Good times, good times. Sony received a ton of deserved flak after it announced it would remove the PlayStation 3’s “Install other OS” feature, despite advertising the machine with said feature, and despite promising only a few weeks earlier not to remove the feature. iPhone and PS3 hacker George “Geohot” Hotz promised to restore the feature – and less than a week later, he delivers.
Hotz announced his quick success on his blog. “It’s not any sort of version string change; I would have added something showing off the new features of 3.21, but oh wait, there aren’t any,” he writes, “This can be installed without having to open up your PS3, just by restoring a custom generated PUP file, but only from 3.15 or previous.”
Hotz believes – but he’s not sure yet until he can try it out – that this firmware update will even enable the “Install other OS” feature on PlayStation 3 Slim models. This is pretty cool, since that model never had the feature in the first place.
What goes around comes around, Sony. You remove advertised features – hackers will find a way to get it back. “Note to the people who removed OtherOS, you are potentially turning 100000+ legit users into ‘hackers’,” he added, “There was a huge (20x) traffic spike to this blog after the announcement of 3.21. If I had ads on this site I guess I’d be thanking you.”
It’s now the cat and mouse game.
Start your engines and let the games begin.
While I don’t own a PS3 myself, I do know from my experience with other software vendors who engage in games of tit for tat with the hacker community in a vain attempt at preventing users from utilizing their software / hardware in ways they see fit, etc., that Sony is wasting its time. If removing the other OS option from PS3’s is saving Sony the hassle of supporting users who utilize such a feature, why not simply look the other way when the feature is re-enabled by the hacking community. This way, they don’t have to support users who install alternative OS’s and the community gets to have the features afforded by installing alternative OS’s. Win-win for all concerned. It’s a huge mistake to make your customers the enemy. Just ask the RIAA or MPAA!
I was thinking the same thing, and maybe Sony will turn a blind eye now, though at the same time it seems unlikely – it makes too much sense for Sony to do that (and the last time they did something that made sense was before the release of the PS3, and even then rarely).
So their DRM was a waste of time? The console has been on the market since 2006 and there are still no pirated games for it. That’s a huge success.
Their big mistake was allowing OtherOS in the first place.
Actually, I have to disagree with you there. Allowing the other os option was, I suspect, a major reason there weren’t a lot of pirated games for the ps3. The option kept most enthusiasts happy enough that they didn’t feel the need to crack the PS3 wide open. With Sony’s slap in the face, I suspect we’ll start seeing pirated games relatively soon as the console, this time, will be cracked the rest of the way open. The more controlling these companies get, the worse the situation ultimately becomes for them, yet they seem incapable of learning the lessons that are clear around them. I suspect that, had they simply removed the option from all future models, the outcry wouldn’t be so bad. However now we have people needing to hack their consoles, which they legally purchased because of a certain feature, because Sony decided to take that feature away from those who bought their product in the first place. It’s not only controlling, it’s plain stupid. If you want people to buy your products, you don’t screw your customer base even if the other os croud was relatively small. The class-action that will undoubtedly follow is going to be a lot worse for their PR and it might make more people wonder if buying Sony products is a wise decision. This time it was the other os option, what will it be on the next product? Will they take away the ability to read Epub files on their portable reading devices? Yes, it’s an extreme example perhaps but it illustrates the questions people may start asking, and it is not good for Sony to have potential customers reconsider buying their products. Personally, I’ve not bought a Sony product (not counting their record label) since the days of their audio cd rootkits, as the writing was on the wall then about what they were about. That was a relatively small section of people that knew about or encountered that however.
Even Apple, as controlling as they are, haven’t gone this far… yet. I suspect even Steve Jobs would be just a tad hesitant about pulling a stunt like this.
Allowing a foreign kernel is a major security compromise.
As for the motivations of crackers there are plenty that try to break these devices for the purpose of piracy. There are also crackers that state their work is for homebrew to avoid litigation.
But more importantly you don’t make computer security decisions based on appeasement.
