Question: why would someone believe that responsibly disclosing vulnerabilities that only affect local devices and mostly enable the owner of a device to gain root access to it is the best thing to do, instead of just publishing them outright? I understand responsible disclosure for server vulns that could cause harm to third party's plattforms or devices, but it seems unnecessary for this case.
“ but with the release of the PS5 and the introduction of PlayStation's bug bounty program, I was motivated to attempt some kind of exploit chain that would work on the PS5.”
Money is a perfectly reasonable reason to jump through the “responsible disclosure“ hoops. If you want to do work like this for purely altruistic reasons, go ahead, I’ll cheer you all the way. If someone else does it for money or reputation instead, I’ll still read their fascinating write up of it.
There's some professionalism involved with not just dropping 0day against someone's consumer product when it enables piracy or bypasses security functions, especially when you're employed in industry. PlayStation also accepted these through their bounty program, so there's a monetary incentive as well.
There are so many ways for people to cheat in online games when they can manipulate the local state of their gameplay. I've personally completely stopped playing CoD online because cheating is so ridiculously out of control.
I just want to play the game like a normal person. But it's no fun anymore.
Play fps games that have dedicated (community run) servers. Cheating is social problem, not technical. Centralized servers / matchmaking can never combat it.
Is it really true that piracy hurts game developers? All I've seen is evidence for the contrary[1]
As for your end statement, I believe having root access, or just the same level of control over the individual device as the manufacturer does after the sale, is a matter of consumer rights/protections ripe for legislation, not about "features".
I totally get that piracy may not necessarily hurt dev in term of income. But I feel a few other things always seem to be left out in the discussion about this topic.
1) it is totally unfair for the honest buyers if other people can get it for free in an "illegal" way.
2) The IP holders may simply don't want people to get there work for free, irrespective of the fact "they are not going to buy it anyway!". I've seen lots of indie artists express such opinion.
Ultimately, I don't think that's something bystanders have a say. You (general you, not "you" you) can't force your "rational analysis on economy of privacy" on the IP holders. Large game companies obviously almost only care about the profit, so you may assume they think that way. But that can't be applied to everyone.
> 1) it is totally unfair for the honest buyers if other people can get it for free in an "illegal" way.
I have never, ever seen anyone make that argument. How would that even work? "I paid fof this Smart TV. Then I heard about a massive shoplifting operation that took place on the store I bought it from. Damn! Why did I have to pay when those thiefs got many for free!". Doesn't hold up.
> 2) The IP holders may simply don't want people to get there work for free, irrespective of the fact "they are not going to buy it anyway!". I've seen lots of indie artists express such opinion.
What would the motivation for not wanting them to get it for free be, then? Unless you don't want people to get your works in the first place. If you do, I don't see how piracy might make you angry without the "concern over potentially lost sales" element.
>I have never, ever seen anyone make that argument
Well, now you see one, I am making it.
Your analogy with tangible goods doesn't work. Shoplifting, or stealing, could be a felony and is heavily frown upon morally. The risk of getting caught up is much higher, and the consequence is more serious.
I won't be angry about "thieves getting them for free" despite I paid for the TV, because I knew they will end up in jails eventually, if not already.
Piracy, while theoretically illegal, is almost never punished. It realistically has no risk. So there are a lot more people doing that than shoplifting. And yes, I feel salty when I paid full price for X game while someone is getting it free.
>What would the motivation for not wanting them to get it for free be, then? Unless you don't want people to get your works in the first place.
I only want my paid customers to get it, whoever doesn't pay doesn't deserve to get it. Pretty simple. I don't find it's hard to understand. Go ask any artist live with Patreon money how they feel about it.
> Your analogy with tangible goods doesn't work. Shoplifting, or stealing, could be a felony and is heavily frown upon morally. The risk of getting caught up is much higher, and the consequence is more serious.
> I won't be angry about "thieves getting them for free" despite I paid for the TV, because I knew they will end up in jails eventually, if not already.
So whether you get angry about it or not depends solely on the thieves getting punished, not on the act itself? Seems like a very narrow way to view it.
> And yes, I feel salty when I paid full price for X game while someone is getting it free.
