Slashdot Mirror
Half-Life 2 Delayed Following Code Leak
jhol writes "CNN is reporting that Half-Life 2 is delayed "by at least four months, that is to April 2004.", due to the code leak. VU Games has already suffered a 29% fall in revenue and an operating loss of $61.36 million this year. A Christmas release of Half-Life 2 would probably have been most welcomed." Update: 10/07 20:38 GMT by S : CNN Money are now reporting there's a newly public leak, allegedly involving a partially playable, Beta pre-release of the game.
It was Myg0t that got it, and Hitman, an ex-member of Myg0t, that released it.
I have over 70 freaks, do you?
One can use VMWare to do that. All VMs can have a virtual networks which will not be accessible from the host. No need for many computers and/or physical connection.
The folks at the NSA use VMWare for this purpose (they do have a special version with additional security features)
I bet that they will try to enforce that kind of separation (virtual or physical) anyway. By missing the Holiday season, they will loose a bundle on sales.
I would submit it as a story, but someone else probably has, and I've never had a story accepted yet :)
The NFO was on nforce.nl for a short time, but has since been removed. The leak has been confirmed here, and a few claim to have it (but they could be lying).
I've also seen a screenshot of the folders with all the map files in it, and the names look very much like what one would expect the long gameplay demo to be made from.
Not good news for valve :( I am disappointed that the game had to be delayed - and for all of you who have taken the source or download the beta, I hope you remember your duty to purchase the game when it does come out.
There are a lot of posts asking why the delay and why does it need rewriting. I would guess that the majority of the game WON'T need to be recoded, but certain things like CD key auth code will, certain networking code, etc.
Generally HL hacks intercept the DLL calls. SSL on the network connection wouldn't help at all.
See the story at The Register. They link to Valve's forum, where the general manager details how the code was leaked: in short, his own account information was stolen via Outlook, then several other employees were hit with a Outlook preview-pane virus that installed a keylogger.
Of course, this is no reason to think that Outlook isn't a perfectly good solution for email. Outlook is great. There's no reason to consider any alternatives. No matter how much money you lose to Outlook virii, simply look at the silly dancing monkey!
"Nothing was broken, and it's been fixed." -- Jon Carroll
> How hard can it be to have a closed network for all coding purposes?
:p
Oddly enough, as obvious as this seems, people are actually quite resistant to it. I've worked at two software development houses, and while that's not a terribly accurate representation of the entire industry, they both had the exact same attitude: "No, we don't need the dev machines on a private network, we're fine like it is.".
At one of them, I suggested it as a solution in response to a similar situation; source got into the wrong hands. Even then they said they didn't want to do it, they preferred to rely on employee training and discipline.
Whether it's indifference or ignorance, who knows. Common sense isn't, I guess.
Vivendi Universal Says Delay Not Confirmed
Tuesday, October 7, 2003
According to a news article posted today on a UK press release, there is a Half-Life 2 delay. We already know that Valve does is not mentioning a delay.
We received an email from Mike Thompson who says he works for Vivendi Universal and writes:
quote: "delay is not confirmed..."
Here we go around and around... again...
From Half-Life Source Dot Com
Bullcrap. The hacker would just have to copy out the file that is the VMWare "drive". No sweat. I'm glad you're not my security consultant...
The initial interviews with Gabe Newell stated that someone had hacked their systems, installed key loggers, and so on, then had accessed the source repository from off-site, using the login information gathered from the key loggers to checkout the source tree.
No one had to email source code anywhere. Besides, with source that size (or even smaller), it's far easier to just burn a CD and take it with you, or log in remotely and download only what you need.
-PainKilleR-[CE]
Whats stopping this from happening?
Since VU is operating at a substantial lost, they are prime to be saved by Bill Gate's wallet. Since Half Life2 [neoseeker.com] and Xbox2 [arstechnica.com] are both optimized to run on ATI's hardware, I can see the Richmond's Borg needing their killer app for XBOX2. Gates says "Hmmmm, Half Life2 sounds good. Buy them out boys!"
One big problem:
VU doesn't own Valve. VU owns Sierra, and Sierra is the publisher for Half-Life (and currently for HL2), but Valve owns Half-Life 2 and is self-funded. Gabe Newell formed Valve with his own money (gotten from being a well-payed Microsoft employee) and funded Half-Life without Sierra's (or VU) help. This is why Valve was able to delay Half-Life for a year in the first place. This is why Valve can push back HL2 without VU forcing it out when VU is operating at a loss. VU has no say in when the game is released unless their own QA finds problems with the final code and sends it back to Valve for more work (in other words, Sierra can delay HL2, but they can't force it to be released early).
Microsoft could probably buy Valve if they wanted HL2 bad enough, but I think it would be more than it's worth, since Valve is privately owned, self-funded, and making money hand over fist off the best-selling FPS of all time.
-PainKilleR-[CE]
There are a lot of TODOs and HACKHACKs in all Quake-derived code, even the Quake 'SDK' probably has a couple of them left. It's some kind of design style I think. At least it's not a bad one as it highlights the areas that are not really finished(not that anyone will ever fix it though, they are more like - I want this, someone do it for me?).
If you grep through the official Half-Life SDK you'll find at least 50 TODOs and HACKHACKs. (Much more than that probably, but I'm playing safe.)
I know that Valve aren't the greatest where security is concerned, But if you ask me, it serves them right for having such insecure systems.
I like many others have pre-ordered half-life2, but I'm seriously considering cancelling my order. If they can't grasp basic security proceedures, they don't deserve to be successful.
I love to know why a source code leak cost them four months? I could understand it if they lost a portion of the code.
having to rewrite the part that was lost
;)
You do know that when people say "stolen" now they just mean "illegally copied". Valve still has all the code.
And just for clarification, the "part that was lost" is the entire source tree for Half-Life 2, Counter-Strike, Team Fortress 2, Steam, and all the dev-tools/utilities (map editor, 3dsmax plugins, etc). Which would probably take them another 5 years to rewrite if they chose to take that route.
VMware might be great for general coding work. But what if you want to actually test something you've written? Good luck getting VMware to run your advanced 3D engine that requires a hardware accelerator (hint: it won't).
Why is this modded up? You do realize that VMware images can be copied to another machine running another copy of VMware, and booted without further effort, right? So all it would take is for someone to compromise the host machine. A thief wouldn't need to compromise the virtual machine or sniff packets; he could just download the VM's disk image from the host machine and boot it at his leisure on his own machine.
He said they speculate that it was done via a buffer overflow in Outlook's preview pane. .
At least a couple of years old if I remember correctly.
liqbase