I never said that. I said that this one attack vector, which is rather easy to defend against, is so far only present in the PS3. Sony screwed up with their encryption implementation, in such a way that the private key used to digitally sign official software was able to be reverse engineered. This means that anyone can now create software that the PS3 thinks is legitimate, and the only way to fix this is to change the keys used, invalidating each and every single game sold for the PS3 to date. And no jailbreaking is necessary for a PS3 to be open to this attack, since with the private key, anyone can make software for the PS3 that is indistinguishable from a trusted, Sony-approved game.
No other company I know has screwed up this badly, or even just let their private key be leaked, and Microsoft is certainly not one of them. The XBox, Windows, Linux, the Wii, etc. and even the PS3 are attackable in a lot more ways, but they'll be trickier, and almost certainly involve jailbreaking.
"Produce this for money"
What? Are you saying that GeoHot is somehow benefiting financially from this purely software crack that is both released by them for free, and doesn't require any modification to the PS3 itself, software or hardware?
"What he does with his PS3 is his right, when he releases that to others it is no longer within his legal rights."
So one can hack and pirate and cheat at all the games one wants, so long as one doesn't tell anyone else how one did it? Even Sony disagrees with you on both parts, there.
As is repeated in many other posts here, it lasted so long because the people who actually had the skills necessary to crack the system weren't trying to until Sony got rid of OtherOS. Even if you don't agree with that premise, the group that found and released the private keys have themselves stated that they didn't start any real efforts to crack the PS3 until OtherOS was removed via firmware update.
Sadly, in all likelihood, no-one will ever be able to do this to the Xbox360 - get the private key for signing software, that is. The only reason they got it on the PS3 was because the Sony developers responsible for the encryption implementation screwed up royally, rendering the PS3's software signing system not much more effective than security by obscurity. And now they're trying to use the law to make up for their monumental failure in implementing a relatively simple system that all their competitors had no problems with...
Judging by the wiki article on him, it looks like he was only caught after getting onto the plane and trying to set off the bombs by lighting them with a match. I don't think that counts as a win for the TSA's system.
And I see six links not more than a dozen pixels below it, to the pertinent ticker symbol's page on six big financial sites, of which five aren't Google, and of which two don't show up on the first page of results.
Search for 'GOOG'. Top of the page is the finance service result for GOOG, with links to Google Finance, Yahoo, MSN, and etc., with the fancy graph underneath.
The first search result is the Yahoo Finance page for GOOG, and the second is the Google Finance page for GOOG, both of which were linked in the list of sites in the finance service result at the top of the page.
I myself have gotten it working under Ubuntu 9.04 and 10.04 with minimal hassle. Worked straight out of the box aside from sound, but I honestly just experimented with audio output selections in Wine config for a few minutes, and it worked after that. Performance was comparable to that on my Windows machine, to boot.
And I'm confident that any students using Linux on their school laptop are comfortable enough with it to figure out most issues they may come across.
And I suppose you'd also recommend against getting Half-Life 2 for the same reasons?
It's three games because Starcraft II has three games worth of campaign content. ~30 missions in each case, just like the original SC+BW. It's also been noted that Heart of the Swarm and Legacy of the Void will be priced as expansions, not full games. I'd also suspect that since all three are being developed at once, playing SC2 on Battle.net won't be segregated into groups based on which expansions you have, as compared to the original SC+BW, so if you're only interested in multiplayer, you won't have to ever buy the expansions.
It may be pointless now, but there's always the possibility that they're using cards with both the old strip and the new chip as an intermediate step, to try to shift card owners over to using just the chip a little more softly.
Of course, it could also just be another example of incompetence in security.
Not to mention he released the vulnerability last Thursday, and we're only hearing about an exploit now. I'd really like to know what definition of "Zero-day attack" they're using, because I certainly can't reason out what it is.
We're owed access to other people's work, because they openly published it to the world. The point of copyright isn't to keep your ideas yours; that's easily enough achieved by simply not publishing your ideas. The point is to give you recompense for giving your ideas to the world.
Slashdot Mirror
I never said that. I said that this one attack vector, which is rather easy to defend against, is so far only present in the PS3. Sony screwed up with their encryption implementation, in such a way that the private key used to digitally sign official software was able to be reverse engineered. This means that anyone can now create software that the PS3 thinks is legitimate, and the only way to fix this is to change the keys used, invalidating each and every single game sold for the PS3 to date. And no jailbreaking is necessary for a PS3 to be open to this attack, since with the private key, anyone can make software for the PS3 that is indistinguishable from a trusted, Sony-approved game.
No other company I know has screwed up this badly, or even just let their private key be leaked, and Microsoft is certainly not one of them. The XBox, Windows, Linux, the Wii, etc. and even the PS3 are attackable in a lot more ways, but they'll be trickier, and almost certainly involve jailbreaking.
"Produce this for money" What? Are you saying that GeoHot is somehow benefiting financially from this purely software crack that is both released by them for free, and doesn't require any modification to the PS3 itself, software or hardware? "What he does with his PS3 is his right, when he releases that to others it is no longer within his legal rights." So one can hack and pirate and cheat at all the games one wants, so long as one doesn't tell anyone else how one did it? Even Sony disagrees with you on both parts, there.
As is repeated in many other posts here, it lasted so long because the people who actually had the skills necessary to crack the system weren't trying to until Sony got rid of OtherOS. Even if you don't agree with that premise, the group that found and released the private keys have themselves stated that they didn't start any real efforts to crack the PS3 until OtherOS was removed via firmware update.
Sadly, in all likelihood, no-one will ever be able to do this to the Xbox360 - get the private key for signing software, that is. The only reason they got it on the PS3 was because the Sony developers responsible for the encryption implementation screwed up royally, rendering the PS3's software signing system not much more effective than security by obscurity. And now they're trying to use the law to make up for their monumental failure in implementing a relatively simple system that all their competitors had no problems with...
So... you're saying that having lots of keys to press by having a keyboard is not a hardware advantage... but an OS one?
Judging by the wiki article on him, it looks like he was only caught after getting onto the plane and trying to set off the bombs by lighting them with a match. I don't think that counts as a win for the TSA's system.
And I see six links not more than a dozen pixels below it, to the pertinent ticker symbol's page on six big financial sites, of which five aren't Google, and of which two don't show up on the first page of results.
Search for 'GOOG'. Top of the page is the finance service result for GOOG, with links to Google Finance, Yahoo, MSN, and etc., with the fancy graph underneath. The first search result is the Yahoo Finance page for GOOG, and the second is the Google Finance page for GOOG, both of which were linked in the list of sites in the finance service result at the top of the page.
For extra fun, compare the pic in the article to this actual population density map: http://i.treehugger.com/files/population-density-us.jpg
And judging by the current score of the GP, one man's 'flamebait' is yet another man's 'insight of the day'.
I myself have gotten it working under Ubuntu 9.04 and 10.04 with minimal hassle. Worked straight out of the box aside from sound, but I honestly just experimented with audio output selections in Wine config for a few minutes, and it worked after that. Performance was comparable to that on my Windows machine, to boot. And I'm confident that any students using Linux on their school laptop are comfortable enough with it to figure out most issues they may come across.
And I suppose you'd also recommend against getting Half-Life 2 for the same reasons? It's three games because Starcraft II has three games worth of campaign content. ~30 missions in each case, just like the original SC+BW. It's also been noted that Heart of the Swarm and Legacy of the Void will be priced as expansions, not full games. I'd also suspect that since all three are being developed at once, playing SC2 on Battle.net won't be segregated into groups based on which expansions you have, as compared to the original SC+BW, so if you're only interested in multiplayer, you won't have to ever buy the expansions.
It may be pointless now, but there's always the possibility that they're using cards with both the old strip and the new chip as an intermediate step, to try to shift card owners over to using just the chip a little more softly. Of course, it could also just be another example of incompetence in security.
Not to mention he released the vulnerability last Thursday, and we're only hearing about an exploit now. I'd really like to know what definition of "Zero-day attack" they're using, because I certainly can't reason out what it is.
This is all I have to say on the matter: http://en.wikipedia.org/wiki/Embrace,_extend_and_extinguish
We're owed access to other people's work, because they openly published it to the world. The point of copyright isn't to keep your ideas yours; that's easily enough achieved by simply not publishing your ideas. The point is to give you recompense for giving your ideas to the world.