Getting straight to the point, the old emkdu included resident data obfuscated via XOR in it, the viewer name, and the directory path.  This was kept hidden from some emerald devs untill other people discovered it and abused it.

It was decided that the full path needed to be removed, as shown in this chat log

[7/13/2010 2:32:13 PM] LordGregGreg: it really would be better to remove that extra info entirely

[7/13/2010 2:32:42 PM] px: Not really.

[7/13/2010 2:33:03 PM] px: Nothing wrong with knowing which viewer a texture was created with.

[7/13/2010 2:33:19 PM] LordGregGreg: there is something wrong with knowing the directory path tho

[7/13/2010 2:33:32 PM] px: Full path was only sent in 1 version before it was chopped down to only the containing folder

[7/13/2010 2:33:45 PM] LordGregGreg: so that part is treuly fixed then?

[7/13/2010 2:33:52 PM] px: Yes

and it was verified later on with this chat log

[7/20/2010 3:46:26 PM] Jessica Trinity: how recently.. or when abouts was this fixed?

[7/20/2010 3:49:26 PM] px: A few months ago I released a fixed linux

[7/20/2010 3:49:35 PM] px: But it wasn't fixed in all cases

[7/20/2010 3:49:47 PM] px: I did a check for /home/ to strip out the username from the path

[7/20/2010 3:49:52 PM] Jessica Trinity: So am I safe to tell people that it has been removed from emkdu?

[7/20/2010 3:50:13 PM] px: Yes, none of the binaries on our site expose resident data.

[7/20/2010 3:56:16 PM] LordGregGreg: is your "expose" based on how well you encrypt it? or does it not exist

[7/20/2010 3:56:30 PM] J: doesnt exist

[7/20/2010 3:56:35 PM] LordGregGreg: good

Full Image 

However,  as I found out through a commit to inertia, this is not the case.  The data is still there, the difference is that it is now AES encrypted instead of XOR obfuscated.  Through building and running the source myself I can verify that this is true.

The embedded data in the mac and linux version was not able to be decrypted by this method, so I do not know what it looks like, the windows version clearly has the full path in there.

I can look at this in two ways.

1.  This was a mistake by Phox, the full path of windows was forgotten while changing the code for the full path in linux and mac, or it was specifically left in under the assumption that all windows users install emerald only inside their default directory (one without resident data)


2.  This was a flat out lie by phox, the data was never removed, instead just encrypted, under the assumption that no one would be able to find out.

This is clearly a problem, I have promised many people that the issue with emkdu has been fixed, as we all rested our confidence on phox’s words.  Either intentionally or not, he has let us down, and this is not an event I am willing to let happen again.

Their are a few ways to adequately resolve this issue, I don’t care which one is used.

1. Phox is no longer allowed to modify final binaries of emerald in such a way that other devs can not double check the content of his work.

2. Encrypted, obfuscated, privileged, or hidden data is no longer allowed to be a part of emerald, emkdu is no longer used unless a different license is acquired that allows the code to be transparent.

The reasoning is quite clear, this should have been prevented, and future incidences should not happen.  This emkdu issue has been going on for a long time, it was addressed, the paths were specifically addressed, and it was still not fixed, only encrypted.  I am not able to just stand by on the promise of this REALLY being fixed this time, and no other devs should have to either.