No. You're referencing this: http://www.youtube.com/watch?v=eVXfgg7otJw#t=31m18

The revocation list is useless, but it does nothing to help us if metldr is updated with a new key and refuses to run something signed with the old key.

The revocation list's uselessness also does nothing for us today, because we have something even better - the current lv0/lv1/lv2 signing keys. This is what we will soon lose.

From the reddit comment:

Correct. My contention is that Sony can update metldr, over the internet, without revealing its encryption key.

It is probably revocable.

No. The signature verification stars by SHA-1 hash of the executable itself. This is what is "signed".

The whitelist would be a list of SHA-1 hashes.

SHA-1 is still secure, in that it's not possible in any reasonable time to work out which few bytes you would add to the end of your homebrew that would transform your homebrew's SHA-1 hash into one of the hashes on the list.

Not quite. This is what's called a collusion attack, and we don't know if it's possible with the encryption algorithm Sony used, because we don't know what algorithm they used (yet) - we haven't seen bootldr.

It would be nice to have a plaintext of metldr, but we don't have that - only George Hotz does, and even then I suspect he only has some of it, not all of it.

If Sony pre-encrypt all metldrs handed out, and all console-specific keys were random (i.e. not generated based on the serial number), there's no way to map serial number to console-specific key without Sony's database (presuming it exists).

If we can't work out the encryption used on metldr, and we can't get a plaintext of the updated metldr Sony hands out, then we can't reverse their encryption mechanism and therefore work out the console-specific key for any given console.

So, our only hope is to find out where the console specific key is stored, and to become able to extract it in future. Once we have that, we can encrypt our own metldr, which is easily accessible on the flash chip.

Furthermore, if we try and work out the encryption based on large numbers of requests to Sony's update servers, they potentially could detect us and start serving us phony updates, which would scupper our attempts (and would also entirely brick a PS3 if they mistook a genuine PS3 updating)

This is Sony we're talking about. They don't know the meaning of the word "ethical".

Sony could potentially stuff the genie back in the bottle.

The first step is a new firmware update, and make it mandatory to be allowed on the PSN. This will force the hand of most actual gamers. Perhaps there's even an option for Sony to force a firmware upgrade without user acceptance - we'll find out soon enough.

The firmware update will start verifying against a new Sony public key, and will only allow the old key for a whitelist of known past titles. So homebrewers can sign anything they like, but this new firmware won't run it.

Sony will start signing new titles with random numbers as well as the private key, so the private key remains private.

There goes softmodding.

"Ah", you say. "What about hardmodding? Because Sony can't update metldr with a firmware update, we can just rewrite the firmware on the flash chip, and metldr will accept our key, so we can change any stage of loading after bootldr/metldr."

But, you neglect that Sony could update metldr. The fail0verflow people said they couldn't, because they reasoned that as metldr is encrypted with a random key that's burned into the console at the factory, Sony couldn't update it en-masse. However, all Sony need to do is to pull their database of "what key was burned into each PS3 at the factory", and add code to their firmware that gets the PS3's serial number, sends it to Sony, and in return gets a firmware update already encrypted for that console.

metldr is only use to load firmware, which Sony never allows downgrades on, so it only needs to accept the new signature on firmware, not the old one. Now homebrewers and pirates are SOL, there's not even a hardhack that'll work.... unless you avoid Sony's network like the plague from this moment on, until modders come up with a fake update that convinces Sony you've upgraded, but you haven't really.

Meanwhile, in the factory, they keep on making PS3s but they change the firmware signing key. That's all that's needed.

There aren't any rape charges. There are no charges. Sweden wants to forcibly extradite him simply to question him. A phone call would do.

Hypothetically, Sweden would then immediately press charges against the suspect as they would have solid evidence of wrongdoing. They would attempt to arrest the suspect as soon as possible. They could stop the suspect leaving the country immediately - he certainly couldn't get on a regular plane and leave.

The hypothetical Sweden would not drop the charges the next morning.

The hypothetical suspect would not have to phone the police himself a few weeks later to ask permission to leave the country.

The hypothetical prosecutor would not give that permission.

The hypothetical Sweden wouldn't have an elected politician/lawyer who stands to gain from political stunts and has a history of trying to change the rape laws in Sweden, volunteering to take up a highly disputed case and using a mechanism designed to arrest wanted criminals for no more than an interview, without pressing any charges, meanwhile not bothering to interview the victim who has since gone on holiday because it's his opinion that the victim can't decide if she's been raped, only the state can.

Apart from that, yes hypothetically the UK can extradite the hypothetical suspect.

Minecraft uses LWJGL, the lightweight Java game library, which in turn uses OpenGL.

A better graphics card, or better graphics driver, will render Minecraft better.

Better than that. In OpenGL, you say "give me this vendor-specific feature" you get it. Programmers have used this to get at the latest features of chipsets long before they're standardized.

OpenGL programmers are always ahead of DirectX, even in this case where the hardware directly targets future DirectX specs.

It's like using -moz-border-radius, -webkit-border-radius and -khtml-border-radius to get CSS3 rounded borders long before CSS3 is officially released, and yet CSS3 won't be beholden to any one browser's implementation.

No, it took 8 months to be broken.

The Other OS functionality of the PS3 was unilaterally removed by Sony on April 1st 2010. The years before are of no importance, because you could freely boot Linux. Nobody who had the skills to crack the PS3 even bothered to look.

When they removed Other OS, Sony signed their own fucking death warrant.

The simulated computer world can do anything. ANYTHING. Look at the other computer-simulated-world movie, The Matrix where they hang a lampshade on it; "you think that's air you're breathing?". The characters defy real world physics with impunity.

In the original Tron, and reappearing in this one for nostalgia's sake, there are physics-defying constructs like the two-legged aircraft carrier and the solar sailship. This is what Tron was about - a computer world that is radically different to our own; it doesn't behave like reality because it's not reality.

So, given that, why the fuck do we have data-planes escaping their pursuers by doing stall turns? Something that only happens when you have gravity and air?

It's this schizophrenic mix of physics-ignoring nostalgia with physics-dependent New Content that irks me particularly. It's like there were two directors, one who was trying to copy the original Tron as authentically as possible, and one who was trying to cram in as much CGI physics as possible, and didn't know or care that the Tron world is meant to appear artificial.

Please go read some Youtube comments and Yahoo! Answers! for an hour.

Hi David,

I'm pretty sure you're in the UK. Here are some of Amazon.co.uk's rivals, who also do delivery:

• Play.com
• HMV
• Waterstones
• John Lewis
• Tesco
• ASDA

It's as simple as ordering from Amazon's rivals instead of Amazon. You don't even need to move from your seat!

Isn't internet capitalism grand?

Most companies don't try and control what you can see and do with their products after you've bought them. Apple do. This is what we are criticising.