T=Machine

It looked so good, finally – a decent Git client for Mac.

But, no. It just – simply – doesn’t work (version 1.2.1). Great for browsing, but sometimes you simply can’t commit changes to a repository! (a few hours earlier, it was committing fine. Nothing had changed in the meantime)

And what do you get as an error, when you try?

“A git error occurred.”

Seems the folks at GitHub know this is unacceptable. Because they also put a message onto the (invisible) system console:

-[GHErrorSheetController presentWithError:] [Line 84]
Presenting with error, but let’s do better guys: Error Domain=GHGitControllerErrorDomain Code=556 UserInfo=0x117f63fa0 “A git error occurred.”

For the record, there was nothing wrong, and no errors – all other clients worked fine. So it’s probably an internal problem with GitHub’s code. They know it’s a problem (they wrote an error for it) but they won’t tell you what that problem is. Classy :)

(No Ratings Yet)

 Loading ...

Filed under : programming

2 Comments »

Two things here: if you run any Rails site, check out the security hole ASAP if you haven’t already. You might be safe – but given that even GitHub wasn’t, I’d double check if I were you. (The Rails community seemingly isn’t patching it – and there’s nothing recent on the Security list. Which leaves me going: WTF? The evidence is right there on GitHub of how bad this is right now, in the wild).

Secondly … what just happened? Apart from doom and gloom and “the end of every unpatched Rails site on the planet”, there’s a fun story behind this one. As someone put it “it’s the whitest of white-hat attacks” (i.e. the “attacker”‘s motives appear extremely innocent – but foolish and naive)

It seems that GitHub got hit by the world’s nastiest security hole, in Rails – trivial to take advantage of, and utterly lethal. The hole appears to allow pretty much anyone, any time, to do anything, anywhere – while PRETENDING to be any other user of the system. So, for instance, in the attack itself, someone inserted arbitrary source code into a project they had no right to.

Hmm. That’s bad. It effectively destroys GitHub’s entire business (it’s already fixed, don’t worry)

But it gets worse … it’s a flaw in the RoR framework, not GitHub itself (although apparently GitHub’s authors were supposed to know about the flaw by reading the Rails docs, as far as I can tell from a quick glimpse at the background). Rails authors have (allegedly) known about it and underestimated how bad it is in the wild, and left Rails completely open with zero security by default.

So, allegedly, the same attack works for most of the web’s large Web 2.0 sites – any of them that run on Rails.

WTFOMGBBQ!

Who was the perpetrator of this attack? Ah, well…

made an impossible issue, a post that GitHub’s database believed was created 1,000 years in the future.

Classy. Dangerous (high risk of someone calling the police and the lawyers), but if people won’t believe you, and *close* your issues, claiming it’s not that important, what more amusing way to prove them wrong?

Whoops, shouldn’t have done that

I can’t state this strongly enough: never attack a live system. Just … don’t.

Any demonstration of a security flaw has to be done very carefully – people have been arrested for demonstrating a flaw allegedly *at the owner’s request*, because under some jurisdiction’s it’s technically a crime even if you’re given permission. In general, security researchers never show a flaw on a real system – they explain how to, and do it on a dummy system, so no-one can arrest them.

(why arrest the researcher? Usually seems to be no reason beyond ass-covering by executives and lawyers, and a petty vindictiveness)

Homakov appears to have been ignorant of this little maxim, hence I’m writing it here, let as many people as possible know: never attack a live system (unless you’re very sure the owners and the police won’t come after you)!

GitHub’s response

On the plus side, they fixed it within hours, on a weekend. And then proceeded to tell every single user what had happened. And did so in a clever way – they put a block on all GitHub accounts that practically forces you to read their “here’s what happened, but we’ve fixed it” message. They could have kept it quiet.

Which is all rather wonderful and reassuring.

On the minus side, IMHO they rather misrepresented what actually happened, portraying it more as a malicious attack, and something they fixed, rather than what it was – the overspill from an argument between developers on some software that GitHub uses.

And they initially reported they’d “suspended” the user’s account. Normally I’d support this action – generally it’s a bad idea to let it be known you’ll accept attacks and not fight back. But in this case it appears that GitHub didn’t read the f***ing manual, and the maintainers apparently (based on reading their tickets on the GitHub DB) refused to accept it was a serious problem – and apparently didn’t care that one of their own high-profile clients was wide open and insecure. The attack wasn’t even against GitHub per se – it was against the Rails team who weren’t acting. IF it had e.g. been a defacement of GitHub’s main site, that would have been different, both in impact and in intent. Instead, the attack appears to be a genuinely dumb act by someone being naive.

