Friday, April 29, 2011

PR Advice

From our friends at Amazon, who respect their customers.

A full technical writeup, how they will fix it, a fair credit, and an apology.

And clearly, they are doing it right.

Thursday, April 28, 2011

Recent News

To start, I sure am glad I don't have a PSN account about now. And, as a onetime victim of identity theft, I feel for everyone who's data has been stolen. I'm not going to make cracks at Sony for flipping a shit when /their/ data is compromised, and not even having the decency to apologize when it's your data that's misappropriated.

And to anyone who thinks I was involved in any way with this, I'm not crazy, and would prefer to not have the FBI knocking on my door. Running homebrew and exploring security on your devices is cool, hacking into someone elses server and stealing databases of user info is not cool. You make the hacking community look bad, even if it is aimed at douches like Sony.

One of the things I was contemplating back in early January was a PSN alternative, a place for jailbroken consoles to download homebrew and game without messing up anyone else's experience. Unfortunately events led me off of that path, but gamers, if I had succeeded you would have an alternative place to game online with your PS3 right now. I'm one of the good guys. I used to play games online on PC, I hated cheaters then and I hate them now.

Also, let's not fault the Sony engineers for this, the same way I do not fault the engineers who designed the BMG rootkit. The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea.

Now until more information is revealed on the technicals, I can only speculate, but I bet Sony's arrogance and misunderstanding of ownership put them in this position. Sony execs probably haughtily chuckled at the idea of threat modeling. Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client(can't trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server? This arrogance undermines a basic security principle, never trust the client. It's the same reason MW2 was covered in cheaters, Infinity Ward even admitted to the mistake of trusting Sony's client. Sony needs to accept that they no longer own and control the PS3 when they sell it to you. Notice it's only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted. Because other companies aren't crazy.

And let's talk about Sony's use of the word illegal. It is illegal, criminally so, to break into someone else's servers. But when the same word is used to refer to streaming a song from a non RIAA approved website, or to *gasp* playing a homebrew game on your PS3, respect for the word and those who say it is lost.

Weighing in quickly on the whole hacker vs cracker thing. I am a hacker. Whoever did this were hackers also. The media will never start using the word cracker. To me, a hacker is just somebody with a set of skills; hacker is to computer as plumber is to pipes. And the same ethics should apply, if you want to mess with the pipes in your own house, go for it. But don't go breaking into people's houses and messing with their pipes. (Note that I do not endorse water piracy)

To the perpetrator, two things. You are clearly talented and will have plenty of money(or a jail sentence and bankruptcy) coming to you in the future. Don't be a dick and sell people's information. And I'd love to see a write up on how it all went down...lord knows we'll never get that from Sony, noobs probably had the password set to '4' or something. I mean, at least it was randomly generated.

Saturday, April 16, 2011

$10,000 to the EFF

As promised, all left over legal defense money, plus a little to bump it to a nice number, has been sent to the EFF. Thank you all so much for your support, without it, things could have been much worse.

This money goes to the EFF in hopes that America can one day again be a shining example of freedom, free of the DMCA and ACTA, and that private interest will never trump the ideas laid out in the constitution of privacy, ownership, and free speech.

At the end of the day, something I take comfort in. The PS3 got OWNED.
"Once the code works they'll never be able to take it away from us."

Will you be continuing your work on Sony products anonymously?
Nah. As much as I don't respect the goons at Sony, I do respect the court.

Will future research on Sony products be chilled?
Nah. If you piss them off enough for them to pull out the legal team and their million dollar checkbook, worst thing that happens is you have to super swear to never do it again.

Will Sony do a better job with security next time?
LOL, I think they'll do a lot worse. It wouldn't surprise me if the people who did PS3 security were fired. And I'm curious as to who Sony is hiring for NGP security. Lawyers? Get the code to sign a contract that it won't have exploits? You shouldn't piss off the community of people who are actually talented at this stuff. Hell, maybe you even pissed off your engineering employees enough to leave some nice backdoors?

