It reminds me of when unsuspecting thieves accidentally stole a container of Iridium-192 used for industrial radiography from a lab in Mexico, and were eventually arrested and taken to the hospital to be treated for radiation burns.
The FBI should keep an eye on hospitals for anyone showing up with burning bleeding eyes and a swelling itching brains and melting faces, from looking at EA's source code! ;)
The FBI should keep an eye on hospitals for anyone showing up with burning bleeding eyes and a swelling itching brain, from looking at EA's source code! ;)
Other symptoms include a tendency to participate in death marches, work from 9am to 10pm, abandon spouses and consider every day a crunch.
Hey at least I linked to some actual EA source code that will burn your eyes out. ;)
During that demo around 10:00, I accidentally fat-fingered the mouse and introduced a bug into the outdoor simulation. I couldn't figure out what I'd done or how to fix it, and we hadn't implemented "undo" in the code editor yet, so I just left it in. "There's all sorts of code like this in there. And it's kind of dangerous."
There have been multiple attacks like this and it seems the stolen code is usually made public in the end. I presume people will look at it and reuse some concepts and I wonder if this could lead to the technical state of the industry becoming better as a whole.
In general the problem in the game industry isn't that people don't know better ways to structure their code, but that they are under extreme pressure to ship and get absolutely no time to refactor.
Between GDC presentations and published computer graphics papers, the game industry is actually quite open about sharing its best ideas.
I don't think EA has any tech that's sufficiently advanced over something like Unreal Engine, which is already source available. It's at least not perceptible in the games they publish.
Maybe I’m being naïve, but that seems naïve. EA is a very well-funded and complex company with a lot of fingers in a lot of gaming pies. To assume that none of their code is cutting edge or advanced seems unlikely
When you consider how prone to patents the gaming industry can be, (and the fact that this is EA), I would be very careful before reusing concepts from here.
I am an adept of the free code as we should own the source code of the products we buy. It might be too early for society to adopt something this radical but I believe Stallman was right. Mainly that's why I stick to open source technology only.
Hey, it's only debt if there's someone around that needs to pay it down. Once the skeleton crew that was left to crank out DLC's moves on to pastures greener after half a year, nobody's ever touching that shit again.
Not really sure what this changes for the games released.
I would say very little, in a way bad advertising is advertising which is good advertising.
It might reveal some part of the scenario or features, and put pressure on the teams, but other than that, who really cares? Fans will talk about it, and that's only what this is.
Maybe competitors might get an insight on what games are planning to be, but I doubt that there is much innovation, so meh?
And it's not like those engines have tremendous engineering secrets either ways. I mean GPU are documented, and special shader effects are not that so hard to come by, what is difficult is getting developers who are able to understand how GPU work and to take advantage of those ever changing GPUs and APIs.
I really don't think the game is going to be available in a pirated copy, seen that building such AAA games is pretty difficult for developers who are not part of their teams, not to mention all the copy protection mechanisms.
Was thinking the same - companies are extremely protective of their source code. How many games out there truly have unique/interesting/hard tech in them? I can think of Spore; I can think of a handful of rendering engines, maybe Stalker, Wow of course but not many more than that
In tech, only ideas gets stolen. There are very few things that are really worth of being secret in software.
For games, hard work is just this: content (which has IP on it), debugging (which is specific to a certain game), handling GPUs (requires engineers, work is obsolete in 3 or 5 years), a few gameplay mechanics (cannot be patented).
Patents only matter when data is about some expensive, long term research that requires physical testing and labs, like a new molecule for a medicine, or some method or building a material.
Even when HL2 source code was stolen, it did not really matter.
They're claiming no 'user' data was breached. Is this just PR for "we have no clue if all your info (name, bank info, SSN, date of birth, etc) was stolen" or is it "We confidently know because we audited that data access and verified the audit logs were not breached so we know your data is safe."
My son interviewed at a gaming company that put two machines on everybody's desk. One connected to the internet for web/email and the other on a separate air-gaped network for development.
> "Anytime source code gets leaked it's not good," said Ekram Ahmed, a spokesperson for the cybersecurity firm Check Point. "Hackers can comb through the code, identify deeper flaws for exploit, and sell that previous code on the dark web to malicious threat actors."
