Hacker News new | past | comments | ask | show | jobs | submit login
Sony: The Company That Kicked the Hornet's Nest (businessweek.com)
124 points by daniel02216 on May 14, 2011 | hide | past | web | favorite | 79 comments

When Sony started their assault on GeoHot I sold everything in my house that had a Sony logo on it. Not only have they had the info of PSN players compromised, they are now a company with a reputation of going after hackers. The best way to deal with people modifying your hardware is to embrace it the way Microsoft has, or at least understand it will happen and focus on your product the way apple does. Instead, Sony's arrogance threatens to destroy it. The times are changing and if Sony can't accept that, maybe they should go back to rice cookers.

We've got a 52" Bravia, Sony 5.1 system, PS3 with 15 games or so and will absolutely _NEVER_ knowingly give Sony another penny.

As soon as the PSN is up and I'm able to delete the PSN account (which they're saying will only be possible from your original PS3) we're going to pawn the PS3 and games.

I don't want Microsoft to win the living room and so won't be supporting them either. I guess unless Wii2 has beautiful graphics we'll be an exclusive PC gaming house.

The whole situation is disgusting. I don't get to play much but it really pisses me off that Sony has essentially killed one of the only great activities that I've kept from child to adulthood.

> I don't want Microsoft to win the living room and so won't be supporting them either. I guess unless Wii2 has beautiful graphics we'll be an exclusive PC gaming house.

On which PC operating system?

Steam on a Mac Pro.

I hope you enjoy both the games :)

Wait there's two!?

You only need TF2...

I'm a bit confused on what Nintendo is doing differently..

Same here. I had planned to buy a Sony Android phone, and was also looking at their tablets. I'd rather give HTC my money.

"The best way to deal with people modifying your hardware is to embrace it the way Microsoft has"

What do you mean by this?

I think it's about the Kinect and how Microsfot isn't suing the guys who made PC-drivers.

The real question is, for all companies that try to control access to even single user software via online authorization systems, how wise does this look now?

I'm still playing Atari 2600 games, decades later, because they still work. Tying down use to a single-point-of-failure-authorization-system guarantees that your investment in creative works has a short shelf life. But most gamers know at least what the original Super Mario Bros theme song sounds like as coming from an NES.

guarantees that your investment in creative works has a short shelf life

Talk to Thomas if you want actual numbers, but the overwhelming majority of AAA games have fairly predictable sales curves with a peak window measured in weeks or, in some cases, days. See also books, movies, music, etc.

Evergreen content is highly anomalous in creative industries.

> the overwhelming majority of AAA games have fairly predictable sales curves with a peak window measured in weeks or, in some cases, days

Yep, big games are horrendously front-loaded and with very short legs (you can see that if you follow sales threads at e.g. Neogaf).

This is why DRMs which technically "fail" (they fall in, say, 2 weeks) have performed admirably, and as asked/required: for two weeks, where 90% of the game's sales happen, pirated games were not competition.

This is why I can only shake my head in disbelief when people claim DRMs fail as a DRM finally gets cracked 1 month after a game release: as far as publishers are concerned, a DRM which lasted 4~5 weeks has performed way beyond the call of duty, and you can be sure their next game will be using the same breed of DRM.

AMA video game researcher (Computer Science). I can confirm the truth of this, but I don't have any hard sources right now.

If a AAA title doesn't move 1 million copies in opening week, the studio is going to be in trouble either directly financially, or with the publisher (see: Mirror's Edge).

Everyone is fully aware of the ridiculousness of where the market is right now.

I bet game developers hate this effect, years of development time to effectively try and market a game into peoples hands in the first couple of weeks whether they like it or not.

This I much prefer the path many MMO's have taken or a game like TF2, continue to add over time to keep a solid value proposition for years to come rather than the 2 weeks after it comes out.

I think this is sort of what I'm getting at. The Game industry is moving rapidly to copy the Movie industry. Years of work, tens of millions of dollars, splashy and expensive ad campaign all culminating in a couple weeks' worth of sales and the bargain bin/used game box/forgotten 3 months later. The vast majority of which barely break even with production costs.

