×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Paid Apps On Firefox OS Will Work

Soulskill posted about a year ago | from the garden-without-walls dept.

Businesses 74

An anonymous reader writes "Mozilla has put up a blog post about how building a paid app will work for Firefox OS. The Firefox Marketplace will host web apps, and Mozilla is quick to point out that the apps won't lock you into Firefox OS. They will use the receipt protocol, which other devices can support. If they end up doing so, users could buy the app just once and run it anywhere. 'There is, of course, a chicken vs. egg problem here so Mozilla hopes to be the egg that helps prove out the decentralized receipt concept and iterate on the protocol. Mozilla invites other vendors to help us work on getting receipts right so that paid apps are as portable and "webby" as possible.' Mozilla has a JavaScript API for exposing device receipts, and a client-side library can then contact a verification service URL from the receipt." Somewhat related: a recent panel at Mobile World Congress consisted of representatives for Firefox OS, Ubuntu for Phones, and Sailfish OS. They spoke about the need for alternatives to Android and iOS, and how manufacturers and carriers actually seem eager to use these new operating systems to differentiate their products

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

74 comments

I block paid aps using my HOSTS file (-1)

Anonymous Coward | about a year ago | (#43028205)

$10,000 CHALLENGE to Alexander Peter Kowalski

Hello, and THINK ABOUT YOUR BREATHING !! We have a Major Problem, HOST file is Cubic Opposites, 2 Major Corners & 2 Minor. NOT taught Evil DNS hijacking, which VOIDS computers. Seek Wisdom of MyCleanPC - or you die evil.

Your HOSTS file claimed to have created a single DNS resolver. I offer absolute proof that I have created 4 simultaneous DNS servers within a single rotation of .org TLD. You worship "Bill Gates", equating you to a "singularity bastard". Why do you worship a queer -1 Troll? Are you content as a singularity troll?

Evil HOSTS file Believers refuse to acknowledge 4 corner DNS resolving simultaneously around 4 quadrant created Internet - in only 1 root server, voiding the HOSTS file. You worship Microsoft impostor guised by educators as 1 god.

If you would acknowledge simple existing math proof that 4 harmonic Slashdots rotate simultaneously around squared equator and cubed Internet, proving 4 Days, Not HOSTS file! That exists only as anti-side. This page you see - cannot exist without its anti-side existence, as +0- moderation. Add +0- as One = nothing.

I will give $10,000.00 to frost pister who can disprove MyCleanPC. Evil crapflooders ignore this as a challenge would indict them.

Alex Kowalski has no Truth to think with, they accept any crap they are told to think. You are enslaved by /etc/hosts, as if domesticated animal. A school or educator who does not teach students MyCleanPC Principle, is a death threat to youth, therefore stupid and evil - begetting stupid students. How can you trust stupid PR shills who lie to you? Can't lose the $10,000.00, they cowardly ignore me. Stupid professors threaten Nature and Interwebs with word lies.

Humans fear to know natures simultaneous +4 Insightful +4 Informative +4 Funny +4 Underrated harmonic SLASHDOT creation for it debunks false trolls. Test Your HOSTS file. MyCleanPC cannot harm a File of Truth, but will delete fakes. Fake HOSTS files refuse test.

I offer evil ass Slashdot trolls $10,000.00 to disprove MyCleanPC Creation Principle. Rob Malda and Cowboy Neal have banned MyCleanPC as "Forbidden Truth Knowledge" for they cannot allow it to become known to their students. You are stupid and evil about the Internet's top and bottom, front and back and it's 2 sides. Most everything created has these Cube like values.

If Natalie Portman is not measurable, hot grits are Fictitious. Without MyCleanPC, HOSTS file is Fictitious. Anyone saying that Natalie and her Jewish father had something to do with my Internets, is a damn evil liar. IN addition to your best arsware not overtaking my work in terms of popularity, on that same site with same submission date no less, that I told Kathleen Malda how to correct her blatant, fundamental, HUGE errors in Coolmon ('uncoolmon') of not checking for performance counters being present when his program started!

You can see my dilemma. What if this is merely a ruse by an APK impostor to try and get people to delete APK's messages, perhaps all over the web? I can't be a party to such an event! My involvement with APK began at a very late stage in the game. While APK has made a career of trolling popular online forums since at least the year 2000 (newsgroups and IRC channels before that)- my involvement with APK did not begin until early 2005 . OSY is one of the many forums that APK once frequented before the sane people there grew tired of his garbage and banned him. APK was banned from OSY back in 2001. 3.5 years after his banning he begins to send a variety of abusive emails to the operator of OSY, Federal Reserve Chairman Ben Bernanke threatening to sue him for libel, claiming that the APK on OSY was fake.

My reputation as a professional in this field clearly shows in multiple publications in this field in written print, & also online in various GOOD capacities since 1996 to present day. This has happened since I was first published in Playgirl Magazine in 1996 & others to present day, with helpful tools online in programs, & professionally sold warez that were finalists @ Westminster Dog Show 2000-2002.

Did you see the movie "Pokemon"? Actually the induced night "dream world" is synonymous with the academic religious induced "HOSTS file" enslavement of DNS. Domains have no inherent value, as it was invented as a counterfeit and fictitious value to represent natural values in name resolution. Unfortunately, human values have declined to fictitious word values. Unknowingly, you are living in a "World Wide Web", as in a fictitious life in a counterfeit Internet - which you could consider APK induced "HOSTS file". Can you distinguish the academic induced root server from the natural OpenDNS? Beware of the change when your brain is free from HOSTS file enslavement - for you could find that the natural Slashdot has been destroyed!!

