Lunduke
News • Science & Tech
The Club Penguin Leak
Over 800 MB of internal material from Disney's Online Kids Game
June 05, 2024
post photo preview

Yesterday, I was made aware of a leaked archive of internal documents from within Disney -- specifically focusing on Club Penguin (the extremely popular, online children's game which ran from 2005 through 2017).

This leak -- consisting of over 800 MB of PDFs and archived, internal documentation webpages -- was posted anonymously to 4chan.  So, naturally, I fired up a virtual machine (better safe than sorry when dealing with files from unknown sources) and downloaded every byte.

The Club Penguin Leak is Real

The first thing that needed to be ascertained was the validity of the files within this leak.  Were these files truly from within Disney (and the Club Penguin team)?

And the answer is, with a high level of certainty, yes.  This leak is legitimate.

How do I know this leaked material truly came from within Disney?

Because I used to work at Disney.  Specifically... on Club Penguin.  In fact, I still have my Disney "Cast Member" badge (because having a badge that says "Disney Cast Member" is just too cool to not keep).

While the contents of this particular leak primarily cover the time between 2014 and 2017, which was after my time working on Club Penguin, I know enough details to be able to confidently verify this material.

With that important step out of the way, let's dive into the contents of the leak.

Nothing Overly Surprising or Controversial

I know what all of you are wondering.

"Is there anything controversial or juicy in these leaks?  It's Disney!  It's a popular kids online game!  There's gotta be something wild in here!"

But, you know what?  It's really pretty dull.  Lots and lots of corporate boringness.

The only times anything got even remotely political were during two "End of Sprint" retrospective meetings (Club Penguin development used an "Agile" development methodology, with work divided into multi-week "Sprints").

The first time was immediately following the November, 2016 USA election.

The end of the Sprint after the 2016 Presidential Election.

"What should we have done better?"

The answer?  "Trump was elected!!"

Clearly the team was not thrilled that Trump won that election.

Though, all was not lost!  The team was very pleased with "Darlesson's cookies" and happy that Darryl was buying a house.  So.  You know.  Now we all know those details.  From within Disney.  Back in 2016.

Flash forward to January of 2017, and we have a similar set of statements from another "End of Sprint Retrospective".

The end of the Sprint after the 2017 Inauguration Day.

This, of course, happened after President Trump was sworn in to office.

Once again, the Disney Club Penguin team asked themselves, "What should we have done better?"

The answers?  "Trump" and "End of the world".

But, hey!  Look at all those things they did well!  Cookies!  Perogies!  Oooh!  And Timbits (aka "Donut holes")!  Looks like they were eating well!

Thus ends the entirety of the political content found within these Club Penguin leaks.  Over 800 MB of leaks -- consisting of 137 PDF files and an absolutely massive number of HTML files -- and this is the most politically charged content in the entire archive.

Keeping Club Penguin Clean

One of the difficult challenges in running an online system -- like Club Penguin -- for children... is keeping things... clean.  Family friendly.  G Rated.

No matter how much work went into limiting "adult" content, people would find ways to sneak naughty stuff into the game world.  More often than not through the use of funky acronyms.  Sometimes it would be older kids just being naughty... other times it was adults "playing Club Penguin" and being gross.

Within this leak is a "Top 50 Acronyms Parents need to know" -- which contained a small portion of the known ones.  Some were pretty wild.

Yup.  In a kids game.

To Club Penguin's credit, they worked pretty hard to limit all of this as best they could.

True story: When I was working on Club Penguin, an issue needed to be handled where players would work together to arrange their penguin characters (by simply walking around the world) into inappropriate patterns.  I'm not going to describe those patterns... I'm sure you can use your imagination to figure out the pictures they were trying to make.  The solution was to create a function that checked for the penguins being in certain types of particularly naughty patterns... and, when detected, shuffle the characters all over the screen.  It wasn't a great fix.  But it did the job.

This Leak Gave Me Corporate PTSD

End of Sprint Retrospectives.  Sprint Planning Documents.  Burndown charts.  Reports and proposals.

As I read through page after page of corporate, agile busy work I felt myself becoming increasingly stressed.  And annoyed.  Flashbacks to morning Standups and Scrum meetings.

I was instantly back there.  In the Disney Club Penguin office.  In that meeting room.  Under those fluorescent lights.  Feeling my soul slowly dying as I await my turn to give my daily update.

