You may recall that the Emerald viewer has been leaking potentially privacy-infringing information - specifically, the directory to which it's been installed, which in some cases includes usernames - in encrypted form in baked textures. You may also recall that the developers lied and said the issue was fixed, when really they just leaked the same data but with stronger encryption to hide it better.
Well, it turns out that the Emerald developers have been using their viewer to launch a Distributed Denial of Service attack on the website of the person who discovered this[1]. The attack involved loading about 1 MB of images and a whole bunch of dynamically-generated content from the Emerald login screen displayed every time a user opened Emerald to consume both bandwidth and server CPU time.[2] This served no purpose other than to try and DoS the server - none of the loaded content was visible or used. The Emerald developers have even admitted as much, though they're trying to spin it interestingly[3]. (Their explanation is total bullshit - if they just wanted to make a point about the number of Emerald users rather than attack the server, loading a single file would do.) Now, this is of course entirely in violation of the TPV policy, which forbids certain content - including DoS attacks - within third party viewers. The question is, does the Lab care and will they even remove the viewer in question from the TPV directory? [1] http://www.sluniverse.com/php/vb/general-sl-discussion/47885-emerald-problem-conspiracy-theory-3.html#post997824 [2] See http://pastebin.ca/1921405 for a copy of the actual code. [3] http://blog.modularsystems.sl/2010/08/20/shenanigans/ _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