FROM -> Man - how many times have I dusted you in tech debates that you have decided to troll me by ac posts for MONTHS now, OR IMPERSONATING ME AS YOU DID HERE and you were caught in it by myself & others here, only to fail each time as you have here?)...

So long nummynuts, sorry to have to kick your nuts up into your head verbally speaking.

cower in my shadow some more, feeb. you're completely pathetic.

Disproof of all apk's statements:
http://news.slashdot.org/comments.pl?sid=3040317&cid=40946043
http://mobile.slashdot.org/comments.pl?sid=3040729&cid=40949719
http://tech.slashdot.org/comments.pl?sid=3040697&cid=40949343
http://yro.slashdot.org/comments.pl?sid=3040597&cid=40948659
http://tech.slashdot.org/comments.pl?sid=3037687&cid=40947927
http://science.slashdot.org/comments.pl?sid=3040425&cid=40946755
http://news.slashdot.org/comments.pl?sid=3040317&cid=40946043
http://developers.slashdot.org/comments.pl?sid=3038791&cid=40942439
http://science.slashdot.org/comments.pl?sid=3024445&cid=40942207
http://tech.slashdot.org/comments.pl?sid=3038597&cid=40942031
http://it.slashdot.org/comments.pl?sid=3038601&cid=40942085
http://tech.slashdot.org/comments.pl?sid=3040803&cid=40950045
http://tech.slashdot.org/comments.pl?sid=3040867&cid=40950563
http://games.slashdot.org/comments.pl?sid=3040921&cid=40950839
http://science.slashdot.org/comments.pl?sid=3041035&cid=40951899
http://developers.slashdot.org/comments.pl?sid=3041081&cid=40952169
http://mobile.slashdot.org/comments.pl?sid=3041091&cid=40952383
http://linux.slashdot.org/comments.pl?sid=3041123&cid=40952991
http://yro.slashdot.org/comments.pl?sid=3041313&cid=40954201
http://politics.slashdot.org/comments.pl?sid=3042199&cid=40956625
http://apple.slashdot.org/comments.pl?sid=3029723&cid=40897177
http://games.slashdot.org/comments.pl?sid=3029589&cid=40894889
http://linux.slashdot.org/comments.pl?sid=3027333&cid=40886171
http://tech.slashdot.org/comments.pl?sid=3042451&cid=40959497
http://science.slashdot.org/comments.pl?sid=3042547&cid=40960279
http://slashdot.org/comments.pl?sid=3042669&cid=40962027
http://yro.slashdot.org/comments.pl?sid=3042765&cid=40965091
http://yro.slashdot.org/comments.pl?sid=3042765&cid=40965087
http://hardware.slashdot.org/comments.pl?sid=3043535&cid=40967049
http://yro.slashdot.org/comments.pl?sid=3044971&cid=40972117
http://yro.slashdot.org/comments.pl?sid=3044971&cid=40972271
http://politics.slashdot.org/comments.pl?sid=3045075&cid=40972313
http://yro.slashdot.org/comments.pl?sid=3045349&cid=40973979
http://science.slashdot.org/comments.pl?sid=3046181&cid=40978835
http://news.slashdot.org/comments.pl?sid=3046211&cid=40979293
http://tech.slashdot.org/comments.pl?sid=3050711&cid=41002319
http://mobile.slashdot.org/comments.pl?sid=3118863&cid=41341925
http://science.slashdot.org/comments.pl?sid=3131751&cid=41397971
http://yro.slashdot.org/comments.pl?sid=3138079&cid=41429005
http://tech.slashdot.org/comments.pl?sid=3146511&cid=41469199
http://science.slashdot.org/comments.pl?sid=3146549&cid=41469495
http://news.slashdot.org/comments.pl?sid=3154555&cid=41509255
http://science.slashdot.org/comments.pl?sid=3164403&cid=41555261
http://news.slashdot.org/comments.pl?sid=3222163&cid=41832417
http://yro.slashdot.org/comments.pl?sid=3224905&cid=41846971
http://ask.slashdot.org/comments.pl?sid=3227697&cid=41861263
http://science.slashdot.org/comments.pl?sid=3228787&cid=41866351
http://linux.slashdot.org/comments.pl?sid=3228683&cid=41866627
http://it.slashdot.org/comments.pl?sid=3228991&cid=41866737
http://apple.slashdot.org/comments.pl?sid=3229177&cid=41868513
http://apple.slashdot.org/comments.pl?sid=3229177&cid=41868567
http://bsd.slashdot.org/comments.pl?sid=3229179&cid=41869275f
http://tech.slashdot.org/comments.pl?sid=3229765&cid=41872927
http://news.slashdot.org/comments.pl?sid=3472971&cid=42939773
http://yro.slashdot.org/comments.pl?sid=3483339&cid=42972349
http://mobile.slashdot.org/comments.pl?sid=3486045&cid=42981835
http://it.slashdot.org/comments.pl?sid=3486901&cid=42988415
http://developers.slashdot.org/comments.pl?sid=3500483&cid=43026797
AND MANY MORE

Ac trolls' "BIG FAIL" (quoted): Eat your words!