Old game mags used to have a metric called "replayability". Games with poor re-playability were dinged by the gaming press as offering low-value for the dollar to the gamer. I'm just wondering if the Movie style approach offers similar low-value for the dollar for the game makers in terms of the amount of money required to advertise to gamers for every AAA title that comes out the door, only to throw all that work away next month. It's almost like the industry is pumping out Mandalas, then sweeping them away.

Heck Mega Man (Rock Man) has had 7 or 8 games with virtually the same artwork (the most expensive part of game production). A modern developer might look at this and say "we'll just release a MegaMan game and every year release more enemies with more stages, weapons and bosses that just figure into the main release."

(I'm thinking Mega Man of course because I'm in the process of replaying through the series again and Capcom is losing millions from the PSN nonsense).

I guess what I'm rambling about is that there has to be a better way for the studios and the gamers to find better value in terms of longevity on both the development costs and the purchase price of the games -- and tying the games to a transient online auth system isn't going to do it.

One issue is perception of value. It's a lot easier to monetise a brand new game over one which is being updated or added to.

To everyone except hardcore gamers the current release method is probably very tiring, as in I might pick up a new game and play it for a few months at the rate I play games. In that time so many of these big titles would have come out.

It also means once these releases drop off best seller lists they quickly become unloved. I've seen big bugs and game mechanics issue that just never get fixed I guess because most of the sales have already happened.

The #1 reason companies use online authorization is because people actually pay for it.

Sony is all-too-familiar with people pirating games on their consoles. Online authorization eliminates huge swaths of pirates.

Most consumers aren't thinking about 10 years from now when they buy. They're thinking about getting their dopamine fix RIGHT NOW. And online authorization makes them give up their CC# to get it.

I've always wondered how Sony measures these things. What do they use to show that it actually stops piracy (I'm sure it can slow it down a bit) for a lot of people, and that those people then turn into customers? How do they control for things like "popular game" vs. "unpopular game", how do they control for pirates who try the game then buy?

How many people go through the time and effort to mod their console just to 'try before they buy?' There may be a handful, but this isn't PC gaming we're talking about here.

It's not hard at all to circumvent this, I doubt that it "eliminates huge swaths of pirates". Does Microsoft's Windows activation scheme stop people from pirating Windows? I don't think it had any significant effect, people just download images that have activation already patched out.

In Microsoft's case, their main concern is OEM piracy, and the activation system diminishes the quality of the pirated product sold to the unwitting consumer.

And anecdotally, the activation has pretty much stopped casual sneakerware piracy. People don't loan out their Windows CDs like they used to.

Microsoft Activation puts enough down to try and convert more sales without getting in the way to much of legit customers. I think it's a good compromise, only other thing I would do maybe is try and identify pirates and try and get them to pay say $50 or something, they aren't going to pay the full windows price but I think a lot would pay a lower amount that aren't paying at all at the moment.

I will no longer buy creative software that has an activation system that hasn't been fully cracked. I've been bit by problems activating legitimately purchased Sony software (I started as a Sonic Foundry customer) and being unable to work on my music. I don't want to find that, 10 years from now, I can't go back and remix an old song because the activation system is offline.

None of the consoles are using online authorization to ensure game playability. The figures peg consoles that go online to be about 30%, that means the majority will never see an internet connection.

Games like those published by Ubisoft do this on PC, and when it goes down, they say "well, if only you guys didn't pirate our games all the time, we wouldn't have to abuse you this way." And, to be honest, they have a point, because PC game piracy is out of control.

No-one thinks online authorization is great. It pisses off legitimate customers and it's another service you have to run. It's not like the publishers are really getting anything tangible out of it bar the hope that their games won't be pirated to all hell (they will be).

I would like it if games/consoles had a kill switch on them, so that after x years they no longer require an authorization in case the service goes away, but I highly doubt that will happen.

> And, to be honest, they have a point, because PC game piracy is out of control.

No, they do not have a point. I bought Settlers 7, shortly after release, for full price. I couldn't play it. My internet connection at the time would "blip" every ten minutes or so, it would go down for a couple of seconds and come back up. Every time this happened I got kicked out of my game.

