UNINNOVATE / Engineering At Its Finest

Since the PlayStation Portable (or PSP) was first released, Sony has doing it’s best to keep the platform locked down tight. On a regular basis, Sony releases semi-mandatory updates that close up any known holes which allow hobbist software programmers to create and run their own “homebrew” (unauthorized) programs.

On September 24th, I posted this summary of PlayStation Portable (PSP) software upgrades:

• Number of PSP software versions, including 1.00: 12
• Number of PSP updates that purposely broke homebrew support: 11
• Number of PSP updates solely intended to prevent homebrew: 4 (versions 1.51, 1.52, 2.01, 2.81)
• Longest amount of time the newest firmware prevented homebrew: 4 months

But with every new PSP software release, the homebrew community was left scrambling in search of increasingly clever ways to circumvent Sony’s security fixes so they could keep tinkering with their PSPs. While old versions of the PSP software could still run homebrew software, the newest version is always required to play the latest Sony games. Sony was showing no signs of slowing down and appeared willing to commit a nearly unlimited number of man-hours to uninnovating its products in order to retain complete control over them. And when the PlayStation 3 was released, the PSP was upgraded to version 3.00 which again locked out homebrew users.

Now the homebrew community has struck back in a big way. Instead of looking for new security holes in the latest PSP software, a hacker named Dark_AleX has created a customized version of the latest PSP software that removes all restrictions on homebrew software. Instead of trying to pick the locks, the hackers have removed the locks completely and replaced them with locks that don’t require any keys. This requires a much more thorough understanding of PSP hardware and software and is an impressive engineering feat for an outsider working without any documentation. This new development should keep Sony busy for quite a while thinking of ever more complicated ways to make its products do less.

HD DVD is one of two leading high-definition video disc formats attempting to replace DVDs. An HD DVD disc can store about four times as much data as a DVD disc and it supports playback of “true” high-definition video. In addition, HD DVDs have more advanced copy protection than DVDs. The movie industry has been trying to shift the market away from DVD and towards high-definition formats partly because DVDs have become so easy to copy.

Both HD DVD and it’s main competitor Blu-ray were finally released this year after long delays caused by disagreements over what kind of copy protection the discs should carry. In fact, the DVD Forum announed that HD DVD was the official replacement format for DVD all the way back in 2003. Many have cited the long delay to market as part of the reason HD DVD and Blu-ray have so far failed to capture public interest the same way that DVD discs did when they were first released.

It seems fitting then that the copy protection that for so long delayed the release of HD DVD has already been at least partially cracked. And the author of the crack claims to have been encouraged to do it because of the strict playback limitations built into to format which were meant to prevent piracy:

“I just bought a HD-DVD drive to plug on my PC, and a HD movie, cool! But when I realized the 2 software players on windows don’t allowed me to play the movie at all, because my video card is not HDCP compliant and because I have a HD monitor plugged with DVI interface, I started to get mad… This is not what we can call “fair use”! So I decide to decrypt that movie. I start reading the AACS specification I have found on the net. I estimate it will take me about 4 weeks of full time job to decrypt that. I was wrong, it was in fact, easy…”

Forum post by muslix64, author of BackupHDDVD

However, things are not quite as simple this time around as they were with DVDs. Time for a little background information:

There are at least three parts to every movie encryption scheme - the encrypted movie which can’t be played, the secret key that lets you decrypt the movie, and finally the original unencrypted movie that can be watched. The idea is that a consumer buys an encrypted movie on a disc and an approved player. The player contains the secret key that turns the movie back into it’s original form. Without a player with the secret key, the movie can’t be watched and is just a useless disc of plastic.

The problem is that since the consumer physically controls the player, the consumer is free to disassemble it. If the consumer is smart enough, he or she can eventually pull the secret key out of the player and then use it to watch any copy of any movie without restrictions. That’s how DVDs were originally broken - a teenager figured out how to get the secret key out of the Xing DVD playback software (and more flaws were discovered later that made DVDs even less secure).

However unlike DVDs, the HD DVD copy protection scheme supports “revoke-able playback keys”. If one HD DVD player key is recovered, any new HD DVD discs will be specifically encoded to no longer work with that compromised player. So even if the current HD DVD format is cracked, new discs produced later will still be protected - at least that is the theory.

So at this point it is unknown how long this crack will prove to be effective. But one thing has been clearly demonstrated - all of the time and energy spent uninnovating the HD DVD format has resulted in a slower time to market and considerable anger from the most knowledgeable group of consumers - the ones capable of breaking the protection formats.

Web services are programming interfaces provided by a web site that an external program can use to exchange information with that website. For example, the photo-sharing site Flickr provides a web service interface that allows other programs to directly upload and download photos to a user’s Flickr account. That way, a user can store a library of digital photos on the Flickr website, but manage and view the photos with a separate desktop application.

Web services have enabled a whole new world of online interactivity by allowing anyone to create new and innovative applications on top of existing websites. Users who have an account on the social networking site Facebook can view their friends on a map or form a sports picking pool with their friends. Users of the social bookmarking site del.icio.us can graphically visualize their bookmarks or find out which bookmarks are used most. These are just a few examples of the new and creative features built by users of these websites and made possible by web services.

Similarly, Google provided web services that allowed external programs to perform searches and get the search results. Many interesting applications have been built that rely on Google search results provided by the Google Search web service. Unfortunately, Google has decided to discontinue this service:

Google has quietly axed the web services API to its eponymous search engine. The stealth move was made without any announcement, but visitors to the page now receive a blunt message, backdated to 5 December, advising them that the SOAP API is no longer supported.

The Register: Google axes search API

The Google Search web service was a free service provided by Google and was never promised to be available forever, but sudden end of the service is quite a shock to many developers. Now that it is being discontinued, the hundreds of software projects that rely on it will eventually stop working.

This is the biggest problem with web services and the idea of a service-oriented Web 2.0: While a service-oriented software model makes new things possible, it removes all control from the end user or third-party software developer. All of the new and exciting uses of Flickr, Facebook, del.icio.us, and the like are only available as long as the website owners allow it. Even though the new features were created by third parties, the real control belongs to the owner of the website being accessed and any use deemed inappropriate for any reason can be blocked.

As more users come to rely on websites like Flickr and Facebook to manage their personal lives and personal data, it is important for them to remember that data stored on those websites is only available as long as the website makes it available. A change in corporate mood (like in the case of Google) or a change in corporate ownership could leave users stranded without data access they depend on.