Wednesday, April 27th, 2011

Credit card information of customers who purchased games from company may also be vulnerable after 'illegal intrusion'

Names, addresses and other personal information connected to tens of millions of Sony PlayStation users may be in the hands of hackers after an "illegal intrusion" into the worldwide network that links the game consoles through an Internet connection.

It's also possible that credit card data was obtained in the intrusion, though the video game company said it has yet to find any evidence that has happened.

Sony believes an unauthorized person obtained the email addresses, birthdates and network passwords for an unknown number of the network's more than 75 million users.

"It is also possible that your profile data, including purchase history and billing address, and your PlayStation Network/Qriocity password security answers may have been obtained," Sony told users on its blog Tuesday.

Sony advised all PlayStation Network users to closely monitor account statements and credit reports, and suggested users change their passwords as soon as the network comes back online. The company expects to restore some network services within a week, PlayStation's senior director of corporate communications and social media Patrick Seybold said in the company statement.

The network intrusion, which is believed to have taken place April 17-19, prompted Sony to turn off its online services last week.

The company said it has hired an outside security firm to investigate and is working to strengthen security as it rebuilds the system.

The PlayStation Network allows owners of the game console to play against each other online. Users can also purchase and download games and movies using their credit cards. Also affected by the breach is Qriocity, a Sony service that streams music and movies to companymade televisions, computers, Blu-ray players and game systems.

Edmonton PlayStation user Jason Konoza cancelled his credit card after news of the breach broke.

When Konoza called his credit card company, the representative on the other end instantly knew what he was calling about.

"They said they were getting a lot of calls," Konoza said Tuesday.

"What a nightmare. I'm just sort of flabbergasted by the whole thing."

Konoza said he cancelled the card as a precaution. But the whole thing had shaken his confidence in a large company he had trusted to keep his information secure.

"I feel kind of betrayed," Konoza said. "I've always been a Sony guy."

Fellow PlayStation user Jon Vandervet didn't cancel his card. He was careful to limit the information he provided Sony to the essentials needed to keep an account.

But Vandervet changed his passwords for any email addresses associated with his accounts, just in case.

"It's kind of scary," he said. "If this means the difference between having a free service and having your stuff compromised, I'd be willing to pay a service fee just to have your stuff protected."

PSN recently came under attack by the hacker group Anonymous, which brought down the system in protest after Sony pursued legal action against a couple of users who broke into their home consoles to see how they worked.

Anonymous has denied involvement in this latest PSN hack.

While there is a segment of the hacker community like Anonymous that breaks into systems for ideological purposes, the majority of hackers do it for criminal gains, cybersecurity expert David Skillicorn said.

While Sony could probably have done more to prevent this from happening, the professor at Queen's School of Computing said the company was right to shut down the system promptly, instead of leaving it up and pretending there wasn't an issue while it tried to learn more about the breach.

"It meant that they took it pretty serious from the time they seemed to have found it, which not every company does," Skillicorn said.

He does wonder, however, why the personal data of users wasn't encrypted to make it more difficult to access.

Tuesday, April 19th, 2011

Regime Change

As was mentioned in the comments of the previous post, MAME has a new project coordinator in Kale (Angelo Salese)

MESS also has a new coordinator, taking over from Nathan Woods is Micko (Miodrag Milanovic)

Micko has been one of the key contributors of MESS, and put a lot of work into bringing the codebases closer together, and helping to improve standards in the MESS code, which in the early days was a lot less controlled than the MAME code, and as a result, in places not of the highest quality, this has changed significantly over the past few years however.

Where Things Stand

As of MAME 0.142 (actually one of the 0.141 u releases) MAME is now capable of launching some MESS (console) software. For the CDi and CD32 systems the actual arcade cabinets running games based on this hardware (Quizzard and Cubo32) consisted of a stock CDi or CD32 unit with a couple of extra adapters attached to handle coins etc. For this reason the actual consoles are now the parent (bios) sets of the respective arcade games, and can, if you desire, be used exactly as the consoles would in MESS. The only real difference is the MESS hash file (software list) isn’t included with MAME (they’re also missing from the MESS binary distribution at the moment, but that was an oversight)

MAME also supports the software lists, they’re used for MegaTech to give it multi-card support (a feature which could be adapted at some point to work with PlayChoice 10, NeoGeo and others) this support only exists thanks to the work done by Micko, as mentioned earlier. What this means is that you can drop the hash/cdi.xml or hash/cd32.xml files from MESS into MAME, and it will operate in exactly the same way as MESS. Be warned however, none of the CD32 titles are playable yet due to controller issues (I’ll add a mention of this to my previous post shortly, it might be an easy fix!)

This extends further, open up mamedriv.c and add DRIVER( xxx ) lines for genesis, megadriv, pico, segacd, megacd, 32x etc. compile, and there you go, those systems also work in MAME, exactly as they do in MESS, without having to add a single extra code file. Add the softwarelists from MESS for good measure and you’re set. Why? Because the code for those systems is already fully shared between the projects.

Curt Coder has been doing a good job of moving over common devices to the main ‘emu’ tree of MAME, which is shared with MESS at present, which is beneficial because if these common devices show up on arcade boards there is less likelihood of somebody trying to re-implement something which has already been emulated in MESS. This also allows implementations to be merged in cases where they have been duplicated, which has similar benefits to the work I was doing on the Data East hardware mentioned previously. A single robust implementation of a chip is better than multiple incomplete sketchy ones hacked up to work in specific cases.

I really should update here more often.. but here’s a mini-update to get things started.

The infamous Tattoo Assassins has been emulated in MAME for a good few years now, but it always had some graphical issues which annoyed me. While it was possible they were glitches of the original game (which given the horror stories you read about it’s development, wouldn’t have been too surprising) but at the same time, for a machine at the ‘location test’ stage, they seemed a bit TOO obvious.

The animated graphical corruption when you executed a fatality, accompanied by some nonsense miscoloured text about having seen XX fatalities, and an incomplete Game Over screen. If you’ve ever tried Tattoo Assassins in MAME you’ve probably noticed them.

Over the last week I’ve been cleaning up the Data East drivers in MAME, trying to consolidate multiple (near identical) implementations of the tilemap, and sprite custom chips into single, shared implementations for each chip. The existing implementations were a bit messy, with some features implemented in one, but missing in another. Having multiple implementations of the same thing is bad, code tends to develop in one place, but not another which is pretty much what had happened here.

Anyway, doing such cleanups does carry a risk of introducing bugs, because it’s not always clear why one copy of a function has been modified and another hasn’t, when they should be the same, however, in the case of Tattoo Assassins this cleanup work has actually fixed the aforementioned bugs.

Some bugs could still remain, the behavior of the blending chip(s) isn’t fully understood, as is evident in the likes of Night Slashers, and some implementations have yet modified to use the generic code (usually because they’re tied closely to fancy game specific mixing routines, as found in the Desert Assault and Boogie Wings drivers, making the conversion significantly more difficult) however, there is nothing which looks obviously wrong in Tattoo Assassins anymore.

It turns out the problem with the fatality screen was that the tilemap was meant to be switched to a 16×16 pixel tilesize mode at that point, and the implementation of the tile code for that layer only supported 8×8 mode. The XX fatalities text is actually debug text, it’s clearly NOT meant to be displayed, the animated garbage was the ‘TATTOOED’ text being shown using the wrong tiles, in the wrong mode.

The Game Over text problem was because the game was only drawing the first half of the sprite list. In some cases the spritelist can be bigger, Charlie Ninja already needed this for the foreground text to work, so by sharing the implementation this problem was fixed in Tattoo Assassins.

And as an aside (not my work, but interesting to note), the BSMT2000 was decapped recently, and hooked up as a CPU instead of an higher level implementation of the sound chip, which should make the sound more accurate than ever (don’t coin up too soon after boot tho, or you’ll get no sound at all ;-)

One or two other things have also improved as a result of doing this video code merge, Birdie Try gained multi-width sprite support, so the rendering of the radar / sprites is now correct (still unplayable due to protection glitches) and Super Shanghai Dragons Eye (bootleg) gains a previously missing rowscroll effect on the Hot-B logo at startup.

Thursday, April 7th, 2011

After 6 years of coordinating the MAME project, it is time for me to step aside and let someone else handle day-to-day management. It has been an honor to helm the project for so long, and even though I won’t be handling the regular releases and top-level coordination anymore, I do hope to continue working on modernizing the core, so we are not left with a half-finished effort.

With this changing of the guard, I am pleased to announce that Angelo Salese (aka Kale) has volunteered to step in and take over coordination of the project going forward. Angelo has done a great job improving many drivers over the years, and I am confident he will be an excellent project leader going forward.