The next Ubisoft game that came out, I pirated. Why? Because the pirated version of Settlers 7 /works/. If I'm paying something, I expect a better experience than I would get if I didn't pay. To me, that seems like a fairly basic tenet of economics.

Many game companies "get it". Valve for example provide me with unending streams of new content for games I have paid for, even going as far as giving me a free copy of Portal 2. Thanks Valve! You win money.

...and what do you propose? Unfortunately for the PC games industry, the number of gamers willing to pay for games is not very high.

Companies like Epic have basically gone out on the record and said "we stopped supporting PC because of piracy." If you were a publisher, what would you do? There are precious few successes of games without DRM, and remember that all Steam games are also DRM'd.

Why did they give you a free copy of Portal 2? Do you own so many of their games?

I participated in the launch event and earned the maximum number of potatoes, for which I received Portal 2, giftable copies of all the other games they've made (too numerous to list from memory), and a little flag for my robot in Portal 2 co-op.

I think he's referring to how if you buy Portal 2 on the PS3, Valve gives you a free copy of it for PC.

Nope (although I have that one too!), see my reply above.

There are titles on the PS3 that won't work unless you're connected to PSN.

I /think/ there are 360 titles that do this, at least to some content.

It's not something that the console makers do themselves.

[edit, spelling]

It's apparently two titles that were download only. Not games that came on discs, which would be the appropriate comparison for older consoles.

How does one politely ask, what are you talking about?

My PS3 has been working fine since the PSN went offline. Actually, it's been disconnected from the internet (for unrelated reasons) since long before that. All my games play fine. All my blu-ray discs play fine. I have no reason to suspect that they will not continue to work decades from now should I choose to keep them that long.

I think he's referring to this item from earlier in the week:

"This is What Irony Tastes Like: Capcom and the PSN Outage" http://news.ycombinator.com/item?id=2539591

Oh, so a downloaded game doesn't work. Well, if we're to compare apples to apples, the Atari 2600 online store has been offline for a while, too.

But when the iTunes store is down, I can still play Angry Birds and Splinter Cell, to make a much more appropriate comparison.

Do they see this as a problem? The most successful 8 and 16 bit game companies have been finding ways to capitalize on their past library on all the current platforms. They'd much rather have you pay for a Virtual Console than plug in your 25 year old hardware and have a go.

You know what, often times I'd rather pay for a Virtual Console than plug in my 25 year old hardware.

I think it's a great service, too. I was just pointing out that older games not working might be seen as mildly helpful by the game companies, rather than as a problem. I'm glad they still make games available in modern forms, but I do value the ability to play in emulators.

You know what? I was born after the 8/16 bit era (well, born just as the 16 bit was closing). My choices for playing these games are: ebay, emulators, and virtual consoles.

ebay can get too expensive REALLY quickly. emulators are legal, but the games I would play on them are definitely pirated. That, and I have to deal with a control scheme the game wasn't designed to be played on. virtual consoles offer pretty much the exact experience as the real thing, and they're affordable.

So, yeah, I'd much rather pay for a Virtual Console than go out and buy hardware which is older than me.

Some people really value the original experience, and like to have the old hardware. Though the original Sega, Atari and Nintendo consoles and the c64 hold a special place in my heart, I'd rather fire up a emulator or buy an iPod version at this point, too.

I keep on pointing this out. Compare the two groups:

    - Sony a big company with big company HR bureaucracy 
    - The worldwide interest group re: Hacking
Sony might have one or several groups within the company involved with a given project. The population interested in hacking a popular Sony project is not only very large, but constitutes a frictionless global meritocracy interacting via the Internet.

Conclusion? When it comes to big companies vs. the hacker communities, it's asymmetrical warfare, and the big companies are the underdogs. Big companies are outnumbered and outclassed.

However, instead of behaving like the outclassed guerillas they are, they keep acting like they're the empire, and keep getting bloodied in losing fights. All it takes is a few minutes of thought to realize that DRM is the worst possible tactical position they could possibly take. Companies that do this are deluded.

But here's the real kicker: It is possible for companies to use the principles of asymmetrical warfare and win fights. You have to pick your battles based on sound economic principles. You have to pick your battles, such that the huge numerical and training advantages of the adversary are moot.

I know how to do this.

