to hold additional metadata. Metadata describes other data, an easy to understand definition can be found here. The second part of the statement quoted mentions a “window title”, which is pretty much what it sounds like. In this situation, the window title would refer to the viewer being used by a person. So the emkdu file at that time was set up in a fashion that it would take the name of the viewer you were using and encode it into metadata that was then attached to a baked texture in your avatar textures. Baked textures simulate things such as lighting, shadows, and bumpiness on an object... think avatar skins or shadow maps on sculpted prims. Not really life altering if you weren’t doing things you shouldn’t have been doing.

So you have the emkdu which was set up to encode and attach metadata, then you have onyxkdu, from the now infamous Onyx viewer. The onyxkdu was set up so that it’s library was seperate from that of the emkdu’s. Onyxkdu had the capability to decode (read) the metadata that the emkdu embedded in the av. textures. The limitations on this, however, were that they could only view the data inworld, and only if the avatar was in view of the Onyx user. They were not able to actually export or otherwise use the av textures, as some concluded, otherwise the viewer and coding would have been in direct violation of LL’s TOS. What’s shown in this screenshot is not a texture being stolen aka ‘copy botted’ or ‘ripped’, as some might want to sensationalize it as, but rather the encoded information being read by onyxkdu. The texture is being viewed in what’s called an ‘avatar texture floater’ which actually comes from LL’s own coding, and is hidden from the menu options in their official releases. You can find a modified version of the avatar texture floater in the latest Emerald beta release (2587) by using the pie menu on any avatar, including your own, but you’d only be able to make changes to your own textures in this floater, provided they’re modifiable by permission. It doesn’t circumvent the permissions system. The purpose of the metadata encoding and collection was to identify who was accessing the ‘proprietary library’ aka the licensed kdu library, as well as who was using a malicious or illegal viewer that was spoofing itself as a legal one, as mentioned by Lonely.

In relation to the previous two paragraphs, I’ll take this time to address the line where Soft says that LL was “at least planning to start encoding some info there to help us with DMCA takedowns.” What this means is that LL, at that point (whether it’s been done, I’m not aware, some one is more than welcome to comment if they know the answer) part of their plan to combat copyright infringement (DMCA issues) was to also encode metadata into the baked av texture section of llkdu. They won’t need to have an alternate viewer to read the data, as it’s all accessible to them. DMCA, if you’re not familiar with the term, stands for Digital Millennium  Copyright Act. It’s part of United States Copyright Law and deals with the copyrights of Intellectual Property on the Internet. The wikipedia definition is here and LL’s policy and process is outlined here. The suggestion by Soft for Lonely to relocate where their metadata wrote was so that LL’s coding wouldn’t overwrite Emerald’s.

The parts of the conversation that deal with executable paths, encoding paths, and end of paths, all deal with identifying the executable files where the viewer was located on a user’s system. This also wasn’t in place to be used to hack into some one’s system, it was so those who were using illegal/banned viewers couldn’t sneak around pretending to be on legal viewers based on their tag data, by simply changing the name of the file. Think of it in terms of, you save a SL snapshot to your computer using the ‘save to disk’ option in the snapshot window, then on your computer you change the name from snapshot_01 to ‘hanging out’ (just an example, but you catch my drift). Well, you’re not changing the fact that it’s a snapshot from SL, you’re only changing the name that it’s viewed as.

So that all basically covers the technical aspect of the conversation, and has hopefully allowed you all, the readers, to have a better grasp of what they were talking about. With that out of the way, we can get into what’s not likely to be recognized between all the jargon (and yes, some editorial commentary)... The fact that in spite of LL’s claims of ignorance to what the emkdu file was doing, and the onyxkdu file as well... at least one of their employees did. Now if this is a case of the right hand not talking to the left, which it may very well indeed be, then it’s understandable that statements claiming ignorance could be issued... but one would imagine (or myself, at least) that it would be good corporate sense to have all of your ducks in a row first. Is that a criticism made by me about LL? You bet it is. This is not to say that I agree completely with the methods employed by those on the Emerald and Onyx teams who were involved in this coding system, but it’s obviously not as devious as LL would like Joe Public to believe. This leaked chatlog is a frank discussion by two people who expected it to stay between them, and I suspect it was just two conversations out of many, given the actual context.

In a recent conversation I had with former Emerald Support team member Mindy Spiritor, she expressed her viewpoint on the situation “At some point, though, people really need to realize that the Onyx project was never part of the Emerald Viewer.  The same goes for the datamining project.  It was NOT Emerald.  Yes, it was in fact Emerald developers, who were also running their own projects on the side, and the fact that they engaged in something even potentially questionable (let alone outright questionable) shows a blatant disregard for how it would reflect upon Emerald given the undeniable ties.  However, the conversation between Phox and Soft also clearly shows that at a minimum, Soft not only knew of what was being done with both emkdu and Onyx, but also offered ideas, guidance, and at least apparent approval by virtue of his position with LL.” This is, naturally her opinion on the situation, but I’m drawn to agreement with it. It raises valid points that should not be overlooked.

There are those who will succumb to the fear and panic, even if they’ve read this as I’ve lain it out. Those will be the ones who, regardless of their love for the Emerald viewer and it’s capabilities, will move away from it and onto other third party viewers, or even back to an official viewer. This is in addition to those who’ve already gone to other viewers after the initial tactics and rumors were employed, the ones that were blogged about in my first two posts. Those people did what they needed to do to make themselves feel secure, and I don’t fault them for that. For those of us who will stick with Emerald until the day we can’t log in with it anymore, I give you much respect. It takes guts to stick with something and make a statement like that. Stick to your guns, so to speak, and remember that there is power in numbers, even if, in the end, it doesn’t seem to have accomplished much... someone always notices.

