1243 posts • joined Tuesday 22nd April 2008 12:44 GMT
If running unsigned code on a client...
"If the security on a PS3 is compromised and it can access PSN unfettered, that represents a threat to the PSN security and any threat to that is a threat to the security of my financial transactions and information held within PSN."
If someone else running unsigned code on a client machine can expose your personal or financial data then Sony have dropped the ball and deserve to be sued for negligence.
It's that simple. If you're any sort of IT professional then you ought to know that relying on client security in a situation like this is a recipe for enormous, embarrassing and costly failure.
As for the rest -
"people who think that their actions have no consequence. Just like Geohot though that his breaking into the hypervisor had no consequence. Yet it did, it resulted in the removal of OtherOS."
Yup, what a wonderful reaction from Sony, someone finds a way of modifying the hardware to gain hypervisor access so everyone loses OtherOS. Except of course that PS3 slim models had no OtherOS anyway and it looks for all the world like Sony were looking for any excuse to drop it. Either way, it's not a proportionate response and is questionable in terms of legality (see ongoing lawsuits on OtherOS, not that I have any faith they will come to much).
Geohot was in the right, IMHO. Your blaming him for losing OtherOS is like blaming a free-speech advocate for the resulting government clampdown after they speak up.
"Downgrading your firmware back to a version prior to these is great and all, but things move, games get released, new firmware is mandated."
Sure it is, but much new firmware doesn't add anything and the games simply check a version number, this can already be spoofed. Games that genuinely require new features will probably be supported in time too, through the use of custom firmwares and further exploits.
"The PSN is Sony's network, not yours, the firmware is theirs, the encryption keys are theirs and the stolen service key that was cloned to allow the jailbreak exploit is Sony's too."
Actually, that specific instance of the firmware, within the limits of copyright, fair use and other relevant laws, is mine to do with as I please. Well, it is in my book, Sony would probably disagree and they can probably afford enough lawyers that anyone actually looking to do anything with their firmware ought to be careful.
And the exploit doesn't rely on a clone of anything, it's an exploit that mimics plugging and unplugging a few USB devices to overflow the stack and then inserting code in just the right place to get it executed. It may have needed a service jig to find the exploit, but the exploit itself doesn't rely on any copyrighted stuff.
This downgrade stuff may indeed be based on a stolen or 'borrowed' service jig, nobody knows yet as it appears to be all hype.
I don't necessarily disagree when it comes to the PSN, it is Sony's network to do with as they please and they may choose to boot people off that they consider to be pirates, or who have the ability to run unsigned code and could be running bots, cheats, trainers or whatever else.
However your reasons not to want compromised systems on the PSN are unbelievably dumb. Sorry, but they are.
Personally I really like what happened on the PSP - custom firmware arrived that allowed you to boot into homebrew mode, which Sony could detect and not allow network stuff to run, or into original mode which would get you online but not allow hacks.
And the reason I attacked you character was because you seemed genuinely angry about people gaining access to their devices and genuinely gleeful at the idea of retribution from on high. By a huge corporation, on hobbyists. You seem to delight in the idea of authoritarianism and that's usually not a good thing in terms of character.
Well, if you're the only person in the business of white iPhones, sure, you're only competing with yourself and can sell for whatever you like!
Why is there so much bile in your post?
Really, your words drip with bile. If you don't wish to do this, why all the hate?
To address some of your concerns -
1 - Firmware 3.41 was current up until a couple of months back. 2 months doesn't make a game 'classic' in my opinion, nor that of the gaming shops.
2 - You can already run some games that rely new firmware on 3.41
3 - I disagree that running the games I bought from the hard drive or running homebrew is pointless
4 - This is a question of ownership of a machine I bought, not some mission to harm Sony. It's MY computer. I will run whatever I want on it.
5 - Some of us have better things to do with our time than spend it playing online anyway. Perhaps you ought to get some IRL friends, it might help with the anger issues you seem to be having.
3.42 reliant games can already be told to run on 3.41 and 3.15. I'm sure it won't be long before 3.5 games can be made to run on 3.41.
As for PSN access... well it works with 3.41 and the hack right now. So FAIL on you, 'freetards', as you so delightfully put it, will not have to mess around flashing things back and forth.
