How Paid Apps On Firefox OS Will Work 74
An anonymous reader writes "Mozilla has put up a blog post about how building a paid app will work for Firefox OS. The Firefox Marketplace will host web apps, and Mozilla is quick to point out that the apps won't lock you into Firefox OS. They will use the receipt protocol, which other devices can support. If they end up doing so, users could buy the app just once and run it anywhere. 'There is, of course, a chicken vs. egg problem here so Mozilla hopes to be the egg that helps prove out the decentralized receipt concept and iterate on the protocol. Mozilla invites other vendors to help us work on getting receipts right so that paid apps are as portable and "webby" as possible.' Mozilla has a JavaScript API for exposing device receipts, and a client-side library can then contact a verification service URL from the receipt."
Somewhat related: a recent panel at Mobile World Congress consisted of representatives for Firefox OS, Ubuntu for Phones, and Sailfish OS. They spoke about the need for alternatives to Android and iOS, and how manufacturers and carriers actually seem eager to use these new operating systems to differentiate their products
Re: (Score:1)
Re: wtf (Score:2, Funny)
Whatever APK isn't taking
Re: (Score:2)
Anonymous Paid Koward?
Re: (Score:2)
Several sharp blows to the head with a ten pound sledgehammer would likely do the trick.
DRM? (Score:2)
What are they going stop piracy, since it's all HTML and JS?
Does it mean that's it's trivial to copy paid apps and send them to your friends?
Re: (Score:2, Insightful)
I imagine you could tie in the purchase token as a means to run the application.
Comment removed (Score:5, Informative)
Re: (Score:2)
Except that it's almost totally useless because there is no validation that the receipt is tied to a user! If you want to try to prevent that you have to implement your own server proxy, at which point the whole concept of a centralized Firefox marketplace becomes kind of redundant.
"Even if you validate receipts for your paid app, it can be pirated if someone passes around the receipt. The receipt validation methods given above do not prevent this. If you want a better defense against piracy, you might wa
Re: (Score:1)
Good luck competing if you can't guarantee developers will make anything on their apps...
Okay, your post was fine until this.
NO app store ANYWHERE has EVER guaranteed that developers will make anything on their apps! That would be insanely stupid! A malicious developer could make a million retarded apps and if approved, they would *have* to make money, due to that guarantee! The app store would go out of business in a heartbeat!
Re: (Score:2)
Yeah, duh. You are being completely, pointlessly pedantic. Obviously we are talking about some *reasonable* attempt at anti-piracy here, and it refers to apps that people install on their devices and use, not free apps and not apps that no one uses.
Re: (Score:1)
Re: (Score:2)
1.- Selling service/support, 2.- selling hardware, and 3.- The tin cup. that's it, that's why despite all those triple A game engines that keep getting donated you'll never see a F/OSS game the quality of Bioshock, because games don't fall under the blessed three and therefor you won't be able to survive. This is why every F/OSS game either has graphics that could be done on an N64 with cycles left over or is yet another DM/CTF Q3 Arena ripoff, because those can be cranked out without nearly the amount of work as something triple A quality.
I mostly agree, except there is quickly becoming a #4 in that list (though you could try fitting it into #1a if you squinted) - microtransactions (see the EA article posted today). Of course, that also requires significant server support and a LOT of upfront risk to assume people will download your game for free and pay you for extra features.
Honestly I hope that does NOT become a viable business model for AAA games, since it's an intrusive and annoying interruption from the potential immersiveness of a go
Re: (Score:2)
Re: (Score:2)
#5 Kickstarter or crowdfunding generally.
Ok, you could also fold that into #3 if you push hard enough, but the difference is you're not paying for something you already have, but for something that doesn't exist yet, that you'd like to see created. Don't know if there's been any triple AAA level games funded this way, but I like to think it could happen.
Re: (Score:2)
Also ... #6 Merchandising! Works for Angry Birds and probably a few others I can't be bothered to think of at the moment.
Granted, it wouldn't work for most games, and is something you can get only if you're really really lucky and not something you can rely on when developing the game, but still ... it could theoretically work out for a FOSS game if it was super popular.
Re: (Score:2)
True - and I don't know if it will be strictly "AAA" (though that is a somewhat subjective term, unless the definition just involves amount of money spent making it) - but the Double Fine Adventure project might be close...
Re: (Score:2)
Re: (Score:3)
"A Web Application Receipt is a portable, verifiable proof of purchase token.. The Web Application Receipt is implemented as a digitally-signed JSON data structure."
I imagine you could tie in the purchase token as a means to run the application.
yea, so fucking what? ever thought about changing the line to receiptReceived = true; doesn't matter one fucking bit if the receipt is signed or not for standalone apps - in that use case it hardly matters all if the receipt was signed or not, it's just a boolean that the developer must blindly trust that the user doesn't change.
that was the point, that it's trivial to take the checks out of standalone apps on the platform. much more so than on android where it's pretty simple to begin with.
so most of the p
Re: (Score:1)
Average user most probably wouldn't be able to edit an INI file to say "Registered=1".
JS is not machine code. You can't rely on ring 0 drivers to protect you from debuggers, so all the pirate needs to do is to set breakpoint on validation API call. Obfuscation and encryption won't really work, because at some moment you'll have to have unobfuscated script, and extracting and resaving that script is nowhere as complex as patching self-modifying machine code which generously spread its decrypted routines all over the memory.
Webapps DRM is nonsense, as long as you don't completely lock the device from the user and/or don't hide most of your app's functions at server side (and would you like your Angry Birds to be unplayable once you get in the metro?)
Don't under-estimate the dynamic abilities of javascript. With eval(), the ability to make self-modifying code is essentially there. Also, C++-to-JS compilers like Emscripten use typed-arrays to emulate system memory anyway. It's definitely within the realm of possibility to see a tool that abuses JS's dynamic nature to make API calls obfuscated. You may be able to break on an API call, but the calling code may still be non-trivial to modify.
PC games with always-on Internet requirement (Score:2)
and would you like your Angry Birds to be unplayable once you get in the metro?
Some well-known PC games published by Ubisoft and Actiblizzard already are.
Re: (Score:2)
yea, so fucking what? ever thought about changing the line to receiptReceived = true; doesn't matter one fucking bit if the receipt is signed or not for standalone apps - in that use case it hardly matters all if the receipt was signed or not, it's just a boolean that the developer must blindly trust that the user doesn't change.
After "minifying" the JS and running it through google closure compiler (https://developers.google.com/closure/compiler/), the JS is going to be so obfuscated that the average user (possibly even the average coder) will not be able to make such a simple change. This sort of minification is standard practice for widely distributed scripts in order to cut down on bandwidth. The inconvenient (or I guess convenient for developers in this case) side effect is that closure compiler not only performs shallow changes like shortening variable names, but also changes loop structures and whatnot, much like an actual optimizing compiler. What you're proposing in this case would be akin (not exactly alike) to altering the assembly code to bypass DRM on an executable - feasible for someone with the tools and know-how, but not exactly simple.
the fuck it will be. you know why it's easy to find the place to change? because the external api call can't be minified! doesn't matter if you use eval trickery, it's still fairly easy to crack on the overall scale of things, the api call itself isn't even what has to be altered but insertion of code that changes the paid status.
it's much easier than altering assembly no matter how you put it. and only one user has to do it and post it. pretty much even all symbian apps were available cracked and that's a
Re: (Score:1)
That's more than one word.
Another app store (Score:1)
just what the world needs
that all actually sounds fairly reasonable (Score:5, Insightful)
I guess there is some advantage to having a nonprofit organization active in this space...
Re: (Score:2)
Exactly. It's a breath of fresh air to see an announcement like this and discover that it isn't about locking me into their ecosystem.
Hopefully Google (the only other player with a web app store - that I know of) will implement support for that 'receipt protocol'.
Re: (Score:2)
Amazon is another very popular vendor that could use this. Not sure they would want to though.
Lots of little android app stores too.
DOA (Score:4, Informative)
Re:DOA (Score:4, Insightful)
You mean, like the latest Windows mobile offerings, which will be dead in nine months, even with a large infusion of capital?
Re: (Score:2)
And you don't think the combined market and monetary power of Google and Apple going after Redmond from multiple attack points wouldn't harm Microsoft? The days when Microsoft held the market clout to abuse in this fashion are long gone.
Re: (Score:3)
This experiment will be over in 9 months without a large infusion of capital.
Good thing that Google is giving Mozilla $300 million/year then
Re: (Score:2)
This experiment will be over in 9 months without a large infusion of capital.
Good thing that Google is giving Mozilla $300 million/year then
That's not large. That covers operations and salaries with current R&D.
Re: (Score:2)
Or 18 months with a large infusion of capital.
Re: (Score:3, Insightful)
You're forgetting this is brought to you by the Mozilla Foundation. It's a good feature, you will like it, and if you don't then you'll just have to get used to it because they're going to remove other features you actually use until you do.
Seriously, I'm convinced those clowns would rather run the browser into the ground than admit they made a mistake...
These are just glorified web bookmarks (Score:1)
Re: (Score:1)
That only works if you're behind a FireFox FriendlyFirewall on FollowFriday.
PC games already using this (Score:2)
A major issue I see with a developer using a proxy to validate the receipt is that when the proxy is no longer maintained the app no longer works.
Which is different from Steam games, Assassin's Creed 2, Starcraft 2, and Diablo 3 in what way? A lot of recent PC games use not only Internet activation but also periodic or even continuous revalidation of the license, possibly disguised as cloud backups for saved games.
Re: (Score:2)
In theory if [the Steam authentication server] disappears you could still at least play what was installed.
Until your offline mode ticket expires.
Re: (Score:2)
Well there is another way.
Just drop DRM.
Even with a recent resurgence in PC gaming, PC games sales are still at a low compared to the 90s where games like Doom and so forth easily outsold 99% of games released nowadays despite there having been an explosion in people with PCs since then. None such games had DRM, so there's absolutely no evidence whatsoever that DRM is of any benefit, correlation is not causation so we can't say that DRM is the reason people have been put off PC gaming, but we can be fairly
Buy, burn, sell (Score:2)
I can resell my toaster, my car, my old socks, my books
Once you resell them, you can no longer use them. This is not the case with a video game installed to a PC's hard drive.
my CDs
Once you resell them, you can no longer use them. Record labels are supposed to get compensation from blank CD-R manufacturers for the use case of buy, burn, sell.
Re: (Score:2)
"Once you resell them, you can no longer use them. This is not the case with a video game installed to a PC's hard drive."
The same is true with a lot of things, buy a recipe book, photocopy what you want/write it down, sell it on. Hell, just about every country on the planet even institutionalises this sort of behaviour through libraries which tend to have photocopiers in them precisely so you can duplicate what you need without ever buying a book.
Rip your CDs/Movies/Bluray to file format, and sell them on.
Re: (Score:2)
Hell, just about every country on the planet even institutionalises this sort of behaviour through libraries which tend to have photocopiers in them precisely so you can duplicate what you need without ever buying a book.
I was under the impression that one was expected not to photocopy an entire book but just a few pages.
Rip your CDs/Movies/Bluray to file format, and sell them on.
Music CDs perhaps, but DVD and BD video have copy protection. In Slashdot's home country since the fourth quarter of 1998, ripping tools have been illegal to produce.
Record labels are supposed to get compensation from blank CD-R manufacturers for the use case of buy, burn, sell.
Only in a very tiny minority of countries.
Slashdot's home country has been among this "very tiny minority" since its Congress passed the Audio Home Recording Act.
VHS, Audio tapes before them were in exactly the same situation, yet you could still sell all of these things on.
Analog has generation loss, something that would be unacceptable for a video game or any other computer program. In addition
1. Underwear 3. Profit (Score:1)
My idea of a paid app for the FF OS is one which collects Underwear and advertising Cookies, stuffs the cookies in the underwear, wraps them in a 3D printed biodegradeable "plastic" wrap, and sells them at a profit.
In other words:
1. Underwear ...
2. Cookies
3. Package them
5. Profit!
Best part is it's green.
Cause that's what the cookies and underwear look like by the time they get to the end consumer.
Not so fast (Score:5, Insightful)
"and how manufacturers and carriers actually seem eager to use these new operating systems to differentiate their products"
One of those carriers is NTT DoCoMo. They will introduce a Tizen-equipped smartphone here in Japan in the near future. Win for open source, bully for you, champaigne all around, right?
No. The reason they want to use Tizen is because Android is too open and out of their control. They can't lock down their Android phones more than they already do. They'd effectively have to dump the Google Play store and force people to only use their own curated store instead. But that means losing the other Google apps as well, and most of the apps people are expecting to find. That horse has long left the barn.
With Android, NTT can't control what apps people can download and use; can't impose app-specific restrictions or extra bandwidth charges, and they certainly don't get a cut of the money changing hands for apps and services. They see a future where they just supply the communication pipes, and they are terrified of that.
So, Tizen is their solution: An OS where they can completely lock down the phone, provide you with only the apps available in their app store, and take a hafty cut from both developers and users for the privilege of appearing there. A return to a time where you spent most of your time and all of your money in the provider's walled garden, not out on the open net.
Which is why, for all that I love open source, I will never consider buying such a phone and will never recommend one to anybody. This is a play for closing down the mobile net, not opening it up.
Re: (Score:2)
Whether or not they can sell their solution in the way they would prefer to sell it, is of course another question. There remains a huge choice of unlocked phones which allows the user to go where they will and always remains the preferable recommended choice. Ego drives the purchase of high priced contract phones by offsetting but increasing the cost over time.
It seems most larger companies want to be publishers rather than developers as that's were the real money is and high cost creative talent is not
Re: Not so fast (Score:2)
There are no unlocked phones for sale in Japan. They're all locked to the provider.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
The difference is that now people expect an Android phone to have the Play store, GMail, Maps and so on. With a different system they can supply their own, separate apps and a locked-down store. Then they'll sell it on it all being specially adapted for Japan (with every app properly localized for instance), and being much more secure and easy to use for their users and so on.
I didn't say it is a good idea - and I suspect it will fail - but it's a bit more subtle and a little less ridiculous than your summa
Re: (Score:2)
Re: (Score:2)
The problem isn't the OS. The problem is you're buying a phone from a service provider.
You should buy phones from phone dealers, and services from service providers, never mix those things up.
Re: (Score:2)
If there were any independent phone dealers in Japan, I would. But the only dealers here are the service providers.
And up until recently, everything was completely locked; can't use a different SIM with your phone; can't use a non-company phone with your SIM. Lately it has loosened up a little. You can sometimes get your phone SIM unlocked for a fee (you need to say you're going on an overseas trip), and one type of DoCoMo LTE SMs will work in any phone - but you need a DoCoMo phone to buy that SIM in the f
Re: (Score:2)
Then the problem is the market/culture, and (again) not the actual OS.
Why paid apps? (Score:2)
Home/consumer software has been post-scarcity for a long time, why reject free software and try to stuff the genie back into the bottle? You want paid software to attract developers so there will be apps right? But there are already apps! Just skip to the last step. And when you provide such a platform developers will have an incentive to fill any gaps by releasing their own solutions as seen on Maemo.
Priced games (Score:2)
Home/consumer software has been post-scarcity for a long time
Including games? I thought games needed skills from multiple disciplines [pineight.com], some of which have not yet developed a mentality analogous to the free software movement. And how well has free accounting software been able to keep up with annual updates to tax codes in all industrialized jurisdictions?