The PS3 has a level of DRM that is far above other consoles. When it came out all the so-called tech experts claimed it would be cracked in a few years because after all common tech opinion is that piracy is inevitable and crackers will be lured to the challenge. Very few of those so called tech experts bothered to read about how much more security the PS3 has compared to the 360 or Wii.
Here’s a basic synopsis:
http://rhyannefranz.wordpress.com/page/2/
System wide encryption with updatable firmware makes life difficult for crackers looking to pirate games. Even if the system is hacked to allow pirated versions of existing games Sony could just require a newer update to decrypt new games or to connect to the psn. Sure it’s possible for the entire system to be circumvented but that is highly unlikely. If anything there will be limited piracy of existing games without the option of connecting to psn.
But regardless of what happens Sony’s DRM has been a success. If Sony had listened to the “DRM NEVER WORKS” opinion that is common on tech blogs the PS3 would currently have piracy levels similar to that of other consoles. But then most tech bloggers don’t approach the issue of DRM with even a modicum of intellectual honesty.
So since it has been such a stunning success there’s no security need to remove the Other OS option.
There isn’t. They lose money on every PS3 sold, and don’t like people clustering them for cheap grid computing. There is no (practical) way to crack the drm and play pirated games on the machine yet, which is extremely impressive for a popular machine thats been on the market for four years now
That quote contradicts the fact Sony provided themselves the access to Cell processor and their Playstation 3 to Linux community from day one.
You ignore the fact Sony allowed the ability to install OS as part of advertisement meaning there were no need to crack PS3 despite the restriction of access to GPU (essentially a variant of Geforce 7800). With their own stupid decision, Sony just opened up Pandora Box. DRM is a failure before it was even created in the eyes of very determinate cracker.
Heh? I said providing the OtherOS option was a mistake from a security point of view. They obviously regret doing it at this point.
If your goal is to lock down a workstation and protect the contents which is more secure:
1. A workstation that boots the company OS and allows booting from the disc drive
2. A workstation that can only boot the company OS
No one has tried breaking into the PS3 until recently? Is there a hacker’s union we can contact to confirm this? Hardware devices are only cracked to run Linux and home brew? The motivation is never piracy? Do you really believe that?
You were probably one of those people that claimed the PS3 would be hacked within a few years.
It’s 2010 and there still isn’t a single pirated game for it. That’s a success.
Again I’m sure you would have claimed in 2006 that DRM is a waste of time and that Sony should just focus on the games.
Had they done that, then maybe the PS3 wouldn’t have been such a financial failure (compared to the XBox 360 and Wii, it really is a failure so far).
Edited 2010-04-08 14:32 UTC
I doubt it when it was the Cell and Blu-ray that really ate up their development costs.
One thing to remember is that Sony makes more money from movies and home theater equipment than games. They cared more about pushing Blu-ray as a format than winning a console war. They’re probably happy that they are at least turning a profit with the PS3.
You make it sound like the only possible reason one may want to explore there legally owned possessions is for criminal purposes. Really, the only possible reason one might want to install YellowDog is to infringe copyright? Really? You don’t think there might actually be homebrew folks out there that want to do crazy stuff like setup research clusters or explore the device in there free time?
And, how does a sandboxed kernel suddenly open the entire system up to infringement?
(“piracy”.. for those times when one needs to spread FUD without using “terrorism” or “the children” marketing buzwords.)
I’m approaching it from a security point of view, not an emotional “us vs sony” attitude which seems prevalent here.
Intent is irrelevant to my point. Allowing a foreign kernel is a security compromise plain and simple.
Yes a sandboxed foreign kernel is more of a risk than the absence of one. But that is only part of the risk in allowing a foreign kernel. There’s also the possibility of tricking the system into thinking it is running an normal instance of Linux when it it is actually a modified Linux kernel that feeds the system instructions from a pirated ps3 image. It’s a security compromise to allow the system to run unapproved code, period.
Do also you not see how providing access to system internals is also security compromise? Do you think that maybe Sony should include full hardware schematics as well? With notes on security protocols?
Providing a web browser is also a security compromise. You’re allowing unchecked code to be processed by the system.
