When Sony started their assault on GeoHot I sold everything in my house that had a Sony logo on it. Not only have they had the info of PSN players compromised, they are now a company with a reputation of going after hackers. The best way to deal with people modifying your hardware is to embrace it the way Microsoft has, or at least understand it will happen and focus on your product the way apple does. Instead, Sony's arrogance threatens to destroy it. The times are changing and if Sony can't accept that, maybe they should go back to rice cookers.
The real question is, for all companies that try to control access to even single user software via online authorization systems, how wise does this look now?<p>I'm still playing Atari 2600 games, decades later, because they still work. Tying down use to a single-point-of-failure-authorization-system guarantees that your investment in creative works has a short shelf life. But most gamers know at least what the original Super Mario Bros theme song sounds like as coming from an NES.
I keep on pointing this out. Compare the two groups:<p><pre><code> - Sony a big company with big company HR bureaucracy
- The worldwide interest group re: Hacking
</code></pre>
Sony might have one or several groups within the company involved with a given project. The population interested in hacking a popular Sony project is not only very large, but constitutes a <i>frictionless global meritocracy</i> interacting via the Internet.<p>Conclusion? When it comes to big companies vs. the hacker communities, it's asymmetrical warfare, and <i>the big companies are the underdogs</i>. Big companies are outnumbered and outclassed.<p>However, instead of behaving like the outclassed guerillas they are, they keep acting like they're the empire, and keep getting bloodied in losing fights. All it takes is a few minutes of thought to realize that DRM is the <i>worst possible</i> tactical position they could possibly take. Companies that do this are deluded.<p>But here's the real kicker: It is possible for companies to use the principles of asymmetrical warfare and win fights. You have to pick your battles based on sound economic principles. You have to pick your battles, such that the huge numerical and training advantages of the adversary are moot.<p>I know how to do this.<p>EDIT: Here's a hint. Take a look at your bug tracker. Imagine that it only has reports where the bugs are hard or impossible to reproduce. Imagine that the consequences of the bug are separated by several weeks time from the probable causes. Imagine that there are tens of thousands of such reports. Imagine that the reports only constitute a small fraction of actual occurrences.<p>It is quite possible to put parties trying to crack your system in exactly this position. If you make it easy to "crack" your program, and instead put all of your effort towards clandestine detection, then there is no incentive for people to fully crack your system, such that they can find the detection mechanisms. Separate the consequences of detection from the actual detection by a time span of several weeks. Use detection to protect value-add and up-sell revenue which is inherently dependent on server-side implementation.<p>Use honeypots. Your "easily cracked" version 1 becomes a kind of honeypot for detection, which protects your real revenue stream. Present a hack-y feeling loophole that lets people acquire your value-add content for a sizable discount from full-price.<p>Remember, you're fighting an asymmetrical conflict. Be sneaky. Don't even let your opponent know she's even in a contest if you can help it. Fool them into thinking they've "won."
This seems like complete speculation.<p>Is there any evidence that Sony's data breach is in any way related to a hacker backlash? The closest thing the article provided was a file left on Sony's servers referencing Anonymous. That's pretty week.
The media is largely conflating two very different definitions of "hacker" here. There's a big difference between the people who jailbreak hardware and the people who steal credit card data. The former is arguably legal and moral, the latter is neither.<p>The type of hacker that brought down PSN and stole credit card data needs no motive other than the millions of dollars of credit fraud that will follow. They need only opportunity.
The attack on Sony was not against the company, it was against its customers. I'm sure this will damage Sony in a huge way, but I have 0 respect for the people who did this.
I just finished watching Sony's PSN Relaunch Announcement. It kept on making me think: Why not just hire Geohotz?<p>Let's just say Geohotz accepts the offer and works in PSN.
I think the general public will be convinced that PSN is now secured by the top elite hacker in the world who pointed out Sony's security flaws. Furthermore, Sony will appeal to consumers that they're humbly admitting their mistake and are dedicated to improve their security.<p>Yes, I know the root key and identity theft are completely different. Also, whether Geohotz actually does anything to Sony is irrelevant.<p>I'm strictly talking within PR scope.
"The Hotz incident was followed in February by a German police raid on the apartment of Alexander Egorenkov, another hacker who had distributed software that let PlayStation consoles run homemade games. Other technology companies have found ways to channel hackers' energy without resorting to lawsuits. Microsoft (MSFT), for instance, permits hackers to unlock its Kinect gaming device and invites some of them to its conferences. Google (GOOG) pays white-hat hackers who help identify bugs. Sony is far more uncompromising, says Robert Vamosi, a senior analyst at security firm Mocana. "Hardware manufacturers like Sony just aren't very good about listening when a security researcher presents them with a flaw," Vamosi says. "<p>That paragraph I just quoted up there is some of the sloppiest journalism I've ever seen. The analogy being drawn is completely without merit. Microsoft is "hacker" friendly because they allow people to fool around with the Kinect? And Sony is hacker unfriendly because they removed a feature (the Linux install option) that they feared would lead to massive piracy? And Google is just great because they offer bounties for security flaws? In what way are any of those facts similar? None of them are even referring to the same sort of "hacking." If Google made a game system that made its money based on licensing fees from software sales, it would do everything within its power to prevent piracy. Microsoft already does this. Running homebrew was not what Sony was trying to stop.<p>What I'm about to say will probably be very unpopular here. Anyway, the "hacker" (I hate their usage here... they should say cracker) excuse that they are just trying to enable homebrew software is utterly laughable as well. As soon as Geohotz was successful, numerous other companies capitalized on it and went to that next (tiny, tiny, tiny) step to enable running pirated games. Should Sony have sued Geohotz? Probably not. But what did Geohotz honestly think people were going to do with his developments? Does he want people to keep making games for the PS3? Did he honestly think that people wouldn't immediately turn around and use his progress to pirate games? The ethics of this supposed "hacker" community leave a lot to be desired, and I truly wish we could return to the old usage of the term, and stop applying it to people that are really just safe crackers and thieves.<p>Our laws are completely inadequate for addressing this kind of abuse now, and I dread to see what sort of draconian measures will be put in place in response to this sort of shortsighted, unethical, and lame "hacking." If you don't want a closed system, then don't buy it. This is what will give us more open systems in the future, not enabling pirates.