I love me some Sony products but I’m under no delusion that their user experience can be, how can I put this, fantastically crap sometimes. For the most part their products are technologically brilliant (both the PS3 and the DSC-HX5V that I have fit that category) but the user experience outside that usually leaves something to be desired. This isn’t for a lack of trying however as Sony has shown that they’re listening to their customers, albeit only after they’ve nagged about it for years before hand. After spinning up my PS3 again for the first time in a couple months to start chipping away at the backlog of console games that I have I feel like Sony needs another round of nagging in order to improve the current user experience.
The contrast between Sony’s and Microsoft’s way of doing consoles couldn’t be more stark. Microsoft focused heavily on the online component of the Xbox and whilst there might be a cost barrier associated with accessing it Xbox Live still remains as the most active online gaming networks to date. Sony on the other hand left the access free to all to begin with and has only recently begun experimenting with paid access (the jury is still out on how successful that’s been). One of the most notable differences though is the updating process, major source of tension for PS3 owners worldwide.
As I sat down to play my copy of Uncharted 3: Drake’s Fortune I first greeted with the “A system update is required” message in the top right hand corner of my TV. Since I wasn’t really planning to go online with this one just yet I figured I could ignore that and just get to playing the game. Not so unfortunately as it has been so long since I last updated that Uncharted 3 required an update to be applied before I could play it. Fair enough I thought and 15 mins later I was all updated and ready to go. Unfortunately the game itself also had an update, pushing back my game time by another 5 minutes or so. This might not seem like a lot of time (and I know, #firstworldproblems) but the time taken was almost enough for me not to bother at all, and this isn’t the first time it has happened either.
Nearly every time I go to play my PS3 there is yet another update that needs to be downloaded either for me to get online or to play the game that I’m interested in playing. My Xbox on the other hand rarely has updates, indeed I believe there’s been a grand total of 1 since the last time I used it. Both of these approaches have their advantages and disadvantages but Sony’s way of doing it seems to be directly at odds with the primary use case for their device, something which doesn’t necessarily have to be that way. In fact I think there’s a really easy way to reduce that time-to-play lag to zero and it’s nothing radical at all.
Do the updates while the PS3 is turned off or not in use.
Right now the downloading of updates is a manual process, requiring you to go in and agree to the terms and conditions before it will start the downloads. Now I can understand why some people wouldn’t want automatic updating (and that’s perfectly valid) so there will have to be an option to turn it off. Otherwise it should be relatively simple to periodically boot the system into a low power mode and download the latest patches for both system and games that have been played on it. If such a low power mode isn’t possible then scheduling a full system boot at a certain time to perform the same actions would be sufficient. Then you can either have the user choose to automatically install them or keep the process as is from there on, significantly reducing the time-to-play lag.
I have no doubt that this is a common complaint amongst many PS3 users, especially since it’s become the target of Internet satire. Implementing a change like this would go a long way to making the PS3 user base a lot happier, especially for those of us who don’t use it regularly. There’s also a myriad of other things Sony could do as well but considering how long it took them to implement XMB access in games I figure it’s best to work on the most common issue first before we get caught up in issue paralysis. I doubt this blog post will inspire Sony to make the change but I’m hopeful that if enough people start asking for it then one day we might see it done.
I’m not really sure I could call myself a fan boy of any technology or company any more. Sure there are there are some companies who’s products I really look forward to but if they do something completely out of line I won’t jump to their defense, instead choosing to openly criticize them in the hopes that they will get better. Still I like to make known which companies I may look upon with a rose tint just so that anyone reading these posts knows what they’re getting themselves into. One of these such companies is Sony who I’ve been a long time fan of but have still criticized them them when I’ve felt they’ve done me wrong.
Today I’ll be doing that once again.
As you’re probably already aware recently the Playstation Network (PSN), the online network that allows PS3 owners to play with each other and buy digital content, was compromised by an external entity. The attackers appear to have downloaded all account and credit card information stored on Sony’s servers prompting them to shut down the service for an unknown amount of time. The breach is of such a large scale that it has received extensive coverage in both online and traditional news outlets, raising questions about how such a breach could occur and what safeguards Sony actually has to prevent such an event occurring.
Initially there was little information as to what this breach actually entailed. Sony had chosen to shutdown the PSN to prevent any further breaches and left customers in the dark as to the reason for this happening. It took them a week to notify the general public that there had been a breach and another 4 days to contact customers directly. Details were still scant on the issue until Sony sent an open letter to Congress detailing their current level of knowledge on the breach. Part of the letter hinted that the hacktivist group Anonymous may have played a part in the breach as well but did not blame them directly for the breach. More details have made themselves public since then.
It has also recently come to light that the servers that Sony was using for the PSN were running out-dated versions of the popular Apache web server and lacked even the most rudimentary security provisions that you’d expect an online service to have. This information was also public knowledge several months before the breach occurred with posts on Sony’s forums detailing the PSN servers status. As a long time system administrator I find it extremely ludicrous that the servers were able to operate in such a fashion and I’m pretty sure I know where to lay the blame.
Whilst Anonymous aren’t behind this attack they may have unwittingly provided cover for part of the operation. Their planned DDoS on the PSN servers did go ahead and would’ve provided a timely distraction for any would be attacker looking to exploit the network. Realistically they wouldn’t have been able to get much of the data out at this point (or so I assume, Sony’s servers could have shrugged off the DDoS) but it would have given them ample opportunity to set up the system for the data dump in the second breach that occurred a few days later.
No the blame here lays squarely with those in charge, namely the PSN architects and executives. The reason I say this is simple, an engineer worth his salt wouldn’t allow servers to run unpatched without strict security procedures in place. To build something on the scale of the PSN requires at least a modicum of expertise so I can’t believe that they would build a system like that unless they were instructed to do so. I believe this stems from Sony’s belief that the PS3 was unhackable and as such could be trusted as a secure endpoint. Security 101 teaches you though that any client can’t be trusted with the data that it sends you however and this explains why Sony became so paranoid when even the most modest of hacks showed the potential for the PS3 to be exploited. In the end it was Sony’s superiority complex that did them in, pretending like their castle was impregnable.
The fallout from this incident will be long and wide reaching and Sony has a helluva lot of work to do if they’re going to fully recover from this damage. Whilst they’re doing the right thing in offering some restitution to everyone who was affected it will still take them a long time to rebuild all the good will that they’ve burned on this incident. Hopefully though this teaches them some valuable lessons on security and they’ll stop thinking they’re atop the impregnable ivory tower. In the end it will be worth it for Sony, if they choose to learn from their mistakes.
Categories: Business, Technology anonymous, breach, credit card, data, exploit, leak, playstation 3, playstation network, security, sony, stolen