Emerald Viewer Scandal Erupts… Again

Updates at end of article.

On July 13 a post appeared on the Emerald Modular blog. Concerning recent activities.. Sounded like a bit of drama. Not uncommon in connection with the Emerald Viewer.

Now another post appears. Recent News, August 14. Both of these seem like they are part of the ongoing drama we see related to virtual world and online communities. But then we start seeing other blogs and forums picking up the story and expanding on it. So, what is the story and who do we believe?

Trust Turns To Rust

Trust to Rust?

Another problem is that some of the detractors of Emerald are lose wing nuts. That has to a great degree numbed the community to complaints about the Emerald viewer and dev team. This latest scandal is more fact based than drama based. There seems to be a real problem.

The controversy is around a part of the code contained in a module variously named emkdu.dll (534,016 bytes) or llkdu.dll (712,704 bytes). This is a module that processes JPEG2000 images. It is proprietary software owned by Kakado Software. They license it to various companies and provide them the source code. Those licensing the code are entitled to modify the code for their purposes. Linden Lab (LL) did that with llkdu.dll. One of the Emerald team members did that with emkdu.dll.

The reason for using it is speed. JPEG/JPG images are compressed images. Smaller image files download faster. Once on the clients’ machines they have to be converted back into the full image. KDU does that better than other systems. If you want better performance for your viewer one wants KDU. However, that means the software is no longer a pure GPL product. That is a problem for some, but alone it is not all that big a deal.

However, neither LL nor the Emerald Developers have the right to publish the KDU source code. This means it is compiled into a DLL file and we can’t know what it does unless we want to reverse engineer it and that takes some effort. This goes against the basic nature of open source software where everyone can look at the code and find mistakes and keep systems honest and secure.

Now we have LordGregGreg (Emerald Reassessment) charging that there is code in the emkdu.dll that should not be there. When one looks back through the history of some of the Emerald Developers team, we find some problems. To have those people placing code users cannot read in the viewer is worrisome. LordGregGreg (LGG) has basically said he will no longer vouch for the security of the Emerald viewer and has left the team as even he can’t read the code.

Jack Doulton posts on the SLUniverse forum that he expects the Linden’s legal team to step in and add the restriction to TPV’s that if they link Linden code to closed source binaries they are not allowed to connect to Linden’s grid. How this will actually come down is unknown as some closed source modules are used by LL. For an example think of the voice morphs. So, something will likely be worked out in relation to closed source plugins.

For users of Emerald there are several things that have happened that are alarming. At one point the viewer was sending some user information to the Emerald servers. The dev’s said, ok its fixed and does not do that anymore. LLG found that the data was still being transmitted but then it was obfuscated using an XOR algorithm. This means that simply watching the data stream to see what is being sent out of the viewer becomes more difficult but not that hard to figure out. After another round of complaints the data is now apparently encrypted making it extremely difficult to see what is being sent. I have to ask why, when caught, they went to XOR and, when caught again, then went to encryption? I find this behavior very indicative of a problem. Not only is the code closed so is the data being sent.

Also directory paths and login ID and possibly full real life names were being baked into the AV texture. Thus allowing others to learn an avatars real identity.

The consensus on SLUniverse seems to be to stop using Emerald. I can understand that choice. I am changing passwords and will be using Emerald only with an AV without payment options. The data being transmitted is said to be information about the user’s computer and name but not passwords, but how can I know that?


LGG has provided instructions for swapping out emkdu.dll with Linden’s llkdu.dll. See: Windows emdku.dll and Mac emkdu.dll. This provides a quick fix to the current problem. So, if you feel you just have to have Emerald, this is an option.

When changing mine I noticed the llkdu.dll (1,175,552 bytes) file was already in the Emerald folder. That is almost twice the size of the llkdu.dll file in my SL 2.1.1 folder. It appears to be the file from Snowglobe 1.5. I don’t find llkdu.dll in Snowglobe 2.1. So, I took my copy from Snowglobe.