Seems that GitHub agreed – although their reporting is a bit weak, it happened days ago, but they never thought to edit any of their material and back-link it.

“Now that we’ve had a chance to review his activity, and have determined that no malicious intent was present, @homakov’s account has been reinstated.

…and it’s pleasing to see that their reaction included a small mea culpa for being unclear in what they expect (although anyone dealing with security ought to be aware of this stuff as “standard practice”, sometimes it’s not security experts who find the holes):

“We haven’t been as clear as we should have been on how to responsibly disclose security problems, and for that I’m sorry. To prevent future confusion about security-related account suspension, and to make explicit our stance on responsible disclosure, we have added a section entitled Responsible Disclosure of Security Vulnerabilities to our Security policy.”

Rails’s response

I’d expect: shame, weeping, and BEGGING the web world to forgive their foolishness. I’m not sure, but it’s going to be interesting to watch. As of right now, the demo’s of the flaw are still live. I particularly like one commenter’s:

drogus closed the issue 5 days ago

kennyj commented

5 days ago

“I’m closing it (again).
@drogus was close it, but it still open.
github bug?”

Closed

kennyj closed the issue 5 days ago

“github bug?” LOL, no – massive security flaw :).

(2 votes, average: 5.00 out of 5)

 Loading ...

Filed under : amusing, marketing and PR, programming, security, server admin, system architecture, web 2.0

0 Comment »

I’ve only played with this for a few minutes, but so far it seems to have an excellent, simple, clear GUI with the core features I’d expect. Way better than any other Git client I’ve seen for Mac. And it’s free!

GitHub for Mac v1.2.1 (NB: works with any Git server, not just GitHub.com!)

I’ve noticed some cosmetic bugs – e.g. it renders all the user-account avatars completely wrong (puts wrong image next to each commiter) – so I’d advise “use this with caution” until you’re sure it’s got no fatal bugs. Although, since it’s from GitHub.com, I expect it’s pretty robust.

(No Ratings Yet)

 Loading ...

Filed under : agile, programming

0 Comment »

There’s good reasons for adopting Mongo, I’m unconvinced (but open-minded) that performance is one of them. Here’s a ROFLMAO viewpoint on it:

“If your write fails, you’re ****ed”

Obviously, MySQL’s not perfect, but in most cases I’ve seen, it’s been lack of competence on the developer side, and the lack of basic DBA skills – not problems with MySQL itself – that’s broken scalability. In which case, I’m a little suspicious that a company that fails to scale MySQL will equally fail to write their code correctly on Mongo. In many ways, throwing away SQL makes it much easier to prevent scalability…

(No Ratings Yet)

 Loading ...

Filed under : MMOG development, amusing, network programming, programming, system architecture

0 Comment »

According to Sefton Hill:

“You just think about quality developers like Bizarre Creations, Black Rock – people who are making really good games and going out of business. Those guys were so talented so how can that happen?

Well, obviously, it wasn’t anything to do with operational mis-management, poor commercial decisions, gambles that didn’t pay off, bad strategic decisions about partnerships/publishers/companies to sell themselves to, a global recession, failure to keep pace with changing trends in culture and audience, technology falling behind, etc.

No – it was the lack of tax breaks.

Obviously.

(No Ratings Yet)

 Loading ...

Filed under : entrepreneurship, games industry

3 Comments »

Here’s ANOTHER overheating bug in Apple’s OS X.

This time, it’s the BlueTooth simulator built-in to the iOS Simulator (used every day by iPhone and iPad developers). The iOS5 version of the simulator has this crazy BT demon (process “BTServer”) that will sometimes – for no apparent reason – take up 100% CPU usage and melt your machine.

Solution:

1. Open terminal
2. Type: sudo vi “/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator5.0.sdk/System/Library/LaunchDaemons/com.apple.BTServer.plist”
   • NOTE: the inverted commas are required, it seems
3. Enter your admin password for the machine (the file is locked to all except admin)
4. Use vi to change the 8th line to: <true/>
   • NOTE: the line immediately above should be: <key>Disabled</key>

(No Ratings Yet)

 Loading ...

Filed under : fixing your desktop

3 Comments »

The mashup

(My new “preferred explanation of piracy + DRM”)

The original

(From Cyanide&Happiness webcomic, if you don’t know it already..)

(3 votes, average: 5.00 out of 5)

 Loading ...

Filed under : amusing, funny, reputation systems, security

1 Comment »

Here’s what you need to know about your new co-workers:

https://www.youtube.com/watch?v=SJiC4EglCX0&feature=related

(No Ratings Yet)

 Loading ...

