For anyone that is curious, according to 4chan (i.e. take it with a mountain of salt):
> Apparently there are 3 leaks in circulation:
> 3.3 gigs, src only
> 17 gigs, src + partial assets
> 1 TB, src + full assets
I really wish more games shared the source, even if it's under a restrictive license. It's just interesting to get a peak under the hood.
It makes me wish that copyright lasted less time and that submitting source code was a requirement for software projects to receive protection. Then once copyright expires the source can be in the public domain, and we don't have to waste time reverse engineering to reconstruct what was already done. Admittedly, it's a pipe dream. But it makes me sad how much software is destined to be lost to time because of copyright law.
A lot of people love GTA5 online, and hopefully this leak contains everything needed to create a private server should Rockstar decide to take down the service.
I’m reminded of the time when a Reddit user bought a random box of Blizzard things on eBay and ended up finding a StarCraft gold master source code CD. Many people suggested sharing the code, but Blizzard lawyers reached out. Blizzard eventually gave them a bunch of swag after they returned it.
Well there's two arguments to be made. They 100% gave him the source code in a grab bag of goodies. That's a pretty simple case of he has a right to the disc itself, so he could have just kept it (or resold it) and not published. Them giving him "stuff" was them "buying" the item back, not just them being nice (as you put it).
There's also an argument to be made that the code itself does not infringe on their IP, as this was the lost source code from the old edition of StarCraft (from how I'm reading it in the news). Losing this code specifically made Blizzard restart the project, so it's not even the same project nor a commercially released product.
The former argument is pretty black and white. The latter very tenuous.
> There's also an argument to be made that the code itself does not infringe on their IP,
That’s not how IP works.
Blizzard didn’t forfeit their rights to the IP at any point. Even selling them a grab bag of stuff that unintentionally included a copy of the source code doesn’t mean the recipient actually received a legal license to the IP.
You can make all the arguments you want, but in the court of law you’re not going to get away with anything that involves giving away another company’s IP, even if they accidentally let you see a copy of it. “Finders keepers” doesn’t work with IP.
Sure, the recipient doesn't have the right to call it their own or commercially distribute/benefit from it. I didn't make a claim otherwise.
I said the code they have does not infringe on the commercially released product called StarCraft as it is not a portion thereof. I even stated that releasing it or otherwise making it available is tenuous at best. So I'm not even sure what you're arguing.
> “Finders keepers” doesn’t work with IP.
He didn't "find" it, they willingly transferred it to him along with a bunch of other things they randomly grabbed from their warehouse.
"IP" is a collection of various laws and contracts used to keep exclusivity, it doesn't exist on its own. No law mentions IP. I am not sure the case is a firm as you say it is. Especially since he didn't sign anything.
Not publishing doesn't break any law and that disc is worth more in any way than a few knick-knacks.
And if you don't make an online post about it you could even anonymously leak it to archive.org or something so at least that game won't be yet another that's lost forever thanks to DRM.
What's a gold master source code CD? Source code wouldn't be in the gold master... The gold master is the final version intended to be pressed to retail disks.
Also:
"The disc in question allegedly contains the source code to the original StarCraft game that GameSpot reported as being lost back in 2000 -- it forced Blizzard to start from scratch on its massively popular real-time strategy game."
What does this mean? StarCraft came out in 1998. Also losing one copy doesn't mean you lose all the other copies. And I can't find this supposed article from 2000. I have so many questions...
It probably means “version of the source code used to build the gold master”.
Some places have (or had) a business process of escrowing both the release and the source used to build it. Escrowing just the source used to build the release can require significantly less storage than escrowing the whole version control system. It also avoids the problem “we have the entire revision history, but we aren’t sure which commit was used to build these binaries”
If you lose everything-a colleague told me the story of a company whose offices were in WTC, luckily all the staff got out alive on 9/11, but they forgot to make offsite backups of the source code-the source code to the release(s) shipped to customers is most important, because you need it to make patches. The rest of the revision history, while valuable, is less essential.