Part of a presentation from an end-of-Sprint Review.

While there's nothing damning or incriminating in these leaks... it served as a visceral reminder of why I stopped working for Disney.

Here's another screenshot.  This one is a Burn-up Chart pulling data from JIRA (a bug/task tracking system... if you don't know what it is... count yourself lucky).

I had to look at it.  Now you do too.

A Burn-up chart.  From JIRA.  For the end of a Sprint.  Kill me now.

You're welcome.  (I'll spare you from seeing screenshots of the countless other charts and Sprint meeting notes.)

One of the few mildly interesting tidbits in this leak comes in the form of emails, mostly between Product Managers, regarding the final days of Club Penguin -- and when they announced that the service would be closing.

I've censored the name of the Product Manager who sent this email.  Because it just simply isn't important in any way, shape, or form.

And, when I say "mildly" interesting... even that is a bit of a stretch.  This is all about as run-of-the-mill as it gets within the Tech Industry.

Some API Documentation

Ready to really make your eyes glaze over?

How about over One Thousand HTML files... all documenting various APIs used by a variety of systems... many of which are no longer in use.  By anyone.  Anywhere.

Over 1,000 of these.

Seriously.  This Disney leak includes over 1,000 files just like this one.  And the vast majority of the information contained within it is only of historical interest.

But, hey.  Documenting computer history is important.  Even if it is mostly internal, corporate systems.

That's it.  That's the Club Penguin Leak.

Right about now you're wondering to yourself, "Why do I need to know about any of this?"

Quite frankly... you don't.  The truth is -- despite the massive number of documents in this particular leak -- almost none of it was going to be interesting or important to you.  Heck.  Let's be honest, most of it was barely interesting to the people who originally wrote these documents.

But this gives you a little glimpse into some of the work that The Lunduke Journal does.

So far this year, The Lunduke Journal has received of over 27 GB of leaked material (not including video) from a number of the biggest companies on Earth.  And, while some of it is explosive and critically important (such as the Red Hat or Microsoft leaks), most of it is... a lot like this Club Penguin Leak:

One or two mildly interesting statements nestled between notes about food in the break room... and charts about bug tracking.

But The Lunduke Journal goes through it all... and only occasionally tortures you with the boring stuff.

(Unless, of course, you were a big Club Penguin fan.  In which case: You're welcome for this fascinating and riveting dive into the internal documents from the final years of Club Penguin.)

community logo
Join the Lunduke Community
To read more articles like this, sign up and join my community today
12
What else you may like…
Videos
Podcasts
Posts
Articles
4Chan and Kiwi Farms File Lawsuit Against UK

It is both an important legal case... and a brilliant trolling of the British government.

The article:
https://lunduke.substack.com/p/4chan-and-kiwi-farms-file-lawsuit

More from The Lunduke Journal:
https://lunduke.com/

00:21:00
Microsoft Fires "Intifada" Employees

This last week, a group of anti-Jewish Microsoft employees got rowdy. Microsoft fired some of them and sent The Lunduke Journal a statement. Then held a media briefing. Let's watch it together.

More from The Lunduke Journal:
https://lunduke.com/

00:27:39
Video of "Worker Intifada" Occupying Microsoft President's Office

Last week the Microsoft "Worker Intifada" ransacked a farmers market and chanted "Go away, Jews!" Today they got arrested in Microsoft's President's office. We have the video.

The Brad Smith office "occupation" video clips:
https://x.com/LundukeJournal/status/1960502030692229479

More from The Lunduke Journal:
https://lunduke.com/

00:19:50
November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

The futility of Ad-Blockers
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

openSUSE says "No Lunduke allowed!"
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at Lunduke.Locals.com to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

🌈 💥 I suppose that I would spend my time with "Tropico", or the first two "Fallout" games, or entertain myself with "Day of the Tentacle."

😸 I actually felt a little better, "Doom Scrolling" the post.

post photo preview

Reinstalling OSX on my old PPC Mac Mini. It verifies the install CD whether you like it or not. I can't stand that kind of thing. “Oh now, it's for your own good, you know”. My own good is “not having to sit around for half an hour waiting for verification of a disc that I already know is good and don't actually care if it isn't anyway because it's a 20-year-old OS on a 20-year-old machine and I'm only doing this because I messed up a Linux install and actually want to check that the hard disk will still boot an OS”.