Friday, April 15, 2011

Sticking it to SONY

Check out this guy, Joel Tenenbaum.

Sony is pissed off about file sharing and takes it out on one guy.
These are the decisions of the brilliant minds in their legal department.

At least they didn't drag him to California, like they are doing with class representative Huber in the OtherOS lawsuit.

Check out the sketchy legal tactics used by big content.
For some reason I think if Apple ever sued me they'd be fair.

Wednesday, April 13, 2011

To Any Stronger than I...

If you'd like the legality of jailbreaking your PS3 resolved, file for a declaratory judgment on the issue. Keep it out of the ninth circuit, and you'll probably have a good shot. To anyone seriously considering this, get in touch with me.

Tuesday, April 12, 2011

An Enlightening Article

Here

Haha, perhaps the boycott is working. I made NASDAQ news :)

OMG even NGT wants to join the boycott.

A New Topic

One of the new focuses of this blog will be following the OtherOS lawsuit. These class action lawsuits are the type that can bankrupt or do seriously financial harm to a company, and finally get Sony to realize that they are not above the law as they would like to believe.

When OtherOS was first removed, I had no doubt it was due to the hypervisor exploit. I mean, that's plausible, and it's what Sony said. But then I started to reconsider. OtherOS removal is a completely stupid step considering no one had even done anything with the hack yet. And the exploit was totally patchable. And it took them two months to remove it. And it's still on everyone's PS3 who didn't update. In early February, post HV hack, Geoff Levand promised that OtherOS would remain in the phats. Now Sony is being squirrely and trying to stop him from being deposed. This raises some serious concerns about what they are trying to hide.

SCEA also likes to play games with their corporate structure. They are whining to the court, saying they didn't remove OtherOS and that they are just the messenger. And that they can't get the documents and communications saying why because SCEI has them. Then at the same time they assert, well you know we can get the documents, but you have to agree to never name SCEI as a defendant. If I were the plaintiffs, the first thing I would have done is added SCEI and got a motion to compel on those docs.

As a quick sidenote, they claim restoring Linux to your PS3 is "not only prohibited under Sony's agreements, but is illegal" This is an example of a lie. EULAs are not law. Sony's beliefs are not law. You win a case cleanly against someone who restored the Linux you took away from their PS3, then we'll talk.

And some of Sony's words just really unsettle me. "You don't have an ownership right in the software that Sony Computer allows you to use. That's the whole point of the license agreement, it's not an ownership interest, it is a privilege that Sony conveys on them." Should I feel privileged to give you $300? If you take the privilege back, what can I do with my uncontested ownership physical PS3? If I stop using your software and install my own, you'll sue me.

But most troubling of all is what Sony is doing to the people who have stepped up to represent the class. Sony has attempted to demand inspection, and by inspection they mean full copies, of not only the representatives PS3s but of their home personal computers. To any reasonable person, it's clear Sony doesn't expect to find "evidence" there, it's just simply to harass the representatives. And the harassment worked on one, he pulled out of the suit citing privacy reasons. Know what Sony did? They tried to demand inspection of his things anyway. You get the message? Basically if Sony does bad things, you better not call them out, or they'll attempt to make your life hell.

Monday, April 11, 2011

Joining the SONY Boycott

As of 4/11/11, I am joining the SONY boycott. I will never purchase another SONY product.

I encourage you to do the same. And if you bought something SONY recently, return it.

Why would you not boycott a company who feels this way about you?

There is much more to come on this blog.

Sunday, April 10, 2011

"Without Me"

"What does censorship reveal? It reveals fear." -- Julian Assange

Wednesday, March 23, 2011

Fearmongering

Apparently, I have fled the country. ROFL

Factually, it's true I'm in South America, on a vacation I've had planned and paid for since November. I mean, it is Spring break; hacking isn't my life. Rest assured that not a dime of legal defense money would ever go toward something like this. And of course Townsend loves the idea of painting me as an international fugitive. I have been in contact with my lawyers almost every day; I would not let the case suffer. That said, I also won't let this ridiculous lawsuit run my life either. Then the fearmongerers win.

