The Valve and Steam Platform Discussion Thread

[Multi-headed Cow]

Ugh, Valve once again putting harsh restrictions and limitations on hard working game developers to cater to gamers. I'm literally shaking right now.

 

[DalekFlay]

While Epic has its thumb up in their ass, doing nothing, Valve is constantly improving Steam. Babysteps, but still improving.

 

[LESS T_T]

More update to the Recommender: https://steamcommunity.com/groups/SteamLabs/discussions/3/1643170903484574354/

Filtering on multiple tags

In response to feedback, we've added the ability to filter on multiple tags at the same time, and to exclude multiple tags.

Currently if you're filtering by many tags at the same time, or use more obscure tags, you can run into a situation where the recommender is left with only a few suggestions. We have some solutions in the works for this problem, but in the spirit of Steam Labs, we wanted to get flexible tag filtering in your hands as soon as we could.

As always, we're happy to read feedback on how the Interactive Recommender is working for you, and what you'd like to see in future updates.

Valve guys are pretty responsive (strange, I know) on the Labs forum, they're also planning to add ignore, or rather "suppress" ('good recommendation but don't need this because I already own this on other platforms, etc.') button.

If these recent updates and responsiveness are response to Epic, cool, I'll give you this one Sweeney.

 

[A_boring_GOG_bot]

Hmm .

https://securityaffairs.co/wordpress/89638/hacking/steam-zeroday.html

 

[BlackAdderBG]

"by an attacker with limited permissions to run code administrative privileges."

Once again with these "vulnerabilities" that need your system to be compromised in the first place.

 

[Infinitron]

https://www.pcgamesn.com/counter-strike-global-offensive/steam-workshop-moderation

Some Steam Workshop submissions now require moderator approval

August 11, 2019 Valve has contacted us to confirm that the approvals only apply to certain games, and that not all submissions will require them.

Valve has rolled out a new feature to Steam’s Workshop. Now, some new submissions for CSGO, Dota 2, and Team Fortress 2 will require approval of a moderator before going live on the Workshop. While the new process may slow down affected submissions to the Workshop, it’s a move modders and mappers have been requesting for a while now to counter the flood of scam account submissions. Valve has confirmed that the new system has been put in place to deal with the “Free Skins” phishing scams.

The Global Offensive subreddit spotted the change this weekend. User TanookiSuit3 posted a screenshot showing a new banner over a pending Steam Workshop submission, which reads “Moderators need to approve the latest version of this item before it will be visible to other players in the Workshop.” It contains a link to more information, which is found in Steam Support. That page explains that the submission process now has two steps: first, an email verification that the user associated with the Steam account is the same person who made the submission, and second, moderator approval of the new item, map, skin, or mod.

“Newly submitted and updated items will be placed into a moderation queue,” the help page reads. “You’ll be able to view and edit the content during this process, but other players will not be able to view changes until they’re approved.”

Valve says this moderation process should take “less than a day,” so this new step shouldn’t be too much of a bottleneck for Workshop content creators. The developer has also told us that it has some rules regarding which items require verification, and which do not. For example, submissions from creators who have a large number of voters of subscribers will not require approval. Valve tells us that it will probably add additional heuristics in the future, but is waiting to see what happens with the existing rules first.

Many creators have been clamoring for Valve to take such a step for more than a year. In the Counter-Strike: Global Offensive community particularly (but certainly not exclusively), scammers have reigned the Workshop, flooding the game’s Workshop page with their own dubious submissions (usually called something like “Free Skins!” and leading to a phishing attempt) and auto-downvoting any map more popular. This video by map maker Zool Smith shows how it happens:

While this new moderation step does add a slight inconvenience for affected Workshop creators who want to get their content up as quickly as possible, it should make it easier for players to actually find and use those creations. In all, it’s a positive change in our book.

When I checked the Counter-Strike Workshop this morning, it was pristine and completely free from “Free Skins” spam.

 

[LESS T_T]

 

[Abu Antar]

Good. I haven't ignored cool games that I own on other storefronts/platforms, but it was annoying to see them recommended. Good feature for me.

 

[rohand]

EDIT? ninjad

Handy for the AI suggestion.

 

[DalekFlay]

Good. I haven't ignored cool games that I own on other storefronts/platforms, but it was annoying to see them recommended. Good feature for me.

Yeah as someone who buys everything they can on GOG it's a cool addition.

 

[LESS T_T]

Looks like they announced some details about Steam China. Expected from the regulations in China, China gets a version of Steam what some of Steam critics want, a curated store.

