VALVe, les rois de la médiocratie

Comme vous le savez, Gabe ‘stupid liar’ Newell a fait appel aux délateurs pour mettre la main sur le coupable qui a haxoré son Outlook Express. Non content de se couvrir de ridicule, il vient de lancer une chasse aux sorciéres qui commence à faire ses premières victimes (un exemple dans les commentaires sur HL2.net).

Le code source qui traine sur le net est compacté dans un petit hl_src.rar de 30Mo qui, une fois décompacté, contient plus de 160Mo de code réparti sur 7670 fichiers. Certains pensent que le code contient les sources de l’IA, de l’éditeur, de l’encryptage des clefs, il y en a même qui prétendent avoir réussi à compiler et à jouer au jeu (voir le screenshot ci-contre qui est très certainement un fake).

Mais ce n’est pas tout. Non content de se faire hacker leurs logiciels, les gars de VALVe se font rouler dans la farine pas du social engineering. Ci-dessous un mail dans lequel Chris Newcombe (VALVe) explique comment un type a usurpé l’identité de Doug Lombardi afin de lui soutirer des informations sur un gros bug de Steam. On y apprend notamment qu’étant donné le manque de bande passante de Steam, VALVe compte mettre en place rapidement un système de download en peer-to-peer pour éviter la catastrophe lors de la sortie de Half-Life 2. Après s’être rendu compte de la supercherie, Chirs a supplié le « pirate » de ne pas publier l’information… ce sera finalement son propre mail qui arrivera sur le net, dieu sait comment.

VALVe utilise outlook express, ne semble pas connaitre l’existence des firewalls et se fait berner par le premier venu sur MSN Messenger. Comment voulez-vous que les joueurs aient confiance en Steam alors que les développeurs ne sont même pas capable de sécuriser leur réseau ?! [–SUITE–]

From: Chris Newcombe
Subject: Potential PR issue: I just got suckered by a social engineering a ttack
Date: Sat, 27 Sep 2003

Boy do I feel like an ass…

I hope I did the right thing damage-control wise (I asked him politely not to publish/share any of this, and he agreed).

The Friends session below started 20 seconds after I approved ‘lombardi@valvesoftware.com’ as a friend, so I assumed it was Doug. When you see the subject the irony will kill you (or me, more likely).

> Doug says:
> hello mate
> chris says:
> Hi
> Doug says:
> http://www.halflife2.net/forums/showthread.php?s=&threadid=10021 Any thoughts on that? 🙂 I can’t see to get a response from anyone at the moment
> chris says:
> That happened to gabe – someone created an account in his name when we reset the database. I had to reset the account password so Gabe could use it.
> chris says:
> We had planned (and started work) on an email verification system but it was one of the features that Rick cut when Muru left.
> chris says:
> I certainly agree that the downside is horrendous — most of the email addresses in our database are useless or obscene or both.
> Doug says:
> Do you know if this will be sorted in the future?
> chris says:
> We do plan to address this later, but I wouldn’t hold your breath. Right now the crippling problem is lack of bandwidth. I’ve been causing an (unpopular) stir on that, saying that we should add peer-to-peer now not later (as we had planned). Gabe seems to agree and wants to see an immediate plan to do that. It’s a huge amount of work and will occupy the team for a long time — IMO we _really_ need it for HL-2 launch to succeed on Steam.
> Doug says:
> So is Steam one of the major reasons Half-Life 2 was delayed? Also will we be seeing peer-to-peer in the future?

Obviously I got totally suspicious right here. So I sent Doug an email with the exchange so far, asking to confirm if it was him. Then VPN and wemail died _right_ after I sent the email, so I couldn’t check for a response (I just found I got an out-of-office auto-reply). So, unable to check email and fearing the worst…

chris says:
Did you get my email?
Doug says:
Doug says:
try again at munro@halflife2.net please?

[me: Aaaarrrrgghhhhh! Oh Nooooooooooooooooooooo!]

Doug says:
something meant to be coming through?
Doug says:
Come on Chris you can’t leave me like this 🙂
chris says:
OK, so I realize that you are not actually Doug. Nice stunt 🙂 I’m asking you to _not_ share the comments which I made here in good faith (believing that you were Doug). They are matters internal to Valve. I think you’ve proved your point very nicely, and I’d appreciate your help with this.
Doug says:
ah damn
Doug says:
all this juicy info and I can’t do anything with it ;(
chris says:
You’ve just succeeded in making an excellent point directly too a Steam developer — I hope that would make you happy 🙂
Doug says:
Sorry I thought you realised I was the thread starter and that Doug didn’t have an account here :[
chris says:
No, I’m simply not allowed to make public comments — you’ll have to talk to the real Doug Lombardi for that. Obviously I’ll be sharing this with him — please email him at… wel you know the address 🙂
Doug says:
Heh so I’ll get a very harsh slap if I should publish on the web then?
chris says:
That would not be helpful — please take it as read that you have made the point you intended to make. Please don’t publish anything from this exchange.
Doug says:
I had the perfect exclusive then 🙂
Doug says:
Any chance you could speak to the real Doug or Gabe or someone and get them to send me some kind of info I can publish?
Doug says:
You sure I can’t publish this? 🙂
chris says:
I’ll certainly ask them — and they’ll see the full transcript of this exchange. Obviously I can’t promise anything, but you’ve certainly got my attention anyway. Can you tell me anything about yourself?
Doug says:
I’m an handome young… ok maybe I shouldn’t go into that
chris says:
>>You sure I can’t publish this? Please don’t. I said things that I simply would not have said under any circumstances if I’d known you did not work at Valve.
Doug says:
I run halflife2.net, and try to keep up with the latest info 🙂
chris says:
Well, you succeeded in giving me a near-death experience. I’ll send all this to Gabe and Doug and see what they say.
chris says:
Got to sign off now.
Doug says:
I’m very sorry for misleading you
chris says:
No problem (cool stunt – first social engineering hack I’ve fallen for). Just please don’t publish or share any of this.
Doug says:
I wont although I will be bursting to over the coming months
chris says:
Thanks – much appreciated.
Doug says:
my email addy is munro@halflife2.net should Gabe want to send any legal threats etc
chris says:
He’s more likely to threaten me 🙂 You know how immenseley valuable the community is to Valve. BTW I just looked at your site; thanks for your support for HL-2 — I don’t think you’ll be disappointed 🙂
Doug says:
Just blame it all on me, it was afterall my fault 🙂