Presumably the source code for the gold master - “Gold Master Source Code” was written on the disk itself. The Imgur link is no more, but you can still see a preview image of it in the original Reddit post. Judging from the comments, it also sounds like the OP may have looked through the contents on a live stream and confirmed it was source code.
> I really wish more games shared the source, even if it's under a restrictive license. It's just interesting to get a peak under the hood.
Don't underestimate that software patents play a role in that. For instance, the source code release of Doom 3 had to be modified to remove a rendering technique under patent by Creative - even though John Carmack invented the technique simultaneously and independently of Creative[0]
The bad news: this code only compiles and runs on linux. We couldn't
release the dos code because of a copyrighted sound library we used
(wow, was that a mistake -- I write my own sound code now), and I
honestly don't even know what happened to the port that microsoft did
to windows.
Related, I released the source code to Heroes of Newerth (a dota 2 competitor) after the company died (after dota 2 pulverized them). https://github.com/shawwn/noh
Oh man, what a nostalgia trip. I spent a lot of nights as a teenager playing Savage, S2 and then HoN. Thanks for the link. I have a fond memory of Marc kicking me off a pub S2 game because I slow debuffed him as the commander.
One time I walked into James Fielding’s office, our lead designer. He had a crumpled keyboard on his desk that he used as a pencil holder. I asked him what the hell, and he said it was a trophy from an inhouse game when Marc smashed his keyboard after losing.
He was an interesting fellow. He tried to teach me the value of self awareness, a lesson I was too young to internalize. I see now it was because he spent many years trying to break his raging habit.
The full source tree is at https://github.com/shawwn/hon by the way. There’s a lot of server side components and installer misc that were eluded from NoH, but you might like browsing.
Having an escrow in a structure like the library of congress (or the NSA, they have tons of storage /s) and they get released when company dies or the product isn't commercialised for more than x years. Or when the company decides to.
Maybe it is a bit more complicated with assets rights, that's what a couple game devs told me.
Something about the CIA and NSA having access to a large library of commercial source code makes me feel uneasy from a privacy perspective. It's like inviting the neighborhood robbers over for dinner.
I wonder if there's a way to implement this without storing the code with a central authority, e.g. by encrypting the code so that it can only be decrypted in X years. You'd probably still have to have a central authority involved to ensure people can't just fast-forward - but a system similar to TOTP codes could be a neat mechanism!
I don't think we have any way to do that. Time is abstract for algorithms. Unless you make something you know you couldn't solve in less than x years. But that assumes you can predict improvements in algorithms and computing power over a long period which could be tricky to get precisely.
You use reflective solar bodies X/2 light years away and blast them with highly redundant encrypted data such that in X years Earth will be on the receiving end of the reflected transmission.
> I really wish more games shared the source, even if it's under a restrictive license. It's just interesting to get a peak under the hood.
technically true, but the risk of tainting FOSS projects to the point they can be killed by corporate lawyers could be too high. What if a FOSS developer implements in perfect good faith an algorithm that shares some resemblance to a proprietary shared source piece of code they just studied two months before? Could whoever owns that code have enough grounds to send a c&d to stop any development if not attempting to take ownership of the project? Not sure if I'd like to test that.
As much as I deeply dislike closed source, I'm convinced that having a firm distinction between open and closed helps to avoid some dangerous grey areas.
Self-plug: Old World, a 4X game from the lead of Civ4, has from day one shipped with a copy of the entire gameplay source code. It's not the full source of the game as the rendering-related parts and a couple systems classes are excluded but most of that is handled by Unity anyway, but every bit of game logic is public.
That would be very interesting indeed! Knowing nothing about actual game development, I always imagine games must have the worst spaghetti code imaginable. They are an artistic product with a shelf life of at most a couple of years. Once it gets running, the quality of the code must have a priority below almost anything else.
It's probably different these days with much lrger teams and engines like Unreal, but still.
Reminder: full source leak should include binaries and source for 3rd party libraries Rockstar licensed to use - so this leak could impact other companies too.