This seems like a strong argument against using open source codes. Should I take this argument seriously and avoid them?
No, he's being a bit stupid, security through obscurity is arguably no security at all however it makes identifying vulnerabilities _easier_.
The main issue for leaking source code of _games_, especially _multiplayer games_, is that people learn how to bypass the anti-cheat mechanisms which leads to a degraded online experience for everybody.
I worked on Tom Clancy's The Division and the mantra was always "write code like it will be public one day".
(in their case it meant don't get to persnickety about a library not working how you wanted or swearing about how Windows was batshit insane at times -- but it also applied to making sure you did't just assume the code wouldn't be read by malicious people)
That completely disregards the fact that local multiplayer requires you to have players who are geographically close, willing and able to gather at the same time in the same place. Also, some recent world events you might have heard about somewhat made these kinds of gatherings quite difficult or illegal.
And other alternative is allow non official servers, then you can rent a server for yourself and invite your friends or make it public but you have the admin rights and options to configure it (like reducing the grind).
The multiplayer part of some games made the single player section worse, because of the drastic anti-cheating measures.
It's always easier to be on the attacking side of cyber security. If the attackers have good intel, and the defense isn't organized, their work is much easier.
With (popular) open source projects, there are hundreds of eyeballs looking at the source and trying to fix security issues before they can be exploited.
The closed source project is typically less secure, but attackers also have less information to work with. Open source is typically more secure, but attackers have more information. Leaked closed source is the worst of both worlds.
The logical conclusion of your statement is that the strongest software would be projects that are collaboratively maintained by a large number of people, similar to an open source project, except behind the veil of confidentiality at a big company.
It has potential. But it is better than open source only if you trust all the maintainers in the organization. And previous maintainers who have now left the org.
And only if the codebase is routinely looked over and tested, no part of the codebase gets forgotten and becomes unmaintainable because somebody left the company.
Open source has the added benefit that maintainers typically don't disappear complete from the project overnight because they got a new job/were fired.
I wish I could find the tweets, but I've heard multiple times already from people reverse engineering software - it doesn't matter that much. With enough experience some actually prefer the disassembled / processed graph view of the real executed code rather than potentially more complex multiple levels of abstraction in the source. I'm sure it will be contentious and not everyone will agree, but at least it shows that the barrier really isn't that large.
But even then you have the whole area of protocol reverse engineering and data fuzzing which doesn't require the source at all.
while i think this statement is flawed anyways, there is a difference in being the only one who can find these flaws easily or being part of a community were everybody could do this if qualified.
Open source projects that have a high usage and high visibility have their flaws quickly fixed _because_ the code is open and for everyone to see. It's an iterative process that grows with the popularity of the project. Popular open source projects have been open for years and/or have lots of people that participate, review, report bugs, and fix them.
A closed source projects can have thousand of security bugs no-one will never know about. Since it's closed, it's hidden so no problem... until it's leaked.
The real win here would be access to server side code - account management, loot box rates, plus garden variety buffer overflows and hacks. Open or closed doesn't matter as much if it runs on a device you can control, you can always reverse engineer it. But for code you'd never get to run on your own device, you have more limited tools at your disposal. Even if they only got binaries of the server side code it'd still open up a lot of avenues.
There's a presumption that open source code has been looked at by independent researchers. "Many eyes".
In contrast, source code of games is a trade secret. It is being worked at by famously overworked developers. And companies in the industry are known to sit on vulnerability reports for months or years.
Don't ever install games on a machine you use for work or identity.
Can you link to any examples of this happening in the past? Like oops I installed The Sims and Starcraft and now my C:\ drive is on Shodan. With mobile games that sort of thing probably happens all the time since mobile apis are designed to let apps do it. But I'd be surprised if something like an EA game was responsible. The worst I've heard so far is a bug where Steam will `rm -rf` your home directory because Valve doesn't understand UNIX.
This is a typical free BBC advertisement for a cyber security firm to use this data breach and source code leak as an example to lure the fearful and confused to pay for their consultation fees.
His argument is also complete horsesh_t to prop up the firm and to also spread FUD. Just look at this sentence: 'identify deeper flaws for exploit', tells you they don't even understand that you find the vulnerabilities first and THEN you develop an exploit for it.
