Nerdcore Rising

I can’t remember when exactly I was introduced to MC Frontalot, but I do know it was a few years ago. It probably had something to do with Penny Arcade at the time.

Regardless, MC Frontalot is a rapper. I’m not really a rap type of person, but this particular rapper grabbed my attention. He raps about technology, gaming, and other topics that so-called Nerds are into. If you’re interested, he has a bunch of MP3s available on his site.

The interesting part of all of this is that he has a movie coming out called Nerdcore Rising. Well, that is, a movie is coming out that has him in it. Well, it’s more of a documentary, but you get the idea.

I’m actually finding myself pretty excited about seeing it and I thought I’d pass on the info. There are, to my knowledge, no confirmed bookings at this time, but you can request a booking via their homepage. And if you don’t get to see it in a theater, then perhaps you can pick it up on DVD when it comes out.

Check out the site, and check out some of the other Nerdcore rappers :

And if you’re interested in video game music in general, check these out :

Review – Wii Sports (Wii)

When purchasing a new console or handheld gaming system these days, it’s not uncommon to have to purchase a game to play on it. So when Nintendo announced that Wii Sports would be bundled with the console, it came as a bit of a surprise to many.

Wii Sports is a collection of five sports, Tennis, Bowling, Golf, Boxing, and Baseball. Each game is played by using the Wii Remote to mimic the actions required to play the sport in real life. So, for instance, when you’re at bat in baseball, you literally need to swing the Wii Remote like a bat in order to hit the ball.

Wii Sports is also the first game on the new console to integrate with the Mii Channel. Each avatar you create on the Mii channel will show up in each game as you play. The game will also keep statistics regarding your play and display them at the end of each game.

In addition to the main sports simulations are two additional modes, Training and Fitness. Training mode presents the player with a series of exercises designed to teach the player. For instance, boxing training teaches you how to use combo punches, dodge, and throw accurate punches. You can earn a bronze, silver, or gold medal depending on how you do in the exercise.

Fitness mode presents the player with three randomly chosen exercises from training more. It then calculates the players “fitness age” depending on how well the player does. You can only play this once per day per Mii, but the game keeps track of your results and presents them in a graphical format so you can check your progress.

Overall, Wii Sports is a ton of fun. In fact, despite purchasing more “polished” and “professional” games such as Zelda, my kids are inexorably drawn back to Wii Sports. I’m pretty impressed with this title and I definitely recommend it. Of course, being bundled with the console makes it a little easier to try it out.

Review – Nintendo Wii

On November 19th, Nintendo released it’s latest console, the Nintendo Wii. Instead of focusing on an evolution in graphical capabilities, Nintendo focused on a revolution in the way we play games. With a unique controller and a new outlook on gameplay, the latest in Nintendo gaming may well be the hit of the season.

After standing out in the cold for a few hours, I drove home with a nice new Wii and a couple of games to check out. Of course, being a Christmas gift, I wasn’t able to check out the console until the night of Christmas Eve, after the kids went to bed.

The time in between allowed me to find another controller and nunchuk. I also picked up a set of component cables after reading that the graphics looked a LOT better with them. Unfortunately, I was only able to find the Psyclone cables, which ran a hefty $60. But, they do seem to be well built, so I’m not too upset.

A total of three games made it home for the holidays, Tony Hawk’s Downhill Jam, Marvel Ultimate Alliance, and The Legend of Zelda : The Twilight Princess. Full reviews of these games will be coming sometime in the near future. All three of these games are excellent, however, which I find quite surprising for a console launch. In addition, the Wii comes with Wii Sports, a collection of sports games for general entertainment. While not as in-depth as some of the more popular third party titles, these games are polished enough to make them a lot of fun.

So what makes this such a great system? After all it’s really just a glorified Gamecube. Well, sort of. The processing power of the Wii is a bit more. The Gamecube clocked in at 485 MHz while the Wii clocks in at 729 MHz. Likewise, the Gamecube GPU ran at 162 MHz and the Wii runs at 243 MHz. There are obviously more differences but I won’t get into them. The real revolution is in the new controllers.

