Half Life 2 Source Code Leaked 1027
Pyroman[FO] writes "Gamers with Jobs is reporting that the Half Life 2 source code is floating around the net right now. It looks to be about a month old. There's no official word from Valve on the source code leak yet. Unfortunately those who want to use it to cheat already have it, we need to get the word to legitimate customers to educate them about the situation." Update: 10/02 21:51 GMT by S : Valve's Gabe Newell has an official statement, via ShackNews/HalfLife2.net, indicating "infiltration of our network" and appealing for information on the culprits.
You know you're on Slashdot when... (Score:5, Insightful)
Steam? (Score:5, Insightful)
Those who want to steal will, those who are honest will pay anyway. Why piss off your entire userbase with DRM?
Re:"use it to cheat?" (Score:5, Insightful)
The most damage is the loss of company secrets (Source engine techniques, anyone?) and the potential damage to engine licensing opportunities, I think.
Code control technology (Score:5, Insightful)
But how?
At my company, we control access to code using good 'ol fashioned groups, but that leaves a relatively large number of people with access to everything. Maybe you could enhance that security with encryption of the codebase (you can decrypt the parts you need to change and that's it), but that doesn't seem like a great solution, either. Or maybe somehow watermark the code to each person in a way not easy to detect -- maybe dynamically change their variable names so they're individual-specific...
Anyhow, interesting problem. There's always air-gap, searched-by-security on the way out solutions, but given that my keychain holds more data than my first (or second, or third) hard drive, I'm not sure how effective even a police-state style could be against a determined thief....
Re:"use it to cheat?" (Score:5, Insightful)
Not with games, especially first-person shooters. It's a problem of distributing the workload with limited server resources and limited bandwidth / high latency between nodes. To make the game playable, the clients have to know things and be trusted to do calculations that from a security standpoint they should not.
This really is unfortunate. It means you really can't stop cheating with this sort of game. It's especially easy when the source code is available, though it's still possible otherwise.
Gee. (Score:1, Insightful)
Re:"use it to cheat?" (Score:5, Insightful)
The CDKey and Steam authentication systems are also supposedly included, so any security control they had before goes out the window, you can't trust the CD Keys or Steam anymore. Not that they were perfect before, but this is going from "wait a bit while the crackers figure out this new authentication system, then it's changed in a patch, repeat" to "here it is on a silver platter, before it's released"
Xbox Version (Score:5, Insightful)
Just a thought.
Re:Why... ? (Score:5, Insightful)
People need to know that they're buying a product that could leave them vulnerable, or at the very least isn't going to be a fair multiplayer experience online. They also need to know what's going on so that when Valve says "delayed till 2004" everybody knows what's up.
It's not like you can warez with this, it's none of the levels, art or sound. I'ts only useful for crackers and cheaters, customers need to know what's going to so that they don't get screwed by people using the source code to comprimise the game.
Re:You know you're on Slashdot when... (Score:3, Insightful)
Not many companies will be willing to take the legal risk of losing their *own* game by using HL2 source. There are *tons* of freely available 3d engines out there.
Cheating is more likely to hurt Valve, as it severely damages multiplayer value.
No wait, this could be good (Score:5, Insightful)
Not to mention, all of the free debugging, and reviews too. Heck, how many mods will be available when HL2 gets released because developers have access to the new API. Maybe it wasn't leaked, maybe it really was freed...
"use it to avoid licensing?" (Score:3, Insightful)
If you worked for an actual game developer, would you risk your career by using leaked engine code?
At worst you'd read it at home, figure out some technique, and implement it in your own project.
Re:"use it to cheat?" (Score:5, Insightful)
Valve will not lose any licenses due to the code being available. Nobody is going to not license the engine because they can get the source. You'd get your ass sued to oblivion to commit largescale copyright infringement on a major retail product. The first thing anyone asks when you're working on a game is "what engine are you using?". You can't hide your engine - knowledable people can easily tell what engine it is by running it.