Thank you for reading and I hope this helps you understand more of what’s been going on. Please feel free to comment below, and share this blog with others.

Krisy

13 comments:

  1. So LL wanted emkdu removed because it inserted file paths into the bake textures, but we can expect from the above that llkdu does exactly the same? Interesting notion of ethics.

    ReplyDelete
  2. Without doing code review, it's not possible to say what the differences are in the two files.
    I believe that the concern from LL is that:
    1. Devs should be talking about this kind of thing in an open thread.
    2. Storing path info gets tricky because in Mac and Linux land, some people use their real names in paths, such as /home/michael_smith
    3. I believe that LL got pissed off because Emerald devs went *way* afield of what is expected of professional developers. Creative? Yes. Ethical? Not by professional standards.
    4. This encoding paths into baked textures was a way to do two things, help with DCMA enforcement, and identify spoofers and hackers. I think it went awry, and when LL experienced a DDOS attack through a hacked Emerald viewer, they decided to change their minds about the Emerald project as a whole. I think it was just the last straw in a strained relationship. It's LL's grid. They get to decide what to do with it, and who can use it, like it or not. They don't have to be fair about it. It's not a democracy, it's a business.

    ReplyDelete
  3. Krissy - you want this to be read by many people? Why not use a font and coloring that flatters our eys?

    ReplyDelete
  4. If you have a suggestion as to font styles or colors that you feel are more readable, I'm more than willing to listen.

    ReplyDelete
  5. Three questions:
    1. Is there a performance benefit from using kdu files; Are they necessary/beneficial?
    2. Is it legal to drag llkdu from an LL viewer download (v1.23) into a TPV?
    3. Is llkdu safe?

    ReplyDelete
  6. This is what I've come to understand, in response to your questions, although I'm sure someone out there could answer better than I could...
    1) kdu files are used to interface the viewer you use log into SL with the JPEG2000 image compression system, think of it in terms of how textures are stored and then rendered in SL. The alternative is the OpenJPEG library, which is the open source version of the kakadu codec, and I've been told it was not set up with graphic heavy programs such as SL in mind... so more than likely it would mean slower rendering times while you wait for the viewer to access and decompress textures.
    2)That's the big question looming over the TPV's heads right now. For the ones that contain coding to call on and access the llkdu, is it in violation of the licensing terms... it's not distributing, merely accessing it from LL's own coding. LL says it's a violation, but I don't think there's been an answer from Kakadu regarding it.
    3)The best I can do regarding llkdu itself is to speculate, my guess would be that llkdu is safe. At most, the only thing I'd say they're doing with it beyond it's intended purpose would be what was discussed above in the chatlog, with the metadata being embedded inconspicuously for the purpose of weeding out malicious viewers and discovering DMCA violations. One would hope that, since LL has spoken out so strongly on the issue, they wouldn't be doing anything to put their users at risk... being closed source and protected by licensing laws, it's not likely we'd ever know. It comes down to trust and making your own choices.
    Hopefully that at least steers you in the right direction, if not answers something for you.

    ReplyDelete
  7. lol...of all things to complain about.. the font color? come on now learn a bit about graphic design before complaining. muh krissy the page looks great and thak you for all the great info.. hugss

    Toy

    ReplyDelete
  8. Thanks Krissy, your answers regarding llkdu are very helpful. I've chosen to stick with Emerald 2587 though I have added llkdu and trashed the emkdu that Tonya says was grabbed by the installer. I scrubbed my drive for all instances of emkdu, including the LOCAL TEMP files. I was therefore, very disappointed when I installed 2600 to find emkdu in it again. It couldn't have been GRABBED by an overly "smart" installer or OS, as Tonya said. I've now removed 2600 and scrubbed once again for instances of emkdu, and I'm clean now, and enjoying 2587.

    Its just such a shame that i have NO idea who to trust anymore.

    Thanks you for your island of sanity and thoughtful expression, in this whole crazy mess.

    ReplyDelete
  9. Thanks for your kind words Chuck, I'm glad you managed to get sorted on that. I've chosen to stick things out with 2587 as well. What I'll do when and if it is indeed blocked, I haven't decided with any finality at this point.

    ReplyDelete
  10. They have one last update for d/l for the Emerald. 1.5.0.2600

    http://emeraldviewer.net/downloads.shtml

    And Lordgreggreg of the Emerald team has his own veiwer out now called Emergence Viewer. Emerlad source code with all the bad bits removed.

    http://code.google.com/p/emergence-viewer/

    Side note: Fonts. Looks good on the page, but it kinda stains the eyes after reading a bit. Not a complain, just a comment.

    ReplyDelete
  11. Font is changed, as is the page background, hopefully this is better for everyone. As for the 2600 download, I chose to not go with it at the time given the general circumstances surrounding it. Also, if someone is viewing this post and reading these comments, there is a newer post entitled 'The 'Phoenix' has risen', I'd suggest giving it a read if you haven't yet.

    ReplyDelete
  12. Please be cautious with 2600. After scrubbing emkdu, I downloaded 2600 and emkdu was back. Just be cautious. 2587 seems to be OK.

    ReplyDelete