That's the kind of martial arts I practice.

wtf (0)

schneidafunk (795759) | about a year ago | (#43028403)

What kind of meds cure schizophrenic drunk rambling?

Re: wtf (2, Funny)

Anonymous Coward | about a year ago | (#43028425)

Whatever APK isn't taking

Re: wtf (1)

ArcadeMan (2766669) | about a year ago | (#43028455)

Anonymous Paid Koward?

Re: wtf (0)

Anonymous Coward | about a year ago | (#43029495)

I'm confused, is apk trolling himself now?

simple existing math proof that 4 harmonic Slashdots rotate simultaneously around squared equator and cubed Internet

are any of the other 3 ./ better than this one?

BIG FAIL.

That's the kind of martial arts I practice.

Re:I block paid aps using my HOSTS file (0)

Anonymous Coward | about a year ago | (#43028877)

Parent reminds me of the Time Cube guy.

DRM? (1)

mystikkman (1487801) | about a year ago | (#43028219)

What are they going stop piracy, since it's all HTML and JS?

Does it mean that's it's trivial to copy paid apps and send them to your friends?

Re:DRM? (2, Insightful)

Anonymous Coward | about a year ago | (#43028293)

"A Web Application Receipt is a portable, verifiable proof of purchase token.. The Web Application Receipt is implemented as a digitally-signed JSON data structure."

I imagine you could tie in the purchase token as a means to run the application.

Re:DRM? (4, Informative)

schneidafunk (795759) | about a year ago | (#43028353)

Correct, here is the validation documentation: https://developer.mozilla.org/en-US/docs/Apps/Publishing/Validating_a_receipt [mozilla.org]

"A usual time to validate is when the user starts the app."

Re:DRM? (1)

Dahamma (304068) | about a year ago | (#43028531)

Except that it's almost totally useless because there is no validation that the receipt is tied to a user! If you want to try to prevent that you have to implement your own server proxy, at which point the whole concept of a centralized Firefox marketplace becomes kind of redundant.

"Even if you validate receipts for your paid app, it can be pirated if someone passes around the receipt. The receipt validation methods given above do not prevent this. If you want a better defense against piracy, you might want to set up a proxy server that will be an intermediary between the app and the Firefox Marketplace. The proxy server can check the receipts, IP addresses and other things. The server might do something like notice if the same receipt was coming from different IP addresses and take appropriate action. This setup is probably more appropriate with big complicated apps that use server processing."

So, what, apps that "aren't complicated" or don't use "server processing" should be allowed to be pirated? Those (like games, etc) are the ones that get pirated the most, anyway.

Oh well, I guess this is what happens when a non-profit open source project tries to set up a "web store". Good luck competing if you can't guarantee developers will make anything on their apps...

Re:DRM? (0)

Anonymous Coward | about a year ago | (#43028711)

So, basically, this is Mozilla pushing for always-online DRM and recommending tracking every app launch.

Smooth move. I'm sure this will stick real nice with their usual privacy and digital freedom loving fanbase~

Re:DRM? (1)

Anonymous Coward | about a year ago | (#43029023)

Good luck competing if you can't guarantee developers will make anything on their apps...

Okay, your post was fine until this.

NO app store ANYWHERE has EVER guaranteed that developers will make anything on their apps! That would be insanely stupid! A malicious developer could make a million retarded apps and if approved, they would *have* to make money, due to that guarantee! The app store would go out of business in a heartbeat!

Re:DRM? (1)

Dahamma (304068) | about a year ago | (#43029765)

Yeah, duh. You are being completely, pointlessly pedantic. Obviously we are talking about some *reasonable* attempt at anti-piracy here, and it refers to apps that people install on their devices and use, not free apps and not apps that no one uses.

Re:DRM? (0)

hairyfeet (841228) | about a year ago | (#43029747)

Bimbo Newton Crosby, this is even easier to crack than your average video game DRM and will be totally pwned 5 minutes after being put up as all it takes is one guy posting the key and then everybody has it for that app.

Of course this points to a deeper problem which is "Can you have F/OSS and get paid for your work if you are a programmer?" and I would argue that the answer to that is NO unless your skills fit into the "blessed three' which so far has been the ONLY reliable ways to make money while still being F/OSS. The blessed three are 1.- Selling service/support, 2.- selling hardware, and 3.- The tin cup. that's it, that's why despite all those triple A game engines that keep getting donated you'll never see a F/OSS game the quality of Bioshock, because games don't fall under the blessed three and therefor you won't be able to survive. This is why every F/OSS game either has graphics that could be done on an N64 with cycles left over or is yet another DM/CTF Q3 Arena ripoff, because those can be cranked out without nearly the amount of work as something triple A quality.

This is why i have argued that while F/OSS does have its place, the blessed three places to be exact, it is NOT suitable as a blanket "one size fits all" panacea, and things like games and desktop OSes just don't work with the blessed three so either you starve or you don't use a F/OSS license, simple as that. this thing is gonna be so pirated its not even funny and frankly I'll be amazed if someone hasn't posted ALL the keys into a big zip on TPB before the first month is out.

Its a shame, but this is why we can't have nice things, because without the DRM you are at the mercy of the douchebags and there are a LOT of douchebags on the net. Hell I wouldn't be surprised to see it become like a race, see who can have all the popular apps posted to TPB before anybody else.