If you want something like a console to be secure then you only want it loading approved instructions. That is a fact that is separate from any opinion you may have of Sony or this entire incident.
Just because you don’t like what Sony has done does not change some very basic principles of computer security.
And what is the danger here? That someone’s PS3 gets hacked and the photos he has stored on it get stolen? Why is that somehow more of an issue on a console than it is on any random computer (which does run “unapproved” code)?
Or is this just about this “piracy” thing you keep parroting? You do realise that despite the XBox 360 and the Wii getting cracked wide open, they are still MILES more profitable than Sony’s machine, right?
There is simply no evidence to support your assertion that piracy is hurting the console companies. Both Microsoft and Nintendo are doing pretty well, despite their consoles being vulnerable to “piracy”.
Reality > your fears.
And what is the danger here? That someone’s PS3 gets hacked and the photos he has stored on it get stolen? Why is that somehow more of an issue on a console than it is on any random computer (which does run “unapproved” code)?
You don’t quite get his meaning. The security issue is not an issue from the customers’ point of view. No, it’s from the content owners’/Sony’s point of view: allowing unapproved code does always carry a risk with it of it being able to bypass the DRM and thus allow you to do things with the content that you wouldn’t be able to otherwise.
Are you really going to tell me that the OtherOS option was not a security compromise even when GeoHot used the OtherOs to break out of the hypervisor?
http://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was-hacked/
But I can see that it is too difficult for you and others here to approach this from a technical point of view because that might meant that (GASP) Sony might have some technical justification for doing this.
Maybe you think that consoles should have no DRM. That’s a valid opinion but is separate from whether or not it is a security compromise to allow a foreign kernel. Whether or not you think it was fair for Sony to do this is also a separate issue.
Computer security principles > your hatred of Sony.
Reasons I decided on PS3 and not XBOX360:
1. PS3 advertised as THE best bluray player. Plus it will be updated and improved on with firmware as the bluray spec changes.
2. Uncharted and Heavenly Sword… no need to elaborate on this point
3. 80GB and not the cheaper 60GB version. I was planning on using some disk space for Linux. But I was holding off until a distro used the available resources more smartly.
Today:
1. Sony don’t improve the DVD upscale quality and I know there’s still some power left over to get us there.
2. Heavenly … oh heavenly … why Sony, why?
3. Sure the Linux experience suck for both users and Sony. But that’s no reason to get mid-evil on everyone.
It’s still the best gaming console.
And I’ve just moved on from my trusty P4 pc to my darling Acer Veritron Quad core running Ubuntu 9.10.
So yes. The best PC stuff is on an actual PC (setting up virtual pc lab in the hope of getting LINUX+ certified).
BUT … I bought a PS3 for 3 reasons – and dropping XBOX360 was tough. Ultimately those features won me over but now they’ve gone and artificialy handicapped the thing.
THAT my friends is the point.
Edited 2010-04-08 19:32 UTC
But, if OtherOS provides a sandboxed environment then it’s not providing “access to the system internals” now is it?
To me, all this says is that Sony should have hardened the VM environment used in an advertised feature rather than disabling the advertised feature. It’s a classic bait and switch fraud. “why yes, it does this very thing you are buying it to do.. oh.. sorry, now that you’ve baught, we are disabling that”
Not when that foreign kernel is run under a hypervisor, as Sony does. It doesn’t have direct access to the hardware, and Sony certainly made sure it wouldn’t. So how is it a security risk?
Wow, there are dishonest people in the world. Who should I tell this breaking news to first? I really think another poster has got it right, piracy is the IT equivalent of terrorism. It’s a scare word invoked to justify screwing the legitimate customers for the corporation’s own pocketbook.
Ah. That explains Windows, then, and their appeasement of users in Windows 7 by turning down UAC enough to expose a backdoor that they refuse to fix? You *shouldn’t* make security decisions based on appeasement. Nevertheless, companies do exactly that all the time. But as has already been pointed out, security is not the concern here.
