

Show HN: Deck of Cards – A playing card API - crobertsbmw
http://deckofcardsapi.com

======
Kortaggio
FYI You probably don't want upload your secret keys in plaintext to GitHub:
[https://github.com/crobertsbmw/deckofcards/blob/687881c8408a...](https://github.com/crobertsbmw/deckofcards/blob/687881c8408aedbe78979205ac9a4fd71b37ec9e/spades/settings.py#L13)

~~~
gknoy
Note also: The github event feed appears to be public, so people have often
had bots listen automatically for keys for exploitation. I recall reading
(earlier this year?) about how someone had some $Ludicrous AWS bills because
of this.

~~~
crobertsbmw
Yeah, I noticed that as soon as I uploaded it. So I changed the keys that are
in production from that which is on github.

------
skeoh
Cool idea. Some small notes:

> After two weeks, if actions have been made on the deck then we throw it
> away.

I presume this should say if NO actions have been made. Sending the card image
URL is wasteful considering the address is deterministic. Also, you will want
to implement a true random shuffle if you want anybody to use this API
seriously (see [https://www.random.org/](https://www.random.org/)).

This is a really interesting project. Good luck!

~~~
crobertsbmw
True Random Shuffle is an interesting concept. Is shuffling a deck of cards
truly random? What if I tried to simulate the event of shuffling. e.g. split
the deck (list) into two, then choose 1-5 cards at a time from each half of
the deck to rejoin the cards back into one. Then repeat.

~~~
skeoh
There is a good discussion here
([https://news.ycombinator.com/item?id=7207851](https://news.ycombinator.com/item?id=7207851))
about random shuffling in the context of online poker. The specifics of your
shuffle algorithm don't really matter if your numbers aren't truly random.

------
PebblesHD
Neat! The semi-persistant decks are a nice feature and will no doubt prove
useful for any form of long-lasting multiplayer games. My query though, why
send the image url by default? it seems like an overhead that can be done
without. How random are the results likely to be?

~~~
ClassicFarris
I think this is a good idea. There can be a change in the structure of where
things are hosted (think moving the images to a CDN as traffic increases)
which won't require a new client to find the optimized images.

