Everyone makes a big deal about "White Hat" and "Black Hat" hackers, but don't realize that you should divide hackers into more diverse groups.Arachon said:
GeoHot Sounds Off on Sony's PSN Debacle
- Thread starter John Funk
- Start date
That's probably the first time that i've agreed with that little tosser.
Sony was wrong to act so arrogantly but they definitely didn't deserve this. and neither did the people who's info was stolen. but an example has been made because sony failed to do anything about it. I get the feeling that wont happen again, especially if theres any truth to this "will cost them 24 billion" story.
Sony was wrong to act so arrogantly but they definitely didn't deserve this. and neither did the people who's info was stolen. but an example has been made because sony failed to do anything about it. I get the feeling that wont happen again, especially if theres any truth to this "will cost them 24 billion" story.
For certain eh? I heard it was a rumour, but that was a while ago and I haven't searched for it yet. If you have a source I'd love to read it.odd function said:
That's right, folks. GeoHot is now championing strict DRM.John Funk said:
"Never trust the client," he says. Meaning a company should never trust that its console is secure. That means all of the security has to be handled on the company's end, which means removing trust (and thus freedom) from users.
Now, of course, GeoHot only thinks he's talking about securing personal data, not understanding the full ramifications of the idea he's pushing. Seems part for the course for the adorably-ignorant li'l nipper.
They never charged for multiplayer to spite every analyst in the business screaming at them that they should like XBL does.EmmerikXXII said:
But that's more benign than benevolent.
Unfortunately publicly owned companies like Sony (and Microsoft) do not have benevolence as an option as greedy gaggles of shareholders flip their shit whenever they see companies "giving stuff away for free", say shit like "I'm not investing in a charity" and can wipe MILLIONS of actual money off Sony by selling stocks drastically.
Thankfully privately owned companies like Valve can do what they damn well like and can have amazing sales like ALL WEEK 80% off ARMA II! And as a result the company is more valuable per-employee than Apple Computers.
In conclusion: fuck public company ownership. It just leads to tragedy of the commons as instead of the company actually being run by the smart people who built it up, it's effectively ruled by the will of risk-averse and money-motivated speculators.
He could have stated it in a more intelligent, less-juvenile manner, but I mostly agree with what he said.
This part
I still want to punch him in the face every time I see that stupid picture of him though.
So am I understanding this right:
Sony had no security for PSN beyond the security that is on a Playstation unit?
If that's true it's completely appalling and Sony deserves to go out of business for it.
But that can't be right... can it?
This part
is an excellent point, especially.
I still want to punch him in the face every time I see that stupid picture of him though.
So am I understanding this right:
Sony had no security for PSN beyond the security that is on a Playstation unit?
If that's true it's completely appalling and Sony deserves to go out of business for it.
But that can't be right... can it?
This is coming from Sony themselves.Ultimatecalibur said:
http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/
That is NOT what he meant!Dastardly said:
DRM is Client side control! That is Client-to-customer security, what he explicitly OPPOSES!
You are misunderstanding and misquoting with "never trust the client" as he said that because client side would be CONTROLLED BY THE CUSTOMER! Either :
-the companies make the client DRM free (a desktop PC), or
-the customer will MAKE it free of DRM (PS3/iPhone jailbreak).
Geo-hotz is saying quite reasonably that if you have bought and own a device like a games console then you can do anything you like with it and more than that Sony should assume that they will.
It is NOT DRM (as we know it) for a company to control access WITHIN their network, DRM is hated because it reduces the hogties the capability of the hardware we physically own. Geo-hotz is lambasting Sony for trying to protect their network WITH DRM on the client-side!
Networks NEED to be protected because the customer cannot be trusted, any troll can buy a client, and Geo-hotz is not in any way saying DRM is a way to nullify that distrust. The networks are actually best protected on the server side because:
-active security: anyone who tries to crack the network will have live technicians to counter it, jail-breaking a PS3 is easy as you can work away at it in secret for days. PSN was so compromised because once PS3 were cracked the PSN had so little internal security the only defence was switching it off!
-Centralised: trying to crack a proper server-side-security network is so hard as there is only one point to attack, it won't go unnoticed. All the millions of PS3 consoles out there, impossible to plug all those holes
-controlled: a server side network security can be far more organised because the company ACTUALLY OWNS the security mechanism, they can have servers in effective hunting and gate-keeping roles. Every PS3's built in security has to stand alone and play by a dumb rule-book
-Live: a server-side-secure network can have security code updates every day, every hour, every second even! A PS3 has ONE code and unless the customer actively keeps the PS3 plugged to the network it can section it off and beat the code out of it.
Please. You know nothing about what DRm actually is.
No, REbug(what everybody assumes is the client used for this hack) is developed by Team REbug and actually predates fail0verflow's work(which is what sony wrongly accused Geohot of making)Braedan said:
Except that this is a post taken from his blog by the Escapist and Geohot had absolutely no say in making this front page news.Veloxe said:
My understanding is the security within the network is token and only adequate to prevent employees going where they are not supposed to go... not an experienced hacker who has infiltrated.beema said:
You could call it "velvet rope" security, you know those velvet ropes they put around in hotels, they stop abiding people going the wrong places, but an aggressive invasion they will barrel right through.
MINE TOO!Irridium said:
But people really need to lay off Sony and start blaming the hacker(s).
You, take a chill pill. Prescription strength.Treblaine said:
And you, drop the name-calling. I know what "client" means.UrKnightErrant said:
I'm talking about the ramifications of what GeoHot is talking about, not what he is directly saying. We're talking unforseen consequences, because he's not thinking far enough ahead.
Look at Steam. It's a DRM measure. Depending on who you talk to, it's "very invasive" or "the best example of well-done DRM ever." Rather than including restrictive DRM in the game itself, it's the platform around the game that provides the DRM function--you've got to "check in" online to access your games.
The reason it works has a lot to do with customer service, sure, but enough people complain about it that it's surely not the only reason. It's also because of the fact that it's a convenient and relatively invisible form of DRM. It doesn't require much work on the customer's part... because it's not at all handled by the customer.
More and more companies are going to start moving toward this type of "must be online" DRM. There are plenty of online services that have a de facto "always online" DRM. World of Warcraft is very controlled in that way--the work it takes to maintain a secret little private server is beyond the scope of most folks.
That means more and more things like PSN and Steam and XBL and so on... specifically because it removes some of the work (and thus control) from the client side. But when folks like GeoHot (high profile hacker) start spouting about how Sony brought this on themselves by believing the client was secure...
Sorry, but businesses are never going to give up on protecting the digital rights to their products. Basically issuing sideways little hacker threats is just going to scare customers (and the businesses that want their money) into making those online DRM measures more "secure" by making them far less convenient and more restrictive.
Trying to convince someone to leave their house unlocked by stealing from them (or defending those that do) is only going to make them get more expensive and difficult locks. GeoHot is pushing an agenda that seems specifically designed to tell every company out there not to trust the customer with any freedom whatsoever--it certainly hasn't convinced them to give more.