And why might that be? You see, the motivation for most to mod their consoles in the first place is to make them do what they aren’t supposed to do according to the manufacturer. While that does mean the occasional stolen game, more commonly it is used to turn said console into a media center or other general-purpose device. The PS3 wasn’t cracked in a few years because, to put it simply, there wasn’t enough motivation. The number of crackers who infringe copyright is significantly less than the number that just want to make their devices work in the way they wish. Most crackers and modders do it for the coolness factor, simple as that. Until now, there was no need to crack the PS3 to do this. Let’s see how long Sony’s DRM lasts now that you’ve got a bunch of pissed off crackers and modders, who otherwise wouldn’t have bothered, breaking it wide open.
If you think that allowing a device to boot a foreign kernel and a trusted kernel is no less secure than only allowing the device to run a trusted kernel then you should stay away from any job that involves computer security. See my previous post for a full explanation.
As for people who mod consoles the vast majority do it for piracy rather than educational purposes. Or perhaps you think that the millions of modded PSPs in Asia are all in the hands of curious hackers?
Edited 2010-04-08 16:33 UTC
For motivated individuals, there will be a way to infringe copyright regardless of if one can install another OS. The PS3 ran the other OS in a snadboxed environment in the first place so how is that going to open the floodgates? Like games could not be duplicated for the other consoles which lack an OtherOS option?
(and, let’s not use the “pirate” marketing spin.. it’s simply copyright infringement not some romanticized magical guy in a funny hat and eye patch)
I see you haven’t read this article either:
http://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was-hacked/
Sandboxes have been broken before. Is this OSAlert or computer security 101 with .net jerkface?
As for the word piracy it is not a marketing buzzword and has been in the dictionary with that context for over a decade:
the unauthorized reproduction or use of a copyrighted book, recording, television program, patented invention, trademarked product, etc.: The record industry is beset with piracy.
http://dictionary.reference.com/browse/piracy
What that tells me is that Sony should have focused on improving the VM environment sandbox after marketing the feature and selling units based on it. Classic bait and switch fraud; that is the problem. Synthetic crippling of device capabilities is unacceptable. The copyright infringement excuse is disingenuous.
What your link regarding the sandbox break-out tells me is that Sony should have taken that as a proof of concept for something they needed to fix to harden there VM environment. That’s how responsible software and hardware providers treat such things.
As I’ve also said before; “piracy” is a buzword now used the same way as “terrorism” or “think of the children” when someone wants to justify poor policy. If you want to talk about copyright infringement, we can do that. The moment you start claiming “piracy” your selling something. Even the recording industry has come out saying that the term “piracy” needs to be dropped in favor of accurate language.
http://www.maximumpc.com/article/news/piracy_too_glamorous_term_ip_…
Edited 2010-04-09 01:12 UTC
It’s easier to just remove it. It was a security compromise in the first place. Yes some people will get pissed off but they obviously don’t care. Sony pisses people off every year and it’s a very small group that actually cares. I doubt even 1% of PS3 owners care.
What I can’t believe is that people have emotional outrage over Sony doing this. Did everyone forget the rootkit incident already? Building a server cluster around a locked up Sony console is not a good idea. Who even cares about what they originally advertised. If you’re competent enough to setup a Linux server then you should know by now to not trust Sony.
There’s a word that you don’t like. That’s nice.
It’s a common word with a common meaning and the context is always clear. I’m not sure why you’re bothering to complain about it here when it is used so frequently in the media. Seems like futile effort.
http://www.nytimes.com/2010/04/09/technology/09piracy.html
Language is something you don’t have control over. If there is a word that you don’t like then feel free to not use it but trying to change everyone else is pointless.
I don’t like the words synergy and irregardless but I don’t throw a fit when people use them.
“irregardless” is not a world.
regard – to recognize or observe
regardless – from “regard less” meaning not to recognize or observe
irregardless – meaningless redundancy… unless someone out there can tell us what an “irregard” is and how one does it less.
“Yes some people will get pissed off but they obviously don’t care.”
Isn’t that the truth.
“Building a server cluster around a locked up Sony console is not a good idea. Who even cares about what they originally advertised.”
