Half-Life 2 Delayed Following Code Leak

jhol writes "CNN is reporting that Half-Life 2 is delayed "by at least four months, that is to April 2004.", due to the code leak. VU Games has already suffered a 29% fall in revenue and an operating loss of $61.36 million this year. A Christmas release of Half-Life 2 would probably have been most welcomed." Update: 10/07 20:38 GMT by S : CNN Money are now reporting there's a newly public leak, allegedly involving a partially playable, Beta pre-release of the game.

Re:Likely a change to stop "pirating".

[Blenderkitty]

Are you serious? How much money do you think Valve makes off of the sale of a game? How many MILLIONS?

Do you HONESTLY think that they would even make 1/10 of that solicting for donations from the good of one's heart?

How much money do you think cdex + xiph + bittorrent + scorched3d + blender + tons o' other donation-based projects get per year? Answer) A mere fraction of a fraction of a fraction as much as Valve does.

Re:Likely a change to stop "pirating".

Yeah, or they could consider free copying of the games as promotion for their concerts, where they make the real money.

When will Slashdot users grow up?

Games, movies, and even songs from the Backstreet Boys cost huge amounts of money to produce. You will be charged for copies, one way or another.

If people can't figure out how to slow down this ridiculous level of IP theft pretty damn soon, I guarantee you that we will have DRM shoved down our throats. In this case already, the delay of several months is probably to put in place with is effectively DRM, in order to cut down on multiplayer cheats.

This is why there could be a delay

[Pvt_Waldo]

It's not because the game leaked, but because the underlying systems that ensure that players can't easily cheat, warez the game, or access the personal information of other players.

Part of what was compromised was probably the code that handles CD key authentication, user online authentication, etc. So clearly warez and such for this game could be hugely rampant.

Part of what was compromized was probably the code that handles Valve's anti cheat system. So clearly the cheats that override that system could be hugely rampant.

Part of what was compromized was probably the code that is the game's engine. So clearly there could be cheat authors easily creating wall hacks, aim bots, and any number of other cheats.

Part of what was compromized was probably the code that handles purchasing the game over Steam. So clearly there could be some risk of credit card and online commerce fraud, personal information leaks, etc.

Look at it this way. The blueprints and plans for the bank got stolen. Thieves are studying them now. The bank is going over the blueprints with a fine toothed comb to fix the obvious (and not so obvious) weaknesses which are more clear when you have the plans.

Re:Confused

[Auckerman]

"Why would this cause any sort of delay?"

One possible explaination is that the network code will need to be made incompatible to prevent cheaters. APIs may need to me moved around and renamed to prevent see though wall cheaters. Stuff in the code may need to be hidden to make it harder for cheaters to mod the dlls.

Just a guess....

Please, shut up

[brkello]

How many whiny posts do there need to be on: "Why did they have to delay it? This is BS". Well, here is a reason. If your company just got hacked in to and important information was stolen and leaked, instead of working on the product, you have to find what the vulnerability was, how to do damage control, how to re-structure how you do business so it doesn't happen again (i.e. redesign the network and create new security policies), and then have to get back to work on finishing the product while trying to make sure that anything cheaters would have gained from the source is fixed. I would say that is pretty large amount to do in a few months. Don't you think they would love to get it out so they can make money? Just use some freaking common sense here. If you are surprised by these delays, then you didn't think very hard. If you are upset by the delays, join the crowd, hunt the hackers, whatever. Just relax, it's a game, go buy a different one. It's not the end of the world.

Re:Likely a change to stop "pirating".

[Synn]

When will Slashdot users grow up?

When people realize that when one slashdot user speaks, he doesn't speak for all slashdot users.

Re:Still haven't learned their lessons

[badasscat]

I have to wonder how long until people start to realize that for truly critical (read millions of dollars) work, you're best off having the production machines OFFLINE.

It would be a pain in the ass only being able to code on one machine, but even something as simple as a KVM switch would make it tolerable.

Pain in the ass?? Try impossible. How do you think game programming works, anyway? One guy sitting there plugging away on his work machine from 9-5? Bzzzzt. Sorry, try again. I say this as someone who works in the industry for a fairly large publisher who will remain nameless.

HL2 is a large, big-budget game with a lot of code, a lot of staff, and a tight production schedule. Some people seem to live in this fantasy-land where PC games are still coded by individual hackers locked away in their basement. Well, welcome to the real world, where dozens of people need to work on the same code in near real-time, and where work continues even while coders are out of the office or in fact out of the country.

I don't know that all of this code needed to be on one machine that was net accessible. There's probably something that could have been done to segment it among separate machines on separate VPN's, which then could have been combined to compile and run whenever a build was needed. So yes, Valve could have probably taken better precautions. But the answer is not to put all of the code on a single, closed machine - that simply doesn't work in real life. The code - at least some of it at a time - needs to be net accessible for a company in the business of making games to function these days.

It was revealed today that a third of the code was stolen, so maybe Valve actually was taking some sorts of precautions - maybe it was separated into three segments on three different machines. But that probably was not enough.

You can look at Valve's security as a whole, and maybe you will find holes that should have been plugged, but simply saying "the code should not have been net accessible!" is just not realistic.

Re:Still haven't learned their lessons

[gorfie]

I agree that Valve should not be blamed for allowing the code to reside on a machine connected to the Net. Having the code reside on a local machine (or local network of machines) that does not have Internet access is an impractical idea.

However, I think Valve shares some of the responsibility on other aspects. The unpatched Outlook (perhaps even the use of Outlook) is definitely a problem area for such a high profile organization. If they neglected to patch Outlook, what other basic security issues were neglected by Valve? Perhaps it was something as simple as Gabe using his home computer which he left unpatched, but that's something that network admins should be aware of IMO.

I also think Valve's staff is vulnerable to social engineering. Take a quick peek at myg0t.com (skip the intro and turn off the music) and read about the various chats that were had with Valve personnel. Really simple stuff that worked.

My point: Valve should be aware that they are high profile and they should have at least taken measures to make themselves secure against basic hacking methods.

Re:hello, outlook

[DickBreath]

I bet Slashdot wouldn't be so smug if the attacker had gotten in via the also patched SSH exploits that were out recently.

Yes we would be.

It is one thing to have a bug (i.e. buffer overflow) which can be exploited. That can happen to anyone.

It is a whole different thing to have software that is not designed with security in mind. SSH is designed to be secure. Outlook is not. IIS is not.

You're comparing a bug (which anyone can have) to a security design problem (which Microsoft seems to have plenty of).

Running a web server under the System account? Executing strange code merely by receiving e-mail? Showing spammer's links to external graphics by default? A web server that allows dot-dot-slash URL's to serve (or execute) files outside the WWWRoot directory? The people who wrote this were NOT thinking the slightest about security.

Um, yes we would still be as smug. And rightfully so.

How about this donation model?

[Ohreally_factor]

It's already in place and seems to function.

It's called paying for the damn game.