Leak from Developer's P.O.V.

Do you think this leak will delay the game even more?

  • Yes

    Votes: 26 74.3%

  • No

    Votes: 9 25.7%
  • Total voters
    35
kernkraft

kernkraft

Newbie
Joined
Oct 3, 2003
Messages
55
Reaction score
0
[Note: I am new on HL2.net and registered because I wanted to know more about this and to post my opinion. I didn't read all the threads concerning this issue so this kind of conversation might have already been started somewhere else. Sorry if it has and the length of this post :).]

Hello, like most people patiently waiting for the HL2 release on the internet, I was shocked to see that something like this could actually happen. I was shocked to see that people could be so stupid. Code leak is nothing new for software companies but this one definitely takes the cake. If you dig deep enough on the internet/iRC, you can probably find leaked source of literally dozens of software ranging from Windows to Office to 3DS MAX (I haven’t checked myself :)).

This is because this software has hundreds of employees working on them and the more people touching the code the better the chances are that eventually, it will fall in the hands of a “jaded” employee. Now every company has a different way of handling this: file access records, source control records and so on. But the thing with these leaks is that most of the time it's just for “fun” or reverse engineering (my pov) and that people will rarely turn around and make an MSWord clone and try to sell it. What can happen is that other companies might look at it and steal ideas (I ain’t pointing any fingers…ms). But this is different; it’s not like a Doom III leak. This code isn’t like bitmaps, geometry and executables; people can simply steal all the ideas from HL2 without any effort. This is an attack against a company loyal to their clients, it is very bad for the industry and might delay the game even more. It may even make Valve think twice about making another game. I know I would.

Now to the point. If any of you are programmers, you probably have used MS SourceSafe before in a dev team. But did Valve use it? As Gabe is himself is a former Microsoft employee, it's very probable. SourceSafe in conjunction with VS2003 is the standard for enterprise development and the safest. What I’m trying to get at is, how were they/was he able to actually be able to make it pass all the security and the firewalls and etc. to get to the passwords never mind the actual code to a multimillion dollar software? Since we know Gabe’s inbox had been “tapped” for a while and that his machine wasn’t safe, the hacker(s) responsible for this could have found the passwords…but how? It’s not like professional game makers keep an “All_Passwords_Please_Don’t_Touch.txt” file on their desktop. Keeping keystrokes recorders isn’t a simple task and sorting through it is a pain in the ass.

How did Valve handle the security of their code and how can this be avoided? Any thoughts? Personally, I hope the code is old and/or incomplete and I think Valve should have waited another six months to tell community about the project :p.
 
yes as the fbi will come take the pc away to do tests :) or play hl2 one of the two :p
 
Great post kernkraft - it was very informative (SourceSafe info, neat), mature, and well thought out.

I'm with you - there is something strange going on here.
 
1. I think the game will now be delayed 6 months to a year for various reasons. Many aspects of the game will be changed.

2. Apparently Valve has been monitoring the hacker long before he stole the code. This means the code could be crippled or incomplete.
 
im so frusrtated. i want to strangle that hacker
 
I just hope we wont have a billion hacks out as soon as the game is released... worse even a hack that works for hl2 should work for tf2, cs2, any mod, any game made using source... :(


And who knows what else they had access to... maybe they had all of our steam account's and ID's.
 
As a developer, I am very saddened to hear that someone has taken it upon themselves to steal from a company that so many other support. I hope that the ramifications are not severe, and that the person(s) involved in this incident are dealt with severely.

J
 
The only reason I can think of is that Gabe being the boss wanted a full independant copy on his personal machine (for what ever reason, I wouldn't rule ego from someone in a management position). It was this copy and not the active i.e. still being developed and running under security version that was leaked.

Either that or the code was final (or at least frozen till they decided to do a patch) and hence was siting there again independent of what ever multiple user implementation security they were using.
 
Originally posted by Estevan
im so frusrtated. i want to strangle that hacker
Click to expand...

I'm with you, let's find that ****ing ass **** dick suck ass mother **** shit faced dickass mofo shit cock.
 
Originally posted by MooCow
The only reason I can think of is that Gabe being the boss wanted a full independant copy on his personal machine (for what ever reason, I wouldn't rule ego from someone in a management position). It was this copy and not the active i.e. still being developed and running under security version that was leaked.

Either that or the code was final (or at least frozen till they decided to do a patch) and hence was siting there again independent of what ever multiple user implementation security they were using.
Click to expand...

Yeah, but isn't the code that was taken rather... messy and old?
 
This is definitely a bad time for developers in the industry.

Good luck, VALVe - let's find the perpetrators, and stop them from doing this crap again.
 
Most code is, something like this is likely to have been continuously developed for many years. Why go back over old working code to tidy it up when you could be working on something new?

Also why bother to do cosmetic changes to something only a few people were supposed to see.
 
Keeping keystrokes recorders isn’t a simple task and sorting through it is a pain in the ass.
Click to expand...

Yeah, but if you follow (ironically) standard techniques of making a good password (mix of caps and lowercase letters, numbers and special characters, without any dictionary words) it makes it a lot easier to notice a password. Especially if the person is paranoid and doesn't save the password, and retypes it every time they use it. That's many repetitions of a noticably semi-random string in a buffer of text.

Then take into account how many times you confirm a password window by pressing "enter" and you can see how it can be pretty easy to find a password from the results of a key logger.
 
Originally posted by kernkraft
This is because this software has hundreds of employees working on them
Click to expand...

Vavle have 30ish people on there team. . . not 100s
 
Originally posted by nostgard
Yeah, but if you follow (ironically) standard techniques of making a good password (mix of caps and lowercase letters, numbers and special characters, without any dictionary words) it makes it a lot easier to notice a password. Especially if the person is paranoid and doesn't save the password, and retypes it every time they use it. That's many repetitions of a noticably semi-random string in a buffer of text.

Then take into account how many times you confirm a password window by pressing "enter" and you can see how it can be pretty easy to find a password from the results of a key logger.
Click to expand...

Good point nostgard, I have never tried a keylogger but that sounds like the logical approach. There still is the problem of setting it up on the Valve internal network though:).
 
Re: Re: Leak from Developer's P.O.V.

Originally posted by ph34r t3h cute
Vavle have 30ish people on there team. . . not 100s
Click to expand...

Which is why I stated that this leak was different.
 
I have never tried a keylogger but that sounds like the logical approach.
Click to expand...

Actually, neither have I... I'm just guessing. :E (really)
 
More Keylogger info

I forgot to mention that a friend of mine had once installed a key logger on a friend's machine (as a joke). As far as I know (and he knows), it is not an easy task even if you have access to the computer in question. This is especially true in the Valve case since developers look a their task manager at least once an hour to see what processes are running and are likely to notice it. This supposes that the key logger doesn't inject itself in explorer.

Once again, these are theories since I have never tried a key logger myself.
 
You must log in or register to reply here.

Similar threads

Krynn72
You guys, what the **** is up.
Replies
11
Views
2K
Tollbooth Willie
Tollbooth Willie
Lizardizzle
  • Poll
A proposition: ValveTime Half-Life 1 co-op event
Replies
5
Views
1K
Tollbooth Willie
Tollbooth Willie
Tollbooth Willie
HL2.NET HORROR SLAP
Replies
7
Views
2K
Tollbooth Willie
Tollbooth Willie
Lizardizzle
2019: The year of Half-Life SFX videos
Replies
4
Views
2K
Ennui
Ennui
Tollbooth Willie
To Those That Stand, Those That Fell
Replies
6
Views
2K
Tollbooth Willie
Tollbooth Willie
Back
Top