Another "death sentence" of journalistic quality at the BBC whilst also advertising for firms that have clueless spokespeople.
Not sure what the benefit is of turning this into semantics. "Get a hold of" is what is implied here, everyone should understand that. As such, getting hung up on "stealing" is rather pointless.
it is likely that way because it is an argument that often comes up when discussing losses accumulated through piracy. were the argument typically is that not every copy should be accounted for a loss of sale. it does not really apply here because this game will probably sell the same amount as before someone got a hold of the code. And if it does not its likely because of some second order issue arising like not being able to fight cheaters...
I suppose. But, this has very little to do with piracy. The source code wasn't acquired in order to compile bootleg versions of the game, and thus leading to loss of sales.
This is the illegal gain of someone else's intellectual property. "Stealing" is a reasonable word to use in this context.
But the wider point is that "intellectual property" cannot effectively be "stolen", only "unlawfully obtained or reproduced". Nobody is ever deprived of IP or even its legally-created exploitation rights; it's only the market value of such IP that is allegedly affected.
I reckon we need a new word. "Pirating" has sort-of taken that space but it's not really good and it only covers distribution. It should be something that carries a meaning of "swindled", "wiped away", "theoretic-market-value-corrupted".
But there is no way to ascertain if value has actually been transferred. It's just fingers in the wind. EA could sell their games tomorrow and make exactly the same money they would have made before the hack.
Taking advantage, in any way shape or form, of someone else's efforts, against their will, which efforts and work product were not in public but expressly in private, isn't sticking it to the man or fighting the power structure.
It is just taking advantage of someone without their permission. That's all it is. There's nothing revolutionary or awesome about it. It isn't novel. It isn't creative. It isn't rebellious.
When that someone enjoys disproportionate advantages in so many different ways, typically accumulated unjustly, and forces the world to follow certain rules in order to entrench such advantages forever, there is an ethical perspective where defying such rules is an act of resistance.
If you mean that it annoys you that any kind of copyright/IP violation is described as ‘stealing’ then I share your sentiment. This is a real crime though, and most people call this stealing.
Of course, it's not like if you clone a file on your hard drive 10 times, the manufacturer of what you're cloning loses tenfold. But every person who has used the product without paying for it is such a loss. I don't know what the "every stolen copy" argument has to do with anything. Not everyone who downloaded would have bought. But that can't simply be calculated with some neat "every stolen copy" slogan. It is an argument to justify the thieves.
> but every person who has used the product without paying for it is such a loss.
i bought lots of products only after pirating them. would i not have done that i would not have bought many things at all. I also fondly remember simply not having the funds to buy software and pirating them was the only way to move forward. in both cases my "stolen" copy should not account for a loss of sale and the former even supported making a sale at all....
Your post is a bit unclear to me, I'm not sure which side of the argument you're defending, but
> every person who has used the product without paying for it is such a loss.
No, because like you said, that implies that you'd have bought the product if pirating it wasn't possible. If I want to pirate a game but it's not available, I won't buy it either.
> It is an argument to justify the thieves.
I'm not justifying "theft" - or piracy in this case -, I'm just saying that you can't equate the two. Piracy and theft are two very different things, with different motives, and different consequences of the distributor.
Stealing implies someone being deprived of something. I don't condone pirating but the argument isn't invalidated merely because it 'justifies' the act itself.
for me stealing implies change of possession. this does not apply here. what might have been taken is the possibility to monetize it the way they imagined or that they had been hurt by the PR afterwards and similar things. but nothing has been stolen everything is still in place were it was before and nothing is missing except for some of the confidence in their infrastructure security.
"Hello, I'm calling to report that the 16-digit sequence, expiration date, and 3-digit security code of my credit card have been replicated and are now known to persons whom I did not give permission to utilize."
"Sir, are you calling because your credit card was stolen?"
So I'm reasonably sure that if you dont cancel the card after losing possession, you can be held liable for transactions that occur with the card at that point. Especially if your PIN is also compromised.
You're not liable for transactions that occur fraudulently when you still retain possession of the card.
... "hello, my credit card data has been acquired and used without permission. I still possess the card but want you to freeze the account and a new card mailed to me afterwards."
https://news.ycombinator.com/item?id=27468766
https://news.ycombinator.com/item?id=27462952