RE: [hlds] When will the nosteam hacks be fixed?
No offense but are you on crack? Who on this list pays admins to admin on thier box(s) beyond gsp's? The equipment costs? oh that's right valve can afford 100's of mbit's of bandwidth and likely clusters of auth and content servers, but they don't have a spare 2gig server or really just a desktop to thow up on the one of those connections? Does not compute. Pehaphs you were being funny and I missed picking up on it. :--) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bruce Bahamut Andrews Sent: Sunday, December 19, 2004 8:22 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? They'd then have to hire people to take care of the servers, more people to patrol them to ban people (what other server would attract as many 'myg0t' style groups then an official one?), as well as the equipment costs... You never know though, they might be secretly hosting servers under a different name =) - Bruce Bahamut Andrews Napier, Kevin wrote: This is a multi-part message in MIME format. -- Probably the right call there Ray. Btw I never understood why valve never (at least to my knowledge) ran a server or two of thier to get a feel for what people run into, let alone the honeypot value of it. I always found that strange, not to metion out of character since most development shops make it a habit to eat thier own dog food if they can. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
Alfred's excluded from all my comments; he seems to be one of the few who understand the realities many experance as server admins, that should not be a surprise based on what he was doing before joining Valve, now was that two years ago or three?.. time files. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Marcelo Bezerra Sent: Sunday, December 19, 2004 9:30 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? At least Alfred has set up a linux ded. server for profiling purposes. Napier, Kevin wrote: This is a multi-part message in MIME format. -- Probably the right call there Ray. Btw I never understood why valve never (at least to my knowledge) ran a server or two of thier to get a feel for what people run into, let alone the honeypot value of it. I always found that strange, not to metion out of character since most development shops make it a habit to eat thier own dog food if they can. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] Whoa. Calm down there Sparky. I was out of town for a few days. And also, you can shutdown your server as an individual as a silent protest, or make a consorted effort of MANY people to make it at least somewhat noticeable. I choose to wait until a large group does it. or you and I could be the only 2 people picketing VALVe headquarters! I guess our posts may have done something since a FINALLY updated VAC and SRCDS protection are coming soon. But, like after every VAC update, we all say I hope that they keep it updated now!. and six months later, we do these posts again. HOORAY!!! Still would like to hear about the plans to fix the no-STEAMID issue. -Original Message- You missed my sarcasm and my point. Unlike you, I am a man of action - I shut my CS server down completely. I and my regulars agree that we will not operate or admin a server which benefits Valve when they refuse to address basic issues which directly affect the quality of game play (VAC). So put up or shut up bro. You say we need to do something - I already have, where's your contribution From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew R. Mitcham Sent: Thursday, December 16, 2004 11:20 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good, then uninstall and leave us all alone because I have dealt with this SHIT for YEARS... literally. This may be the Dos Equis talking, but we need to do something (server owners) and let VALVe know that this CRAP is not going to stand anymore. The pile of shitty lies and ignorance is getting too high. WE MAKE THE GAMES HAPPEN. WE MAKE THE PLACE FOR PEOPLE TO PLAY THEIR GAMES. _ Darren J. Mason wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme
Re: [hlds] When will the nosteam hacks be fixed?
meh, they have plans which they're actively working on (apparently), but as with all Software development, the cost to fix bugs later in development, or after release, is extremely, extremely high, so it might take time o.O - Bruce Bahamut Andrews Andrew wrote: This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] Whoa. Calm down there Sparky. I was out of town for a few days. And also, you can shutdown your server as an individual as a silent protest, or make a consorted effort of MANY people to make it at least somewhat noticeable. I choose to wait until a large group does it. or you and I could be the only 2 people picketing VALVe headquarters! I guess our posts may have done something since a FINALLY updated VAC and SRCDS protection are coming soon. But, like after every VAC update, we all say I hope that they keep it updated now!. and six months later, we do these posts again. HOORAY!!! Still would like to hear about the plans to fix the no-STEAMID issue. -Original Message- You missed my sarcasm and my point. Unlike you, I am a man of action - I shut my CS server down completely. I and my regulars agree that we will not operate or admin a server which benefits Valve when they refuse to address basic issues which directly affect the quality of game play (VAC). So put up or shut up bro. You say we need to do something - I already have, where's your contribution From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew R. Mitcham Sent: Thursday, December 16, 2004 11:20 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good, then uninstall and leave us all alone because I have dealt with this SHIT for YEARS... literally. This may be the Dos Equis talking, but we need to do something (server owners) and let VALVe know that this CRAP is not going to stand anymore. The pile of shitty lies and ignorance is getting too high. WE MAKE THE GAMES HAPPEN. WE MAKE THE PLACE FOR PEOPLE TO PLAY THEIR GAMES. _ Darren J. Mason wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed
RE: [hlds] When will the nosteam hacks be fixed?
The constant drop in fps from the HL2 games has now gone too far. HLSW showed 2 HL2MP servers at different centers pinging over 200 while other servers on those boxes pinging the normal 20ms and 40ms respective to their locations. In RDC'ing into the boxes both showed a locked number of 1000.0 fps. After closing the flash booster we use one server showed 32 fps and the other was still stuck at 1000.0 fps. Ingame performance was pitiful and so we have decided to take action. We have shut down all the HL2-based servers and will not be supporting the HL2 games until Valve gets their shit together. The game was sold to the public and NOT listed as beta, testing or unfinished even though that is it's current status of development. Valve cannot expect GSP's to run games they can't control or run stably for a paying client. Maybe they get their kicks from selling an unfinished and unsupported item but we stand behind the service we sell. Additionally, if Valve does not release a way for us to prevent a client running bots then we will not be running it at all. I would hope that actions like ours from the companies that sit on multi-tierd bandwidth connections can help to send a message to the developers in Valve that their ignorance will not be supported nor hosted. I don't care about the rest of the GSP's in the world as much as I care about guaranteeing the performance, stability and reliability of the services we sell to our clients. Maybe if Valve opened a couple of servers of their own for the gaming community instead of their in-house coffee breaks they would begin to see what we all face when dealing with what they are selling. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Bahamut Andrews Sent: Sunday, December 19, 2004 5:30 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? meh, they have plans which they're actively working on (apparently), but as with all Software development, the cost to fix bugs later in development, or after release, is extremely, extremely high, so it might take time o.O - Bruce Bahamut Andrews Andrew wrote: This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] Whoa. Calm down there Sparky. I was out of town for a few days. And also, you can shutdown your server as an individual as a silent protest, or make a consorted effort of MANY people to make it at least somewhat noticeable. I choose to wait until a large group does it. or you and I could be the only 2 people picketing VALVe headquarters! I guess our posts may have done something since a FINALLY updated VAC and SRCDS protection are coming soon. But, like after every VAC update, we all say I hope that they keep it updated now!. and six months later, we do these posts again. HOORAY!!! Still would like to hear about the plans to fix the no-STEAMID issue. -Original Message- You missed my sarcasm and my point. Unlike you, I am a man of action - I shut my CS server down completely. I and my regulars agree that we will not operate or admin a server which benefits Valve when they refuse to address basic issues which directly affect the quality of game play (VAC). So put up or shut up bro. You say we need to do something - I already have, where's your contribution From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew R. Mitcham Sent: Thursday, December 16, 2004 11:20 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good, then uninstall and leave us all alone because I have dealt with this SHIT for YEARS... literally. This may be the Dos Equis talking, but we need to do something (server owners) and let VALVe know that this CRAP is not going to stand anymore. The pile of shitty lies and ignorance is getting too high. WE MAKE THE GAMES HAPPEN. WE MAKE THE PLACE FOR PEOPLE TO PLAY THEIR GAMES. _ Darren J. Mason wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played
RE: [hlds] When will the nosteam hacks be fixed?
Just out of curiosity, are you paying anything to Valve; to make money off of Valve's software? ... you know royalties and such ? So essentially you are complaining about them providing you with an income, based off of all their hard work (over the course of how many YEARS?) for free. I never can understand when people rant on Valve and say this and that, I have been working in the industry for over 4 years now, and you know what ... it's a fact of day to day operations that you have to deal with problems, be it derived from your own internal operations or the influence of external companies. Valve is one of the better companies to deal with, as they do watch for bugs being reported and do work on them as fast as they can. They may not make a public statement about every bug they are working on; but they at least recognize that they have a problem and try to resolve it. If you want an example of a worse company, by way of dedicated servers, you can look at DICE, by no fault of lack of effort, their linux server for the original BF1942 was crap. It took them over 4 months after releasing the game to even get a nix version out, and another 6 months after that of fixing it so that it didn't lag the players randomly. During this course of development they never admitted to a problem, and this caused a lot of problems for hosting companies. Valve does the best they can in a given time span, and what it boils down to is ... If you think you can do better, do it. (I will prolly get flamed for this, but that is a cost I pay gladly for someone needed to say this.) - Matthew Davey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ray Spaulding Sent: Sunday, December 19, 2004 09:50 To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? The constant drop in fps from the HL2 games has now gone too far. HLSW showed 2 HL2MP servers at different centers pinging over 200 while other servers on those boxes pinging the normal 20ms and 40ms respective to their locations. In RDC'ing into the boxes both showed a locked number of 1000.0 fps. After closing the flash booster we use one server showed 32 fps and the other was still stuck at 1000.0 fps. Ingame performance was pitiful and so we have decided to take action. We have shut down all the HL2-based servers and will not be supporting the HL2 games until Valve gets their shit together. The game was sold to the public and NOT listed as beta, testing or unfinished even though that is it's current status of development. Valve cannot expect GSP's to run games they can't control or run stably for a paying client. Maybe they get their kicks from selling an unfinished and unsupported item but we stand behind the service we sell. Additionally, if Valve does not release a way for us to prevent a client running bots then we will not be running it at all. I would hope that actions like ours from the companies that sit on multi-tierd bandwidth connections can help to send a message to the developers in Valve that their ignorance will not be supported nor hosted. I don't care about the rest of the GSP's in the world as much as I care about guaranteeing the performance, stability and reliability of the services we sell to our clients. Maybe if Valve opened a couple of servers of their own for the gaming community instead of their in-house coffee breaks they would begin to see what we all face when dealing with what they are selling. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Bahamut Andrews Sent: Sunday, December 19, 2004 5:30 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? meh, they have plans which they're actively working on (apparently), but as with all Software development, the cost to fix bugs later in development, or after release, is extremely, extremely high, so it might take time o.O - Bruce Bahamut Andrews Andrew wrote: This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] Whoa. Calm down there Sparky. I was out of town for a few days. And also, you can shutdown your server as an individual as a silent protest, or make a consorted effort of MANY people to make it at least somewhat noticeable. I choose to wait until a large group does it. or you and I could be the only 2 people picketing VALVe headquarters! I guess our posts may have done something since a FINALLY updated VAC and SRCDS protection are coming soon. But, like after every VAC update, we all say I hope that they keep it updated now!. and six months later, we do these posts again. HOORAY!!! Still would like to hear about the plans to fix the no-STEAMID issue. -Original Message- You missed my sarcasm and my point. Unlike you, I am a man of action - I shut my CS server down completely. I and my regulars agree that we will not operate or admin a server which benefits Valve when they refuse
Re: [hlds] When will the nosteam hacks be fixed?
I'm inclined to agree with you 100% there. Dice and Epic are far worse, far far worse. - Bruce Bahamut Andrews Matthew Davey wrote: Just out of curiosity, are you paying anything to Valve; to make money off of Valve's software? ... you know royalties and such ? So essentially you are complaining about them providing you with an income, based off of all their hard work (over the course of how many YEARS?) for free. I never can understand when people rant on Valve and say this and that, I have been working in the industry for over 4 years now, and you know what ... it's a fact of day to day operations that you have to deal with problems, be it derived from your own internal operations or the influence of external companies. Valve is one of the better companies to deal with, as they do watch for bugs being reported and do work on them as fast as they can. They may not make a public statement about every bug they are working on; but they at least recognize that they have a problem and try to resolve it. If you want an example of a worse company, by way of dedicated servers, you can look at DICE, by no fault of lack of effort, their linux server for the original BF1942 was crap. It took them over 4 months after releasing the game to even get a nix version out, and another 6 months after that of fixing it so that it didn't lag the players randomly. During this course of development they never admitted to a problem, and this caused a lot of problems for hosting companies. Valve does the best they can in a given time span, and what it boils down to is ... If you think you can do better, do it. (I will prolly get flamed for this, but that is a cost I pay gladly for someone needed to say this.) - Matthew Davey ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [SPAM] Re: [hlds] When will the nosteam hacks be fixed?
All VALVe need do is hire on a legitimate Software Quality Assurance Staff, fund the team properly, and give the SQA team STOP authority over releases. The result will be a significant increase in reliability of VALVe software. Now combine the prospect of VALVe code becoming very stable with their already strong market position and they have additional magic working for them. They can further enhance this by establishing a dedicated corp of beta volunteers to test the installations on private servers and report defects, etc. I know I would step up to be a responsible beta participant. It is not easy to properly beta so, should VALVe ever choose the Beta route, don't volunteer unless committed to some hard work for no pay. Bruce Bahamut Andrews wrote: I'm inclined to agree with you 100% there. Dice and Epic are far worse, far far worse. - Bruce Bahamut Andrews Matthew Davey wrote: Just out of curiosity, are you paying anything to Valve; to make money off of Valve's software? ... you know royalties and such ? So essentially you are complaining about them providing you with an income, based off of all their hard work (over the course of how many YEARS?) for free. I never can understand when people rant on Valve and say this and that, I have been working in the industry for over 4 years now, and you know what ... it's a fact of day to day operations that you have to deal with problems, be it derived from your own internal operations or the influence of external companies. Valve is one of the better companies to deal with, as they do watch for bugs being reported and do work on them as fast as they can. They may not make a public statement about every bug they are working on; but they at least recognize that they have a problem and try to resolve it. If you want an example of a worse company, by way of dedicated servers, you can look at DICE, by no fault of lack of effort, their linux server for the original BF1942 was crap. It took them over 4 months after releasing the game to even get a nix version out, and another 6 months after that of fixing it so that it didn't lag the players randomly. During this course of development they never admitted to a problem, and this caused a lot of problems for hosting companies. Valve does the best they can in a given time span, and what it boils down to is ... If you think you can do better, do it. (I will prolly get flamed for this, but that is a cost I pay gladly for someone needed to say this.) - Matthew Davey ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
This is a multi-part message in MIME format. -- Probably the right call there Ray. Btw I never understood why valve never (at least to my knowledge) ran a server or two of thier to get a feel for what people run into, let alone the honeypot value of it. I always found that strange, not to metion out of character since most development shops make it a habit to eat thier own dog food if they can. From: [EMAIL PROTECTED] on behalf of Ray Spaulding Sent: Sun 12/19/2004 9:49 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? The constant drop in fps from the HL2 games has now gone too far. HLSW showed 2 HL2MP servers at different centers pinging over 200 while other servers on those boxes pinging the normal 20ms and 40ms respective to their locations. In RDC'ing into the boxes both showed a locked number of 1000.0 fps. After closing the flash booster we use one server showed 32 fps and the other was still stuck at 1000.0 fps. Ingame performance was pitiful and so we have decided to take action. We have shut down all the HL2-based servers and will not be supporting the HL2 games until Valve gets their shit together. The game was sold to the public and NOT listed as beta, testing or unfinished even though that is it's current status of development. Valve cannot expect GSP's to run games they can't control or run stably for a paying client. Maybe they get their kicks from selling an unfinished and unsupported item but we stand behind the service we sell. Additionally, if Valve does not release a way for us to prevent a client running bots then we will not be running it at all. I would hope that actions like ours from the companies that sit on multi-tierd bandwidth connections can help to send a message to the developers in Valve that their ignorance will not be supported nor hosted. I don't care about the rest of the GSP's in the world as much as I care about guaranteeing the performance, stability and reliability of the services we sell to our clients. Maybe if Valve opened a couple of servers of their own for the gaming community instead of their in-house coffee breaks they would begin to see what we all face when dealing with what they are selling. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Bahamut Andrews Sent: Sunday, December 19, 2004 5:30 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? meh, they have plans which they're actively working on (apparently), but as with all Software development, the cost to fix bugs later in development, or after release, is extremely, extremely high, so it might take time o.O - Bruce Bahamut Andrews Andrew wrote: This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] Whoa. Calm down there Sparky. I was out of town for a few days. And also, you can shutdown your server as an individual as a silent protest, or make a consorted effort of MANY people to make it at least somewhat noticeable. I choose to wait until a large group does it. or you and I could be the only 2 people picketing VALVe headquarters! I guess our posts may have done something since a FINALLY updated VAC and SRCDS protection are coming soon. But, like after every VAC update, we all say I hope that they keep it updated now!. and six months later, we do these posts again. HOORAY!!! Still would like to hear about the plans to fix the no-STEAMID issue. -Original Message- You missed my sarcasm and my point. Unlike you, I am a man of action - I shut my CS server down completely. I and my regulars agree that we will not operate or admin a server which benefits Valve when they refuse to address basic issues which directly affect the quality of game play (VAC). So put up or shut up bro. You say we need to do something - I already have, where's your contribution From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew R. Mitcham Sent: Thursday, December 16, 2004 11:20 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good
Re: [hlds] When will the nosteam hacks be fixed?
