dear Gabe, security and half-life2

[rsol]

well gabe, you poor lad. i do feel sorry for you guys after all that hard work. With all the nonesence thats happened I would forgive you for giving up on the whole thing and working on halflife 3

Even if I came across the hacked version I'm still going to buy the game. You deserve it. Plus its like watching a video of a movie b4 its on the big screen. Pointless.

You're a community minded sort of guy but you should remember that in every community theres a fool and a thief. I know who you probably feel like on that front.

If i were you I'd take a leaf out of the many developers books. DONT HAVE THE GAME ON THE NET! I know this brings making the game into a hardship as having to go to a certain place to do your developement but it makes more sence. For gods sake the world knows your home phone number!!! Its an invitation!!!

I have friends who games-test for companies like nintendo, eidos etc. most software cant even leave a sealed room for fear of copying.

Take a look around you. Those people you've been slaving away next to for the past 10 years? You can trust those people. Dont think for a minute you can trust the anyone else!

 

[Neutrino]

Um, I'm quite sure that Gabe and Valve are quite proficient at what they do and how they handle their security (well atleast now they are =)).

And why are you writing as if you are addressing Gabe or Valve?

 

[Sp00fman]

what about the guy a few days back who claimed he had an version a week old??

 

[rsol]

Originally posted by Neutrino
Um, I'm quite sure that Gabe and Valve are quite proficient at what they do and how they handle their security (well atleast now they are =)).

And why are you writing as if you are addressing Gabe or Valve?

because i am addressing gabe. if he reads it then hey.

As far as security is concerned valve have failed miserably on that front. not only did they know(reading from gabes words on other forums) they were under attack, they failed to stop GIGS AND GIGS of material leaving thier network. Plus they didnt seem to even know who did it or from where. You dont see the likes of carmack and co crying into thier arpits hoping it will all go away. They managed a beta test at quakecon with no security breach.

 

[Neutrino]

Originally posted by rsol
because i am addressing gabe. if he reads it then hey.

As far as security is concerned valve have failed miserably on that front. not only did they know(reading from gabes words on other forums) they were under attack, they failed to stop GIGS AND GIGS of material leaving thier network. Plus they didnt seem to even know who did it or from where. You dont see the likes of carmack and co crying into thier arpits hoping it will all go away. They managed a beta test at quakecon with no security breach.

If you want Gabe to read it you should really try e-mailing it to him.

While obviously valve had security problems, I think the situation was/is too complex to form any opinion about without inside information. But it is quite apparent that this was no everyday hacker just out for a stroll. This person seems to have known exactly what they were doing and did their homework. You say they didn't know who did it or where the hacker was located. Well, do you know how hard it is to do that? If a person is good enough to pull this off then they are certainly going to make damn sure that they are not detected or found. Before blaming valve for any security breach, think about how many government agencies are hacked into. Even very, very high security networks can be broken into from time to time. Like I said in the beginning, unless you truly understand Valve's network system and the unique situation of a gaming company, I don't think you can form an educated opinion about this subject (unless your a computer expert i suppose). Oh and "gigs and gigs of material" is rather an exageration don't you think?

In the second part of your statement you seem to compare Valves situation to Id software by saying that Id has better security. While this is purely speculation in the first place, it completely falls apart once you consider that Id also had some form of security breach and an alpha version doom 3 was leaked about a year ago.

Now I'm not saying that Valve is in no way responsible for a security breach. What I am saying is that we don't know the whole situation, and have no way to accurately judge valves actions one way or the other. Just keep in mind that these people are proffesionals with a large stake in their product. They probably have a pretty good idea of what they are doing.

So, maybe before you completely judge anyone or any situation, you might want to take a moment to consider all the factors involved and realize that without accurate and complete information on a subject you cannot truly form a totally accurate and complete opinion of said subject. Just my thoughts. Feel free to ignore them.

 

[rsol]

alot of ppl in the games industry are laughing. i feel sorry for the valve team. if you look at it from the point of developement you have two ways that a game can be stolen b4 publishing. inside the company itself or by outside on the www.

Apart from the usual "cards and guards" approach there is not a alot else you can do to stop an internal breach. Its effective on its own.

The problem lies in the other. You're computer, mine they can all be hacked by anyone any time. I dont care as unless i have a secret to keep im not at much risk apart from the ussual blanket bombing of a few talented teenagers. This was not some kid. professionals looking to sell the source. I dont care what anyone says.

If i had a game that i knew every1 wanted a look at i wouldnt have "physical" links to the outside. Gabe openly admits hes too trusting. As do many ppl on the net. This is a big mistake that will cost them far more than i could say. He has outsourced many fields of the code to other companies, 1 in ireland i believe. these all add risk.

yes there was code leaked last year from Id but nothing worth that of HL2. you dont keep the crown jewels in a window facing the street.

As far as educated guess work is concerned. If some1 hacked thier way in they didnt walk through the door did they? no need to guess that. thats the point. if you are going to make a game with such eager anticipation you would expect a hacker. no link to the net for the computers making the game. problem solved.

