Valve offers a longer statement about Christmas Day caching issues that allowed users to view some, - Polidicks

No one's excusing their mistake, people are only damning the just dumb never-enough attitude. Mistakes happen, and big ones too but after it all what would have made this situation better? An earlier response? Perhaps, but the issue would have still occurred and there are some very reasonable circumstances that would have created the delay: Christmas, a proper investigation into exactly what happened and what was revealed, liability, etc. What would have been the better route to have taken besides the issue never occurring in the first place and what would a earlier statement of this size have done?

[QUOTE=SGTNAPALM;49420820]I bet they wouldn't. I bet they would do the same exact thing: Fix the issue within about an hour; release a short preliminary statement within the day; and then release a proper statement along with a proper apology after, and only after, they did their homework, knew exactly what went wrong, and could be assured it would never happen again within a week. They handled everything professionally and properly. People just don't know how fucking businesses work and assume that Valve not sucking our dicks makes them unethical. Valve has done everything right and fulfilled every obligation they have to us as consumers.[/QUOTE] They didn't handle it properly, lol. As soon as people ended up in other peoples accounts a killswitch should've immediately been pulled.

Yeah they should've psychically known about it within the first three femtoseconds on the single busiest day of the year.

[QUOTE=Johnny Guitar;49420831]They didn't handle it properly, lol. As soon as people ended up in other peoples accounts a killswitch should've immediately been pulled.[/QUOTE] Unless you know exactly how this "killswitch" would be designed within the architecture of Valve's service, or what logistical issues a "killswitch" could have further caused or really what it could have prevented I would suggest to quit pulling magic-tech words out of your mouth.

[QUOTE=SGTNAPALM;49420838]Yeah they should've psychically known about it within the first three femtoseconds on the single busiest day of the year.[/QUOTE] it took them over an hour to revert it, its not a fucking black and white issue where it should've been instantly or they failed. it shouldn't have been over an HOUR later.

Definitely better late than never. It cleared quite a bit of confusion and questions that arose back then, and probably still do. Exact time it occurred, and the fact that if you weren't even on your computer / Steam during that time, no one could have seen your pageful of information.

[QUOTE=Take_Opal;49420828]What would have been the better route to have taken besides the issue never occurring in the first place and what would a earlier statement of this size have done?[/QUOTE] the issue never having occurred in the first place hire web development professionals there are people on this forum from the programming subforum who have uncovered vulnerabilities in valve's web platform from licensing to the store front, and some of us even uncovered how some of their beta software worked before wider consumption that's not acceptable further more, reading code readily available from valve's customer facing codebase, it's clear they have the same people designing game engine interfaces working on web software

[QUOTE=Dissolution;49420847]it took them over an hour to revert it, its not a fucking black and white issue where it should've been instantly or they failed. it shouldn't have been over an HOUR later.[/QUOTE] Your demands aren't exactly realistic, and you will just have to understand this. You are entitled to be upset, but you are not informed enough about how Steam, Valve and it's other interwoven services and platforms work to say that your call would have been the best or better call to make.

It's still a joke it took them around an HOUR to finally shut shit down and contain it (and before someone says it was christmas, obviously someone was working since that patch got pushed to begin with lol), but i'm glad they've finally made a statement, and are even going to be contacting the people that had their shit leaked to let them know what's happened. [QUOTE=amcwatters;49420819]they don't even make games anymore they literally have one job steam how do you fuck this up 330 employees can't all be working on dota 2[/QUOTE] and this is still the greatest mystery of all here. No amount of statements will ever let me wrap my head around this fuck up even happening.

[QUOTE=RichyZ;49420848]A storefront that takes 51% of the PC market doesn't have at least 1 employee watching it on Christmas day to make sure nothing catastrophically bad happens? That could be easily shutdown via a phone call or remotely?[/QUOTE] then how the fuck fast is fast enough, what if it took them an hour to properly turn it down? what if it took 30 minutes? people would still be complaining it took too long. what if it took 15 minutes? 7? 3? people would still be complaining that they shouldve instantly known and had a monkey right next to the datacenter circuit breaker ready to pull it immediately. an hour for a nonsensitive information leak is probably better than most companies could do.