They'd then have to hire people to take care of the servers, more people to patrol them to ban people (what other server would attract as many 'myg0t' style groups then an official one?), as well as the equipment costs... You never know though, they might be secretly hosting servers under a different name =) - Bruce Bahamut Andrews Napier, Kevin wrote: This is a multi-part message in MIME format. -- Probably the right call there Ray. Btw I never understood why valve never (at least to my knowledge) ran a server or two of thier to get a feel for what people run into, let alone the honeypot value of it. I always found that strange, not to metion out of character since most development shops make it a habit to eat thier own dog food if they can. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [SPAM] Re: [hlds] When will the nosteam hacks be fixed?
and if they stand to make money on banned cheaters repurchasing steam licenses then the conspiricy theorists can go nutzo right? Same genre as anti-virus companies being responsible for viruses? hoo boy. i got too much to do to think down those lines Bruce Bahamut Andrews wrote: They'd then have to hire people to take care of the servers, more people to patrol them to ban people (what other server would attract as many 'myg0t' style groups then an official one?), as well as the equipment costs... You never know though, they might be secretly hosting servers under a different name =) - Bruce Bahamut Andrews Napier, Kevin wrote: This is a multi-part message in MIME format. -- Probably the right call there Ray. Btw I never understood why valve never (at least to my knowledge) ran a server or two of thier to get a feel for what people run into, let alone the honeypot value of it. I always found that strange, not to metion out of character since most development shops make it a habit to eat thier own dog food if they can. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
Heh, more like anti-virus companies have the power to shut down any program they want by adding it to their virus list, then every other company just copies them theories. - Bruce Bahamut Andrews Steve Tilson wrote: and if they stand to make money on banned cheaters repurchasing steam licenses then the conspiricy theorists can go nutzo right? Same genre as anti-virus companies being responsible for viruses? hoo boy. i got too much to do to think down those lines ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
At least Alfred has set up a linux ded. server for profiling purposes. Napier, Kevin wrote: This is a multi-part message in MIME format. -- Probably the right call there Ray. Btw I never understood why valve never (at least to my knowledge) ran a server or two of thier to get a feel for what people run into, let alone the honeypot value of it. I always found that strange, not to metion out of character since most development shops make it a habit to eat thier own dog food if they can. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
Ok fair enough Now the problem starts to make more sense If a person can fake the STEAM_ID of legitamate user then that would give them access to the game. Still I don't understand why STEAM_ID Account Name Password cannot be used to verify if the person has legitamate access to the game they are playing and that the STEAM_ID matches the Account Name Password. I guess, STEAM Account not activated until E-mails are swapped would help slow these cheats down a little? On Sat, 18 Dec 2004 02:10:11 -0500, Spencer 'voogru' MacDonald [EMAIL PROTECTED] wrote: This is wrong. You install STEAM, you don't need any game. You make an account, with a free email. You now have a valid STEAM account with a STEAMID already assigned to the account (NO CDKEY NEEDED FOR A STEAMID), and then you go do the exploit to get the games to display on your list. You don't need a CD-KEY at all. - Spencer voogru MacDonald -Original Message- From: Whisper [mailto:[EMAIL PROTECTED] Sent: Saturday, December 18, 2004 1:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? AFAIK the STEAM Account Creation Process works like this You Install your game You put your CD Key in You create a STEAM Account which then attaches THAT CD Key to your STEAM_ID You now have a legitamate STEAM Account which has several variables attached to it. STEAM_ID, Username, Password, E-mail Address, Secret Question CD Key. The only thing you need to now use that STEAM Account on ANY PC with STEAM installed is your STEAM Account Login Password and you are assigned the STEAM_ID that is attached to that STEAM Account Name Password. The STEAM_ID that everybody see's on the Server should match that persons STEAM Account Password and it should be a simple procedure to query that STEAM Client for that particular Username and Password once a person joins a server, and if the details don't match they shouldn't have access, and one would think that a simple Valve server side challange/response like this ought to stop people who don't have legitamate rights to that STEAM_ID from playing online! The process is only slightly differenent for games purchased directly from STEAM, but still, at the time the Account is created, Valve still gets your Account Name, Password, E-mail address Secret Question AND then THEY (Valve) assigns you a STEAM_ID to that Account. In both Cases, Valve has complete control over the assigning of STEAM_ID's to Account Name/Password/E-mail address combinations. On Sat, 18 Dec 2004 00:29:53 -, Graham McMaster [EMAIL PROTECTED] wrote: It does, the actual Authentication appears to be done server side but if the Server has no master servers listed then that's gotta be away around it. Also the same with LAN servers. -Graham -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Bahamut Andrews Sent: 18 December 2004 00:17 To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? They are, though non-STEAM appears to bypass this connection. - Bruce Bahamut Andrews Whisper wrote: Thats exactly what I thought! On Fri, 17 Dec 2004 11:09:56 -0800, Clayton Macleod [EMAIL PROTECTED] wrote: forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? I mean, I can't go making 15 accounts and use the same CD key in all of them. The second account will give an error stating that the CD key has already been registered to the first account. On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason [EMAIL PROTECTED] wrote: CDKeys can and should be used FOR verification (since we all have them, and the internet cafes pay for them as well). Screw SteamIDs, email addys, and everything else. Why am I thinking that WON was a way better system than what we have now? Because Valve had a database of all our CDKEYS and it was a hell of a lot harder to get online with a keygen'd key than it is now. Perhaps there isn't enough money left in Valve's pretty purse to run a CDKEY verification server now Come on fellas - how about some communication Valve! What the heck is going [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED][EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The STEAM_ID databases are as secure as any other online database system, the problem is their identification of registering users. They use an email address to tie it to a person. The problem isn't just the abundance of free email services. There are also temporary email services
Re: [hlds] When will the nosteam hacks be fixed?
Leaving it to Valve hasn't worked too well so far, has it? Previous experience suggests that there is not an overwhelming mass of Secure Client Creation programming expertise or Network experience proficiency. Yeah, sins of the past and all that, but do we need to keep repeating the same mistakes over and over and over again? On Sat, 18 Dec 2004 18:53:34 +1100, Bruce Bahamut Andrews [EMAIL PROTECTED] wrote: I keep forgetting to clip the bottom of the emails off, they get so big for no particular reason. Anyway, I'd like to point out that although all these 'solutions' that you're all coming up with are brilliant ideas, none of us have any idea how the current system actually works on a core level, we only have assumptions that actually appear to work, they might be totally wrong, so leaving it to VALVe is all you can do :p - Bruce Bahamut Andrews Andrew Armstrong wrote: Each CDKey can only be used once, right? Why not have a system like this: * Since each steam account is already flagged with what games were owned/purchased by the account (server side) - Since you can login from anywhere and see your games list, have this information accessable by the multiplayer servers * When a client connects, it sends their steam id, the gameserver goes Hey Steam master server, does steam_id12345 own CS Source? If its a no, drop the client. That way, they can make as many steam id's as they want, but never get back in the game, because: * The steam master server informs the joining client whether they own the game or not This way, non-steam would not work on official servers, because: * They send their steam id, but the master server never recorded them purchasing the game, so it drops them Surely thats a viable solution? -Plasma ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
I'm sure they'll get there eventually =) - Bruce Bahamut Andrews Whisper wrote: Leaving it to Valve hasn't worked too well so far, has it? Previous experience suggests that there is not an overwhelming mass of Secure Client Creation programming expertise or Network experience proficiency. Yeah, sins of the past and all that, but do we need to keep repeating the same mistakes over and over and over again? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
Hello, what's the chances THEY emailed someone there and found out? None of the VALVe employees are legally allowed to comment on any of it, with their NDA's and soforth, so you're not going to get an answer out of them regardless of how much whinging you do. Try emailing gabe if you know his email address, being the head guy he'd be the one calling the lines and when to cross them. - Bruce Bahamut Andrews Andrew R. Mitcham wrote: I was just making the point that I believe VALVe relies on the replies of people like this to make the issue minor instead of major. It is people that say Hey, relax guy. They are working on it that makes the people who complain feel stupid and n00b. Let us not forget that these people are NOT VALVe employees and DO NOT know anything more than US. This has occurred for YEARS and we need to stop that. It would make VALVe more honest and forthcoming about issues that relate to SRCDS/HLDS. I certainly would not be angry in I heard from an employee ANYHTING relating to this issue, rather than some dude in... Arkansas or something... that has no clue what is going on telling me to chill out. Again, this has happened for years and it will continue to happen until people make it known that it will not be tolerated anymore, especially by the people who supply the environment to PLAY the game in. -Original Message- Rather then pointlessly venting anger on the list you could take the time to email someone off-list at VALVe and they generally will respond rather fast. - Bruce Bahamut Andrews From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew R. Mitcham Sent: Friday, December 17, 2004 1:20 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good, then uninstall and leave us all alone because I have dealt with this SHIT for YEARS... literally. This may be the Dos Equis talking, but we need to do something (server owners) and let VALVe know that this CRAP is not going to stand anymore. The pile of shitty lies and ignorance is getting too high. WE MAKE THE GAMES HAPPEN. WE MAKE THE PLACE FOR PEOPLE TO PLAY THEIR GAMES. _ Darren J. Mason wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication
Re: [hlds] When will the nosteam hacks be fixed?
Quote I am 2 seconds away from just going with BF1942 Good man it's alot better you know :) - Original Message - From: Andrew R. Mitcham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 17, 2004 7:19 AM Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good, then uninstall and leave us all alone because I have dealt with this SHIT for YEARS... literally. This may be the Dos Equis talking, but we need to do something (server owners) and let VALVe know that this CRAP is not going to stand anymore. The pile of shitty lies and ignorance is getting too high. WE MAKE THE GAMES HAPPEN. WE MAKE THE PLACE FOR PEOPLE TO PLAY THEIR GAMES. _ Darren J. Mason wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? Andrew R. Mitcham Fire Gaming, LP Senior Partner [EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
yeah if you like writing essays to ban people.. - Bruce Bahamut Andrews Tony wrote: Quote I am 2 seconds away from just going with BF1942 Good man it's alot better you know :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] They could have a source at VALVe after emailing. But whenever I email someone at VALVe and get a response, I QUOTE IT. And reading the last 1,000,000 posts about how VALVe is working on it from some douche that has no clue if what he/she is saying is true or not does NOT have a quote from an email and clearly states that VALVe is probably working on it. I can see how you would feel that VALVe cannot legally comment on the issue. But if enough people get angry about getting jerked around about HL2 release dates, HEARING FROM GAME FREAKING NEWELL that the CS community would never be left out again. then VAC not updating, loopholes not being plugged, and a hyped December release that was literally a (server) FAILURE, you could make them comment about this. I clearly remember reading from a GameSpy article that Gabe and other VALVe execs/employees where going to be more forthcoming and responsive to the community now. They need to respond about an issue that is a pain in the ass and has been for a long time. It is going to take the community saying OK, that is enough. No more room in my asshole to get it through. Can you IMAGINE what CAL would be like with no ESP or wallhacks? My clan would be CAL-Premier by now. Can you IMAGINE no more myg0t, JAPS, speedhacking, no-recoil, no more having to explain your 1337ness to a n00b admin? You ban the speedhacker now. 20 minutes later; the douche has a new STEAMID. YAY! We (server admin community) have complained about this endlessly for years. I complained for a while then shut up for a good year or so because I was convinced VALVe was actually working on it (according to You Know Who). And I think now people are starting to smell the BS that people who stick up for VALVe (but do not work for them) are dishing out. We can either sit here in the same old state of: they are working on it. they HAVE to be. it is S bad out there they MUST be working on it . like the last few years OR just DO SOMETHING about it. -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
I clearly remember reading from a GameSpy article that Gabe and other VALVe execs/employees where going to be more forthcoming and responsive to the community now. They need to respond about an issue that is a pain in the ass and has been for a long time. It is going to take the community saying OK, that is enough. No more room in my asshole to get it through. As do I, but we probably aren't going to get those responses unless we attempt to contact him, and I have nfi what his email is =) - Bruce Bahamut Andrews ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: Re: [hlds] When will the \nosteam\ hacks be fixed?
http://www.valvesoftware.com/people.php /Jesper I clearly remember reading from a GameSpy article that Gabe and other VALVe execs/employees where going to be more forthcoming and responsive to the community now. They need to respond about an issue that is a pain in the ass and has been for a long time. It is going to take the community saying OK, that is enough. No more room in my asshole to get it through. As do I, but we probably aren't going to get those responses unless we attempt to contact him, and I have nfi what his email is =) - Bruce Bahamut Andrews ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
20 minutes? More like 2 minutes unless they have a slow computer then you can make it 5 minutes if you are lucky, thats how ridiculous it is. We resort to IP bans now because they last that little bit longer than STEAM_ID bans which aren't worth the electrons you waste sending them down the line. Or we spend hours upon hours reporting nuisances to their ISP's and then people wonder why the servers aren't running at 99.99% efficiency! On Fri, 17 Dec 2004 02:23:36 -0600, Andrew R. Mitcham [EMAIL PROTECTED] wrote: This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] They could have a source at VALVe after emailing. But whenever I email someone at VALVe and get a response, I QUOTE IT. And reading the last 1,000,000 posts about how VALVe is working on it from some douche that has no clue if what he/she is saying is true or not does NOT have a quote from an email and clearly states that VALVe is probably working on it. I can see how you would feel that VALVe cannot legally comment on the issue. But if enough people get angry about getting jerked around about HL2 release dates, HEARING FROM GAME FREAKING NEWELL that the CS community would never be left out again. then VAC not updating, loopholes not being plugged, and a hyped December release that was literally a (server) FAILURE, you could make them comment about this. I clearly remember reading from a GameSpy article that Gabe and other VALVe execs/employees where going to be more forthcoming and responsive to the community now. They need to respond about an issue that is a pain in the ass and has been for a long time. It is going to take the community saying OK, that is enough. No more room in my asshole to get it through. Can you IMAGINE what CAL would be like with no ESP or wallhacks? My clan would be CAL-Premier by now. Can you IMAGINE no more myg0t, JAPS, speedhacking, no-recoil, no more having to explain your 1337ness to a n00b admin? You ban the speedhacker now. 20 minutes later; the douche has a new STEAMID. YAY! We (server admin community) have complained about this endlessly for years. I complained for a while then shut up for a good year or so because I was convinced VALVe was actually working on it (according to You Know Who). And I think now people are starting to smell the BS that people who stick up for VALVe (but do not work for them) are dishing out. We can either sit here in the same old state of: they are working on it. they HAVE to be. it is S bad out there they MUST be working on it . like the last few years OR just DO SOMETHING about it. -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
You pretty much feel just like I do, and that was why I re-started the discussion about it. On Fri, 2004-12-17 at 02:23 -0600, Andrew R. Mitcham wrote: This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] They could have a source at VALVe after emailing. But whenever I email someone at VALVe and get a response, I QUOTE IT. And reading the last 1,000,000 posts about how VALVe is working on it from some douche that has no clue if what he/she is saying is true or not does NOT have a quote from an email and clearly states that VALVe is probably working on it. I can see how you would feel that VALVe cannot legally comment on the issue. But if enough people get angry about getting jerked around about HL2 release dates, HEARING FROM GAME FREAKING NEWELL that the CS community would never be left out again. then VAC not updating, loopholes not being plugged, and a hyped December release that was literally a (server) FAILURE, you could make them comment about this. I clearly remember reading from a GameSpy article that Gabe and other VALVe execs/employees where going to be more forthcoming and responsive to the community now. They need to respond about an issue that is a pain in the ass and has been for a long time. It is going to take the community saying OK, that is enough. No more room in my asshole to get it through. Can you IMAGINE what CAL would be like with no ESP or wallhacks? My clan would be CAL-Premier by now. Can you IMAGINE no more myg0t, JAPS, speedhacking, no-recoil, no more having to explain your 1337ness to a n00b admin? You ban the speedhacker now. 20 minutes later; the douche has a new STEAMID. YAY! We (server admin community) have complained about this endlessly for years. I complained for a while then shut up for a good year or so because I was convinced VALVe was actually working on it (according to You Know Who). And I think now people are starting to smell the BS that people who stick up for VALVe (but do not work for them) are dishing out. We can either sit here in the same old state of: they are working on it. they HAVE to be. it is S bad out there they MUST be working on it . like the last few years OR just DO SOMETHING about it. -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Marcelo de Paula Bezerra [EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
Just did it. Not expecting an answer, though.. On Fri, 2004-12-17 at 18:39 +1100, Bruce Bahamut Andrews wrote: Rather then pointlessly venting anger on the list you could take the time to email someone off-list at VALVe and they generally will respond rather fast. - Bruce Bahamut Andrews Andrew R. Mitcham wrote: Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good, then uninstall and leave us all alone because I have dealt with this SHIT for YEARS... literally. This may be the Dos Equis talking, but we need to do something (server owners) and let VALVe know that this CRAP is not going to stand anymore. The pile of shitty lies and ignorance is getting too high. WE MAKE THE GAMES HAPPEN. WE MAKE THE PLACE FOR PEOPLE TO PLAY THEIR GAMES. _ Darren J. Mason wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? Andrew R. Mitcham Fire Gaming, LP Senior Partner [EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
It's not that bad, yeah yes you will find yourself wanting better tools for it. Still a better game though. :) Quote I am 2 seconds away from just going with BF1942. Just go with it, says more then just threating to.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bruce Bahamut Andrews Sent: Friday, December 17, 2004 3:20 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? yeah if you like writing essays to ban people.. - Bruce Bahamut Andrews Tony wrote: Quote I am 2 seconds away from just going with BF1942 Good man it's alot better you know :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
You missed my sarcasm and my point. Unlike you, I am a man of action - I shut my CS server down completely. I and my regulars agree that we will not operate or admin a server which benefits Valve when they refuse to address basic issues which directly affect the quality of game play (VAC). So put up or shut up bro. You say we need to do something - I already have, where's your contribution -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew R. Mitcham Sent: Thursday, December 16, 2004 11:20 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good, then uninstall and leave us all alone because I have dealt with this SHIT for YEARS... literally. This may be the Dos Equis talking, but we need to do something (server owners) and let VALVe know that this CRAP is not going to stand anymore. The pile of shitty lies and ignorance is getting too high. WE MAKE THE GAMES HAPPEN. WE MAKE THE PLACE FOR PEOPLE TO PLAY THEIR GAMES. _ Darren J. Mason wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? Andrew R. Mitcham Fire Gaming, LP Senior Partner [EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
The STEAM_ID databases are as secure as any other online database system, the problem is their identification of registering users. They use an email address to tie it to a person. The problem isn't just the abundance of free email services. There are also temporary email services that allow you to register with them with no personal information, they give you a temporary email address to use to register for a forum/ steam id / whatever. Once you register with this address, you check the mailbox, respond to the mail in it to confirm it is a legit address and then the account is gone a day later. Email should not be used for identification as one person can have as many accounts as they please. CD key can't really be used as some people play from internet cafe's so they may have loads of people registering from the same installation (unless valve did a multi user license key that cost more but allowed an unlimited amount of users to register from it and much stronger authentication of the purchaser. This would still allow people to get another ID if they used all their own ones) Or a family PC may have several users of the same game. I suppose having a maximum of 5 users per retail CD key would be an option as there would only be a finite number of times someone could re-register without having to part with some cash for another copy of the game. IP address changes, so that's no use. MAC address can be changed. CPU ID, Computers have the ability to use a unique identifier on the CPU but the bios has the ability to disable it, so that's no use. Credit card number and registered billing address. Probably th most reliable and traceable, but that limits the customer base as not everyone has one and there is one thing companies hate doing and that is limiting their customer base, so despite this being probably the best solution, I doubt that valve will use it. Public key certificates from a trusted third party. This could work but is just moving the problem one link further back in the chain. The Certificate Authority still needs to identify a person and you would need to ensure they couldn't register for more than one certificate per person. In the long term I see a market for selling these if several game developers used the system. It would have to be slightly different to the current CA's around as you can register for as many certificates as you are willing to pay for with the existing ones. Basically until their is an international ID card with a centrally verifiable database (around 2048 I reckon, and half life 8 will be out then with the same problems :) ) or the implementation of the Trusted Computer Base, it is very hard to uniquely identify a machine or user. The closest thing there is to a centrally identifiable card tied to a persons address, that is internationally recognized is a credit card. End brain dump. I'd better do some real work now :) SlyOne ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