 

[rsol]

Originally posted by Sp00fman
what about the guy a few days back who claimed he had an version a week old??

i dont know anything of this incident. where did you get this information?

 

[Cpt.Carnage]

Why am I remided of a game called Uplink as I read this post ??? LOL:cheers:

Carnage

"I'm not going to ride on a magic carpet!" he hissed.
"I'm afraid of grounds."
"You mean heights," said Conina. "And stop being silly."
"I know what I mean! It's the grounds that kill you!"
-- (Terry Pratchett, Sourcery)

 

[Incitatus]

Originally posted by rsol
well gabe, you poor lad. i do feel sorry for you guys after all that hard work. With all the nonesence thats happened I would forgive you for giving up on the whole thing and working on halflife 3

Even if I came across the hacked version I'm still going to buy the game. You deserve it. Plus its like watching a video of a movie b4 its on the big screen. Pointless.

You're a community minded sort of guy but you should remember that in every community theres a fool and a thief. I know who you probably feel like on that front.

If i were you I'd take a leaf out of the many developers books. DONT HAVE THE GAME ON THE NET! I know this brings making the game into a hardship as having to go to a certain place to do your developement but it makes more sence. For gods sake the world knows your home phone number!!! Its an invitation!!!

I have friends who games-test for companies like nintendo, eidos etc. most software cant even leave a sealed room for fear of copying.

Take a look around you. Those people you've been slaving away next to for the past 10 years? You can trust those people. Dont think for a minute you can trust the anyone else!

okeeej, that's a, well, kinda weird post. Do you imagine you can tell VALVe something they don't already know about their own project? Or are you just expressing sympathy? In that case that's one weird almost condescending way of expressing it.

p.s. strike 'almost'

:afro:

 

[Kschreck]

He's just trying to be nice.

 

[rsol]

im not trying to condescend Mr Newell. The guy has had enuf sh*t on his plate for one year. Im just making the point that any company that trusts that the internet is filled with worthy money paying types who want nothing more than to hand over money for a game is foley.

How many have you got the hacked copy? or at least tryed? come on own up. Im not saying ppl are thieves but we wont pay for things we can get for free. haxors are scambags when they kill off trade for new startups that have some git walk in to help test them and later passes it on to a m8.

Something needs to be learnt by ALL not just valve. If they hadnt even released any footage at all and just brought the game out with no press it would have been a storm! a welcome surprise too.

the music industry
the movie industry
both these are being crushed by piracy. I dont want the games industry to suffer the same fate.

 

[nutsak]

Crushed by piracy? yer.. the games industry will go that way, but crime happens everywhere... the only thing you can do is try prevent it from happening... ( and the only plus for steam is exactly that reason - to prevent piracy.)

 

[Pitbul]

u will never crush piracy. everything has a fail safe or can be cracked. even the Tages CD Prortection which is used on XIII that causes the game to stop working slowly has be 80% cracked and pretty soon they'll find easier ways to work around it.

 

[Lavrik]

If u make the game super big ((2 gb)) Most people will be turned off by the 2 week time it will take to download through p2p.Most people dont buy stuff out of lazyness ((Cannot wait for shipping dont wana go to store,dont have enough cash or are just asses))

 

[FoB_Ed]

"Im not saying ppl are thieves but we wont pay for things we can get for free"


Speak for yourself, buddy. And the games industry already is wracked with piracy. Just go check out a bittorrent site and see all the games you can download

 

[RandomPING]

I still don't understand why everyone seems to think valves security was soooo bad. All a hacker needs to do is exploit one tiny bug in the many programs on a system, this guy just found one of the few unpatched ones. In this case it was an exploit in outlook that they got a keylogger onto the system.

I don't think anyone in the industry is laughing at them either. I think this made a lot of companies wake up and re-evaluate their own security. I'm sure a lot of other companys really feel bad for what happened to Valve. I mean, John Carmack probably really feels for him. Not like the doom 3 source code got leaked, but he understands how bad breaches in security are.

I'd do a longer post but i've talked about this a few times, when people say "their security was AWFUL" they simply don't know how internal networks work, and how one person with an unpatched system can work as a link between the external net (the internet) and the internal network you're a part of.

 

[nnyexoeight000]

Most humans feel degrading others makes them superior. So instead of researching the truth, they blow off with mindless ramblings.

You know the truth, valve knows the truth. let the sheep drown in their ego baths.

As for everyone else that knows better. Kudos!

I love hot pockets.

 

[RandomPING]

Originally posted by nnyexoeight000
Most humans feel degrading others makes them superior. So instead of researching the truth, they blow off with mindless ramblings.

You know the truth, valve knows the truth. let the sheep drown in their ego baths.

As for everyone else that knows better. Kudos!

I love hot pockets.

I love Kudos. Who would have ever thought that granola bars dipped in chocolate would taste good?

Ah, that reminds me of my chocolate covered asparagus days.

 

[nnyexoeight000]

Ah, that reminds me of my chocolate covered asparagus days.

lol.

