Tales from the Ebony Fortress

I wanted to install an update to some of my music software today, on Windows XP. Here’s the story.

I found out about the update via email, because there is no single place to find out about updated software. Obviously Windows isn’t a closed ecosystem so a single update point might be an unreasonable thing to ask, but it’s a shame there is no obvious central place that notifies you of updates: just an RSS stream with app name, version number, and a download link would be enough, and one program could read that once every startup. Instead, all your software asks to run at startup just so that it can check for its own updates, slowing your boot times and sometimes leaving stuff taking up memory. Not great.

The update was not for the app itself but for the samples, and the sample pack update had a version number of 1.0.5: did I need it? I don’t know. The software doesn’t tell me what version the samples are. It’s not in the Help -> About menu, because that’s just the software itself. It’s not noted in the Start Menu either. Nor in the Add/Remove Progams dialogue. So I just have to install it and hope for the best. Why is there no standard way of finding version numbers, in 2011? Even if different vendors have different ideas of what a version number should mean, there should still be a single place you go to find them.

I read the readme file that came alongside the installer. It tells me I need to navigate to the right directory if I’ve moved the samples. I might have done, so I bear that in mind. I run the installer, and at no point does it offer me the option of navigating to the right directory. Instead, it finds the correct location of the samples and patches them. Except, it doesn’t really. It seems to have done everything 1 directory level up from where it should have, so now I have to work out whether I can just copy them over by hand. Grr. Did I mention that the installer proudly said 1.0.4 in the title bar, not 1.0.5?

I go to their website to search the forum to see if anybody has (a) any idea how to find the version of what is installed(not because I need that any more, but because I’m intrigued as to whether it’s even possible), and (b) whether everybody has a problem with the directory structure when upgrading, or if it’s just me. I get asked for a username and password. I don’t know my username and password. I hate passwords (as you can see in my previous post on the issue) but this is especially bad because I need to use one account and password to authenticate my software and another account (and potentially another password) to use the software’s forum. I click the ‘forgotten password’ option, and have a reset link sent to my email account. I click the link, and it emails a new random password to my email account in plain text. I spend 15 seconds getting angry that they’ll send me a forum password via plain text email but won’t store anything server-side that lets me actually retrieve my original password, 15 more seconds amused that the random password they generated for me was ‘dddd5ddd’, and plough on.

I get into the forum, and enter a search term with 2 keywords. I am given a list of all results that match either of the 2 keywords. I feel like we’re back in the days of Altavista vs. Yahoo when search engines thought it was better to give you more results rather than better results. Then, Google demonstrated that when people typed “A B”, they really wanted A and B, not A or B – has the rest of the world not noticed yet? I suppose it was only 11 years ago, after all. Anyway, none of the hundreds of results seemed at all relevant to my problem, so I gave up.

Now this was an extreme case, but it’s rare for me to not encounter at least one issue similar to one of the above during any installation or upgrade. As software developers, we should do better than this. Right?

Related Posts:

• No Related Posts

I appear to be somewhat unusual among my professional colleagues in being a big Facebook user; I think this is mostly because most of my friends are younger than me, typically in the 18 to 25 age range, a demographic who never really knew an internet before social networking, and who rely on Facebook for most of their online life – it’s like Outlook for young people. By comparison, older and more technically advanced people seem to find many aspects of Facebook annoying and for various reasons either want to ditch it entirely or migrate to a service that they feel will suit them better. In particular, a lot of online bloggers and journalists seem to have dismissed or ignored Facebook for whatever reason but are drawn to the various Google offerings.

With this in mind, the recent launch of Google Plus has been illuminating, both in terms of the attitude towards it from both demographics, and in showing how Google may not entirely understand this space that they’re arguably attempting to enter for the 4th time (after Buzz, Wave, and Orkut).

Firstly, one of the things I’ve noticed on Google Plus at this early stage are many people singing the praises of features that they believe to be exclusive to ‘G+’, but which already existed on Facebook. For example, the key ‘Circles’ feature already exists on Facebook in the form of Friend Lists and has done for years. (To set one up, click Friends > Manage Friends > Create A List. Once you’ve done this, you’re prompted to add each new friend into the various lists, just like G+ prompts you to put people into Circles.) Yet it is being talked about as if it is a revolutionary advance in privacy – such as articles like this one at the Huffington Post, which claims that Facebook’s lists don’t address the problem ‘in a meaningful way’, when in fact the features are almost equivalent. This honestly baffles me, and I can’t help wonder if a certain audience is biased against Facebook and favours Google. MG Siegler at Techcrunch says that Circles are “the most visually appealing and simple way to create groups”, and maybe that’s true, but Google will need to do better than something that can be hacked up for Facebook in one night to compete at this game. Besides, the same writer reported that nobody wants to make lists – so making it easier is still probably just catering to a tiny minority, the minority who probably cared enough to go to the effort of doing it on Facebook anyway.