The Wii controller are wireless, using Bluetooth technology to wirelessly connect to the console. At launch, there are three different controllers. The Wii Remote is the primary controller with the Nunchuk and Classic Controller as add-ons. Most launch titles use either the Wii Remote, or the Wii Remote with the Nunchuk attached. The Classic Controller is primarily used for the Virtual Console games which I have yet to try.

The remote contains a number of accelerometers that allow the Wii to determine the speed at which you move the controller. Coupled with the Sensor Bar, the Wii can determine the location of the controller in 3D space, allowing for some interesting gameplay dynamics.

In addition, the Wii allows for online content such as a weather channel, news channel (not yet launched), a web browser (in beta), and an online store. There are likely more channels in production and will be released later in the consoles lifecycle.

Overall we had a blast playing the Wii and have clocked over 20 hours on it since Christmas day. There are still a number of launch titles that look excellent so I’m sure our library of titles will be growing. I highly recommend this system if you can get your hands on it. It is truly a revolution in gaming.

the squirrels are nice here…

I ran across an article over at Slashdot about a recent incident involving a Republican aide, and members of attrition.org. For those that don’t know, attrition.org is a computer security oriented website that attempts to expose industry fraud and misinformation. This particular story finally made it to the “traditional” media yesterday.

So, on to the story. Apparently a Republican aide, Todd Shriber, decided that he wanted to have his college grades modified slightly because he didn’t do to well. So Mr. Shriber contacts attrition.org, having read some of the postings on the site and thinking that they were hackers. His initial email was sent on August 9, 2006.

Jericho and Lyger from attrition.org quickly begin leading the aide on and gathering the “information” that they will need in order to pull off the job. The information included the usual stuff like name, student id, date of birth, pigeon and squirrel pictures… Wait, pigeon and squirrel pictures? Yes, you read that correctly.. Jericho asked Mr. Shriber to forward him “A picture of a squirrel or pigeon on your campus”.

This request for pictures should have thrown up red flags all over the place, but apparently not for savvy Mr. Shriber. Instead, he continues on his quest, providing all of the necessary information with what appears to be eagerness. The pictures and initial information needed to access his grades was provided in exactly one week. This included a message to Lyger, the “hacker”, with a special code phrase in the subject to let Lyger know who he was.

Over the following 11 days Lyger continued to lead Mr. Shriber on providing technical details about his activities. From 768-bit encrypted databases to shutting down systems with smurfs, Lyger explained that he was now ready to “hole-shot this once the hashes match.”

But then disaster struck. “todd… no more.. omfg we are SO busted..” Lyger explained that the noc had run reverse udp traceroutes and caught him. They had everything, the logs, the rot-26 stuff, and everything pointed back to Mr. Shriber’s login. Ah well, so much for that.. Lyger even told him to stay away from attrition.org since they were checking web logs.. And so the charade was over. After less than a month, Mr. Shriber’s chances for good grades were shot.

Mr. Shriber, however, was relieved. In a follow-up message to Lyger he explained that he was getting cold feet anyway and was ready to abort. Oh, and by the way, “As a gesture of good faith, I was hoping you guys would remove our correspondence from your web site. Isn’t that risky for all of us to have it up there?”

Duh…

Microsoft XNA Game Studio Express Released

Ok, so I’m a little late, but XNA Express was released on Monday. For those that don’t know, XNA is Microsoft’s newest foray into the world of hobbyist programmers. In a nutshell, XNA gives you everything you need to write and publish games for both the PC and XBox 360.

You can read all about XNA at the Microsoft Game Technologies Center. To download XNA you’ll need XNA Game Studio Express, the XNA Framework Redistributable, and Visual C# 2005 Express Edition.

In addition to the XNA release, GarageGames has released their TorqueX game engine, based on XNA. TorqueX is free to download and try out for 30 days and is a mere $100 for indie developers. The engine looks pretty nice and it will be neat to see what developers come up with in the coming months.