Filed under : amusing

1 Comment »

http://www.gamepitches.com/ (just discovered this, via TCE):

The repository for video game pitches and design documents

This site serves to be a free resource to game designers offering them the web’s largest single collection of game design documents and game pitches.

It says “resource got game designers”, but … pitch documents are hugely valuable to anyone working on the business/funding side too. (there are two aspects to the site – design docs, and pitch docs).

There’s some good stuff on there – from the GTA design doc to Spider’s original concept doc. Note to fledgling designers: they’re impressively brief and succinct!

…and if you work for a studio or publisher, perhaps you could ask about getting some of your company’s old pitch/design docs put up online?

(1 votes, average: 5.00 out of 5)

 Loading ...

Filed under : games design, games industry, games publishing

1 Comment »

Looks like a “normal” KickStarter project for a new Tower Defence game.

Halfway through the demo video, it switches to “here’s how I’ve been using GA to detect game-design flaws, and to test ideas in tweaking game design”.

Something I’ve wanted to do for more than a decade, but could never find a company who’d take it seriously :). I really hope this iPad game does well – would be great to see a poster-child / real-world demonstration of a workable technique here.

(1 votes, average: 5.00 out of 5)

 Loading ...

Filed under : games design, iphone, programming

0 Comment »

As a free-time project, I’ve been writing a Risk clone (*) for iPad.

One of the bits I like best right now is that you can give it the URL of *any* SVG file on the web, and it automatically turns it into a Risk map.

(e.g. all the maps in Wikipedia articles are SVG files – it’s a common file format with good browser support)

This was one of those “interesting” technical challenges – I had to find an algorithm that would automatically work out which territories a human would “assume” were connected to each other.

I’m using an open-source SVG library which works fine for basic SVG files but has a lot of bugs with the more esoteric ones. I’ve already fixed a few of the major bugs (they’re now merged into the GitHub project) – but I’d like to get more SVG files to test with.

The one thing to bear in mind is that the colour-data gets wiped when it imports. So … SVG files that make heavy use of different colours or gradient-fills/pattern-fills lose detail when imported.

Also, files where none of the elements are close enough to be deemed “connected territories” … work poorly.

Everything else works fine.

So … if you’ve got any, please post a comment here with URL, or email them to me directly (address in the About link at top of this page).

(*) – I say “clone” because it’s the same genre – but the gameplay is “fixed” quite a lot. If you once loved Risk, but grew to hate it, you’ll see why I wanted to change the baic game design :).

(No Ratings Yet)

 Loading ...

Filed under : computer games, games design, iphone, programming

0 Comment »

What happens when you get 2 developers working together, sharing their source? What about 10? … or a 100?

There was a dream, 20 years ago, that the total would be greater than the sum of the parts. That developers could *re-use* each-other’s code.

Sadly, that dream – in 2012 – is poisoned.

What I’m going to describe here happens a lot – although in absolute terms, I hope it’s just a drop in the ocean. Maybe it’s nothing to worry about. Or maybe … well. In the last 15-odd GitHub projects I’ve tried to use, it affected more than a third of them. Such tiny stats are statistically meaningless, of course – but if you look at the causes of this, I think it’s more likely part of a general trend – and that really is worrying.

So. What’s going on?

The curse of Github

I love GitHub, I’m a paying member (and I regularly sell it to clients and colleagues) but … in some ways, it’s IMHO actively preventing collaboration.

Just to be clear: it doesn’t have to be this way – you can run your own projects on GitHub and prevent this happening.

But … GitHub makes this the path of least resistance, and that means – in the world of Open Source – it’s the path that gets most followed

When you fix a bug on GitHub, you have to wait for the original project author to “accept” your fix.

If they don’t accept it, as far as collaboration goes: you’re screwed. There is no “plan B” for collaboration.

Your only option is to tell the world:

“Stop using his project! It sucks! Use my project instead! I promise I’ll be a better merger!”

But then … if *you* stop accepting fixes for a while, one of the developers fixing YOUR bugs will have to do the same thing.

And each of these “Stop! Use mine instead!” calls is one-way: once another developer who’s making use of the source moves to a sub-fork, they can never go back. In theory, the original Author could do a back-dated merge … but in reality, that won’t happen, because of the cost involved:

Back-dated merging is combinatorially expensive

In practice, that’s more expensive than a normal person can afford, in terms of time and effort.

For each SubAuthor they want to back-merge with, they have to check every single change that person has made … against every change that they’ve merged already, from every single source. Otherwise they break the previously-merged code. Usually, each individual SubAuthor makes an incompatible change sooner or later – and so prevents the original Author from ever merging with them.

It’s no surprise – usually by this point the Sub Author has given up on the original Author (can you blame them? the Author has disappeared and ignored merge requests for months or years by this point)

So, in practice, very few GitHub authors (so far: none that I’ve seen) re-merge SubAuthor projects once the SubAuthor has really got going. On the projects I’ve been involved in, when a popular SubAuthor disappears for a while, there’s been a desperate scramble by the SubSubAuthors to find the guy/gal and beg/bribe/bully them into merging – otherwise we know that our combined efforts are about to be blown up.

What? Well …

The actions of the Author can undo the work of the Collaborators

Say you have Author “A”, and 3 people making changes and fixes to the code (“B”, “C”, and “D”).

At first, while A accepts merges quickly, B, C and D are all sharing code together – in practice, they are collaborating. However, they are not truly sharing code – GitHub does not allow this – they are sharing code with a Master (A), who is forwarding their work to all 3 of them.

When A disappears, B C and D can no longer collaborate. If A disappears with merges pending … then B/C/D find they have 3 distinct codebases, and no way within GitHub to do a simple cross-merge.

Now, the situation is not lost – if B, C, and D get in contact (somehow) and negotiate which one of them is going to become “the primary SubAuthor” (somehow), and they issue manual patches to each other’s code (surprisingly tricky to do on GitHub) … then they can resume collaboration. I’ve done this myself – it works. But it’s massively more complex than the process they were using before, which was *one-click-merge*.

In practice, at this point B/C/D will stop collaborating. Sad, but true. This happens over and over again on GitHub projects – when a SubAuthor arises, the other collaborators stop collaborating and become new SubAuthors in their own right.

Often it feels like watching a religion split, with each of the senior priests declaring themself “the new Prophet”, and going forth to spread (their) word…

Net effect: GitHub may be killing open-source projects

In theory, GitHub is wonderful.

But the combination of its bad design around some core use-cases, and its intransigence when it comes to the VERY common case of a single person disappearing … have lead to the point where I believe it’s killing projects. This is a gross generalization – and not every project that loses its Author will get this problem – but I’ve encountered more and more “dead” projects on GitHub over the course of 2011.

Of course … the way GitHub is designed, *those projects do not appear to be dead*. Often they appear to be very much “alive” – there’s tonnes of activity.

But all that activity is going on in radically different and massively incompatible forks. It’s wasted time and energy, it’s programmers fixing the same bugs – multiple times – because they are NOT collaborating any more.

In the case I cited at the start, 100-plus developers have (probably) re-written the same fixes for the same problems.

i.e. the total effect of this project is tending towards ONE HUNDRED TIMES less than the sum of its parts.

Note: LESS … not more!

There’s some value there, still – anyone can come along and start from the original project and make their own fork. But it’s a sad and sorry fraction of what the Open Source world dreamed of when the word Collaboration was fresh and exciting.

This is UnCollaboration. And its becoming depressingly common.

(34 votes, average: 2.56 out of 5)

 Loading ...

Filed under : advocacy, community, programming

25 Comments »

T-Machine.org is up for renewal, Joker.com won’t accept credit and debit cards any more, so I’m having to remote pull everything to a new host. Hopefully this will work first time, without screw-ups…

(Joker.com doesn’t take any other form of payment – PayPal, bank transfer, etc. They used to do plain Credit/Debit, until recently (that’s now been removed) when they switched to the “insecure password and spam email account” system that Visa/Mastercard are pushing)

This Visa/Mastercard system is not only a joke, it’s also a great way to lose business: moving to the new system just cost Joker.com a 5+ year customer – and I’d have continued to be a customer for decades to come, I’m sure. Web 0.1 triumphs again …

(No Ratings Yet)

 Loading ...

Filed under : maintenance

0 Comment »

For the past week, my iPhone’s have been unable to use Gmail. After approximately 4 hours, gmail locks you out of IMAP completely, unless/until you force-kill Apple’s mail client. The problem is … if you force-kill the client, you lose all emails you wrote, and you lose all emails you filed into IMAP folders (Apple’s client refuses to save state – it requires the server to do it).

Nothing has changed on the phones – and Google has been putting up irritating “stop using gmail, use the new gmail” ads for the same period of time – so I’m going to go out on a limb and guess that someone at Google changed something on the IMAP protocol that makes it no longer work correctly with iPhone.

I just had to write the same email for the second time, and re-file 50+ emails for the third time – and I’m giving up. You just can’t use gmail on an iOS 4 iPhone right now (I’m guessing that iOS 5 works OK, or there’d be an internet rage fest going on.

So. What to do. Dump the iPhone (switch to Android as my main phone, perhaps?)?

Or decide that enough’s enough, gmail is just too damn annoying these days (e.g. the 3 week period earlier this year where “reply all” was disabled on my gmail account) … I’ve heard there’s an email-for-life system called … hotmail?

Hmm…

(No Ratings Yet)

 Loading ...

Filed under : Google? Doh!, iphone

5 Comments »

Please email me (adam at red-glasses.com) if you have skills / interest in the following:

1. Mass market (i.e. everyone + their mom) telling stories
2. javascript frameworks for complex visual 2D stuff (e.g. iGoogle, Netvibes, etc)
3. Visual manipulation of large 2D images on mobile (especially iPhone)

NB: we have no funding yet, just an idea. This is a scatter-gun first approach – if things go well, there will be another call for people in 2-4 months time.

(No Ratings Yet)

 Loading ...

Filed under : entrepreneurship, facebook, recruiting, startup advice, web 2.0

0 Comment »

Against my own advice, I submitted an eleventh hour proposal for the 2012 GDC. I’ve fallen in love with San Francisco, but I’m in two minds about going next year, it seems to have too much of E3 about it. The simple beauty of a conference for games people, about games, feels washed out and faded away.

“While we can’t comment on why individual submissions were declined due to the high volume of submissions received, be aware that it can often be due to multiple reasons — many of which have nothing to do with the professionalism or quality of the talk proposed.”

The more time I spend around inspirational people, the more I realise that it is never acceptable to refuse reasons for a decision. Usually, the reasons are things you’d rather not hear – criticisms too close to the bone, complaints too painful but fair – but they are things you need to hear anyway, to have a decent chance of moving forwards as a person.

CMP / Think Services is in the unenviable position that they own the only global event that speaks for mankind’s total relationship with computer games. I’m sure it seemed like a good commercial play at the time – but how fair is it that they now must shoulder the total face-time of every step forwards in the art and science of game development? Tough crowd, if you ask me.

Or is there some other (non judgemental) forum for face-to-face game design that I’ve missed?

(No Ratings Yet)

 Loading ...

Filed under : games design

2 Comments »

On Facebook.com front page:

“Dave Stone and Mike Merren recently read articles.”

…so I click on one of them. Lo and behold, instead of getting an article, I get The Independent app trying to force me to install it.

Force. Yes, force – there is no option to “view the article”, the only option is “install this app or cancel”.

Lots of people complaining about this recently, but there’s really only two things to do:

1. Shame the newspaper by tweeting them
2. Report them to Facebook for abuse

Tweet them to let them know what you think

@Guardian and @TheIndyNews

Report to Facebook

Yes, I know Facebook is behind this in the first place, but if you don’t bug them about it, they’re less likely to care:

…and you might as well let the developers know how pissed you are – directly – since Facebook gives you this option:

(No Ratings Yet)

 Loading ...

Filed under : bitching, facebook

0 Comment »

If you follow links in linkedin emails today, from an iPhone, you get kicked off the linkedin.com site, and every page redirects to:

Https://touch.www.linkedin.com

Even if you type in the front page URL directly, you are *not allowed* to visit the website.

Classy.

(1 votes, average: 5.00 out of 5)

 Loading ...

Filed under : Web 0.1

0 Comment »

(I’m prototyping a new game (working title: “ChessQuest”) – original post here)

Major changes:

1. Enemies have health, and can be killed by touching them
2. Performance is another 30% faster (should be running OK on most phones now?)
3. Enemies have a direction indicator (not necessary right now, but it’ll become important in a later version…)

Download link

Chess Quest-0.4.0

(No Ratings Yet)

 Loading ...

Filed under : android, computer games, dev-process, games design, programming

0 Comment »

http://www.java-gaming.org/topics/lwjgl16k/25093/view.html

“the LWJGL16k competition starts right here, right now.” – Cas

The rules

First deadline: 25th November 2011
First task: get a black screen running using LWJGL

“you’ve got 7 days. All I’m looking for at this stage from you is a blank window opening up and maybe a rotating square or whatever. Of course complete games are even more welcome but the idea is to get something shipped.”

Well, what are you waiting for?

If you’ve got Eclipse installed, all you need do is download the LWJGL library, copy/paste the 50-line minimal project from the Wiki, and submit your entry!

(I believe Cas is onto a good thing here … force people to realise how easy it is to make a game if you focus on small-but-visible steps done *quickly* – No more procrastination!)

(No Ratings Yet)

 Loading ...

Filed under : agile, games design, programming

0 Comment »