Thread: Developers Blog

Greetings Internet Space Citizens!

This is a topic that while near and dear to my heart, is something that's kind of languished for a while and I'm happy to begin talking about with youtoday here on the Internet.
Firstly, I want to spend some time on process and what goes into developing a web application at CCP. I'm not a web developer so I won't go into any detail regarding how we make decisions on technologies or anything, but I am The Security Guy so I do want to spend some time going over our process as it pertains to this area. In essence we follow a pretty well-established set of best practices. All code that is written is peer reviewed and subject to rounds of internal testing. Prior to publication of the code, a reputable third party performs a vulnerability analysis of the codebase that will be published. The results of this audit are actioned on prior to code publication. If this introduces delays, it introduces delays. The applications we develop are complex because of their levels of interactivity with so many other systems. Because of that, testing these applications can be challenging. The scope can never just be limited to testing a single web application because of the degrees of interactivity, which makes testing a much larger task than if the applications were self-contained. All of that being said, there are going to be situations where we simply miss something and that's where this blog comes in.
Dating back to the last release of the forums, I've been working through exactly how we can ensure that we're properly receiving and incentivizing security information from you, our players. This is a first iteration of a how-to which will be followed by a bit of information about how we'd like to see the program develop, and a request for some feedback from you because ultimately what we're trying to to is give you something to be proud of.
As it stands today there are a number of ways people attempt to submit security-related issues to us:

1. Filing a petition - This is inefficient as the person receiving the petition is not a security expert, may not understand the severity of the issue and it therefore may take more time to get to the right people. Security issues need to be addressed in minutes to hours, not days.
2. Filing a bug report - This suffers from a similar malady to the first. A lot of information comes into both of these systems and we wouldn't be doing anyone a service by spending our days weeding through bug reports.
3. Posting on the forums about it - This is also a bad idea. A really really bad idea as it is essentially an open disclosure, which leaves the system vulnerable to exploitation via the detailed method for the window it takes us to notice your post on the forums.
4. Posting on another forum - huh?

None of these above-mentioned avenues of communication are really effective at getting us the information we need in the time we need to be receiving it. What we'd like to rectify is twofold:

1. Providing you with a reliable and immediate avenue to report security issues so that they can get fixed immediately and investigated responsibly
2. Providing you with a template of information which would be helpful to us in actually tracking down the issue

What is Responsible Disclosure?

According to Wikipedia which is never wrong: Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details. Developers of hardware and software often require time and resources to repair their mistakes. Hackers and computer security scientists have the opinion that it is their social responsibility to make the public aware of vulnerabilities with a high impact. Hiding these problems could cause a feeling of false security. To avoid this, the involved parties join forces and agree on a period of time for repairing the vulnerability and preventing any future damage. Depending on the potential impact of the vulnerability, this period may vary between a few weeks and several months. (Source: http://en.wikipedia.org/wiki/Responsible_disclosure)
In essence what we're hoping to accomplish is that we can not only give you a venue to report information to us confidentially so that we can resolve the issue, but also to provide you with perks or incentives for doing so. We believe that if you're going to provide us with information that makes our product better, our customers safer and makes the Internet a better place then you should be rewarded for this. The problem with this is that incentives are not a one size fits all proposition but we'll get to that in a minute.
What information should I provide?

In the first pass we don't want to go crazy building systems or making crazy templates for submission. For the time being we think it is enough for us to say that when you send us information we need as much detail as possible. I can cite examples related to this forum:

• The Bad Example - User files a bug report that says, "You guys are idiots the whole thing is broken."
• The Good Example - User sends an email to security@ccpgames.com which reads "Dearest CCP Sreegs, I have come across a cross site scripting vulnerability in your forum. Here is some sample exploit code which I have used to prove my concept"

Believe it or not both of these examples actually happened. The difference is in how it gets handled. In the first scenario the report was erroneous and never got to anyone who could do anything about it. Were the user to continue messing around we would have only our logs to go by, which would show that the user was exploiting. Computers aren't very good at logging intent and believe it or not there are documented cases where people who are out to do bad things have lied about their intentions. If we're witnessing an exploit being taken advantage of in our logs then, from our perspective, an exploit is being taken advantage of and the consequences for such actions are not light.
In the second example the user was rewarded. What we'd like to do is extend that concept.I'll go ahead and get to that now.
PLEX for Snitches (Working Title)

In essence, what we'd like to achieve is to provide you with an incentive to be a good Internet citizen. Though we have given people rewards in the past they have been on a case by case basis. The main thing holding it up really is figuring out what would be of interest to you. Is it your name in lights? (This can look good on a resume.) Is it some free game time? Is it some other kind of incentive? This is the type of information I'd like to gather from you so that we can tailor the program to be the most effective.
Basically you provide us with security-related information in confidentiality. If you'd like your name in lights we'd like to recognize that. We also want to ensure that if you prefer to remain anonymous that can be facilitated as well. We have some ideas, but we're going to be basing the final solution on your input from this blog.
One thing of note in the program is that not every report will be worthy of reward. In order to receive recognition or incentivization you will need to provide us with something of value. Nobody really cares that Soundwave possesses the largest anime collection in Iceland. That won't help us at all; however, learning that he is studying Japanese so that he can further immerse himself in the true anime experience adds some value. To use a more relevant example, an exploit condition in our software that we can replicate and fix is of immense value. The more information you can provide the more relevant it is. Simply saying "something is broken" isn't always helpful, but saying "something's broken and here's how I broke it" is what we're looking for.
Ok I'm sold, how do I report an issue?

The best way to do this is to send a detailed email to security@ccpgames.com. No other method of contact will ensure that your issue gets attention from the team that can fix the issue. While we haven't yet formalized the program, I have made it a personal mission in the cases that the information is of high value that the person gets rewarded. I'm looking forward to your feedback on this and after you've had some time to weigh in we'll get the ball rolling and present The Full Monty.


More...

Intrepid pilots of New Eden!
Over the past days and weeks, CCP has been doing extensive and intense introspection and revitalization. The result of this is a refocusing and reprioritization on a scale unheard of within our company.
These are indeed defining times.
Torfi’s most recent dev blog provides some indication of what’s to come. We have decided, to focus our collective efforts on the areas you have asked us to focus on.
We will reveal more over the coming weeks. As certain details are prone to change, we want to make sure we have absolutely concrete information to give you. You’ve often told us that we promise too much and deliver too little, and this time we want to be certain that doesn’t happen. We are listening to you, we have heard you, and plans are already in motion.
Watch this space.
Arnar Hrafn Gylfason
Senior Producer of EVE Online


More...

Greetings Internet Space Citizens!

This is a topic that while near and dear to my heart, is something that's kind of languished for a while and I'm happy to begin talking about with youtoday here on the Internet.
Firstly, I want to spend some time on process and what goes into developing a web application at CCP. I'm not a web developer so I won't go into any detail regarding how we make decisions on technologies or anything, but I am The Security Guy so I do want to spend some time going over our process as it pertains to this area. In essence we follow a pretty well-established set of best practices. All code that is written is peer reviewed and subject to rounds of internal testing. Prior to publication of the code, a reputable third party performs a vulnerability analysis of the codebase that will be published. The results of this audit are actioned on prior to code publication. If this introduces delays, it introduces delays. The applications we develop are complex because of their levels of interactivity with so many other systems. Because of that, testing these applications can be challenging. The scope can never just be limited to testing a single web application because of the degrees of interactivity, which makes testing a much larger task than if the applications were self-contained. All of that being said, there are going to be situations where we simply miss something and that's where this blog comes in.
Dating back to the last release of the forums, I've been working through exactly how we can ensure that we're properly receiving and incentivizing security information from you, our players. This is a first iteration of a how-to which will be followed by a bit of information about how we'd like to see the program develop, and a request for some feedback from you because ultimately what we're trying to to is give you something to be proud of.
As it stands today there are a number of ways people attempt to submit security-related issues to us:

1. Filing a petition - This is inefficient as the person receiving the petition is not a security expert, may not understand the severity of the issue and it therefore may take more time to get to the right people. Security issues need to be addressed in minutes to hours, not days.
2. Filing a bug report - This suffers from a similar malady to the first. A lot of information comes into both of these systems and we wouldn't be doing anyone a service by spending our days weeding through bug reports.
3. Posting on the forums about it - This is also a bad idea. A really really bad idea as it is essentially an open disclosure, which leaves the system vulnerable to exploitation via the detailed method for the window it takes us to notice your post on the forums.
4. Posting on another forum - huh?

None of these above-mentioned avenues of communication are really effective at getting us the information we need in the time we need to be receiving it. What we'd like to rectify is twofold:

1. Providing you with a reliable and immediate avenue to report security issues so that they can get fixed immediately and investigated responsibly
2. Providing you with a template of information which would be helpful to us in actually tracking down the issue

What is Responsible Disclosure?

According to Wikipedia which is never wrong: Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details. Developers of hardware and software often require time and resources to repair their mistakes. Hackers and computer security scientists have the opinion that it is their social responsibility to make the public aware of vulnerabilities with a high impact. Hiding these problems could cause a feeling of false security. To avoid this, the involved parties join forces and agree on a period of time for repairing the vulnerability and preventing any future damage. Depending on the potential impact of the vulnerability, this period may vary between a few weeks and several months. (Source: http://en.wikipedia.org/wiki/Responsible_disclosure)
In essence what we're hoping to accomplish is that we can not only give you a venue to report information to us confidentially so that we can resolve the issue, but also to provide you with perks or incentives for doing so. We believe that if you're going to provide us with information that makes our product better, our customers safer and makes the Internet a better place then you should be rewarded for this. The problem with this is that incentives are not a one size fits all proposition but we'll get to that in a minute.
What information should I provide?

In the first pass we don't want to go crazy building systems or making crazy templates for submission. For the time being we think it is enough for us to say that when you send us information we need as much detail as possible. I can cite examples related to this forum:

• The Bad Example - User files a bug report that says, "You guys are idiots the whole thing is broken."
• The Good Example - User sends an email to security@ccpgames.com which reads "Dearest CCP Sreegs, I have come across a cross site scripting vulnerability in your forum. Here is some sample exploit code which I have used to prove my concept"

Believe it or not both of these examples actually happened. The difference is in how it gets handled. In the first scenario the report was erroneous and never got to anyone who could do anything about it. Were the user to continue messing around we would have only our logs to go by, which would show that the user was exploiting. Computers aren't very good at logging intent and believe it or not there are documented cases where people who are out to do bad things have lied about their intentions. If we're witnessing an exploit being taken advantage of in our logs then, from our perspective, an exploit is being taken advantage of and the consequences for such actions are not light.
In the second example the user was rewarded. What we'd like to do is extend that concept.I'll go ahead and get to that now.
PLEX for Snitches (Working Title)

In essence, what we'd like to achieve is to provide you with an incentive to be a good Internet citizen. Though we have given people rewards in the past they have been on a case by case basis. The main thing holding it up really is figuring out what would be of interest to you. Is it your name in lights? (This can look good on a resume.) Is it some free game time? Is it some other kind of incentive? This is the type of information I'd like to gather from you so that we can tailor the program to be the most effective.
Basically you provide us with security-related information in confidentiality. If you'd like your name in lights we'd like to recognize that. We also want to ensure that if you prefer to remain anonymous that can be facilitated as well. We have some ideas, but we're going to be basing the final solution on your input from this blog.
One thing of note in the program is that not every report will be worthy of reward. In order to receive recognition or incentivization you will need to provide us with something of value. Nobody really cares that Soundwave possesses the largest anime collection in Iceland. That won't help us at all; however, learning that he is studying Japanese so that he can further immerse himself in the true anime experience adds some value. To use a more relevant example, an exploit condition in our software that we can replicate and fix is of immense value. The more information you can provide the more relevant it is. Simply saying "something is broken" isn't always helpful, but saying "something's broken and here's how I broke it" is what we're looking for.
Ok I'm sold, how do I report an issue?

The best way to do this is to send a detailed email to security@ccpgames.com. No other method of contact will ensure that your issue gets attention from the team that can fix the issue. While we haven't yet formalized the program, I have made it a personal mission in the cases that the information is of high value that the person gets rewarded. I'm looking forward to your feedback on this and after you've had some time to weigh in we'll get the ball rolling and present The Full Monty.




More...

You might or might not have noticed a thread a couple of weeks back where some rather tech-savvy EVE players managed to fiddle with a couple of files in the client, effectively enabling them to put their own video content onto the Captain’s Quarters main screen. Although we worship the sandbox and love it when you use our game to do things we could never have foreseen, we really don’t like it when people start fiddling with the EVE client files, mostly because it may get you into trouble the next time we send out a patch. We would much rather have you get into trouble within New Eden than outside of it.
The hack was as easy as replacing a .BIK (BINK) video file with one of your own .BIK files, putting you in charge of what’s on TV. Now, most companies would have branded this as a defect and “fixed it” by doing checksum validations on the files or something equally boring. But not us.
You are now exactly four steps away from activating your new, virtual, hundred-and-something inch flat screen television:

1. Download the BINK(.BIK) video conversion tool from here: http://www.radgametools.com/down/Bink/RADTools.exe. Using this tool, you should be able to convert most of your videos to BINK format, which is the industry standard when it comes to video playback in videogames. I recommend starting the first conversion process straight away since it may take a while.
2. Locate your EVE cache folder by following the guide found here: http://support.eveonline.com/Pages/K...le.aspx?id=371. Create a folder under your cache folder called “CQScreenVideos” if it doesn’t already exist.
3. Once a video has been converted to BINK format, copy it to the “CQScreenVideos” folder.

Drop by one of your Captain’s Quarters and finally put that sofa to some serious use! Your custom videos will be played one after the next, followed by the normal screen content. The entire loop is then repeated.

While this is all good and fun, we must not forget that with great televisions comes great responsibility. Of course, knowing our players, we are of course absolutely certain than none of you would ever, ever think of putting anything even remotely questionable on your screen, given the total lack of constraints and the rock solid moral high ground on which our pilots firmly stand... That said, in a case of your cat accidentally downloading, converting and displaying some morally hazardous material on your screen, you’ll have to take it up with it rather than us, okay?
Since we’re on the subject of screens
There has been a myth floating around CCP HQ that a rogue programmer left a secret encrypted message somewhere on the three screens. The programmer in question seems to have lost the plot a bit since he keeps repeating the words “space equals 20” when he thinks nobody is listening. We would really appreciate your help trying to pinpoint what exactly is going on here.





More...

Intrepid pilots of New Eden!
Over the past days and weeks, CCP has been doing extensive and intense introspection and revitalization. The result of this is a refocusing and reprioritization on a scale unheard of within our company.
These are indeed defining times.
Torfi’s most recent dev blog provides some indication of what’s to come. We have decided, to focus our collective efforts on the areas you have asked us to focus on.
We will reveal more over the coming weeks. As certain details are prone to change, we want to make sure we have absolutely concrete information to give you. You’ve often told us that we promise too much and deliver too little, and this time we want to be certain that doesn’t happen. We are listening to you, we have heard you, and plans are already in motion.
Watch this space.
Arnar Hrafn Gylfason
Senior Producer of EVE Online



More...

The three remaining Captain’s Quarters have just arrived on Singularity and are almost ready for their final deployment to Tranquility in the upcoming October release. We released Captain’s Quarters in the EVE Online: Incarna expansion earlier this year. In its first incarnation, all stations throughout the EVE universe used the same Captain’s Quarters, namely the rusty and damp Minmatar ones. Some devout Amarrian role players were considerably angered, many chic Gallentean holoreel financiers felt those moldy and dark dwellings were beneath them, and Caldari outlaws were often astonished that their Minmatar brothers seemed to have forgotten to invent stainless steel despite being capable of manned space flight.
The new Captain’s Quarters have been designed to represent the style of each race. Rather than basing them off the style of the ships, our artists asked themselves, “If a race built ships in a particular manner, what cultural influences and style would we see in the surroundings they crafted for themselves?” It’s a different approach than just “inverting the normals of a starship and throwing a TV in there,” as someone said. It meant thinking about history and architecture, drawing examples from ancient, modern day and futuristic designs from a variety of sources. And yes, repeated viewings of Blade Runner are required to hold a position in the EVE art department.
The Caldari Captain’s Quarters are about glass and steel, as the Caldari are, of course, men and women of steel. Their mindset is Spartan and functional. Cold and calculated.

The Gallente quarters are slick and streamlined. Comfort through elegant design. The mirror is also prominent, since the Gallenteans are known to spend a lot of time in front of it.

The Amarr Captain’s Quarters were designed with dark religious undertones and a show of opulence, despite the relatively cramped living area. Religious icons tower at either side of the entrance, reminding you of your lowly place in the world.

While adding in the new Captain’s Quarters, we also updated the existing Minmatar ones. The shading and lighting has been improved, and importantly, the spawn point has been updated so that you don’t have to walk 10 centimeters before being able to interact with your ship. You will also be facing your ship when you spawn.


All of those rooms were built using modular assets, so that the investment made in building the Captain’s Quarters will be capitalized on further when more environments get built. They have given us the start of a library of modules, which can be used to flesh out racially themed interiors for all sorts of interesting gameplay.

Oh and we made sure they have lots of lens flares, because as you know, the future is full of lens flares.
Fly safe.
Torfi Frans


More...

The three remaining Captain’s Quarters have just arrived on Singularity and are almost ready for their final deployment to Tranquility in the upcoming October release. We released Captain’s Quarters in the EVE Online: Incarna expansion earlier this year. In its first incarnation, all stations throughout the EVE universe used the same Captain’s Quarters, namely the rusty and damp Minmatar ones. Some devout Amarrian role players were considerably angered, many chic Gallentean holoreel financiers felt those moldy and dark dwellings were beneath them, and Caldari outlaws were often astonished that their Minmatar brothers seemed to have forgotten to invent stainless steel despite being capable of manned space flight.
The new Captain’s Quarters have been designed to represent the style of each race. Rather than basing them off the style of the ships, our artists asked themselves, “If a race built ships in a particular manner, what cultural influences and style would we see in the surroundings they crafted for themselves?” It’s a different approach than just “inverting the normals of a starship and throwing a TV in there,” as someone said. It meant thinking about history and architecture, drawing examples from ancient, modern day and futuristic designs from a variety of sources. And yes, repeated viewings of Blade Runner are required to hold a position in the EVE art department.
The Caldari Captain’s Quarters are about glass and steel, as the Caldari are, of course, men and women of steel. Their mindset is Spartan and functional. Cold and calculated.

The Gallente quarters are slick and streamlined. Comfort through elegant design. The mirror is also prominent, since the Gallenteans are known to spend a lot of time in front of it.

The Amarr Captain’s Quarters were designed with dark religious undertones and a show of opulence, despite the relatively cramped living area. Religious icons tower at either side of the entrance, reminding you of your lowly place in the world.

While adding in the new Captain’s Quarters, we also updated the existing Minmatar ones. The shading and lighting has been improved, and importantly, the spawn point has been updated so that you don’t have to walk 10 centimeters before being able to interact with your ship. You will also be facing your ship when you spawn.


All of those rooms were built using modular assets, so that the investment made in building the Captain’s Quarters will be capitalized on further when more environments get built. They have given us the start of a library of modules, which can be used to flesh out racially themed interiors for all sorts of interesting gameplay.

Oh and we made sure they have lots of lens flares, because as you know, the future is full of lens flares.
Fly safe.
Torfi Frans


More...

Intrepid Space Commandos,
With work on the Time Dilation feature of Eve entering the public testing phase, I sat myself down in front of a camera in our local beer cave to give you all a quick demonstration of what Time Dilation is, what it looks like, and how it applies to Caldari family reunions.
Enjoy!



More...

The four price indices of New Eden have been calculated for August 2011. Allow me to apologize for how late this is published. I will try to deliver future index blogs in a more timely manner. For more detail on the indices, please refer to the Market Indices page on Evelopedia.
Datacore prices rose by almost 7% in August. This is a rebound from the drop caused by the changes to the agent system in June. The changes improved agent quality and reduced their standing requirements, possibly spurring sellers to sell existing stock quickly.
The price of ice products fell by 7% while the PI made POS fuel rose by 8%. Interestingly, these product groups, which are both used to fuel starbases, among other uses, seem to have a negatively correlated price series, as shown in the following graph. When the price of either group rises, the other one falls. Do rising prices of one group significantly reduce the number of starbases in operation, which subsequently reduces the demand for the other group or is there some other cause?

Click image to enlarge.

The index values for August are:

	August 2011	1 Month Change	12 Month Change
Mineral Price Index	73.1	1.4%	15.4%
Primary Producer Price Index	77.6	1.5%	28.9%
Secondary Producer Price Index	111.9	1.0%	9.8%
Consumer Price Index	65.2	0.3%	7.8%

The following graph shows the development of the indices since October 2003.

Click image to enlarge.

Full series of the four main price indices in Excel format
Full series of the four main price indices in CSV format


More...

Dear Followers of EVE Online,
The past few months have been very humbling for me. I’ve done much soul searching, and what follows is my sincere effort to clear the air with all of you. Please bear with me as I find my way through.
The estrangement from CCP that many of you have been feeling of late is my fault, and for that I am truly sorry. There are many contributing factors, but in the end it is I who must shoulder the responsibility for much of what has happened. In short, my zeal for pushing EVE to her true potential made me lose sight of doing the simple things right. I was impatient when I should have been cautious, defiant when I should have been conciliatory and arrogant when I should have been humble.
This soul searching took me back to when EVE was just an idea. Bringing her to life in 2003 was, in many people’s minds, impossible. But we found a way because EVE is something unique in the world. Getting her to 100,000 subscribers was an even more fantastical feat. Before long, we were launching in China, making DUST 514, merging with White Wolf to build World of Darkness, building Carbon, growing the company to 600 people, increasing our subscriber count beyond that of the population of Iceland and on and on, one resounding success after the next despite earthquakes, volcanic eruptions and even a world economic collapse.
Somewhere along the way, I began taking success for granted. As hubris set in, I became less inclined to listen to pleas for caution. Red flags raised by very smart people both at CCP and in the community went unheeded because of my stubborn refusal to allow adversity to gain purchase on our plans. Mistakes, even when they were acknowledged, often went unanalyzed, leaving the door open for them to be repeated.
You have spoken, loudly and clearly, with your words and with your actions. And there were definitely moments in recent history when I wish I would have listened more and taken a different path.
I was wrong and I admit it.
Captain’s Quarters
Without establishments and meaningful activities to engage in, forcing players into a mandatory single-player Captain’s Quarters experience was a mistake. I mentioned earlier the perils of not getting the simple things right. Removing ship spinning was a negligent oversight and a clear sign that we had fallen out of touch with our community. The interiors for Incarna were so scoped down by our launch window that CQ was essentially a prototype feature that we foolishly promoted as a full-blown expansion. We underestimated our development time, set impractical or misleading expectations, and added insult to injury by removing something in which players were emotionally invested.
I fully empathize with your disappointment in CCP. We would have been much better off positioning Incarna as an optional technology preview that interested players could have experienced and helped us to refine. The tragedy here is that the team really did build solid technology and great art to support what you can see and did it in way that sets a strong foundation for building out the rest. The fact is, in spite of our missteps, they delivered some of the most amazing interior rendering and character technology in the industry, and their efforts deserve praise. The fact we didn’t leverage their achievement more effectively is my fault.
Virtual Goods
Next we arrive at our rather underwhelming virtual goods rollout. There was hardly anything to purchase initially, let alone to put the cost of the infamous monocle in perspective. The last thing we wanted to do was create the perception that all items in the store would be in that price range. Quite frankly, it was rather pointless to begin with because we did not have a multiuser environment in which players could show off their purchases. It was another feature that we rushed out the door before it was ready.
We also didn’t do enough to assure you that this wasn’t the beginning of a “pay to win” scenario in EVE. Let me be blunt: Unless the MMO business changes radically, our virtual goods strategy for EVE Online will remain limited in scope and focus on vanity items, or as we said after the CSM visit this summer: The investment of money in EVE should not give you an unfair advantage over the investment of time.
Though the introduction was clearly flawed, our plans for virtual goods are intended to make your playing experience better, not to disrupt it. From a strategic perspective, we had to take these first steps because monthly subscriptions are increasingly becoming a thing of the past. The culture of online gaming is changing, just as the notion of digital ownership did with music. If we don’t evolve our technology, our game design and our revenue model, then we risk obsolescence, and we just can’t allow that to happen to EVE or to our community.
Incarna
For the same reasons, Incarna—the real one with actual meaningful gameplay in it— will be a big step towards the future. For an experience that relies so much on emergence and human interaction, it’s remarkable that it’s taken us this long to actually put a face on it. Once Incarna hits its stride, EVE will be more personal, and thus more accessible to general audiences. Visual self-expression in a virtual setting is a core psychological component of gaming; most people need to see their avatars, or something vaguely humanoid, or else they don’t connect with the game. We were behind the curve and it needs to be addressed for the sake of EVE’s longevity. We have the technology. Now we need time to add the content that will bring more meaning to the gameplay—again, without disrupting the space combat simulator that many of you are, or at least were, very much in love with—and without delaying crucial improvements that this core experience desperately needs.
A Humbler, Stronger CCP
I’m sharing these revelations with you now because it’s taken this long to transform them into action. From all this self-reflection, a genesis of renewal has taken root, a personal and professional commitment to restore the partnership of trust upon which our success depends, and a plan that sets the foundation for us to sensibly guide EVE to her fullest potential. In the coming days and weeks, the details of this plan and what it means for you will be unveiled. Part of what led us down this path is the fact we have not communicated well. This blog, and those that will follow, will hopefully demonstrate our conviction to transparency.
Good things are coming. They always do when you learn from your mistakes. In 2007, we faced a similar crisis of confidence, and it resulted in the creation of the CSM. We’re a better company because of it. In the last months, we’ve taken a hard look at everything, including my leadership. What I can say for now is that we’ve taken action to ensure these mistakes are never repeated. We have reexamined our processes, hired experienced industry professionals for key leadership positions, reassessed our priorities, moved personnel around and, above all else, recognized our limitations.
For me, the most frustrating aspect of this is that after all this time, as far as EVE has come and in spite of everything that’s happened, I fervently believe with all my heart that we’ve not even scratched the surface of EVE’s potential. My personal failing is not reconciling that passion with pragmatism. We’ve been trying to expand the EVE universe in several directions at once, and I need to do a better job of pursuing that vision without diluting or marginalizing the things that are great—or could be great—about the game right now. Nullsec space needs to be fixed. Factional warfare needs to be fixed. The game needs new ships. We need to do a better job of nurturing our new players and making EVE the intriguing, boundless universe it has the potential to be.
We really do have something that no one else has. EVE is still unique in the real and virtual world. This is our vision for her, and we want so badly to take you there. But getting there is not an entitlement. It will take hard work, open communication and, above all else, collaboration with you. The greatest lesson for me is the realization that EVE belongs to you, and we at CCP are just the hosts of your experience. When we channel our passion for EVE constructively, we can make this vision a reality together.
But enough talk from me. We all know that much quoted phrase, “It’s not what you say, it’s what you do,” that will make the difference here. From now on, CCP will focus on doing what we say and saying what we do. That is the path to restoring trust and moving forward.
Regards,
Hilmar Veigar Pétursson, CEO
CCP Hellmar
P.S. Please comment on our forums or on Twitter @HilmarVeigar


More...