Monday, May 9, 2011

Can Sony Learn a Lesson about Apologia?

Coming to terms with Apologia, PS3, Linux, Geohot, and hacking.


As everyone who uses the Playstation Network has surmised by now, Sony owes us an explanation. Their network as been down for several weeks now, and we have been unable to use the online features of our games. We've heard that this is the result of hackers, and that our financial information has probably been compromised. We've gotten emails from Sony, and they have expressed regret. There was a letter from the Senior director of Corporate Communication even offering identity theft protection. Still, what we are really lacking here is not sorrow. We are lacking a real explanation as to why this happened. In the absence of hearing a coherent explanation from Sony, I will offer one here. Unfortunately for them, my explanation may not be one they like.

In rhetorical studies we refer to such explanations by the Greek word "apologia" which is the root from which we get our English word "apology." Understanding the English word might be a good place to start. There are two major meanings for "apology" in English. The first, and most common, is to take responsibility and admit wrongdoing. The second meaning is really only used in theological circles, and it means offering explanation for things that, on their face, seem incredible. The term "apologia" really encompasses both these meanings simultaneously and a bit more.

The term also implies a defense, but not a denial of one's actions. Rather, apologetic rhetoric seeks to ascribe motivation for those actions to circumstance ("A Pentadic Analysis of Senator Edward Kennedy's Address to the People of Massachusetts, July 25, 1969." Central States Speech Journal 21 (1970): 81–86). For instance, if a person breaks into my house and I shoot him, I will not argue that I shot him. That will have been established. Rather I will argue that circumstances were such that I had to shoot the person [note to readers, don't break into my house].

I hate to say it, but Sony's behavior in this entire fiasco has been indefensible. So, if I offer an apologia here, it is not for Sony. Instead I offer an explanation for the hackers who have brought the network down and compromised my bank account.

How I came to love the PS3

When I decided to buy a seventh generation console, I was torn. The XBox 360 seemed to have the most to offer in the way of new games, and that is really why we buy consoles. However, Sony's offering, the PS3 had three things that really sold it for me. The first was the ability to play Blu-ray disks. I'd compared the usability and features of both Blu-ray and the HD-DVD disks that were its competition at the time. I saw Blu-ray as the future, and didn't want to have to buy two devices if one would work.

The second reason was that, at the time, the PS3 could run all of my games from my PS2 and the old Playstation games. That meant I had a whole library of games without forking over more money immediately. That was an awesome selling point

The third big selling point for me was that the PS3 could run a second operating system along side its own, a Linux operating system. Now, I love Linux and the possibility of running it on my console thrilled me. My computer at home runs Linux exclusively, I have a small Linux partition on my work computer for things I just can't do in Windows. I even carry a small Linux OS on a thumb drive in case I need to use someone else's computer. Linux is great operating system made for hackers by hackers. It is totally open and can be altered, so if a hacker needs it to do something it doesn't, they can just write a program to do it. Even better, they can share that hack back with the community and we can all improve our systems.

For me, this was the biggest selling point on the system. Not only was I getting a game console and a Blu-ray player, I was getting a second computer. I would be able to surf the web, write and play silly games while my wife was using the computer!

I bought my console used off of Ebay, and began to play. I fell in love with the device. It did everything I wanted and so much more. It wasn't long before I found the Playstation Network was free and offered all kinds of fun things. There were people I knew who were buying Wii's, and I would have fun at their houses, but was able to play comparable moving games using the PS3's sixaxis controller. I became very evangelical for the PS3.

The relationship faltered

Then I started to hear weird things in the tech news. The newest PS3's being made were no longer backward compatible. Weird, I thought, why would they do that? I could no longer be wildly evangelistic about the PS3. Mine is still backward compatible, but I can't use that to talk my friends into buying a new one. Luckily, I knew some folks in the hacker community were working to fix this. As a Linux user, that is what I feel like hackers do. They fix things.

There were people, I heard, looking to find a way to put backward compatibility on the new machines. From my open-source inspired point of view, I saw this as a win-win for Sony. They were saving money by producing machines without backward compatibility, but other people could put it on the machines. Hackers were helping Sony out!

Finally, someone made the first big step toward that end. It was a hacker-kid aliased, Geohot, who was pretty famous already for his work on the iphone. What he had done on the iphone was engage in privilege escalation, or as it is known in hacker slang, "jailbreaking." He was able to do the same thing on the PS3. He used an opening in Sony's ability to use Linux in order to get full access to the firmware of the system. Using this, people could put retro compatibility back on!

When I read about Geohot's hack, I was proud of him. I hoped that Sony would start to fund his work a little and allow him to further develop useful hacks on their system. I guess that just shows how out-of-touch open source users are with the rest of the world. Sony did not praise Geohot, instead in their next update they deleted the Linux partition from everyone's machine, including mine.

That's when the stuff hit the fan.

Geohot figured out a way to put everyone's Linux partition back onto their machines. Sony responded with another update which would prevent that. The hacker community then created dongles which allowed users to get around Sony's updates. Then Sony created another update that made the dongles quit working. Then they made, I think, the biggest mistake of their corporate lives.

Not only were they not funding him or thanking him, they were suing him! For those of us with ties to the hacker community, including every open-source user and advocate, this was a horrible insult. The proceedings dragged on with arguments over jurisdiction and definitions. Finally, they settled out of court. Geohot can't hack on the PS3 network, which he says he never did (he just hacked his own hardware), and Sony has to leave the poor boy alone.

When we bare our teeth.

The matter may have been settled with one hacker, but the open community were still a bit miffed. Hackers began an actual attack on Sony's Playstation Network. See, for the most part, hackers are good people who want our hardware to work better. However, there are some who are not good. Furthermore, I think the majority, who are very good people, take a bit of a vigilante view of justice. Since our community felt that Geohot had been wronged, some members of the community set out to right that wrong.

People don't know how dangerous those of us in the tech community really are. I think that if they knew, they would pay me better. If I am a hacker at all, I am probably the least skilled hacker on the planet. I have ties to the hacker community because I am primarily a Linux user and I find ways, often with help, to make things work. Still, I carry a flash drive with a small Linux OS on it. With that I can get into the files on your computer, if I can get my hands on it, even though I don't know your password. Using those files, I can get your passwords if you've saved them, your bank account records if you use a program like that, and for sure a list of your favorite sites. There are ways to stop me, but you probably don't use them (and neither do I). All you use is a firewall and a virus scanner. I don't break firewalls and I am generally against viruses. I can do it, and I am not awesome.

Hackers with more skills than me can be more dangerous. Much like cuddly dogs, however, they are dangerous only if provoked. Suing Geohot was extreme provocation. Several members of the hacker community have attacked the Playstation Network and done what some analysts are saying is 1.25 billion dollars in direct losses. Not only that, there have been further losses to third party developers for the PS3. Perhaps most disturbingly, the hackers got our credit card numbers and names. I've read some of the chat logs from the hackers working on this, and they were shocked that the information was stored in plain text. That's right, Sony stored our credit card information with absolutely zero encryption.

Probably most of the hackers who worked on this project are interested in hurting Sony, not the players. Honestly, after this fiasco I trust a group of unnamed hackers more than Sony. Sony has now said that they are going to pay for identity theft protection for all of us on their network, but all our information is out there now. Among other things, this prompted me to also change banks. The hackers have the number for an account that does not exist.

So who needs to apologize?

Sony needs to apologize. They need to explain why they are taking away our features, and they cannot give the normal corporate drivel about "security." That argument is gone for them now. They need to show that they understand this was a mistake. They need to promise return Linux functionality and backward compatibility to their systems. They need to stop discouraging homebrew applications. They need to promise a more open system.

When they do this, the hacker community needs to back off. This will be hard and is the biggest problem with vigilante justice. Vigilante justice seems to go beyond an eye for an eye and begins to demand a life for an eye. We can't let that happen here. If Sony repents we need to leave them standing.

Sony did some very wrong things, but the answer isn't to bring down the company. The answer is to bring the company in line with an ethical code which includes the freedom to use homebrew applications. Then it can function just fine alongside, or even working with the hacker community. If the hacker community doesn't back off when Sony comes to its senses, we won't have the credibility to demand accountability from future potential corporate tyrants.

The hacker community also needs to make sure that none of that account information is misused. The idea of the attack on the network was to bring pain to Sony. It was to vindicate those who payed money for certain services that Sony took away. It was not to steal money from those people. If those credit card numbers are misused, Sony is able to make the hacker community into the wrongdoers.

What should your average Joe do?

Well, Joe, avoid buying a PS3 or anything else from Sony for now. Sony is a great brand and has built lots of great stuff. However, they cannot be trusted right now. They sell products and services, then take those products away from their customers without refunding the money. I just don't trust them right now. If they change this attitude, by all means, buy them. Don't get rid of the stuff you have. That is just silly. I am going to keep using my PS3 and keep enjoying it, but if it breaks, I'm selling my games and buying an Xbox.

If you have a Playstation Network account, CHANGE YOUR BANK ACCOUNTS. The hacker community, as a whole, doesn't want to steal your money. However, with this hack literally thousands (possibly millions) of people have access to your credit card and debit card information. One of them might be evil. Call your banks or account holders and ask them to change your numbers. My wife and I even decided to change banks entirely (but there were other reasons besides just the Sony hack for that: the closest branch was far away; her job stopped doing direct deposit; it was a hat trick). And you know what, even if Sony repents of its sins and I start buying stuff off the Playstation Network again, I am not giving them my credit card number ever again. You can buy Playstation Network cards at your local big box store.

If you have a Playstation Network account, change your password as soon as things are back up and running. That has been compromised too.

Otherwise, support open applications written by hackers. As long as we are all working together, fiascoes like the Playstation Network outage do not need to happen. Hackers are good people who just want to make things work better. If we let them, we all benefit.

No comments:

Post a Comment