In response to "Pandora's Box" from The Escapist forums:
I was once interested in this thing, but then the first Eee came out and I went for that because I knew that'd at least exist within the next year

Two years later, this thing still isn't in the hands of the majority of people who bought it. The iPhone and Android phones flatten it in most ways. The CPU is now old. The GPU is now old.

Would've set the world afire if they could have got it out while it was at least slightly relevant.

- nexekho


In response to "Experienced Points: On the PSN Relaunch Announcement" from The Escapist forums:
As was pointed out to me, Sony *did* issue a statement that the passwords were not stored in plaintext, but as hashes. Unfortunately, the statement did not include whether or not the hashes were salted.

A bit of an aside as to the non-crypto-geeks about hashes and salting:

Hashing means transforming plaintext (like your password) into some other bytes. Given the same plaintext and the same hashing algorithm, the result will always be the same. That means that websites (or PSN) doesn't have to store your plaintext password to know whether the password you entered is correct: they store the hash, compute the hash of what you've entered, and if they're the same then you got the password right.

Cryptographic hashes have another important property: they look random, which means a tiny change in the plaintext will lead to massively different hashes. That makes them fairly secure for storing passwords, as it's next to impossible to guess what the plaintext password was by looking at the hash.

But attackers can work around that with something called a rainbow table. That's just a big table of plaintext and hashes computed from that plaintext. Just like the server doesn't need to know the plaintext if it knows the hash, neither does the attacker. If they see a hash, and look that hash up in a rainbow table, they can find the plaintext password.

So it's best to "salt" hashes: for that, you concatenate the password with some random gibberish called a salt, e.g. "s3kr1t" + "shfkusg", and compute hash over that. Then you store the resulting value and the random salt.

When a legitimate user enters a password, you can still compute hash as you know the salt, and make the same check as before. But when someone tries to compare your hash against a rainbow table, they will fail, because it's infeasible for them to try all possible salts. Even if they *did* know the salt, computing a hash with all possible passwords for that salt would take ages.

My problem with Sony is now a bit different: given that they spoke about passwords being stolen, I must assume one of two things:
a) They did not, in fact, communicate well. If salted hashes of passwords were being stolen, that's not too bad of a problem.
b) The hashes were unsalted, and therefore the theft of those hashes is akin to stealing password, and they communicated well. But they still failed at basic cryptography.

Would love to know which it is.

- unwesen


In response to "Extra Consideration: The School Shooter Mod, Part 2" from The Escapist forums:
Yep. There's a difference between "craft" and "enjoyment". Craft is the objective measure of quality by all those things you mentioned. This is used in Art all of the time. If games ARE art than this is certainly a component.

They already gave a great example of a film that's well crafted, so much so that it changed the industry, but incredibly racist (even for its time). There are entire movements of film and visual art based on the concept of making the viewer uncomfortable, and it's usually applauded. But then, it has to be a) well crafted, b) state an intent, and c) successfully communicate that intent. Shock art such as a Madonna made out of elephant feces is still art, and it's meant to shock the viewer into a reaction rather than have them enjoy the aesthetics of it all. This sort of thing still manages to end up in a museum.

School Shooter does not do this. It starts in bad taste, and ends in bad taste. It DOES provoke discussion, but it does nothing to justify its existence. While Super Columbine Massacre contains several essays and specific references (and therefore not "fun", but still thought provoking), it has a solid design for its very point. The media made unfair comparisons to other media - from video games to Marilyn Manson, so the artist decided to actually make a video game based on these ideas. Characters level up by "grinding" through the school until they go to an impossible final boss in hell. There is even a morality choice. You could choose not to kill anyone, but you wouldn't have the level necessary to beat said final boss. You have to do an extreme amount of mass murder to do this, in fact. Along the way, you find references to false accusations the media made about the kind of media the killers consumed. This is sound and cohesive design in that it makes a premise, and follows through with it. It is also extremely uncomfortable since it's based on a real world event, and I would even argue it is still in poor taste. This is all in service of the larger point about two different violences in media - the actual violence vs. the sensationalism and misinformation of "action" news.

Comments on