Slashdot Mirror
Half-Life 2 Delayed Following Code Leak
jhol writes "CNN is reporting that Half-Life 2 is delayed "by at least four months, that is to April 2004.", due to the code leak. VU Games has already suffered a 29% fall in revenue and an operating loss of $61.36 million this year. A Christmas release of Half-Life 2 would probably have been most welcomed." Update: 10/07 20:38 GMT by S : CNN Money are now reporting there's a newly public leak, allegedly involving a partially playable, Beta pre-release of the game.
I just have to wonder if a serious delay was in the works anyway and the code theft gave Valve a publicly acceptable reason.
I always save my last mod point to mod up a good troll. You people are too serious.
Are you serious? How much money do you think Valve makes off of the sale of a game? How many MILLIONS?
Do you HONESTLY think that they would even make 1/10 of that solicting for donations from the good of one's heart?
How much money do you think cdex + xiph + bittorrent + scorched3d + blender + tons o' other donation-based projects get per year? Answer) A mere fraction of a fraction of a fraction as much as Valve does.
Ok, it's not that bad but I'm modarately disappointed. But some of these fanboys I've been reading posts from on USENET might just kill themselves. Maybe someone should set up a crisis counciling center?
I would submit it as a story, but someone else probably has, and I've never had a story accepted yet :)
The NFO was on nforce.nl for a short time, but has since been removed. The leak has been confirmed here, and a few claim to have it (but they could be lying).
I've also seen a screenshot of the folders with all the map files in it, and the names look very much like what one would expect the long gameplay demo to be made from.
Not good news for valve :( I am disappointed that the game had to be delayed - and for all of you who have taken the source or download the beta, I hope you remember your duty to purchase the game when it does come out.
Yeah, or they could consider free copying of the games as promotion for their concerts, where they make the real money.
When will Slashdot users grow up?
Games, movies, and even songs from the Backstreet Boys cost huge amounts of money to produce. You will be charged for copies, one way or another.
If people can't figure out how to slow down this ridiculous level of IP theft pretty damn soon, I guarantee you that we will have DRM shoved down our throats. In this case already, the delay of several months is probably to put in place with is effectively DRM, in order to cut down on multiplayer cheats.
He wasn't that stupid. The email used a old buffer overflow bug in the preview pane of Outlook to install the program, Gabe just had to click(not even open) the email for it to install the trojan.
However, it's mind-bending that their Outlook weren't patched(it's a very old exploit) and that he uses the preview pane in Outlook, on his work related computer. I know that they are backed by Microsoft, and thus probably gets all the MS toys, but they still forgot to patch them.
A shame. Still, a custom written trojan made against Valve to target their system and get the code/data of the game isn't something you see everyday. Either this kind of thing doesn't happen often, or it happens often but it's never detected(or acknowledged). Think industrial espionnage. Either way, it's not an easy to spot/cure, not antivirus/firewall can detect it effectivly if it's custom written against you. They probably probed Valve to check what exploits would or wouldn't work, so it's not as easy as to say: they should have patched, because the hacker would probably have tried another way and with a little determination, would have still compromised their systems enough to get some data.
It's not because the game leaked, but because the underlying systems that ensure that players can't easily cheat, warez the game, or access the personal information of other players.
Part of what was compromised was probably the code that handles CD key authentication, user online authentication, etc. So clearly warez and such for this game could be hugely rampant.
Part of what was compromized was probably the code that handles Valve's anti cheat system. So clearly the cheats that override that system could be hugely rampant.
Part of what was compromized was probably the code that is the game's engine. So clearly there could be cheat authors easily creating wall hacks, aim bots, and any number of other cheats.
Part of what was compromized was probably the code that handles purchasing the game over Steam. So clearly there could be some risk of credit card and online commerce fraud, personal information leaks, etc.
Look at it this way. The blueprints and plans for the bank got stolen. Thieves are studying them now. The bank is going over the blueprints with a fine toothed comb to fix the obvious (and not so obvious) weaknesses which are more clear when you have the plans.
"Why would this cause any sort of delay?"
One possible explaination is that the network code will need to be made incompatible to prevent cheaters. APIs may need to me moved around and renamed to prevent see though wall cheaters. Stuff in the code may need to be hidden to make it harder for cheaters to mod the dlls.
Just a guess....
Burn Hollywood Burn
See the story at The Register. They link to Valve's forum, where the general manager details how the code was leaked: in short, his own account information was stolen via Outlook, then several other employees were hit with a Outlook preview-pane virus that installed a keylogger.
Of course, this is no reason to think that Outlook isn't a perfectly good solution for email. Outlook is great. There's no reason to consider any alternatives. No matter how much money you lose to Outlook virii, simply look at the silly dancing monkey!