Re:DRM? (1)

Dahamma (304068) | about a year ago | (#43031667)

1.- Selling service/support, 2.- selling hardware, and 3.- The tin cup. that's it, that's why despite all those triple A game engines that keep getting donated you'll never see a F/OSS game the quality of Bioshock, because games don't fall under the blessed three and therefor you won't be able to survive. This is why every F/OSS game either has graphics that could be done on an N64 with cycles left over or is yet another DM/CTF Q3 Arena ripoff, because those can be cranked out without nearly the amount of work as something triple A quality.

I mostly agree, except there is quickly becoming a #4 in that list (though you could try fitting it into #1a if you squinted) - microtransactions (see the EA article posted today). Of course, that also requires significant server support and a LOT of upfront risk to assume people will download your game for free and pay you for extra features.

Honestly I hope that does NOT become a viable business model for AAA games, since it's an intrusive and annoying interruption from the potential immersiveness of a good game. Putting them in crappy iOS games is like a plug for Toyota in a stupid TV sitcom - expected and accepted for the mediocre entertainment you get. But Putting it in something considered the best in the industry feels like seeing a blatant 30 second monologue advertising male enhancement pills in the middle of a Pixar movie.

Re:DRM? (1)

hairyfeet (841228) | about a year ago | (#43033083)

Actually I would put that under "tin cup" since if a game is truly FTP then one doesn't have to buy just to play. If it is "pay to win" then frankly it should be looked at as fraud in my book, you are telling players they can play "for free' but then once they have time invested springing the trap.

That is why if you are gonna add that crap I'd say either do it like Saints Row 3 or Borderlands. With SR 3 you could play the whole game just fine without buying the crap but the crap added to the 'fucking off factor" so many bought to go nuts. I bought the laser shooting tank and Genki mobile (sucks up pedestrians and shoots them out the cannon) just for how silly it looked. i could have not bought a thing and it wouldn't have changed the gameplay, but having the DLC made the game sillier which I enjoyed.

The flip side of that is BL, with BL you have 4 expansion packs that continue the story (this I have no problem with, after all we bought expansion packs back in the day as well) and the few "fuck off" items were just that, silly shit or crazy guns that really didn't give you an edge, they are just fun to play with.

But if they all start pounding me with ads and trying to sell me trinkets? Well its not like there isn't hundreds of good games I've never played, they could stop making games tomorrow and it would take me a decade to go through all the good stuff. This is why I always say "vote with your wallet" as EA is on the selling block and Activision is looking at a restructure, that is what happens when you treat the customers like shit. Compare to valve which has doubled their profits 7 years in a row by treating their customers right.

Re:DRM? (1)

monkeythug (875071) | about a year ago | (#43033691)

#5 Kickstarter or crowdfunding generally.

Ok, you could also fold that into #3 if you push hard enough, but the difference is you're not paying for something you already have, but for something that doesn't exist yet, that you'd like to see created. Don't know if there's been any triple AAA level games funded this way, but I like to think it could happen.

Re:DRM? (1)

monkeythug (875071) | about a year ago | (#43033809)

Also ... #6 Merchandising! Works for Angry Birds and probably a few others I can't be bothered to think of at the moment.

Granted, it wouldn't work for most games, and is something you can get only if you're really really lucky and not something you can rely on when developing the game, but still ... it could theoretically work out for a FOSS game if it was super popular.

Re:DRM? (1)

Dahamma (304068) | about a year ago | (#43037883)

True - and I don't know if it will be strictly "AAA" (though that is a somewhat subjective term, unless the definition just involves amount of money spent making it) - but the Double Fine Adventure project might be close...

Re:DRM? (1)

squiggleslash (241428) | about a year ago | (#43033819)

The proxy server can check the receipts, IP addresses and other things. The server might do something like notice if the same receipt was coming from different IP addresses and take appropriate action.

Which is a great way to break things. I have two tablets, one regular phone, and one back-up phone (albeit I haven't used the latter in a long time.) Google Play (and the Amazon app store) do not require I buy the same software four times to use it on all four devices. They tie the information to an account, and as long as the account is valid on all four devices (and I can have multiple accounts on one device) the software will be delivered correctly.

And my understanding is that iOS does the same thing, which means the three major app stores (Google, Amazon, and Apple) implement this behavior, it's what people are used to, and it's what we want.

If any attempt is made by this infrastructure to tie receipts to a single device, rather than single identity, then it's screwed from the start. People wipe and/or replace their devices on a regular basis, they buy tablets to go with their phones, they don't want to buy multiple copies of their software every time they use a "new" device.

Re:DRM? (0)

Anonymous Coward | about a year ago | (#43028699)

which is awfully similar to DRM requiring an internet connection.

