Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

Outlook not so good

Yesterday, the Half-Life 2 source code was leaked (all 100 MB of it). Today comes the news from Valve that the leaked version is indeed the real thing, and that the leak was almost certainly the result of keystroke recorders installed remotely on Valve machines using a buffer overflow in Outlook’s preview pane.

Ouch!

Valve are seeking the assistance of the community to help them track down the culprit, who may also be responsible for Denial of Service attacks against their network. I think this is the most serious targetted cracking attempt I’ve ever read about.

As for the source itself being available, the biggest concern seems to be that it will allow cheaters to truly rip the new Half-Life engine to shreds. I used to play a lot of online games, and nothing ruins a game more than cheating.

That said, the most interesting comment I read about the leak was this one on Slashdot describing how the leak of the source code for Falcon 4.0 lead to a huge community effort to dramatically improve the original game. Since Valve already have a great history of supporting the modding community I doubt that the effects of this leak will be nearly as beneficial.

Posted 3rd October 2003 at 9:58 am

This is Outlook not so good by Simon Willison, posted on 3rd October 2003.

View blog reactions

Next: mod_python introduction

Previous: The Philosophy of Ruby

5 comments

  1. *Holy* crap.

    Keith - 3rd October 2003 12:06 - #

  2. Ouch. That's some definite suckage for Valve.

    Dougal Campbell - 3rd October 2003 14:59 - #

  3. In Counterstrike (a classic HL mod) multiplayer, it is common for servers to require that you are running a binary verifier. That is, there is software that runs independent of the game, hashes the binaries used to run the game, and verifies those against known authentic hash values.

    It's quite effective in stopping code hacks.

    I think Valve will lose a lot of revenue, but it may not be all bad news. I think since they have supported the mod niche, they have a ready-made open source team. You suggest that since they can mod, they have less need to alter the base source. I dunno. I think open source allows all kinds of whacky creativity not allowed by a pre-designed mod API.

    It is ironic that if they had planned to release the source, they wouldn't have needed to build an elaborate mod API.

    Game sales are based in large part on "special effects", or cutting-edge eye candy. But not totally, as continuing sales for HL show. Sometimes, a great game is a great game, even 30 years later.

    I can understand Valve being very reluctant to give up the crown jewels of its innovation-- and never in this way.

    And Valve's revenue model doesn't jive with open source. And the cracker really does deserve an ass whippin'. And of course, M$ will pay no damages for its AS-IS indemnity.

    Jeremy Dunck - 3rd October 2003 15:19 - #

  4. Or maybe they will.

    Jeremy Dunck - 4th October 2003 15:54 - #

  5. Damn, that's what you get for sleeping in bed with MS :( I feel bad for them, I know they worked their ass off with this engine. But you definitally would have thought that Gabe (having been employed 13years by MS) would have been smart enough to NOT use Outlook express. There are some wonderfull alternatives out there like Thunderbird. http://www.mozilla.org/projects/thunderbird/

    Jed - 5th October 2003 02:01 - #

Comments are closed.

Previously hosted at http://simon.incutio.com/archive/2003/10/03/outlookNotSoGood

A django site