CDKeys can and should be used FOR verification (since we all have them, and the internet cafes pay for them as well). Screw SteamIDs, email addys, and everything else. Why am I thinking that WON was a way better system than what we have now? Because Valve had a database of all our CDKEYS and it was a hell of a lot harder to get online with a keygen'd key than it is now. Perhaps there isn't enough money left in Valve's pretty purse to run a CDKEY verification server now Come on fellas - how about some communication Valve! What the heck is going [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED][EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The STEAM_ID databases are as secure as any other online database system, the problem is their identification of registering users. They use an email address to tie it to a person. The problem isn't just the abundance of free email services. There are also temporary email services that allow you to register with them with no personal information, they give you a temporary email address to use to register for a forum/ steam id / whatever. Once you register with this address, you check the mailbox, respond to the mail in it to confirm it is a legit address and then the account is gone a day later. Email should not be used for identification as one person can have as many accounts as they please. CD key can't really be used as some people play from internet cafe's so they may have loads of people registering from the same installation (unless valve did a multi user license key that cost more but allowed an unlimited amount of users to register from it and much stronger authentication of the purchaser. This would still allow people to get another ID if they used all their own ones) Or a family PC may have several users of the same game. I suppose having a maximum of 5 users per retail CD key would be an option as there would only be a finite number of times someone could re-register without having to part with some cash for another copy of the game. IP address changes, so that's no use. MAC address can be changed. CPU ID, Computers have the ability to use a unique identifier on the CPU but the bios has the ability to disable it, so that's no use. Credit card number and registered billing address. Probably th most reliable and traceable, but that limits the customer base as not everyone has one and there is one thing companies hate doing and that is limiting their customer base, so despite this being probably the best solution, I doubt that valve will use it. Public key certificates from a trusted third party. This could work but is just moving the problem one link further back in the chain. The Certificate Authority still needs to identify a person and you would need to ensure they couldn't register for more than one certificate per person. In the long term I see a market for selling these if several game developers used the system. It would have to be slightly different to the current CA's around as you can register for as many certificates as you are willing to pay for with the existing ones. Basically until their is an international ID card with a centrally verifiable database (around 2048 I reckon, and half life 8 will be out then with the same problems :) ) or the implementation of the Trusted Computer Base, it is very hard to uniquely identify a machine or user. The closest thing there is to a centrally identifiable card tied to a persons address, that is internationally recognized is a credit card. End brain dump. I'd better do some real work now :) SlyOne ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? I mean, I can't go making 15 accounts and use the same CD key in all of them. The second account will give an error stating that the CD key has already been registered to the first account. On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason [EMAIL PROTECTED] wrote: CDKeys can and should be used FOR verification (since we all have them, and the internet cafes pay for them as well). Screw SteamIDs, email addys, and everything else. Why am I thinking that WON was a way better system than what we have now? Because Valve had a database of all our CDKEYS and it was a hell of a lot harder to get online with a keygen'd key than it is now. Perhaps there isn't enough money left in Valve's pretty purse to run a CDKEY verification server now Come on fellas - how about some communication Valve! What the heck is going [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED][EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The STEAM_ID databases are as secure as any other online database system, the problem is their identification of registering users. They use an email address to tie it to a person. The problem isn't just the abundance of free email services. There are also temporary email services that allow you to register with them with no personal information, they give you a temporary email address to use to register for a forum/ steam id / whatever. Once you register with this address, you check the mailbox, respond to the mail in it to confirm it is a legit address and then the account is gone a day later. Email should not be used for identification as one person can have as many accounts as they please. CD key can't really be used as some people play from internet cafe's so they may have loads of people registering from the same installation (unless valve did a multi user license key that cost more but allowed an unlimited amount of users to register from it and much stronger authentication of the purchaser. This would still allow people to get another ID if they used all their own ones) Or a family PC may have several users of the same game. I suppose having a maximum of 5 users per retail CD key would be an option as there would only be a finite number of times someone could re-register without having to part with some cash for another copy of the game. IP address changes, so that's no use. MAC address can be changed. CPU ID, Computers have the ability to use a unique identifier on the CPU but the bios has the ability to disable it, so that's no use. Credit card number and registered billing address. Probably th most reliable and traceable, but that limits the customer base as not everyone has one and there is one thing companies hate doing and that is limiting their customer base, so despite this being probably the best solution, I doubt that valve will use it. Public key certificates from a trusted third party. This could work but is just moving the problem one link further back in the chain. The Certificate Authority still needs to identify a person and you would need to ensure they couldn't register for more than one certificate per person. In the long term I see a market for selling these if several game developers used the system. It would have to be slightly different to the current CA's around as you can register for as many certificates as you are willing to pay for with the existing ones. Basically until their is an international ID card with a centrally verifiable database (around 2048 I reckon, and half life 8 will be out then with the same problems :) ) or the implementation of the Trusted Computer Base, it is very hard to uniquely identify a machine or user. The closest thing there is to a centrally identifiable card tied to a persons address, that is internationally recognized is a credit card. End brain dump. I'd better do some real work now :) SlyOne ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
I dont think they care if you shut down your server. - Original Message - From: Darren J. Mason [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:51 AM Subject: RE: [hlds] When will the nosteam hacks be fixed? You missed my sarcasm and my point. Unlike you, I am a man of action - I shut my CS server down completely. I and my regulars agree that we will not operate or admin a server which benefits Valve when they refuse to address basic issues which directly affect the quality of game play (VAC). So put up or shut up bro. You say we need to do something - I already have, where's your contribution -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew R. Mitcham Sent: Thursday, December 16, 2004 11:20 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good, then uninstall and leave us all alone because I have dealt with this SHIT for YEARS... literally. This may be the Dos Equis talking, but we need to do something (server owners) and let VALVe know that this CRAP is not going to stand anymore. The pile of shitty lies and ignorance is getting too high. WE MAKE THE GAMES HAPPEN. WE MAKE THE PLACE FOR PEOPLE TO PLAY THEIR GAMES. _ Darren J. Mason wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? Andrew R. Mitcham Fire Gaming, LP Senior Partner [EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
They care - but how much do they care? How many thousands of CS servers are out there still running? If a hundred or even a thousand servers shut down in protest, who cares? There are plenty of servers still running. There is no shortage of servers to play on. Valve won't change the way they do things untill there are mass desertions, and that isn't likely to happen. It's like this old man sitting on his porch, with his dog laying at his feet. Every now and then the dog lifts his head and lets out this mournfull howl. Then he lays down again. A stranger passing by asked the old man what was wrong with his dog. Well, you see, he is laying on a nail, and it hurts him. Well, why doesn't he get off of it and lay somewhere else?. Because although it hurts, it only hurts enough to complain about it, it doesn't hurt enough to actually take any action. And that is how 99.999% of the server operators are. We all complain and moan and groan, but we just don't hurt enough to actually do something about it. - Original Message - From: James Nine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 17, 2004 1:10 PM Subject: Re: [hlds] When will the nosteam hacks be fixed? I dont think they care if you shut down your server. - Original Message - From: Darren J. Mason [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:51 AM Subject: RE: [hlds] When will the nosteam hacks be fixed? You missed my sarcasm and my point. Unlike you, I am a man of action - I shut my CS server down completely. I and my regulars agree that we will not operate or admin a server which benefits Valve when they refuse to address basic issues which directly affect the quality of game play (VAC). So put up or shut up bro. You say we need to do something - I already have, where's your contribution -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew R. Mitcham Sent: Thursday, December 16, 2004 11:20 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good, then uninstall and leave us all alone because I have dealt with this SHIT for YEARS... literally. This may be the Dos Equis talking, but we need to do something (server owners) and let VALVe know that this CRAP is not going to stand anymore. The pile of shitty lies and ignorance is getting too high. WE MAKE THE GAMES HAPPEN. WE MAKE THE PLACE FOR PEOPLE TO PLAY THEIR GAMES. _ Darren J. Mason wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately
RE: [hlds] When will the nosteam hacks be fixed?
They would care if EVERYONE shut down there server until VAC is updated but you pussies wont get together on it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of OoksServer Sent: Friday, December 17, 2004 4:25 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? They care - but how much do they care? How many thousands of CS servers are out there still running? If a hundred or even a thousand servers shut down in protest, who cares? There are plenty of servers still running. There is no shortage of servers to play on. Valve won't change the way they do things untill there are mass desertions, and that isn't likely to happen. It's like this old man sitting on his porch, with his dog laying at his feet. Every now and then the dog lifts his head and lets out this mournfull howl. Then he lays down again. A stranger passing by asked the old man what was wrong with his dog. Well, you see, he is laying on a nail, and it hurts him. Well, why doesn't he get off of it and lay somewhere else?. Because although it hurts, it only hurts enough to complain about it, it doesn't hurt enough to actually take any action. And that is how 99.999% of the server operators are. We all complain and moan and groan, but we just don't hurt enough to actually do something about it. - Original Message - From: James Nine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 17, 2004 1:10 PM Subject: Re: [hlds] When will the nosteam hacks be fixed? I dont think they care if you shut down your server. - Original Message - From: Darren J. Mason [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:51 AM Subject: RE: [hlds] When will the nosteam hacks be fixed? You missed my sarcasm and my point. Unlike you, I am a man of action - I shut my CS server down completely. I and my regulars agree that we will not operate or admin a server which benefits Valve when they refuse to address basic issues which directly affect the quality of game play (VAC). So put up or shut up bro. You say we need to do something - I already have, where's your contribution -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew R. Mitcham Sent: Thursday, December 16, 2004 11:20 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good, then uninstall and leave us all alone because I have dealt with this SHIT for YEARS... literally. This may be the Dos Equis talking, but we need to do something (server owners) and let VALVe know that this CRAP is not going to stand anymore. The pile of shitty lies and ignorance is getting too high. WE MAKE THE GAMES HAPPEN. WE MAKE THE PLACE FOR PEOPLE TO PLAY THEIR GAMES. _ Darren J. Mason wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain
Re: [hlds] When will the nosteam hacks be fixed?
Thats the attitude I like to heargrrr Tiger. Who has the twack stick again? BeNt - Original Message - From: K. Mike Bradley [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 17, 2004 3:58 PM Subject: RE: [hlds] When will the nosteam hacks be fixed? They would care if EVERYONE shut down there server until VAC is updated but you pussies wont get together on it. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
At this point I think that it's time to use it on Valve for their latest update. **Thwack**!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of BeNt Sent: Friday, December 17, 2004 5:41 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? Thats the attitude I like to heargrrr Tiger. Who has the twack stick again? BeNt - Original Message - From: K. Mike Bradley [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 17, 2004 3:58 PM Subject: RE: [hlds] When will the nosteam hacks be fixed? They would care if EVERYONE shut down there server until VAC is updated but you pussies wont get together on it. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
K. Mike Bradley wrote: They would care if EVERYONE shut down there server until VAC is updated but you pussies wont get together on it. It's not that. It's just unrealistic. Don't pretend it is. I am with you in frustration over the lack of VAC updates, but we admins have zero power over it. Only the players can vote with their pocket book. A thousand admins could shut their servers off tonight, heck 10 thousand could. It would not make one difference. And we wouldn't get even one thousand servers to shut off if we all coordinated. -- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
Thats exactly what I thought! On Fri, 17 Dec 2004 11:09:56 -0800, Clayton Macleod [EMAIL PROTECTED] wrote: forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? I mean, I can't go making 15 accounts and use the same CD key in all of them. The second account will give an error stating that the CD key has already been registered to the first account. On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason [EMAIL PROTECTED] wrote: CDKeys can and should be used FOR verification (since we all have them, and the internet cafes pay for them as well). Screw SteamIDs, email addys, and everything else. Why am I thinking that WON was a way better system than what we have now? Because Valve had a database of all our CDKEYS and it was a hell of a lot harder to get online with a keygen'd key than it is now. Perhaps there isn't enough money left in Valve's pretty purse to run a CDKEY verification server now Come on fellas - how about some communication Valve! What the heck is going [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED][EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The STEAM_ID databases are as secure as any other online database system, the problem is their identification of registering users. They use an email address to tie it to a person. The problem isn't just the abundance of free email services. There are also temporary email services that allow you to register with them with no personal information, they give you a temporary email address to use to register for a forum/ steam id / whatever. Once you register with this address, you check the mailbox, respond to the mail in it to confirm it is a legit address and then the account is gone a day later. Email should not be used for identification as one person can have as many accounts as they please. CD key can't really be used as some people play from internet cafe's so they may have loads of people registering from the same installation (unless valve did a multi user license key that cost more but allowed an unlimited amount of users to register from it and much stronger authentication of the purchaser. This would still allow people to get another ID if they used all their own ones) Or a family PC may have several users of the same game. I suppose having a maximum of 5 users per retail CD key would be an option as there would only be a finite number of times someone could re-register without having to part with some cash for another copy of the game. IP address changes, so that's no use. MAC address can be changed. CPU ID, Computers have the ability to use a unique identifier on the CPU but the bios has the ability to disable it, so that's no use. Credit card number and registered billing address. Probably th most reliable and traceable, but that limits the customer base as not everyone has one and there is one thing companies hate doing and that is limiting their customer base, so despite this being probably the best solution, I doubt that valve will use it. Public key certificates from a trusted third party. This could work but is just moving the problem one link further back in the chain. The Certificate Authority still needs to identify a person and you would need to ensure they couldn't register for more than one certificate per person. In the long term I see a market for selling these if several game developers used the system. It would have to be slightly different to the current CA's around as you can register for as many certificates as you are willing to pay for with the existing ones. Basically until their is an international ID card with a centrally verifiable database (around 2048 I reckon, and half life 8 will be out then with the same problems :) ) or the implementation of the Trusted Computer Base, it is very hard to uniquely identify a machine or user. The closest thing there is to a centrally identifiable card tied to a persons address, that is internationally recognized is a credit card. End brain dump. I'd better do some real work now :) SlyOne ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo
Re: [hlds] When will the nosteam hacks be fixed?
They are, though non-STEAM appears to bypass this connection. - Bruce Bahamut Andrews Whisper wrote: Thats exactly what I thought! On Fri, 17 Dec 2004 11:09:56 -0800, Clayton Macleod [EMAIL PROTECTED] wrote: forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? I mean, I can't go making 15 accounts and use the same CD key in all of them. The second account will give an error stating that the CD key has already been registered to the first account. On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason [EMAIL PROTECTED] wrote: CDKeys can and should be used FOR verification (since we all have them, and the internet cafes pay for them as well). Screw SteamIDs, email addys, and everything else. Why am I thinking that WON was a way better system than what we have now? Because Valve had a database of all our CDKEYS and it was a hell of a lot harder to get online with a keygen'd key than it is now. Perhaps there isn't enough money left in Valve's pretty purse to run a CDKEY verification server now Come on fellas - how about some communication Valve! What the heck is going [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED][EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The STEAM_ID databases are as secure as any other online database system, the problem is their identification of registering users. They use an email address to tie it to a person. The problem isn't just the abundance of free email services. There are also temporary email services that allow you to register with them with no personal information, they give you a temporary email address to use to register for a forum/ steam id / whatever. Once you register with this address, you check the mailbox, respond to the mail in it to confirm it is a legit address and then the account is gone a day later. Email should not be used for identification as one person can have as many accounts as they please. CD key can't really be used as some people play from internet cafe's so they may have loads of people registering from the same installation (unless valve did a multi user license key that cost more but allowed an unlimited amount of users to register from it and much stronger authentication of the purchaser. This would still allow people to get another ID if they used all their own ones) Or a family PC may have several users of the same game. I suppose having a maximum of 5 users per retail CD key would be an option as there would only be a finite number of times someone could re-register without having to part with some cash for another copy of the game. IP address changes, so that's no use. MAC address can be changed. CPU ID, Computers have the ability to use a unique identifier on the CPU but the bios has the ability to disable it, so that's no use. Credit card number and registered billing address. Probably th most reliable and traceable, but that limits the customer base as not everyone has one and there is one thing companies hate doing and that is limiting their customer base, so despite this being probably the best solution, I doubt that valve will use it. Public key certificates from a trusted third party. This could work but is just moving the problem one link further back in the chain. The Certificate Authority still needs to identify a person and you would need to ensure they couldn't register for more than one certificate per person. In the long term I see a market for selling these if several game developers used the system. It would have to be slightly different to the current CA's around as you can register for as many certificates as you are willing to pay for with the existing ones. Basically until their is an international ID card with a centrally verifiable database (around 2048 I reckon, and half life 8 will be out then with the same problems :) ) or the implementation of the Trusted Computer Base, it is very hard to uniquely identify a machine or user. The closest thing there is to a centrally identifiable card tied to a persons address, that is internationally recognized is a credit card. End brain dump. I'd better do some real work now :) SlyOne ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Clayton Macleod ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list
RE: [hlds] When will the nosteam hacks be fixed?
It does, the actual Authentication appears to be done server side but if the Server has no master servers listed then that's gotta be away around it. Also the same with LAN servers. -Graham -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Bahamut Andrews Sent: 18 December 2004 00:17 To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? They are, though non-STEAM appears to bypass this connection. - Bruce Bahamut Andrews Whisper wrote: Thats exactly what I thought! On Fri, 17 Dec 2004 11:09:56 -0800, Clayton Macleod [EMAIL PROTECTED] wrote: forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? I mean, I can't go making 15 accounts and use the same CD key in all of them. The second account will give an error stating that the CD key has already been registered to the first account. On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason [EMAIL PROTECTED] wrote: CDKeys can and should be used FOR verification (since we all have them, and the internet cafes pay for them as well). Screw SteamIDs, email addys, and everything else. Why am I thinking that WON was a way better system than what we have now? Because Valve had a database of all our CDKEYS and it was a hell of a lot harder to get online with a keygen'd key than it is now. Perhaps there isn't enough money left in Valve's pretty purse to run a CDKEY verification server now Come on fellas - how about some communication Valve! What the heck is going [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED][EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The STEAM_ID databases are as secure as any other online database system, the problem is their identification of registering users. They use an email address to tie it to a person. The problem isn't just the abundance of free email services. There are also temporary email services that allow you to register with them with no personal information, they give you a temporary email address to use to register for a forum/ steam id / whatever. Once you register with this address, you check the mailbox, respond to the mail in it to confirm it is a legit address and then the account is gone a day later. Email should not be used for identification as one person can have as many accounts as they please. CD key can't really be used as some people play from internet cafe's so they may have loads of people registering from the same installation (unless valve did a multi user license key that cost more but allowed an unlimited amount of users to register from it and much stronger authentication of the purchaser. This would still allow people to get another ID if they used all their own ones) Or a family PC may have several users of the same game. I suppose having a maximum of 5 users per retail CD key would be an option as there would only be a finite number of times someone could re-register without having to part with some cash for another copy of the game. IP address changes, so that's no use. MAC address can be changed. CPU ID, Computers have the ability to use a unique identifier on the CPU but the bios has the ability to disable it, so that's no use. Credit card number and registered billing address. Probably th most reliable and traceable, but that limits the customer base as not everyone has one and there is one thing companies hate doing and that is limiting their customer base, so despite this being probably the best solution, I doubt that valve will use it. Public key certificates from a trusted third party. This could work but is just moving the problem one link further back in the chain. The Certificate Authority still needs to identify a person and you would need to ensure they couldn't register for more than one certificate per person. In the long term I see a market for selling these if several game developers used the system. It would have to be slightly different to the current CA's around as you can register for as many certificates as you are willing to pay for with the existing ones. Basically until their is an international ID card with a centrally verifiable database (around 2048 I reckon, and half life 8 will be out then with the same problems :) ) or the implementation of the Trusted Computer Base, it is very hard to uniquely identify a machine or user. The closest thing there is to a centrally identifiable card tied to a persons address, that is internationally recognized is a credit card. End brain dump. I'd better do some real work now :) SlyOne ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
I think you were looking for this: __ *--- |__| \ /\ / /_\ | |/ |* | | | \/ \/ / \ |__ |\ | o -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ray Spaulding Sent: Friday, December 17, 2004 5:49 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? At this point I think that it's time to use it on Valve for their latest update. **Thwack**!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of BeNt Sent: Friday, December 17, 2004 5:41 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? Thats the attitude I like to heargrrr Tiger. Who has the twack stick again? BeNt - Original Message - From: K. Mike Bradley [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 17, 2004 3:58 PM Subject: RE: [hlds] When will the nosteam hacks be fixed? They would care if EVERYONE shut down there server until VAC is updated but you pussies wont get together on it. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
AFAIK the STEAM Account Creation Process works like this You Install your game You put your CD Key in You create a STEAM Account which then attaches THAT CD Key to your STEAM_ID You now have a legitamate STEAM Account which has several variables attached to it. STEAM_ID, Username, Password, E-mail Address, Secret Question CD Key. The only thing you need to now use that STEAM Account on ANY PC with STEAM installed is your STEAM Account Login Password and you are assigned the STEAM_ID that is attached to that STEAM Account Name Password. The STEAM_ID that everybody see's on the Server should match that persons STEAM Account Password and it should be a simple procedure to query that STEAM Client for that particular Username and Password once a person joins a server, and if the details don't match they shouldn't have access, and one would think that a simple Valve server side challange/response like this ought to stop people who don't have legitamate rights to that STEAM_ID from playing online! The process is only slightly differenent for games purchased directly from STEAM, but still, at the time the Account is created, Valve still gets your Account Name, Password, E-mail address Secret Question AND then THEY (Valve) assigns you a STEAM_ID to that Account. In both Cases, Valve has complete control over the assigning of STEAM_ID's to Account Name/Password/E-mail address combinations. On Sat, 18 Dec 2004 00:29:53 -, Graham McMaster [EMAIL PROTECTED] wrote: It does, the actual Authentication appears to be done server side but if the Server has no master servers listed then that's gotta be away around it. Also the same with LAN servers. -Graham -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Bahamut Andrews Sent: 18 December 2004 00:17 To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? They are, though non-STEAM appears to bypass this connection. - Bruce Bahamut Andrews Whisper wrote: Thats exactly what I thought! On Fri, 17 Dec 2004 11:09:56 -0800, Clayton Macleod [EMAIL PROTECTED] wrote: forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? I mean, I can't go making 15 accounts and use the same CD key in all of them. The second account will give an error stating that the CD key has already been registered to the first account. On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason [EMAIL PROTECTED] wrote: CDKeys can and should be used FOR verification (since we all have them, and the internet cafes pay for them as well). Screw SteamIDs, email addys, and everything else. Why am I thinking that WON was a way better system than what we have now? Because Valve had a database of all our CDKEYS and it was a hell of a lot harder to get online with a keygen'd key than it is now. Perhaps there isn't enough money left in Valve's pretty purse to run a CDKEY verification server now Come on fellas - how about some communication Valve! What the heck is going [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED][EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The STEAM_ID databases are as secure as any other online database system, the problem is their identification of registering users. They use an email address to tie it to a person. The problem isn't just the abundance of free email services. There are also temporary email services that allow you to register with them with no personal information, they give you a temporary email address to use to register for a forum/ steam id / whatever. Once you register with this address, you check the mailbox, respond to the mail in it to confirm it is a legit address and then the account is gone a day later. Email should not be used for identification as one person can have as many accounts as they please. CD key can't really be used as some people play from internet cafe's so they may have loads of people registering from the same installation (unless valve did a multi user license key that cost more but allowed an unlimited amount of users to register from it and much stronger authentication of the purchaser. This would still allow people to get another ID if they used all their own ones) Or a family PC may have several users of the same game. I suppose having a maximum of 5 users per retail CD key would be an option as there would only be a finite number of times someone could re-register without having to part with some cash for another copy of the game. IP address changes, so that's no use. MAC address can be changed. CPU ID, Computers have the ability to use a unique identifier on the CPU but the bios has the ability to disable it, so that's no use
Re: [hlds] When will the nosteam hacks be fixed?
