Coder on Fire. Blog

Andrew Mason's personal blog

Hack day 3: dreaming of Micro Machines

Our third hack day started with a clear vision 'create an online multi-player racing game using the latest web technology'.

Inspired by the classic racing game Micro Machines, we planned to create a fun sandbox game where the visitors would be dropped into a world along with fellow site visitors. They could race around, bump into other people and generally explorer.

The day was off to a good start. We had the idea, knew what technology we were going to use and even converted a nearby window into a post-it note task list. It was only several hours later that we realised all was not well.

It turns out node.js is hard, and using undocumented second generation ports of physics engines is even harder. While Jon was busy creating some sweet vector artwork, myself and Kenneth were in constant state of code rewriting and caffeine drinking. A few hours later and the coffee had been replaced by some lovely ale, but the code refused to fit together.

After some pizza and another ale, we finally got the code running. Little vector cars were driving around, colliding and bouncing using real world physics. The problem was it didn't work particularly well, only running smoothly a quad core CPU.

We decided to call it a night and head to the pub, where we'd figure out what our next steps would be. Jon had almost finished the artwork but we didn't have the code to use it, so we made the decision to simplify. Out went the Box2D physics engine and in came a simple driving system. If we could manage to get the cars driving around without slowing down the system we might be in with a chance.

A bacon and scrabbled egg breakfast was the perfect start to day two. We had four hours to rewrite the driving code, integrate the SVG artwork and get node.js up and running. With bellies full of bacon and all the coffee we could drink, we set to work.

It was around this point it began to dawn on us we might have bitten off more than we could chew. Software like node.js and Box2D might seem like simple solutions when looking at carefully crafted examples, but when it comes to using them in your own projects you soon realise they have a complexity all to their own. I wanted Box2D to model simple forces, but the lack of clear documentation and abundance of obscure methods made the task difficult. Writing your own simplified solution from scratch is time consuming. Choosing the write solution can make or brake a project.

While we didn't manage to completeour vision of an online racing game, we did get to use some amazing technology and Jon made some gorgeous artwork. I also gained a new found respect for game programmers, especially those who write for the browser.

And so ended hack day three that also marked the end of an era as one of the fellow hackers is leaving for bigger and better things. I hope that it in some small way his good fortune was influenced by the few projects we made on our hack days, and if so I would like my 33% share of the stock options ;-)
(download)

Minecraft now controls the horizontal and the vertical

I think I've made a terrible mistake. Over the last few weeks I've been reading about the growing success of Minecraft, so I decided to buy in and see what all the fuss was about. It's now lunch time at work and I've spent the last half an hour mining iron ore and spelunking, a term I only learnt after playing this game.


There's a fun write up available explaining how Minecraft works and why it's so fun to play. But just reading about this game can't capture the amazing nuances that make it so entertaining. There's the joy of exploring massive underground caves, crafting your own tools from raw materials only to use them to make more advanced tools, and fighting creepers, skeletons and spiders with the fear of losing everything you spent time crafting.

It's the simple elegance and focus on exploration that makes this game such a rewarding experience. For all the time you spend mining and crafting, you are constantly rewarded with a sense of accomplishment and tempted to go that little bit further. Minecraft takes the part of your brain that found Theme Park and the Tycoon games so compelling and boils it down into a near perfect sandbox game.

Now if you'll excuse me, I have some smelting to do.

(download)

L4D2 co-op comes to an end

So L4D2 has finally come to an end *sigh*. Our weekly four player co-op gaming sessions culminated tonight in the completion of the final chapter.

I was surprised at how easy it was compared to earlier chapters, but overall a good finish. However, nothing could top the previous chapter, Hard Rain. That chapter is one of my all time favourite gaming experiences so far. From the multiple witch kills, to the awe-inspiring special effect that made you feel you where in the midst of a force ten storm. Hard Rain was perfect.

So farewell L4D2, you gave us many good times, and I see you again soon when the next DLC arrives.

No you can't have my password

I recently had reason to question the security of my phone which led me to thinking about what services I've placed my trust in.

Back in December I purchased a HTC Hero and quickly found HTC slow at updating the Android OS. Being the geek that I am, I rooted the phone and started using custom ROMS. All was well until last weekend when I installed a new ROM that was so overly customised I was concerned about the safety of my Google account.

I use Google a lot, they have my emails, SMS messages, credit-card details, budget spreadsheets and more. So it's fair to say I prize my Google account and make sure its protected with a strong password. So when this ROM asked for my Google account name and password, it was pause for thought; What's stopping someone from adding code that collects my account details? It hasn't been officially approved. I'm downloading it from a public forum, sometimes from file sharing sites such as RapidShare. The full source code isn't available, and even if it was, how am I sure the binary was compiled from that source? The answer is I can't be sure. I'm taking a risk and placing my trust in the good will of a stranger.

There's always a level of trust asked of us when we use technology. From Window's OS to the Linux kernel, we hope that commercial interests and peer review will protect us. So what happens when small, immature services ask us to hand over our passwords?

One solution is oAuth, eliminating the need to pass your credentials directly but instead deferring to the original provider. This allows for granular control over what data can be accessed and providing a way to revoke that access. Twitter, Android Apps and even Facebook are all examples of this oAuth model.

So it's a shame to see websites still asking for your prized passwords. For example, many social sites will ask for your Google user name and password so it can connect with your friends. This is a bad precedent not only because it trivialise the importance of security but there's no assurance that a rogue employee, error log or cache dump wont let slip your precious password.

So what can be done to protect your accounts? Vigilance, common sense and a small amount of paranoia will all help. Regularly checking and pruning what has access to your accounts, such as your Google account, applying the Duck test, and searching for chatter around any new service are all good preventative measures that will help keep your accounts safe. But its also import to put pressure on those sites that ask for account passwords, pushing them to transition over to more secure techniques like oAuth.