I did, but I don't believe for a second that Sony can't work around this, even if it's not practical for them to do so and even if it involves a huge whitelist -- as mentioned, historically they've proven that they will go to immeasurable lengths to protect their intellectual property, easily at the expense of the customer.

Beyond that, Sony has already come out and acknowledged the flaw and announced that they will have a fix for it that will resolve the issue -- I don't think their PR firm would have been allowed to say that if they couldn't actually fix the problem.

That said, thanks for clarifying some of the misinformation I had -- I watched part of the 27C3 talk but did not view in its entirety, and had not seen the portion where they mentioned that the key was locked tight in the hardware somewhere.

I'd assume that in the imaginary 3.60 update, they'd invalidate the original key by either removing it from the internal certificate store or trusted certificate store, so any binary signed with that key would be treated as an un-signed or incorrectly signed executable and would not run.

That does bring up the point that if the actual SELF does not run due to being signed with an invalid key, would it be able to launch a stub that attempted to upgrade the app? I think they'd have to come up with a secure and crafty way of managing this. Whatever they do will need to ensure that legitimate users with physical discs containing SELF executables signed with the bad key can at bare minimum launch the stub which will download the updated, newly signed SELF binary. In any case, I digress.

I don't think it's too long of a shot to assume they would publish updates to all of the games -- they already have the update data on a centralized server that each game contacts as it is run, it wouldn't be much of a stretch of the imagination that they could take the original un-signed executables (I'd hope they have them stored!) and just write a script that signs the most current executable with the new key and publishes for testing. This does assume that they have a valid database of this information today and that they have the ability to quickly and easily get their hands on the unsigned copies of the binaries -- something that could easily be quite an incorrect assumption.

Not 100% correct. The original model PS3 had the 'Emotion Engine' (or some derivative thereof) physically inside the unit, which it used to provide the 95% backward compatibility that the launch PS3's had. Soon after, they changed the size, put out 40GB and 80GB versions (instead of the 20GB and 60GB that launched), and these were missing the physical 'Emotion Engine' and instead had a software implemented emulation layer. The emulation wasn't perfect and their compatibility dropped to something like 80%-85%.

Shortly after that, they just ditched the backwards compatibility altogether, effectively saying that they didn't care to spend any more time on it to make it work better, they'd rather put out new games (I somewhat agree with them), and that if you wanted a PS2, go buy one, they're still on sale. Now, considering it was advertised as one of the selling points initially, perhaps they should change their marketing slogan:

"It only does everything" should become "It only does everything, until we decide it shouldn't do something at a later date, at which point we'll remove it without asking."

Yes, yes, I'm just trolling on that -- they only did that once, and only with the Other OS feature.

"The key also cannot be changed without hardware modifications."

This is 100% incorrect and assumes that Sony will not take actions that *may* have a detrimental impact to their users. Historically, they have proven time and time again that when it is their profit vs. their customer, the customer loses.

Here's what they would have to do (from a high level perspective, all you encryption experts can retract your claws) to fix this:
1) Publish a firmware update (mandatory) for the PS3, needed to sign in to PSN, which includes an update to the root certificate / trust, which would include the reciprocating key for a new private key they generated.
2) Publish a small update to *every* piece of existing PS3 software that signs the executable with the new key.

As Sony licenses their technology and as every executable has to be signed by them internally anyway, it's not a stretch to believe they'd have (somewhere) a full list of these executables. They could just re-sign the SELF binaries with the new key, publish as a patch, and they'd have a new key.

I'm not sure where the statement came from that this was held in hardware -- I mean, sure, it's accurate -- everything held in FlashROM is effectively 'in hardware', but for the purposes of this conversation it doesn't in any circumstance mean that Sony can't fix this -- just that fixing it could possibly negatively impact their userbase. I again must remind everyone that this is not something they normally bother themselves with.

I expect 3.60 to come out soon with a new key and for every single program I run for the next two months to be telling me it requires an update before it will load.

That said, NOW, any of you encryption gurus out there with a better understanding of how the PS3 (mis)uses encryption are free to tear my post to pieces.

You beat me to the punch. I wish the RSS feed showed the good comments instead of whatever they're using to determine it. Though, I think you were more polite than I would have been. I was envisioning something more along the lines of: "What color is the sky in the SysAdmin world you live in that an iPad could fix a poorly designed network with incorrectly configured routes while interfacing with an archaic PBX system?" If I had mod points, you'd have been modded up.

That's OK, believe what you want. There were two crackfixes posted, and the second one actually did fix the issues and make the game 100% playable, though you caught me! It didn't come out until 2 days after the game was released. I'm not sure where you're getting your information from but apparently it's out of date.

See my first response. Thanks!

Yes you can. And you could the day it was released. Matter of fact, I think it may even have been cracked and on the internet the day before Ubisoft released it. Research first, post second. It'll help you a lot in the future.

FYI, while your reasoning and rationale are 100% correct and I'm in absolute agreement, you're incorrect about the numbers.

The real price for the iPhone is as follows (for the device only, no contract, at all, period, direct from apple's store website 30 seconds ago on a non-upgrade eligible AT&T account)

$499.00 - 8GB iPhone 3Gb
$599.00 - 16GB iPhone 3G S
$699.00 - 32GB iPhone 3G S

That said, the real numbers prove your point better anyways. Just thought I'd point that out.

Exactly -- I worked this out with my fiancee. She was about to buy a new iPhone anyways so we signed her up for a new plan and I paid for the phone. She gets my 16GB iPhone 3G when the new one comes in and I get the shiny new 32GB iPhone 3G S and only paid $299 for it.

On a side note, all you clowns complaining about $499 for an upgrade price, for some reason my account didn't even qualify for that upgrade -- they wanted $699 from me, claiming I wasn't eligible for upgrade pricing until Dec 2009. $322 and change later and I've got a shiny new iPhone 3G S. It's not impossible. One of my co-workers got AT&T to provide him the $299 upgrade pricing just by calling, complaining, and threatening to cancel and pay the ETF. They sent him over to 'customer retention', who asked why he was cancelling and when he told them they offered him the upgrade at the $299 price...

Of course, he started at $499 -- not $699. I figured since my account was already screwed for some reason, I'd leave it be. Plus, if in December they reset my contract entirely for some reason (as the site shows it will), I'll have a free upgrade just in time for the next upgrade next year :P.

I don't know about that -- telecines are done from the film itself, in the back room or projector room. The audio in those cases is either a direct pull from the soundtrack CDs that are loaded into the projector or are direct rips from the projector's output ports -- there is no reason to use a microphone to pick up the audio for a telecine if you already have access to the film itself, as it's likely you'd have access to a pure digital or at least direct analog copy of the audio.

This looks like they're trying to get cammers, but like the GGGGGGGP or whoever posted, after the fact is too late ...