So one has to wonder why, if Valve has complete control over which STEAM_ID's are assigned to which Account Name/Password combinations, what the difficulty is in checking these 2 details to be sure the person is who they say they are? On Sat, 18 Dec 2004 17:22:25 +1100, Whisper [EMAIL PROTECTED] wrote: AFAIK the STEAM Account Creation Process works like this You Install your game You put your CD Key in You create a STEAM Account which then attaches THAT CD Key to your STEAM_ID You now have a legitamate STEAM Account which has several variables attached to it. STEAM_ID, Username, Password, E-mail Address, Secret Question CD Key. The only thing you need to now use that STEAM Account on ANY PC with STEAM installed is your STEAM Account Login Password and you are assigned the STEAM_ID that is attached to that STEAM Account Name Password. The STEAM_ID that everybody see's on the Server should match that persons STEAM Account Password and it should be a simple procedure to query that STEAM Client for that particular Username and Password once a person joins a server, and if the details don't match they shouldn't have access, and one would think that a simple Valve server side challange/response like this ought to stop people who don't have legitamate rights to that STEAM_ID from playing online! The process is only slightly differenent for games purchased directly from STEAM, but still, at the time the Account is created, Valve still gets your Account Name, Password, E-mail address Secret Question AND then THEY (Valve) assigns you a STEAM_ID to that Account. In both Cases, Valve has complete control over the assigning of STEAM_ID's to Account Name/Password/E-mail address combinations. On Sat, 18 Dec 2004 00:29:53 -, Graham McMaster [EMAIL PROTECTED] wrote: It does, the actual Authentication appears to be done server side but if the Server has no master servers listed then that's gotta be away around it. Also the same with LAN servers. -Graham -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Bahamut Andrews Sent: 18 December 2004 00:17 To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? They are, though non-STEAM appears to bypass this connection. - Bruce Bahamut Andrews Whisper wrote: Thats exactly what I thought! On Fri, 17 Dec 2004 11:09:56 -0800, Clayton Macleod [EMAIL PROTECTED] wrote: forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? I mean, I can't go making 15 accounts and use the same CD key in all of them. The second account will give an error stating that the CD key has already been registered to the first account. On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason [EMAIL PROTECTED] wrote: CDKeys can and should be used FOR verification (since we all have them, and the internet cafes pay for them as well). Screw SteamIDs, email addys, and everything else. Why am I thinking that WON was a way better system than what we have now? Because Valve had a database of all our CDKEYS and it was a hell of a lot harder to get online with a keygen'd key than it is now. Perhaps there isn't enough money left in Valve's pretty purse to run a CDKEY verification server now Come on fellas - how about some communication Valve! What the heck is going [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED][EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The STEAM_ID databases are as secure as any other online database system, the problem is their identification of registering users. They use an email address to tie it to a person. The problem isn't just the abundance of free email services. There are also temporary email services that allow you to register with them with no personal information, they give you a temporary email address to use to register for a forum/ steam id / whatever. Once you register with this address, you check the mailbox, respond to the mail in it to confirm it is a legit address and then the account is gone a day later. Email should not be used for identification as one person can have as many accounts as they please. CD key can't really be used as some people play from internet cafe's so they may have loads of people registering from the same installation (unless valve did a multi user license key that cost more but allowed an unlimited amount of users to register from it and much stronger authentication of the purchaser. This would still allow people to get another ID if they used all their own ones) Or a family PC may have several users of the same game. I suppose having a maximum
Re: [hlds] When will the nosteam hacks be fixed?
mm, non-steam works by a combination of things including you logging into the real steam client with your username and password, then copying the clientregistry.blob over to the non-steam directory from the steam one, then exiting the real steam, putting your account details in steamapps.cfg then starting the non-steam game. Basically, it appears to do the steamid and username/password part, it just doesn't appear to check if you have the game enabled on your account or not. Not that I actually know how it all works technically. :P - Bruce Bahamut Andrews Whisper wrote: So one has to wonder why, if Valve has complete control over which STEAM_ID's are assigned to which Account Name/Password combinations, what the difficulty is in checking these 2 details to be sure the person is who they say they are? On Sat, 18 Dec 2004 17:22:25 +1100, Whisper [EMAIL PROTECTED] wrote: AFAIK the STEAM Account Creation Process works like this You Install your game You put your CD Key in You create a STEAM Account which then attaches THAT CD Key to your STEAM_ID You now have a legitamate STEAM Account which has several variables attached to it. STEAM_ID, Username, Password, E-mail Address, Secret Question CD Key. The only thing you need to now use that STEAM Account on ANY PC with STEAM installed is your STEAM Account Login Password and you are assigned the STEAM_ID that is attached to that STEAM Account Name Password. The STEAM_ID that everybody see's on the Server should match that persons STEAM Account Password and it should be a simple procedure to query that STEAM Client for that particular Username and Password once a person joins a server, and if the details don't match they shouldn't have access, and one would think that a simple Valve server side challange/response like this ought to stop people who don't have legitamate rights to that STEAM_ID from playing online! The process is only slightly differenent for games purchased directly from STEAM, but still, at the time the Account is created, Valve still gets your Account Name, Password, E-mail address Secret Question AND then THEY (Valve) assigns you a STEAM_ID to that Account. In both Cases, Valve has complete control over the assigning of STEAM_ID's to Account Name/Password/E-mail address combinations. On Sat, 18 Dec 2004 00:29:53 -, Graham McMaster [EMAIL PROTECTED] wrote: It does, the actual Authentication appears to be done server side but if the Server has no master servers listed then that's gotta be away around it. Also the same with LAN servers. -Graham -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Bahamut Andrews Sent: 18 December 2004 00:17 To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? They are, though non-STEAM appears to bypass this connection. - Bruce Bahamut Andrews Whisper wrote: Thats exactly what I thought! On Fri, 17 Dec 2004 11:09:56 -0800, Clayton Macleod [EMAIL PROTECTED] wrote: forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? I mean, I can't go making 15 accounts and use the same CD key in all of them. The second account will give an error stating that the CD key has already been registered to the first account. On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason [EMAIL PROTECTED] wrote: CDKeys can and should be used FOR verification (since we all have them, and the internet cafes pay for them as well). Screw SteamIDs, email addys, and everything else. Why am I thinking that WON was a way better system than what we have now? Because Valve had a database of all our CDKEYS and it was a hell of a lot harder to get online with a keygen'd key than it is now. Perhaps there isn't enough money left in Valve's pretty purse to run a CDKEY verification server now Come on fellas - how about some communication Valve! What the heck is going [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED][EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The STEAM_ID databases are as secure as any other online database system, the problem is their identification of registering users. They use an email address to tie it to a person. The problem isn't just the abundance of free email services. There are also temporary email services that allow you to register with them with no personal information, they give you a temporary email address to use to register for a forum/ steam id / whatever. Once you register with this address, you check the mailbox, respond to the mail in it to confirm it is a legit address and then the account is gone a day later. Email should not be used for identification as one person can have as many accounts as they please. CD key can't really be used as some people play from internet cafe's so they may have
RE: [hlds] When will the nosteam hacks be fixed?
This is wrong. You install STEAM, you don't need any game. You make an account, with a free email. You now have a valid STEAM account with a STEAMID already assigned to the account (NO CDKEY NEEDED FOR A STEAMID), and then you go do the exploit to get the games to display on your list. You don't need a CD-KEY at all. - Spencer voogru MacDonald -Original Message- From: Whisper [mailto:[EMAIL PROTECTED] Sent: Saturday, December 18, 2004 1:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? AFAIK the STEAM Account Creation Process works like this You Install your game You put your CD Key in You create a STEAM Account which then attaches THAT CD Key to your STEAM_ID You now have a legitamate STEAM Account which has several variables attached to it. STEAM_ID, Username, Password, E-mail Address, Secret Question CD Key. The only thing you need to now use that STEAM Account on ANY PC with STEAM installed is your STEAM Account Login Password and you are assigned the STEAM_ID that is attached to that STEAM Account Name Password. The STEAM_ID that everybody see's on the Server should match that persons STEAM Account Password and it should be a simple procedure to query that STEAM Client for that particular Username and Password once a person joins a server, and if the details don't match they shouldn't have access, and one would think that a simple Valve server side challange/response like this ought to stop people who don't have legitamate rights to that STEAM_ID from playing online! The process is only slightly differenent for games purchased directly from STEAM, but still, at the time the Account is created, Valve still gets your Account Name, Password, E-mail address Secret Question AND then THEY (Valve) assigns you a STEAM_ID to that Account. In both Cases, Valve has complete control over the assigning of STEAM_ID's to Account Name/Password/E-mail address combinations. On Sat, 18 Dec 2004 00:29:53 -, Graham McMaster [EMAIL PROTECTED] wrote: It does, the actual Authentication appears to be done server side but if the Server has no master servers listed then that's gotta be away around it. Also the same with LAN servers. -Graham -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Bahamut Andrews Sent: 18 December 2004 00:17 To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? They are, though non-STEAM appears to bypass this connection. - Bruce Bahamut Andrews Whisper wrote: Thats exactly what I thought! On Fri, 17 Dec 2004 11:09:56 -0800, Clayton Macleod [EMAIL PROTECTED] wrote: forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? I mean, I can't go making 15 accounts and use the same CD key in all of them. The second account will give an error stating that the CD key has already been registered to the first account. On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason [EMAIL PROTECTED] wrote: CDKeys can and should be used FOR verification (since we all have them, and the internet cafes pay for them as well). Screw SteamIDs, email addys, and everything else. Why am I thinking that WON was a way better system than what we have now? Because Valve had a database of all our CDKEYS and it was a hell of a lot harder to get online with a keygen'd key than it is now. Perhaps there isn't enough money left in Valve's pretty purse to run a CDKEY verification server now Come on fellas - how about some communication Valve! What the heck is going [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED][EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 17, 2004 10:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The STEAM_ID databases are as secure as any other online database system, the problem is their identification of registering users. They use an email address to tie it to a person. The problem isn't just the abundance of free email services. There are also temporary email services that allow you to register with them with no personal information, they give you a temporary email address to use to register for a forum/ steam id / whatever. Once you register with this address, you check the mailbox, respond to the mail in it to confirm it is a legit address and then the account is gone a day later. Email should not be used for identification as one person can have as many accounts as they please. CD key can't really be used as some people play from internet cafe's so they may have loads of people registering from the same installation (unless valve did a multi user license key that cost more but allowed an unlimited amount
Re: [hlds] When will the nosteam hacks be fixed?
Each CDKey can only be used once, right? Why not have a system like this: * Since each steam account is already flagged with what games were owned/purchased by the account (server side) - Since you can login from anywhere and see your games list, have this information accessable by the multiplayer servers * When a client connects, it sends their steam id, the gameserver goes Hey Steam master server, does steam_id12345 own CS Source? If its a no, drop the client. That way, they can make as many steam id's as they want, but never get back in the game, because: * The steam master server informs the joining client whether they own the game or not This way, non-steam would not work on official servers, because: * They send their steam id, but the master server never recorded them purchasing the game, so it drops them Surely thats a viable solution? -Plasma - Original Message - From: Spencer 'voogru' MacDonald [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, December 18, 2004 6:10 PM Subject: RE: [hlds] When will the nosteam hacks be fixed? This is wrong. You install STEAM, you don't need any game. You make an account, with a free email. You now have a valid STEAM account with a STEAMID already assigned to the account (NO CDKEY NEEDED FOR A STEAMID), and then you go do the exploit to get the games to display on your list. You don't need a CD-KEY at all. - Spencer voogru MacDonald -Original Message- From: Whisper [mailto:[EMAIL PROTECTED] Sent: Saturday, December 18, 2004 1:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? AFAIK the STEAM Account Creation Process works like this You Install your game You put your CD Key in You create a STEAM Account which then attaches THAT CD Key to your STEAM_ID You now have a legitamate STEAM Account which has several variables attached to it. STEAM_ID, Username, Password, E-mail Address, Secret Question CD Key. The only thing you need to now use that STEAM Account on ANY PC with STEAM installed is your STEAM Account Login Password and you are assigned the STEAM_ID that is attached to that STEAM Account Name Password. The STEAM_ID that everybody see's on the Server should match that persons STEAM Account Password and it should be a simple procedure to query that STEAM Client for that particular Username and Password once a person joins a server, and if the details don't match they shouldn't have access, and one would think that a simple Valve server side challange/response like this ought to stop people who don't have legitamate rights to that STEAM_ID from playing online! The process is only slightly differenent for games purchased directly from STEAM, but still, at the time the Account is created, Valve still gets your Account Name, Password, E-mail address Secret Question AND then THEY (Valve) assigns you a STEAM_ID to that Account. In both Cases, Valve has complete control over the assigning of STEAM_ID's to Account Name/Password/E-mail address combinations. On Sat, 18 Dec 2004 00:29:53 -, Graham McMaster [EMAIL PROTECTED] wrote: It does, the actual Authentication appears to be done server side but if the Server has no master servers listed then that's gotta be away around it. Also the same with LAN servers. -Graham -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Bahamut Andrews Sent: 18 December 2004 00:17 To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? They are, though non-STEAM appears to bypass this connection. - Bruce Bahamut Andrews Whisper wrote: Thats exactly what I thought! On Fri, 17 Dec 2004 11:09:56 -0800, Clayton Macleod [EMAIL PROTECTED] wrote: forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? I mean, I can't go making 15 accounts and use the same CD key in all of them. The second account will give an error stating that the CD key has already been registered to the first account. On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason [EMAIL PROTECTED] wrote: CDKeys can and should be used FOR verification (since we all have them, and the internet cafes pay for them as well). Screw SteamIDs, email addys, and everything else. Why am I thinking that WON was a way better system than what we have now? Because Valve had a database of all our CDKEYS and it was a hell of a lot harder to get online with a keygen'd key than it is now. Perhaps there isn't enough money left in Valve's pretty purse to run a CDKEY verification server now Come on fellas - how about some communication Valve! What the heck is going [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED][EMAIL PROTECTED] -Original Message- From: [EMAIL
Re: [hlds] When will the nosteam hacks be fixed?
I keep forgetting to clip the bottom of the emails off, they get so big for no particular reason. Anyway, I'd like to point out that although all these 'solutions' that you're all coming up with are brilliant ideas, none of us have any idea how the current system actually works on a core level, we only have assumptions that actually appear to work, they might be totally wrong, so leaving it to VALVe is all you can do :p - Bruce Bahamut Andrews Andrew Armstrong wrote: Each CDKey can only be used once, right? Why not have a system like this: * Since each steam account is already flagged with what games were owned/purchased by the account (server side) - Since you can login from anywhere and see your games list, have this information accessable by the multiplayer servers * When a client connects, it sends their steam id, the gameserver goes Hey Steam master server, does steam_id12345 own CS Source? If its a no, drop the client. That way, they can make as many steam id's as they want, but never get back in the game, because: * The steam master server informs the joining client whether they own the game or not This way, non-steam would not work on official servers, because: * They send their steam id, but the master server never recorded them purchasing the game, so it drops them Surely thats a viable solution? -Plasma ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
GENIUS!!!11 Why oh why hasn't valve thought of this before? Wow, you must have like, solved the problem, dude! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Armstrong Sent: Friday, December 17, 2004 11:44 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? Each CDKey can only be used once, right? Why not have a system like this: * Since each steam account is already flagged with what games were owned/purchased by the account (server side) - Since you can login from anywhere and see your games list, have this information accessable by the multiplayer servers * When a client connects, it sends their steam id, the gameserver goes Hey Steam master server, does steam_id12345 own CS Source? If its a no, drop the client. That way, they can make as many steam id's as they want, but never get back in the game, because: * The steam master server informs the joining client whether they own the game or not This way, non-steam would not work on official servers, because: * They send their steam id, but the master server never recorded them purchasing the game, so it drops them Surely thats a viable solution? -Plasma - Original Message - From: Spencer 'voogru' MacDonald [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, December 18, 2004 6:10 PM Subject: RE: [hlds] When will the nosteam hacks be fixed? This is wrong. You install STEAM, you don't need any game. You make an account, with a free email. You now have a valid STEAM account with a STEAMID already assigned to the account (NO CDKEY NEEDED FOR A STEAMID), and then you go do the exploit to get the games to display on your list. You don't need a CD-KEY at all. - Spencer voogru MacDonald -Original Message- From: Whisper [mailto:[EMAIL PROTECTED] Sent: Saturday, December 18, 2004 1:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? AFAIK the STEAM Account Creation Process works like this You Install your game You put your CD Key in You create a STEAM Account which then attaches THAT CD Key to your STEAM_ID You now have a legitamate STEAM Account which has several variables attached to it. STEAM_ID, Username, Password, E-mail Address, Secret Question CD Key. The only thing you need to now use that STEAM Account on ANY PC with STEAM installed is your STEAM Account Login Password and you are assigned the STEAM_ID that is attached to that STEAM Account Name Password. The STEAM_ID that everybody see's on the Server should match that persons STEAM Account Password and it should be a simple procedure to query that STEAM Client for that particular Username and Password once a person joins a server, and if the details don't match they shouldn't have access, and one would think that a simple Valve server side challange/response like this ought to stop people who don't have legitamate rights to that STEAM_ID from playing online! The process is only slightly differenent for games purchased directly from STEAM, but still, at the time the Account is created, Valve still gets your Account Name, Password, E-mail address Secret Question AND then THEY (Valve) assigns you a STEAM_ID to that Account. In both Cases, Valve has complete control over the assigning of STEAM_ID's to Account Name/Password/E-mail address combinations. On Sat, 18 Dec 2004 00:29:53 -, Graham McMaster [EMAIL PROTECTED] wrote: It does, the actual Authentication appears to be done server side but if the Server has no master servers listed then that's gotta be away around it. Also the same with LAN servers. -Graham -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bruce Bahamut Andrews Sent: 18 December 2004 00:17 To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? They are, though non-STEAM appears to bypass this connection. - Bruce Bahamut Andrews Whisper wrote: Thats exactly what I thought! On Fri, 17 Dec 2004 11:09:56 -0800, Clayton Macleod [EMAIL PROTECTED] wrote: forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? I mean, I can't go making 15 accounts and use the same CD key in all of them. The second account will give an error stating that the CD key has already been registered to the first account. On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason [EMAIL PROTECTED] wrote: CDKeys can and should be used FOR verification (since we all have them, and the internet cafes pay for them as well). Screw SteamIDs, email addys, and everything else. Why am I thinking that WON was a way better system than what we have now? Because Valve had a database of all our CDKEYS and it was a hell of a lot harder to get online with a keygen'd key than
Re: [hlds] When will the nosteam hacks be fixed?
Can't see through stone walls either On Thu, 16 Dec 2004 02:37:06 -0500, Napier, Kevin [EMAIL PROTECTED] wrote: This is a multi-part message in MIME format. -- Probably more an issue of deploying one solution\architecture and then having the business flipflop and tack on all sorts of new requirements that don't fit the original design or not.. Since we dont work there, and I'm sure nobody there will dicuss it in detail publicly we'll never know. Would have been problematic but probably better overall to break the steam mold with hl2 and deploy source games on an updated version of thier auth systems so what if required people to get new steam(v2)id's. wtf do we know though, can't see through the tinted glass. From: [EMAIL PROTECTED] on behalf of Whisper Sent: Thu 12/16/2004 1:31 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? Makes you wonder who's dumb idea it was not to run a proper authentication scheme in the first instance and who at Valve is going I told you so, the damn fools never listen to me and now look at the mess we are in ??? On Thu, 16 Dec 2004 00:02:11 -0500, Napier, Kevin [EMAIL PROTECTED] wrote: What ever the reasons the silence has always been interesting. Oddly enough the coders list seems to be fairly active with responses by Valve employees. I know thier reading all this which makes it all the more humorous. You just know there all giggling and screaming for us to stfu. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bruce Bahamut Andrews Sent: Wednesday, December 15, 2004 11:37 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The silence isn't the slightest bit bizzare, it's just a repeat of the past. Remember when they missed the HL2 deadline of September, and the article that explained how embarrassed and stuff Gabe was? Seems to be just repeating past mistakes, embarrassed that their system was cracked but unwilling to open himself to attacks :/ - Bruce Bahamut Andrews J Marcus wrote: I don't buy that...There is no reason they can't comment on this one way or another. IMO that is what this forum is for. I think enough people have legitimate concerns and they should acknowledge that. I mean we have put up with a lot of shit running dedicated servers over the past few years. I think we deserve more respect then they are giving. It would be nice to know if they even have a plan or if they don't think they can ever get a handle on it at least tell us that so we can get a good third party AC going. The silence is just bizarre to me. jefe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren J. Mason Sent: Wednesday, December 15, 2004 5:27 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.5.4 - Release Date: 12/15/2004 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- [ winmail.dat of type application/ms-tnef deleted ] -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http
Re: [hlds] When will the nosteam hacks be fixed?
Is that why the steam logo stopped animating on downloads? :) On Thu, 2004-12-16 at 10:57 +1100, Whisper wrote: You are all familiar with the expression The wheels have fallen off ?? In this case it appears the wheels were never put on, in fact I don't think wheels were even a design consideration even though wheels were the main enabler of the technology in the first place! ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
Se for your self. It is rather ease. www.google.com look for fucksteam, click on I am feeling lucky. Or just go here: http://www.nonsteampowered.info/index.php?area=getnonsteamnow They even provide codename gordon! On Thu, 2004-12-16 at 07:43 +1100, Whisper wrote: Can anybody tell us how NOSTEAM works? Because so far nobody has been able to punch holes in the methodologies many of us have suggested here to stop a hack like NOSTEAM working at all! On Thu, 16 Dec 2004 07:41:07 +1100, Whisper [EMAIL PROTECTED] wrote: BTW if the problem is that Valve do not want to use servers to pass along the information then why not then only use the Content Providers who I think are well and truly vetted before they are allowed to be STEAM Content Providers AND more or less rule 99.9% of wannabe's out when the question is. Do you have a 1Gb or greater link? Do you have a problem serving 10GB of data per day? On Wed, 15 Dec 2004 16:09:39 +, Stephen Moretti (blueyonder) [EMAIL PROTECTED] wrote: Whisper wrote: Well the thing is, your STEAM_ID is connected to your Login. Suipposedly you cannot create (RDRR many lols) a STEAM Login without a valid CD Key Thats how integrity is supposed to be maintained to allow people to login on any computer. Indeed - hence the reason I suggest checking userid and steamid and cd key all together. If they don't match ie. someone is most likely interfering in some way (not so much the CD Key for reason I've already stated) don't let them in. If you're checking all the account details from both the client and from server that a user is connecting to you've got a much small probability of a hacker/cracker getting a valid combination and being able to access a game server. Actually Access 2003 is really limited to 2GB size not so much records or anything like that, if you know what I mean. Aye - still a canny few records though ;o) I think the limits for mySQL and MS SQL are more hardware limitations than anything else or more importantly budgetary :D ~lol~ yep - hence the reason why most of the stuff I build is based on mySQL :D ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- Marcelo de Paula Bezerra [EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
-- [ Picked text/plain from multipart/alternative ] In a message dated 12/16/2004 8:35:45 AM Eastern Standard Time, [EMAIL PROTECTED] writes: _http://www.nonsteampowered.info/index.php?area=getnonsteamnow_ (http://www.nonsteampowered.info/index.php?area=getnonsteamnow) i went here to check it out and it is just unfcuking believable -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
All you need is a unique email to get a steam ID. There are millions of free email services and each hacker probably has a thousand emails from many of them. Once you get the steam ID you add your old WON key ... Walla ... Only way to fix it is to disallow WON CD Keys. Valve can't do this. So ... Enjoy ... Now maybe if Valve required one to go to a web site and enter the CD key and you get your STEAM ID only once. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Whisper Sent: Wednesday, December 15, 2004 9:54 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? Well the thing is, your STEAM_ID is connected to your Login. Suipposedly you cannot create (RDRR many lols) a STEAM Login without a valid CD Key Thats how integrity is supposed to be maintained to allow people to login on any computer. As most of you are well aware, this is really stupidly basic stuff in the world of databases. Actually Access 2003 is really limited to 2GB size not so much records or anything like that, if you know what I mean. http://office.microsoft.com/en-au/assistance/HP051868081033.aspx Microsoft Access database (.mdb) (Microsoft Access database: A collection of data and objects (such as tables, queries, or forms) that is related to a particular topic or purpose. The Microsoft Jet database engine manages the data.) file size 2 gigabytes minus the space needed for system objects (system object: Database objects that are defined by the system, such as the table MSysIndexes, or by the user. You can create a system object by naming the object with USys as the first four characters in the object name.). Table size 2 gigabyte minus the space needed for the system objects I think the limits for mySQL and MS SQL are more hardware limitations than anything else or more importantly budgetary :D On Wed, 15 Dec 2004 14:27:05 +, Stephen Moretti (blueyonder) [EMAIL PROTECTED] wrote: BoNfiRe wrote: Probbably because of the scale involved in doing this. How many ppl have steam accounts hmm too many. Nah. You're only talking about 2.5 million records really. (2.3 million unique users per month http://www.steampowered.com/status/status.html) Even a desktop database like Microsoft Access is capable (all be it at its utter and total limit) of handling that number of rows in a table. As Whisper has already said its not that hard an application to build. With the details that you enter into your Steam registeration, you've got at least 3 ways of confirming that a user is a legitimate and at two different points of connection. You can check the users details on start up of the client (its possible to intercept this and make the steam client believe that its completed a valid login [maybe this is how nosteam works?]) and the second connection point is when a user joins a server. The server sends the user details to a valve authentication server. This second connection would be much harder to intercept other than by installing something on the server itself to prevent it talking to the authentication server. I'm not sure what the authentication servers are doing, but really they should be confirming, userid, steam id and possibly checking cd keys of users connecting to a server. I know that a userid/cd key match is not mandatory, because you can log in on any machine where steam/halflife is installed, but I'll bet 9/10 legitimate users will have matching a userid/steamid/cdkey. Ok - so a lot of people would be less than comfortable with their login details floating around in the open, but there is no reason why some kind of one way encrypted hash of their details couldn't be passed instead. The encrypted hash would be useless unless matched up with information in the Valve database. A nice little cluster of MS SQL or Oracle or even mySQL servers with some kind of webservice on the front could probably manage this nicely. Sorry... I hate speculating or suggesting solutions when its not my place, but the problem of ensuring valid logins to servers is a nice little problem that appeals to me. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
Don't forget to wipe the poop off your nose. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren J. Mason Sent: Wednesday, December 15, 2004 5:27 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
that's a bad idea.. I almost never check the sh1tty hotmail account I signed up with for steam; give valve my primary email addresss...yeah right. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of K. Mike Bradley Sent: Thursday, December 16, 2004 10:07 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? One thing that could be done is to send a periodic email once a month to each steam account's email address and if no one responds ... Delete the account. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Whisper Sent: Wednesday, December 15, 2004 5:22 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. What I still do not understand is if Valve know which username and I assume email address password belongs to which STEAM_ID, why on gawds earth why can't Valve/STEAM use those variables to determine whether the person using the STEAM_ID is who they say they are? Surely the NOSTEAM hack does not have access to peoples Usernames/Passwords/E-mail addresses, does it? Why on Earth was it not always done this way in the first place? Why does anything have to be changed? Personally I could not have conceived doing it any other way!! On Wed, 15 Dec 2004 22:59:00 +0100, Maarten van der Zwaart [EMAIL PROTECTED] wrote: On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
False, doesn't exists such keygen able to generate WON valid cdkeys simply because there is *NOT* any algorithm to decide is a cdkey is valid or not in WON or STEAM. -- PiTaGoRaS K. Mike Bradley escribió (Thu, 16 Dec 2004 10:14:18 -0500):  No ...  There are WON cd key generators so here is how it works.  A hacker gets banned ...  He gets a new free email ...  He gets a new free Steam account using that email account...  He uses a utility to generate a valid (illegally hacked) WON CD Key  ...  He is back in the game hacking and it only took 5 min ...  Valve knew way back when that WON was hacked ...  So they created Steam to fix it but the dumb thing was to allow WON  cd keys in with steam thereby defeating the purpose.  -Original Message-  From: [EMAIL PROTECTED]  [mailto:[EMAIL PROTECTED] On Behalf Of Marcelo de  Paula Bezerra Sent: Thursday, December 16, 2004 8:08 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the  nosteam hacks be fixed?  You can create as many logins as you want and we all have done that  from day one (to update our servers).  The cdkey is only used to grant access to a single game (it is a 0  to n relation, as an account is likely to have multiple cdkeys).  The problem is that people can found a way the cdkey, so they  pretend to be authorized and the server doesn't barf on then.  It is probably code needed for developers to test stuff rather than  anythigh else.  As for the debate arround databases, I'd prefer to not comment  about it, since we have limited knowledge on what features steam  needs and most people have no experience on maintaining huge  database servers with high transactions per second counts.  On Thu, 2004-12-16 at 01:54 +1100, Whisper wrote:  Well the thing is, your STEAM_ID is connected to your Login.  Suipposedly you cannot create (RDRR many lols) a STEAM Login  without a valid CD Key  Thats how integrity is supposed to be maintained to allow people  to login on any computer.  As most of you are well aware, this is really stupidly basic  stuff in the world of databases.  Actually Access 2003 is really limited to 2GB size not so much  records or anything like that, if you know what I mean.  http://office.microsoft.com/en-au/assistance/HP051868081033.aspx  Microsoft Access database (.mdb) (Microsoft Access database: A  collection of data and objects (such as tables, queries, or  forms) that is related to a particular topic or purpose. The  Microsoft Jet database engine manages the data.) file size 2  gigabytes minus the space needed for system objects (system  object: Database objects that are defined by the system, such as  the table MSysIndexes, or by the user. You can create a system  object by naming the object with USys as the first four  characters in the object name.).  Table size 2 gigabyte minus the space needed for the system  objects  I think the limits for mySQL and MS SQL are more hardware  limitations than anything else or more importantly budgetary :D  ___  To unsubscribe, edit your list preferences, or view the list  archives, please visit:  http://list.valvesoftware.com/mailman/listinfo/hlds  ___  To unsubscribe, edit your list preferences, or view the list  archives, please visit:  http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
You can't register a cdkey twice. Has any of you read the nonsteampowered link I posted today? On Thu, 2004-12-16 at 10:04 -0500, K. Mike Bradley wrote: All you need is a unique email to get a steam ID. There are millions of free email services and each hacker probably has a thousand emails from many of them. Once you get the steam ID you add your old WON key ... Walla ... Only way to fix it is to disallow WON CD Keys. Valve can't do this. So ... Enjoy ... Now maybe if Valve required one to go to a web site and enter the CD key and you get your STEAM ID only once. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
I still don't understand? IIRC you cannot create a STEAM Account (supposedly) unless you have a legitamate install of the game, which you can't do without a valid CD key, or that is how it used to work. Oh well Goodbye Valve STEAM I guess On Thu, 16 Dec 2004 12:12:40 -0500, Spencer 'voogru' MacDonald [EMAIL PROTECTED] wrote: It seems everyone thinks a STEAMID is linked to a CD-KEY. It's not. The STEAMID is assigned when you make the account, for example, I have an account I never put a CD-KEY on until recently, and my STEAMID is around 1000. They then just use an exploit to make the games available to them by screwing with one of the cache files. Solution: Check CD-KEY that's tied to the game when they try to launch the game, and DO NOT cache it, it worked like that with WON when trying to connect to a multiplayer game, why can't it work like that in steam? - Spencer voogru MacDonald -Original Message- From: Darren J. Mason [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 11:11 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow, so much for the clear use of reality-based sarcasm. Did you not catch my earlier post that I have discontinued playing CS and other online MPs from Valve!?! The only reason their would be poop on my nose would be cause of all the sh** going on in the MP games. Come on Valve Alfred, can you get some kind of word to us about this?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of K. Mike Bradley Sent: Thursday, December 16, 2004 7:08 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Don't forget to wipe the poop off your nose. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren J. Mason Sent: Wednesday, December 15, 2004 5:27 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
You can make a steam account with no CD-KEY. - Spencer voogru MacDonald -Original Message- From: Whisper [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 12:24 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? I still don't understand? IIRC you cannot create a STEAM Account (supposedly) unless you have a legitamate install of the game, which you can't do without a valid CD key, or that is how it used to work. Oh well Goodbye Valve STEAM I guess On Thu, 16 Dec 2004 12:12:40 -0500, Spencer 'voogru' MacDonald [EMAIL PROTECTED] wrote: It seems everyone thinks a STEAMID is linked to a CD-KEY. It's not. The STEAMID is assigned when you make the account, for example, I have an account I never put a CD-KEY on until recently, and my STEAMID is around 1000. They then just use an exploit to make the games available to them by screwing with one of the cache files. Solution: Check CD-KEY that's tied to the game when they try to launch the game, and DO NOT cache it, it worked like that with WON when trying to connect to a multiplayer game, why can't it work like that in steam? - Spencer voogru MacDonald -Original Message- From: Darren J. Mason [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 11:11 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow, so much for the clear use of reality-based sarcasm. Did you not catch my earlier post that I have discontinued playing CS and other online MPs from Valve!?! The only reason their would be poop on my nose would be cause of all the sh** going on in the MP games. Come on Valve Alfred, can you get some kind of word to us about this?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of K. Mike Bradley Sent: Thursday, December 16, 2004 7:08 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Don't forget to wipe the poop off your nose. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren J. Mason Sent: Wednesday, December 15, 2004 5:27 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten
Re: [hlds] When will the nosteam hacks be fixed?