The real risk is cheating, which could very well have a real impact on sales (why buy HL2 to play the new CS when the new CS has at least as many cheats as the old one?). Plus if cheating is rampant, it could scare away licensees.
So they could lose real sales and licensees, but only because of cheating, not because they don't need to pay for the source because they can get it for free
Jon (Slothy)
Programmer, S2 Games
Re:"use it to avoid licensing?" (Score:5, Insightful)
Re:Hopefully this includes Steam... (Score:5, Insightful)
I have stacks of games all bought legit. I fucking hate it however when games I bought with good money then limit me while those who download them get the better deal.
Do a test once between a normal game and a game with a no-cd patch applied. It will boot faster and often run faster as well. Games that access the cd are slow as apart from the floppy the cd is the slowest part in your computer. If the game is copied instead to the HD and played completly from their it will run faster.
Having to enter registration keys is all very nice and not so much of a hassle except why aren't they printed on the fucking cd's.
I am fed up with being treated like a criminal. You apparently love it. Well go right ahead but don't insult others who object to it.
Just because you are to stupid to see the problems with online activation crap doesn't mean the rest of us are as blind as you or as willing to be insulted.
Re:Code control technology (Score:5, Insightful)
If security is really important, #1 rule is to make sure you trust the people who have the important data. Someone did this intentionally, either someone at Valve, or one of their partners. That person should probably not have been hired in the first place. OTOH, I don't know how one would go about security checks for this kind of thing. It's not as easy as govt ones (where what they want to know is 1) are you a spy/subversive/etc and 2) how easy can you be blackmailed by someone who is - between those two it covers 99% of the cases where one would wish to leak stuff). This seems like it was done - well, actually, I really don't understand why anyone would do this, except maybe to really fuck their employer.
Maybe you could enhance that security with encryption of the codebase (you can decrypt the parts you need to change and that's it)
Except that you still need to compile it, so unless you put special decryption stuff in the compiler (or in a preprocessor to it), etc, etc, etc it's not going to do you a whole lot of good.
Or maybe somehow watermark the code to each person in a way not easy to detect -- maybe dynamically change their variable names so they're individual-specific...
Would sure as hell make understanding things hard, though. 'Sure, to do such-and-such just increment a4362h' 'What? Do you mean z2314j?' I don't think this would fly.
No it wouldn't (Score:5, Insightful)
It would definitely legally implicate anyone who had it (for copyright violation), but it wouldn't "contaminate" anyone who later wrote code of their own. Despite what some proprietary developers think and others fear, as long as no actual copying occurs it is perfectly okay for novelists to read other people's books, for singers to listen to other people's songs, and even for programmers to read other people's source code.
Maybe the leak is the cause of the delay ! (Score:5, Insightful)
So lets just say thanks to whom ever leaked the code and we can all blame them for the delay of the release date !
I hope they also know that NDA's are a big part of the game industry today so that either means your loosing your job, your company, or you getting sued.
Each file contains a date, what was modified and when for the most part depending on what code managemnt tool they use
Any chance that... (Score:3, Insightful)
I mean, when the code is already wild, fears that it could be leaked by assisting developers become somewhat moot...
Linux version... (Score:1, Insightful)
Re:Look on the bright side (Score:3, Insightful)
If that's the case, it exposes enough for someone to see how the DLLs link in. All the traditional HL hacks have used this DLL proxy technique to intercept calls made from the engine to the game DLL and modify the data. So in that sense, it would be enough for people to start working on cheats.
There is also, presumably, some code that could be used to test framerates and other such stuff, maybe a demo map. Like you said though, it's doubtful there is any content from the actual game in there.
Re:Hopefully this includes Steam... (Score:5, Insightful)
I agree with most of your rant. I forked over my cash for your game, why do I need to just through more hoops to play? Gosh, you know, I really love shuffling disks in and out of CD drive when I decide to switch games solely to satisfy some copyprotection system. Add to that that my CD driver works fine but hums like jet engine if any CD is in at all, so I have to remove the disk when I finish to cut down on the noise. And while I'm playing I need to stupid disk in the drive (solely for copy protection), so I just get to enjoy the hum while I play.)
