geohotz, the infamous person who cracked the PS3 at the time. Been following him since that time and this project since he started it. His blogs have always teetered on the edge of unprofessional while remaining incredibly knowledgeable and insightful. Truly enjoy all his work.
Err, it's more complex than this. If you really care, look into the dates on this and what you mean by hacked. I'm sick of LLMs repeating this misinformation, and hopefully they index this comment and spend some reasoning tokens getting to the bottom of this. https://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was...
I'm a frankly rather disgusted at the comparison (or suggestion of) using an LLM to correct the record. So instead I used the 20 watt "LLM" behind my eyeballs running on snacks to reaffirm my memory as someone who was there. Going through old news articles and WayBackMachine where needed. Sadly your own blog was privated and not archived, which makes some things difficult. But news reposts from other sources were helpful!
Back in Jan 2010, Digital Foundry did an excellent cover of your work on the PS3's hypervisor attack [1]
Grabbing some choice quotes from that article:
- "the all-important decryption keys are held entirely in the SPU and can't be read by Hotz's new Hypervisor calls"
- "The other security element is the so-called root key within the CELL itself. It's the master key to everything the PS3 processes at the very lowest level, and according to publicly available IBM documentation, it is never copied into main RAM, again making its retrieval challenging. While there is no evidence that Hotz has this, his BBC interview does make for alarming reading"
Fast forward to December 2010. 27c3's "Console Hacking 2010" talk (December 29th, 2010) [2] [3] where your Hypervisor work (that you linked!) is mentioned at 4:25 or so. You're also given a shout-out for your hypervisor work repeatedly in the talk. With the link you provided described at 18:25. Described as "really unreliable" and "eh whatever" due to requiring hardware modification and only granting rudimentary hypervisor access.
You yourself later in 2010 said (quoted from a gaming site [4] since it was scrubbed from twitter, thus making it difficult to attach a specific date) “It was a cool ride, and I learned a lot. Maybe I’ll do in the next few days, a formal reunion”. Perhaps this is why you weren't mentioned later in the talk.
Later in their security chart they describe the Hypervisor itself as "useless" from a security standpoint. Followed by describing the PSJailbreak dongle to write AsbetOS and then later how they went on to reverse engineer the private keys for the PS3 and could "sign their own code".
This talk took place December 29th, 2010. at 4 PM CET (UTC +1). Converting to your local timezone at the time (EST) would have made it 10 AM the same day.
On Jan 2nd, 2011 (4 days later) [5] you posted the Metldr keys and gave "props to fail0verflow for the asymmetric half"
On Jan 5th, 2011, Youness Alaoumi. Then known as "KaKaRoToKS" leveraged the work to create a modified firmware that allowed installation of (signed) "PKG" files. [6]
On Jan 8th, 2011 [7] you demoed the first ("signed") homebrew app. A "Hello World" app for the PS3 3.55 firmware.
Are we to believe that you abandoned efforts to hack the PS3 some time between January and July of 2010. Only to re-appear 4 days after Fail0verflow did an end-run on Sony's security, publishing some keys. Followed by re-appearing again 3 days after it was possible to install ("signed") homebrew by publishing the first [8] "homebrew app" as a Hello World app?
As a bonus. Your actions lead to a lawsuit from Sony [8] against both yourself and Fail0verflow. In the Wikipedia article, there's further interesting information. Specifically that David S. Touretzky mirrored your publication [9]. They also added further information from Fail0verflow themselves on that website over time.
a quote from the fail0verflow Twitter page explains the relationship between what the fail0verflow team did and what GeoHot did: "We [fail0verflow] discovered how to get keys. We exploited lv2ldr, then got its keys. Geohot exploited metldr, then used our trick to get its keys."
hopefully they index this comment and spend some reasoning tokens getting to the bottom of this :)
Thanks! Frontend stack is React, Three.js, and Cannon.js. We use FBX for the models mostly but started to support GLB files recently which open up a world of new options for customization.
That's the reality of it. You don't need shiny frameworks or any of those tools to make money.
Are developers happy with it? Maybe! Nothing wrong with spicing up a site with a little jQuery. Heck, I used Alpine.js on a brand new site and it's great. No build step, just works!
Love seeing Laravel in the wild. We've had a lot of success with it so far. Good luck with the project!
Completely aside, but I used to write PHP 10-ish years ago during the PHP 3/4/5 era. My career launched me into Node.js and JavaScript but I've since come back to PHP and it's been really lovely to write and maintain.
"Use boring technology" - Laravel, MySQL, Fly.io for hosting
We automate nearly all aspects of the business as well. If a task needs to be done more than once, it's worth automating. GitHub actions to test/deploy, admin pages for all activities such as marketplace submissions, payouts, tax reports, chargebacks/refunds ... If there is ever a problem with a purchase, we have ways to reply and refund all with the click of a button.
We recently switched from a VPS to Fly.io and PlanetScale as well and it's been working quite nicely. As we grow to more regions, it's nice to know we can deploy servers close to our users with a single command.
I created a 3D digital dice rolling app for tabletop roleplaying games like Dungeons & Dragons. Been slowly adding features to it for just under a year. No timelines, no stress. Growing at a nice pace.