I will be back, I hear it's hard to come by the Xperia Play down here.

Saturday, March 19, 2011

Life's Good

And recently in Sony news...

Head of "PlayStation brand management" Peter Dille quits. I'd quit too if I saw 6 years of my work getting flushed down the toilet.

Koushik Dutta, creator of the famous Android "ROM Manager" and "ClockworkMod", turned down a job interview with SCEA due to Sony's abuse of the legal system. Props for sticking to your morals. And I quote Koush, "Good, enterprising, devs should never find themselves short of opportunities." True that. Looks like Sony will be stuck with the desperate sell out devs. Don't say you weren't warned.

Tuesday, March 1, 2011

Sweet

defective by design

And still LMAO about the unhackable PS3. Know how I got the metldr key yet?

Monday, February 28, 2011

Haha

This
Sony, if you were any other company I'd be on your side. But you started it. See yet that no one really wins in lawsuits?

This, posted in the comments, made me chuckle too. Who filled it out, and did you listen?

Saturday, February 26, 2011

SCEA Management Quotes

Jack Tretton
In 2007, when asked "Why not have some homebrew game support?", he replied
"I think that is something that is in the works. We certainly see some of the stuff that has been done via homebrew, and it's incredibly creative. And I think we'd like to try and tap into that a little bit more."

Bret Mogilefsky
In 2011, Bret is making declarations to support the SCEA side of the case. But back in 2000, he saw the truth. He supported DeCSS by adding a banner to his personal website. The banner links to a site saying "I've been really mad about the recent spate of horrible witch hunts by the MPAA against people who use, distribute, or even LINK TO sites that distribute DeCSS, a piece of software used for playing DVDs on Linux."

Geoff Levand
On February 10, 2010, after all my hypervisor work had been released, Geoff says, and I quote "Please be assured that SCE is committed to continue the support for previously sold models that have the "Install Other OS" feature and that this feature will not be disabled in future firmware releases." What happened?

Kaz Hirai
"RIIIIIIIIIIIIIIIDGE RAAACER!"

I bet Ken Kutaragi wouldn't stand for any of this nonsense. Source: Jack Bret Geoff Kaz

Friday, February 25, 2011

graf_chokolo

As many of you already know, 2 days ago his house was raided by the German police. Talk about a guy who clearly had no involvement at all with piracy, cheating, or the things Sony claims to care about. Do you want to know what he has that enrages the suits at Sony so much? Talent.

Some people call me immature, and you know what, they are probably right. Some call me stubborn, and they are right too. But this pales grossly in comparison to Sony, who is so butthurt over the PS3 being hacked they they are blinded by rage and incompetence.

A question, how many people do you think knew or cared on January 10 about all this? Maybe a couple hundred thousand? Under a percent of your market share. And these are geeks, who frankly aren't going to change their content purchasing habits based on the news. These are the kind of people who really are hacking their PS3 just for the sake of doing it, just cause it's cool. The kind of people who are telling you the truth when they say they really did just hack their PS3 to run Linux. Or they are diehard pirates who never would have bought the games anyway, you know the type.

Now fast forward to February 25. Consistently, the top Sony related news article is about the PS3 being hacked. And the causal gamer comes along and sees, oh cool, the PS3 has been hacked, now I don't have to buy games. With a few google searches, they come across stuff that I or graf_chokolo had nothing at all to do with. They install it and hit the torrent sites. Hell, I was on a political news show last night, you think those people ever would have heard about this?

Just imagine what the third party devs are thinking. The PS3 is hacked forever and Sony can't do anything but fire away at scapegoats. Great confidence boost.

This grand show against people who aren't even pirates has to be one of the worst corporate moves in recent history, perhaps even as dumb as the rootkit fiasco. Your competition fixes the problem technically and moves on. They want it to stay quiet. And as far as sending a message to "evil" hackers goes, it really isn't working. Just read the writings of graf_chokolo.

And I quote "SONY wants about 750.000 euros from me if i don’t cooperate They don’t know me at all I don’t care about it and they might double it The higher is the sum the higher gets my motivation They don’t understand what makes me tick. Money and even my life doesn’t mean to me very much without knowledge. I have a scientific mind and the knowledge is food to my brain."

They'll never understand people like us. They are scared, as they rightfully should be. We built your PS3. We built this world. We are not mindless consumers. It is us with the brains and curiosity, not you with the guns, jails, suits, titles, and dollars. And the truth is, if all of you disappeared tomorrow, the world would continue on fine. Good luck surviving without people like graf_chokolo.

Thursday, February 24, 2011

The Alyona Show

I will be on the Alyona Show tonight at 6:45 EST

Watch

Respect

Here and here. Basically the Killzone 3 devs said, "We will combat cheaters with patches." And I bet they'll do it right.

Now if only Sony knew how to patch to make 3.56 non decryptable, the cheater problem could be easily fixed platform wide...nah better idea straight down from corporate, lets throw in the towel on our 10 year lifecycle platform and bring lawsuits, oppressive Terms of Service, poorly implemented bans, and the German police.

Even worse, you sued the guy who actually can write that patch, that'll sure teach him. If you haven't realized yet, the PS3 security isn't irreparably broken at all. But your reputation just might be.

Wednesday, February 23, 2011

Sony's New Improved Super Anti-Piracy Plan!!!

See here and here. Basically the plan is to hire more two more lawyers...which is like hiring more rappers to get your yacht built faster.

Everyone knows that after Napster was sued out of existence, CD sales have been through the roof. It's impossible to find an illegal copy of a song anywhere. And after DeCSS and 09 F9 were successfully sued off the internet, it's super hard to decrypt movies and they all are 100% legal. Due to the huge success of big media's legal departments, every time I want to watch a movie, I drive down to my local neighborhood Blockbuster and fork over $5.95

Nah, the truth is, those cases did shit all but put money into some lawyers pockets, and gave you technophobic CEOs talking points at worthless board meetings. What actually happened is things like the iTunes store, Netflix, FiOS TV, and Hulu showed up. Some companies innovated instead of litigated. Some companies thought outside the box. Some companies actually did something for their customers. And succeeded big time.

I see a lot of parallels with the "War on Drugs". Most people, me included, admit drugs are a problem, but this whole idea of tackling it with the legal system has never worked and will never work. When you shut down a drug ring...another pops up, and the street price remains the same. When you shut down a piracy ring...another pops up, and content remains just as free. Sometimes a drug user is made an example of. Does everyone put down the crack pipe? Of course not. Sometimes a college student who downloaded 30 songs is made an example of. Does everyone run to the nearest Tower Records? Of course not.

This is not a battle that can be won in the courts. The pirates and the drug smugglers will always be one step ahead, the only way to beat them is to think outside the box. And the legal system is as inside the box as you can think.

Update:
PlayStation LifeStyle is calling the lawyers "security professionals"
Yea, and T-Pain has a degree in nautical engineering...I mean, he was on a boat

If you want some intelligent opinions on piracy, this, this, this, and this.
And just in case you want unintelligent fearmongering, click here or here.

Tuesday, February 22, 2011

A Comparison

XSS Worm for MySpace...felony charge
XSS Worm for facebook...jobs

Which company would you rather be now?

Monday, February 21, 2011

First round of donations is closed

Thank you so so much for all of your help, things are looking up money wise.
Expect to see a few more lawyers on my responses!
I have enough to cover my legal fees for the time being.
And in the absolute worst case scenario, we don't want Sony getting it :-P

For now, the best thing you can do is spread the word
Let people know how Sony treats customers
Let people know Sony would rather sue than be proactive and try to fix the problem
Let people know about laws like the DMCA which stifle innovation, and don't do anything to fix the problems they were created to solve

I will keep this blog updated as the case develops.