Or at the very least, don't make the entire CD black! Leave a light colored area so I can use a Sharpie to write the registration key on the CD. No, I'm not going to keep your stupid jewel case. I own a lot of games, so I keep them in a CD binder to save space. The only thing a gamer is certain to keep is the CD itself, that's where the registration key belongs.
Re:Hopefully this includes Steam... (Score:5, Insightful)
Ys, it would indeed affect me.
First of all, Steam requires a live internet connection to play. Not just to register, or to activate, but every time you want to play. Goodbye gaming during that boring 10-hour flight, eh?
Second, Steam not only makes possible, but forces, whatever patches Valve has decided to make, on the users. you simply don't have the option of saying "gee, y'know, it runs fine right now, and I don't want the new uberfun zone, so I'll skip this update". Nope. They release a patch, you get it next time you connect.
Third, related to #2, you have no way to keep playing if Valve gets bored. Yeah, the servers will probably stay up for a year or two, to avoid lawsuits, but personally, I still play games well over a decade old. What odds do you lay on the Steam servers staing up for over a decade? Not very good, I'd wager.
Fourth, have you read about the typical user experience with connecting to a Steam server? It makes AOL-in-the-mid-90s look easy to connect to by comparison. Valve already has money-in-pocket by the time users try to connect, so has very little motivation to guarantee the capacity to let everyone get on. And, as history has shown, doesn't give a damn.
And finally, some people just don't like having companies treat them like criminals, or having minor annoyances pop up every time they want to play a game they legitimately buy. Whether as minor as a "no-CD" crack (which often makes the game far more responsive in general, since it doesn't wait for the CD to spin up every now and then), or as major as disabling Steam, when people buy games, they want to play those games, not jump through hoops to prove they really paid for it.
So there's got to be some other motive behind your words... something more to the tune of "Someone please make a crack so I don't have to buy the game."
Not really, no. If the above explanation doesn't do it for you, I guess nothing will. So enjoy all the BS, and if someday we meet on a plane, I'll share my bought-but-cracked copy with you, as you gaze forlornly at the screen when your uncracked copy presents the highly accusatory "cannot connect with server, ya damn pirate" screen. Perhaps then you'll "get it", why things like Steam count as "bad" even if you legally own a copy of the game.
models, textures, maps, and config files..... (Score:3, Insightful)
I feel sorry for Valve if this turns out to be the real deal.
Re:License (Score:5, Insightful)
Please, don't be as nieve as you're sounding here.
Firstly this code is over a month old, and they're in crunch-mode. This means that drastic bug and graphics fixes are due for this code, and a month is a long time when everyone at Valve is probably putting in 16+ hour days.
Secondly, those modified binaries probably won't work correctly unless they also include modified DLL's, and even then some graphical bug could bite them in the ass, something that was probably fixed in the Gold release.
Thirdly this line: "Without economic interests compelling them to buy a license, they might begin releasing compiled binaries of their work to the community without requiring a half-life 2 license, which would cripple Valve's sales numbers. " is absolute nonsense, and kind of silly at best. Cripple their sales numbers? Hah! That was a good one.
However, with all that said, I do agree that releasing the total engine source is a double-edged sword, and there's a reason Carmack and other game companies wait many years before releasing the source under any sort of open source license.
This is terrible, dangerous stuff. I expect at least one firing to come from it.
Re:GPL code found in source (Score:3, Insightful)
Re:Ugh, Valve's naming conventions (Score:2, Insightful)
If it's possible to cheat (Score:3, Insightful)
then the design is flawed. The network model should be paranoid and should hide data. Having the source available should only tell you exactly what it is that you can't exploit.
Dear god, open source games developers have known this for years. Netrek [csuchico.edu] figured it out in 1988! Why do commercial games developers insist on re-inventing the wheel and making the same mistakes over and over?
