“Reasonable timeframe” is very subjective here. Especially after a launch where most of the team probably did massive overtime, right before the Easter weekend is, what is called in bird law, a dick move.
As for the standard practice, I was always taught that it only goes for private entities, because you can avoid them, but to not do so when it involves governments because a) legal risk and b) you may hamper services people rely upon with 0 alternatives. e.g. credit card company vulnerability vs IRS (or your local tax variant)
In that sense, if EHG (LE’s “government”) had no temporary hotfix available, their next best solution would probably have been to completely shut down the Bazaar until a fix could be deployed. That’s … not something MG players can work around.
For anyone who does not work in software development: a week is the bare minimum time it takes most companies to fix something even as small as a text change. Yes, I’m serious.
I know it’s hard to imagine from the outside, but even if your team is very small and extremely reckless, most software development has a complex system of checks and balances to ensure that bad code doesn’t see the light of day. It is also there to help prioritize effort in a sea of constant, unending demands. The downside is that this process takes time, and requires a lot of different people to sign off on something. The upside is that users experience a minuscule fraction of the bugs and mistakes that they would see without this system.
I don’t know how this company is organized, and I don’t know what their development cycle is. I just know how development cycles typically work, and I understand how a holiday that affects roughly a third of the humans on this planet might affect that schedule. I’m not defending anyone or judging anyone! But for future reference: a week is probably not enough time for a normal development process to fix something without extremely heroic, life-interrupting efforts on the parts of people who are likely paid less than you think they are.
It’s also likely not enough time for those same humans to envision, create, and deploy a novel fix for said problem (not the bug - the aftermath of the bug). I’m not saying there can’t be more communication: more communication is always better! But - and I don’t know the timeline on this - if the problem started this weekend, and they have a correction in place by this Friday, I would say that was amazing. And I mean like: oh my god this team is on fire and deserves bonuses amazing. All I’m saying is the fact that they haven’t already done this before even a few business hours have passed isn’t something deserving of scorn. And technically the clock starts on this tomorrow, because many companies / regions / countries also have today off in addition to this weekend.
Remember folks: this isn’t a hospital. No one will die or even be injured if the market is borked for another couple of days. Literally no one! We will all be ok.
You are telling me that this blood is not caused by video game economy issues?
I struggle to believe that, but i will try my best. Hopefully that is good enough and I dont have to leak the video to get a solution for this bloody mess.
Not to mention that with the influx of players, I expect they had thousands of reports per day for a long time. So it’s not unreasonable to expect that they might need some time to catch up on the reports.
Also not to mention that even then he didn’t have to release it at all. He reported it and could just wait however much time until it was fixed, instead of crashing the economy single-handledly.
Lot of people in this thread making the bold assumption that there was only one person who knew about this bug and, if that individual didn’t release the information, the bug would have remained a secret and the economy would be fine.
That’s just not how things work. Odds are, more than just one person knew about the bug and the economy was inevitably doomed, regardless of whether or not this person released the information.
Dev teams are absolutely capable of patching critical security flaws in under a week. It happens all the time. Case in point, it took them under 24 hours to patch the bug once the exploit was released. A week is quite literally 6 days too long for a critical security flaw to be patched. Much more complicated bugs have been fixed in much less time.
The reality is, the devs were too busy denying the existence of the bug in the first place. I’d be willing to bet the devs glossed over it due to the constant wolf cries about LA items. And the language barrier between the devs and someone in China trying to explain the bug probably didn’t help matters.
Shit happens, honestly. It’s a game, not your life savings.
I remember some villages, back in the days, where people wouldn’t even bother locking their houses, let alone their cars. They didn’t have to. Friendly, happy places.
Yes, in modern times and in a larger city, not locking your car is irresponsible. The people making it necessary are still complete assholes.
As for the guy standing next to the car, shouting “Hey, everyone, this car is unlocked!!!”… I don’t know, at this level of stupidity, “asshole” feels like a compliment.
We live in a world where people are eager to take opportunities at the cost of harming others. Welcome to the world? That’s how it has always been. That’s why countries exist. That’s why borders exist. And that is why governments exist. Someone has to keep people in line. If there’s no fear of punishment, what other deterrent is there? It’s certainly not it’s immoral. Naïve thinking. Very few criminals have ever been deterred by morality.
It’s impossible to know when they would have got a fix out otherwise. Given my experiences with the devs, they would have treated this thing as a priority.
Have you thought about why it’s common practice for governments to not give in to the demands of terrorists or organised crime (not that I’m saying he is, but this does smell a lot more black hat than white hat)?
Ideally yes, but IMO it depends on the scale of the issue. If its big enough for EHG to fix mid season then it shouldn’t be popularised. If they’d fix it after the season then IMO it’s ok. How the content creator is to know whether EHG would consider it big enough to fix mid-season is a different cup of tea…
But because of their actions we’ll never know now.
So if I listed an item but nobody bought it then how exactly did I benefit from this?
Yeah, I exclusively thought bad analogies when it happened. I don’t defend that poor guy’s action. But comparing him to a terrorist posing threat to a whole country is just silly and irrational. I would call it extreme fanboyism.
Let’s be honest. There is a blame on both parties. That’s life. Whitewashing devs’ inaction (or too slow reaction) is dishonest. I hope that both sides will learn a lesson so we can have a better game.
I put the game back on the shelf for now. I will wait until the product I bought is mature. The fact is that, at this time, it is not. And no, I didn’t hear about the game before it went 1.0.
This whole drama including this discussion is not entertaining. I have better things to do than playing a judge. I just wanted to play “Last Epoch”. But what happened is disheartening and far from the idea of me having fun.
The standard is actually 60 days, with it being responsible to give up to 90 days for remediation prior to disclosure, and it being supportable to disclose after 45 days if the developer is unresponsive. There is no universe in which 7 days is enough time to develop a patch and deploy it responsibly, or in which 7 days is a standard disclosure timeline.
Typically if disclosing early a responsible party discloses the details of the vulnerability along with a mitigation strategy - how users can protect themselves from those exploiting it (in this case that would be something like removing your listings and not engaging in purchases or sales until the exploit is fixed) rather than a how-to of how you too can exploit the vulnerability.
The person “disclosing” this exploit with a tutorial was in no way shape or form performing a responsible public disclosure. The timeline involved is not in any way reasonable to expect remediation. And taking a week to fix a serious vulnerability like that is well within normal standards, and not in any way indicative of negligence. Furthermore the official team has indeed taken action, showing they do not have indifference towards the issue. The OP is wrong on all counts, the person “disclosing” was wrong on all counts, and everyone who engaged in the exploit should indeed be permabanned, including especially the person who posted the tutorial on how to use it.
I know, that’s why I said I didn’t think he was, it’s just the first thing I thought of when I read the description was of someone who just wanted to burn everything down when they didn’t get a response. Plus EHG’s description of the timeframe is quite different.
And yet, plenty of games release day-of hotfixes for bugs where “Boss is dropping 10000 pieces of loot, instead of 1”. It’s not unheard of for game-breaking bugs to get fixed the day they are discovered… or at least the offending mechanism deactivated until the bug can be fixed.
I don’t defend that poor guy’s action. But comparing him to a terrorist posing threat to a whole country is just silly and irrational. I would call it extreme fanboyism.