My problem at this point is the credibility of the Emerald team is shattered. If they will do something like this in one place, then I see no reason they won’t try something similar in another place. Encrypting part of the data stream to apparently hide what they are doing is simply unacceptable.

As word spreads it will be interesting to see what people do with Emerald. There is no doubt it has the features residents want.

Other then whistle blower LGG I haven’t used the names of the players involved. I have not been following them, so I have basis for offering an opinion on their credibility. If it seems I’m painting with a broad brush, sorry.


Many are looking at which viewer they are going to use. SL 2.1.1, Imprudence, and KirstenLee’s Viewer seem to be the choices. The SL 2.1.1 viewer has some fixes that should make it faster and crash rates are claimed to be 50% lower, but it has the new user interface. Imprudence has many of the newer features and uses the older 1.23 interface. Kirsten’s viewer is bleeding edge. It uses a modified SL 2 interface, which I think is better than SL 2’s. I think it has the best and fastest rendering going. Several people think their computers can’t handle Kirsten’s viewer. I suggest they read Kirsten Viewer Install Tips.

Some are moving back to Snowglobe.


If you want to post a comment, keep toward the factual side and away from opinions and personal attacks.

Thanks to Señor Codo for making the image available via Creative Commons

Update: 2010-08-15 16:00 SLT – Qarl Linden now Qarl Fizz is reported to be joining the Emerald Team. There is a post in the SLog here: FORMER LINDEN JOINS EMERALD – I have not found confirmation from Qarl, yet. But it is announced on the Emerald Modular blog. Update: New World Notes has confirmed Qarl has joined Emerald.

Also word is the GPL licence for LL viewer source has changed to LGPL… Presumably the standard meaning of Lesser GPL.

Update 2010-08-18 – There have been some rumors about  posts regarding emkdu.dll being removed from the Emerald forum. Those of us that use Google Reader are finding a number of emkdu-posts are being reported. But 6 to 14 hours later when one tries to read them, they are gone. While I can see a couple are on the spammy side and may need to have been removed, most appear to have been valid questions. Because only the first so many characters of a post are shown in the reader, I can’t know if the posts are inappropriate or violate forum rules. I just know I can’t see a reason in the first few sentences and the posts were removed. The entire “Emkdu – status – time to remove it?” a several day old thread has disappeared.

Update 2010-08-20 – Some emkdu posts are appearing and staying on the forum…

Update 2010-08-20 – Today we have another Emerald… faux pas… making news. See: Emerald Developers Deny Using Software to Launch DDoS Attack on Rival Developer’s Blog With “Silly Idea” and on Modular: Shenanigans. I suppose many people are starting to see a pattern.

Update 2010-08-21 – Many see the problem with Emerald as being some of the development team members. Alphaville Herald ran an article on just that issue in April 2010, Emerald Viewer: 76000 Unique Users Could Be Wrong. Another ran in May, Did Linden Lab’s Emerald Dev Coverup Lead To Woodbury Ban?.

There is no doubt left in my mind that the Emerald Team is ‘handling’ PR. Whether that is good or bad is up to you. More and more I get a sense of politicians spinning things when they get caught to serve their agenda. Since none of the information is provided within the scope of Rules of Evidence, it has to be classed hearsay and leaves us having to make a judgement based on our perception and incomplete information.

The recent Distributed Denial of Service (DDoS) attack run from Emerald Viewers causes more confusion. The Emerald explanation and actual events just don’t seem to work together. See: Emerald Viewer Login Screen Sneak DDOS Attack?

Looking for some better means of figuring out what is real, what is drama, haters, and juvenile antics I came across an article in the MIT Media Lab’s blog, WATCHING THE WATCHERS: POWER AND POLITICS IN SECOND LIFE (PART ONE) – April 2010. This and Part Two seem to provide much of the background missing in other reports. This now begins to implicate others in the community and reveal some of the Emerald team as just participants in one of the waring factions of SL. It puts in perspective that Emerald developers are not the worst of the crowd. It also reveals employees of Linden Lab have been involved in these matters. All are proving to be vigilantes with no mercy or sense of ethics or inclination for fair play.