G+ promises more features for the future, such as Huddles (group messaging of some sort – although Buzz wasn’t too great on that score), Hangouts (group webcam stuff, which I don’t think will take off), etc – but little of this is in place yet. What about the stuff it doesn’t do?

Currently profile customisation is limited, so unless you already know someone, there’s little to suggest you might want to befriend them. This is pretty poor if you want to extend your social graph. This was a massive part of MySpace, a somewhat diminished part of Facebook, is pretty poor on Twitter, and is currently looking like being almost extinguished on Google Plus. Personally I think this gradual decline is a big problem, but that’s a post for another day.

There’s not yet any G+ equivalent to Facebook Chat, which is used very extensively (1 billion messages per day 2 years ago, and I see no reason why that would have dropped since then). As I mentioned above, my older and more techy friends are quite different and prefer just to use email, but the fact is that email is dying off among new users and being replaced by the various FB messaging systems, FB Chat being a key part of that. If G+ doesn’t cover that base, it won’t reach those people, the ones who are not interested in having to keep a separate window open for email, and for whom the idea of needing a standalone email client is as bizarre and anachronistic as needing a Gopher client.

There also appears to be no direct private messaging. I’ve had various people suggest workarounds for this – limiting a stream post’s privacy to just 2 people (which it would seem will scroll off your news stream and disappear along with everything else, and won’t be immediately obvious as a direct and personal message), using Google Chat (which most users don’t have enabled), sending an email (which currently appears to be impossible since the default seems to be to disable receiving email within G+, until you reconfigure your account – and quite frankly I don’t want to have to leave the site to respond to messages), etc.

(Oh, and since I mentioned that a message can scroll off the bottom of the stream, I should probably point out that you currently can’t search most of this content. That’s right, the undisputed kings of search have released a social network with a worse search capability than Facebook. What’s that all about? When a company fails to exploit its key advantage you have to suspect genius, idiocy, or complacency. I’m guessing it’s a 50/50 split of the last 2.)

Here’s a massive one – G+ doesn’t have events. This might seem trifling to a lot of people who don’t have a very active social life with their online friends but for the Facebook generation FB Events are key. If you’re not on the FB event invite, you typically miss the event entirely. Only a tiny minority of us on Facebook are supplementing it with iCal or Google Calendar or whatever – most FB users just let Facebook tell them what is happening and when. And this is what I meant by saying Facebook is like Outlook for young people – it’s got all your messaging, your contact lists, and your agenda right there. The tools it offers compared to Office or various standalone tools are anaemic by comparison but that isn’t a problem for most users. Possibly the weirdest thing here is that Google already have a Calendar app, but it’s not integrated into G+ at all – why? This seems to me like a massive oversight.

Finally, there are currently no business or brand pages on G+. I can see why they might not want to have it flooded with cybersquatters from day one but on the other hand being able to opt in to stuff that interests you is a big draw for Facebook users. G+ makes it easy to follow celebrities celebrity bloggers but that’s not really the same.  And it’s actually hard for such celebrities to moderate the comments on their public posts, as a post from Tom Anderson points out. Yes, the MySpace Tom Anderson.) They do have a plan for future 3rd party development – you can sign up here – but we won’t know how well this works out for a while yet.

And yet despite all this, on my Google+ stream I see a lot of people feeling hopeful that this is the site they’re looking for. This seems to come from a mixture of 3 types of people:

1. the people who didn’t realise that Facebook already did everything they wanted (eg. supposed tech experts who couldn’t or wouldn’t perform the 3 extra clicks to set up a Facebook friends list)
2. the people who hate Facebook on principle, because of their feelings towards their business practices or the attitude of Mark Zuckerberg (currently the most followed member of Google+, ironically enough. Tom Anderson was #16 at the time of typing this.) Many of these people are having fun filling their G+ feeds with animated gifs of various representations of Facebook being defeated by Google. It reminds me a bit of the Sony vs Microsoft vs Nintendo wars in that a lot of this seems to be as much about tribalism as it is about actual features. But G+ suits the needs of these people, which is fair enough.
3. the people who find Facebook annoying for technical reasons. This latter group seem to want extra privacy, less ‘noise’ (ie. fewer friends, no strangers, the ability to mute comment threads), no distracting chat (“we have email for that!”), and so on. In my opinion – and I admit this is making an arbitrary distinction to back up my own point – these latter people are not really looking for ‘social networking’, but are looking for something smaller. It’s the equivalent of preferring to have friends round your house to going out to bars and clubs to meet people. Facebook performs both roles, and thus suits the younger demographic who wants both, but the older demographic only wants the quieter option, usually with their existing social circles that they have little interest in expanding, and find the general social networking aspect annoying, intrusive, or both. For these people, Google Plus is potentially the perfect solution – assuming enough of their friends will migrate, or maintain accounts in both places.

But as it stands, Google Plus isn’t in a position to supplant Facebook, as the feature set is not comparable and the missing features are actually quite vital to Facebook’s offering. With the convenient asymmetrical following system but not much else, it’s more like a superpowered Twitter. In fact, it’s hard to see how Twitter could have survived against Google+ if they had been released at the same time, and even now G+ may well sap people away from Twitter one by one anyway as people tire of 140 character limits in an increasingly post-SMS world. But Twitter is not the arch-rival to Google in the advert-selling and web-owning space that Facebook is, meaning this comes across as Google picking entirely the wrong battle.

So, what will happen? I anticipate Google rolling out fixes for most of my complaints – but the buzz (pun not intended) will have died down by then. That would leave a potentially compelling platform for the techy people who stay on G+ and no real reason for anybody else to leave FB, especially when network effects are considered. It’ll take either some sort of catastrophe on Facebook or some sort of amazing new feature on Google Plus to bring about a mass migration on a scale large enough to overcome that inertia, and until that happens, there’s a risk that the early adopters on G+ will be forced to come back to where the people are.

But if nothing else, at least the existence of a decent competitor should keep Facebook on its toes, and prevent it from radically mistreating users, now that they have something that should eventually shape up to be a real alternative. The next year will be interesting, at least.

Related Posts:

• Passwords and authentication
• Facebook

With the recent security problems leading to many passwords being exposed (eg.Hackers claim they stole a million Sony passwords, or the Gawker hack) there have been several security analysts – some professional, some self-appointed – doing analysis of the stolen data to pass judgement on what the general public chooses to use as account passwords. Examples include “LulzSec E-mail Hack Proves We’re Lousy at Picking Passwords” (PCWorld.com), “Statistics of 62K Passwords” (codelord.net), and “A brief Sony password analysis” (TroyHunt.com)

They all suggest that users are employing poor security practices, suggesting they should be creating better and more diverse passwords. Yet this is all ignoring the fact that not one of these accounts, as far as we know, was compromised by having a poor password. They were compromised by companies having poor data security. The guessability of your password or whether it appears in the dictionary becomes completely irrelevant when it gets posted up on a website. And before that point, it’s only vulnerable if it’s a common word – at codedump.net Troy Hunt’s analysis of the leaked login data shows that the top 25 most common passwords are used by only 2.5% of accounts. In other words, you have to try to log in to an account at least 25 times to just get a 1 in 40 chance of being able to log in – and few sites I know of will let you continue to attempt to log in that many times. You can take the reverse approach, of taking one or two of the most common passwords and trying a bunch of usernames, but if usernames aren’t exposed to the public then this is non-trivial, and again a site can limit the number of login attempts from one address to make these attacks much less practical. In practical terms the only people at risk with their bad passwords are the 5% or 6% who choose things like ’123456′ or ‘password’ – the rest, who might just choose a dictionary word, have nothing to fear if the site is coded with any attention to security. Programmers like to remind each other that “obscurity is not security”, so how come very similar programmers seem to think the use of more obscurity by users is the most important part of securing their accounts? Surely that is a double standard, best addressed by developers rather than by users, by ensuring repeated login attempts will not succeed.