[QUOTE=Take_Opal;49420844]Unless you know exactly how this "killswitch" would be designed within the architecture of Valve's service, or what logistical issues a "killswitch" could have further caused or really what it could have prevented I would suggest to quit pulling magic-tech words out of your mouth.[/QUOTE] okay let me iterate it in a more realistic manner option 1. use killswitch (if available) option 2. rollback on git or perforce or whatever the fuck they use for revisioning option 3. pull the plug out of the wall

[QUOTE=amcwatters;49420852]the issue never having occurred in the first place hire web development professionals there are people on this forum from the programming subforum who have uncovered vulnerabilities in valve's web platform from licensing to the store front that's not acceptable further more, reading code readily available from valve's customer facing codebase, it's clear they have the same people designing game engine interfaces working on web software[/QUOTE] "Assure %100 security at all times with zero liability." just another example. Things can always be improved, but this can happen with any company.

[QUOTE=amcwatters;49420852]the issue never having occurred in the first place hire web development professionals there are people on this forum from the programming subforum who have uncovered vulnerabilities in valve's web platform from licensing to the store front, and some of us even uncovered how some of their beta software worked before wider consumption that's not acceptable further more, reading code readily available from valve's customer facing codebase, it's clear they have the same people designing game engine interfaces working on web software[/QUOTE] youre right, valve should have properly audited the third party companies they contracted and made sure they hired proper employees.

[QUOTE=SGTNAPALM;49420838]Yeah they should've psychically known about it within the first three femtoseconds on the single busiest day of the year.[/QUOTE] As other have mentioned, other companies in the same size and customer scale have 24/7 personnel for Support and PR. Valve gotta realize they ain't a small semi-hobby company anymore, but a big boy company with big boy responsibilities that requires big boy sized PR & Support department(s) that can make decisions and release statements in big boy time instead of good ol' Valve time.

Why are people defending Steam, just because its Christmas?. They are a Billion dollar company which can afford to hire more staff and pay overtime to work on Christmas. and I am not they should have as many people on shift that day just some kind of basic emergency staff maybe half of the normal amount of people shift like one user said above they don't make games anymore ( skins barley count )so all they need to do is make sure everything is running fine. As TB goes into point about this further. ( TB made this before the Valve Statement ) [video=youtube;esmKdMDvSGI]https://www.youtube.com/watch?v=esmKdMDvSGI[/video]

[QUOTE=RenegadeCop;49420872]Was their first statement through 3rd party websites or did I imagine that? Because that's a really dumb thing to do. Where would the average customer go to find that statement? Would they really have to google "whats wrong with steam today?"[/QUOTE] "Hmm Steam is compromised better log in to steam to read the news oh wait it's compromised... Hmm we should sent reports out to third parties so that people can read it without accessing our compromised platform."

It's not like they weren't there; they had to update and break their Varnish configuration for this to happen in the first place.

[QUOTE]In response to this specific attack, caching rules managed by a [B]Steam web caching partner [/B]were deployed in order to both minimize the impact on Steam Store servers and continue to route... [/QUOTE] It was much as Valve's fault as it is your fault if a service you use fucks up.

[QUOTE=Take_Opal;49420861]Your demands aren't exactly realistic, and you will just have to understand this. You are entitled to be upset, but you are not informed enough about how Steam, Valve and it's other interwoven services and platforms work to say that your call would have been the best or better call to make.[/QUOTE] yeah i should just be comfortable with a fucking multi-billion dollar company pushing unchecked updates like this during fucking christmas of all days when the most purchases on their biggest sale of the year are going to go through stop permitting this

[QUOTE=RenegadeCop;49420907]Yes because the average customer would know what was going on[/QUOTE] I had tons of people saying "dude load up the store and your account info page lol!". I had no idea doing so was gonna compromise any of my personal information since I hadn't heard any other news at the time. This shit should've been totally shut down within minutes of it occurring. Not a full on hour.

[QUOTE=Johnny Guitar;49420831]They didn't handle it properly, lol. As soon as people ended up in other peoples accounts a killswitch should've immediately been pulled.[/QUOTE] yes, the kill switch where 6 valve employees must race to their headquarters, including Gabe Newell, and put in a 64 digit code into the master computer and shutting everything down and initiating the blast doors so that angry customers can't storm the place this exists, totally except it isn't actually always that easy.

large corporations' engineering teams talk about how slow served pages and downtime affect sales directly this makes me wonder how much money valve lost during the time steam's storefront was down, especially during a sales season

[QUOTE=VaSTinY;49420506][I]Damn you Valve web employees for also being humans with families, getting a couple days off to spend time with on Christmas!!![/I] :hairpull:[/QUOTE] lmfao yeah because nobody should be watching the steam store on what's only one of the busiest days of the entire year

[QUOTE=RichyZ;49420908]There's this thing called Twitter, Valve has multiple official Twitter accounts.[/QUOTE] Is Twitter a thing for press releases now?

Everyone here suggesting Valve have some sort of killswitch legitimately has no idea how large-scale server infrastructures work. You can't just shut that sort of thing down, nothing is ever that simple. They resolved the issue in a matter of hours, and had a press statement out in less than a week. I'd say that's a solid response time. Unless we want to remember the Sony hack, where it was rumored for a week before Sony actually said anything. Or how about the Target breach, which people knew about for months? Lowe's and Home Depot had a hacking issue last year, it took them two weeks to respond and they still haven't updated their systems past that vulnerability, instead applying a patch because POS machines are literally designed to run decades-old software. If anything, Valve did better than most major retailers have done in the past few years. It's not the best, certainly, but it's not as terrible as everyone here makes it out to be.

[QUOTE=RichyZ;49420943]If Valve doesn't have some sort of way for higher-up employees to be able to temporarily disable the Steam storefront at any given time they are incompetent as fuck.[/QUOTE] tbh they probably do have this, but they likely communicate so slowly that they never use it anyways I hear they use snail mail

[QUOTE=woolio1;49420953]Everyone here suggesting Valve have some sort of killswitch legitimately has no idea how large-scale server infrastructures work. You can't just shut that sort of thing down, nothing is ever that simple. They resolved the issue in a matter of hours, and had a press statement out in less than a week. I'd say that's a solid response time. Unless we want to remember the Sony hack, where it was rumored for a week before Sony actually said anything. Or how about the Target breach, which people knew about for months? Lowe's and Home Depot had a hacking issue last year, it took them two weeks to respond and they still haven't updated their systems past that vulnerability, instead applying a patch because POS machines are literally designed to run decades-old software. If anything, Valve did better than most major retailers have done in the past few years. It's not the best, certainly, but it's not as terrible as everyone here makes it out to be.[/QUOTE] [QUOTE=RichyZ;49420943]If Valve doesn't have some sort of way for higher-up employees to be able to temporarily disable the Steam storefront at any given time they are incompetent as fuck.[/QUOTE]

[QUOTE=J!NX;49420930]yes, the kill switch where 6 valve employees must race to their headquarters, including Gabe Newell, and put in a 64 digit code into the master computer and shutting everything down and initiating the blast doors so that angry customers can't storm the place this exists, totally except it isn't actually always that easy.[/QUOTE] Actually, the article talks about their third party companies handling some of their store. So I bet Valve found out about it within like 5 minutes and then called the third party company. The third party company who is probably currently being fucking hammered because it's Christmas, the busiest day of the year, probably had issues shutting down their services properly and not affecting other customers.

[QUOTE=postal;49420925]I had tons of people saying "dude load up the store and your account info page lol!". I had no idea doing so was gonna compromise any of my personal information since I hadn't heard any other news at the time. This shit should've been totally shut down within minutes of it occurring. Not a full on hour.[/QUOTE] 1 and 9, 8673. You now have the same compromised information from me that you lost. Go to town. Looks like their security systems prevented [i]actual[/i] sensitive information from getting out, not fucking bullshit that you can't do anything with. [highlight](User was banned for this post ("did you even try to read the OP" - Orkel))[/highlight]

[QUOTE=Take_Opal;49420775]Customers don't know shit, tbh.[/QUOTE] Thats the point of PR.