Grr.

Omarchy is Shiney New Junk.

It's fine if you're a web developer and you really love the basecamp (aka 37signals) spin on Arch, I guess. But for the rest of us, it's a whole lot of jibber-jabber for very little benefit.

You can't even test drive it in a virtualbox.

There's some sort of video driver issue. You can't use the default VMSVGA driver (you have to use VBOXVGA), you can't go above 16MB of video memory, you can't get a resolution higher than 800x600, and the default terminal command (super+T) has been reprogrammed to open BMON instead of just the dang terminal. So, you can't even attempt a virtual box extensions install after-the-fact. Which you'll only discover if you shrink the font size enough to get the minimum height/width for the bmon to pop up.

I don't even really understand why a tinkerer would be interested in this. Just use Arch, if you want to hack, yeah?

For the rest of us who just need a general purpose machine to do common coding / video / gaming / ...

post photo preview
post photo preview
Android to Require Developer ID Checks
Want to publish Android software? You'll need to let Google verify your identity. Plus: Google commits to supporting Sideloading and Third Party App Stores.

Google has announced that they will be requiring all Android Apps — including “sideloaded” apps installed outside of the Google Play Store — to undergo developer identity verification.

Android Developer ID Check

“Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices,” says Google. “Think of it like an ID check at the airport, which confirms a traveler's identity but is separate from the security screening of their bags; we will be confirming who the developer is, not reviewing the content of their app or where it came from.”

 

These requirements will go into full effect in September of 2026 (one year from now), but only for developers in four countries: Brazil, Indonesia, Singapore, and Thailand.

Countries which, according to Google, suffer from “fraudulent app scams, often from repeat perpetrators”.

The idea seems simple enough: If a developer is known to make Android malware, Google will have the ability to block their software from being installed. Thus preventing the spread of Malware.

We will see how well this system works, in practice, next year.

 

It also remains to be seen when this “Google App Developer Identity Verification” requirement will be enforced in other countries (such as the USA). For the moment, Google is simply saying “2027 and beyond”… so there’s still time left for this policy to be modified.

As part of the process, Google is launching a new “Android Developer Console”, specifically for developers to verify their identity and register their applications.

The Practical Impact

What does this new “ID verification” for Android Devs mean… in the real world?

Once this change is worldwide:

  • A developer must be “verified” before their software can be installed via any mechanism — including Sideloaded Apps, and alternative App Stores (such as F-Droid).

  • Developing and publishing Android software, in an anonymous fashion, will no longer be supported.

Google is also, it appears, committing to continuing to allow “sideloading” and third party App Stores for the foreseeable future.

In other words: If a user wants to sideload software, or use F-Droid, Google will allow that. But Google is going to know the real-world identity of the developer / publisher of any software that gets installed.

The War on Sideloading, Revised

Google and Apple have been at war with the concept of “sideloading” (aka “Installing software the normal way”) for several years now. With both companies adding new features to their systems which allow them to block the ability of users to install “non-approved” software.

 

In that context, this particular announcement from Google is a bit of a double edged sword.

From Google’s announcement:

“To be clear, developers will have the same freedom to distribute their apps directly to users through sideloading or to use any app store they prefer. We believe this is how an open system should work—by preserving choice while enhancing security for everyone.”

On the one hand, requiring ID verification for developers is clearly a big step towards increased control over what software is installable on the systems we own.

On the other hand, Google is making it clear they intend to support sideloading & third party App Stores into the future.

Something they have been hesitant about in the past.

Read full Article
post photo preview
All Lunduke Journal Videos Now Free for Everyone
All Articles. All Audio Podcasts. And, yes, all Videos from The Lunduke Journal. Free. For subscribers and non-subscribers alike. On all publishing platforms.

The Short-Short Version: Articles, Podcasts, and Videos — from The Lunduke Journal — are now, once again, free for absolutely everyone. Subscribers and non-Subscribers alike. On all publishing platforms.

The Slightly Less Short Version

A little over two weeks ago, The Lunduke Journal implemented a change. All of the Articles & Audio Podcasts would remain free for everyone… but the Videos would now be published as subscriber exclusives. Non-subscribers would no longer have access to videos.

This was what is known as a “Huge Mistake Made by a Total Bonehead”.

 

While the motivation for that change was well intentioned (to provide some perks for all of the amazing subscribers who make The Lunduke Journal possible, and maybe encourage some new subscribers in the process)… in practice it was an absolute disaster.