Also on the XNA front, Dave Weller from Microsoft mentioned in his blog that you can code XNA games in F# now. F# is apparently a programming language designed by the Microsoft Research team. It marries together a large host of features from a variety of programming languages such as Python, C#, Scheme, and more. It looks interesting, but does the world really need a new language at this point?

At any rate, get out there, get XNA, and get coding!

AJAX and Security, Revisited

In the last two days I’ve started to notice a number of articles detailing security in an AJAX application. Apparently there are a lot of people out there touting AJAX as this super-secure way of serving content on the web. And then there are those that are touting it as less secure than traditional DHTML sites. Mike Kemp of Heise Security warns that AJAX can open you up to attack while Jeremiah Grossman of Whitehat Security explains that AJAX is no less secure than traditional DHTML.

But let’s look at the reality of the situation. Regardless of the language and methodology used, security still breaks down into some fairly straightforward concepts :

    1. Never trust the client
      • In simple terms, consider the user of the application to be the enemy. Double check everything the user sends you and make sure that what they send is acceptable. Be as restrictive as possible because even the simplest mistake can be costly.
    2. Design using the Defense In Depth approach
      • Defense in depth is a security strategy in which you use multiple layers of defense to prevent attacks. This type of strategy goes beyond the web page you are trying to serve and encompasses the network as well. Simply put, you design your security to run at each layer. What this means is that instead of just checking input at the server level you instead check it at every layer the data interacts with. While this means more code, it can also mean more security. If someone was able to get through one layer, it doesn’t mean they’ll get through the next.
    3. Test Test Test
      • Before you release your application, you test it. Add security penetration testing to your test suite. Attack the application from every angle you can think of and, if possible, have others attack it as well. It’s very hard for a programmer to check his own work for security flaws because he knows what the program is designed to do and what security code has been put in place. Having someone else test your application can reveal security and application bugs that you as a developer would never find.
    4. Keep up with current technology
      • Keeping up with technology is one of the best ways to learn how to secure your applications. I highly recommend reading security related programming books, blogs, and news to find out about new techniques, reinforce old techniques, and, most importantly, to keep security at the forefront of your mind. If you’re not thinking security, then you’re likely to make simple mistakes that can cost a lot in the long run.
    5. Make sure your tools are up to date
      1. The tools you use can be the source of security bugs if you don’t keep them up to date. A great example of this are the APIs you use within your programs. If you link to old versions of the APIs then you may be susceptible to security and application bugs that were fixed in later releases. APIs are usually a black box item, so make sure you check into the API before deciding upon it’s use.

These are just a few ways to make sure you’re maximizing security in your code. There are many other lists out there, but you’ll find that they all come down to the same few basic principles. Never think that your program is 100% secure, there’s always a way to attack it. You just need to be more diligent than the attackers.

Flash Game Fun

I ran across a few flash games recently that were pretty fun to play. I thought perhaps I’d share the fun with everyone.

As part of his college thesis, Jenova Chen produced a game with Nicholas Clark and Austin Wintory. That game was called Flow and has since caught the eye of Sony and become one of the hottest downloads for the new PS3 console. Fortunately, they initially wrote the game using Flash and it’s online for you to play.

Flow is a very unique game with some interesting mechanics. It’s kind of like a free-form pacman type game. You start out as a small creature, something akin to a paramecium or plankton. You move around the screen and can “eat” other creatures in the world around you. As you feed on these creatures, you grow longer and more complex. Depending on the type of creature you eat, you can grow different parts.

There are also two very specific creatures that cause you to move up and down the levels. You can find these creatures easily by following their pulse. Every so often a pulse emanates outwards from the creature and appears on your screen. Follow the direction of the pulse and you find the creature. The black pulse creature causes you to descend a level while the white pulse causes you to ascend a level.

Overall this is a rather addicting game despite it’s simplicity. I highly recommend checking it out.

The next game is called Snack Dash. This game is very similar to the Sonic the Hedgehog games but with a twist or two. The premise of the game is to teach kids to eat foods that are good for them. So, the objective here is to snack on the carrots, apples, and other “good” foods.