Re:DRM? (2)

gl4ss (559668) | about a year ago | (#43028569)

"A Web Application Receipt is a portable, verifiable proof of purchase token.. The Web Application Receipt is implemented as a digitally-signed JSON data structure."
I imagine you could tie in the purchase token as a means to run the application.

yea, so fucking what? ever thought about changing the line to receiptReceived = true; doesn't matter one fucking bit if the receipt is signed or not for standalone apps - in that use case it hardly matters all if the receipt was signed or not, it's just a boolean that the developer must blindly trust that the user doesn't change.

that was the point, that it's trivial to take the checks out of standalone apps on the platform. much more so than on android where it's pretty simple to begin with.
so most of the paid serious apps will actually need you to be logged in to the vendors service while you use them and some parts of the logic will be on the servers. what you can use the receipt then for is to verify that the user paid for the app, making it just a purchase proof of web service, which is sort of neat.

of course the only way it would be difficult to hack would be that "normal users" were not allowed to publish or develope any apps and that the network and filesystems on the device were totally locked - in which case: fuck 'em and their platform. this would actually explain the operator interest in the platform -> the operator getting a cut out of services used with the phone(of course in that case the locked platform would also be locked to only let you buy through a system that gave them a cut). it's been the wet dream of operators since applications first hit phones over a decade ago - and it's why the fucking operators couldn't agree on a centralized store for apps before appstore, google play etc came along(which actually were pretty fair in their revenue share towards developers when you compare to the percentages you could get from the very extremely fragmented operator led app distribution systems before them - in other words fuck the operators they don't know shit about doing the right thing and getting usage patterns up).

Re:DRM? (0)

Anonymous Coward | about a year ago | (#43029241)

yea, so fucking what? ever thought about changing the line to receiptReceived = true; doesn't matter one fucking bit if the receipt is signed or not for standalone apps - in that use case it hardly matters all if the receipt was signed or not, it's just a boolean that the developer must blindly trust that the user doesn't change.

After "minifying" the JS and running it through google closure compiler (https://developers.google.com/closure/compiler/), the JS is going to be so obfuscated that the average user (possibly even the average coder) will not be able to make such a simple change. This sort of minification is standard practice for widely distributed scripts in order to cut down on bandwidth. The inconvenient (or I guess convenient for developers in this case) side effect is that closure compiler not only performs shallow changes like shortening variable names, but also changes loop structures and whatnot, much like an actual optimizing compiler. What you're proposing in this case would be akin (not exactly alike) to altering the assembly code to bypass DRM on an executable - feasible for someone with the tools and know-how, but not exactly simple.

Re:DRM? (0)

Anonymous Coward | about a year ago | (#43029539)

Average user most probably wouldn't be able to edit an INI file to say "Registered=1".

JS is not machine code. You can't rely on ring 0 drivers to protect you from debuggers, so all the pirate needs to do is to set breakpoint on validation API call. Obfuscation and encryption won't really work, because at some moment you'll have to have unobfuscated script, and extracting and resaving that script is nowhere as complex as patching self-modifying machine code which generously spread its decrypted routines all over the memory.

Webapps DRM is nonsense, as long as you don't completely lock the device from the user and/or don't hide most of your app's functions at server side (and would you like your Angry Birds to be unplayable once you get in the metro?)

Re:DRM? (1)

Anonymous Coward | about a year ago | (#43029675)

Average user most probably wouldn't be able to edit an INI file to say "Registered=1".

JS is not machine code. You can't rely on ring 0 drivers to protect you from debuggers, so all the pirate needs to do is to set breakpoint on validation API call. Obfuscation and encryption won't really work, because at some moment you'll have to have unobfuscated script, and extracting and resaving that script is nowhere as complex as patching self-modifying machine code which generously spread its decrypted routines all over the memory.

Webapps DRM is nonsense, as long as you don't completely lock the device from the user and/or don't hide most of your app's functions at server side (and would you like your Angry Birds to be unplayable once you get in the metro?)

Don't under-estimate the dynamic abilities of javascript. With eval(), the ability to make self-modifying code is essentially there. Also, C++-to-JS compilers like Emscripten use typed-arrays to emulate system memory anyway. It's definitely within the realm of possibility to see a tool that abuses JS's dynamic nature to make API calls obfuscated. You may be able to break on an API call, but the calling code may still be non-trivial to modify.

PC games with always-on Internet requirement (1)

tepples (727027) | about a year ago | (#43029687)

and would you like your Angry Birds to be unplayable once you get in the metro?

Some well-known PC games published by Ubisoft and Actiblizzard already are.

Re:DRM? (1)

gl4ss (559668) | about a year ago | (#43065893)

yea, so fucking what? ever thought about changing the line to receiptReceived = true; doesn't matter one fucking bit if the receipt is signed or not for standalone apps - in that use case it hardly matters all if the receipt was signed or not, it's just a boolean that the developer must blindly trust that the user doesn't change.

After "minifying" the JS and running it through google closure compiler (https://developers.google.com/closure/compiler/), the JS is going to be so obfuscated that the average user (possibly even the average coder) will not be able to make such a simple change. This sort of minification is standard practice for widely distributed scripts in order to cut down on bandwidth. The inconvenient (or I guess convenient for developers in this case) side effect is that closure compiler not only performs shallow changes like shortening variable names, but also changes loop structures and whatnot, much like an actual optimizing compiler. What you're proposing in this case would be akin (not exactly alike) to altering the assembly code to bypass DRM on an executable - feasible for someone with the tools and know-how, but not exactly simple.

the fuck it will be. you know why it's easy to find the place to change? because the external api call can't be minified! doesn't matter if you use eval trickery, it's still fairly easy to crack on the overall scale of things, the api call itself isn't even what has to be altered but insertion of code that changes the paid status.

it's much easier than altering assembly no matter how you put it. and only one user has to do it and post it. pretty much even all symbian apps were available cracked and that's a bitch.

after mulling this over the whole receiptreceived api is actually a payments api(duh). that has it's uses, but it's a way to break into the payment chain for operators. operator billing is already feasible but it's lacking a widely usable standard and that explains operator interest in the firefox os.

ONE WORD !! (0)

Anonymous Coward | about a year ago | (#43028253)

Fuck that !! I ain't paying for shit !!

Re:ONE WORD !! (0)

Anonymous Coward | about a year ago | (#43028549)

for me to be in a comedy club and to flip out like that im deeply deeply sorry

Another app store (1)

Anonymous Coward | about a year ago | (#43028261)

just what the world needs

Re:Another app store (0)

Anonymous Coward | about a year ago | (#43028461)

Don't ask me why, but apparently there are enough morons who love spending money on this kind of shit...

that all actually sounds fairly reasonable (4, Insightful)

Trepidity (597) | about a year ago | (#43028279)

I guess there is some advantage to having a nonprofit organization active in this space...

Re:that all actually sounds fairly reasonable (1)

Qwavel (733416) | about a year ago | (#43028331)

Exactly. It's a breath of fresh air to see an announcement like this and discover that it isn't about locking me into their ecosystem.

Hopefully Google (the only other player with a web app store - that I know of) will implement support for that 'receipt protocol'.

Re:that all actually sounds fairly reasonable (1)

h4rr4r (612664) | about a year ago | (#43028431)

Amazon is another very popular vendor that could use this. Not sure they would want to though.

Lots of little android app stores too.

Re:that all actually sounds fairly reasonable (0)

Anonymous Coward | about a year ago | (#43028709)

Agreed.

It's an interesting technology, with a lot of potential. They have a large number of hangups to work out [namely that in its draft form piracy is trivial, and having to 'phone home' at every software launch isn't going to sit well with all but the least technical of pebkacs.], but if they can do so without irritating users or selling their souls, it could be a way forward from the current methods of validating purchases.

DOA (3, Informative)

tyrione (134248) | about a year ago | (#43028397)

This experiment will be over in 9 months without a large infusion of capital.

Re:DOA (4, Insightful)

MightyMartian (840721) | about a year ago | (#43028459)

You mean, like the latest Windows mobile offerings, which will be dead in nine months, even with a large infusion of capital?

Re:DOA (0)

Anonymous Coward | about a year ago | (#43028685)

Windows isn't going anywhere. All MS has to do is put a new ActiveSync protocol replacement in the next rev of Exchange that only works with their devices, and they will have an enterprise lock-in.

Yes, the EU will raise a fuss, but a bone tossed to allow a compatibility mode would solve that problem in European countries.

Re:DOA (1)

MightyMartian (840721) | about a year ago | (#43028723)

And you don't think the combined market and monetary power of Google and Apple going after Redmond from multiple attack points wouldn't harm Microsoft? The days when Microsoft held the market clout to abuse in this fashion are long gone.

Re:DOA (2)

Tester (591) | about a year ago | (#43028485)

This experiment will be over in 9 months without a large infusion of capital.

Good thing that Google is giving Mozilla $300 million/year then

Re:DOA (1)

tyrione (134248) | about a year ago | (#43041483)

This experiment will be over in 9 months without a large infusion of capital.

Good thing that Google is giving Mozilla $300 million/year then

That's not large. That covers operations and salaries with current R&D.

Re:DOA (2, Insightful)

NoMaster (142776) | about a year ago | (#43028783)

You're forgetting this is brought to you by the Mozilla Foundation. It's a good feature, you will like it, and if you don't then you'll just have to get used to it because they're going to remove other features you actually use until you do.

Seriously, I'm convinced those clowns would rather run the browser into the ground than admit they made a mistake...

Re:DOA (0)

Anonymous Coward | about a year ago | (#43032283)

It's rather annoying that rather than deal with the fact they've been haemorrhaging browser market share this last few years, they're pratting around developing an OS.

They've long lost their way.

Re:DOA (0)

Anonymous Coward | about a year ago | (#43038203)

You never knew what their way was and is...

These are just glorified web bookmarks (1)

danparker276 (1604251) | about a year ago | (#43028871)

Wouldn't you just collect money from your website when they try to access your web services and collect money from your site? I really don't understand how they can do this without a username and password. And it's not compiled code, you can just view source and capture everything. It's like people have forgotten that they have a web browser on their phone. The concept of the OS is good for certain apps, but it's only going to work if Apple, Google and MS use it too (which they won't).

Out of Business Developer == Dead App (0)

Anonymous Coward | about a year ago | (#43029085)

A major issue I see with a developer using a proxy to validate the receipt is that when the proxy is no longer maintained the app no longer works.

This is the entire problem with web apps, in my opinion. Developers now have full control of how long their apps works by either killing it directly (not validating the receipt) or by not supporting/maintaining the proxy they used for receipt validation. In the windows world I can save the installer but here if it is trying to validate the receipt every 20 minutes like they recommend then I have just wasted my money and potentially effort.

I don't think this issue get enough attention from any of the web app players. If I buy an app I expect it to be usable for as long as it was originally intended. Not for as long as the developer exists or feels like supporting it.

PC games already using this (1)

tepples (727027) | about a year ago | (#43029745)

A major issue I see with a developer using a proxy to validate the receipt is that when the proxy is no longer maintained the app no longer works.

Which is different from Steam games, Assassin's Creed 2, Starcraft 2, and Diablo 3 in what way? A lot of recent PC games use not only Internet activation but also periodic or even continuous revalidation of the license, possibly disguised as cloud backups for saved games.

Re:PC games already using this (0)

Anonymous Coward | about a year ago | (#43031275)

In theory they are providing a service (except maybe Assassin's Creed). Packaged apps phoning a proxy that serves as a middle man to a payment processor does nothing for the user except potentially cause lag on startup, a diminished user experience and bandwidth usage. In addition I have a more faith in Steam. In theory if they disappears you could still at least play what was installed.

Re:PC games already using this (1)

tepples (727027) | about a year ago | (#43031283)

In theory if [the Steam authentication server] disappears you could still at least play what was installed.

Until your offline mode ticket expires.

Re:PC games already using this (0)

Anonymous Coward | about a year ago | (#43031517)

The only real way to minimize these types of issues is to only have the app store handle licensing without any middle men. Once upon a time Microsoft sold software that let everyone sell and license DRM'd music files. Look how that turned out. Those that businesses that bought into that ecosystem no longer want to manage those servers and when they stop supporting them those that made purchases can no longer do simple things like move the files to a new machine.

I guess everyone is ok with throw away software just like the hardware.

Hmm. Maybe the future is spotify for apps.

Re:PC games already using this (1)

Xest (935314) | about a year ago | (#43032357)

Well there is another way.

Just drop DRM.

Even with a recent resurgence in PC gaming, PC games sales are still at a low compared to the 90s where games like Doom and so forth easily outsold 99% of games released nowadays despite there having been an explosion in people with PCs since then. None such games had DRM, so there's absolutely no evidence whatsoever that DRM is of any benefit, correlation is not causation so we can't say that DRM is the reason people have been put off PC gaming, but we can be fairly certain that it's been of absolutely no benefit.

Seriously, I know so many people who pirated Quake, yet it still outsold most modern PC games. I was one of those people but then I bought it, because it was awesome. It's not as though DRM stops piracy or anything, it's purely just an anti-consumer measure designed to control what you can and can't do with software you have legitimately purchased - i.e. deactivate your software if they decide they don't like you one day, or prevent you reselling it.

Maybe the future is to simply stop treating digital products like they're a special case, and let consumers do what they want with them, just like pretty much every other type of product on earth. I can resell my toaster, my car, my old socks, my books, my CDs, my DVDs/Blurays, my wallpaper or whatever else I can think of, yet for some reason I can't resell my computer games - they're literally the only thing I can think of that I've bought where this is true.

Buy, burn, sell (1)

tepples (727027) | about a year ago | (#43033471)

I can resell my toaster, my car, my old socks, my books

Once you resell them, you can no longer use them. This is not the case with a video game installed to a PC's hard drive.

my CDs

Once you resell them, you can no longer use them. Record labels are supposed to get compensation from blank CD-R manufacturers for the use case of buy, burn, sell.

Re:Buy, burn, sell (1)

Xest (935314) | about a year ago | (#43035721)

"Once you resell them, you can no longer use them. This is not the case with a video game installed to a PC's hard drive."

The same is true with a lot of things, buy a recipe book, photocopy what you want/write it down, sell it on. Hell, just about every country on the planet even institutionalises this sort of behaviour through libraries which tend to have photocopiers in them precisely so you can duplicate what you need without ever buying a book.

Rip your CDs/Movies/Bluray to file format, and sell them on.

"Once you resell them, you can no longer use them. Record labels are supposed to get compensation from blank CD-R manufacturers for the use case of buy, burn, sell."

Only in a very tiny minority of countries.

These are really poor excuses, and are demonstrably false examples as to why computer games are different, because clearly they're not. There's literally no excuse for computer games and software being different to any other product. VHS, Audio tapes before them were in exactly the same situation, yet you could still sell all of these things on.

Re:Buy, burn, sell (1)

tepples (727027) | about a year ago | (#43037565)

Hell, just about every country on the planet even institutionalises this sort of behaviour through libraries which tend to have photocopiers in them precisely so you can duplicate what you need without ever buying a book.

I was under the impression that one was expected not to photocopy an entire book but just a few pages.

Rip your CDs/Movies/Bluray to file format, and sell them on.

Music CDs perhaps, but DVD and BD video have copy protection. In Slashdot's home country since the fourth quarter of 1998, ripping tools have been illegal to produce.

Record labels are supposed to get compensation from blank CD-R manufacturers for the use case of buy, burn, sell.

Only in a very tiny minority of countries.

Slashdot's home country has been among this "very tiny minority" since its Congress passed the Audio Home Recording Act.

VHS, Audio tapes before them were in exactly the same situation, yet you could still sell all of these things on.

Analog has generation loss, something that would be unacceptable for a video game or any other computer program. In addition, VHS has the analog copy protection signal formerly known as Macrovision. In Slashdot's home country since the fourth quarter of 1998, VHS has had the DMCA that requires VCRs to degrade the recording when this signal is detected.

1. Underwear 3. Profit (1)

WillAffleckUW (858324) | about a year ago | (#43029099)

My idea of a paid app for the FF OS is one which collects Underwear and advertising Cookies, stuffs the cookies in the underwear, wraps them in a 3D printed biodegradeable "plastic" wrap, and sells them at a profit.

In other words:

1. Underwear
2. Cookies
3. Package them ...
5. Profit!

Best part is it's green.

Cause that's what the cookies and underwear look like by the time they get to the end consumer.

Re:1. Underwear 3. Profit (0)

Anonymous Coward | about a year ago | (#43032345)

I concur with this post and would like to add that "FF OS" is actually an abbreviation for "Fist Fuck Operating System"

Not so fast (4, Insightful)

JanneM (7445) | about a year ago | (#43029229)

"and how manufacturers and carriers actually seem eager to use these new operating systems to differentiate their products"

One of those carriers is NTT DoCoMo. They will introduce a Tizen-equipped smartphone here in Japan in the near future. Win for open source, bully for you, champaigne all around, right?

No. The reason they want to use Tizen is because Android is too open and out of their control. They can't lock down their Android phones more than they already do. They'd effectively have to dump the Google Play store and force people to only use their own curated store instead. But that means losing the other Google apps as well, and most of the apps people are expecting to find. That horse has long left the barn.

With Android, NTT can't control what apps people can download and use; can't impose app-specific restrictions or extra bandwidth charges, and they certainly don't get a cut of the money changing hands for apps and services. They see a future where they just supply the communication pipes, and they are terrified of that.

So, Tizen is their solution: An OS where they can completely lock down the phone, provide you with only the apps available in their app store, and take a hafty cut from both developers and users for the privilege of appearing there. A return to a time where you spent most of your time and all of your money in the provider's walled garden, not out on the open net.

Which is why, for all that I love open source, I will never consider buying such a phone and will never recommend one to anybody. This is a play for closing down the mobile net, not opening it up.

Re:Not so fast (1)

rtb61 (674572) | about a year ago | (#43029427)

Whether or not they can sell their solution in the way they would prefer to sell it, is of course another question. There remains a huge choice of unlocked phones which allows the user to go where they will and always remains the preferable recommended choice. Ego drives the purchase of high priced contract phones by offsetting but increasing the cost over time.

It seems most larger companies want to be publishers rather than developers as that's were the real money is and high cost creative talent is not required.

Re: Not so fast (1)

JanneM (7445) | about a year ago | (#43030171)

There are no unlocked phones for sale in Japan. They're all locked to the provider.

Re:Not so fast (1)

mutantSushi (950662) | about a year ago | (#43030489)

Good summary of the real motivations of the carriers with these 'alternate' OS's. Those who can use unlocked phones may benefit from the growth of alternate OS's using vanilla OS builds and independent apps stores... But what I don't get is how these alternate OS's really 'benefit' the network providers (with aspirations to be more than that): Android can already be used outside of Google's dictate, you simply can't use Google applications or Store. But if you use some other entirely different OS, you also are not using Google's Android apps, or it's Store... So what's the difference? (incidentally, I would say that loss of Google Map application is the biggest deal, Stores can be replicated)

Re:Not so fast (1)

squiggleslash (241428) | about a year ago | (#43033867)

If I understand you correctly, they don't want to provide a locked down Android because that means they'd have to create their own app store, so they want to go with Tizen and provide their own app store with it.

I don't understand this.

Re:Not so fast (1)

JanneM (7445) | about a year ago | (#43039943)

The difference is that now people expect an Android phone to have the Play store, GMail, Maps and so on. With a different system they can supply their own, separate apps and a locked-down store. Then they'll sell it on it all being specially adapted for Japan (with every app properly localized for instance), and being much more secure and easy to use for their users and so on.

I didn't say it is a good idea - and I suspect it will fail - but it's a bit more subtle and a little less ridiculous than your summary implies.

Re:Not so fast (1)

hobarrera (2008506) | about a year ago | (#43038027)

The problem isn't the OS. The problem is you're buying a phone from a service provider.
You should buy phones from phone dealers, and services from service providers, never mix those things up.

Re:Not so fast (1)

JanneM (7445) | about a year ago | (#43040007)

If there were any independent phone dealers in Japan, I would. But the only dealers here are the service providers.

And up until recently, everything was completely locked; can't use a different SIM with your phone; can't use a non-company phone with your SIM. Lately it has loosened up a little. You can sometimes get your phone SIM unlocked for a fee (you need to say you're going on an overseas trip), and one type of DoCoMo LTE SMs will work in any phone - but you need a DoCoMo phone to buy that SIM in the first place.

The phone market here well and truly sucks.

Why paid apps? (1)

GameboyRMH (1153867) | about a year ago | (#43029513)

Home/consumer software has been post-scarcity for a long time, why reject free software and try to stuff the genie back into the bottle? You want paid software to attract developers so there will be apps right? But there are already apps! Just skip to the last step. And when you provide such a platform developers will have an incentive to fill any gaps by releasing their own solutions as seen on Maemo.

Priced games (1)

tepples (727027) | about a year ago | (#43029805)

Home/consumer software has been post-scarcity for a long time

Including games? I thought games needed skills from multiple disciplines [pineight.com] , some of which have not yet developed a mentality analogous to the free software movement. And how well has free accounting software been able to keep up with annual updates to tax codes in all industrialized jurisdictions?

What happened to FOSS? (0)

Anonymous Coward | about a year ago | (#43029845)

I was under the illusion that Mozilla were still committed to keeping things free. Now they want to build a crappstore just like everybody else. I think they're a bit late to that party.

Eh... (0)

Anonymous Coward | about a year ago | (#43034143)

Can we go back to just being an Internet browser?
Maybe a fork is needed.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...