Ironically, criminal damage has its origins in the Frame-Breaking
Act of 1812, carrying the death penalty, and designed to stem the
rising tide of Luddites. Today companies like Nintendo, Microsoft and
Sony are the Luddites.
Because the damage is permanent, to "tangible property", and "without
lawful excuse" (and please don't knee-jerk to arguing "they can do
what they want because you agreed to it" - you didn't and they
can't), I'd think there's a very good case for criminal damage as
distinct action from any computer misuse recourse.
The argument needs to made, not on behalf of the users as a class
action, but on behalf of another stakeholder - the environment. Every
time a company makes and sells products that can be "bricked" they
contribute to e-waste (see [1][2] if this issue isn't yet on your
radar - it's something every hacker should be aware of).
I have faith that smart people in European politics genuinely get
this merging problem, and we have the courage, time and willingness to
bring new legislation or trade restrictions that would make it
impossible to sell such products in Europe. Even better I would like
to see Microsoft made to pay the cleanup costs.
Like if you want to sell illicit XBoxes, it's on you to ensure that the thing can't be rendered inoperable by a third-party software update, it's not the third-party's responsibility to account for your hardware when they do software updates.
Doing software updates that brick tampered hardware is harder to make a sarcastic argument about.
Why can't I tamper with hardware I bought and paid for? It's not theirs to brick, whatever the justification.
I hate that the idea that you rent stuff from companies, instead of buying and owning, is now so ingrained that people defend actively destroying someone's equipment remotely.
We can stop buying electronic Cryptexes, or we can force companies to stop making them.
but from a realistic perspective, the only way to uphold the sanctity of online play, and enforce IP rights, is to have a secure stack, from boot loader, physically integrating the encryption keys with the hypervisor, and to render anything else an inoperable brick.
Lest we have cheaters in console games.
I do agree to a degree, I think "offline mode" should have a legal basis to stand on, but I also like to know that the others in the game are not cheating.
and that is impossible without an inaccessible black box, the Xbox, which is what we bought.
> but I also like to know that the others in the game are not cheating. and that is impossible without an inaccessible black box, the Xbox
Ignoring the fact that reverse engineering is just a matter or time and pressure, eventually people will start hooking up image recognition auto-aimers to the input/output of these devices... what then? do we enter some kind of minority report era of gaming where you have to get your eyeballs replaced with "unhackable" ones - hope they don't burn out your retinas in an update. Point is, a black box is actually not a complete solution - as long as you can play the game, there will always be a way to cheat.
There are various online FOSS games that are completely open and hackable, where it's very easy to download the source and literally set a condition in the make file to enable "wallhacks" (because that is in-fact a useful debugging feature - talking about ioq3 specifically)... those communities just deal with it the old fashioned way, new players get treated with more scrutiny, admins get good at recognising cheaters (most cheaters are not good at hiding it, and experienced players who would better conceal wall-hacking behaviour etc are less likely to want to play with hacks way anyway). It's far from bullet proof, but so are so called "black boxes" despite their cost to the user.
I'm not usually one to judge what others spend their time/energy/motivation on, but you may want to re-evaluate your priorities.
Is having a game with that level of "unhackability" - because lets be honest, there's no such thing as unhackability - really worth everything that would have to be given up, from right to repair, right to own your hardware, the ability to not arbitrarily be locked out of something you put money into because <you were injured and lost an eye|your hardware broke and misread something|You develop a lazy eye| n number of anything else>?
If it's that important to you, play a game where cheaters are dealt with the old fashioned way. I'm ready for a break from corp hosted game servers, give me a server I can run myself.
Some people want to play games, and enjoy themselves in a competitive environment, and pay for the privilege.
If that doesn't appeal to you, that is your priority.