Eurogamer interview mostly about dancing around subjects: https://www.eurogamer.net/articles/2019-08-21-valve-talks-steam-china-curation-exclusivity

 

[Morgoth]

When are we going to hear fucking details about the VR Flagship game "coming later this year"?

 

[LESS T_T]

This year in Valve Time.

 

[Morgoth]

So that means... let me check.... November 2033. Non-Adjusted for any Gaben-orbital caused space-time distortions.

Shit.

 

[Infinitron]

https://www.pcgamesinsider.biz/news...-we-can-expect-from-its-steamspy-replacement/

Devcom 2019 - Valve clarifies what to expect from its own SteamSpy solution

PC games giant Valve has said that it isn't working on a successor to data site SteamSpy - at least not in the form that we may expect.

Speaking to PCGamesInsider.biz at Devcom 2019, biz dev chief Jan-Peter Ewert (pictured) clarified remarks reported from his talk at White Nights St Petersberg in June 2018, in which he said that Valve was working on something "better than SteamSpy".

Ewert told PCGamesInsider.biz that Valve is constantly developing new tools to provide developers with the data and information that they need to make smart decisions, sometimes based on specific requests from studios themselves.

"That was ultimately what I was trying to say [at White Nights 18]," Ewert said.

"Unfortunately, out of the 45-minute presentation I gave there, the one soundbite that came out was: 'There's going to be a SteamSpy from Steam!'. We have constantly been working on ways to improve the way that developers can make smart decisions based on the data that they see and give them better ways to make those decisions. Ultimately, that's the only way we'll make money. It's a very self-serving thing to do. There's no specific product that you can expect from us at this specific moment in time."

Steam designer Alden Kroll added: There's not a concentrated set of features that we're rolling out together to try and accomplish that. It's more individual: 'Oh, we hear from developers that they want to know more about what countries their Wishlisters are in, so we should add more information so they can understand who is Wishlisting their game, where they live and what languages they should support.

'It's about trying to be responsive to developer requests and figuring out - based on that - what is the actionable data that we can share with developers that they can actually use to make concrete decisions. Everyone has their own idea of that a SteamSpy replacement means. So it's about what's useful in that concept, and you run into a bunch of issues about how do we share data in a way that's respectful to developers whose data we are sharing and whether they want that data shared or not. There's a lot to work out there and that's we don't have a specific thing that's on the roadmap.'

SteamSpy was hugely popular in the development community as it provided an idea of how games were performing. The solution wasn't 100 per cent accurate - nor did Galyonkin ever claim that it was - and was halted last year due to changes to how profiles on Steam operated.

 

[Infinitron]

https://www.theregister.co.uk/2019/08/22/steam_zeroday_valve/

Disgruntled bug-hunter drops Steam zero-day to get back at Valve for refusing him a bounty
EoP bug now free for the world to see after bounty was rejected

A security bod angry at Valve's handling of bug reports has disclosed a zero-day vulnerability affecting the games giant's flagship Steam app.

Russia-based bug-hunter Vasily Kravets said that he was releasing details of the flaw, an elevation-of-privilege hole, after a series of poor interactions with Valve led to him getting banned from Valve's bug bounty program, run by HackerOne.

The way Kravets tells it – Valve did not respond to a request for comment – the whole saga started earlier this month when he went to report a separate elevation-of-privilege flaw in Steam Client, the software players use to purchase and run titles from Valve's platform.

Valve declined to recognize and pay out a reward for that particular security hole, which it said required local access and the ability to drop files on the target machine, and was therefore, in Valve's eyes, not really a vulnerability. Kravets was eventually banned from Valve's program on HackerOne.

"I received a lot of feedback. But Valve didn’t say a single word, HackerOne sent a huge letter and, mostly, kept silence," Kravets said. "Eventually things escalated with Valve and I got banned by them on HackerOne – I can no longer participate in their vulnerability rejection program (the rest of H1 is still available though)."

Now, some two weeks later, Kravets has discovered and disclosed a second elevation-of-privilege flaw in Steam. Like the first, this hole – a .DLL loading vulnerability – would require an attacker to have access to the target's machine in some way, and the ability to write files locally.

If those requirements are met, Kravets said, the miscreant could get the Steam app to load and execute malicious DLL files, potentially giving an even greater control over the system and allowing the hacker to further download and install all sorts of malware on the target PC. Depending on the games installed, Steam may have to run with administrator privileges, so getting code execution within it could allow an intruder to do a lot of damage.

While neither flaw would be considered a "critical" risk as they each require the attacker to already have access to the target machine (if that's the case you're already in serious trouble, so what's another flaw), Kravets argues that since it is a marketplace for third-party code, Steam in particular would be an attractive target with an elevated risk from EoP flaws.

"It is rather ironic that a launcher, which is actually designed to run third-party programs on your computer, allows them to silently get a maximum of privileges," the bug-hunter notes. "Are you sure that a free game made of garbage by an unknown developer will behave honestly?"

https://www.theregister.co.uk/2019/08/22/valve_bug_bounty_steam_u_turn/

Steam cleaned of zero-day security holes after Valve turned off by bug bounty snub outrage
Security bod may be invited back into vuln reward program, Half-Life 3 still ain't happening

Games giant Valve is attempting to make nice with the infosec bod who disclosed zero-day exploits for vulnerabilities in Steam after the corporation refused to pay out bug bounties for the flaws.

On Thursday, Valve said it would patch both of the holes discovered by bug-hunter Vasily Kravets, and will consider reinstating Kravets into the biz's bug bounty program, run by HackerOne. "We have released updates to the Steam Client public beta channel to address these issues, and we have already pushed some initial fixes to all users," the US corp told us.

This comes after Kravets dropped the second of two zero-day elevation-of-privilege vulnerabilities in the Steam client software. Both would have potentially allowed an attacker to inject malicious code into the application, which, depending on the games installed, may run with administrator-level clearance. Either way, it was possible to hijack Steam to run malware or install spyware, as long as you already have some access to the victim's system: they basically turn a bad situation worse.

Initially, Valve, via HackerOne, declined to award any bounty or recognize the first vulnerability report, claiming that elevation-of-privilege holes did not qualify for the bounty program. When Kravets objected to the decision, he says there was an exchange that resulted in him being banned by Valve from its reward scheme.

That move prompted Kravets to publicly drop a second zero-day elevation-of-privilege exploit for Steam. This time, a .DLL injection oversight. "Since Valve decided to read a public report instead of private report one more time, I won’t take that pleasure away from them," Kravets quipped.

The second security flaw report, it seems, along with condemnation from infosec professionals online, was enough to get Valve's attention. Shortly after news broke of the second bug disclosure, the multibillion-dollar biz issued the press (including El Reg) a statement reversing its decision.

"Our HackerOne program rules were intended only to exclude reports of Steam being instructed to launch previously installed malware on a user’s machine as that local user," Valve said in a statement to The Register. "Instead, misinterpretation of the rules also led to the exclusion of a more serious attack that also performed local privilege escalation through Steam."

It continued: "We have updated our HackerOne program rules to explicitly state that these issues are in scope and should be reported. In the past two years, we have collaborated with and rewarded 263 security researchers in the community helping us identify and correct roughly 500 security issues, paying out over $675,000 in bounties. We look forward to continuing to work with the security community to improve the security of our products through the HackerOne program."

Valve did, however, stop short of promising to reverse Kravets' ban, saying, "we are reviewing the details of each situation to determine the appropriate actions."

 

[Bruticis]

The Times They Are A-Changin': How Valve is trying to update Steam for the modern games industry
https://www.pcgamesinsider.biz/feat...o-update-steam-for-the-modern-games-industry/

Link has a shot of the new UI which still looks like shit but at least it's something different from the past decade.

 

[DalekFlay]

https://www.pcgamesinsider.biz/feat...o-update-steam-for-the-modern-games-industry/

Over the last few years, the perception around Steam has changed somewhat. Valve's storefront has gone from being the biggest name in PC gaming to having a more problematic relationship with both the development community and players.

[Citation Needed]

 

[Bruticis]

https://www.pcgamesinsider.biz/feat...o-update-steam-for-the-modern-games-industry/

Over the last few years, the perception around Steam has changed somewhat. Valve's storefront has gone from being the biggest name in PC gaming to having a more problematic relationship with both the development community and players.

[Citation Needed]

Well just look at Steam's last sale event, the grand prix shit was a complete mess. Indie devs were pissed off at the wording of the contest and the community misunderstanding it which caused a bunch of people to remove all the indie trash from their wishlists so they would win some AAA $60 game. The event was a total clusterfuck.

Also, indie devs have been complaining about Steams revamped revenue sharing tiers before that

https://www.gamesindustry.biz/artic...unhappy-with-steams-new-revenue-sharing-tiers

 

[DalekFlay]

Well just look at Steam's last sale event, the grand prix shit was a complete mess. Indie devs were pissed off at the wording of the contest and the community misunderstanding it which caused a bunch of people to remove all the indie trash from their wishlists so they would win some AAA $60 game. The event was a total clusterfuck.

Also, indie devs have been complaining about Steams revamped revenue sharing tiers before that

"Has gone from being the biggest name in PC gaming to..." what? Being the biggest name in PC gaming with some mild grumbling on Twitter? Oh no.

 

[Bruticis]

Well just look at Steam's last sale event, the grand prix shit was a complete mess. Indie devs were pissed off at the wording of the contest and the community misunderstanding it which caused a bunch of people to remove all the indie trash from their wishlists so they would win some AAA $60 game. The event was a total clusterfuck.

Also, indie devs have been complaining about Steams revamped revenue sharing tiers before that

"Has gone from being the biggest name in PC gaming to..." what? Being the biggest name in PC gaming with some mild grumbling on Twitter? Oh no.

I didn't write the article but I'll pass your feedback along via my embedded tweet facebook poll on myspace. Did you miss the memo, anything on twitter is relevant theses days.

 

[Sentinel]

https://www.phoronix.com/scan.php?page=news_item&px=VKD3D-Proton-Building

Valve's Proton Offers Branch With VKD3D For Direct3D 12 Over Vulkan
Written by Michael Larabel in Valve on 23 August 2019 at 06:11 AM EDT. 13 Comments

While VKD3D continues to be under heavy development, Valve already appears pleased with it enough that it's now being built as part of their Wine-based Proton software for powering Steam Play on Linux.

VKD3D is the official Wine project being worked on for accelerating Direct3D 12 over Vulkan. This has been Wine's only pursued D3D12 approach with Direct3D 12 not mapping nicely over OpenGL and thus not fitting well into their existing WineD3D code. VKD3D has been able to run a few games, but at last check not many though that may be different these days with it already being included into Proton.

As of yesterday, Proton is now building and shipping VKD3D for its Direct3D 12 support. At the moment there isn't any new Proton release out on Steam but this is just the latest activity in Git.

It will be great once VKD3D is as stable as DXVK is to Direct3D 10/11 support in allowing modern Windows games to work nicely under Steam Play on Linux, assuming they don't run into any problems due to anti-cheat software and other headaches still being addressed for improving the Windows gaming on Linux experience. Exciting times ahead.

Update: This work is currently staged in one of Valve's Proton Git branches. The user who pointed us to this commit had (incorrectly) indicated otherwise, so it's not yet in mainline upon closer examination, but hopefully will be there not too much longer.

 

[rusty_shackleford]

[Citation Needed]

The only people who complain about Steam are indie devs with unappealing games upset that it's no longer a gold rush.

 

[Infinitron]

https://www.reuters.com/article/us-...me-publishers-to-settle-sources-idUSKCN1VJ26R

Exclusive: Valve to fight EU antitrust charges, five videogame publishers to settle: sources

BRUSSELS (Reuters) - Valve Corp, owner of the world’s largest video game distribution platform “Steam”, plans to fight EU antitrust charges of preventing cross-border trade, unlike five video game publishers which plan to settle the case, people familiar with the matter said.

Valve and video game makers Bandai Namco, Capcom, Focus Home, Koch Media and U.S. peer ZeniMax have been the target of a European Commission investigation since 2017.

The EU competition enforcer in April charged the six companies with preventing EU consumers from shopping around for the best video game deals within the 28-country bloc.

It said the companies agreed to use geo-blocking activation keys to prevent consumers in one EU country from buying cheaper versions of a game in another EU country.

The Commission, which wants to scrap cross-border curbs on online trade in the bloc, also charged the five publishers of preventing other distributors from selling video games outside their allocated territories.

Valve is fighting the charge and is likely to ask for a closed-door hearing to argue its case before senior competition officials from the Commission and national watchdogs, the people said.

The five publishers plan to settle the charges, they said. Under EU antitrust rules for settlements, companies admit wrongdoing in return for a 10 percent cut in their fines.

Valve and Focus Home did not respond to requests for comments. Valve in its April statement on the EU charges said the region locks applied to only 3 percent of all games using its Steam platform and that it turned off the locks in Europe in 2015.

The Commission, which can fine companies up to 10 percent of their turnover for breaching EU antitrust rules, declined to comment.

Japanese company Capcom said it could not provide any further comment until the Commission issues a decision. Bandai Namco said: “It is BANDAI NAMCO Entertainment Europe’s company policy to not comment on any ongoing legal matters.”

Washington, D.C.-based ZeniMax and Koch Media had no immediate comment.

 

[BlackAdderBG]

"competition enforcer"