"Nothing was broken, and it's been fixed." -- Jon Carroll
How many whiny posts do there need to be on: "Why did they have to delay it? This is BS". Well, here is a reason. If your company just got hacked in to and important information was stolen and leaked, instead of working on the product, you have to find what the vulnerability was, how to do damage control, how to re-structure how you do business so it doesn't happen again (i.e. redesign the network and create new security policies), and then have to get back to work on finishing the product while trying to make sure that anything cheaters would have gained from the source is fixed. I would say that is pretty large amount to do in a few months. Don't you think they would love to get it out so they can make money? Just use some freaking common sense here. If you are surprised by these delays, then you didn't think very hard. If you are upset by the delays, join the crowd, hunt the hackers, whatever. Just relax, it's a game, go buy a different one. It's not the end of the world.
Support a great indie game: http://www.abaddon360.com
Vivendi Universal Says Delay Not Confirmed
Tuesday, October 7, 2003
According to a news article posted today on a UK press release, there is a Half-Life 2 delay. We already know that Valve does is not mentioning a delay.
We received an email from Mike Thompson who says he works for Vivendi Universal and writes:
quote: "delay is not confirmed..."
Here we go around and around... again...
From Half-Life Source Dot Com
When will Slashdot users grow up?
When people realize that when one slashdot user speaks, he doesn't speak for all slashdot users.
"there are cases where security through obscurity is the best method"
PLEASE don't say this. I understand what you're trying to say, and that is correct, but your wording is completely horrid.
Obscurity is just that - obscurity. Using obscurity for protection is actually a decent plan in many cases - it's just not the same thing as security. The problem with "security through obscurity" is not that people aren't protected enough, it's that they are _confusing_ security and obscurity - thinking they have security when they only have obscurity. Both offer protection, but with different expectations.
There is NO SUCH THING as security through obscurity, and those who try show a complete misunderstanding of the issues. The can be _protection_ through obscurity, but security in relation to computers has a certain, specified meaning, and when people start throwing it around in connection with obscurity, it just makes the situation a lot more confusing than it needs to be.
Engineering and the Ultimate
I have to wonder how long until people start to realize that for truly critical (read millions of dollars) work, you're best off having the production machines OFFLINE.
It would be a pain in the ass only being able to code on one machine, but even something as simple as a KVM switch would make it tolerable.
Pain in the ass?? Try impossible. How do you think game programming works, anyway? One guy sitting there plugging away on his work machine from 9-5? Bzzzzt. Sorry, try again. I say this as someone who works in the industry for a fairly large publisher who will remain nameless.
HL2 is a large, big-budget game with a lot of code, a lot of staff, and a tight production schedule. Some people seem to live in this fantasy-land where PC games are still coded by individual hackers locked away in their basement. Well, welcome to the real world, where dozens of people need to work on the same code in near real-time, and where work continues even while coders are out of the office or in fact out of the country.
I don't know that all of this code needed to be on one machine that was net accessible. There's probably something that could have been done to segment it among separate machines on separate VPN's, which then could have been combined to compile and run whenever a build was needed. So yes, Valve could have probably taken better precautions. But the answer is not to put all of the code on a single, closed machine - that simply doesn't work in real life. The code - at least some of it at a time - needs to be net accessible for a company in the business of making games to function these days.
It was revealed today that a third of the code was stolen, so maybe Valve actually was taking some sorts of precautions - maybe it was separated into three segments on three different machines. But that probably was not enough.
You can look at Valve's security as a whole, and maybe you will find holes that should have been plugged, but simply saying "the code should not have been net accessible!" is just not realistic.
You know the Duke Nukem developers are kicking themselves, saying "Why didn't we think of that."
cat
I agree that Valve should not be blamed for allowing the code to reside on a machine connected to the Net. Having the code reside on a local machine (or local network of machines) that does not have Internet access is an impractical idea.
However, I think Valve shares some of the responsibility on other aspects. The unpatched Outlook (perhaps even the use of Outlook) is definitely a problem area for such a high profile organization. If they neglected to patch Outlook, what other basic security issues were neglected by Valve? Perhaps it was something as simple as Gabe using his home computer which he left unpatched, but that's something that network admins should be aware of IMO.
I also think Valve's staff is vulnerable to social engineering. Take a quick peek at myg0t.com (skip the intro and turn off the music) and read about the various chats that were had with Valve personnel. Really simple stuff that worked.
My point: Valve should be aware that they are high profile and they should have at least taken measures to make themselves secure against basic hacking methods.
It's already in place and seems to function.
It's called paying for the damn game.
It's not offtopic, dumbass. It's orthogonal.