Don't like it?
dont buy a fuckin xbox.
telling others they shouldn't enjoy a game because "muh hardware" is literally a borderline bad-faith statement, and a shallow attempt at virtue signaling.
buy a computer to compute.
buy a console for an assurance of a fair playing enviroment.
you're confusing cryptography with corporate secrecy. Cryptography can be open (in terms of both specification and implementation - only keys need secrecy). This thread is about closed implementations, which is a different topic (even if those implementations happen to leverage cryptography)
how can you have open hardware, but promise fair play?
you cannot. this is the crux of the matter.
consoles dont have cheaters, PC games do.
consoles are locked, pc's are not.
these are separate ideas, that meet when players do: online.
the only way to hide the code to prevent cheating is to physically embalm it into the CPU, in a way that, if physically accessed, will break the machine, rendering the effort fruitless.
PC's are going that way, the way GPU's are containing more "black box" mechanisms themselves.
consoles were this way from the start, on purpose.
Consoles have less anti-cheat bypasses for a number of reasons, mostly related to obscurity, not security. The relative scarcity of gamers running homebrew-ed consoles makes developing bypasses of limited appeal. There's also a cultural difference, where gamers with an interest in mods, etc. will tend to gravitate toward PC as a platform, since it's a multi-use platform. There's still plenty of AC bypass on consoles, just significantly less.
A similar example outside of gaming is Linux as an OS platform: antivirus software isn't a big thing, despite Linux being continuously behind bigger desktop OSes with their security mitigations - (e.g. things like strong ASLR). It's less of a concern, not because Linux is more secure, but just because desktop applications there aren't a large target market for malware, and because of large cultural differences in usage.
On the other hand, AC bypasses on PC happen not because of a lack of console-esque hardware mitigations, but simply because software AC is not particularly advanced (yet). Popular AC solutions tend to employ non-engine-specific solutions that match known cheat signatures - bypasses inject cheat dlls and hope they don't get caught "too often", rather than using in-engine verification of non-cheat behaviours. I think this is primarily just an issue with software maturity and likely to solve itself over time. The general non-gaming software space has gone through similar evolution, whereby we used to rely heavily on signature matching on malware, and have evolved toward a more integrated "zero trust" approach to mitigating threats - signature-matching still exists for things like software-composition analysis, but in general is not a primary mitigation strategy for runtime security.
> the only way to hide the code to prevent cheating is to physically embalm it into the CPU, in a way that, if physically accessed, will break the machine, rendering the effort fruitless.
> PC's are going that way, the way GPU's are containing more "black box" mechanisms themselves.
Hiding code has historically never succeeded in preventing anything. The trend toward black-box is about a combination of corporate IP protection, vendor lock-in (see also the Apple T2 SoCs) and almost certainly APT actors (disclaimer: speculation). It's not about security, least of all anti-cheat.
I don't know why you think console games don't have cheaters. COD on the Xbox 360 was rampant with cheating, including custom games that gave you huge amounts of XP
They have learned from past mistakes with the Xbox 360. You can't mod the Xbox One like you could the Xbox 360. The person you're responding too is one of the most knowledgeable on the subject.
No. First, the primary culprit is who designs and deploys a mechanism
to do harm. If I set a lethal trap on my property with a sign saying
"Beware the 10,00 Volt mantrap", I am not excused when a burglar is
injured - even though they are breaking the law by trespass. Secondly,
it seems that the manufacturer gets to decide, arbitrarily and
post-facto (post-sale/agreement) what constitutes a "scammer".
Finally, with "e-fuses" you are setting a trap mechanism on my
property which I have purchased in fair expectation of my rights.
> it's on you to ensure that the thing can't be rendered inoperable by
a (third-party?) software update
I believe in many places like the US, it could be breaking the law to
ensure that, since reverse engineering and circumvention of
protections would be required.
Of course you're right that there's a sort of moral responsibility on
people not to vandalise serviceable goods such that they become waste.
But people throw away perfectly working technology every day.
If by "third party" (I think we would use "first party" here) you mean
the vendor/manufacturer when you say:
> it's not the (vendors) responsibility to account for your hardware
when they do software updates.
then I heartily disagree. It's certainly their moral responsibility,
and, unless they offer owners a reasonable way to disable updates, it
ought to be their legal responsibility too.
But that's not what's at issue. Otherwise your argument makes it seem
like the update "accidentally" damaged the owners property. Quite the
contrary, the vendor is sending out updates designed to cause harm,
and in full knowledge and punitive intent. Am I mistaken?
> Doing software updates that brick tampered hardware is harder to
make a sarcastic argument about.
I don't follow you. Sarcasm is the lowest form of wit and discouraged
per HN guidelines in favour of arguing in "good faith".
> it's not the third-party's responsibility to account for your hardware when they do software updates
What you're describing here is markedly different than what the gp is referring to: intent matters (determining intent may be difficult in some cases, granted, but it's crystal clear in these specific examples)
I have a condition that I cannot listen to media about things I know too much about.
For this reason, I cannot watch/listen to darknet diaries, or a host of other topics. The physical cringe of wanting to correct the record is unbearable, but from what I heard, they are very accurate and have done their research.
Microsoft brags about "pwning" them to this day...in their own Terms of Service, in their enforcement blog posts, and other places.
per gentlemen's agreement (something the soulless, kakfa-esque fucks at M$ will never understand), I can't elaborate further...
but if you ever find a 0-day / bug, don't pursue a bug bounty.
They will put a bounty on you, and squash you like the bug.
Nintendo threatening modders legally is literal child's play compared to the literal mob tactics MS and Activision used against what they perceived as financial or PR threats.
> Nintendo threatening modders legally is literal child's play compared to the literal mob tactics MS and Activision used against what they perceived as financial or PR threats.
I am sure you are aware of what Sony did around 10 years ago to certain people regarding the PS3 and its exploits.
> but if you ever find a 0-day / bug, don't pursue a bug bounty.
It is still elementary days but there has been some controversy among researchers that in reality John Deere's bug-bounty program is being a PR stunt in order to cover up bugs and stall disclosure. So I guess people are slowly waking up to the reality of things not going their way.
refusing to elaborate your argument because of some vague "gentlemen's agreement" is a terrible idea. I dont suggest anyone listen to this guy's advice, trust me I would tell you why but I've made a promise and we pinky-sweared!
Not naming and shaming enables terrible people to do continue doing terrible things. I've never understood (unless there is an NDA, but sometimes even then..)
Companies don't give a damn about REAL laws if they can pay their way out, let alone 'gentleman's agreements'. You are personifying something that will take every chance it gets to screw you over if it's worth it.
Michael Crichton, (as above quoted) didn't get to feel the pain of having the opportunity to correct the newspaper article, as we "do".
That's the pain I feel when facing this new instance of the affect, in a more palatable form:
I could comment on the internet - but knowing my comments will, despite immense reverence, or correctness, be ignored by the silent masses, turns the effect into an affliction.
The man reading the newspaper can mutter the facts under his breath. Had he yell louder, still, nothing will change - his breakfast partner bemoaned.
The miniscule chance of my comment correcting the record pains me. Had I yell louder, maybe someone will take note. But I can't - because they won't, and the possibility of my pertinent, small chance of making a difference gets irrevocably distant, as an algorithm pushes the topic of collective interest to someone else's disdain.
i was explaining the feeling. it's the same shared in the sibling comment, but it is basically more emotionally draining because of the personal involvement, with guilty tinges of self-resentment
Could you switch to attack mode and publish your own story/blog/podcast? This way you wouldn't need to react to an existing article but present the story from afresh.
I am concerned with 3 letter agencies, but still entertain the idea of maintaining two, unrelated, uncorrelatable, and hopefully forever separate, internet identities.
Like an internet-mullet. Business in my name, party behind an alias.
The interesting bit would be writing and maintaining two distinct sites/corpus.
It is generally recommended (OPSEC Bible rule 3) to never publish, however, I have more stories to tell now than future crimes to commit, so, one day, yes, I would like to.
That is the best thing I've read in the last two years.
The internet undermines a lot of this though from a technical perspective. If you are interested in things technically (building PCs! Gaming! Development!) you read the sources from better tech sites and it is not as bad as back in the day when you had newspapers and empty pretty talking heads on CNN. Well, unless you're in the echo chamber as described here...
The other thing is just that mainstream media is just AWFUL at science and technology, because journalists inherit the general anti-scientist bias of the general population and humanities domains. On "people affairs" they usually have sociology and psychology and poli sci background and instincts... they are reporters of human structures and motivations.
So I suppose it is true that they have better reporting of the affairs of non-scientists to some degree.
Just because a reporter covering some fluffy science piece might things wrong does not mean a different reporter, in a different department, covering a completely different subject, got things wrong (to the same degree, or at all.) That "hypothesis" is a genetic fallacy.
It also doesn't distinguish between reporting ("Dr. Bob says wet streets cause rain"), analysis ("Dr Bob says wet streets cause rain; is this accurate?") and opinion ("In the opinion of the columnist/author, Dr. Bob is an idiot who thinks wet streets cause rain! This is just yet another example of the violence inherent in the system, decaying the moral fabric of our system."
It also doesn't account for the Dunning-Kruger effect, or on Joe Q Public's near total ignorance on the subject of observational biases and dependency on anecdotes and personal experience.)
That "hypothesis" leverages Joe thinking some reporter covering global warming is "fake news" when it's been a cold, snowy week...to get Joe to think that reporting about current events or politics is equally "fake."
A reminder that a reporter who writes "Dr. Bob says wet streets cause rain" is not publishing fake news. It's reporting the fact that there is someone who said/thinks that. That is different from presenting their statement as fact.
The hypothesis doesn’t say that all reporters always get things wrong. The point is that we can read reporting on something we’re very familiar about and notice how flawed it is, but when we read other reporting from the same source we just assume it’s correct. Whether or not it actually is correct is beside the point - it’s about the assumptions we make internally.
| A reminder that a reporter who writes "Dr. Bob says wet streets cause rain" is not publishing fake news. It's reporting the fact that there is someone who said/thinks that. That is different from presenting their statement as fact.
Cool well it sounds like they are reporting something interesting or truthful so it's fake news in my book.
The "hypothesis" it's about us reading, not them writing.
We don't notice how little we know on topics we don't fully grasp, but when we notice them in topics we are more experienced about we don't do anything, we just change topic.
It's crazy to hear that story told back to me. I wasn't part of the core of it, but everything as intense as xbox-underground has a huge fringe. I was in that fringe. Listening to the background of all that stuff i was a part of is very cool. I remember the leaks, the return scams, the carding, and the circulation of password dumps. It was a crazy time.
That they built a working Xbox One (before it had even been announced) just by looking at the spec sheets etc. and buying the parts on Newegg is incredible.
I fondly remember flashing my DVD drive on my 360 when I was 15 to play Saints Row (I had an ITCH for a GTA like game). Back then I was scared shitless of possibly bricking it. Now looking back, I laugh because of how trivial the mod was. Pretty sure this was a major contributing factor to me eventually perusing tech in my career.
When I saw that I could fill up my friends list on Xbox live by changing a few variables on the auto aim configuration I learned early on that computers are magic to most people, And if you know how they work that makes you a wizard
I have my bricked retail sitting on my desk, it's my second favorite paperweight.
After CON files were being resigned with 00000' keys, they tried and failed to maintain a "known bad" list of RSA private keypairs that were known to be resigning modified content.
after that patchwork hack failed, because of the spread of CON resigners, they gave up on that effort. You can still find blacklisted keypairs in the NAND, if you looked around.
but my retail was't exactly unmodified, so I was bending the definition of "retail", here...
but yes, they bricked retail consoles posing as xDev and pNET kits.
Microsoft bricked thousands of illicit China-developer xbox360 kits one spring morning, in the winter of 2010.
they also have bricked retail xbox360 consoles of nefarious (teenage) actors. cannot go into more detail on that one. maybe after a few more years.