A server is a legitimate install, and it requires no CD-Key. --AgentHH Whisper wrote: I still don't understand? IIRC you cannot create a STEAM Account (supposedly) unless you have a legitamate install of the game, which you can't do without a valid CD key, or that is how it used to work. Oh well Goodbye Valve STEAM I guess On Thu, 16 Dec 2004 12:12:40 -0500, Spencer 'voogru' MacDonald [EMAIL PROTECTED] wrote: It seems everyone thinks a STEAMID is linked to a CD-KEY. It's not. The STEAMID is assigned when you make the account, for example, I have an account I never put a CD-KEY on until recently, and my STEAMID is around 1000. They then just use an exploit to make the games available to them by screwing with one of the cache files. Solution: Check CD-KEY that's tied to the game when they try to launch the game, and DO NOT cache it, it worked like that with WON when trying to connect to a multiplayer game, why can't it work like that in steam? - Spencer voogru MacDonald ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
With non steam, you dont need a valid CD key, you only need a steam account (login password). After you have created an account, you can deinstall steam and play for free. Greets Ronny No ... There are WON cd key generators so here is how it works. A hacker gets banned ... He gets a new free email ... He gets a new free Steam account using that email account... He uses a utility to generate a valid (illegally hacked) WON CD Key ... He is back in the game hacking and it only took 5 min ... Valve knew way back when that WON was hacked ... So they created Steam to fix it but the dumb thing was to allow WON cd keys in with steam thereby defeating the purpose. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marcelo de Paula Bezerra Sent: Thursday, December 16, 2004 8:08 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? You can create as many logins as you want and we all have done that from day one (to update our servers). The cdkey is only used to grant access to a single game (it is a 0 to n relation, as an account is likely to have multiple cdkeys). The problem is that people can found a way the cdkey, so they pretend to be authorized and the server doesn't barf on then. It is probably code needed for developers to test stuff rather than anythigh else. As for the debate arround databases, I'd prefer to not comment about it, since we have limited knowledge on what features steam needs and most people have no experience on maintaining huge database servers with high transactions per second counts. On Thu, 2004-12-16 at 01:54 +1100, Whisper wrote: Well the thing is, your STEAM_ID is connected to your Login. Suipposedly you cannot create (RDRR many lols) a STEAM Login without a valid CD Key Thats how integrity is supposed to be maintained to allow people to login on any computer. As most of you are well aware, this is really stupidly basic stuff in the world of databases. Actually Access 2003 is really limited to 2GB size not so much records or anything like that, if you know what I mean. http://office.microsoft.com/en-au/assistance/HP051868081033.aspx Microsoft Access database (.mdb) (Microsoft Access database: A collection of data and objects (such as tables, queries, or forms) that is related to a particular topic or purpose. The Microsoft Jet database engine manages the data.) file size 2 gigabytes minus the space needed for system objects (system object: Database objects that are defined by the system, such as the table MSysIndexes, or by the user. You can create a system object by naming the object with USys as the first four characters in the object name.). Table size 2 gigabyte minus the space needed for the system objects I think the limits for mySQL and MS SQL are more hardware limitations than anything else or more importantly budgetary :D ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
On Thu, 16 Dec 2004 10:04:31 -0500, K. Mike Bradley [EMAIL PROTECTED] wrote: All you need is a unique email to get a steam ID. There are millions of free email services and each hacker probably has a thousand emails from many of them. I think you can have multiple accounts on one email address, but it does not really matter, because there are no verification mails, so you don't need a valid address. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
I read an article about CD Keys being hacked last year. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of PiTaGoRaS Sent: Thursday, December 16, 2004 10:34 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? False, doesn't exists such keygen able to generate WON valid cdkeys simply because there is *NOT* any algorithm to decide is a cdkey is valid or not in WON or STEAM. -- PiTaGoRaS K. Mike Bradley escribis (Thu, 16 Dec 2004 10:14:18 -0500): No ... There are WON cd key generators so here is how it works. A hacker gets banned ... He gets a new free email ... He gets a new free Steam account using that email account... He uses a utility to generate a valid (illegally hacked) WON CD Key ... He is back in the game hacking and it only took 5 min ... Valve knew way back when that WON was hacked ... So they created Steam to fix it but the dumb thing was to allow WON cd keys in with steam thereby defeating the purpose. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marcelo de Paula Bezerra Sent: Thursday, December 16, 2004 8:08 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? You can create as many logins as you want and we all have done that from day one (to update our servers). The cdkey is only used to grant access to a single game (it is a 0 to n relation, as an account is likely to have multiple cdkeys). The problem is that people can found a way the cdkey, so they pretend to be authorized and the server doesn't barf on then. It is probably code needed for developers to test stuff rather than anythigh else. As for the debate arround databases, I'd prefer to not comment about it, since we have limited knowledge on what features steam needs and most people have no experience on maintaining huge database servers with high transactions per second counts. On Thu, 2004-12-16 at 01:54 +1100, Whisper wrote: Well the thing is, your STEAM_ID is connected to your Login. Suipposedly you cannot create (RDRR many lols) a STEAM Login without a valid CD Key Thats how integrity is supposed to be maintained to allow people to login on any computer. As most of you are well aware, this is really stupidly basic stuff in the world of databases. Actually Access 2003 is really limited to 2GB size not so much records or anything like that, if you know what I mean. http://office.microsoft.com/en-au/assistance/HP051868081033.aspx Microsoft Access database (.mdb) (Microsoft Access database: A collection of data and objects (such as tables, queries, or forms) that is related to a particular topic or purpose. The Microsoft Jet database engine manages the data.) file size 2 gigabytes minus the space needed for system objects (system object: Database objects that are defined by the system, such as the table MSysIndexes, or by the user. You can create a system object by naming the object with USys as the first four characters in the object name.). Table size 2 gigabyte minus the space needed for the system objects I think the limits for mySQL and MS SQL are more hardware limitations than anything else or more importantly budgetary :D ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
Exactly, and account with a steamid, but no games. On Thu, 2004-12-16 at 12:34 -0500, Spencer 'voogru' MacDonald wrote: You can make a steam account with no CD-KEY. - Spencer voogru MacDonald -Original Message- From: Whisper [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 12:24 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? I still don't understand? IIRC you cannot create a STEAM Account (supposedly) unless you have a legitamate install of the game, which you can't do without a valid CD key, or that is how it used to work. Oh well Goodbye Valve STEAM I guess On Thu, 16 Dec 2004 12:12:40 -0500, Spencer 'voogru' MacDonald [EMAIL PROTECTED] wrote: It seems everyone thinks a STEAMID is linked to a CD-KEY. It's not. The STEAMID is assigned when you make the account, for example, I have an account I never put a CD-KEY on until recently, and my STEAMID is around 1000. They then just use an exploit to make the games available to them by screwing with one of the cache files. Solution: Check CD-KEY that's tied to the game when they try to launch the game, and DO NOT cache it, it worked like that with WON when trying to connect to a multiplayer game, why can't it work like that in steam? - Spencer voogru MacDonald -Original Message- From: Darren J. Mason [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 11:11 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow, so much for the clear use of reality-based sarcasm. Did you not catch my earlier post that I have discontinued playing CS and other online MPs from Valve!?! The only reason their would be poop on my nose would be cause of all the sh** going on in the MP games. Come on Valve Alfred, can you get some kind of word to us about this?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of K. Mike Bradley Sent: Thursday, December 16, 2004 7:08 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Don't forget to wipe the poop off your nose. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren J. Mason Sent: Wednesday, December 15, 2004 5:27 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need
RE: [hlds] When will the nosteam hacks be fixed?
Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good, then uninstall and leave us all alone because I have dealt with this SHIT for YEARS... literally. This may be the Dos Equis talking, but we need to do something (server owners) and let VALVe know that this CRAP is not going to stand anymore. The pile of shitty lies and ignorance is getting too high. WE MAKE THE GAMES HAPPEN. WE MAKE THE PLACE FOR PEOPLE TO PLAY THEIR GAMES. _ Darren J. Mason wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? Andrew R. Mitcham Fire Gaming, LP Senior Partner [EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
Rather then pointlessly venting anger on the list you could take the time to email someone off-list at VALVe and they generally will respond rather fast. - Bruce Bahamut Andrews Andrew R. Mitcham wrote: Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good, then uninstall and leave us all alone because I have dealt with this SHIT for YEARS... literally. This may be the Dos Equis talking, but we need to do something (server owners) and let VALVe know that this CRAP is not going to stand anymore. The pile of shitty lies and ignorance is getting too high. WE MAKE THE GAMES HAPPEN. WE MAKE THE PLACE FOR PEOPLE TO PLAY THEIR GAMES. _ Darren J. Mason wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? Andrew R. Mitcham Fire Gaming, LP Senior Partner [EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
I was just making the point that I believe VALVe relies on the replies of people like this to make the issue minor instead of major. It is people that say Hey, relax guy. They are working on it that makes the people who complain feel stupid and n00b. Let us not forget that these people are NOT VALVe employees and DO NOT know anything more than US. This has occurred for YEARS and we need to stop that. It would make VALVe more honest and forthcoming about issues that relate to SRCDS/HLDS. I certainly would not be angry in I heard from an employee ANYHTING relating to this issue, rather than some dude in... Arkansas or something... that has no clue what is going on telling me to chill out. Again, this has happened for years and it will continue to happen until people make it known that it will not be tolerated anymore, especially by the people who supply the environment to PLAY the game in. -Original Message- Rather then pointlessly venting anger on the list you could take the time to email someone off-list at VALVe and they generally will respond rather fast. - Bruce Bahamut Andrews From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew R. Mitcham Sent: Friday, December 17, 2004 1:20 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow. This is the #1,000,000,000 time I've heard this from someone who doesn't work for VALVe in the past 2 years. Everytime anyone complains about VALVe not updating VAC or not closing loopholes, someone who doesn't work for VALVe or have ANY insight into VALVe tells everyone to be patient because VALVe is working on something. I don't know about the rest of you server owners, but I'm absolutely SICK and TIRED of hearing this. I've heard it during 1.3, 1.4, 1.5, 1.6, and now even Source. STFU! Please! We need something to happen... NOW and we need to hear it from VALVe people that this issue is now a top priority. They screwed us with the release dates for HL2, the December update was a laughing stock and COMPLETE failure. I am 2 seconds away from just going with BF1942 or UT2K4 or something. And don't tell me Good, then uninstall and leave us all alone because I have dealt with this SHIT for YEARS... literally. This may be the Dos Equis talking, but we need to do something (server owners) and let VALVe know that this CRAP is not going to stand anymore. The pile of shitty lies and ignorance is getting too high. WE MAKE THE GAMES HAPPEN. WE MAKE THE PLACE FOR PEOPLE TO PLAY THEIR GAMES. _ Darren J. Mason wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait
Re: [hlds] When will the nosteam hacks be fixed?
You can create as many logins as you want and we all have done that from day one (to update our servers). The cdkey is only used to grant access to a single game (it is a 0 to n relation, as an account is likely to have multiple cdkeys). The problem is that people can found a way the cdkey, so they pretend to be authorized and the server doesn't barf on then. It is probably code needed for developers to test stuff rather than anythigh else. As for the debate arround databases, I'd prefer to not comment about it, since we have limited knowledge on what features steam needs and most people have no experience on maintaining huge database servers with high transactions per second counts. On Thu, 2004-12-16 at 01:54 +1100, Whisper wrote: Well the thing is, your STEAM_ID is connected to your Login. Suipposedly you cannot create (RDRR many lols) a STEAM Login without a valid CD Key Thats how integrity is supposed to be maintained to allow people to login on any computer. As most of you are well aware, this is really stupidly basic stuff in the world of databases. Actually Access 2003 is really limited to 2GB size not so much records or anything like that, if you know what I mean. http://office.microsoft.com/en-au/assistance/HP051868081033.aspx Microsoft Access database (.mdb) (Microsoft Access database: A collection of data and objects (such as tables, queries, or forms) that is related to a particular topic or purpose. The Microsoft Jet database engine manages the data.) file size 2 gigabytes minus the space needed for system objects (system object: Database objects that are defined by the system, such as the table MSysIndexes, or by the user. You can create a system object by naming the object with USys as the first four characters in the object name.). Table size 2 gigabyte minus the space needed for the system objects I think the limits for mySQL and MS SQL are more hardware limitations than anything else or more importantly budgetary :D ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
hahaha.. does thier stuff actually work? If so it's so wrong it almost makes it right. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Thursday, December 16, 2004 8:53 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? In a message dated 12/16/2004 8:35:45 AM Eastern Standard Time, [EMAIL PROTECTED] writes: _http://www.nonsteampowered.info/index.php?area=getnonsteamnow_ (http://www.nonsteampowered.info/index.php?area=getnonsteamnow) i went here to check it out and it is just unfcuking believable -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
One thing that could be done is to send a periodic email once a month to each steam account's email address and if no one responds ... Delete the account. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Whisper Sent: Wednesday, December 15, 2004 5:22 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. What I still do not understand is if Valve know which username and I assume email address password belongs to which STEAM_ID, why on gawds earth why can't Valve/STEAM use those variables to determine whether the person using the STEAM_ID is who they say they are? Surely the NOSTEAM hack does not have access to peoples Usernames/Passwords/E-mail addresses, does it? Why on Earth was it not always done this way in the first place? Why does anything have to be changed? Personally I could not have conceived doing it any other way!! On Wed, 15 Dec 2004 22:59:00 +0100, Maarten van der Zwaart [EMAIL PROTECTED] wrote: On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
No ... There are WON cd key generators so here is how it works. A hacker gets banned ... He gets a new free email ... He gets a new free Steam account using that email account... He uses a utility to generate a valid (illegally hacked) WON CD Key ... He is back in the game hacking and it only took 5 min ... Valve knew way back when that WON was hacked ... So they created Steam to fix it but the dumb thing was to allow WON cd keys in with steam thereby defeating the purpose. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marcelo de Paula Bezerra Sent: Thursday, December 16, 2004 8:08 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? You can create as many logins as you want and we all have done that from day one (to update our servers). The cdkey is only used to grant access to a single game (it is a 0 to n relation, as an account is likely to have multiple cdkeys). The problem is that people can found a way the cdkey, so they pretend to be authorized and the server doesn't barf on then. It is probably code needed for developers to test stuff rather than anythigh else. As for the debate arround databases, I'd prefer to not comment about it, since we have limited knowledge on what features steam needs and most people have no experience on maintaining huge database servers with high transactions per second counts. On Thu, 2004-12-16 at 01:54 +1100, Whisper wrote: Well the thing is, your STEAM_ID is connected to your Login. Suipposedly you cannot create (RDRR many lols) a STEAM Login without a valid CD Key Thats how integrity is supposed to be maintained to allow people to login on any computer. As most of you are well aware, this is really stupidly basic stuff in the world of databases. Actually Access 2003 is really limited to 2GB size not so much records or anything like that, if you know what I mean. http://office.microsoft.com/en-au/assistance/HP051868081033.aspx Microsoft Access database (.mdb) (Microsoft Access database: A collection of data and objects (such as tables, queries, or forms) that is related to a particular topic or purpose. The Microsoft Jet database engine manages the data.) file size 2 gigabytes minus the space needed for system objects (system object: Database objects that are defined by the system, such as the table MSysIndexes, or by the user. You can create a system object by naming the object with USys as the first four characters in the object name.). Table size 2 gigabyte minus the space needed for the system objects I think the limits for mySQL and MS SQL are more hardware limitations than anything else or more importantly budgetary :D ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
Wow, so much for the clear use of reality-based sarcasm. Did you not catch my earlier post that I have discontinued playing CS and other online MPs from Valve!?! The only reason their would be poop on my nose would be cause of all the sh** going on in the MP games. Come on Valve Alfred, can you get some kind of word to us about this?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of K. Mike Bradley Sent: Thursday, December 16, 2004 7:08 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Don't forget to wipe the poop off your nose. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren J. Mason Sent: Wednesday, December 15, 2004 5:27 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
On Fri, 17 Dec 2004 04:24:20 +1100, Whisper [EMAIL PROTECTED] wrote: IIRC you cannot create a STEAM Account (supposedly) unless you have a legitamate install of the game, which you can't do without a valid CD key, or that is how it used to work. It has never worked that way, you can create as much accounts as you like, without any cdkey linked to it. Those accounts will have steamids. Steam will just not allow you to play any games (except codename gordon) without either a cdkey linked, or after buying the game with credit card via steam. The nosteam program allows you to play all games on your account, with the steamid on that account, but without cdkey or purchase via steam. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
Who knows? Nobody by the sounds of it? And you get in trouble if you try to bring somebody to account or try to raise the profile of the issue in anyway whatsoever because people think you are doing it for your ego and it obviously has nothing to do with not having to deal with fucktards on servers day in and day out and wasting more than half your day everyday trying to get rid of people who's only reason for being on the server is to be as a disruptive as possible because you have to play by the rules and you can't just jump onto one of your core routers and blow 100GB of data down the line at them rendering the tards internet connection effectively useless or blowing away any download limits they though they had. But hey, lets just stick our heads in the sand and play deaf, dumb, blind stupid in the hope that Valve fix the problem because we just know how technically proficient and commmunicative Valve have been in the past on these issues. Mushrooms anybody? On Thu, 16 Dec 2004 16:45:30 -0300, Marcelo de Paula Bezerra [EMAIL PROTECTED] wrote: Exactly, and account with a steamid, but no games. On Thu, 2004-12-16 at 12:34 -0500, Spencer 'voogru' MacDonald wrote: You can make a steam account with no CD-KEY. - Spencer voogru MacDonald -Original Message- From: Whisper [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 12:24 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? I still don't understand? IIRC you cannot create a STEAM Account (supposedly) unless you have a legitamate install of the game, which you can't do without a valid CD key, or that is how it used to work. Oh well Goodbye Valve STEAM I guess On Thu, 16 Dec 2004 12:12:40 -0500, Spencer 'voogru' MacDonald [EMAIL PROTECTED] wrote: It seems everyone thinks a STEAMID is linked to a CD-KEY. It's not. The STEAMID is assigned when you make the account, for example, I have an account I never put a CD-KEY on until recently, and my STEAMID is around 1000. They then just use an exploit to make the games available to them by screwing with one of the cache files. Solution: Check CD-KEY that's tied to the game when they try to launch the game, and DO NOT cache it, it worked like that with WON when trying to connect to a multiplayer game, why can't it work like that in steam? - Spencer voogru MacDonald -Original Message- From: Darren J. Mason [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 11:11 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Wow, so much for the clear use of reality-based sarcasm. Did you not catch my earlier post that I have discontinued playing CS and other online MPs from Valve!?! The only reason their would be poop on my nose would be cause of all the sh** going on in the MP games. Come on Valve Alfred, can you get some kind of word to us about this?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of K. Mike Bradley Sent: Thursday, December 16, 2004 7:08 AM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Don't forget to wipe the poop off your nose. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren J. Mason Sent: Wednesday, December 15, 2004 5:27 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar
Re: [hlds] When will the nosteam hacks be fixed?
Probbably because of the scale involved in doing this. How many ppl have steam accounts hmm too many. - Original Message - From: Whisper [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 15, 2004 1:09 PM Subject: Re: [hlds] When will the nosteam hacks be fixed? Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Doesn't Valve know which STEAM_ID's belong to which STEAM Users? Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? From my basic knowledge of databases and network security all this should be extremely simple to setup and secure and the database would not ever be that large (10 million records is nothing in the scheme of databases) and no matter what is occurring on the client (which is how nosteam works AFAIK it is all client side) it should be damn simple to stop illegitimate users connecting or at least staying connected to a server if the correct procedures were put in place! Anybody got any reason why this would be a difficult thing to do? Anybody got any insights into how nosteam works and why it's so difficult for Valve to block its use? Nobody I have spoken to about this issue who knows anything about databases, database network security understands when I put to them the scenario, why this is a problem. On Tue, 14 Dec 2004 23:57:26 -0700, Alex Herlan [EMAIL PROTECTED] wrote: Haha yea... I am very pissed that Valve hasn't had more support for Steam related technology since the release of Half-Life 2... I mean Steam has been buggy and weird in general, and had poor anti-cheat protection for a while now... but now that I've forked over $60 for half-life 2, I kind of expect a lot of these things to be resolved by now, or being fixed very quickly as we speak. Don't get me wrong, I see the potential of steam as being something really great.. but right now with the flakey friends network being practically unusable, and no anti-cheat/hack protection, its all totally worthless... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roc Sent: Tuesday, December 14, 2004 10:39 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? You must not forget to get the media involved (c-net, zd-net, abc, cbs, post, times, etc..). Only then will it truly work. Happy Holidays Andrew R. Mitcham wrote: I'm all for a shut down of my servers in protest. I think I have bitched and moaned about the negligence of VAC for years... and every time I do, someone says Oh, they are working on it... be patient. 2 years later... MORE hackers than pre-steam. I participate in Steambans.com (I'm ranked #1 on there :D) which was great for a while. But now that I hear people can get a new STEAMID so easily, I have noticed return hackers... especially the ones that have the name changing script. While all of us stopping our servers for a day is a small percentage, I'm pretty sure we are the owners of some of the BETTER pubs out there. I know my CSDM server is hugely popular and its absence for a day would cause a lot of people to wonder. Multiply that by everyone on this list (OK, not everyone) it could cause a little publicity. We should email fan sites (csnation.net, hlfallout.net, halflife2.net, etc) and let them know that this event may occur and the reason why. Seriously, SOMETHING needs to be done and I won't take someone is working on it for an answer by someone who doesn't work for VALVe. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roc Sent: Tuesday, December 14, 2004 10:25 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? IMO, this Friday is too soon, we need some organization and lots of folks (web sites) to spread the word Happy Holidays K. Mike Bradley wrote: It wont hurt and it mite send a message. There has been a discussion for over 8 months now so that don't work ... Show some solidarity admins! DO SOMETHING TO BREAK THE IMPASSE! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roc Sent: Tuesday, December 14, 2004 8:38 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? Thats just it, you won't hear a peep from them! On a serious note, I am open to anything that would work. Happy Holidays J Marcus wrote: Nah that is not the answer..it would just help the empty servers. Why not have a open discussion about it on this mailing list. Not looking to go into anything specific but to have absolutely no response or participation in the dialog from
Re: [hlds] When will the nosteam hacks be fixed?
Thats my point, the amount of records we are talking about is not that large when you have worked with decent sized databases. I guess you have: Account Name Contact E-mail Password Secret Question Secret Answer CD-Key STEAM_ID So about 7 basic fields per user and I guess you would have times and dates as well, so I mean you could have 20 fields and its still nothing. I guess you could keep records of IP addresses and servers played on if you wished which would increase the amount of fields you require, but I mean there are people who are cleverer and more experienced than I am who would be able to tell you that this would be pretty easy to keep a record of all of this stuff if required, but in any case is not necessary for identification/authetication purposes and you could keep it in several linked databases and only keep a database with the above fields or something similar for the day to day authetication since that where the largest amount of querys are going to occur. As I said quite sometime ago in this list, if you don't know what you are doing just get IBM to do it for you, it wouldn't even be that expensive and a least THEY know wtf they are doing! On Wed, 15 Dec 2004 13:25:54 -, BoNfiRe [EMAIL PROTECTED] wrote: Probbably because of the scale involved in doing this. How many ppl have steam accounts hmm too many. - Original Message - From: Whisper [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 15, 2004 1:09 PM Subject: Re: [hlds] When will the nosteam hacks be fixed? Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Doesn't Valve know which STEAM_ID's belong to which STEAM Users? Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? From my basic knowledge of databases and network security all this should be extremely simple to setup and secure and the database would not ever be that large (10 million records is nothing in the scheme of databases) and no matter what is occurring on the client (which is how nosteam works AFAIK it is all client side) it should be damn simple to stop illegitimate users connecting or at least staying connected to a server if the correct procedures were put in place! Anybody got any reason why this would be a difficult thing to do? Anybody got any insights into how nosteam works and why it's so difficult for Valve to block its use? Nobody I have spoken to about this issue who knows anything about databases, database network security understands when I put to them the scenario, why this is a problem. On Tue, 14 Dec 2004 23:57:26 -0700, Alex Herlan [EMAIL PROTECTED] wrote: Haha yea... I am very pissed that Valve hasn't had more support for Steam related technology since the release of Half-Life 2... I mean Steam has been buggy and weird in general, and had poor anti-cheat protection for a while now... but now that I've forked over $60 for half-life 2, I kind of expect a lot of these things to be resolved by now, or being fixed very quickly as we speak. Don't get me wrong, I see the potential of steam as being something really great.. but right now with the flakey friends network being practically unusable, and no anti-cheat/hack protection, its all totally worthless... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roc Sent: Tuesday, December 14, 2004 10:39 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? You must not forget to get the media involved (c-net, zd-net, abc, cbs, post, times, etc..). Only then will it truly work. Happy Holidays Andrew R. Mitcham wrote: I'm all for a shut down of my servers in protest. I think I have bitched and moaned about the negligence of VAC for years... and every time I do, someone says Oh, they are working on it... be patient. 2 years later... MORE hackers than pre-steam. I participate in Steambans.com (I'm ranked #1 on there :D) which was great for a while. But now that I hear people can get a new STEAMID so easily, I have noticed return hackers... especially the ones that have the name changing script. While all of us stopping our servers for a day is a small percentage, I'm pretty sure we are the owners of some of the BETTER pubs out there. I know my CSDM server is hugely popular and its absence for a day would cause a lot of people to wonder. Multiply that by everyone on this list (OK, not everyone) it could cause a little publicity. We should email fan sites
Re: [hlds] When will the nosteam hacks be fixed?
BoNfiRe wrote: Probbably because of the scale involved in doing this. How many ppl have steam accounts hmm too many. Nah. You're only talking about 2.5 million records really. (2.3 million unique users per month http://www.steampowered.com/status/status.html) Even a desktop database like Microsoft Access is capable (all be it at its utter and total limit) of handling that number of rows in a table. As Whisper has already said its not that hard an application to build. With the details that you enter into your Steam registeration, you've got at least 3 ways of confirming that a user is a legitimate and at two different points of connection. You can check the users details on start up of the client (its possible to intercept this and make the steam client believe that its completed a valid login [maybe this is how nosteam works?]) and the second connection point is when a user joins a server. The server sends the user details to a valve authentication server. This second connection would be much harder to intercept other than by installing something on the server itself to prevent it talking to the authentication server. I'm not sure what the authentication servers are doing, but really they should be confirming, userid, steam id and possibly checking cd keys of users connecting to a server. I know that a userid/cd key match is not mandatory, because you can log in on any machine where steam/halflife is installed, but I'll bet 9/10 legitimate users will have matching a userid/steamid/cdkey. Ok - so a lot of people would be less than comfortable with their login details floating around in the open, but there is no reason why some kind of one way encrypted hash of their details couldn't be passed instead. The encrypted hash would be useless unless matched up with information in the Valve database. A nice little cluster of MS SQL or Oracle or even mySQL servers with some kind of webservice on the front could probably manage this nicely. Sorry... I hate speculating or suggesting solutions when its not my place, but the problem of ensuring valid logins to servers is a nice little problem that appeals to me. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: Re: [hlds] When will the \nosteam\ hacks be fixed?
I've been twisting my brain for some time now, to figure out what possible technical problems are in the way or fixing this, and I still have no answer. I must have been going over the problem ten times, and every time I come to the same conclusion; it’s easy to fix, and should have been done right from the beginning. But then again, it might not be a technical problem, it might be that they simply don’t have the necessary skills / insights to do it right - And considering that a lot of Valve people are ex Microsoft people, I find that notion entirely feasible. /Jesper Sørensen - Network Engineer Thats my point, the amount of records we are talking about is not that large when you have worked with decent sized databases. I guess you have: Account Name Contact E-mail Password Secret Question Secret Answer CD-Key STEAM_ID So about 7 basic fields per user and I guess you would have times and dates as well, so I mean you could have 20 fields and its still nothing. I guess you could keep records of IP addresses and servers played on if you wished which would increase the amount of fields you require, but I mean there are people who are cleverer and more experienced than I am who would be able to tell you that this would be pretty easy to keep a record of all of this stuff if required, but in any case is not necessary for identification/authetication purposes and you could keep it in several linked databases and only keep a database with the above fields or something similar for the day to day authetication since that where the largest amount of querys are going to occur. As I said quite sometime ago in this list, if you don't know what you are doing just get IBM to do it for you, it wouldn't even be that expensive and a least THEY know wtf they are doing! On Wed, 15 Dec 2004 13:25:54 -, BoNfiRe [EMAIL PROTECTED] wrote: Probbably because of the scale involved in doing this. How many ppl have steam accounts hmm too many. - Original Message - From: Whisper [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 15, 2004 1:09 PM Subject: Re: [hlds] When will the nosteam hacks be fixed? Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Doesn't Valve know which STEAM_ID's belong to which STEAM Users? Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? From my basic knowledge of databases and network security all this should be extremely simple to setup and secure and the database would not ever be that large (10 million records is nothing in the scheme of databases) and no matter what is occurring on the client (which is how nosteam works AFAIK it is all client side) it should be damn simple to stop illegitimate users connecting or at least staying connected to a server if the correct procedures were put in place! Anybody got any reason why this would be a difficult thing to do? Anybody got any insights into how nosteam works and why it's so difficult for Valve to block its use? Nobody I have spoken to about this issue who knows anything about databases, database network security understands when I put to them the scenario, why this is a problem. On Tue, 14 Dec 2004 23:57:26 -0700, Alex Herlan [EMAIL PROTECTED] wrote: Haha yea... I am very pissed that Valve hasn't had more support for Steam related technology since the release of Half-Life 2... I mean Steam has been buggy and weird in general, and had poor anti-cheat protection for a while now... but now that I've forked over $60 for half-life 2, I kind of expect a lot of these things to be resolved by now, or being fixed very quickly as we speak. Don't get me wrong, I see the potential of steam as being something really great.. but right now with the flakey friends network being practically unusable, and no anti-cheat/hack protection, its all totally worthless... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roc Sent: Tuesday, December 14, 2004 10:39 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? You must not forget to get the media involved (c-net, zd-net, abc, cbs, post, times, etc..). Only then will it truly work. Happy Holidays Andrew R. Mitcham wrote: I'm all for a shut down of my servers in protest. I think I have bitched and moaned about the negligence of VAC for years... and every time I do, someone says Oh
Re: [hlds] When will the nosteam hacks be fixed?
Well the thing is, your STEAM_ID is connected to your Login. Suipposedly you cannot create (RDRR many lols) a STEAM Login without a valid CD Key Thats how integrity is supposed to be maintained to allow people to login on any computer. As most of you are well aware, this is really stupidly basic stuff in the world of databases. Actually Access 2003 is really limited to 2GB size not so much records or anything like that, if you know what I mean. http://office.microsoft.com/en-au/assistance/HP051868081033.aspx Microsoft Access database (.mdb) (Microsoft Access database: A collection of data and objects (such as tables, queries, or forms) that is related to a particular topic or purpose. The Microsoft Jet database engine manages the data.) file size 2 gigabytes minus the space needed for system objects (system object: Database objects that are defined by the system, such as the table MSysIndexes, or by the user. You can create a system object by naming the object with USys as the first four characters in the object name.). Table size 2 gigabyte minus the space needed for the system objects I think the limits for mySQL and MS SQL are more hardware limitations than anything else or more importantly budgetary :D On Wed, 15 Dec 2004 14:27:05 +, Stephen Moretti (blueyonder) [EMAIL PROTECTED] wrote: BoNfiRe wrote: Probbably because of the scale involved in doing this. How many ppl have steam accounts hmm too many. Nah. You're only talking about 2.5 million records really. (2.3 million unique users per month http://www.steampowered.com/status/status.html) Even a desktop database like Microsoft Access is capable (all be it at its utter and total limit) of handling that number of rows in a table. As Whisper has already said its not that hard an application to build. With the details that you enter into your Steam registeration, you've got at least 3 ways of confirming that a user is a legitimate and at two different points of connection. You can check the users details on start up of the client (its possible to intercept this and make the steam client believe that its completed a valid login [maybe this is how nosteam works?]) and the second connection point is when a user joins a server. The server sends the user details to a valve authentication server. This second connection would be much harder to intercept other than by installing something on the server itself to prevent it talking to the authentication server. I'm not sure what the authentication servers are doing, but really they should be confirming, userid, steam id and possibly checking cd keys of users connecting to a server. I know that a userid/cd key match is not mandatory, because you can log in on any machine where steam/halflife is installed, but I'll bet 9/10 legitimate users will have matching a userid/steamid/cdkey. Ok - so a lot of people would be less than comfortable with their login details floating around in the open, but there is no reason why some kind of one way encrypted hash of their details couldn't be passed instead. The encrypted hash would be useless unless matched up with information in the Valve database. A nice little cluster of MS SQL or Oracle or even mySQL servers with some kind of webservice on the front could probably manage this nicely. Sorry... I hate speculating or suggesting solutions when its not my place, but the problem of ensuring valid logins to servers is a nice little problem that appeals to me. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
Can anybody tell us how NOSTEAM works? Because so far nobody has been able to punch holes in the methodologies many of us have suggested here to stop a hack like NOSTEAM working at all! On Thu, 16 Dec 2004 07:41:07 +1100, Whisper [EMAIL PROTECTED] wrote: BTW if the problem is that Valve do not want to use servers to pass along the information then why not then only use the Content Providers who I think are well and truly vetted before they are allowed to be STEAM Content Providers AND more or less rule 99.9% of wannabe's out when the question is. Do you have a 1Gb or greater link? Do you have a problem serving 10GB of data per day? On Wed, 15 Dec 2004 16:09:39 +, Stephen Moretti (blueyonder) [EMAIL PROTECTED] wrote: Whisper wrote: Well the thing is, your STEAM_ID is connected to your Login. Suipposedly you cannot create (RDRR many lols) a STEAM Login without a valid CD Key Thats how integrity is supposed to be maintained to allow people to login on any computer. Indeed - hence the reason I suggest checking userid and steamid and cd key all together. If they don't match ie. someone is most likely interfering in some way (not so much the CD Key for reason I've already stated) don't let them in. If you're checking all the account details from both the client and from server that a user is connecting to you've got a much small probability of a hacker/cracker getting a valid combination and being able to access a game server. Actually Access 2003 is really limited to 2GB size not so much records or anything like that, if you know what I mean. Aye - still a canny few records though ;o) I think the limits for mySQL and MS SQL are more hardware limitations than anything else or more importantly budgetary :D ~lol~ yep - hence the reason why most of the stuff I build is based on mySQL :D ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. What I still do not understand is if Valve know which username and I assume email address password belongs to which STEAM_ID, why on gawds earth why can't Valve/STEAM use those variables to determine whether the person using the STEAM_ID is who they say they are? Surely the NOSTEAM hack does not have access to peoples Usernames/Passwords/E-mail addresses, does it? Why on Earth was it not always done this way in the first place? Why does anything have to be changed? Personally I could not have conceived doing it any other way!! On Wed, 15 Dec 2004 22:59:00 +0100, Maarten van der Zwaart [EMAIL PROTECTED] wrote: On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
I don't buy that...There is no reason they can't comment on this one way or another. IMO that is what this forum is for. I think enough people have legitimate concerns and they should acknowledge that. I mean we have put up with a lot of shit running dedicated servers over the past few years. I think we deserve more respect then they are giving. It would be nice to know if they even have a plan or if they don't think they can ever get a handle on it at least tell us that so we can get a good third party AC going. The silence is just bizarre to me. jefe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren J. Mason Sent: Wednesday, December 15, 2004 5:27 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.5.4 - Release Date: 12/15/2004 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
You are all familiar with the expression The wheels have fallen off ?? In this case it appears the wheels were never put on, in fact I don't think wheels were even a design consideration even though wheels were the main enabler of the technology in the first place! On Wed, 15 Dec 2004 14:27:00 -0800, Darren J. Mason [EMAIL PROTECTED] wrote: Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
lol.. I did I moved on to playing and running BF:DC on all but one box. :--) However trying for a big boycot type thing like those dont buy gas this tuesday crap is utterly pointless. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of K. Mike Bradley Sent: Tuesday, December 14, 2004 11:08 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? It wont hurt and it mite send a message. There has been a discussion for over 8 months now so that don't work ... Show some solidarity admins! DO SOMETHING TO BREAK THE IMPASSE! ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
I'm not trying to diss valve really but the only thing that would over complicate things would be a bad design from the get go that they would have to patch or build around, even then it's quite doable, though may not be as straight forward as it seems at first glance. Look we all have to understand things are never quite as simple as we seem to think looking from the outside. That said there're not that darn complex either. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Whisper Sent: Wednesday, December 15, 2004 8:10 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Doesn't Valve know which STEAM_ID's belong to which STEAM Users? Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? From my basic knowledge of databases and network security all this should be extremely simple to setup and secure and the database would not ever be that large (10 million records is nothing in the scheme of databases) and no matter what is occurring on the client (which is how nosteam works AFAIK it is all client side) it should be damn simple to stop illegitimate users connecting or at least staying connected to a server if the correct procedures were put in place! Anybody got any reason why this would be a difficult thing to do? Anybody got any insights into how nosteam works and why it's so difficult for Valve to block its use? Nobody I have spoken to about this issue who knows anything about databases, database network security understands when I put to them the scenario, why this is a problem. On Tue, 14 Dec 2004 23:57:26 -0700, Alex Herlan [EMAIL PROTECTED] wrote: Haha yea... I am very pissed that Valve hasn't had more support for Steam related technology since the release of Half-Life 2... I mean Steam has been buggy and weird in general, and had poor anti-cheat protection for a while now... but now that I've forked over $60 for half-life 2, I kind of expect a lot of these things to be resolved by now, or being fixed very quickly as we speak. Don't get me wrong, I see the potential of steam as being something really great.. but right now with the flakey friends network being practically unusable, and no anti-cheat/hack protection, its all totally worthless... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roc Sent: Tuesday, December 14, 2004 10:39 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? You must not forget to get the media involved (c-net, zd-net, abc, cbs, post, times, etc..). Only then will it truly work. Happy Holidays Andrew R. Mitcham wrote: I'm all for a shut down of my servers in protest. I think I have bitched and moaned about the negligence of VAC for years... and every time I do, someone says Oh, they are working on it... be patient. 2 years later... MORE hackers than pre-steam. I participate in Steambans.com (I'm ranked #1 on there :D) which was great for a while. But now that I hear people can get a new STEAMID so easily, I have noticed return hackers... especially the ones that have the name changing script. While all of us stopping our servers for a day is a small percentage, I'm pretty sure we are the owners of some of the BETTER pubs out there. I know my CSDM server is hugely popular and its absence for a day would cause a lot of people to wonder. Multiply that by everyone on this list (OK, not everyone) it could cause a little publicity. We should email fan sites (csnation.net, hlfallout.net, halflife2.net, etc) and let them know that this event may occur and the reason why. Seriously, SOMETHING needs to be done and I won't take someone is working on it for an answer by someone who doesn't work for VALVe. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roc Sent: Tuesday, December 14, 2004 10:25 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? IMO, this Friday is too soon, we need some organization and lots of folks (web sites) to spread the word Happy Holidays K. Mike Bradley wrote: It wont hurt and it mite send a message. There has been a discussion for over 8 months now so that don't work ... Show some solidarity admins! DO SOMETHING TO BREAK THE IMPASSE! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roc Sent: Tuesday, December 14, 2004 8:38 PM To: [EMAIL PROTECTED
Re: [hlds] When will the nosteam hacks be fixed?
The silence isn't the slightest bit bizzare, it's just a repeat of the past. Remember when they missed the HL2 deadline of September, and the article that explained how embarrassed and stuff Gabe was? Seems to be just repeating past mistakes, embarrassed that their system was cracked but unwilling to open himself to attacks :/ - Bruce Bahamut Andrews J Marcus wrote: I don't buy that...There is no reason they can't comment on this one way or another. IMO that is what this forum is for. I think enough people have legitimate concerns and they should acknowledge that. I mean we have put up with a lot of shit running dedicated servers over the past few years. I think we deserve more respect then they are giving. It would be nice to know if they even have a plan or if they don't think they can ever get a handle on it at least tell us that so we can get a good third party AC going. The silence is just bizarre to me. jefe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren J. Mason Sent: Wednesday, December 15, 2004 5:27 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.5.4 - Release Date: 12/15/2004 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
What ever the reasons the silence has always been interesting. Oddly enough the coders list seems to be fairly active with responses by Valve employees. I know thier reading all this which makes it all the more humorous. You just know there all giggling and screaming for us to stfu. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bruce Bahamut Andrews Sent: Wednesday, December 15, 2004 11:37 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The silence isn't the slightest bit bizzare, it's just a repeat of the past. Remember when they missed the HL2 deadline of September, and the article that explained how embarrassed and stuff Gabe was? Seems to be just repeating past mistakes, embarrassed that their system was cracked but unwilling to open himself to attacks :/ - Bruce Bahamut Andrews J Marcus wrote: I don't buy that...There is no reason they can't comment on this one way or another. IMO that is what this forum is for. I think enough people have legitimate concerns and they should acknowledge that. I mean we have put up with a lot of shit running dedicated servers over the past few years. I think we deserve more respect then they are giving. It would be nice to know if they even have a plan or if they don't think they can ever get a handle on it at least tell us that so we can get a good third party AC going. The silence is just bizarre to me. jefe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren J. Mason Sent: Wednesday, December 15, 2004 5:27 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.5.4 - Release Date: 12/15/2004 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
Makes you wonder who's dumb idea it was not to run a proper authentication scheme in the first instance and who at Valve is going I told you so, the damn fools never listen to me and now look at the mess we are in ??? On Thu, 16 Dec 2004 00:02:11 -0500, Napier, Kevin [EMAIL PROTECTED] wrote: What ever the reasons the silence has always been interesting. Oddly enough the coders list seems to be fairly active with responses by Valve employees. I know thier reading all this which makes it all the more humorous. You just know there all giggling and screaming for us to stfu. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bruce Bahamut Andrews Sent: Wednesday, December 15, 2004 11:37 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The silence isn't the slightest bit bizzare, it's just a repeat of the past. Remember when they missed the HL2 deadline of September, and the article that explained how embarrassed and stuff Gabe was? Seems to be just repeating past mistakes, embarrassed that their system was cracked but unwilling to open himself to attacks :/ - Bruce Bahamut Andrews J Marcus wrote: I don't buy that...There is no reason they can't comment on this one way or another. IMO that is what this forum is for. I think enough people have legitimate concerns and they should acknowledge that. I mean we have put up with a lot of shit running dedicated servers over the past few years. I think we deserve more respect then they are giving. It would be nice to know if they even have a plan or if they don't think they can ever get a handle on it at least tell us that so we can get a good third party AC going. The silence is just bizarre to me. jefe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren J. Mason Sent: Wednesday, December 15, 2004 5:27 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.5.4 - Release Date: 12/15/2004 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Doesn't Valve know which STEAM_ID's belong to which STEAM Users? Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? From my basic knowledge of databases and network security all this should be extremely simple to setup and secure and the database would not ever be that large (10 million records is nothing in the scheme of databases) and no matter what is occurring on the client (which is how nosteam works AFAIK it is all client side) it should be damn simple to stop illegitimate users connecting or at least staying connected to a server if the correct procedures were put in place! Anybody got any reason why this would be a difficult thing to do? Anybody got any insights into how nosteam works and why it's so difficult for Valve to block its use? Nobody I have spoken to about this issue who knows anything about databases, database network security understands when I put to them the scenario, why this is a problem. On Tue, 14 Dec 2004 23:57:26 -0700, Alex Herlan [EMAIL PROTECTED] wrote: Haha yea... I am very pissed that Valve hasn't had more support for Steam related technology since the release of Half-Life 2... I mean Steam has been buggy and weird in general, and had poor anti-cheat protection for a while now... but now that I've forked over $60 for half-life 2, I kind of expect a lot of these things to be resolved by now, or being fixed very quickly as we speak. Don't get me wrong, I see the potential of steam as being something really great.. but right now with the flakey friends network being practically unusable, and no anti-cheat/hack protection, its all totally worthless... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roc Sent: Tuesday, December 14, 2004 10:39 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? You must not forget to get the media involved (c-net, zd-net, abc, cbs, post, times, etc..). Only then will it truly work. Happy Holidays Andrew R. Mitcham wrote: I'm all for a shut down of my servers in protest. I think I have bitched and moaned about the negligence of VAC for years... and every time I do, someone says Oh, they are working on it... be patient. 2 years later... MORE hackers than pre-steam. I participate in Steambans.com (I'm ranked #1 on there :D) which was great for a while. But now that I hear people can get a new STEAMID so easily, I have noticed return hackers... especially the ones that have the name changing script. While all of us stopping our servers for a day is a small percentage, I'm pretty sure we are the owners of some of the BETTER pubs out there. I know my CSDM server is hugely popular and its absence for a day would cause a lot of people to wonder. Multiply that by everyone on this list (OK, not everyone) it could cause a little publicity. We should email fan sites (csnation.net, hlfallout.net, halflife2.net, etc) and let them know that this event may occur and the reason why. Seriously, SOMETHING needs to be done and I won't take someone is working on it for an answer by someone who doesn't work for VALVe. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roc Sent: Tuesday, December 14, 2004 10:25 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? IMO, this Friday is too soon, we need some organization and lots of folks (web sites) to spread the word Happy Holidays K. Mike Bradley wrote: It wont hurt and it mite send a message. There has been a discussion for over 8 months now so that don't work ... Show some solidarity admins! DO SOMETHING TO BREAK THE IMPASSE! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roc Sent: Tuesday, December 14, 2004 8:38 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? Thats just it, you won't hear a peep from them! On a serious note, I am open to anything that would work. Happy Holidays J Marcus wrote: Nah that is not the answer..it would just help the empty servers. Why not have a open discussion about it on this mailing list. Not looking to go into anything specific but to have absolutely no response or participation in the dialog from Valve just doesn't sit well with me. Or did I miss something.. jefe -Original Message- From: [EMAIL PROTECTED] [mailto
Re: [hlds] When will the nosteam hacks be fixed?
Whisper wrote: Well the thing is, your STEAM_ID is connected to your Login. Suipposedly you cannot create (RDRR many lols) a STEAM Login without a valid CD Key Thats how integrity is supposed to be maintained to allow people to login on any computer. Indeed - hence the reason I suggest checking userid and steamid and cd key all together. If they don't match ie. someone is most likely interfering in some way (not so much the CD Key for reason I've already stated) don't let them in. If you're checking all the account details from both the client and from server that a user is connecting to you've got a much small probability of a hacker/cracker getting a valid combination and being able to access a game server. Actually Access 2003 is really limited to 2GB size not so much records or anything like that, if you know what I mean. Aye - still a canny few records though ;o) I think the limits for mySQL and MS SQL are more hardware limitations than anything else or more importantly budgetary :D ~lol~ yep - hence the reason why most of the stuff I build is based on mySQL :D ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maarten van der Zwaart Sent: Wednesday, December 15, 2004 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? On Thu, 16 Dec 2004 00:09:43 +1100, Whisper [EMAIL PROTECTED] wrote: Can somebody who is more familiar with Databases and Database security please explain to me/us why it is difficult for Valve to secure their STEAM_ID system? Doesn't Valve have complete control over the STEAM User and STEAM_ID database? Yes they do. Doesn't Valve know which STEAM_ID's belong to which STEAM Users? They do know. Don't Valve know whether a STEAM Account has been created legitimately on their STEAM User database or not? All accounts are created legitimately. Can't Valve verify that people in a server are using STEAM_ID's that were created legitimately and belong to the STEAM User they purport to be? They are using legitimate steam id's, that belong to legitimate steam accounts. The problem is that the game server and/or authentication server does not check if the user owns the game he is playing. This probably needs big changes in the way the clients obtain authentication data that is sent to the game server. This can be a lot of work, as changes are probably needed on clients, game servers and steam servers. Obviously these changes need to be made at the same time, as most likely this changes the communication protocols used, which is also a lot of work. Developing a new authentication scheme is not an easy task, but I'm sure they're working on it. We'll just have to wait. Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
This is a multi-part message in MIME format. -- Probably more an issue of deploying one solution\architecture and then having the business flipflop and tack on all sorts of new requirements that don't fit the original design or not.. Since we dont work there, and I'm sure nobody there will dicuss it in detail publicly we'll never know. Would have been problematic but probably better overall to break the steam mold with hl2 and deploy source games on an updated version of thier auth systems so what if required people to get new steam(v2)id's. wtf do we know though, can't see through the tinted glass. From: [EMAIL PROTECTED] on behalf of Whisper Sent: Thu 12/16/2004 1:31 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? Makes you wonder who's dumb idea it was not to run a proper authentication scheme in the first instance and who at Valve is going I told you so, the damn fools never listen to me and now look at the mess we are in ??? On Thu, 16 Dec 2004 00:02:11 -0500, Napier, Kevin [EMAIL PROTECTED] wrote: What ever the reasons the silence has always been interesting. Oddly enough the coders list seems to be fairly active with responses by Valve employees. I know thier reading all this which makes it all the more humorous. You just know there all giggling and screaming for us to stfu. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bruce Bahamut Andrews Sent: Wednesday, December 15, 2004 11:37 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? The silence isn't the slightest bit bizzare, it's just a repeat of the past. Remember when they missed the HL2 deadline of September, and the article that explained how embarrassed and stuff Gabe was? Seems to be just repeating past mistakes, embarrassed that their system was cracked but unwilling to open himself to attacks :/ - Bruce Bahamut Andrews J Marcus wrote: I don't buy that...There is no reason they can't comment on this one way or another. IMO that is what this forum is for. I think enough people have legitimate concerns and they should acknowledge that. I mean we have put up with a lot of shit running dedicated servers over the past few years. I think we deserve more respect then they are giving. It would be nice to know if they even have a plan or if they don't think they can ever get a handle on it at least tell us that so we can get a good third party AC going. The silence is just bizarre to me. jefe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren J. Mason Sent: Wednesday, December 15, 2004 5:27 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Everyone calm down a minute and think about the overall scope of things. Valve is known for creating at least one, if not several of the most awesome games we have ever played. Development has ALWAYS been plagued by missed deadlines, stolen code, and more missed deadlines. Should a new authentication scheme + anticheat measure been included with HL2 - of course! But this is Valve, and they are probably working on something so revolutionary they can't possibly release it in conjunction with the game it's made for. Even if they posted about it here, we all know any deadline hard or soft would be extended and extended. We will get something later rather than sooner, it will work for the most part, and we will be happy. It the freakin waiting that has always killed us! -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.5.4 - Release Date: 12/15/2004 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds -- [ winmail.dat of type application/ms-tnef deleted ] -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
WON.. hahah so true. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of BeNt Sent: Tuesday, December 14, 2004 9:22 AM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? Why in gods name its difficult to set things up so peoples STEAM_ID's that are used in servers can only be autheticated against a database that Valve has access to AND have the database set to only allow people on to servers who have legitamately set up STEAM Accounts is beyond me??? WON anyone?? I have been noticing alot more hacks about in my various servers.Especially my scoutzknivez server.BUT the best defense of a server is a good admin team along with a ban system.I also highly suggest http://www.steambans.com to anyone who wants to participate in a global bans system.But I would like to hear some offical word on how VALVe plains to stop all this foolishness. BeNt ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
It's really funny how all of you people think you're some kind of genius and have an easy solution. The problem is, you know nothing, and are not helping in any way. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of StealthMode Sent: Tuesday, December 14, 2004 1:05 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? But I would like to hear some offical word on how VALVe plains to stop all this foolishness. I think every admin on this list would. However, lets look at something for a minute. I think Valve supports cheating. Why do I say this? Why is there an option in the server software to disable anticheat? Its this that leads me to believe that Valve endorses cheating. Why do they make the anticheat? Cause if they didn't they would lose half of their customer base at least. So they have to make it appear that they are doing something. Whens the last time Valve updated VAC? I know I have turned in a few cheats to VAC that aren't distributed that badly yet. But are there detections for it in VAC? No. The cheats still work to this day. That was two months ago that I turned those hacks in. I think Valve needs to take a stand. Enforce VAC on all servers, lock down the database, set up an authentication system like others on this list have requested. To the guys who say oh I don't want VAC on my server, too bad, you want the game, they made it, use the anticheat that's built into it or don't use the software. I remember this thing in the EULA that stated you could not modify the code, or hook it in any way shape or form, if you did you had to destroy your copy of the software. If VAC were mandatory, this same clause would apply. And if they locked the engine down better, cheats would be a thing of the past. I to would love some form of reply from Valve. Maybe I'll forward these latest mails to each and every employee of Valve Software every day until someone chooses to reply (Gotta love spam). -StealthMode ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
If you server admins really wanted to do something stop your servers for one day ... Lets say this Friday. See what Valve does then. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marcelo de Paula Bezerra Sent: Monday, December 13, 2004 3:42 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [hlds] When will the nosteam hacks be fixed? Cheating and abuse in general are rampant, and no matter how much I try, they always come back with new steamids. Looking at one specific fool who's now banned by ip address and has been banned multiple times for multiple offenses (including wallhacking, speedhacking and impersonating other players). STEAM_0:0:4918135 STEAM_0:0:4978634 STEAM_0:0:5002506 STEAM_0:0:5011120 STEAM_0:0:5172294 STEAM_0:0:5421319 STEAM_0:0:748493 STEAM_0:1:4989069 his isp changed backbone provider here, and he got a new ip. STEAM_0:0:5421319 STEAM_0:0:5546028 STEAM_0:0:5662333 STEAM_0:0:5727892 STEAM_0:0:5750589 STEAM_0:0:5755806 STEAM_0:1:5544009 STEAM_0:1:5764391 STEAM_0:1:5769801 -- Marcelo de Paula Bezerra [EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
Mike, a day is not enough, lets say a week! K. Mike Bradley wrote: If you server admins really wanted to do something stop your servers for one day ... Lets say this Friday. See what Valve does then. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marcelo de Paula Bezerra Sent: Monday, December 13, 2004 3:42 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [hlds] When will the nosteam hacks be fixed? Cheating and abuse in general are rampant, and no matter how much I try, they always come back with new steamids. Looking at one specific fool who's now banned by ip address and has been banned multiple times for multiple offenses (including wallhacking, speedhacking and impersonating other players). STEAM_0:0:4918135 STEAM_0:0:4978634 STEAM_0:0:5002506 STEAM_0:0:5011120 STEAM_0:0:5172294 STEAM_0:0:5421319 STEAM_0:0:748493 STEAM_0:1:4989069 his isp changed backbone provider here, and he got a new ip. STEAM_0:0:5421319 STEAM_0:0:5546028 STEAM_0:0:5662333 STEAM_0:0:5727892 STEAM_0:0:5750589 STEAM_0:0:5755806 STEAM_0:1:5544009 STEAM_0:1:5764391 STEAM_0:1:5769801 -- Marcelo de Paula Bezerra [EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
Stealth I think your wrong about supporting cheating. There's a big difference between actively going after it, or jacking up it's priority on the todo: list but to say they support it a claim which really is not supported by the facts, at least in the not so distant past. That said it's a big problem and it does need some attention, the sooner the better. Spartibus nobody suggested an easy solution, someone was thinking outloud about a solution to one part of the overall problem, it was not far fetched and it was not neccessarly unworkable. Thankfully your not the judge and jury on what may or may not be helping. Bitching about things here in some cases does in fact help and if done repeadedly and loudly things on occation get addressed by Valve. /whatever It's funny though that we nearly have as much cheating issues now as existed pre-steam and vac.. maybe I'm wrong but it feels like that most days. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of StealthMode Sent: Tuesday, December 14, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? But I would like to hear some offical word on how VALVe plains to stop all this foolishness. I think every admin on this list would. However, lets look at something for a minute. I think Valve supports cheating. Why do I say this? Why is there an option in the server software to disable anticheat? Its this that leads me to believe that Valve endorses cheating. Why do they make the anticheat? Cause if they didn't they would lose half of their customer base at least. So they have to make it appear that they are doing something. Whens the last time Valve updated VAC? I know I have turned in a few cheats to VAC that aren't distributed that badly yet. But are there detections for it in VAC? No. The cheats still work to this day. That was two months ago that I turned those hacks in. I think Valve needs to take a stand. Enforce VAC on all servers, lock down the database, set up an authentication system like others on this list have requested. To the guys who say oh I don't want VAC on my server, too bad, you want the game, they made it, use the anticheat that's built into it or don't use the software. I remember this thing in the EULA that stated you could not modify the code, or hook it in any way shape or form, if you did you had to destroy your copy of the software. If VAC were mandatory, this same clause would apply. And if they locked the engine down better, cheats would be a thing of the past. I to would love some form of reply from Valve. Maybe I'll forward these latest mails to each and every employee of Valve Software every day until someone chooses to reply (Gotta love spam). -StealthMode ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
If you honestly think that, then you're totally beyond all hope. Become a programmer sometime, as see if YOU can fix the current system. Of course they're working on fixing it, but like when a dam cracks, and the water starts cascading out, there's no 'easy' solution to the problem you're faced with. And I wouldn't hold my breath waiting for a reply to this list about it, they're all attached to NDA's and soforth, and replying here would just be begging stupid 'gaming' websites to pay them out with quotes. - Bruce Bahamut Andrews StealthMode wrote: But I would like to hear some offical word on how VALVe plains to stop all this foolishness. I think every admin on this list would. However, lets look at something for a minute. I think Valve supports cheating. Why do I say this? Why is there an option in the server software to disable anticheat? Its this that leads me to believe that Valve endorses cheating. Why do they make the anticheat? Cause if they didn't they would lose half of their customer base at least. So they have to make it appear that they are doing something. Whens the last time Valve updated VAC? I know I have turned in a few cheats to VAC that aren't distributed that badly yet. But are there detections for it in VAC? No. The cheats still work to this day. That was two months ago that I turned those hacks in. I think Valve needs to take a stand. Enforce VAC on all servers, lock down the database, set up an authentication system like others on this list have requested. To the guys who say oh I don't want VAC on my server, too bad, you want the game, they made it, use the anticheat that's built into it or don't use the software. I remember this thing in the EULA that stated you could not modify the code, or hook it in any way shape or form, if you did you had to destroy your copy of the software. If VAC were mandatory, this same clause would apply. And if they locked the engine down better, cheats would be a thing of the past. I to would love some form of reply from Valve. Maybe I'll forward these latest mails to each and every employee of Valve Software every day until someone chooses to reply (Gotta love spam). -StealthMode ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
Re: [hlds] When will the nosteam hacks be fixed?
Thats just it, you won't hear a peep from them! On a serious note, I am open to anything that would work. Happy Holidays J Marcus wrote: Nah that is not the answer..it would just help the empty servers. Why not have a open discussion about it on this mailing list. Not looking to go into anything specific but to have absolutely no response or participation in the dialog from Valve just doesn't sit well with me. Or did I miss something.. jefe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roc Sent: Tuesday, December 14, 2004 6:00 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] When will the nosteam hacks be fixed? Mike, a day is not enough, lets say a week! K. Mike Bradley wrote: If you server admins really wanted to do something stop your servers for one day ... Lets say this Friday. See what Valve does then. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.5.3 - Release Date: 12/14/2004 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
Ricochet:Source LOL! Dear God no! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of OConnor John Sent: Tuesday, December 14, 2004 5:02 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of K. Mike Bradley If you server admins really wanted to do something stop your servers for one day ... Lets say this Friday. See what Valve does then. That is a *really* interesting notion. Given that Valve is effectively in a loose partnership with server admins, commercial and otherwise, all around the world. A co-dependence where server admins rely on Valve to provide an attractive, stable gaming environment, and server admins provide hardware and bandwidth to make Valve's online products worthwhile. The alternative of Valve/Sierra/Vivendi establishing a commercial gaming network is presumably not as economically attractive. (I wonder how the accountants feel about relying on such informal external support as part of their business model?) But anyway - Valve aren't stupid. They are not ignorant of the issues. One just hopes that their efforts are concentrated on the issues we percieve as important - and not on producing Ricochet:Source. JOC John P O'Connor Email - [EMAIL PROTECTED] (preferred) - [EMAIL PROTECTED] If an infinite number of monkeys were given an infinite number of microphones, would we *really* need Britney Spears? The information in this e-mail together with any attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any form of review, disclosure, modification, distribution and/or publication of this e-mail message is prohibited. If you have received this message in error, you are asked to inform the sender as quickly as possible and delete this message and any copies of this message from your computer and/or your computer system network. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
RE: [hlds] When will the nosteam hacks be fixed?
Having the admins take down the server will be the only way of pushing valve to fix this. No servers = No one plays online = Valve in big trouble. I doubt it's an easy fix, but it's something they MUST do, why even bother working with a game that everyone just cheats in? Why should I be encouraged to make a mod that someone is going to make a cheat for it eventually and just ruin the game? - Spencer voogru MacDonald -Original Message- From: Darren J. Mason [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 14, 2004 10:13 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? Ricochet:Source LOL! Dear God no! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of OConnor John Sent: Tuesday, December 14, 2004 5:02 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] When will the nosteam hacks be fixed? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of K. Mike Bradley If you server admins really wanted to do something stop your servers for one day ... Lets say this Friday. See what Valve does then. That is a *really* interesting notion. Given that Valve is effectively in a loose partnership with server admins, commercial and otherwise, all around the world. A co-dependence where server admins rely on Valve to provide an attractive, stable gaming environment, and server admins provide hardware and bandwidth to make Valve's online products worthwhile. The alternative of Valve/Sierra/Vivendi establishing a commercial gaming network is presumably not as economically attractive. (I wonder how the accountants feel about relying on such informal external support as part of their business model?) But anyway - Valve aren't stupid. They are not ignorant of the issues. One just hopes that their efforts are concentrated on the issues we percieve as important - and not on producing Ricochet:Source. JOC John P O'Connor Email - [EMAIL PROTECTED] (preferred) - [EMAIL PROTECTED] If an infinite number of monkeys were given an infinite number of microphones, would we *really* need Britney Spears? The information in this e-mail together with any attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any form of review, disclosure, modification, distribution and/or publication of this e-mail message is prohibited. If you have received this message in error, you are asked to inform the sender as quickly as possible and delete this message and any copies of this message from your computer and/or your computer system network. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds