GeoHot Sounds Off on Sony's PSN Debacle

[Treblaine]

when folks like GeoHot (high profile hacker) start spouting about how Sony brought this on themselves by believing the client was secure...

Sorry, but businesses are never going to give up on protecting the digital rights to their products. Basically issuing sideways little hacker threats is just going to scare customers (and the businesses that want their money) into making those online DRM measures more "secure" by making them far less convenient and more restrictive.

Trying to convince someone to leave their house unlocked by stealing from them (or defending those that do) is only going to make them get more expensive and difficult locks. GeoHot is pushing an agenda that seems specifically designed to tell every company out there not to trust the customer with any freedom whatsoever--it certainly hasn't convinced them to give more.

Geo-hotz has said the precise OPPOSITE to what you are claiming, he has said PSN has failed because of an over-reliance on DRM. DRM is control on the client-side.

He said:
"Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client [that's the DRM], everything is good. Since everyone knows the PS3 is unhackable (sarcasm), why waste money adding pointless security between the client and the server?
This arrogance undermines a basic security principle, never trust the client [the PS3].
Sony needs to accept that they no longer own and control the PS3 when they sell it to you."

He is telling Sony in particular that DRM is fallible and cannot be depended upon for network security as it will get hacked and the had the PS3 had THE BEST ever seen.

you said:
"GeoHot is pushing an agenda that seems specifically designed to tell every company out there not to trust the customer with any freedom whatsoever"

Oh God it's like you have a 5th grade understanding of computers.

Less trust of CLIENT =/= more DRM

rather:

Less client side DRM => Less trust of Client (by network)

The better the network security, the more freedom the USER can have OVER the client, as the network is not vulnerable from the user using the client for unauthorised requests for personal data.

 

[Krion_Vark]

Their password was "1, 2, 3, 4, 5".

Which, funnily enough, is the same password for my luggage.

I was wondering what was in that luggage I had stolen from that air port I got into through the sewers which weren't really guarded too well. I didn't get away with anything good though just your underwear suit case which I have promptly burned or hung on a flag pole.


Anyway I have always thought that Geohot was a bit of a dick from the get go. This just cements it a bit more. He should just keep his mouth shut and appear smart rather than open it and remove all doubt.

 

[Treblaine]

DRM will never be more than a bicycle lock. It can prevent casual theft but a dedicated thief will always be able to break it.

My analogy for network security is lock your doors and wait inside with a loaded shotgun.

DRM on the client side is just there the reduce the number of possible directions you can be attacked from as most will not will try to crack the DRM.

Key there is "most will not" if your DRM is invasive, hobbling and limiting then way more people will crack it.

 

[bojac6]

Sony doesn't need to accept anything. It's their console, their rules. If they put in the TOS that they still technically own it and you sign it then it's theirs, unfortunately. I'm all for fighting little crusades but leave the people you're trying to "help" out of it. (to whomever is behind this)

You're missing the point. Yes, Sony technically owns it, but who cares? Somebody willing to risk getting caught for stealing credit card numbers and using them is also willing to accept the punishment for breaking a TOS.

The point here is that Sony put all of it's faith in the legal team and the client. They assumed that between their security and threatening to sue people for any breach, they could protect the data. Technically, it's a fine idea. Practically, it's a failed one.

To use an analogy. It's illegal for somebody to break into my car and steal stuff. That's flat out theft and punishable by jail time. Does that mean it's safe to leave your laptop and pile of $50s visible in the car with the door unlocked?

Hiding your valuables and locking the door is the same as putting in protection between the client and security. Sure, it's an annoyance, but are you really just going to rely on the argument that people won't abuse your trust because it's illegal?

 

[The Bandit]

If you flip you PS3 upside down and read the bottom it states that no one is allowed to mess with the software on the system unless they have permission. That fag needs to go and learn how to read. And I DON'T GIVE NO FUCK ABOUT MY GRAMMAR OR SPELLING SO FUCK OFF!!!!!!

Your grammar is atrocious.

 

[BRex21]

Considering this has all happened so quickly, you can't help but link them all.

Even if he didn't do it, its his behaviour that has quite possibly led to this whole thing by someone else acting on his behalf in retaliation to Sony.

I'm tired of these fuck-faces and their stupid little crusades against companies just because they're big, and I'm even more tired of the people that voice their support for them.

And that smug little prick's face is even more unbearable than Kotick's grin.

You know, you're the second person I've seen spouting this nonsense, and I'd like to set you straight. It has absolutely nothing to do with childish notions of "sticking it to the man" and everything to do with consumers standing up and taking back the rights that companies have been getting a free pass on violating lately, and when they haven't been violated yet, preventing the violation from happening in the first place. Regardless of what the TOS says, if I buy something, it's mine, and as the owner, I have certain rights. End of discussion.

Actually, its not "fuck the TOS". The TOS is an agreement that you make when you buy it. If you don't agree, you don't buy it. Pretty fucking clear.

Sony have hardly put anyone's cock in a vice. The reason they close their systems off is because they don't want people to be able to pirate stuff which, funnily enough, started happening after this guy made pirating an option for everyone.

Technically in this case the TOS is something you agree to AFTER you buy it, take it home, set it up. OR if we want to get really technical, Months after you have taken it home and set it up because they changed it as they claim they are entitled to at any time.
These are known as Shrink Wrap Contracts, they have little legal standing worldwide and are hit and miss in America. Sony has actually been sued in a few countries for violating fair trade laws, many that overlap with american laws, over the removal of advertised features. Also, incidentally PS3 piracy was an issue before GeoHot did his thing and from the looks of the technical jargon, it really dosen't look like he enabled piracy for anyone, he may have made it easyer for others, sort of the way Nero helps me copy protected CD's.

 

[LiquidGrape]

I agree with the lack of clutter, but look at how the yellow clashes with the muted colours of the walls and floor. As for the floor, it looks like a fitted carpet, which is a big no-no.
Furthermore, the furniture is of wholly disparate styles, and again, the colour-schemes are all off.

I ask you, is it too much to ask for some consistency and deliberation?

This just made my day. Congratulations good sir.

I live to give.
Give advice on interior design, more precisely.

 

[Treblaine]

DRM will never be more than a bicycle lock. It can prevent casual theft but a dedicated thief will always be able to break it.

My analogy for network security is lock your doors and wait inside with a loaded shotgun.

DRM on the client side is just there the reduce the number of possible directions you can be attacked from as most will not will try to crack the DRM.

Key there is "most will not" if your DRM is invasive, hobbling and limiting then way more people will crack it.

Unfortunately with DRM it's all or none, which means none. As long as ONE person can crack your game it's gonna get posted on a torrent site and in hours any thief that wants it can get it. Blocking "most" users is pointless.

All or none?

You saying Steamworks is the same as Games-for-Windows-Live?

The same as Ubisofts constant-connection DRM?

Anyway I'm talking about client-control DRM as in programs like Steam or the firmware on a games consoles. The firmware on a games console is absolute classic DRM, it only plays licensed games in only the way they want, not any old pirated or home-brew stuff. Unless you crack it.

Anyway we aren't talking about piracy here, we are talking about network security.

 

[sleeky01]

<a href='/news/view/109650-GeoHot-Sounds-Off-on-
Sonys-PSN-Debacle' target='_self'>GeoHot Sounds Off on Sony's PSN Debacle

John.

It's been mentioned by others in other Geohot threads, but I have to ask.

Is this really the best picture of Geohot you could find?

 

[Bloodyrose]

I wouldn't doubt that after "Geowhaterver" put the keys up for the system online, that the hacker/s probably used them to get further into the system and into the main network.

 

[Dastardly]

snip to reduce the unwarranted RRRRRAAAGE content of this thread

Listen.

I know full well what he said. There is a difference between what words someone says, what they think those words mean, and what those words will actually mean in the real world.

Newsflash: What you intend to say isn't always what is received by the world at large.

Companies are not going to give up trying to protect their stuff. For sake of convenience, a lot of information goes out with the client, and is thus "in the hands of the enemy" so to speak. Client-side DRM is a way to attempt to secure the client while still allowing it to contain the things that make it work well and remain easy to use.

If you push a company to make a choice between:

a) Having a completely unsecured client
b) Making the client as bare-bones as possible, and thus far less convenient to use

Sorry, they're always going to choose B. Why? Because of things like what just happened. These companies are out to make money, and events like this cause the opposite to happen. And then GeoHot comes along and says it's not the hackers fault, which just leads everyone to the conclusion that it's just going to keep happening... because now, it appears that this sort of hacking is a "heroic" way to stand up to the big evil of DRM.

(You know, instead of it being the evil of stealing other people's money.)

You're wrapping yourself entirely around the letter of GeoHot's statement. I'm talking implications. I'll put it in a metaphor again, so you can see:

The bank is keeping your money safe by locking it in a vault. You have to go through certain security measures in order to access it, which is less convenient than having it at home, but far safer. For these services, the bank gets a little bit of your money over time.

Some people think the bank shouldn't make it so hard for you to access your money. They think you shouldn't have to enter codes or talk to tellers. You should just be able to walk in and grab it off a shelf, since it's your money.

Banks disagree. They say, "If we do that, other people will grab your money. Then we both lose, because the money is gone."

But this group of "freedom fighters" insists. To make their case, they finally figure out a way to bypass all the security, and they just take a whole bunch of money from the bank--money that other people stored. And a spokesperson for these people steps up and says, "See? It's not perfectly secure anyway, so doesn't that prove you're just wasting your time?"

What do you think the bank's response would be? Or its customers?

It's not going to be, "Gee, you're right!" It's going to be, "No, it doesn't prove that. It proves that we're exactly right, and people are in fact going to steal other people's money the first chance they get. We'll need to make banks even more secure... and a lot less convenient."

Because that is the reasonable response to being stolen from.

 

[Treblaine]

Listen.

I know full well what he said. There is a difference between what words someone says, what they think those words mean, and what those words will actually mean in the real world.

Newsflash: What you intend to say isn't always what is received by the world at large.

Companies are not going to give up trying to protect their stuff. For sake of convenience, a lot of information goes out with the client, and is thus "in the hands of the enemy" so to speak. Client-side DRM is a way to attempt to secure the client while still allowing it to contain the things that make it work well and remain easy to use.

If you push a company to make a choice between:

a) Having a completely unsecured client
b) Making the client as bare-bones as possible, and thus far less convenient to use

Sorry, they're always going to choose B. Why? Because of things like what just happened. These companies are out to make money, and events like this cause the opposite to happen. And then GeoHot comes along and says it's not the hackers fault, which just leads everyone to the conclusion that it's just going to keep happening... because now, it appears that this sort of hacking is a "heroic" way to stand up to the big evil of DRM.

(You know, instead of it being the evil of stealing other people's money.)

You're wrapping yourself entirely around the letter of GeoHot's statement. I'm talking implications. I'll put it in a metaphor again, so you can see:

The bank is keeping your money safe by locking it in a vault. You have to go through certain security measures in order to access it, which is less convenient than having it at home, but far safer. For these services, the bank gets a little bit of your money over time.

Some people think the bank shouldn't make it so hard for you to access your money. They think you shouldn't have to enter codes or talk to tellers. You should just be able to walk in and grab it off a shelf, since it's your money.

Banks disagree. They say, "If we do that, other people will grab your money. Then we both lose, because the money is gone."

But this group of "freedom fighters" insists. To make their case, they finally figure out a way to bypass all the security, and they just take a whole bunch of money from the bank--money that other people stored. And a spokesperson for these people steps up and says, "See? It's not perfectly secure anyway, so doesn't that prove you're just wasting your time?"

What do you think the bank's response would be? Or its customers?

It's not going to be, "Gee, you're right!" It's going to be, "No, it doesn't prove that. It proves that we're exactly right, and people are in fact going to steal other people's money the first chance they get. We'll need to make banks even more secure... and a lot less convenient."

Because that is the reasonable response to being stolen from.

Take a chill pill, industrial strength.

GeoHotz has not even implied what you are suggesting.

I will say it one last time:

[HEADING=2]Absolutely nothing GeoHotz has said here could possibly be twisted into the faintest indication for support for more restrictive DRM. Nothing.[/HEADING]

I suggest you live in the Real World and go by what people have ACTUALLY SAID or else everyone will think you are a charlatan and bullshitter.

Your bank analogy is atrocious in its utter confused irrelevance, there is not even the faintest nor contorted comparison, none that has any meaning.

You just seem to be obsessed with the idea that 'Hackers cause DRM' which is nonsense, Hackers break DRM and make it futile, it defines their existence. But you CONTINUE to ignore the simple fact that everyone is screaming at you that Sony got hacked because it has shitolla internal network security. Why did they have crap internal security? BECAUSE OF DRM! They depended on DRM and now they are suffering for DEPENDING on the client being "more secure... and a lot less convenient."

I've told you several times now and you have IGNORED THIS every time, once more I will say this:

"Locked down and secure network is NOT DRM! There is a HUGE distinction between network security and client security"

Networks security keeps you out of places that are NOT yours, Sony's servers. Client security (as would be for PS3) reduces access/use of the hardware you physically own and is broken anyway with relative ease.

Locking down the client side with DRM is TRIVIAL to network security.

If the "cash in the bank" is an analogy for personal data in network security then tougher DRM on the client side WILL DO ABSOLUTELY NOTHING TO PROTECT THAT! Because a significant minority WILL break the client DRM, that is categorically unavoidable. Get it? Then the network is too vulnerable.

And can't you see for network security how that is a problem?

Stop generalising and THINK about what GeoHotz has said and what I have explained to you, rather than reducing them down to such simple generalisation that they can mean anything.

Network security = good

Client security = DRM = bad

You seem to be using the mad logic of:

geohots says security=good, -> security=DRM -> DRM=bad -> geohotz implied supports bad DRM.

 

[teisjm]

I have to agree with Geohot's perspective on this. This appears to be entirely Sony's fault, they had this coming from the looks of it.

It would be like someone living in a gang area, saying "Fuck all gang members", then having their house burned down. It's still the gang's fault. And in Sony's case, they did nothing wrong. Hackers ARE shit. This whole fiasco is just another example.

Not really.
I you wanna run with that example, try this.
You're taking care of a house for someone living in that gang infected neigborhood, and then goes out and piss off the gangs, they burn the house down.
The gangsters are still the criminals who burned the house, and they're the ones up for a trial and punishment for it.
But you're still a dick for putting your friends/clients house in danger by provocing them.

Just cause crime is illegal, it's still retarded to just pretend it doesn't exist, and that it's not a threat.

Or to make it even more simple, if you borrow your car to a friend, and he leave the keys unatended in plain sight/reach, and someone grabs them and steals and crashes your car, the thief is still the only criminal, but you're probably gonna be pissed at your friend for not taking proper care of your car.

Considering this has all happened so quickly, you can't help but link them all.

Even if he didn't do it, its his behaviour that has quite possibly led to this whole thing by someone else acting on his behalf in retaliation to Sony.

I'm tired of these fuck-faces and their stupid little crusades against companies just because they're big, and I'm even more tired of the people that voice their support for them.

And that smug little prick's face is even more unbearable than Kotick's grin.

You know, you're the second person I've seen spouting this nonsense, and I'd like to set you straight. It has absolutely nothing to do with childish notions of "sticking it to the man" and everything to do with consumers standing up and taking back the rights that companies have been getting a free pass on violating lately, and when they haven't been violated yet, preventing the violation from happening in the first place. Regardless of what the TOS says, if I buy something, it's mine, and as the owner, I have certain rights. End of discussion.

Actually, its not "fuck the TOS". The TOS is an agreement that you make when you buy it. If you don't agree, you don't buy it. Pretty fucking clear.

Sony have hardly put anyone's cock in a vice. The reason they close their systems off is because they don't want people to be able to pirate stuff which, funnily enough, started happening after this guy made pirating an option for everyone.

You don't sign the TOS when you buy the PS3, you're not informed about it when you BUY it, only after you get it home, after you paid the money, after you break open the box, and plug it in, making it unable to be returned for full value.

Also, that TOS wasn't even created when i bought my PS3 for instance, other OS's were allowed at the time (personally i don't care about that one, cause i don't need linux on my PS3)
But they can't just change the terms like that.

That would be like me selling you a car, and then after a year the manufacture shows up at your doorstep telling you that you couldn't drive it anymore unless you stopped fueling it with anything but gasoline from hs gas station, cause he says so.
You'd just tell him to fuck off, cause he is beeing retarded.

 

[Treblaine]

First time I've seen this guy's statements, and I already hate him.

HEY, YOU KNOW THAT THING I DON'T LIKE? IT'S TOTALLY THEIR FAULT!

No, it was the hackers' fault. End of.

Sony believes they own the client too, so ... they just put a trust boundary between the consumer and the client... why (would they) waste money adding pointless security between the client and the server?

Notice it's only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted. Because other companies aren't crazy.

GeoHotz hacked his PS3, that is HIS PROPERTY, he should by all rights (except stupid copyright) be allowed to do what he likes with it, have it run custom programs and so on to unlock the full potential of his hardware.

Just like everyone has been done for EVERY OTHER CONSUMER ELECTRONICS DEVICE!

The problem here is this perfectly innocent action left Sony totally exposed to attack because they stupidly assumed all the playstations out there would remain locked down so neglected network security.

Yes, the hackers are at fault but this is like a bank forgetting to lock the vault when they close up at night. Sony have been so negligent.

 

[Dastardly]

Stop generalising and THINK about what GeoHotz has said and what I have explained to you, rather than reducing them down to such simple generalisation that they can mean anything.

Network security = good

Client security = DRM = bad

You seem to be using the mad logic of:

geohots says security=good, -> security=DRM -> DRM=bad -> geohotz implied supports bad DRM.

1. You're passing over the border of reportable flaming and trolling. I suggest you take a step back and investigate a more mature tone to your posts. We've been generous not to report it so far.

2. I've told you several times, I'm aware of what GeoHot thinks he's saying. I'm aware of the dictionary meaning of the words he has said. I have no confusion whatsoever over the meaning of terms like "client" versus "customer" versus "security" versus "DRM."

3. I'm talking about how his response to this current situation will be received by the companies to whom he is directing it. He is not considering his audience or their position. He is not considering that this tactic is the opposite of the best way to make a case to them.

If I say to you, "Wow, that shirt is a lot better than the last one," then I am literally saying the shirt you have is better. I'm saying it's a good shirt, right? But how would most people take it? They'd take it as an insult to the previous shirt. But why? That's not "what you said," is it? To them, it is.

Communication requires two sides. What gets sent doesn't always match up to what is received, because people aren't computers (on either side of the transaction). When you intend to communicate an idea, you have to speak in the recipient's language. GeoHot isn't. He's locking himself in a single, narrow frame of reference, and not considering the bigger picture.

When people steal from someone, that is not the time to convince them to ease up on current security measures on either side. That's just going to convince them that they've been proven right--if they ease up, people will only steal more.

 

[Treblaine]

1. You're passing over the border of reportable flaming and trolling. I suggest you take a step back and investigate a more mature tone to your posts. We've been generous not to report it so far.

2. I've told you several times, I'm aware of what GeoHot thinks he's saying. I'm aware of the dictionary meaning of the words he has said. I have no confusion whatsoever over the meaning of terms like "client" versus "customer" versus "security" versus "DRM."

3. I'm talking about how his response to this current situation will be received by the companies to whom he is directing it. He is not considering his audience or their position. He is not considering that this tactic is the opposite of the best way to make a case to them.

If I say to you, "Wow, that shirt is a lot better than the last one," then I am literally saying the shirt you have is better. I'm saying it's a good shirt, right? But how would most people take it? They'd take it as an insult to the previous shirt. But why? That's not "what you said," is it? To them, it is.

Communication requires two sides. What gets sent doesn't always match up to what is received, because people aren't computers (on either side of the transaction). When you intend to communicate an idea, you have to speak in the recipient's language. GeoHot isn't. He's locking himself in a single, narrow frame of reference, and not considering the bigger picture.

When people steal from someone, that is not the time to convince them to ease up on current security measures on either side. That's just going to convince them that they've been proven right--if they ease up, people will only steal more.

1. This is not trolling. At all. Telling you to stop generalising is not trolling or inflammatory, your comments about GeoHotz however ARE inflammatory.

2. You are aware what he actually says and thinks but ignore it... wow. THAT is borderline trolling.
Also, you sure do seem confused to spite your dogged insistence.

3. You have given not the faintest reason WHY ANY company would conclude such things from GeoHotz statements that they wouldn't have concluded anyway.

Your T-Shirt-compliment analogy is tortured and I can't see how in ANY WAY it relates the GeoHotz statements even in the principal you have described. You conclusion that "GeoHot is now championing strict DRM" (your exact words) has given remains inflammatory and baseless. You have not retracted this and it still remains there yet to be amended:

That's right, folks. GeoHot is now championing strict DRM.

You also said:

"When people steal from someone, that is not the time to convince them to ease up on current security measures on either side"

When NO ONE SAID THAT! He said that Sony was "crazy" for neglecting security within their network. He says MORE security. The only suggested the REASON for the poor internal security was too much faith in strict DRM.