I came to post this, I did play GTA online a couple years ago and their bugs never get patched unless it affects the money (like a glitch that gives me game-money so you won’t have to pay an actual money), any other glitches that ruin the game never get patched.
I wonder if we'll ever get a San Andreas source code leak/release that would finally debunk or confirm the mystery of Bigfoot. After all these years, I still have hope that it's real...
Oh man I used to visit a subreddit every few months dedicated to this to make fun of people who were wasting tremendous amounts of time looking for something that clearly wasn’t there.
I'm always wishing there were more AAA games I could play natively on aarch64 linux. Porting it might not be the easiest thing in the world, but a source leak opens the door for it.
Yesterday I discovered that perfect dark for the n64 has been decompiled and built for windows (I'd assume Linux would not be difficult given it's decompiled now). Anyway it looks utterly amazing. There's been a few other projects like this.
> I'm always wishing there were more AAA games I could play natively on aarch64 linux. Porting it might not be the easiest thing in the world, but a source leak opens the door for it.
Except a source code leak is basically the worst thing that could happen with this goal in mind.
It's a far cry from reverse engineering or a company open sourcing it. Most people aren't even going to touch it beyond the curiousity.
We don't need most people, just a handful of very dedicated volunteers. That's what happened with Thief/Thief 2/System Shock 2's Dark engine, which was patched for modern hardware after its source was leaked by an ex-employee.
Except for GTA.. the fan base is HUGE to the point that fans made a whole role play servers just to continue playing an obsolete game, I’m almost certain someone either anonymous or in a country isn’t subjected to US laws will pick it up and do something somehow.
Would be nice to have a completely open source reimplementation that works with the assets of the legitimately purchased game but without their launcher crapware.
There are people in Amsterdam that steal bikes only to sell them for 10Eur.
I just don’t understand why would anyone do that but I am software dev working remotely it doesn’t make sense in „my world” - it most likely makes sense in someone’s else world.
If you want quick money, you sell things cheap. If you're addicted to drugs and need a quick high, you do easy crimes, and anything that's easy for money (including prostitution).
99% of game developers dont build on their own engines. It's would be like looking into Linux kernel source code to build your own music player app or TODO app. Few people who do heavy engine lifting in C++ simply not gonna bother with someone else code.
But I pretty sure everyone in modding community would be really happy.
Just a guess, but perhaps things like the process model. PID 1, fork, exec and so forth. Or argv, or environment variables, or “everything is a file”, or having just three streams (stdin, stdout, stderr).
In isolation, all beautifully simple concepts, but there has been an awful lot built on top over several decades, stretching and outgrowing the simplicity. The complexity of modern technology has to live somewhere, though.
The key difference is you are licensed and entitled to read the Linux source code.
GTA 5 hasn’t been licensed to you and you are absolutely not entitled to read it, even if you managed to get hold of it due to a theft. By reading it as an app developer you taint your knowledge with stolen intellectual property and stolen trade secrets, potentially exposing yourself and any game you work on (including for an employer) to criminal and civil penalties.
That’s the immense value of open source and Linux in specific. You are allowed to read it, improve it, rip out bits that are useful (as compliant with the license), and use the concepts as fully licensed intellectual property without trade secret encumbrance.
I am personally really interested in reading the source and see how they do things. I’m certain there’s fascinating bits of tech in there. But I wouldn’t underestimate the risk I would put myself, my family, and my employer at and the willingness of corporations to crush the small guy. See the pain inflicted by downloading mp3s, and the marginal value of copying an mp3 is infinitesimal compared to the source code of a AAA game to the studio.
If developers became tainted by knowledge of proprietary/secret code, wouldn't you be bound for life to your first employer? And wouldn't reading GPL code like Linux also taint your mind for life?
What if a coworker or some random FOSS author read the code and later used a technique they saw, and then you see it and your mind is now tainted too? Sounds like a nonsense "risk".
You actually are bound to not disclosure their trade secrets. Trade knowledge isn’t a trade secret, but there are aspects of their code they may consider “secret sauce,” which if you took and implemented at a competitor you better believe they will come after your employer for. I’ve seen it many times in my career over the last 30 years. Be careful, it’s absolutely not nonsense and you personally are potentially implicated.
Is the risk any different than that if a programmer who used to work for Rockstar games?
Aren't former employees allowed to learn from their experience working on GTA V and develop products based on that knowledge, just as Rockstar programmers have used prior knowledge to develop GTA V?
The key is trade secrets. There are aspects that are common trade skills that are transferable, but some things are considered secrets in their novelty and competitive advantage. You absolutely can not disclose those to subsequent employers.
Usually though it’s really hard to establish this unless you were a key person behind some key technology. But it’s very common in high finance (high end hedge funds, etc) that they go after people for bringing some algorithm or technique to a competitor.
But there is a huge difference between knowledge gained in employment, which is protected by employment law and common sense, and knowledge gained in the furtherance of a crime. Copying, distributing, studying, and replicating trade secrets from stolen source code is ABSOLUTELY not protected under any squinting at the law.
> By reading it as an app developer you taint your knowledge with stolen intellectual property and stolen trade secrets, potentially exposing yourself and any game you work on (including for an employer) to criminal and civil penalties.
That’s why I’m a big fan of free software (in the FSF sense). But being a fan also means I’m aware of the consequences we face in our current structure. I’m worried reading these posts most people don’t realize the grave danger they could be in.
Worse, no competitor should allow their employees to ever download or worse look at the source code as it would taint all their IP with possible theft. Just because the code is leaked doesn’t mean Rockstar has lost ownership of the intellectual property, it just means everyone distributing it is participating in the theft and everyone holding it is complicit. Worse by reading it and possibly using trade secrets embedded in the code in a competitors product exposes the competitor to civil and criminal penalties.
I would treat the source code as radioactive toxic waste to be handled at your own peril.
ReactOS also treated/treats leaked Windows source code this way (disallow contributions even if you have academic or goverment-backed permission to look at it).
Rockstar micro-transactions would be one reason for Rockstar themselves to actually care about this. Hackers summoning RMT rewards in GTAV Online were already a "problem."
This is probably the most likely source of interest; modders might get some benefit from knowing the actual source but the decompiles are usually just as good (except variable names, perhaps, see Minecraft SRG, etc).
But speedrunners might be able to realize new exploits to reduce time that aren't apparent from the decomp.
Compatibility is also a point, GTA V works pretty well on Steam Proton, but it might clarify some bugs that already exist, while also helping with better support for RDR 2 and GTA 6 in the future.
Rock star is getting a lot of hits recently, and I’m not entirely sure if it’s an inside job, bad management, poor hires, or mix of all or something completely different, I would imagine they should have increased their measures when GTA6 got leaked..
It's getting coverage because the GTAV source and assets weren't publicly leaked until now. The hack was in 2022, but AFAIK nobody but a select few had access to the stolen data.
"Out on bail for allegedly hacking the hardware company Nvidia, Kurtaj, prosecutors say, pulled off the GTA heist while staying under police protection at a Travelodge hotel. Without his computer, he somehow managed to hack into Rockstar using his smartphone, an Amazon Firestick, and the TV in his hotel room."
After reading this I assumed he used some kind of remote server he had access to. Eg phone is the Bluetooth keyboard, fire stick provides an internet connection and a browser, and remote server provides the full Linux environment to do whatever actually hacking with.
I think I read somewhere (can't find the source at the moment) that he mainly used his existing access (to slack?) from his phone and didn't actually do much hacking at that point.
Why would they pay? It's a 10-year-old game that's the second best selling game of all time. Rockstar made their money, and there isn't anything a competitor could use to gain an advantage. It's almost good because it's free press for GTA VI.
The vast majority of those sales are for GTA online, which this leak doesn't inherently give you access to. I don't see this leak financially harming Rockstar more than the cost of the presumed ransom, people still have to pay to play GTA online.
If they cared about their customers they would pay to stop them (us) getting pwned with numerous 0-day vulnerabilities that no doubt exist in a 15 year old code base that had never seen the light of day.
source leaks damage things aside from profitability.
this will just serve as yet another feather in the cap for the exploit/hacking/modding community; and a lot of THOSE people make cash by selling exploits.
If rockstar cared about cheating ( they don't ) this would throw a big monkey wrench into that effort, obfuscation is half the battle in a game where book-keeping like an MMO would be performance prohibitive.
2) Hackers exfiltrate data from the target (this could be source code, database dumps, employee records, emails, or any combination of the above - basically anything that could be seen that has value to the company staying private.
3) Depending on the model used, the hackers either privately or publicly informs entity they have their data and unless a payment of X if made the data will get leaked or sold to the highest bidder.
I don't understand how anyone would ever pay. There is nothing guaranteeing you the hackers actually destroy their copy of the data on payment, so they could just come back and ask you for another payment every few months.
Or are we really supposed to believe these criminals would follow some sort of made up honor code?
You are completely right, they are criminals there is nothing stopping them from just dumping the data anyway (or launching another attack later down the road).
However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.
But there is another "maybe" to consider (OP did ask for a brief explanation so I didn't go into all possibilities), did they encrypt the data? If they did and entity no longer has access to it they then have two options 1) restore the data from backup (if they had them and can restore service in a reasonable amount of time) / write off any data loss 2) pay up for the keys.
With no reputation, you’re presumably less likely to have victims pay up. You want to build reputation so you can get consistent profit from these extortions.
I don’t know if it’s really that interesting; reputation is just a fundamental currency required to facilitate trade when it can’t be guaranteed otherwise — there is in fact an honor amongst thieves.
These arm-chair game theory arguments tend to fall apart instantly as soon as you assume multiple rounds are played.
Aren't they all anonymous, though? So they could just change their name for the next operation. Maybe all these groups are already the same people behind the scenes.
You're missing the incentives. They /could/ change their name each operation, but then, as you note, the target would have reduced motivation to actually pay. By keeping their name, and keeping their word, customers are more likely to pay in the future, because there's a history of good faith transactions. And, of course, a group that is relying on their reputation like this must police their trademark and prevent other groups from abusing it.
If GTA5 Online on PC is still going to be a thing, the smartest move is probably to open source the code and let the community report and fix vulnerabilities.
No. It's more like a writer describing their creative process. Knowing how someone else gathers ideas or structures text may help you improve your own writing, but that is still a very small part of publishing an original work.
I'd imagine a complex game engine has some bugs or weird behaviours in specific conditions. If it can be proven that the closed source game has a lot of the same bugs/behaviours, that is likely enough to win a lawsuit.
Video games are already full of exploits. That's what allows a rich modding scene to thrive.
Video games sit in this really weird place in software engineering where 'security' in the traditional sense doesn't necessarily apply.
Games are either single-player and don't really make any sense to exploit, or are multiplayer and have weird kernel-level DRM and anti-cheat, and on the server side, mainly host multiplayer matchmaking and servers.
Even if games have been exploited maliciously, users would have to go out of their way to find a malware-laden version on a shady BitTorrent website, and in that case the BitTorrent protocol is the real vector, not the video game itself.
Don't get me wrong, I'm not saying video game RCEs aren't security a problem—but they have fairly extensive positive implications that might not be usually considered.
> Video games are already full of exploits. That's what allows a rich modding scene to thrive
I'm not sure I see the correlation? unless you explicitly mean online modding, which I'm not sure it happens that often.
I've been modding games for a few years and it's mostly interacting with Windows API and its capability to access other processes in the same user space by injecting DLLs. I've never looked for vulns inside the game itself.
If you refer to online modding, usually while they're local some games allow it, but as soon as it affects gameplay they're very rarely what I would say they're wide enough 'to thrive'.
It is true that the term of security doesn't apply that often to offline games, though.
Wouldn't be nearly as much of a problem if they didn't cheap out on the multiplayer and make it P2P instead of hosting proper servers. Valve's Source engine has been leaked half a dozen times and I don't think there's ever been a client-to-client RCE ever because servers are fully authoritative and clients have very limited control over what happens on the server.
I don’t see how the source code of a game being public is a problem; the game will be as enjoyable (or as crap) with or without the source code public.
Oh wait, Rockstar are going the multiplayer plus gacha route. A leak may hurt because the players may not need the gacha.
For single player games, I see no problem.
And for those hoping more games release source code, I don’t think the source for commercial games is in a state where you can learn from it :)
Putting a mechanic into your game where you spend real world money to gamble for skins and stuff. Game companies realized they can make a lot of money selling what modders used to be able to do for free. It's apparently a well known thing that there exist "whales" that spend huge amounts of money on these things. Probably a decent number are addicts being abused.
'gacha' refers to 'gachapon' in japanese, originally referring to lottery elements in mobile games (typically asian), now referring to exploitive microtransactions and addictive elements in all forms of gaming. Loot boxes are a common gacha element. The poster is implying that GTAV is exploitive.
It was GTAV (2013) that was leaked. GTAVI was leaked a few months back in the form of early development videos and the reveal trailer but nothing else.
Edit: GTA6 code and a testing build were supposedly also taken in the Rockstar hack, but none of that has been publicly leaked as of today.
The magnet & mediafire links seem to contain only the larger (PW protected) file. Where could one find the other one as well (not the I would download them)?
> Fans are requested to appreciate the hard work the developers put into their video games and avoid spreading the leaked source code further.
Alternately, appreciate the hard work by making interesting mods for the game. GTA5 has already had an extensive modding scene for the 10 years it’s been out, but now I assume mods will become easier to make and more powerful, benefiting Rockstar’s customers who paid for the game. And who is hurt? Not pirates, who could obtain the game starting shortly after release. Potentially people playing against cheaters online, except I’ve heard they’ve had free rein for a long time.
Companies should release their own games’ source code. Other software too.
Why re release my 2008 game as a remaster in 2023 if Sven in Sweden already patched the (open) source with QOL changes and provided higher texture mods.
They filed a lawsuit against the engineers behind the reverse engineering of GTA III/VC who published their work on GitHub. To strengthen their own legal position and to combat the obvious argument that "You abandoned this and had no intention to profit further from it", Rockstar/Take-Two paid for the quickest, dirtiest, shoddiest port that was put out within a month of their lawsuit being filed: https://en.wikipedia.org/wiki/Grand_Theft_Auto:_The_Trilogy_...
> from the POV of management, a leak of the source might prevent a future re-release, which cuts into future potential profits!
It's rather the other way around, they'd been working on the remasters for a while and were completely blindsided by the publishing of the re3 / reVC source code, which promised to be a better option than their own remasters could be. This scared them shitless and led to the lawsuit.
GPL'd source is an intriguing prospect to me. I'd BSD or MIT the libraries, engine, and other building blocks. But the games .. GPL feels right. With the assets being copyright probably?
If you want to make new works that are not GPLd, not GPLing the building blocks would let you do that.
Alternatively, you could LGPL the building blocks, still allow the end products to not need to be GPLd, but require development on the building blocks to be open sourced.
Sven doesn’t care about contributing his changes back to your tree and does not assign you copyright. GPL is fine for Sven. Ingrid can use Sven’s GPL changes because she’ll use that license too. You want to dual licence, you can’t use Sven or Ingrid code.
Copyright assignment + gpl so you can charge for a different licence too only works if nobody wants to fork. Doubt that’s the case for this sort of thing.
ubisoft deserves to get the source code for all their old games leaked. One by one they have shut the servers down (quite understandable because of server costs) but offered no ways or means whatsoever to play them alienating the old fans really hard. Some of us have memories of playing the older games which we can never relive again. It should be illegal for a game company to shut an online only game down without offering a LAN patch. Developers should bake in LAN functionality from day 1 but keep it hidden which the patch must fix at EOL for games
Surely server costs for something that's no longer being used much can't be very high? Running an idle ETLegacy server on my desktop uses a whopping 100 MB RAM and 0.02 CPU cores on my 6th gen i5 with the powersave governor on and all cores at 800 MHz. The more obvious motivation is just that they want you to buy their new thing and not have the old one anymore.
If the matchmaking server isn't getting requests, you can put it on a potato VM for $5/month or whatever. Likewise at least old games could run with 64 players on much weaker CPUs than we have today. Surely a small VM could keep a handful of 16 player servers around.
It is really cool that Id keeps the ET master server online from like 2003. There is more than one nowadays, but most servers only ping the old master. I occasionally work on ETL btw, nice to meet a fellow ET player!
I'm used to working in a context where you have to deal with audits and it makes sense to weigh that cost, but for video games, couldn't they throw it in EC2 or fargate in an account with nothing else and forget about it? It doesn't need to have access to anything important (it might not need access to anything at all if you're not persisting any player data). If the only open port is the game server, patch schedules can be somewhere between late and never.
No it's deffinately not as easy as that. You need to manage those servers, manage the updates, security patches, roll out updates to the game server... Because it will need updates because things break or need security updates etc. Managing things like that means it needs to be within the existing infrastructure.
Imagine with every old game they just threw up an ec2 and left it rotting, they'd have hundreds of out of date servers running vulnerable software, it would be a nightmare.
Videogames also by very definition attract the kind of people who will want to hack the servers for fun; which in extreme cases will also involve RCE on the player's computers:
But what I'm saying is why do they need to install updates? If the only open port is your software, who cares if curl or ssh or whatever is out of date. Worst case, you shut it down if it ever does get compromised, and there was nothing anyone could do with that machine because it was underpowered and firewalled to only allow incoming connections on your game port and no outgoing connections. Unless there's an exploitable vulnerability in the Linux networking stack or their server application, everything else doesn't matter. If they run it in fargate, Amazon will take care of Linux patches, so it's only their application server that matters. Games usually use custom UDP protocols, right? So there's no off-the-shelf library for them to patch in their application.
Same deal with people talking about windows requiring new hardware really: for most people the answer should be "good, it'll stop rebooting to update now". Almost everyone is behind a firewall that doesn't allow incoming connections (it can't by default because of NAT). The only point of entry is the browser, and if you stay off the seedier parts of the web and have an adblocker, that's not really an issue either. Your bank or Spotify presumably aren't going to be dropping malware on your machine via old browser exploits.
You can't do that kind of thing if you're under some auditing regime, but they're not, right?
Because that's not how videogames in 2023 (or the past ~decade plus) have worked.
You need, at a very minimum:
— login system that also works with consoles
— persistence for users stats (maybe not for some kinds of games)
— matchmaking service (which really wants a persistence system for SBMM)
— make sure your systems aren't actively being exploited (you don't want to accidentally run a botnet)
— make sure nobody is "hacking" or modding the game (what's the point of keeping the severs up if they're filled with aimhacking bots)
— monitor the services to make sure they're up
— potentially patch the games on multiple platforms if you need to make a backwards-compatible change to fulfill any of the above.
— also potentially update your games if the console vendors make changes to their stacks
I agree that it sucks that the services are being shut down without any alternatives being provided, and I wish there was a way to force the publishers to support them for longer or provide an OSS servers options; but it is definitely not "free" or "easy" to provide these services for years.
You already have the login and database systems though. And who cares if someone mods or hacks the game; you were going to abandon it. If people are still having fun, you've added some incremental happiness to the world. If an OS vendor breaks your game that you otherwise would've abandoned, that sounds like something the users should take up with the OS vendor (really, it's something the users should take up with the OS vendor regardless, but if you've already decided you're done supporting it, that definitely applies). Or on PC they can avoid patching/"upgrading".
Basically, unless someone takes control of your servers or other players, if the alternative is to shut it down, why not just leave as-is and not maintain/support it? If an impactful exploit is found, then shut it down. Preemptively shutting it down because the experience might degrade is silly; shutting it down will definitely break it.
So you want the unsupported, unmanaged, not monitored game server - that will get hacked - access to the credentials database that holds emails, password, names, addresses and possibly payment details?
You also want users to contact the the OS devs when their old, unmanaged, not updated game no longer works? Or you want the users not to install important security updates because they want to play one old game?
None of what you've said really makes sense in the the enterprise IT world. AS it's already been previously stated to you, you can't just spin up a VM and host your game on it, it just doesn't work like that. There are plenty of valid reasons for that in the thread already.
Why would a game server database have payment details or passwords or PII? That's insane to start. It's a video game server, not a bank. It shouldn't have anything important on it. Even auth is handled by platforms/stores (which are maintained) for some time now, right? So the actual game servers just receive tokens for the user?
> Or you want the users not to install important security updates because they want to play one old game?
If the OS vendor is releasing patches that break user programs, then yes. This anti-customer attitude of move fast and break (other people's) things (without their consent) needs to die.
Historically, games were designed so that you very much could just spin up a VM and host it. Has that competence been lost? I'm not seeing why things aren't designed to continue working. It's not difficult to do.
You also now want the current login severs to continue to support the old game logins and handle auth for them? So we're still supporting the old game, still maintaining it.
These old unmaintained, unmanaged servers you want to run get hacked they distribute malware to your users. Whoops, the hosting provider finds out, the business account gets locked, now nothing works.
They get hacked a different way, they start mining bitcoin, your hosting provider finds out and locks the business account, whoops, now nothing works.
They get hacked a different way, they intercept the api calls to the auth servers. They use the auth tokens to break into people's main accounts, use that for phishing attacks, steal millions of dollars. Whoops.
>it's not difficult to do.
That's the point you don't get. It is difficult. Standards change, security changes, things NEED updating or things go wrong, people lose confidence in you, you dont make any money and you go out of business.
Spin up an old version of minecaft on an old version of Linux, see how long it lasts before it all goes wrong.
legacy games of ubisoft such as watch dogs, splinter cell conviction/blacklist, ghost recon future soldier, far cry 3 etc only need a server to login via ubi credentials, they actually work peer to peer so shutting these down is a crime on so many levels honestly
It's more than $0. That means that when ubi goes belly up, nobody will be able to pay the bill to keep the lights on, no matter how cheap it is to do so
Not that a large corporation would ever do this, but you could imagine an indie company that cared setting up a trust with a few thousand dollars of the initial revenue, and that could pay the bills indefinitely using the interest.
For a large company, that money could've been a few micropennies back to the investors, so obviously it's silly to imagine. Also, if they really cared, they'd release the server code so others could run it.
Such games are often not peer to peer, like the games of old. Releasing a server in a form that's somehow operable by a third party is not always easy.
If there's enough people interested in the game, someone will figure out how to run a private server. People are so persistent it happens even without the source code. For many online games the source code is either stolen or dedicated people black box reverse engineer it just to run private servers. That's how runescape private servers operated back in the day, although I don't know if it was a clean room reverse engineer.. someone probably stole the code given Jagex.
which is why there should be a law in place to force game companies to add LAN even if it is completely hidden from day 1 which should not be usable if companies care about competitive edge but at EOL they should be forced to add a patch that activates this feature
Indeed, I sincerely hope someone leaks Rocksmith 2014 soon, as well as all the no-longer-available CDLC packs. The current Rocksmith+ is a completely different application and is not a substitute, I want the real thing that I already paid for back.
They did publish the code for World in Conflict online server (initially made by Massive Entertainment), and a few other tools https://github.com/ubisoft
Pardon my regardiness, but the description here says that there are two files and in the magnet link and mediafire one there is only one (the bigger one). Where's the smaller file?
You don’t decrypt a hash, a hash is used to verify integrity of a specific content. You can use several programs to create a hash of the files you downloaded, and compare it to this person’s hash to see if they’re the same.
As chains of trusts go, this is utterly useless! Unless you’re about to post a picture of yourself with your HN username, today’s newspaper and a linked biog at a trusted domain that proves beyond doubt your integrity.
