Inside the source code are some wonderful reminders of what Windows game development from 1995 to 2003 was really like. One experienced modder posted some gems on Bluesky, like a “HACK ALERT!” text string added just to prevent the Watcom IDE from crashing because of a “magic text heap length” crash: “Who knows why, but it works,” wrote that poor soul.
This writer’s personal favorite is this little bit in the RampOptions.cpp file in Generals, credited to John K. McDonald Jr., which expresses concerns about “TheRampOptions” existing with a set value:
if (TheRampOptions) // oh shit. return;
In addition to helping out modders and entertaining experienced coders, the GPL-licensed source code releases do a lot to help preserve these games, such that they can be reworked to run on future platforms. Projects like OpenRA and OpenSAGE already offer open source reimplementations of those games’ code, but having the original source can only help. C&C community stalwart Luke “CCHyper” Feenan worked with EA leaders to get the code back into a build-ready state and said in a press release that the updated code should make the classic games easier to patch in the future.
As part of the source code release, the Command & Conquer team dropped off 35 minutes of footage, newly found in the archives, of alpha and archive footage from the later Sage-engine based Generals and Renegade games.
Archival footage from alpha versions of Command & Conquer: Generals and Renegade, released by EA as part of their source code release.
It’s heartening to see that with the right combination of people and purpose, classic games can find renewed interest and longevity inside a big publisher.
Valve’s updates to its classic games evoke Hemingway’s two kinds of going bankrupt: gradually, then suddenly. Nothing is heard, little is seen, and then, one day, Half-Life 2: Deathmatch, Day of Defeat, and other Source-engine-based games get a bevy of modern upgrades. Now, the entirety of Team Fortress 2 (TF2) client and server game code, a boon for modders and fixers, is also being released.
That source code allows for more ambitious projects than have been possible thus far, Valve wrote in a blog post. “Unlike the Steam Workshop or local content mods, this SDK gives mod makers the ability to change, extend, or rewrite TF2, making anything from small tweaks to complete conversions possible.” The SDK license restricts any resulting projects to “a non-commercial basis,” but they can be published on Steam’s store as their own entities.
Since it had the tools out, Valve also poked around the games based on that more open source engine and spiffed them up as well. Most games got 64-bit binary support, scalable HUD graphics, borderless window options, and the like. Many of these upgrades come from the big 25-year anniversary update made to Half-Life 2, which included “overbright lighting,” gamepad configurations, Steam networking support, and the like.
As people in the many, many busy GitHub issue threads are suggesting, coding has come a long way since the heyday of the Windows-98-era Winamp player, and Winamp seems to have rushed its code onto a platform it does not really understand.
Winamp flourished around the same time as illegal MP3 networks such as Napster, Limewire, and Kazaa, providing a more capable means of organizing and playing deeply compressed music with incorrect metadata. After a web shutdown in 2013 that seemed inevitable in hindsight, Winamp’s assets were purchased by a company named Radionomy in 2014, and a new version was due out in 2019, one that aimed to combine local music libraries with web streaming of podcasts and radio.
In its press release for the code availability, the Brussels-based Llama Group SA, with roughly 100 employees, says that “Tens of millions of users still use Winamp for Windows every month.” It plans to release “two major official versions per year with new features,” as well as offering Winamp for Creators, intended for artists or labels to manage their music, licensing, distribution, and monetization on various platforms.
Microsoft said that Kremlin-backed hackers who breached its corporate network in January have expanded their access since then in follow-on attacks that are targeting customers and have compromised the company’s source code and internal systems.
The intrusion, which the software company disclosed in January, was carried out by Midnight Blizzard, the name used to track a hacking group widely attributed to the Federal Security Service, a Russian intelligence agency. Microsoft said at the time that Midnight Blizzard gained access to senior executives’ email accounts for months after first exploiting a weak password in a test device connected to the company’s network. Microsoft went on to say it had no indication any of its source code or production systems had been compromised.
Secrets sent in email
In an update published Friday, Microsoft said it uncovered evidence that Midnight Blizzard had used the information it gained initially to further push into its network and compromise both source code and internal systems. The hacking group—which is tracked under multiple other names, including APT29, Cozy Bear, CozyDuke, The Dukes, Dark Halo, and Nobelium—has been using the proprietary information in follow-on attacks, not only against Microsoft but also its customers.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” Friday’s update said. “This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.
In January’s disclosure, Microsoft said Midnight Blizzard used a password-spraying attack to compromise a “legacy non-production test tenant account” on the company’s network. Those details meant that the account hadn’t been removed once it was decommissioned, a practice that’s considered essential for securing networks. The details also meant that the password used to log in to the account was weak enough to be guessed by sending a steady stream of credentials harvested from previous breaches—a technique known as password spraying.
In the months since, Microsoft said Friday, Midnight Blizzard has been exploiting the information it obtained earlier in follow-on attacks that have stepped up an already high rate of password spraying.
Unprecedented global threat
Microsoft officials wrote:
It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures. Midnight Blizzard has increased the volume of some aspects of the attack, such as password sprays, by as much as 10-fold in February, compared to the already large volume we saw in January 2024.
Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus. It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.
The attack began in November and wasn’t detected until January. Microsoft said then that the breach allowed Midnight Blizzard to monitor the email accounts of senior executives and security personnel, raising the possibility that the group was able to read sensitive communications for as long as three months. Microsoft said one motivation for the attack was for Midnight Blizzard to learn what the company knew about the threat group. Microsoft said at the time and reiterated again Friday that it had no evidence the hackers gained access to customer-facing systems.
Midnight Blizzard is among the most prolific APTs, short for advanced persistent threats, the term used for skilled, well-funded hacking groups that are mostly backed by nation-states. The group was behind the SolarWinds supply-chain attack that led to the hacking of the US Departments of Energy, Commerce, Treasury, and Homeland Security and about 100 private-sector companies.
Last week, the UK National Cyber Security Centre (NCSC) and international partners warned that in recent months, the threat group has expanded its activity to target aviation, education, law enforcement, local and state councils, government financial departments, and military organizations.