The key problem with making all of the videos “Subscriber Exclusives” was, in hindsight, incredibly obvious:

Many people will subscribe to The Lunduke Journal on one platform… but prefer to watch (or read… or listen) to The Lunduke Journal on a completely different platform.

For example: Someone who subscribes on Locals may watch the videos on YouTube. Another person who subscribes on Substack may watch on Rumble. And so on.

And, by making those videos “Subscriber Only”, it made watching The Lunduke Journal’s videos significantly more difficult for… Subscribers. The very people it was supposed to be a perk for.

Whoopsie Daisy

Well. Shoot. I’m man enough to admit when I’ve made a mistake. And, boy howdy, was that a mistake!

 

Effective immediately, Videos are now officially free for everyone (just like the Articles & Podcasts). On all platforms which The Lunduke Journal publishes to. Because making sure reading, listening to, and watching The Lunduke Journal is convenient for all of you is a top priority.

Over the next day, all of the “Subscriber Exclusive” videos (published over the last 2 weeks) will become free for everyone.

Running The Lunduke Journal is Not Easy

Just as an aside: What we’re doing with The Lunduke Journal is… unique.

Pretty much every Tech Journalist is funded by Big Tech. Money for advertisements. Money for sponsorships. Money for “paid articles” that look like real journalism but are, in fact, just repackaged ads and press releases.

Take away that Big Tech money and 9 out of 10 Tech News outlets would go out of business tomorrow. Which means they all need to keep Big Tech happy. And that shows in their coverage (and their refusal to touch many important news stories).

By choosing to not take a single penny from Big Tech, The Lunduke Journal has the freedom to tell the truth. To follow the Tech News stories wherever they lead (no matter who it makes grumpy).

But it also means that keeping The Lunduke Journal in business is even trickier than it is for all of those Brand X Tech News Outlets (which already have a hard time staying afloat, even with the Big Tech moolah).

What’s amazing… is that we, against all odds, have pulled it off. For several years now, The Lunduke Journal has stayed in business without taking a dime from Big Tech. And that’s all thanks to all of you. Thank you for making this possible.

If you haven’t grabbed a subscription, just a reminder that now is a great time to do that. 50% off through the end of August (which is a few days from now).

Want to support The Lunduke Journal having all videos (and everything else) for free for the world? That would be a great way to do it.

Once again. Seriously.

Thank you.

-Lunduke

Read full Article
post photo preview
Omarchy 2.0 - The Arch-Based, Hyprland, Non-Woke Distro
The 2.0 release of the unabashedly nerdy, developer focused, & DEI-free Linux distribution is here. And people are flocking to it.

Omarchy, an Arch-based Linux distribution which self-describes as “An opinionated Arch + Hyprland Setup”, has just published their 2.0 release.

 

Omarchy was started by David Heinemeier Hansson (DHH), the creator of Ruby on Rails, as a command-line and developer focused (and unabashedly nerdy) configuration of Arch Linux.

In the short time since it began (back in June), Omarchy has captured a massive amount of interest and has grown to become a full-fledged distribution in its own right.

Omarchy 2.0 boasts a new ISO installation method, AUR-free installation, a Chrome micro-fork with live theme switching, a Starship prompt, a new icon, and 400 other changes (from 45 contributors).

 

According to DHH, the Omarchy Discord now has over 6,000 members with the website having received over 100,000 unique visitors in the last month.

Not too shabby for a Linux distribution that is only 2 months old.

Speaking of Discord, if the Omarchy installation fails, it displays a QR code with an invite link to the Omarchy support channel. I thought that was a rather nice touch.

 

Worth noting that Omarchy — and the Hyprland window manager, which Omarchy uses by default — both were added to “Lunduke’s Non-Woke Software List” this month.

 

Omarchy is yet another Open Source project which has steered clear of Woke & DEI politics… and has seen tremendous success and adoption. We have seen that same scenario play out repeatedly now, with projects like OpenMandriva, XLibre, Hyprland, & Brave.

Avoid DEI. Experience a flood of users, contributors, and excitement.

A pattern is emerging. Hopefully more projects learn this important lesson.


The Lunduke Journal is the last bastion of truly independent Tech Journalism. Ad Free, Big Tech Free, Non-Woke, & Audience Supported.

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals