Wednesday, 15 June 2011

Lulz Security and the pursuit of lulz

So, for those of you that missed it, yesterday was Titanic Takeover Tuesday, brought to you by the hacker group Lulz Security.

Now before I go any further, I’ll go on record to say that I don’t agree with what LulzSec are doing. I prefer to get my lulz via other means. At the same time, I’m not a /b/tard, or anyone with a particular grudge against LulzSec.

At the weekend, the group announced that they had hacked the Bethesda servers, pilfering the user data of some 200,000 Brink players. They also hacked into the US Senate website.

During the course of Titanic Takeover Tuesday, they launched coordinate DDoS attacks on The Escapist website, the Eve Online login servers, the site of IT security company Fin Fisher , and the login servers for both Minecraft and League of Legends.

Cue much wailing and gnashing of teeth from irate gamers and, doubtlessly, many lulz for LulzSec.

I should say that I am possibly one of the people whose details were hacked from the Bethesda servers as I regrettably purchased Brink. I have a Minecraft account, have played Eve Online, and regularly read The Escapist.

So I must be pretty pissed off right now, right? Nope, not really.

Don’t get me wrong; at first I was jelly. But when I thought about it, I realised I didn’t really have any business being angry.

For a start, the whole thing reeks of double standards. I was one of the people cheering on AnonOps when they were hacking websites in the wake of the arrest of Julian Assange, and applying pressure to those who would seek to deny Wikileaks funding. I even deleted my PayPal account in protest.

But it’s a bit fucking hypocritical of me to support AnonOps simply because they choose ‘right on’ targets, and then get annoyed when LulzSec do the exact same thing to a target I care about. It’s that classic ‘It’s fine as long as it doesn’t affect me’ attitude, and it’s not right.

This attitude was evident on various gamer web forums where people were one minute gloating at Eve Online being taken offline, then later crying because they couldn’t play League of Legends. I felt like reaching through the interwebs and bashing some heads together.

It’s a tangible atmosphere present even in the professional media, with outlets who were previously silent on the AnonOps hacks being up in arms about LulzSec messing with the PBS site, and I can’t stomach that kind of hypocrisy.

Even then, that’s only when the media chooses to report accurately. Ars Technica had me under the impression that LulzSec were going to release the Brink user info if Bethesda didn’t give out more details on the upcoming Elder Scrolls: Skyrim and also add top hats to the game. When I actually got the chance to read the statement from the group, the tone was light-hearted, and not very threatening. The top hats suggestion was added almost as a funny afterthought. Not quite the blackmail that Ars Technica had implied.

There also appears to be general misunderstanding about what motivation LulzSec have. Reading some forum posts on the topic yesterday, it was clear that the poster were divided between those who thought LulzSec were terrorists (yes, terrorists) and those who thought of them as being some sort of collective freelance security operation.

They are neither, as best I can see.

The posters claiming they were terrorists reasoned that since they had the user database, they could use this info to sow fear and blackmail the individuals contained therein. I would suggest that, given the abundance of free pronography on the internet, it could be considered a bit foolish to wilfully add your details to a huge database of pron users. Especially if one was in a position whereby the revelation of such ‘hobbies’ would be harmful. But then I have a thing for individual responsibility.

Nor are they hugely interested in their target’s security. Sure they may have advised Bethesda to ‘fix their junk’, but, if we use the burglar analogy, that’s like a burglar kicking in your back door, drinking all the lemonade in your fridge, sniffing your dirty laundry, taking a dump on the kitchen table before leaving a note that says ‘Your back door is broken.’.

So why do they do it?

Really: It’s for the lulz.

It’s not that knocking down a particular website is entertaining in itself. But when the myriad users of that site then take to Twitter to castigate LulzSec, lulz are had. When it is revealed that Lulzsec have stolen user details and people take to newsgroups and web forums to register how angry or fearful they are, lulz are had. When the Senate website is hacked and the FBI are called in, lulz are had.

Taking pleasure in the misfortune of others is a timeless concept, and LulzSec represent schadenfreude in the digital age.

Their activities are arguably criminal and I wouldn’t be hugely surprised if some arrests came from it, but I’m also certain that LulzSec are doing their best to avoid this outcome and hide their tracks, with seven proxies and the like.

As for me, you and Joe Average, there’s not a hell of a lot we can do about it. Evidently general web security isn’t as sophisticated as it should be and these attacks will no doubt serve as part of a catalyst of change.

Until the proverbial hatches can be battened down, all we can do is keep an extensive list of alternative passwords. Think of it as background radiation or environmental change, something you just have to put up with.

Oh, and try and have some lulz along the way.

Wednesday, 1 June 2011

Crunch Time - Do we need ethical game development? I think so.

Last week, an article about 'crunch time' appeared on the Ars Technica website, about the problem of crunch time in game development and it got me thinking.

For the unitiated, crunch time is the period in a games development cycle where the developers have to shift their working patterns into the highest gear in order to ship a game on time. The worst of these are 85-hour working weeks that can last for months, but the practice of operating at a 60-hour working week for periods of up to a year is becoming increasingly common.

There are two reasons for why this happens. Firstly, when a game is set to release on a particular date, delays hurt profits. Well, that's the theory anyway. In this age of pre-orders and easy internet patching, ensuring that the game is released on time is of paramount importance to studios and their bean counters. Secondly, and somewhat more cynically, working studio employees harder and therefore shortening the development cycle means less money spent employing full teams of staff per project and a higher bottom line.

Most gamers will be familiar with the EA_spouse essay from 2004. In this letter, Erin Hoffman, then fiancee of EA developer Leander Hasty, highlighted the horrendous labour practices that developers at EA were subjected to. Read the letter. It's a hugely depressing tale of 12 hour days and 7 day working weeks. There was huge attention drawn to this issue at the time and it led to some law suits and some changes to the industry at large. All good right?

Not really. Following the release of Red Dead Redemption, Rockstar were criticised for using excessive crunch time. Mike Capps, president of Epic Games, made comments suggesting that his studio wouldn't employ anyone who wasn't willing to work 60 hours a week. It would seem little has changed. Indeed, if industry insiders are to be believed, the practice has got worse.

There are obvious drawbacks to crunch time. There is a tangible human cost. Individuals who are working an 85 hour week (12 hours a day, 7 days a week) are paying a toll with their physical, mental and emotional health. Working those kinds of hours leave no time for anything short of eating and sleeping. No kids birthdays, no Sunday lunch with the family, no hungover Saturday mornings in bed with the other half. In short - no opportunity to do anything that makes life worth living.

As well as that, it destroys people creatively. The standard 40-hour working week has been shown to generate more employee productivity over an extended period than an increase in hours. The more hours an employee has to work, the less productive they become. And in an industry that relies heavily on creative people being productive, heck, needs creativity to survive, treating game developers in this way is nonsensical. To paraphrase the Ars Technica article, do you think that Clint Eastwood would be directing movies aged 80 if he was expected to work twelve hours a day?

Erin Hoffman aka EA_Spouse

It is also worth noting I'm not talking about a team of developers throwing their weight behind an unplanned game feature that they have to rush to finish before the game launches because, to quote Tenacious D, that's fucking teamwork. I'm talking about treating people like machines.  

One could point out obvious comparisons between games developers and, say, junior doctors who work a similarly punishing schedule. Why should it be any different for games developers? I'm not saying it should, I'm saying that asking an individual to work 80+ hours a week isn't desirable in any profession, but at least there is a possibility of making changes to how the industry operates.

You see, as consumers, we endorse this system. Every single time a studio employs ridiculous crunch time practices, only to see the game in question make millions, we are sending a message. We are saying "Hey, it's ok! Run these men and women into the ground. Show no regard for their wellbeing or that of their families. Just make sure you get that game out in time so I can claim my pre-order bonus. I don't give a fuck about the people who made this product, and I will prove as much by giving you my money." Don't get me wrong; I'm not claiming the moral high ground here. I have bought crunch time games, and because the practice is becoming more pervasive, I will probably do so in future. It also doesn't help that we often don't find out about these tings until well after the game is released, so it is impossible to make an informed choice on release day.

Either way, it makes me feel fucking shit doing so and I would like it to stop.

Personally, I would like to see studios sign up to a voluntary code that ensures their developers are not subjected to unreasonable and damaging crunch time, and that they are properly remunerated for those periods when overtime is unavoidable. Similar to the Fair Trade mark which idenifies genuine fair trade products, a stamp could be awarded to those studios who can prove that their games are ethically produced. It would not only provide reassurance to the consumer, it would also identify those studios whose labour practices are in tune with what we expect from a decent society.

I was recently interviewed for the Culture NI website on whether games can be considered art. It occurs to me that this issue has relevance here.

How can we ever elevate games into an art form if we allow their creators to be treated with such contempt?

Follow @xbuttonkill on Twitter and find me on Facebook.