So this guy named Gabe from this company called Valve got his machine (or machines) compromised recently. No big deal, right? Well, all he had to do was use insecure email (as in, when you check email remotely, a username and password fly in the clear), and use Outlook (you preview stuff, and "somehow" these bad guys' programs start running on your machine without you knowing it). Yet he was rooted. Weird, huh? Yeah. Very strange. 'Cause, like, all Microsoft's software is, like, really safe and stuff. You just have to patch and you're fine. Really. Honestly. You can trust these guys.

Well, tell that to Gabe. He got pantsed something fierce, primarily due to his company's use of Microsoft software. When I say "pantsed", I mean it in a "All our competitors can now see everything we've been working on for the past five years: our flagship product -- one we had hoped to release before the upcoming holidays in order to make a lot of money and pay for all this development time we've been taking..." sort of way. Not the "Oh shit, now all the bottom-feeding script kiddie assholes can figure out to how to cheat in our online game and possibly ruin our market share" sort of way.

But I think both ways might come to pass. I intended to buy and play Half-Life 2. There is not one single, small chance in hell will I run it or any of its variants now. Not after five years of development which relied on security through obscurity. I have no confidence that they can both finish the game and fix all the security holes before the holidays. If they would have been able to finish the game with that added effort, it'd be done and we'd have a patch by now. The game is hugely anticipated. They'd have released it if they could. Now with the added pressure to release anyway as close to Christmas as possible, I'm not sure what all holes can be fixed. But are people thinking like me? Are they just waiting for the game? I remember Eudora's release cycles. A word you never wanted to hear was 'showstopper' (you usually heard it Friday night at about 8:30pm the weekend you had show tickets). And while this would be a showstopper ("showkiller"?) for certain, there is going to be a lot of pressure to release the game regardless of what was leaked. But I hope not.

This is bad beyond belief and it will have repercussions. At worst, Valve, as a company, might go away. People will lose their jobs, decades of man-hours of work will be lost. Because Gabe used Microsoft Outlook. At best, Valve goes back to its parent company and asks for a couple million carry over payroll and R&D costs while they figure out how to tighten up their software and clean up the mess. I feel really sorry for Gabe. He was only trying to do his job, using tools his employer gave him. Security shoudln't have had to have been his job.

Was he patched? No idea. Does it matter? Probably not. If a very sophisticated group wanted the HL2 source code, they would get it, no matter what Valve did. Vavle could have used the most secure operating systems and the most secure software, and it wouldn't have matter had the interloper(s) been seriously determined. Having said that... Do you think Gabe will ever feel safe using completely patched and up-to-date Microsoft software ever again? You think he'll use non-SSL webmail or Outlook or IE ever again? I don't think so. Was it Gabe's fault? Not in the slightest. Not even by a longshot. He was using industry-standard tools. Tools his empoyeer gave him, and tools every employee probably used. Tools most of our government uses.

You scared yet?

Who did this? Koreans? Chinese? Nvidia? Saddam Hussein?

What got Gabe can get your congressman. It can get your doctor and your lawyer and your mom. And there's nothing you can do about it. Put the word 'porous' in your mind where user-level security is concerned. And no, firewalls don't help. That Linksys router you bought your folks/sister/whomever (updated that firmware lately?) is in some cases utterly useless. Exponentially so if the software behind it is unpatched. Or written by Microsoft.

I think we're entering a new and very scary world of networked applications and hardware, and Mr. Gates' obvious history of trading of security for convenience (read: sales) has done us nothing but a great disservice. It's a wonder didn't start sooner. Software from MS can harm you. It's as plain as that, and anyone with a clue knows it, too. They've known it for a long time. And now software from Valve can harm you. It might be able to harm you for a very long time to come.

Bah... The more I think about all this, the more apathetic I get. Maybe this is a sign to play fewer games and spend my online/offline time more constructively. Couldn't hurt. Unlike using Outlook or IE.