EDIT: Here's a hint. Take a look at your bug tracker. Imagine that it only has reports where the bugs are hard or impossible to reproduce. Imagine that the consequences of the bug are separated by several weeks time from the probable causes. Imagine that there are tens of thousands of such reports. Imagine that the reports only constitute a small fraction of actual occurrences.

It is quite possible to put parties trying to crack your system in exactly this position. If you make it easy to "crack" your program, and instead put all of your effort towards clandestine detection, then there is no incentive for people to fully crack your system, such that they can find the detection mechanisms. Separate the consequences of detection from the actual detection by a time span of several weeks. Use detection to protect value-add and up-sell revenue which is inherently dependent on server-side implementation.

Use honeypots. Your "easily cracked" version 1 becomes a kind of honeypot for detection, which protects your real revenue stream. Present a hack-y feeling loophole that lets people acquire your value-add content for a sizable discount from full-price.

Remember, you're fighting an asymmetrical conflict. Be sneaky. Don't even let your opponent know she's even in a contest if you can help it. Fool them into thinking they've "won."


Savvy fighters of asymmetrical conflict don't announce their location to their enemies. Savvy fighters are prepared ahead of time and have security in place before they open hostilities. Savvy fighters of asymmetrical conflict compartmentalize their assets, so losing one doesn't entail the loss of others. Savvy fighters of asymmetrical conflict have contingency plans.

None of the above applies to HBGary.

I've always thought that adding subtle bugs that only appear in cracked versions would be a good idea as well, but: consider the effect on your product's reputation. Disgruntled pirates can give you a real PR headache, since they don't self-identify as anything but "ordinary users" when they post comments to forums.

I've always thought that adding subtle bugs that only appear in cracked versions would be a good idea as well but: consider the effect on your product's reputation

No! That is not what I'm advocating! Under no circumstances should you introduce faux bugs. The "bugs" I am referring to are incomplete cracks, and they are only bugs for those providing the cracks.

Disgruntled pirates can give you a real PR headache, since they don't self-identify as anything but "ordinary users" when they post comments to forums.

Forums are a bad idea because they take so much effort to curate. The downside is huge -- to the point of creating pernicious fictions such as this.

(Laura Roeder's take, is that community forums are most often not worth the effort. http://mixergy.com/laura-roeder-interview/ )

If you are in the business of selling software, you are probably not making money off of a community forum. Why have it if it has such huge downsides? Have the community meet only in-game.

The scenario you propose is slander and complete falsehood. If your userbase is so corrupt that this works, then I posit you have the wrong customer base. The strategy I am advocating requires that you can control the message in your userbase. This again fits the asymmetrical warfare analogy. Any group of successful guerilla fighters has a well crafted message. If this message can't be communicated properly, then there is no point to the fight.

Here, the message should be: Those warez guys are providing you defective cracks. Just buy the real game -- it's much less hassle. (Then someone else points out that there's a loophole if you purchase the "competitive upgrade" that will work even with the standard version, and only have to pay 50% of retail etc...)

This seems like complete speculation.

Is there any evidence that Sony's data breach is in any way related to a hacker backlash? The closest thing the article provided was a file left on Sony's servers referencing Anonymous. That's pretty week.

Well, it will be until anyone is apprehended.

I think it is fair to say that Sony did "kick the hornet's nest." Is that what caused them to become a target for black hats? Unlikely. Whoever did this was likely looking for a big score, likely to try and sell the data to organized crime, and thus an ideological attack doesn't make a lot of sense.

However, it seems very plausible that some gray hats like Anonymous started kicking the tires of their security systems, and shared information that indicated things were looking lax, and that's what brought the black hats in.

If you're gonna be dumb, you gotta be tough. And Sony obviously wasn't.

The media is largely conflating two very different definitions of "hacker" here. There's a big difference between the people who jailbreak hardware and the people who steal credit card data. The former is arguably legal and moral, the latter is neither.

The type of hacker that brought down PSN and stole credit card data needs no motive other than the millions of dollars of credit fraud that will follow. They need only opportunity.