Also, who gives a crap about racing games? Most boring genre after those dumb flash games dressed up brain as brain exercise.
What's the processor?
I have a sheevaplug which is great, but firstly it's a couple of years old now (and there are better chips available) and secondly it's on the other side of the planet.
So what are the actual specs here?
I'd love to hack debian linux on to it....
Isn't it fair?
No it bloody isn't!
I pay you a fee for a number of GB a month, and I expect to get that delivered. If your infrastructure can't cope you have no right bitching about it and shouldn't have sold me the data allowance in the first place.
Here's a hint, the BBC, Google et al, they all pay for their net access too. Everyone pays their provider for access to the net and they get just that, net access. That's how the internet works.
If you can't afford to provide your customers with the bandwidth they want (and PAY FOR) then raise your prices and improve your infrastructure.
This is nothing short of extortion.
Can't log in to the account
Amazone require an https login to actually buy anything. Not sure about what happens if you have 1-click turned on.
And if facebook can affect my credit rating then, frankly, I can do without one. I don't operate on debt anyway.
They screwed up.
Cheap, solid state storage, no Windows, 10 or less inches. Good netbook formula.
When you start trying to put windows and full, heavyweight windows apps on them, and then slow them down and make them more fragile with a hard drive, then make them almost as big and almost as expensive as a regular laptop/notebook, then you've failed.
So you can get into mah facebooks. Big whoop. If I log on to fb and someone has posted something nutty/obscene under my ID, or shared all my data with a billion and one 'applications', I should care why?
Likewise amazon, really, as long as it's not the actual purchasing bit.
I know, I know, computer security, personal data, blah blah blah, but who really gives a crap if some geek in an internet cafe can see your mate's status updates about how wrecked they got the other day, pictures of someone's new baby, or if (as happens frequently when someone leaves an unattended machine somewhere) there's an unexpected status update proclaiming a joyful appreciation of being on the receiving end of a bit of bottom-sex?
Sick of the shills
Maybe WP7 is a good platform. But the hype is annoying.
The breathless adulation that comes through in many of the articles and a lot of the comments just doesn't right true.
It started well before the platform was available, with 'ordinary citizens' posting positive reviews and comments on net forums when it was pretty unlikely that any ordinary citizen could even have seen a handset, let alone had time to form such strong opinions on the platform.
Maybe I'm just cynical. But I don't think so. Even if it is just fanboi-ism it makes me sick.
I was in [CT], which never did an awful lot, we were running out of one of the halls of residence at Imperial College back in 96/97. We played a few matches against [SG] (Spice Girls) who, IIRC, were at Birmingham uni, some DM and some TF. One or two other matches but not a lot.
I loved QW TF...
I remember taking on a few of the [QL] (Quake Lords) guys 1:1 on duel servers and getting my ass handed to me, which suddenly turned into some sort of bizarre reverence when I told them I hadn't learned to use a mouse to play Quake with yet and had managed a few kills... After that I learned and got better!
And of course there was Sujoy Roy running around looking like a great orange hulk and fragging everything in sight.... Dear god, the man has an entry on wikipedia. I either want to kill him or steal his life, I'm not sure which!
CT stood for Clan Trumpton and we named ourselves after the firemen. Pugh, Pugh, Barney-McGrew, Cuthbert, Dibble and Grubb :)
I was Captain Flack, the one doing the roll-call. I believe we had a Windy Miller and a couple of other characters too. Ah, good times!
As someone who's been using these for years
It's about time the world started to notice.
Marvell's kirkwood architecture at 1.2GHz is already powerful and fast enough to make decent client machines, browse the web a bit, serve up media to the telly and play some a bit of music. And all for a few miserly watts.
By the time these clock double and stack multiple cores on a single chip, there's next to no reason they shouldn't be used in a datacenter.
Supercomputers, perhaps not yet, but FLOPs-per-inch have got to be approaching x86, and FLOPs-per-watt must be ahead already.
Errr.... Birth of the clans through unreal? Get real!
The clans came about in 1996 at the latest, with Quake and Quakeworld. I know 'cos I was in one!
Quakeworld, a low-bandwidth, latency-reducing Quake-1 modification is what really kicked off multiplayer FPS over the net, modems or 'real' connections. That and the guys that made QSpy - later Gamespy, so that you could find a game and launch into it with a few clicks.
Unreal Tournament and Q3 came along years later.
This article is revisionist history!!
This is why real FOSS is good
Because if java was a real open source, patent free, unencumbered language, this nonsense couldn't happen.
Whilst I do find it entertaining to watch the giants slug it out once in a while, I'd rather we had a world without this nonsense.
"you mock the US's use of mag stripes. in the US, when your card has fraudulent activity, the card issuer is required to prove the authorized user initiated the transaction by either signature or an ATM photo. from what I understand, under "chip and pin", merely the use of the pen proves that the transaction was authorized and the user must find a way to prove that it was not."
Not true. The credit laws in the UK (dunno about europe as a whole) have the same provision. Any dispute requires an immediate refund by the credit card issuer, who then undertake to investigate the fraud.
If Chip & Pin was not used then the retailer assumes liability and refunds the money to the bank and must investigate the fraud themselves. Or just write off the cost.
If Chip & Pin was used then the bank assumes the blame and investigation costs/procedure.
But here's the rub - EMV is pretty secure. I'm sure there are exploitable holes in there somewhere, but it's pretty secure, so it becomes more suspicious and the banks will look into it very closely.
I don't believe that there have yet been any successful Chip&Pin card clones. The current fraud vectors are magnetic strip and customer-not-present (i.e. internet stuff). The strip is the major hole because it is clone-able and retailers have the option to accept it, at their own risk. I'll be glad when it's gone.
Debit cards operate under different legal frameworks but the fact that, as yet, no clone fraud has occurred makes your situation pretty unlikely.
because cloning ain't possible right now
"(and why, if someone installed hardware to clone a mag stripe, wouldn't they clone the chip too since it is in fact cloneable?)"
'cos it's not possible at present.
It's possible to intercept comms between the card and the terminal, maybe find out the PIN by a bit of decoding, and create mag-stripe data from the info you've gathered. This does not allow you to create a cloned chip card.
In fact, IIRC, the only current cloning method involves using an electron microscope to try to read the key off the in-chip storage.
"banks in the UK at least have this fantasy that it is not, and hold the cardholder responsible for fraud"
That's actually illegal if we're talking about credit cards, they are obliged to refund the money immediately you tell them a transaction is fraudulent.
I would be genuinely interested to read about cloning techniques if you know some concrete details though, I used to work on EMV systems (retailer, issuer and acquiring bank systems).
The most I can find is that some cambridge researchers have figure out it's possible to clone an SDA card (the cheap type which we ought to move away from) and then use it only for offline (very low value) transactions. Not much of a threat there compared to mag strip eh?
E stands for Europay, who used to operate the mastercard scheme in europe, if my memory serves me correctly. They were merged into mastercard a few years ago, but the three companies that gave the scheme their initials are the three that founded it in the 90s, IIRC.
EMV - Europay, Mastercard and Visa.
cash machines have had chip and pin for years
The only type that don't do it are the dodgy ones you find in shops that ask you to insert and remove your card. The inner workings of Bank ATMs have used chip for ages.
Most likely is that there's a hybrid reader inside, in case someone without a chip or with a broken chip tries to use the machine. This is the major weakness in the system, though should be getting phased out over time.
You could already take stuff purchased in the duty free shop through quite happily, because the duty free shops are between security and the plane. It was liquid from outside you couldn't take onboard.
This will have the in-lounge vendors in tears because during the restriction people couldn't even bring a bottle of water through and therefore pretty much had to buy anything they wanted to eat or drink from them.
Depends on what the power user is doing
I have a pretty beefy laptop - quad core i7 - which I use to run a variety of virtual machines which I can reset after testing out various scenarios.
This could conceivably be provisioned centrally for the dev team, and I could then get away with having effectively a dumb terminal from which to read email and log into other machines, OTOH I like to have control.
And am I demanding. Hell no, I installed a non-standard OS on the machine and do my own support.
I can see the ego factor, but matching budget and hardware to actual needs is what you should be aiming for. Blanket policies in which everyone gets the same may save cost on purchasing but they have to leave room for edge cases.