When we were looking at the LL layoffs many of us were wondering why some members of the team were laid off. I said then that when things make no sense we are usually missing parts of the story. Knowing that LL employees have been (are?) connected with many of these players may explain the current round of x-Lab people hooking up with the Emerald team. Whether it can also explain why some surprising people were laid off is another matter. Whatever the case, this is a long and ongoing mess. The only sure way out is leaving SL, which is too extreme for most of us. There is little doubt the mess is pushing people to the OpenSim worlds and away from the Emerald viewer too.

Update 2010-08-21ReferenceChalice Yao has left the Emerald team.

12 thoughts on “Emerald Viewer Scandal Erupts… Again

  1. Pingback: Emerald Viewer 2439 Update « Nalates' Things & Stuff Blog

  2. Pingback: Emerald Viewer Released – Review « Nalates' Things & Stuff Blog

  3. Excellent writeup. I performed similar research into this situation and reached the same conclusions. You’ve documented the technical concerns in a readable detail here.

  4. If you’re going to post about this please get it right, your post says that LGG discovered that the transmitted data was being XORed instead, but that’s entirely false.

    The data wasn’t being transmitted anywhere, there was simply a bug in emkdu that resulted in the path to emerald.exe being added to the j2c metadata. In some cases, depending on install location, this could result in someone’s operating system account name being exposed in textures they’ve created. (IE: /home/USERNAME/emeraldviewer/ on linux)

  5. I had a long talk with Phox ModularSystems in world, he told me the whole story from the beginning, I suggest you talk to him to find out what’s really going on here.

  6. Pingback: When words collide « Living in the Modem World

  7. @Concerned resident: I confirm posts at ModSys with nasty Q’s were completely ignored by mod’s and dev’s and eventualy deleted, sooo… Dunno if Phox is a reliable source in this one. I decided to do some research myself and shot this pic, uhmmm… Tell me hun, does this looks like an UNINTENTIONAL coding goof-up to you ?!?


    Ammafraid next Emerald releases contain even more “surprises”, sadly LGG is right… Effective CDS(?)-SPYWARE should be hidden more carefull and kept SECRET… Ö.<" , lotta libs to abuse !!!

    * In addition to removing emkdu (Windows!), if you manage to keep it out, some experience lag or even crashes; Cache should be deleted by hand prior to 1st. startup, also… Startup with something like:

    "…\Emerald.exe" –multiple –settings EmeraldNoEMKDU.xml

    To ensure a fresh install, a new client settingsfile's being created in %AppData%, also replacing it with llkdu.dll might be buggy :/ !

  8. you might want to look at the comments on both Aphaville Herald articles on this, especially the link to youtube vids. There you will hear directly from Arabella who is responsible for the ddos attack through emerald.

  9. Pingback: Emerald Viewer Interview – Arabella & Jessica « Nalates' Things & Stuff Blog

  10. A quick search for llkdu.dll on my drives finds four. Emerald at 1148k; Second Life at 1180k; SecondLife2 at 696k and Kirstens S19 at 668k. Smaller is better if used properly? 🙂

    • Not necessarily. Smaller can mean features or improvements are left out. Also, the API for various versions can change. In general one wants to keep the code bases matched. If one uses Emerald based on Snowglobe 1.5, they want to use any added files from Snowglobe 1.5.

  11. the ‘Secret Code’ and the DDoS attack. This part of the interview was, in my mind, the weakest part of the interview. They tried. But, if you really want to understand read my other articles and follow the links in them. See Emerald Viewer Scandal – Recovery? and Emerald Viewer Scandal

Leave a Reply

Your email address will not be published. Required fields are marked *