A: That is not possible. In order to crack the game, there need to be a protection to crack. There is none.
B: They can't do that. There is no code which phones home, so they can't remove it.

Would the "Try before buy" guys not play with the demo instead of the pirated copy?
Besides they will know what happend, and then buy the game if they like it, on not buy it if they don't

Let me try to explain it:

Java (The language and vm) does in general allow code to do anything. Mess up the system, call native methods and so on. In this it is no different from other languages such as c++ and php, which is why no one are running c++ og php directly in a browser*.

But sun wanted to be able to run Java code in the browser, so they made an security manager, which in principle allow you to specify exactly what parts of the java standard library a program should have access to. So you can restrict file access, to specific sub directories. Control thread and process control, class loading and so on.

So each call to a potential dangerous method first goes to the system manager to ask for permission, and if permission is granted the rest of the method is executed. And here is part of the problem: Default for all methods is access granted if there is no call to the security manager.

So for every method in the Java library, they had to determine if it could me misused, and it it could be misused, they had to insert call to the security manager to verify that the user have access to use this method in this way based on the arguments to the method.

And just one method which don't verify its argument as good as it should is enough to grant access.

The problem is made far worse by the combination of the java class loader which loads classes dynamicly, and the java reflection api which allows dynamic class loading and method calling. Verifying that code can't use the reflection and class loader to bypass the security system is really difficult, as proved by the many security problems.

So when people say the problem is in the java browser plugin, they are not exactly right. The problems are in the java security manager, but I think the browser plugin is the only component which uses the security manager. Our server code for example don't need a security manager to control exactly what our code have access to, because the code is written by guys we trust, and the rest of the security is handled by the system.

*Or at least should not. Active X is Microsofts version of the "Try to run untrusted general purpose code in the browser project". And its security record is as bad as javas.

You can make a region private. That way only you, or frieds who you explicit invite can play a city in the region. That way it is single player.

Don't prove much. Remember: All the citys in the region(Normally 3 or 5, but can be up to 16) will in most cases be controlled by the same player. No need for internet to emulate that.

Yes the game does have an online global component, but its effect is currently very limited, and the game would work just as fine without it. Its only effect is that the import/export prices changes, based on the import/export of all cityes on your server. You could just use a random function to change the prices of resources, and the game would run fine without any internet.

I guess the reason the pirates don't have a working server already, is that it's very difficult to reverse-engineer the client/server communication as long as it is as unreliable as it currently is.

The "Facebook like" referer to the fact that you get free items(Firetruck, police cars and so on) which you can't use in your own city, but which you can give to an other city and earn a bonus that way. Like all the facebook games, where you give resources to your facebook frinds.

Do you really think it need to be referer free? I can't imagine anyone reading this story, and then thinking: Hey I need to buy this game now :}

The city you play with is NOT partly calculated server. And I know this because the city building itself works fine even when the ea server is crashed and no data is passed between the server and client. Only save, and change city/region stops working.

All you really need to implement to pirate the game, is a service which can load/save the game. And then you can just return fixed values for the global marked place. Then you have a perfectly working pirated game.

I don't know how complicated the load/save thing is, but If we are luckey, save just serialize the data and send it to the server, and load just get the same serialized stream back. If they do it that way, making a pirate save function should be rather simple. They did it for settlers 7.

The servers are handling a part of the game which is not that important. That is: The global marked placed. And while it is an interesting feature it is in no way vital to the system.

And I know this because I bought the game, and managed to play half an hour with absolut no internet connection and it worked fine. But then I wanted to change region, and I have been unable to play since. But once you get a game started you can normally play until you want to change to a new city. (Or the game crashes, or you look the wrong way).

Where did they ever give that answer? All the beta testers have reported that if you pull your your internet cable, the simulation will continue to run fo at least a couple of minutes on the local machine. So I don't think the servers are running any simulation other then the global "Take import/export from all cityes, and calculate a global marked price for resources" part.

Sorry, but I will keep using java server side. I just hope I don't end up with that "Ask toolbar" on our server :}

And the fact that the Java Security Manager is as safe as an open door, does not really matter because 99% of all server side java code, is running without the security manager. (Or at least without relaying on the Security manager to provide security).

Am I the only one who think about giant worms each time i hear about the "Maker movement" ?

I think that using "tens of thousands of our nation's best and brightest engineers" to build something more useful instead would be a good choice.