One neat addition to the normal sonic formula is the “bad” foods. If you eat the bad foods you grow fat and need to exercise. If not, you can’t run as fast, can’t jump, etc. Simple, but effective. The game itself is pretty fun and I recommend checking it out.

And finally we have ZWOK. ZWOK is sort of a Worms clone, but is multiplayer. You have a few weapons to choose from and fire your shots at the other team. Each team has 3 players.

The interesting aspect of this game is that you can’t see the other players move until you have finished moving. This means that any shot you take may not matter since the target may have moved. It puts a neat spin on the game and makes it a little more challenging. A fun game for those periods of downtime between work assignments…

SpamAssassin and Bayes

I’ve been messing around with SpamAssassin a lot lately and the topic of database optimization came up. I’m using Bayesian filtering to improve the spam scores and, to increase speed and manageability, I have SpamAssassin set to use MySQL as the database engine. Bayes is fairly resource intensive on both I/O and CPU depending on the current action being performed. Since I decided to use MySQL as the storage engine, most of the I/O is handled there.

I started looking into performance issues with Bayes recently and noticed a few “issues” that I’ve been trying to work out. The biggest issue is performance on the MySQL side. The Bayes database is enormous and it’s taking a while to deal with the queries. So, my initial thought was to look into reducing the size of the database.

There are a few different tables used by Bayes. The main table that grows the largest is the bayes_token table. That’s where all of the core statistical data is stored and it just takes up a lot of room. There’s not a lot that can be done about it. Or so I thought. Apparently if you have SpamAssassin set up to train Bayes automatically, it doesn’t always train the mail for the correct user. For instance, if you receive mail that is BCCed to you, then the mail could be learned for the user listed in the To: field. This means the Bayes database can contain a ton of “junk” in it that you’ll never use. So my first order of business then is to trim out the non-existent users.

The bayes_seen table is used to track the message IDs of messages that have already been parsed and learned by Bayes. A useful table to prevent unnecessary CPU utilization, but there is no automatic trimming function. This means the database grows indefinitely. The awl table is similar to this in that it can grow indefinitely and has no autotrim mechanism. For both of these tables I’ve added a timestamp field to monitor additions and updates. With that in place, I can write some simple Perl code to automatically trim entries that are sufficiently old enough to be irrelevant. For the bayes_seen database I plan on using a default lifetime of 1 month. For the awl I’m looking at dropping any entries with a single hit over 3 months old, and any entries over 1 month old with less than 5 hits. Since MySQL automatically updates the timestamp field for any changes to the row, this should be sufficient enough to keep any relevant entries from being deleted.

While researching all of this I was directed to a site about MySQL optimization. The MySQL Performance Blog is run by Peter Zaitsev and Vadim Tkachenko, both former MySQL employees. The entry I was directed to dealt with general MySQL optimization and is a great starting point for anyone using MySQL. I hate to admit it, but I was completely unaware that this much performance could be coaxed out of MySQL with these simple settings. While I was aware that tuning was possible, I just never dealt with a large enough database to warrant it.

I discovered, through the above blog and further research, that the default settings in MySQL are extremely conservative! By default, most of the memory allocation variables are maxed out at a mere 8 Megs of memory. I guess the general idea is to ship with settings that are almost guaranteed to work and allow the admin to tune the system from there.

I’m still tuning and playing with the parameters, but it looks like I’ve easily increased the speed of this beast by a factor of 5. It’s to the point now where a simple ‘show processlist’ is hardly listing any processes anymore because they’re completing so fast! I’ve been a fan of MySQL for a while now and I’ve been pretty impressed with the performance I’ve seen from it. With these changes and further tuning, I’m sure I’ll be even more impressed.

So today’s blog entry has a lesson to be learned. Research is key when deploying services like this, even if they’re for yourself. Definitely check into performance tuning for your systems. You’ll thank me later.

Review – Deus Ex (PS2)

Anticipation : 7
Expectation :6
Initial Reaction : 8
Overall : 8
Genre : First-Person Action/Adventure

Way back, around the year 1996, there existed a small company called Ion Storm. Started by two of gaming’s most widely know figures, John Romero and Tom Hall, Ion Storm set out to change the face of gaming. That it fell flat on it’s face and was subsuquently closed has nothing to do with this review.

In 1997, Warren Spector joined Ion Storm. Warren previously worked on titles such as Wing Commander, Ultima, and System Shock. Wing Commander and System Shock are still some of my all-time favorite games. By all accounts, he avoided the main office and was able to develop the only truly successful Ion Storm titles. One of these was Deus Ex.

While dated by industry standards, Deus Ex blasted onto the scene in 2000. The game centers around a character by the name of JC Denton. JC is a nano-augmented UNATCO agent. The United Nations Anti-Terrorist Coalition, UNATCO, was formed to help defend the world against terrorists, some of which have already been successful in attacking the Statue of Liberty. JC is plunged into a dark world where a rampant disease known as the Grey Death is sweeping across the country, countered only by a substance called Ambrosia. Ambrosia is developed by Versalife and happens to be in very short supply and JC’s first mission is to obtain a number of canisters that were stolen by a terrorist organization known as the NSF.

Deus Ex allows you to make choices throughout the game that affect the story later on. While the story itself is mostly linear, always leading to the same locations, you do have some freedom in play. Ultimately you make a choice at the end of the game that hepls decide the fate of man in the future, a decision that should not be taken lightly.

The graphics are a bit dated, even for the year it was released. The game engine itself was built on a modified version of the Unreal Engine. There are a number of role playing elements within the game as well. You earn skill points as you accomplish tasks and find secret areas. These points are then used to enhance your abilities in various areas such as weapons, lockpicking, hacking, and more. This allows you to tune your player to your own playing style, building upon your strengths. In addition, the nanotech augmentation system allows you to transform your mostly human character into a super enhanced superhero.

The nanotech system is pretty interesting. Throughout the game you can find augmentation canisters. These canisters contain nanites that will re-program your body to enable special abilities. Each canister generally lets you decide between two different abilities. For instance, one of the first canisters you find will allow you to enhance combat strength, increasing melee abilities, or enhance your physical strength, allowing you to lift heavy objects. This choice can significantly affect gameplay later in the game as you come up against obstacles that can simply be moved out of the way, or must be worked around. Additional augmentation canisters allow you to enhance the abilities you chose.

Weapons can also be customized using weapon modifications. Modifications include scopes, larger clips, silencers, and more. Starting out with a simple pistol, you can create a very deadly, highly accurate weapon that will definitely help you later in the game. Beware, however, if you drop that weapon, those modifications are gone forever. Picking up the same weapon later in the game does not automatically return those modifications. After all, it is essentially a different weapon.

Overall the game was a lot of fun to play. There are a few frustrating parts of the game that may take you a little time to get through, but that’s ok. I enjoy a challenge and Deus Ex provided a decent one. It’s definitely not the toughest game I’ve ever played, but the storyline and excellent gameplay make you forget the fact that some parts are overly easy. I definitely recommend checking this game out, even though it’s over 5 years old. This is a definite must for any System Shock fans as well.

The PS3 Cometh

So today’s the day. November 17th. The official launch date of the Sony Playstation 3.

Looks like I’ll be missing out on the launch day fun as I don’t have the cash to purchase this new behemoth. But maybe that’s not such a bad thing. There have been scattered reports of problems already ranging from simple backwards compatibility concerns, to DPMI downsampling. As with most launches, things generally don’t go smoothly.

Even before the launch, there was the usual problem of muggings, rowdiness in the lines, etc. Since then, reports of scratched PS3s, downsampling, and backwards compatibility have come out.

Not owning an HDTV, I don’t much care about the downsampling. And I don’t own any of the games on the no-play list, so I’m not too worried. Of course, the downsampling and backwards compatibility issues may be resolved in firmware updates, but it’s still something to think about.

One really positive note, however. Apparently the PS3 supports homebrew. It’s about time Sony. Now how about the PSP?

So maybe this lack of money will be a blessing? Only time will tell. At the very least, by the time I can afford one, it will either be a success or a failure, and many of the original bugs will likely have been worked out.