Any good payload analysis been published yet? Really curious if this was just a one and done info stealer or if it potentially could have clawed its way deeper into affected systems.
This article[0] investigated the payload. It's a RAT, so it's capable of executing whatever shell commands it receives, instead of just stealing credentials.
Ironically Sony wanted those artists online for streaming, and in those days the only way labels had to transport the music to distribution services was sending the CDs. So the CDs landed on my desk because they'd been rejected by the data ingestion teams. I had some more[0] stern words with a very apologetic man from Sony that day.
[0] they were constantly sending CDs that were fucked-up in totally new ways every time
I still haven't bought a Sony labelled product since... though I may or may not have consumed Sony content. They've definitely lost more than they gained.
That's a pretty good sized ego you got yourself there. The number of people that cared about the rootkit in the general populace was insignificant to Sony. Only tech nerds like us even knew about the rootkit or how insane it was to use. Unless you were a huge flagship purchaser of Sony's latest/greatest each year, they don't even notice you when you buy a TV or any other item.
People barely remember the studio getting hacked and releasing a film
They faced multiple lawsuits and had to do product recalls, so clearly they lost something. What exactly did they gain? IIRC you could avoid it by just turning off autoplay in Windows (which any sane person already did, or you could hold shift I think), and they were otherwise valid audio CDs (otherwise they wouldn't work in players), so it did exactly nothing to stop the CDs from being ripped and shared. And back then everyone knew about p2p so it really only took one person ripping it for it to spread. So even ignoring the lawsuits, even one person boycotting them probably makes it a net loss. Actually the development costs probably made it a loss.
Not sure how interpreted what I said as anything other than the implied you. No matter how much money you did or no longer do spend with Sony is not anything they'd notice. The caveat being you were a flagship purchaser from them which I doubt was the case.
You assumed it was a point of ego, even said as much.
I don't have to buy shit from Sony if I don't want to, and you can't make me.
They definitely lost more on potential hardware sales the past few decades than I would have spent on content... even if it's not enough for them to notice.
And honestly this is more than they really should even have to do. I think it does go above their obligation. They're doing Offcom a favor here, they don't even have to figure out how to block it themselves.
> there's a sense that blocking these imports is an affront to base philosophical freedom in a way that prohibiting physical imports isn't.
It would serve UK legislators well to explore that tingling sense some more before they consider any further efforts in this direction, but that's just my two pence.
Code is speech. Open source projects are an exercise in speaking publicly. This law mandates particular speech in your otherwise Free as in freedom code.
How are you not outraged? People are missing the above forest for the "oh but it's a tiny little easy API and I don't see any downsides" trees.
I think those boomer firms are asleep at the wheel and this kind of market engineering will completely blindside them. Vanguard can't even figure out how to show me my cost basis on the same screen as the one where I sell a security. What could they possibly be doing to prepare for this?
> it's basically the government said "no asbestos in food" and some contrarians
it's actually the government saying "you must include salt in your food" and a few people who cook dinner at home and don't care for salt set up a website teaching you how to desalinate your... (well, there's no direct continuation of the metaphor here, but the point is it's very important that this is not the government banning a developer from implementing something, it is them mandating a developer implement something. That's far more troubling than an "asbestos ban" as in "your open source project must not fry the computers it runs on," which is equally questionable in light of "no warranty expressed or implied" but a totally different ballgame from "this API is required")
If we insist on stretching this absurd metaphor, the government would be issuing civil penalties to "water distributors" who provide water without the requisite floridation, where "water distributors" includes not just Aquafina for selling bottled water, but also the lemonade stand the kids set up in front of the house and you, in your home kitchen, serving your house guests water from your reverse-osmosis private reserve.
It seems metaphor is important to you, so hopefully this thoroughly illustrates the insanity of this law.
The point is there are no carve outs (for open source). Your toy operating system is just as liable as Microsoft to implement this. In the real world, the health department does not require your home cocktail hour beverages to meet industrial water supply mineralization standards.
Perhaps you believe that analogue is "a few people raising a stink" because you don't really believe the "health department" would go after my "little open source water faucet." But the way the law is written, there's nothing stopping them. And none of us want to be the test case. And that's not even getting into the whole "compelled speech" problem, but I'm going to have to leave that line of argument to someone else to analogize.
That's only going to apply to children, since there's only one age group for adults. There are definitely ways to solve that, too. It's not perfect, but I much prefer it to laws that force websites to ask for ID, or laws that do the same thing by making websites liable for children accessing them.
reply