HL2 Source leaked

Page 9 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
O

oLLie

Diamond Member
Jan 15, 2001
5,203
1
0
Originally posted by: tokamak
an interesting read many suspect myg0t, a CS clan that susposedly include several very talented programmers. lots and lots of finger pointing going on on IRC right now....
Click to expand...

bah, internet = one giant rumor mill.
 
S

sxr7171

Diamond Member
Jun 21, 2002
5,079
40
91
Originally posted by: NogginBoink
Originally posted by: sxr7171
Originally posted by: silverpig Why do they even have to have the worstation computers on the 'net? Network them, sure, but don't give them a link to the outside world. If the dudes have to go on the net for stuff, give them a laptop or something on a separate network.
Click to expand...
Thanks, I thought I would get flamed like crazy for blaming Valve themselves. I guess they never even imagined something as horrible as this. I really do think that there is no need to have every machine in a company connnected to the internet, sometimes if they can't afford the proper software or hardware security measures, they should just cut the damn cord to the net on those machines that have highly valuable information. Quite frankly three weeks is a long time to "sit still," even though I heard that the attack was actually 2 weeks ago so they had a week to contain this. No matter what though, they do not deserve this in any way. I only say this, because I went to Case Western Reserve University where that crazy gunman shot and killed innocent people over losing his lawsuit with the university. What happened was that he was working on some kind of project for years and years maybe even a decade. All his data was stored on some school network that many people had access to. He and the stupid computer lab kid would have an argument once in while and the stupid computer lab kid thought he would have some fun and delete all this guy's work. So he did. The guy who was in his forties, who I used to see in various computer labs during the day and in the residence dining hall basically had no family or any life - his work was his life - filed a lawsuit against the university and lost. This is what led to the whole incident. When I heard about why he did what he did, the first question to pop up in my head was why didn't this guy back his stuff up? I mean felt sorry for him, for the people who died and those who got hurt, but it wouldn't have taken much to prevent all of this. I realize that hindsight is 20/20, but I think that those of us invest years of lives in intellectual property, in data that is so easy lost or stolen, should really think about insuring ourselves against these losses. Whether you beef up security or become more aware of the possibility of loss or call LLoyds of London for financial protection, I think we should all think about it.
Click to expand...
I don't think you can make this analogy. For your researcher guy, he was trusting his data to the university's IT department, who probably made promises that they'd do backups for him. In that case, it's natural to trust the IT staff. At least, it's certainly a reasonable thing to do (in most cases). Protecting yourself against a deliberate malicious attack from the IT staff is like wearing a kevlar vest just in case your wife decides to shoot you. In Valve's case, I agree: they should have known better. While maintaining totally separate networks for internet and source code is probably impractical, they obviously could have done more to protect their code. For perspective, I have access to all of Microsoft's Windows source code from the machine on which I'm making this post. Is that unreasonable? No, I don't think so. Is it a security risk? Absolutely. Should Microsoft keep their source code on a totally isolated network that has no bridges to the Internet? Well, it'd be secure (to an extent) but it would make it much harder for Microsoft programmers to get their jobs done. So the network that I'm on enforces antivirus software on the machines, has ACLs on the files and folders, and regular audits are done. Security is very much a big set of compromises. Anyone who claims it is black and white doesn't know what they're talking about. Read the new book "Beyond Fear" by Schneier for more.
Click to expand...

Yes, Valve should have known better. I realize that it is necessary to have extremely valuable information on a computer that is connected to the internet, and I even alluded to the fact that it may be needed to get the work done. What bothers me about this is the timeline as described by Newell himself. They had known for days if not weeks that a serious attack on their network was being made. I don't know what the solution to somebody accessing your webmail is, but from my very limited knowledge (I'm not a member of the IT community) a password change would have fixed that. If they had found the HL-2 source tree copied they must have really aware of serious intentions from these attackers. I appreciate that Newell went to the extent of reformatting, but if I saw that someone was playing with my files I would consider that an emergency, and just "pull the plug" no matter how much I need the network. They couldn't have done anything else to thwart the keystroke recorders that were custom made for them.


They say that if you encouter a dog that is trained to kill you should give it your arm, so that it doesn't go for your neck. Sometimes I think, giving up the internet until things are under control might be worth the sacrifice.
 
I

iwearnosox

Lifer
Oct 26, 2000
16,018
5
0
Originally posted by: sxr7171
Originally posted by: NogginBoink
Originally posted by: sxr7171
Originally posted by: silverpig Why do they even have to have the worstation computers on the 'net? Network them, sure, but don't give them a link to the outside world. If the dudes have to go on the net for stuff, give them a laptop or something on a separate network.
Click to expand...
Thanks, I thought I would get flamed like crazy for blaming Valve themselves. I guess they never even imagined something as horrible as this. I really do think that there is no need to have every machine in a company connnected to the internet, sometimes if they can't afford the proper software or hardware security measures, they should just cut the damn cord to the net on those machines that have highly valuable information. Quite frankly three weeks is a long time to "sit still," even though I heard that the attack was actually 2 weeks ago so they had a week to contain this. No matter what though, they do not deserve this in any way. I only say this, because I went to Case Western Reserve University where that crazy gunman shot and killed innocent people over losing his lawsuit with the university. What happened was that he was working on some kind of project for years and years maybe even a decade. All his data was stored on some school network that many people had access to. He and the stupid computer lab kid would have an argument once in while and the stupid computer lab kid thought he would have some fun and delete all this guy's work. So he did. The guy who was in his forties, who I used to see in various computer labs during the day and in the residence dining hall basically had no family or any life - his work was his life - filed a lawsuit against the university and lost. This is what led to the whole incident. When I heard about why he did what he did, the first question to pop up in my head was why didn't this guy back his stuff up? I mean felt sorry for him, for the people who died and those who got hurt, but it wouldn't have taken much to prevent all of this. I realize that hindsight is 20/20, but I think that those of us invest years of lives in intellectual property, in data that is so easy lost or stolen, should really think about insuring ourselves against these losses. Whether you beef up security or become more aware of the possibility of loss or call LLoyds of London for financial protection, I think we should all think about it.
Click to expand...
I don't think you can make this analogy. For your researcher guy, he was trusting his data to the university's IT department, who probably made promises that they'd do backups for him. In that case, it's natural to trust the IT staff. At least, it's certainly a reasonable thing to do (in most cases). Protecting yourself against a deliberate malicious attack from the IT staff is like wearing a kevlar vest just in case your wife decides to shoot you. In Valve's case, I agree: they should have known better. While maintaining totally separate networks for internet and source code is probably impractical, they obviously could have done more to protect their code. For perspective, I have access to all of Microsoft's Windows source code from the machine on which I'm making this post. Is that unreasonable? No, I don't think so. Is it a security risk? Absolutely. Should Microsoft keep their source code on a totally isolated network that has no bridges to the Internet? Well, it'd be secure (to an extent) but it would make it much harder for Microsoft programmers to get their jobs done. So the network that I'm on enforces antivirus software on the machines, has ACLs on the files and folders, and regular audits are done. Security is very much a big set of compromises. Anyone who claims it is black and white doesn't know what they're talking about. Read the new book "Beyond Fear" by Schneier for more.
Click to expand...

Yes, Valve should have known better. I realize that it is necessary to have extremely valuable information on a computer that is connected to the internet, and I even alluded to the fact that it may be needed to get the work done. What bothers me about this is the timeline as described by Newell himself. They had known for days if not weeks that a serious attack on their network was being made. I don't know what the solution to somebody accessing your webmail is, but from my very limited knowledge (I'm not a member of the IT community) a password change would have fixed that. If they had found the HL-2 source tree copied they must have really aware of serious intentions from these attackers. I appreciate that Newell went to the extent of reformatting, but if I saw that someone was playing with my files I would consider that an emergency, and just "pull the plug" no matter how much I need the network. They couldn't have done anything else to thwart the keystroke recorders that were custom made for them.
They say that if you encouter a dog that is trained to kill you should give it your arm, so that it doesn't go for your neck. Sometimes I think, giving up the internet until things are under control might be worth the sacrifice.
Click to expand...
You're interpreting their statements entirely wrong- they were unaware their network had been infiltrated during these occurances. It was only after the code had been copied that the breach was discovered.


 
S

sxr7171

Diamond Member
Jun 21, 2002
5,079
40
91
Originally posted by: iwearnosox
Originally posted by: sxr7171
Originally posted by: NogginBoink
Originally posted by: sxr7171
Originally posted by: silverpig Why do they even have to have the worstation computers on the 'net? Network them, sure, but don't give them a link to the outside world. If the dudes have to go on the net for stuff, give them a laptop or something on a separate network.
Click to expand...
Thanks, I thought I would get flamed like crazy for blaming Valve themselves. I guess they never even imagined something as horrible as this. I really do think that there is no need to have every machine in a company connnected to the internet, sometimes if they can't afford the proper software or hardware security measures, they should just cut the damn cord to the net on those machines that have highly valuable information. Quite frankly three weeks is a long time to "sit still," even though I heard that the attack was actually 2 weeks ago so they had a week to contain this. No matter what though, they do not deserve this in any way. I only say this, because I went to Case Western Reserve University where that crazy gunman shot and killed innocent people over losing his lawsuit with the university. What happened was that he was working on some kind of project for years and years maybe even a decade. All his data was stored on some school network that many people had access to. He and the stupid computer lab kid would have an argument once in while and the stupid computer lab kid thought he would have some fun and delete all this guy's work. So he did. The guy who was in his forties, who I used to see in various computer labs during the day and in the residence dining hall basically had no family or any life - his work was his life - filed a lawsuit against the university and lost. This is what led to the whole incident. When I heard about why he did what he did, the first question to pop up in my head was why didn't this guy back his stuff up? I mean felt sorry for him, for the people who died and those who got hurt, but it wouldn't have taken much to prevent all of this. I realize that hindsight is 20/20, but I think that those of us invest years of lives in intellectual property, in data that is so easy lost or stolen, should really think about insuring ourselves against these losses. Whether you beef up security or become more aware of the possibility of loss or call LLoyds of London for financial protection, I think we should all think about it.
Click to expand...
I don't think you can make this analogy. For your researcher guy, he was trusting his data to the university's IT department, who probably made promises that they'd do backups for him. In that case, it's natural to trust the IT staff. At least, it's certainly a reasonable thing to do (in most cases). Protecting yourself against a deliberate malicious attack from the IT staff is like wearing a kevlar vest just in case your wife decides to shoot you. In Valve's case, I agree: they should have known better. While maintaining totally separate networks for internet and source code is probably impractical, they obviously could have done more to protect their code. For perspective, I have access to all of Microsoft's Windows source code from the machine on which I'm making this post. Is that unreasonable? No, I don't think so. Is it a security risk? Absolutely. Should Microsoft keep their source code on a totally isolated network that has no bridges to the Internet? Well, it'd be secure (to an extent) but it would make it much harder for Microsoft programmers to get their jobs done. So the network that I'm on enforces antivirus software on the machines, has ACLs on the files and folders, and regular audits are done. Security is very much a big set of compromises. Anyone who claims it is black and white doesn't know what they're talking about. Read the new book "Beyond Fear" by Schneier for more.
Click to expand...
Yes, Valve should have known better. I realize that it is necessary to have extremely valuable information on a computer that is connected to the internet, and I even alluded to the fact that it may be needed to get the work done. What bothers me about this is the timeline as described by Newell himself. They had known for days if not weeks that a serious attack on their network was being made. I don't know what the solution to somebody accessing your webmail is, but from my very limited knowledge (I'm not a member of the IT community) a password change would have fixed that. If they had found the HL-2 source tree copied they must have really aware of serious intentions from these attackers. I appreciate that Newell went to the extent of reformatting, but if I saw that someone was playing with my files I would consider that an emergency, and just "pull the plug" no matter how much I need the network. They couldn't have done anything else to thwart the keystroke recorders that were custom made for them. They say that if you encouter a dog that is trained to kill you should give it your arm, so that it doesn't go for your neck. Sometimes I think, giving up the internet until things are under control might be worth the sacrifice.
Click to expand...
You're interpreting their statements entirely wrong- they were unaware their network had been infiltrated during these occurances. It was only after the code had been copied that the breach was discovered.
Click to expand...

Oh, I guess I was wrong then. But what about the E-mail stuff? But then again the E-mail stuff could have meant anything.
This is truly sad for both Valve and us - their customers.

 
E

element

Diamond Member
Oct 9, 1999
4,635
0
0
Originally posted by: BoberFett
Originally posted by: element®
aww boo hoo

Like there wouldn't be hacks for it anyway. There are hacks for HL1 and UT and those were never leaked. It doesn't take a leak to make a hack. Hell there are hacks for bf1942 now too. Yeah that dweeb that kicked your ass in DC or BF1942 was probably using a hack if you're any good at the game.

And like HL2 technology is all that great. whoop dee do. I saw the preview movie they released and it wasn't much better than UT2k3 in the graphics dept. Ut2k3 has reflective metal surfaces too in case you didn't realize. And it runs a lot smoother on lower end systems than HL2 could ever dream of running.

flame away fanbois...
;)
Click to expand...
Apparently you saw the movie, but you didn't watch it. The models and animation are far beyond any game to date.
Click to expand...

I watched it just fine thanks. Were you impressed by the creature scratching himself or something? I don't see what is so revolutionary about that. Other games have moving limbs also. Scratching chins and all that. As far as the model's are concerned from what I hear they weren't stolen, just the source code. So I still don't see why this is such a huge deal. Valve isn't going to go under because of this. Cheats are going to come out anyway regardless of this incident.

Sure the scumbags should be caught and punished, perhaps not allowed to touch another computer for years like that other high profile hacker (I forgot his name). Because if they can do this they can cause even further damage elsewhere. But this isn't the end of the world for HL2, the end of half life came when cheating became rampant in HL1. it turned into a dweeb fest and still is. I for one am glad I never got into that god awful mess that was Half life online!
 
T

tokamak

Golden Member
Nov 26, 1999
1,072
0
0
Originally posted by: JEDI
so has anyone compiled the game yet?
Click to expand...

my roommate just finished compiling his. you can do much more than play around with the menus. there are no maps (have to make your own) and the textures are way screwed up. no guns, no sound so far. he's still messing with it, though, has been for most of today ;)
 
CubicZirconia

CubicZirconia

Diamond Member
Nov 24, 2001
5,193
0
71
it turned into a dweeb fest and still is. I for one am glad I never got into that god awful mess that was Half life online!
Click to expand...

You obviously haven't played Half Life online lately. I admit that for awhile the cheating was so bad that it was nearly unplayable. I drove me from CS and I never went back (now I play Raven Shield). But the cheating is essentially non-existant now, at least in the other mods (TS, DoD..). Not getting into Half Life online was a huge loss on your part.
 
ViRGE

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
Humm, now my sources are saying that a whole pre-release version(as in one you can play) has been released. Can this get any worse for Valve?
 
D

Derango

Diamond Member
Jan 1, 2002
3,113
1
0
Originally posted by: ViRGE
Humm, now my sources are saying that a whole pre-release version(as in one you can play) has been released. Can this get any worse for Valve?
Click to expand...

Yea, the whole singer player game could leak out. And the way things are going, expect that announcement next week :-/
 
CubicZirconia

CubicZirconia

Diamond Member
Nov 24, 2001
5,193
0
71
Originally posted by: ViRGE
Humm, now my sources are saying that a whole pre-release version(as in one you can play) has been released. Can this get any worse for Valve?
Click to expand...

Only if Doom 3 ends up being extremely popular and it cuts even more into the eventual sales of HL2.
 
BoberFett

BoberFett

Lifer
Oct 9, 1999
37,562
9
81
Originally posted by: element®
I watched it just fine thanks. Were you impressed by the creature scratching himself or something? I don't see what is so revolutionary about that. Other games have moving limbs also. Scratching chins and all that.
Click to expand...
I'm not sure which movie you saw then. I don't remember creatures scratching themselves. I saw a movie where the mouth movement matched the speech very closely rather than a flipping between two face textures. I saw a movie where world objects interacted with one another through a very believable physics model.
 
S

SecretAgentMan

Senior member
Aug 6, 2000
300
0
71
i didnt read this whole thread, but if anyone has noticed yet, the source code is already on p2p programs too :/
Click to expand...

Most people who use P2Ps wouldn't know what to do with the source code anyway. It's spreading like wildfire in IRC.
 
C

Conky

Lifer
May 9, 2001
10,709
0
0
Originally posted by: SecretAgentMan
i didnt read this whole thread, but if anyone has noticed yet, the source code is already on p2p programs too :/
Click to expand...

Most people who use P2Ps wouldn't know what to do with the source code anyway. It's spreading like wildfire in IRC.
Click to expand...

Heck, you don't need the source any more. A working alpha is available for download and it's genuine.

 
K

Kostya17

Senior member
Jun 26, 2001
348
0
71
Too bad you missed it. There were about 40 pics (17MB worth) at 1024x768 of HL2
Click to expand...
I like the post that's still there:
"hey guys...just wanting to edit my previous post and give all you winers some more info... About 1 month ago i was at gamestop, and my friend who works there told me they were informed by Valve the they wouldnt recieve shipments of half life 2 until march 2004. this was before all the hacker sh!t got out....which shows that valve woulda just delayed again anyway so quit ur complaining"

 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom