by Phoenix, the HSM team writer

Ultraman, Ultraman

Here he comes from the sky

Ultraman, Ultraman

Watch our hero fly

In a super jet, he comes from a billion miles away

From a distant planet land, comes our hero Ultraman.

Recently, I was hanging out with friends, talking about Home and other things. We got to discussing Japanese anime; anime has become extremely popular today, as has tokusatsu, but that wasn’t the case when we were younger. As we discussed these memories from childhood, I recalled a few and spoke of one: Ultraman.

Ultraman wasn’t very familiar to the group. Only two people seemed to recall the name. Only one thought it familiar; the other spoke of an Ultraman with blonde hair. This wasn’t the Ultraman from my memory, as far as I could recall. He was Japanese. I supposed it was a regional show when I was a kid, assuming that was why it was unfamiliar to them. We had two Japanese shows at that time every afternoon: Ultraman was a tokusatsu series, and Speed Racer was the animated show. This was a time when no one cared that the monster suits were all rubbery and the superhero had noticeable zippers down their backs or that the buildings were clearly cardboard and styrofoam and the same city block fell every week in the monster attack. This was a time when martial arts were amazing (still is) and sci-fi was everywhere (still is).

Ultraman was the story of a Japanese pilot of the Scientific Patrol on an elite team of six visible characters, who was accidentally killed by a UFO collision while on patrol investigating that UFO. The alien inside the craft, in his sadness at the accident acted to return the pilot’s life by merging with him, giving him his life force. Thus, Hiyata was transformed into Ultraman.  He was given a silver capsuled object called a Beta Capsule, to transform whenever there was trouble that he and his team could not handle; he would hold this capsule aloft and transform to a giant in a helmeted silver, red and blue body suit. He used special karate moves and special attacks, the favorite one being the Specium Ray emitting from his right hand when his hands formed a plus sign, to fight all the creatures that threatened earth. Most of these were Godzilla-like creatures. Though Hiyata was merged with the alien life force to become Ultraman, he could only sustain these powers and giant form for a short time. His suit had a warning light beacon on the front in the form of a chest plate, and the beacon would flash when he had only three minutes of power remaining.

I remember rushing home after school to watch this show every day. I can still recall the song and often sing it out of the blue. The original show ran from 1966 to 1967 in Japan.  It was in the ’70s, as a return series dubbed in English, that I was enthralled by its superhero greatness. After that there were several spins off series; some reached America some did not. One such Ultraman spin-off in 1992 was Ultraman: Toward the Future. It was produced in celebration of the 25th anniversary of the show.

Ultraman was a big part of my childhood. I never forgot my daily dose or first foray into the monster hero storyline, Japanese style. Years later, the Power Rangers emerged onto the scene; they were slightly reminiscent of Ultraman, with the suits and karate moves, but not the storyline or magic. Ultraman was a true hero, a true Japanese icon. Ultraman is burned into my memory. He was amazing, exotically handsome (Hiyata) and able to transform and save the world, being the first hero to obtain giant height on TV, well before Transformers ever became a reality.  Granzella’s recent addition to Home content, in the form colorful suited figures of their U-man Unidentified Squadron, brought back these memories: U-man.

Susumu Kurobe (born Takashi Yoshimoto), the actor who played Hiyata in the 1960’s episodes, so loved his portal of Hiyata in the original series that he revisited his role in episode 47 of Ultraman Mebius, Ultraman Brothers, Mega Monsters Battle: Ultra Galaxy Legends The Movie, and Ultraman Saga. He has played other characters in some of the other Ultraman series as well as acting alongside his daughter in Ultraman Tiga The Movie 2000. Though he has appeared in numerous other acting portrayals, Ultraman remains a big part of his life.

As I started this article I thought about the generations of American kids that love manga, anime, and sci-fi, and of how much Japanese sub-culture has given and enriched our pop culture. From Japanese myth and hero legend, we arrive at some of our modern storytelling: Godzilla and Ultraman to G-Force for me; Dragonball Z and Inuyasha, One Piece, Full Metal Alchemist, Bleach and Witch Blade and more for my son.  There is a long-lasting legacy these series have created in our culture. The characters live long after childhood, being reinvented in new series and movies, for new generations of waiting fans. I was happy to discover the Ultraman character has become a family of characters all different Ultraman and women carrying on the fight for earth-like Hiyata did.

It would be a blast to be able to see the original series in Home, perhaps via Crackle. It would be fun to see Hiyata and the Science Patrol save the Earth again. I am certain it would be a different experience, but even in my jaded age, I think I would still enjoy those special moves as I did when I was a child.

Game Review: Sonic Adventure

by BigMak43, the HSM staff writer

This particular game review might just show my age a bit.

Once upon a time, in a land far away, there was a gaming system that was supposed to redefine “epic.” It would be so epic that Icelandic sagas would be written about its brilliance.

Well, it was epic. Epic fail. It failed harder than Lindsay Lohan’s last sobriety test.

What is this system, you ask?

Well, my friends, today we’re talking Sega Dreamcast. Good, old, (thankfully) long-dead Dreamcast.

Six paragraphs in, I know what you’re thinking: what does that sailboat of a system have to do with the PS3?

Sonic Adventure!

Sonic Adventure was originally a Dreamcast game. Now it’s available to us in the PlayStation world — with 99% of the epic glory of this lost treasure still intact.

Sonic Adventure saw a change in the basic format of the series: less straightforward paths comprised of collecting rings and killing baddies, in lieu of a more open-world Sonic experience. Two different levels, with different sub-levels to explore. It also boasts 3D(ish) graphics, which were (almost) top of the line back then. Don’t expect too much from the open world, though: not a lot of interactive elements. This ain’t Grand Theft Auto, after all.

In Sonic Adventure, you have a good array of characters to choose from Sonic, Tails, Knuckles and others, each with their own story. In this regard, there’s plenty to keep you occupied.

(Think of that first-gen PS2 game, “The Bouncer.” Its one real hook was its Rashomon-like plot device of telling the same story from multiple perspectives, all with different moves and cutscenes. This is somewhat similar, just more pixelated.)

This is where like Bald Bull’s arrival in “Punch-Out!!”, things start to get harsh.

Controls. Decent, but there are many frustrating points in this game. From failed camera angles to just blatantly horrific controller sensitivity, even the best gamer on the planet would scream out in frustration like F. Murray Abraham in “Star Trek Insurrection” (or the audience as they’re forced to watch it).

The glitches in the game are even worse. You’re happily speeding around a corner and poof! You’re through a wall, and it’s say-hello-to-insta-die. Let’s just say that if Sixaxis controllers weren’t a bit pricey…I’d be needing some new ones right now. And maybe a fire extinguisher.

Graphics. Same as they were before: very blocky, old-school 3D. So, euphemistically, you could say they’re “a nice flashback” in a sense. Some HD facelifting would have been nice, but nopers — no botox for these jagged polygons.

Music. Ha! If you can call it that. It’s that good, late-nineties digital stuff. Mute works just as well. So does sticking a power drill in your ear.

Actually, if I’m honest, there was one tune that was kind of decent, in the same way, that post-nose job Jennifer Gray is kind of decent. It’s in the Casino, at the Cards Pinball.

(Here’s a completely off-topic tip: when it turns to night in-world, the casino opens. And if you go to the Cards Pinball as Sonic…many a free guy to be won. Just be diligent. A little tip for my peepz, yo.)

As a cute side-adventure, you can raise small creatures to race and such. Reminded me a lot of Digimon, frankly. It’s a neat little aside to try in the game.

Still. Despite the bad controls and camera, Sonic Adventure is actually quite fun, and a good showing of a classic game from a system that was dead on arrival. Sure, like nearly any game from that era, it’d be nice to re-experience it with George Lucas touch-ups. But even in its original, Han-shoots-first glory, Sonic Adventure is still a great showcase for how the series made the switch from 2D side-scrolling to a 3D open-world format that can still be seen to this day in the newest Sonic games on the PS3.

I give Sonic Adventure on the PSN a solid 6 out of 10. It’s just a decent game. With a price tag of $9.99 you really can’t go wrong if you want to try a classic Sonic game, or just replay it if you enjoyed it the first time around. It also boasts some PlayStation Home rewards, so for you Home addicts, a sweet Sonic shirt is always a nice addition to any closet. If it was fixed or updated in some of the ways mentioned above, it would be better. But, candidly, a part of me is glad they didn’t “fix” it. Yes, I just contradicted myself. Shaddap.

Bottom line: if you’re a Sonic fan and enjoy some Home rewards, this game will satisfy both cravings.

bigMak43 is a 31-year-old  self-described “slacker gamer”  whose opposable thumbs have gripped game controllers since the days of the Sega Master System. He is the magazine’s game reviewer as well as an avid Home user. He is a chef and lives in Massachusetts.

The PlayStation Blog recently posted that all our passwords on PSN were not encrypted, causing a crazy amount of panic across the internet. However, yesterday Sony clarified that while they were not encrypted, they were hashed.

“Phew!” was my first thought, but I’m guessing most people were thinking “Eh?” So I put together this description of why password hashing by itself sucks and how to improve it significantly. I’m going to take a guess and assume that the PSN has been using version 2, and will from now on be using version 3.

When you register for websites or online services, you have to set a password to enable yourself to log in again in the future. Your username and password need to be stored in a database so that when you ask to login, the server can verify your details are correct and allow you access.

Let’s look at the basic way of doing this (by the way, the WRONG way) and then work our way up to how most websites (should) be storing your password.

(comic from XKCD.com)

Version 1 – Plain-text

Joe has registered on my website and I have chosen to store his password in “plain-text”. This means I store his password with no other security measures than normal.

So in my database, I store:

Username: Joe
Email: [email protected]
Password: 12345

Yes, it’s a bad password. But you’d be surprised how many people use that one. (see top passwords on Gawker leak: http://blogs.wsj.com/digits/2010/12/13/the-top-50-gawker-media-passwords/)

Now when Joe tried to log into my website, I look at the password he gave me and compare it to my database. Let’s say Joe gives me his password “12345″ – Hurrah! It matches! I can let him log in and access my lovely website.

Where are the problems with this? First, anybody running the website can easily look into their database and read all the passwords for all their users. Ideally, you want even the admins on the website to not be able to know your password. Secondly, all the security is based on the database. If somebody managed to break into the website, they may be able to break into the database and download all your usernames, emails and passwords.

We need a better form of security.

Version 2 – Password Hashing

Now we are going to secure our passwords with something called “hashing”. We use a mathematical equation called a “hash function” to turn your password into a piece of nonsensical data. There are many different types of hash functions we could use, however they ideally need to have these properties:

• One-way only
  • This means if we take a password and run it through a hash function, we cannot reverse the process. This means you can’t take the password hash, run it through a modified version of the hash function and get the original password.
  • This requires some complex mathematics to ensure it’s absolutely impossible to find a way of reversing the hash function.
• No collisions
  • We don’t want two passwords resulting in the same password hash. For example, if “12345″ and “password” resulted in the same password hash, people will be able to login with either of these passwords.
  • This will make more sense after an example.

So, for this example, we’re going to use a famous hash function called MD5 (which has actually been proven to have some rare hash collisions, there are better functions available now, but for this example, we’ll use a popular one).

When Joe registers, instead of storing his password in plain-text, we store the result of the hash function.

Username: Joe
Email: [email protected]
Password: 827ccb0eea8a706c4c34a16891f84e7b

You can see that the result of “12345″ is a long piece of text that is impossible to understand.

Now, when Joe tries to log in, we take his password. We run the hash function on the password he gave us and we compare the two hashes instead. If he gives us “12345″, we will run it through the hash function, check the resulting password hash and if it matches the hash we have in the database – Hurrah! We have logged Joe into the site again.

But is this really safe enough?

Note that this time, we never store the plain password. So an admin can’t look through the database and read everyone’s passwords. But, there is still a flaw in this system.

What if we built a massive database of every single possible combination of letters, numbers, and symbols and ran the same MD5 hash function over every possibility and saved the result. It will take a very very long time to calculate, but people have done exactly this. They have created databases where you can type in a password hash, and it will search through their massive databases trying to find the password that originally created it.

This is the problem of everybody using the same hash functions. But there are very few available that are secure and strong enough.

However, there is a solution to this problem too.

Version 3 – Salted hashes

Salting is almost exactly the same as password hashing, but with one minor difference. We add a new piece of data to each user in our database. For this example, I’m going to generate a random piece of text for Joe using a random text generator.

For Joe, we generated a random piece of text “b5h64h0c78FbXWJHKl7DDKKE35d6SO”. We shall call this his “password salt”. We store this alongside his username and email address in the database.

Now, instead of storing the hash of only his password, we also add our salt to his password. Now instead of performing the hash function of “12345″, we perform the hash function of “12345b5h64h0c78FbXWJHKl7DDKKE35d6SO”. Notice it starts with Joe’s normal password, but we add our salt onto the end. This gives us a new password hash to store.

Username: Joe
Email: [email protected]
Password: f88378f45a99a13be6f42cefbd80e976
Salt: b5h64h0c78FbXWJHKl7DDKKE35d6SO

So now, we have made Joe’s password very long. It would take way too long for somebody to go through every single possibility up to the point of a 35 letter password because of the salt we added on. This is why it’s vital that websites add the salt to each user, making it impossible to pre-calculate as many password possibilities as possible since every user will have a completely different salt, it will take centuries of computation to get anywhere close to finding the right one.

Recently, Gawker, (a website network including Fleshbot, Deadspin, Lifehacker, Gizmodo, io9, Kotaku, Jalopnik, and Jezebel) was hacked and their database was compromised. They did not use password salting. Millions of passwords were instantly looked up in large password hash database. It’s hard to know how many other websites out there don’t salt their password hashes.

We’ve glanced over a lot of password security, but I thought it would be helpful to essentially explain how your data is secure. After the recent media hype over hacked systems, people actually suddenly seem to care about their online information. Just wait until people get into your Facebook. If you don’t want people to know about it, don’t put it online.

How can we improve this further? Look up Two-Factor Authentication – banks (and recently Gmail http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html) implement it and it will keep your account significantly more secure: http://en.wikipedia.org/wiki/Two-factor_authentication

Cross-posted from my blog, http://www.cubehouse.org/blog/2011/05/02/password-hashing-how-to-make-it-not-suck-a-basic-guide/