Motivation aside, there's pretty strong parallels between breaking into the PSN, and breaking into the PS3 hypervisor. Obviously the hypervisor was a much harder nut to crack and GeoHot is likely far more skilled than the PSN people, but he's basically a grey hat systems cracker.

Actually Sony brought this unto themselves longer than that, starting with the Sony-BMG rootkit. I've actively avoided buying Sony products since.

The attack on Sony was not against the company, it was against its customers. I'm sure this will damage Sony in a huge way, but I have 0 respect for the people who did this.

I'm sure it was against the company too, but I agree the people who actually did the break-in are not getting enough flak.

I just finished watching Sony's PSN Relaunch Announcement. It kept on making me think: Why not just hire Geohotz?

Let's just say Geohotz accepts the offer and works in PSN. I think the general public will be convinced that PSN is now secured by the top elite hacker in the world who pointed out Sony's security flaws. Furthermore, Sony will appeal to consumers that they're humbly admitting their mistake and are dedicated to improve their security.

Yes, I know the root key and identity theft are completely different. Also, whether Geohotz actually does anything to Sony is irrelevant.

I'm strictly talking within PR scope.

Do you think he'd accept? Would you?

Do you honestly think they would ask him? Why would they? Is he an expert on server side security even? The security vulnerabilities that were exploited for the PSN hack have almost nothing to do with his realm of knowledge. What will actually happen is this: Sony, MS, Nintendo, EA, Activision, and virtually every other IP holder will lobby very, very, very hard to change the DMCA to be far stricter, and people that do anything even remotely close to what Geohotz did will find themselves in a Federal prison, regardless of whether or not what they did was truly unethical.

>Do you honestly think they would ask him? Why would they?

Yes. Because he is quite clearly a talented hacker. Do you think it would make more sense to hire somebody who may not have experience with sony's technology?

"Let's just say"

"The Hotz incident was followed in February by a German police raid on the apartment of Alexander Egorenkov, another hacker who had distributed software that let PlayStation consoles run homemade games. Other technology companies have found ways to channel hackers' energy without resorting to lawsuits. Microsoft (MSFT), for instance, permits hackers to unlock its Kinect gaming device and invites some of them to its conferences. Google (GOOG) pays white-hat hackers who help identify bugs. Sony is far more uncompromising, says Robert Vamosi, a senior analyst at security firm Mocana. "Hardware manufacturers like Sony just aren't very good about listening when a security researcher presents them with a flaw," Vamosi says. "

That paragraph I just quoted up there is some of the sloppiest journalism I've ever seen. The analogy being drawn is completely without merit. Microsoft is "hacker" friendly because they allow people to fool around with the Kinect? And Sony is hacker unfriendly because they removed a feature (the Linux install option) that they feared would lead to massive piracy? And Google is just great because they offer bounties for security flaws? In what way are any of those facts similar? None of them are even referring to the same sort of "hacking." If Google made a game system that made its money based on licensing fees from software sales, it would do everything within its power to prevent piracy. Microsoft already does this. Running homebrew was not what Sony was trying to stop.

What I'm about to say will probably be very unpopular here. Anyway, the "hacker" (I hate their usage here... they should say cracker) excuse that they are just trying to enable homebrew software is utterly laughable as well. As soon as Geohotz was successful, numerous other companies capitalized on it and went to that next (tiny, tiny, tiny) step to enable running pirated games. Should Sony have sued Geohotz? Probably not. But what did Geohotz honestly think people were going to do with his developments? Does he want people to keep making games for the PS3? Did he honestly think that people wouldn't immediately turn around and use his progress to pirate games? The ethics of this supposed "hacker" community leave a lot to be desired, and I truly wish we could return to the old usage of the term, and stop applying it to people that are really just safe crackers and thieves.

Our laws are completely inadequate for addressing this kind of abuse now, and I dread to see what sort of draconian measures will be put in place in response to this sort of shortsighted, unethical, and lame "hacking." If you don't want a closed system, then don't buy it. This is what will give us more open systems in the future, not enabling pirates.

The reason what you're saying is unpopular here is because it is fundamentally incorrect.

What difference do you see between hacking your PS3 and hacking your kinect? How is hacking your ps3 "cracking"? In my opinion, and I suspect that the vast majority of technologically literate people would agree with me, what happened with the PS3 fits the classic definition of hacking perfectly.