 

[Kschreck]

Security? I would suggest storing the important files on a Linux server so that they could not be hacked. Many people don't realize the security Linux has. Thats one of the major reasons why most of the US Government switched to (OpenSource Based Software) after 9/11. Also recently China's Government switches a long with amny other countries such as Germany, and many many countries overseas. (Sorry don't exactly know which companies) Linux has gone a FAR way over the last past few years. I use Windows for Gaming and Multimedia, and Linux for the rest. Anyways I'd suggest that Valve do that, but giving the fact that most of Valve's employees including Gabe himself and his Wife worked for Microsoft they will not switch.

 

[RobK]

In my opinion, with something as sensitive as HL2, all of the PCs which had access to the HL source code should not have had physical or wireless access to the net. That way there is no chance of something like that happening.

The source code should have been stored on a server that was physically secured. Assuming that it is stored on a Win2K/XP based system, it should have been encrypted using EFS and only developers would have the permissions required to access it. (Sounds like almost everyone had access)

As a final measure, I would replace Internet Explorer with Mozilla and Outlook with Mozilla Mail. IE & Outlook happily run all sorts of dodgy stuff, Mozilla

a) Doesn't and is far more geared up to be secure

b) Is a less mass-market product - therefore less likely to attack.

 

[azz0r]

GABE?! GABE AGAIN.

You are aware Valves a big company with more than one person. OMG.

 

[Neutrino]

Originally posted by RobK
In my opinion, with something as sensitive as HL2, all of the PCs which had access to the HL source code should not have had physical or wireless access to the net. That way there is no chance of something like that happening.

The source code should have been stored on a server that was physically secured. Assuming that it is stored on a Win2K/XP based system, it should have been encrypted using EFS and only developers would have the permissions required to access it. (Sounds like almost everyone had access)

As a final measure, I would replace Internet Explorer with Mozilla and Outlook with Mozilla Mail. IE & Outlook happily run all sorts of dodgy stuff, Mozilla

a) Doesn't and is far more geared up to be secure

b) Is a less mass-market product - therefore less likely to attack.

While I think you might have some valid points, I don't think anyone can form a valid opinion without intimate knowledge of a gaming companies network and situation and specific knowledge of how Valve operates. Without such knowledge all speculation is pretty pointless as it is not based on any concrete evidence or facts.

 

[iamaelephant]

Originally posted by azz0r
GABE?! GABE AGAIN.

You are aware Valves a big company with more than one person. OMG.

You are aware that Gabe Newell is the CEO and therefore overlooks everything that happens within the company? OMG... dick.

 

[Sp00fman]

Originally posted by rsol
i dont know anything of this incident. where did you get this information?

the mods deleted it quite quick. It was posted in the valve info only threat.

to bad i didn't copy/paste it.

 

[rsol]

Originally posted by Neutrino
While I think you might have some valid points, I don't think anyone can form a valid opinion without intimate knowledge of a gaming companies network and situation and specific knowledge of how Valve operates. Without such knowledge all speculation is pretty pointless as it is not based on any concrete evidence or facts.

every opinion is a valid one here btw. you dont need alot of brains to work out alot of access was given to this game. This is where outsourcing has its price.

 

[Neutrino]

every opinion is a valid one here btw. you dont need alot of brains to work out alot of access was given to this game. This is where outsourcing has its price.

Yes, didn't mean to imply that anyone's opinion wasn't valid. I was using valid as meaning factual. I wasn't very clear on that.:cheers:

 

[genocide604]

Dont feel sorry for them, they wouldnt have released the game this year regardless of the hack... They trixed us.

 

[Styloid]

I avoided this thread for a while because I was almost certain it would be one of those "I can rule this country better than..." or "I can coach this hockey team better than..." (what's that term? Backseat drivers?)
And it is.
Once again most factors are either ignored or not known about. How many computers are functioning in Valve? What about that faulty Tangis server the hackers were talking about? How come only a pre-e3 beta was stolen?
Sometimes things are more complex than they seem and you can't see it all when you're nowhere near the scene of the crime.

 

[ph34r t3h cute]

Originally posted by azz0r
GABE?! GABE AGAIN.

You are aware Valves a big company with more than one person. OMG.

Ugh, your such a moron! everyone knows that gabe does the PR, Art, modeling, maps, textures, story, made the engine.

Everything! :cheers:

Nah just joking.. Your right its not just gabe, I think its about 30ish people working on hl2..

 

[mbrithoms]

Originally posted by azz0r
GABE?! GABE AGAIN.

You are aware Valves a big company with more than one person. OMG.

propably because Gabe has alledgedly posted here twice

 

[jet jaguar]

Originally posted by genocide604
Dont feel sorry for them, they wouldnt have released the game this year regardless of the hack... They trixed us.

I don't feel sorry for them. The 9/30 release date was too good to be true, but I let myself actually believe Valve would make up for years of ignoring the TF2 community. Guess what? They didn't and I could care less if Steam proves to be Valve's ruin.

 

[RandomPING]

Originally posted by mbrithoms
propably because Gabe has alledgedly posted here twice

Alledgedly? He has posted here twice and it's been confirmed by multiple people.