Isn’t that the truth, Sony has a long history of pissing off it’s customers. And, up until Sony pulled the bait and switch, building a cluster out of PS3 was a very good idea unless those university and government folks who did so where unintelligent.
And, as for what they original advertised; you, then, have no issue with products you’ve purchased based on one set of functions being altered and synthetically crippled after purchase then? You’d have no problem buying a bicycle and having the manufacturer turn up at your door a week later and remove the front forks and tire with a pasma torch?
But of course Sony isn’t to be trusted. No corporation is to be trusted. Why should past actions like the root-kit incident make this recent action ok? People are not aloud to be angered by this action because Sony has done evil in the past also?
Sure, it was easier to remove the feature but that doesn’t make it right to do so. Developing a new hardware version that lacked the feature from the start sucked but at least that was acceptable but removing it from existing and perfectly capable older units? It seems Sony management didn’t learn anything from the root-kit fallout.
Dude I’m giving your comment a thumbs up
Sony! What the hell are you thinking?
The PS3 finally got it’s act together and this is what you do to your fan base? Now, am I gonna buy the “wand” thing… or am I gonna get the 360 and “Natal” later this year? Right now I don’t feel like supporting your new feature.
Love and Peace brothers and sisters. Love and Peace.
I do wish Sony would heed this advice, but they won’t. They’ve spent the lifespan of the PSP, not in improving and adding capabilities, but in finding new ways to get additional functionality off the systems. Despite the cool, capable hardware the number of “I need to play this” games is pretty small, but that’s okay because Johnny McProgrammer is unable (this week) to use secure shell on his PSP.
How can Sony remove an advertised feature on a whim like this? What if car manufacturers had the same approach and started stealing your tires a few years after?
Not only that, some people didn’t know that OtherOS was being removed when they updated, since the changelog is in no way shown when you update from the PS3. I’ve heard of several cases where people lost data (usually personal stuff like photos). Since the drive is encrypted, I don’t think they can get their data back at the moment.
This is not at all correct. If you read the update information you would have clearly seen that the OtherOS option was being removed. It was quite clear to anyone who reads what each update does. It was so clear in fact that they even mentioned that those who utilized the OtherOS option should back up their data prior to applying the patch. Those who don’t read the update info prior to applying them are bound to run into these types of issues, such as data loss. It’s their fault.
I was a user of the OtherOS option, mainly for CBE development, and I’m incredibly sad to see this functionality removed. Bad Sony! Bad, Bad, Bad!
I did the upgrade! And I think that Sony played nice!
They tell you very clear, before the upgrade that the OtherOS function will disappear after upgrading.
And if you do not want to upgrade what you could do:
– Don’t upgrade and still use the PS3 pure for the OtherOS option or
– upgrade where you get the chance to back up everything and they tell you precisely how!
The upgrade does not run before you acknowledge it twice!
And I think that the function will be back after a hard reset: http://www.tech-recipes.com/rx/2265/ps3_how_to_factory_hard_reset/
Gr. hansa /-//-\
It’s legal because there enough people out there (even on OSAlert) who believe that companies should be allowed to do whatever they want with the equipment you “bought”.
Not “all” companies should be allowed to do what they please with software and hardware you “bought”. Just Apple Inc. should be allowed. That’s a difference.
No problem with Apple bundling a browser with their Operating system either. Actually, on their mobile OS they explicitly disallow any other operating system.
Apple does the same thing that Sony and Microsoft do and they are praised for it. As for feature removal, I remember seeing a bunch of stuff on their main OSX page about ZFS.
Apple and Microsoft have been praised for doing what Sony is doing? I can’t remember them being praised for removing advertised functions.
There’s an essential difference between Sony’s doings and the OS X ZFS situation. Apple did advertise ZFS, but then later removed it, so the situations may look similar on the surface. The crucial difference, though, is that Apple never sold OS X with full ZFS support. It was removed *before* they sold it. What Apple did is no different than the Microsoft Longhorn fiasco where most of Longhorn’s supposed features never made it into Vista. It’s disappointing, but not mean-spirited. Sony however, is removing a function that they *sold* the device with and that it has had for years. As I said before, even Apple hasn’t done something this nasty.
apple’s removal of zfs is support different. first of all they only shipped read only support for zfs from the command line. second, although they advertised support for zfs from mac os x server they never actually shipped it to begin with and stopped advertising it before they shipped.
Hehe, true. I always have to chuckle when I read statements in the EULAs of some hardware or software which prohibit any modifications or sometimes even disallow selling your software second hand.
What all these morons in those companies never understand is the simple fact that such clauses are simply void in most European and Asian countries (I really don’t know about the US, their laws are much more “enterprise-friendly”).
The law is pretty simple here in Germany. Once you bought something, it’s *yours* and you may do with it *whatever* you want unless you start hurling your PS3 at other people .
Ok, seriously. You’d probably get sued if you start reverse-engineering a PS3 and start selling your on PS3 clone over the internet. But since the PS3 is quite a lot of high tech, the probability for that is very low.
So, again, dear Microsoft, Sony, Intel, Apple and whoever thinks who can tell us what to do with our property: F*ck off and don’t touch *our* property or we will sue *you* for malicious damage of our property .
Adrian
Oh no, THEY known that perfectly. Even better, THEY knwon that the people do NOT
This is great news, very exciting that Sony tries to screw the public and we have someone who is willing to right the wrong.
The problem is that the lawyers will be involved. Plus, there will be this back and fourth where future firmware updates will break Geohot’s work, he will restore “OtherOS” again only to have it broken by another firmware update.
In the end Sony will win.
Indeed, just like Sony has won against the PSP crackers..
Oh wait…
The PSP doesn’t have DRM close to the level of the PS3 and if you bothered to read at all on this subject you would know that.
I see that flew a few miles above your head.
It’s amazing how confidently wrong you are.
In the end, Sony will discontinue support for the PS3, and the hackers will have all the freedom and time to crack it and open it up that they want.
When Sony discontinues their support, the devices will still exist out there – people will still own them, sell them, buy them, and mod them. Aftermarket parts will appear to continue repairing them long after their “life” has ended.
In the end, Sony will simply not care, just like all the other consumer consoles and devices that come and go over the years. I own a plethora of old game consoles, several of which are mod’d and hacked – and I love them
OK, I concede the point that once hardware is abandoned all bets are off. So for the next 3 years, Sony will win.
I would be surprised – and I bet IBM would be too – if this worked on slim.
I understood that one of the ways Sony saved costs for the slim was that it didn’t include the hypervisor that made the OtherOS feature possible.
If OtherOS turns out to work, IBM might just go looking for a little more licensing money
Isn’t the hypervisor just software that could potentially be taken from the older PS3s? I’m not saying it would be easy of course.
You’re talking about a hypervisor. I didn’t know that PS3 used a hypervisor in order to run other oses. It means that if you run another Os on PS3, it will run emulated? If so, I can’t see how PS3 was used in high performance computing…
No, the hypervisor means the Other OSes were virtualized not emulated. The most basic difference is that CPU instructions in emulation are carried out by software, while in virtualization CPU instructions are mostly untouched by software and executed directly by the host CPU. Of course, in virtualization, there is still some level of hardware emulation (sound, video, and network hardware are commonly emulated).
Edited 2010-04-08 13:12 UTC
My understanding was that it was an emulation; your not seeing the raw cell processor through your OtherOS install. If this is correct then even with the emulation layer in place, the processor ran the guest OS fast enough to make it economical as a clustering node. It’s an area of hardware I’ve only been able to watch second hand though so someone who knows the details could help here.
What else should I say? I’m upset by this Sony move: I PAID FOR THAT OPTION, and I actually spent some time visiting various retailers to find the Fat model exactly for this reason, while I liked the Slim model more because of its ability to send HD audio over HDMI.
But after all I don’t need it. I just wanted to give a try at Cell’s programming. Well, time to move on. There’s always OpenCL, which is even more interesting.