The Kinect hacks consisted of using the Kinect device for reasons other than originally intended. No laws were broken. The intent is basically pure. The hackers (because they are real hackers) just asked themselves "what else can we do with this hardware?" They broke no laws. They did no economic harm to MS, and if anything, helped them.

On the other hand, the PS3 hack will primarily be used to enable piracy. That's it really. Did it initially enable homebrew games? Yes, but is that what the vast majority of people will use it for? You're deluded if you think otherwise.

The problem I have with non-ethical non-consequentialist crackers like Geohotz is that they are not solving a legitimate problem in the first place. If you want to make open systems, then stop providing monetary support to closed systems in the first place.

Console hacking in the past has contributed to new industry growth. When the original Xbox was hacked, one of the outcomes was Xbox Media Center (XBMC).

XBMC led to incentives to accelerate the development of home media center components like audio/video decoders. This obviously helps everyone in the growing media center industry.

XBMC also is directly responsible for the birth of at least two startups in the media center space, Boxee and Plex.

So while some companies in an established and profitable industry lost some revenue from piracy, a new industry got a big boost from people being able to experiment with and innovate on top of a console.

And what positive outcomes have come of Geohotz' work? Geohotz worked exclusively to enable piracy! Sorry, but it's true! Sony removed the Other OS install option because of Gehotz' work towards enabling piracy! Read his wikipedia entry (http://en.wikipedia.org/wiki/George_Hotz) if you don't believe me.

The PS3 was a freer console for the masses before his work. His work enabled piracy, theft, and constitutes extortion. What part of his initial explanation of the PS3 root key divulgence don't you understand? Here it is:

" ~geohot

props to fail0verflow for the asymmetric half no donate link, just use this info wisely i do not condone piracy

if you want your next console to be secure, get in touch with me. any of you 3. it'd be fun to be on the other side.

...and this is a real self, hello world although it's not NPDRM, so please wait to run... shouts to the guys who did PSL1GHT without you, I couldn't release this

first piece of homebrew you can run put in service mode, put on usb stick, boot"

"i do not condone piracy" = I don't think you should use this for piracy

"if you want your next console to be secure, get in touch with me. any of you 3." = I know this shit I did will be used for piracy, that's why you 3 (Nintendo, MS, Sony) may want to consult me to avoid the massive piracy that will surely result due to my hacks in the future

Is this not, in a sense, extortion? Is he not willfully and knowingly enabling theft?

My point is that the PS3 was a more open platform before Geohotz arrived on the scene. It would be more open today if it weren't for his efforts, which are almost entirely in aid of piracy and theft. Please, name one thing that he has enabled that wasn't previously possible with an Other OS install that is not essentially just stealing. Please. Go for it. Tell me I'm wrong.

I'm just a guy that makes a living making software, Geohotz is a guy that is making a living by robbing the companies that pay me. Why should we grant him the glorified title of hacker? RMS is a hacker. Linus is a hacker. PG is a hacker. Carmack is a hacker.

Geohotz is a cracker.

The one major thing I know of that has come of this is that I can put linux on my ps3 again. I'm happy about that. I'd like to think he willfully and knowingly unlocked a piece of hardware for the masses knowing it would primarily be used for piracy plus lots of other cool things too.

PS3 jailbreaking enabled the Showtime media center developer to port the media player to the PS3: http://www.lonelycoder.com/hts/showtime_overview.html

It's much better than jumping through DLNA hoops.

GeoHot hacked the PS3 to re-enable the linux option. Sony used the linux option to market the PS3 to hackers. They then turned it off. GeoHot turned it back on. Sony sued him.

They turned it off because of geohotz' hacking activities which would enable massive piracy (not his goal, but a consequence he understood very well). Read his Wikipedia entry.

The PS3 got hacked. So Sony turned off an otherwise useful and legitimate feature that some people paid for. Then that got hacked. So Sony can turn the OtherOS feature back on now: it is no longer required to hack the PS3, which was their argument for removing it. Sony are clearly unable to stop hackers. But they are quite good at fucking their customers.

This "enable massive piracy" claim sounds really scary. You do know, that right now, there are millions of vehicles out there that can all be used to commit crime, murder people, crash into banks and run off with ATMs, etc. And yet, these criminal enabling machines just lying around (OMG theres two outside my house right now), there is no outbreak of "massive vehicular crimes".

Umm, the system was open when we first bought it...

Yes, Steevdave, I'm with you on that! I agree that it is unfortunate that Sony removed the install Linux option. But why did they remove that? Why did they add it in the first place?

They added it because they knew that the PS3 could be used in cluster computing and that it could be an interesting feature for Linux enthusiasts that wanted to use the PS3 beyond its original capabilities (e.g. as a better, crazier home theater device, or as a desktop replacement even). Then people started to get closer to being able to run pirated games with certain versions of the "Other OS."

At that point Sony realized that it would be better to drop that feature from their hardware rather than risk massive piracy. But what did the removal of that option really entail? Did it mean that all those massive compute clusters could no longer run? Nope. Did it mean that people that were using the console with games that they bought up until that point couldn't play those games any more? Nope.

It just meant that if they wanted to play new games, or play online, that they couldn't have that option any more. No killswitch. Nothing too awful. Protecting their business interests. And who really forced them to do that? It was the crackers that were trying to enable piracy, err... sorry... "homebrew." Sony is not against hackers. They want hackers. They don't want crackers and thieves.

its use beyond the original hacker is not the issue here..if it was we would never have encrypted email because at a certain point in time US gov outlawed all private encrypted software..when pgp was first programmed before it was released it was illegal to have any software that encrypted..and than the US gov agencies finally relented and allowed commercial software that encrypted..

Another example, If I hack the US ID card to see what data is stored on it..am I now a criminal by what the popular use of that hack is?

This is not actually a question of the law, but of ethics. Geohotz did not break any Federal law in doing what he did. If you know that providing something (the root key to the PS3) will enable massive piracy, should you do it? Here is his original post regarding the supply of the root key:

" ~geohot

props to fail0verflow for the asymmetric half no donate link, just use this info wisely i do not condone piracy

if you want your next console to be secure, get in touch with me. any of you 3. it'd be fun to be on the other side.

...and this is a real self, hello world although it's not NPDRM, so please wait to run... shouts to the guys who did PSL1GHT without you, I couldn't release this

first piece of homebrew you can run put in service mode, put on usb stick, boot"

So, in that initial post, he does not solicit donations (although he had before and does after). He then announces that he doesn't "condone piracy", then he solicits employment from the three major console manufacturers. What reason would they have to employ him? What he's doing just enables homebrew software, right? They don't really care about homebrew now do they? No, they care about piracy. So what he's really conveying here is this: "I just enabled massive piracy on the console that so far has been hardest to crack. I don't approve of it, but I know that's what it will actually be used for. Hey, why don't you give me some money so this won't happen again?" Sounds like extortion and accessory to theft to me. But our laws don't really work out that way. Yet. I don't want our laws to enable that. I want people with Geohotz' skill to be responsible and actually work with companies like Sony. Is it partially Sony's fault that he didn't? Maybe, but that's a tenuous conclusion at best (does anyone know if he ever privately gave this information to Sony? or if he even attempted to?). On the other hand, it's patently obvious that he knew exactly what his work would be used for, and released it to the masses anyway.

They'd be interested in hiring him because he's intelligent and has a very good, very low-level understanding of their anti-piracy tech.

You're not addressing the issue of ethics in any way. What he did enabled theft. Theft is unethical. He enabled theft, so he is unethical. Want open hardware? Don't buy closed hardware. Don't want companies to close their hardware? Don't enable theft.

What's hard about this? Do you not understand that companies will lobby very hard and very successfully to enable laws that are so strict that it will not only make what geohotz did illegal, but what the (admirable) kinect hackers did illegal as well?

The Laws that can and will be made as the result of his craven greediness, stupidity, and arrogance will not be favorable to any real hacker, because laws are not a precise enough instrument for enforcing ethical standards. We must enforce the ethical standards. Geohotz should be a pariah, not a hero, for anyone other than the piracy enablers that will make a fortune from his work.

Are you a programmer?


Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact