So one of my main concerns with this latest update of Bakers Game is the cost. The marginal cost of a solution is practically zero - and so is its utility. This forces the cost per solution downward.
There are other considerations involved beyond a pure profit from Bakers Game, of course. As a technological demonstration it will be a nice feather in my cap. It will tie a lot of disparate programming elements together to make a nice personal challenge. I can use it as a geek shibboleth at parties. However the costs have to be kept down.
The main problem with costs will be piracy. Bakers Game has already been hacked and is available on various and sundry Chinese hacker sites. Some of them charge 99 cents up-front for the cracked version (sigh). If any idiot can download a cracked version and dump a boatload of solver requests against my EC2 instances my utilization spikes and my wallet empties. Securing the requests with encryption is pointless - it would restrict me to US and Canada sales only (stupid export restrictions), and the Chinese would simply drop some coin to acquire the key. I would see one sale and then a million solver requests.
So if the set { app , phone , user } cannot be trusted, there are only two things left to trust. I can trust myself and the servers I setup.
The user will purchase solution credits via Apple's In-App purchase. The app sends the receipt over to my servers - and my servers can establish their own channel to Apple to verify that the receipt is valid. If the receipt is valid the user is credited - and the credit amount is stored on my servers. Sure, the user gets a copy - but the official record is on machines under my control. The app then receives a randomly generated token from my servers for each purchase, and this token must be sent for any request.
What this means is that some enterprising hacker group will purchase solver credits and embed the resulting token into their cracked version. Anyone who downloads their cracked app, though, plays in the same sandbox as EVERY OTHER pirate. My problems are solved - I'm selling solution credits rather than unlimited access. The more pirates the faster the credits are expended for ALL of them. But it's also fair if one of the pirates opts to go legit - the purchase of credits generates a new token sent only to that phone!
More posts on the architecture will follow, but meanwhile ... keep coding!
No comments:
Post a Comment