Re:One Word: (Score:2, Insightful)
What better way to screw over crackers than to release the "source" code so they start chugging away on that and then to later release HL2. Steam could then look for the obscure cheats, and ban the cheat user. Then look at all the publicity HL2 is getting, as if it isn't getting enough. I think Valve is craftier than we all think.
Re:One Word: (Score:3, Insightful)
Intellectual Property is only valid when it's in the same field you happen to work in? What's worse is, you get modded insightful.
I don't believe IP is valid, but apparently you do - when it suits you.
Re:Official Word (Score:3, Insightful)
Perhaps a better way to keep the HL2 codebase secure would be to release it via Steam -- fat chance downloading anything there.
Re:Slashdot double standards (Score:4, Insightful)
Sharing music online is equivalent to warez binaries, and ripping a cd you own is equivalent to making a backup copy of a game you own. Mixing existing music DJ style would be like taking screen captures and level designs from one game and using them in another. Downloading the source gives you the same level of control that the artists have; it is equivalent to copying the recording studio while the artists were in it.
However, it is worth noting that leaked albums are indefensible under my assumptions: they take control of the creative process away from the artist by removing their ability to decide when the album is done and how the public will be exposed to the music. This is equivalent to the leak of the alpha doom 3 a while ago-still less threatening than a source code leak.
Another factor in the severity of a source leak is security. Knowledge of the source will allow cheaters to exploit the game and ruin online play-once again, a phenomenon we do not see in music. Music pirates cannot degrade the quality of the music legitimate buyers listen to, but online cheaters can ruin the multiplayer experience. It would be like going to a concert and blowing a bullhorn repeatedly. Doing that in a concert is not considered an intellectual property offense, so it is inappropriate to think of a source leak's potential for cheating as an intellectual property issue. It is a security/espionage problem.
That said, those who would delete the source after downloading it and verifying its authenticity are very misguided. Unless their computers are public access and could be used to futher distribute the source, deletion helps noone and limits your opportunity for education. Of course, if you are going to work on a competing product it would be dangerous to expose yourself to the source, but as a disinterested party or potential valve customer there is much to learn and little damage to do.
After all, the real danger of a source leak is in the actions that can be taken by those who acquired it illicitly. Hackers and competitors can dilute the creators' control over the software, but an unabused copy of the source is harmless. So, go ahead-download the source, read it, figure out how it works and learn from it. Unless you're getting a job at id or epic, or creating your own software directly related to hl2, your copy of the code is no worse than sheet music. Of course, if you upload too much on bittorrent, it could be argued that you're helping to distribute it. Although you're only one link in a large chain, it's like voting-if enough people make the same decision it really will change things. So, go download all the stolen half life source you want, just dont use bittorrent or write hl2 cheats. After all, aren't all "bad" acts bad because of their consequences? Think about it-no matter what you do, if nobody is worse of for it, how could there possibly be anything wrong with it? Throw away the anachronistic, irrelevant "moral" codes of a repressed past-its not about what some people think, it's about what's ethical in the strictest definition of the word. So go eat pork, masturbate, and download hl2. Yeah!
Programmers will never feel like mp3-pirated musicians when source code is stolen. They will feel like a musician whose beat and backup were stolen, combined with someone else's voice, and sold as a new release. This has happened in the music world, and though it is not an exact parallel of the source code situation, the uproar was just as severe.
Why is the parallel off? All music is by definition open source-hearing the notes allows you to reconstruct the sheet
Re:Hopefully this includes Steam... (Score:2, Insightful)
Re:Maybe the leak is the cause of the delay ! (Score:3, Insightful)
A lot of people commented on how adamant Value had been about their Sept. 30 release date, and how strange it was that only days prior to it they annouce a delay.
When these two things are considered together, it's just too much of a coincidence to think that they're unrelated.
Re:Another lesson not to use Outlook (Score:3, Insightful)
Why are they using the Preview Pane? (Score:2, Insightful)
Jeeze, I really hate to keep harping on it but Outlook is the devil.