Why? That has no effect on how you enjoy the game. Why would you get salty about that, considering it doesn't affect you in any way? Especially since you said yourself earlier that piracy doesn't "necessarily hurt dev in term of income", so you wouldn't even worry about the dev(s) not making any more games because of piracy.
They same reason I hate about human right violation practice, despite it doesn't affect my in anyway (some even benefit me, like slavery labor).
(No, I'm not saying they are the "same thing" or the same level of seriousness. Just to demonstrate I can hate things that doesn't affect me negatively.)
"Piracy is bad" -> Why? "(One reason is) People get angry that others are getting their paid stuff for free" -> Why would they get angry? -> "Because piracy is bad" -> Why?
Piracy is bad because it's unfair to honest buyers. This is literally my original argument. Not because people get angry about it, I never even mentioned that to begin with. You are the one who came up with "people get angry" angle by using a crappy analogy.
Do I really need to prove how this is unfair? A paid $60, got a copy of game. B paid $0 by illegal means, got a copy of game.
Same goes to shoplifting, actually. Not sure why it "doesn't hold up". I simply care less because police exists. Regardless if anyone "gets angry", it is an unfair situation.
Hell, you even made up another strawman: "Why would they get angry? -> "Because piracy is bad" -- said no one.
To be Mr. obvious, people get angry because they're in the disadvantaged end of an unfair situation.
From the Berne Convention, Article 6bis, Moral Rights:
> (1) Independently of the author's economic rights, and even after the transfer of the said rights, the author shall have the right to claim authorship of the work and to object to any distortion, mutilation or other modification of, or other derogatory action in relation to, the said work, which would be prejudicial to his honor or reputation.
You did pay for when you bought the smart TV. Some percentage of the price is there to deal with insurance for shoplifting or return or warranty fraud.
If you live in a society that tolerates more fraud or crime you will pay more.
This feel familiar to me, I think this is the thinking used mainly by music and video DRM implementers. An arcane one, in the sense that it is not consistent with modern liberal capitalism, that it argues the society as a whole and equalities/fairnesses within absolutely prioritizes over economical profits.
Vast majority of people hack their consoles to pirate or run homebrew, not cheat. Consoles are usually only hackable on non-current firmwares anyway which means no online play.
I don't believe that in the slightest. Sure, you do have to usually run some homebrew code to be able to play ripped copies of retail games but how big is the homebrew game and app market (other than XBMC for Xbox) that people would opt for that and not pirated games? Being able to compile code for a game console is usually (excluding XDK for the old Xbox) much more difficult than obtaining ripped retail games. Every modded console I ever saw in-person had a hardrive or stack of discs of pirated games. Games are pretty expensive and are a luxury in many parts of the world so there's a massive motive behind being able to run region-free pirated games on consoles. This argument is like saying that most people with torrent clients only download Linux ISOs and creative Commons licensed content. If the ability to pirate content is there, most people are going to do it.
PS2 was dominant because it had great games, backward compatibility (for awhile) and was also a DVD player. The piracy angle didn't affect sales, despite what Sony says.
You underestimate the impact of piracy in developing countries. It’s true that almost no one bought games at full price, so Sony was only seeing unit sales.
However, once these countries developed further and the people who grew up with PS consoles started to make more money, guess which consoles and games these people decided to buy? Hint: it wasn’t Xbox!
Long story short, easy access to piracy was a gateway to future PS game sales in many developing countries.
That's me. As a kid 15+ years ago, buying a video game for PS2 was ridiculously expensive. I was buying cheaper copies from local "distributors", then I eventually got Internet connection and learned to download them myself. I did buy a PS4 a few years ago and purchased a few games - which does not sound like much, but I basically have 0 time for that now, but if I did have time, it would not be PC, Xbox, it would be PlayStation. If it was just for the exclusive titles. God of War was one of my favorite games and I was happy to play its recent continuation (though I only had the time to finish like 1/3 of the story, I really enjoyed it).
I also bought PS3 before Hotz by the way. Over the span of 2 years I bought like 3 games I cared about the most, that's all I could afford with the money I had available as a kid. After the jailbreak I had some 20 titles.
About 130 of 160 million PS2s were sold in North America, Europe and Japan. Developing countries don't appear to be a significant market for the console.
"developing countries" in that context are places like the former soviet union, i.e. half of Europe at the time, or latin america. The hardware was hella expensive, but with several months of savings it was possible. The games were a different matter. You were basically buying imports from the other end of the continent with all the shipping and customs taxes that incurs. Piracy was what drove people's buying decisions.
This is heavily skewed. If you lived in Eastern Europe it was customary to drive down to Germany to buy PS1/2 because they were much cheaper there. I know several people who started their retail business just by bringing back car loads of PS2's. One guy even got a mocking nickname (something like "playstation") that stuck with him for decades after when he moved on to selling HiFi and AV out of his store.
I absolutely assure you no one, ever, bought original games in those countries. Especially not the (relatively) rich who could afford them.
DVD playback wasn't a selling point. No one had DVDs back then. Everyone watched xvid on their PC. That was the only way to obtain digital movies. DVD stores were very minimal and saw no attention. Rentals were mostly VHS.
Yep, it was the same in the Middle East. Immigrants and travelers to Europe and the US frequently brought back electronics, including game consoles. They were then modchipped locally.
I can echo that sentiment. My original xbox was chipped. As a hacky kid with no money, it was the only way I could play new games. Guess who went on to own every xbox generation for the next 10+ years?
It was also out for so long that it gave it plenty of time to end up used for cheap. It seemed like everyone had one laying around or in the closet at home by the end of its run, usually a slim one honestly.
DVD playback was huge when it came out. DVD players were still expensive so if you wanted one, it barely cost any more to get a DVD player that was also a PlayStation. Between that and PS1 backwards-compat, the PS2 was a bargain.
That's true with the latest consoles too, honestly. They are even better deals in terms of what you get. My Xbox one is nearing 10 years old and it still plays new games, it plays a lot of the older games if they've been ported at least (bone of contention I know it not being proper backwards compatibility), performantly runs all streaming services (can't be said about modern smart TVs), its a blu ray player, I have 5.5 tb of local storage on it, and I got it used for about the price of a modern game.
The same week that Sony launched the PS2 they also launched a 100-disc carousel CD/DVD changer as part of their home theatre kit. There might also have been a 200-disc changer, but I know the shop I worked in stocked one of the 100-disc changers.
Just think! All your CDs and movies in one machine, that you can play on your big rear projection TV over your 5.1 surround speakers!
Just think! They had absolutely no intention of releasing a version that was actually a PS2 with wireless controllers, and indeed thought the very idea that anyone would buy such a thing was laughable.
Not true entirely. Yes all those features helped, but in developing markets, the ability to easily mod chip them to play pirated games was the real seller.
I would rate this as a very low likelihood, because even if someone did come up with a way to pirate single player games (such as Horizon Zero Dawn/Forbidden West), the number of games now that are persistently online-only means that most people will be unwilling to give up that functionality.
Any theoretical PS5 piracy would almost certainly require it to be completely disconnected from the Internet so that the firmware and operating system could not be updated (or verified by Sony).
The reason the PS2 succeeded so massively is that it was an affordable DVD player alone, IIRC at the time you could buy a DVD player for like $199 or a PS2 for $299. It was a no brainer for any family looking to either replace their console or seek to upgrade to DVD - something which was a way bigger deal than the transition from DVD to Blu-Ray.
> something which was a way bigger deal than the transition from DVD to Blu-Ray.
I always find that interesting, because to my eyes the quality jump from DVD to Blu-Ray is the biggest we've ever seen (and likely ever will see) in home video formats, way bigger than the move from VHS to DVD. I don't think DVD has aged particularly well, especially in a world of non-interlaced digital flat panel displays. A properly mastered Blu-Ray disc still looks considerably better than the HD streams being offered by just about any modern streaming service, but DVD generally looks worse than your typical 480p stream.
Blu-Ray may be a bigger leap in quality, but it's kind of DVD but better. DVD vs VHS gives repeatable high quality video and audio, no adjustment or cleaning, chapter seeking, mailability (which enabled netflix and others to offer a huge rent by mail catalog), durability in a reasonable size. Laserdisc had some or that, but the size was cumbersome and the capacity was too small.
Some DVDs are poorly mastered, and modern encodings are better than mpeg2 at the same bitrate, but 480p DVD should compare well to bandwidth limited 480p streaming.
That is fair. DVD was built to support the same analog video standards as VHS, so there was only so much that could feasibly be done to improve the picture quality. DVDs popularity was all about how much more convenient and feature-rich the experience was.
While there are some terrible masters, a decent one holds it up well; there are plenty of DVDs that play at 16:9 480p cleanly, and a similarly letterboxed VHS might have been 170p with lots of chroma noise.
If S-VHS had ever caught on for commercial releases, then the jump might have been smaller, but a VHS was visibly worse even on screens of the time, and screens were getting bigger pretty fast back then.
Yes, but VHS resolution was not necessarily that great in practice, due to it's analog nature. And, of course, tapes are much larger and you have to rewind them. DVD is much more ergonomic, not even counting extra features, multiple languages, higher quality and more channels of sound, etc.
The difference between blu-ray and dvd was barely perceptible—if at all—on most people's TVs, when they came out, while DVDs were plainly much better than VHS on any non-tiny TV manufactured in the 10+ years before they came out, is part of why DVDs made a bigger splash, I think.
Also, DVDs were fundamentally very different from VHS, while Blu-Ray is just the same thing but incrementally better (yes, I know it's pretty different in a lot of important ways, but it looks very nearly the same, and you use it the same way).
DVDs introduced or normalized:
1) Surround sound on home media.
2) Widescreen picture (widescreen VHS existed, as did pan-n-scan DVD, but DVD popularized home widescreen video sources)
3) "Extras"—sure, you'd see the odd making-of feature on a second tape with some VHS releases, or available separately, but nothing like e.g. commentary tracks.
4) Multiple audio options from one piece of media (original audio plus dubs on foreign media)
5) Nice-looking captioning, potentially in multiple languages, not like ugly VHS/TV CC managed by the TV.
6) No rewinding.
7) Chapters & menus.
8) ... probably more that I'm forgetting about.
Plus they didn't degrade every time you played them (provided you didn't scratch them when handling the disk) and pretty much never self-destructed in the player.
Granted, Laserdisc did some of this too, but it was too expensive and too bulky and ~nobody had one. I'm not even sure more than half the population of the US knew laserdisc existed.
Meanwhile, Blu-Ray brought us... more pixels. And the disks are more durable. A few other features, sure, but only nerds know about those, really. That's about it. The pixel-count increase was big, but it wasn't a whole new thing.
In short: DVD was a new thing; Blu-Ray was "just" better DVD. Consider: almost nobody called a DVD a tape. Tons of people still call Blu-Rays "DVDs".
Whatever the technical merits of Blu-Ray over DVD, it simply didn't make as big a splash. Probably didn't help that streaming services were starting to make non-film-geeks reconsider having a home video library at all, early in Blu-Ray's lifespan.
> A properly mastered Blu-Ray disc still looks considerably better than the HD streams being offered by just about any modern streaming service,
Heh, especially Netflix. Encoding artifacts everywhere. Every dark scene is a bunch of big squares. Terrible, terrible picture. I can get 2GB(!) h.265 blu-ray rips @ 1080p that look way better than Netflix's 1080p. The problem is they're (streaming services generally, that is) incentivized to make the stream as bad as they possibly can, without driving away too many customers, because storage and data transfer costs are major expenses for them.
> The difference between blu-ray and dvd was barely perceptible—if at all—on most people's TVs, when they came out, while DVDs were plainly much better than VHS on any non-tiny TV manufactured in the 10+ years before they came out, is part of why DVDs made a bigger splash, I think.
This. DVD arrived back in the CRT-era when most screens were both smaller and had lower resolution than modern screens. When Blu-ray hit the market, 32"+ flatscreens had started to become mainstream.
If you try watching a Bluray on a 24" CRT TV then you'd hardly notice the difference when comparing to a high-quality DVD release.
I don't know about that, piracy on the Xbox was a lot easier than the PS2. It wasn't until FreeMcBoot came along around 2007 or 2008 that PS2 piracy really became accessible to the lay person, and that was after the 7th generation of consoles launched.
Well when I look at a sales breakdown by region, the lions share of PS2s were sold in North America (54m), Europe (55m), and Japan (23m). That leaves 27m units divided amongst the rest of the world, notably including South America [1].
I have no doubt that viable piracy improves hardware sales in less fortunate economies, I just don't think it's enough of an effect to have the dramatic impact on global sales that was implied above.
If you want a console whose global sales I think were driven in large part by piracy, look no further than the PSP.
Also I doubt the charts include the most popular way of buying a console in Brazil:
Buying one from USA.
Sometimes even flying to USA, buying the console and flying back is cheaper than buying local.
And during the PS2 era, everyone I knew that owned a PS2, bought it from a shop that sold modchipped PS2 that they bought from smugglers that got it from USA.
Currently I see that with the Switch, of the people I know that own a game console, most of the time is a Switch, and most of the time is a pre-modded Switch imported from USA, usually an old hardware version with Atmosphere installed, because modchipped Switches are buggy.
Every single PS2 I ever saw growing up was bought in the US (I grew up in a third world country). Consoles in big box stores here were outrageously expensive, like 3 to 4 times the price in the US. It was cheaper to fly to the US to buy one I kid you not, so that was what a lot of people did.
edit: Also all of them were modchipped, you could take any console to any random electronics repair shop to get it modded.
a nitpick, North America includes Mexico in those charts and as a mexican I can attest a lot of piracy went on in the PS2 / Xbox consoles back in the day
I don’t think it’s like that anymore. There are many servicies tied to a console nowadays and they solely function as just game machines. If Sony decides to prevent hacked consoles from having a PSN account or even going further into banning those accounts the incentive for piracy is very low.
You’d also potentially lose future system updates making some games unplayable.
In the old days, all you wanted and could do was play games so stakes were low. Now you have Netflix, NFL, and years of digital “goods” tied in there.
I do agree with you that piracy played a big part on PS1, and PS2 success but the role of it in the modern day won’t be as important as in the past.
They don't have any trouble selling consoles right now, and historically they lose money on console sales. Afaik the PS2 was no exception, at least early on in its lifecycle.
I would imagine doing tls for millions of ps5s worldwide would register a blip, but it seems bonkers that psn is still using http. Maybe that's how it got hacked so much
The ars technica article about this has some additional info from the hacker about sony not really being able to do this:
"CTurt stressed to Ars that it would be nearly impossible for Sony to plug the hole that enables mast1c0re. That's because a version of the exploitable PS2 emulator in question is packaged with each available PS2-on-PS4 game rather than stored separately as a core part of the console operating system. [..] For physical PS2-on-PS4 discs, that means the exploit should continue to work as long as you refuse any online updates before playing. And for digital releases, even if the exploit is later patched out, there are methods to downgrade to a stored, exploitable version using proxy HTTP traffic from a local server."
so there isn't just a single PS2 emulator in the PS4/PS5's OS, it's a per-game emulator.
If Sony wanted to end PS2 support on the PS5, my theory is that an easy way for them to work around what is described in the quotes would be to simply issue a new system update which then refuses to run the name of the executable or loading a support library it needs to operate.
I believe it is doable, but the long-term impact to consumer loyalty is another question. Xbox is a peer system and people may move to it and potentially not return.
They also ripped the user-facing Web browser out of the PS5 because "zomg Webkit exploits", despite leaving in web browser features like the online user guides, social media linking, etc, that could all still be used to the same conclusion.
(I'm frustrated over this because as an ISP employee that has to answer to 'slow device speed' complaints, we try to speedtest from the device, and the built-in PSN speed test is woefully low compared to a browser-based test proving our network isn't to blame.)
They also lost a class action lawsuit over OtherOS, needing to pay people that used it $55.
With PS2 emulation, I suspect far more people do use it and it would be much, much easier to prove you used it. This could lead to a huge settlement against them.