I'm just not seeing it
iPhone has Mac fans and other hip types. And lots and lots of people who want an easy/shiny smartphone experience and the Apple brand.
Android has geeks and customisers, and lots and lots of people who also want easy/shiny smartphones, some of whom know about the google involvement.
Nokia has hoards of loyal Nokia customers who still have some sort of niggling idea in the back of their heads that Nokia means capable and reliable.
RIM has business in its pocket.
Where does windows fit into this market? Are they trying to poach the "oooh shiny and simple" customer base from iPhone and Android? Because they're not going to get many geeks and MS doesn't have the cool factor of Apple.
Actually, MS doesn't have the cool factor of an old pair of tweed slippers.
It's quite good. The Xbox 360 never did play nice with others though
I've used a variety of FOSS and commercial DLNA servers and clients. They all work to varying degrees.
I think the best combination would probably be a playstation 3 setup to play against a good, powerful server that ran mediatomb, where mediatomb was set up to transcode all the unsupported stuff. It's annoying as hell that the playstation just refuses to play a lot of things. My Samsung Tv can do more formats but for some reason lacks the ability to pause.
And the Xbox 360 refuses to play with most FOSS servers other than ushare. And then ushare has to be built with xbox protocol extensions.
Despite DLNA being nothing new, it seems we're still quite a way from the seemless "plug into network, play all media" scenario that they were hoping for. Or maybe they weren't, what with the tightly controlled format specs.
Can we stop with the cloud stuff please?
It's basically just a small linux server. You could even call it a NAS.
To use the term 'cloud' for this shows just how meaningless the term 'cloud' has become.
is 'the cloud' limitless remote storage? Is it SaaS? Is it processing power on demand like EC2? Is it webapps? Or is it now just anything with a network port?
getting sick of this nonsense.
Who's going to start a case for two and a half grand?
If you have a legal firm willing to work on a no-win-no-fee basis and they come to you and say they'll get you a few grand if they win at no cost to you but the odd letter and a bit of effort helping us get the case straight now and then...
I would, wouldn't you?
And in this case there were 130 grand awarded. I'm sure the lawyers will take a nice chunk of that, but I wouldn't be turning my nose up at half or even quarter of that figure.
I'm sorry, what?
Under what legislation or contract are you doing that?
"As long as your not ripping off someone else's hard work for your own personal gain or damaging the right holder's reputation, there's no real problem."
Yes, there is, using other people's images without their permission, especially in a corporate setting, which is pretty much by definition "for profit"
Stop, now. Go find some creative commons, public domain or free stock images. Flickr is not what you think it is.
My tongue is hanging out and I'm salivating.
(though I'm not 100% convinced by the design of the nose, the rest is damned sexy).
Good luck with that
Most programmers are still struggling with the idea of having a few threads around, never mind actually parallelising algorithms for efficient work on embarrassingly parallel architectures.
Nvidia may well be able to provide a ton of computer power compared to intel, but it's the question of how well it can be utilised and by how many that will need to be answered before it can get anywhere close knocking chipzilla off its dominant perch.
Pint icon chosen because it's friday afternoon here and I feel a pint isn't all that far off...
God I wish I was that useless
that someone would pay me 35 *million* to leave. How does one go about become that obnoxious and poisonous that people are so desperate to see the back of you they'll pay more than most folks earn in 30 lifetimes?
And count me as another who immediately thought "GNU/Hurd?"
Safe programming languages are all well and good, but the runtime still has to be safe, and someone has to write that in an unsafe language.
And I'm pretty sure ActiveX had a lot more wrong with it than a few buffer overflows....
Either way they are not the only solution. You can have as many safe languages as you like, but if users are to be free to install what they like then people will get malware.
Just because something's written in C# doesn't mean it can't keylog or raid your mail address book. People will always need to be careful where they get software from, unless they are willing to completely give up on freedom.
I'm not, though my mother might be.
As a linux user...
... I see nothing wrong with creating trusted repositories of software. It's how it's done in the linux world.
Repositories look after their own content, the user selects software from the repo. There's absolutely nothing to stop users adding extra software sources if they decide they need and/or trust them. There's also nothing to stop you downloading and installing stuff at random from the internet if you want to, though it's less advisable.
A similar system for windows (I'm guessing that's what the article is about, though it's not clear as it just mentions "x86" a lot) would probably be a step in the right direction, so long as it's not actually going to try to prevent people from running things from other sources.
Probably worth mentioning
That OS X 10.3 is a PowerPc native beast, and the hacker in question has not created and ARM version.
What he's got is a Mac/PowerPC emulator running on the N900, which just-about has enough oopmh to run 10.3.
Still kinda cool...
Whilst you are in some ways right
...that EMV Chip and PIN cards are mostly an exercise in shifting the blame, you don't have the details. The card IS part of the security system and contains a small crypto processor.
They DO have secure one-time authentication in the EMV system. The card itself produces a cryptogram of the transaction amount, date, time and a few other bits and pieces that the terminal verifies. the card also produces another cryptogram that the terminal cannot read and is sent to the authorising bank so that it can verify that the transaction details are identical as understood by the card and the terminal and nobody's trying to interfere.
Yes - you can still skim magnetic stripe card details and use them in some places. That is the weak link. EMV is only secure if merchants refuse to take mag-stripe transactions.
Right and wrong are highly subjective
And the methods used by copyright enforces are highly error prone.
These two things in combination ought to be taken into account before railing against freeloading scumbags.
Not that I have any problem with them getting their due, but lets not make pronouncements about moral absolutes where there's an awful lot of grey territory.
Well the americans are keeping it secret
And we couldn't possibly break rank now could we?
Makes me sick. All the countries are keeping the whole thing very secret. What is known is that the big IP stakeholders (the large patent holders, the movie and music businesses) are party to what's going on, but the people and even most politicians are not.
What's likely going on is a treaty that will massively strengthen these things and introduce new penalties for cross-border infringement. It will be presented by the industries and the few political leaders that are involved as a fait accomplis and a necessary framework for continuing business.
And it will inevitably result in more happy lawyers as the scope of IP related lawsuits gets widened massively.
To anonymous coward - If not counterfeiting then what else is unauthorised copying? What else is duplicating someone else's patented functionality? These things can be stretched to mean whatever people want them to mean.
Good luck with that
They have the internet now I hear...
More seriously, it's high time we rejected censorship and took away from the BBFC the ability to refuse to classify something. If they want to invent a new classification to cover "we don't think anyone should watch this, ever" then fine, but beyond that they should have no power.
Uber-geeks got the reference design...
...sheevaplug from Marvell/globalscale on release day.
Awesome bit of kit. Making it do that stuff without me having to spend days messing around with uboot environment settings, OS install and then software setup would have been pretty cool though!
And linux does it 100 times faster
Not that I want to start a pissing contest, but it's been done in more than MS's products.
The problem here is that the VM ought to work the same everywhere so no clever stuff should be needed. Looks like that needs to be re-evaluated.
Well there should be some sort of punishment
For people too inconsiderate even to stick their phone on silent during a meal out at a restaurant.
Not Brian and Kevin's sequels, prequels and the rest, please, Nooooo!
I'm an easy reader to keep happy, I'll willingly suspend my disbelief as much as you like. I won't analyse too much (unless asked to), I'll just enjoy the journey and the fantasy world. The Brian Herbert and Kevin J Anderson books are some of the very few that have ever broken me out of the reading trance with thoughts about how cheap that particular plot device was, or how shabby the writing.
Hunters and Sandworms were basically an excuse to have their cliche'd two dimensional add-on characters interact with FH's and try to gain some legitimacy by proximity. They end in a huge series of Deus-ex-Machina events that are a poor excuse for not being able to write a real plot.
I know, I know, I still read them all. I'm my own worst enemy and I shouldn't be encouraging them to write more.
At that weight 10 hours is great. However - Asus has some of their eee range up to that sort of battery life with Atom.
Not as light, as thin or as pretty, but they've got there. I wonder if the usage patterns compare.
Hmmm. Still interested but too pricy and battery life not as impressive as promised.
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Lightning strikes USB bosses: Next-gen jacks will be REVERSIBLE
- Pics Brit inventors' GRAVITY POWERED LIGHT ships out after just 1 year
- Storagebod Oh no, RBS has gone titsup again... but is it JUST BAD LUCK?
- Two million TERRIBLE PASSWORDS stolen by malware attackers