What about the more reasonable issue of when people share 1 password across multiple sites? Again the data suggests that over 90% of people who had accounts both with Sony and Gawker used the same password for both. Sounds bad, in isolation. But consider the alternative. A password has to be remembered to be used. Either you remember it yourself, or a tool has to remember it on your behalf. In the former case, given how many different online accounts a person might have (I have about 30 that I use regularly, and about another 100 used occasionally), this is simply not practical. Adding so-called ‘best practices’ such as ‘using a mix of uppercase letters, numbers, and special characters’ into the mix start to make it even harder to remember them, since case-sensitivity is a particularly geeky perversion and most people don’t think of numbers and punctuation as part of a ‘word’. If they forget a password as a result, they have to ask for it to be reset, usually due to a website being unable to send the password back to you and unwilling to store a hint on your behalf. And if they find themselves doing this often, they’ll just switch to a simpler password that they won’t forget. The upshot of it is that a normal human is going to need to reuse passwords if they’re memorising them by hand.

This, of course, is why so many experts suggest the use of a password manager. Something like Lastpass, except, oops, seems like they’re not completely secure either. Imagine if you lost access to pretty much all of your online accounts because of a problem like this. Without wanting to criticise Lastpass – their security issue is trivial and has been handled much better compared to Gawker’s or Sony’s – it seems little short of madness to me for anybody to want to entrust all the keys to their digital kingdom to a 3rd party somewhere on the internet, because not only is that a single point of failure for your own authentication but it’s an incredibly attractive target for hackers, knowing the potential payoffs of getting in would be great.

What about an offline password manager? KeePass is one highly regarded option in this area, and their website says: “you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem… A serious problem.” True enough. It goes on to say, “You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database.” So… just one password for everything? Isn’t that still “a serious problem”? To be fair, there is an added layer of security here in that at least this stage is being carried out on your own computer rather than across the internet, but now you’ve lost the benefit of being able to authenticate wherever you go. The tech-savvy can perform a variety of contortions using some permutation of USB keys and portable apps, encrypted password files in a DropBox or cloud storage, apps on their smartphone, etc., but this is all no good for the average user.

Of course, I’m glossing over another point, and that is that most users already have a single point of failure for their authentication – their email account. I can have completely random 15-character-long passwords that are unique across all my accounts, but all that is for nothing if someone gets access to my email account. They can then go to pretty much any site and choose the ‘reset my password’ option and pick a new one to gain instant access. Perhaps the moral of the story there then is just to make sure that your email password is unique, complex, and unguessable. Then pick as many different passwords for the rest of your accounts as you can remember.

The lax attitude towards security of typical users isn’t the problem – passwords are the problem. In real life we try to limit the number of different types of authentication a person needs to be able to produce and we try and make them simple to use. But computer security experts try to get us to create more and more types of authentication, and ask us to make them complicated, which is impractical.

Similarly, passwords themselves wouldn’t be anywhere near of a big issue if they weren’t getting leaked onto the internet in their tens of thousands due to poor security on the part of the companies. If companies do need to store your identity data then they need to do this properly. Expecting every programmer to be fully competent in security issues is a pipe-dream but at the very least companies should be compelled, perhaps by local law, to take reasonable steps to protect the important stuff. No hacker should be able to get away with anything better than a salted hash which is impractical to crack.

So what’s the alternative? One would be to make more use of authentication systems like OAuth or OpenID, which allow you to use a small number of authentication methods across a large number of sites, a bit like how a national identity card or a driver’s licence can be presented to many different service providers to prove your identity. This allows users to employ a few strong passwords and still have many accounts. It also means there are no confidential authentication details on most of the sites you use, so they have no passwords to leak no matter how poor their security.

Of course, the downside is that the auth providers again become a single point of failure – how do you keep someone out of your Google/Twitter/Facebook when they themselves are just protected by a password? Perhaps the answer there is to make auth providers require more than a password – a date of birth, a secret question, maybe even biometrics. Some laptops come with fingerprint readers now – is that going to get more practical? Maybe some other hardware-based approach like the World of Warcraft authenticator would be a start, as it seems to create one-time hashes that would be hard to spoof without possessing the device. Whichever methods were chosen, it would arguably be worth taking a significant hit to convenience for this initial login to your authentication provider if you know you don’t have to perform it for every site you log in to.

On the whole though I can’t claim to have a good answer here because I’m sure a competent security professional can point out flaws in the previous two paragraphs. And who is to say that Google or any other major authentication provider will do a better job than LastPass at keeping your data hidden? But I will stick by my assertion that exhorting users to use a variety of complex passwords is – except in the case of their email account – a pointless and counterproductive measure.

Related Posts:

• No Related Posts

(Reposted from my other journal, with minor edits.)

I play a lot of Football Manager 2005. On this game I bought a lesser-known player from Norway whose position is marked as a “Defender/Forward Left/Centre/Right”. So he seemed adaptable, but I never got good results, no matter where I played him on the pitch, so I turned to Google to get more information – maybe other FM2005 players had an idea, or maybe I could find news reports telling me what position he plays in real life.

Instead, the first search result I get back is his Facebook profile. He has 679 friends, is single, and is a fan of Eric Cantona, the English Premier League, and, er, Tattoos and Piercings. What is the world coming to? Maybe Facebook is too important these days, with things such as these new ‘Like’ buttons popping up on completely unrelated sites, gathering your personal information and selling it to advertisers and so on. I’m not usually the kind of person to worry a lot about privacy concerns, but this could get a bit much.

This article by Raph Koster says it all really: ‘Facebook will become your ID card for reality’. “You will swipe your Credits card to buy your movie ticket using some credits you earned with the loyalty program in Farmville, and swipe it again to get into the theater. You watch the movie, which helpfully tells all your friends where you are and what you are doing.”

Whether all that comes to pass or not, with Facebook becoming so ubiquitous that everybody is on there (including lower league Norwegian footballers), could we be entering an age where Facebook games are what people think of when you mention computer games to them? Could we already be at that point? There are probably more people playing Facebook games than other computer games, but I don’t know if they would equate the two. Perhaps the age of specialised hardware for games is going to come to a gradual end, as web technologies start to close the gap on the standalone graphics APIs, with the benefit of a much larger audience waiting to play games in the browser.

Related Posts:

• No Related Posts

Often we invent games by taking an existing game that works and adding a twist to it, or changing some aspect of its behaviour or theme to something different. But how would we create a game from nothing, without using an existing game as a framework? In particular, how do we make the game complex enough that it’s not trivially ‘solved’? (Set aside any game where the physical skill aspect is a significant component, or games with few or no choices where strategy is typically not intended to be a factor such as Candyland or Snakes and Ladders.) I find this a very difficult problem, but to make a start on it requires some appreciation of what makes a game interestingly complex in the first place, and the tools we typically use to create this complexity.

Generally it would seem that most games we play can be described using the extensive form notation from game theory. It’s not as intuitive a representation for individual or simultaneous decisions as normal form notation is, but extensive form captures the important notion of each move opening up a new game state and new possibilities. For example, in Chess there is a single starting state, but that branches out to 20 possible successor states, and from there, the tree branches further to 400 states, and so on. I would suggest that the complexity of the game in terms of how easy it is to ‘solve’ it or to come up with the best strategy is closely correlated with a player’s ability to understand this abstract tree of game states. If “a game is a series of interesting choices” as Sid Meier has said, it’s the player’s ability to understand the ramifications of those choices that matter, which is to say that they need to be able to predict to a certain degree the effect that they will have on the tree of game states. If the choices are too easy to make, they’re not interesting, and if you can’t see that some choices are clearly better than others, again it is uninteresting.

With that in mind, it seems that we embody this essential complexity in our games in a small number of ways:

• A combinatorial explosion of discrete state spaces. As noted above, the game state tree for Chess has 400 possible positions on turn 2, and a branching factor of of about 35 on average for successive moves, making an exhaustive study of the possibilities impractical. Therefore you have to plan more generally, making an estimate of which moves are good and which ones are bad and deciding which part of the tree to look at and which ones not to. The high branching factor means that even Chess computers need to do this via something like alpha-beta pruning. A common way in which we can create this large number of possible states while keeping the game easy to understand is to use an abstract game board, as in Chess. A 2D grid gives you an easier way to describe and reason about the state changes while keeping the quantity of options high. Compare the rule “Rooks can move vertically or horizontally as many squares as you want without jumping over another piece” with “A rook at position 1 can move to positions 2, 3, 4, 5, 6, 7, 8, 9, 17, 25, 33, 41, 49, 57. However it cannot move to position 3 if position 2 is occupied, nor position 4 if positions 2 or 3 are occupied, nor… (etc)” Being able to bring prior knowledge of Cartesian coordinates and the notion of adjacency and straight lines helps simplify many possible state transitions into a much simpler rule.
• Hidden information. Typically this takes the form of a player’s hand of cards, or the fog-of-war in a real time strategy game, or even the act of forcing players to move simultaneously and thus having to estimate what the other person will do. This doesn’t make the state tree branch out any further, but it does make it much harder for a player to know which branches can be safely ignored. Compare the choice to leave your Queen under attack by a Pawn in Chess against advancing one of your middle-ranked pieces into enemy territory in Stratego. In Chess you will almost always benefit from taking a Queen with a pawn unless moving the pawn puts you at risk, which is quite easy to check for, so it’s reasonable to assume that is the move you should examine first and in most detail, making the decision quite easy. In Stratego however you simply don’t know whether it’s worth attacking that piece unless you have managed to build up some information about it, so you will need to consider all your other potential moves in roughly equal detail.
• Random factors. Randomness is like adding a 3rd player to the mix – whereas you can predict the actions of the 2nd player (your opponent) as he will always make the best move that he can given the limits of his capabilities, the 3rd player (luck) will play unpredictably, increasing the number of possibilities you must consider, in a similar way to the hidden information above. Indeed, randomness is really just a subset of hidden information, but it’s worth drawing a distinction between the two because hidden information can be potentially knowable whereas random factors cannot. (Though keep in mind the middle ground, eg. of a shuffled deck of cards – towards the end of the game it becomes more deterministic.) Some people disparage random factors as bringing ‘luck’ into the game but really it’s just about risk management. For example, Civilization would be a much less interesting game if you knew that your Phalanx unit would always defeat an attacking Militia unit. Instead you have to balance the probabilities out. You have 66% chance of beating one, 44% of beating two in a row, 30% of beating three, so how many Phalanxes do you need to defend against 3 or 4 Barbarians, given that it’s mathematically impossible to mount a perfect defence? This poses an interesting dilemma for players which again forces them to consider a wider range of options as there is no obvious solution. Greg Costikyan has a great presentation here which shows the different benefits a random factor can bring to a game and it’s well worth a read.
• Continuous state space. Games that utilise physics engines and real-world simulations exploit this to create a wide range of possible situations from a simple set of mechanics. Arguably this is the most popular method used by games today to introduce elements of strategy and tactics to what are otherwise computer-based sports relying on reflexes. It is similar to the Chess rule system in that people have an inherent basic knowledge of geographical space and direction and indeed the laws of physics which they can bring to the game to help them reason about it. Yet the continuous and almost infinite domain in which entities can move makes predicting the exact results a difficult endeavour requiring skill and expertise. You can point a gun in an FPS in an infinite number of different directions, and can stand in an almost infinite number of positions when you do it, and the best combination of these two factors at any one time depends on your opponents (and maybe your team mates) who are constantly moving within that continuous space, as well as your understanding of the implications of the relative positions and orientations. These considerations may not immediately seem relevant to the typical turn-based strategy game, but they are – the same positioning and aiming mechanics, albeit on a simpler scale, exist in games like Scorched Earth or Worms, for example. You obviously no longer have a simple tree of discrete game states here, but from the near-infinite set of possibilities you have to mentally build your own game tree, and select your tactics based on that. When you examine a continuous domain you can pick out discrete areas within it which you can reason about – for example, in FPS games you might mentally divide the area up into rooms, areas in cover vs. areas in the open, paths between weapons or power-ups, and so on. Then you plot a route from one point of interest to another and also use such points of interest when deciding how to maximise your ability to attack someone and minimise their ability to attack you.

The end result of all these approaches is that instead of calculating the whole game tree in your head and calculating the correct flow through it, you have to look for patterns and use those to guide your judgement. Your basic skill at the game is essentially your knowledge of the game’s patterns, and the depth of the game is proportional to how hard it makes it for you to understand the full game state tree.

But there’s an interesting meta-game here too, because since you know it’s impossible to know the whole game tree, you know that your opponent is in the same position, and must therefore also be formulating his own patterns to judge the game and formulate his move. This means it’s worth trying to guess your player’s patterns also, and often that is of more use than to attempt (usually in vain) to find the optimal approach – after all, in any one situation you only have to do enough to beat your opponent, not to beat all possible opponents that could exist. (“Remember, when you and a halfling are being chased by a hungry dragon, you don’t need to outrun the dragon…”)

Related Posts:

• The 10 Games You Should Have Played
• Crossover games and explaining them to the audience

This post is long overdue, for which I apologise. I hope to resume a more regular service before the year is out!

There’s a post on Penny Arcade from a few weeks back which is complaining that a certain game Brütal Legend seems to masquerade as one type of game (ie. a Real Time Strategy game) while actually being something else (a third person action-RPG). The tone of the article is that games shouldn’t be mixing one type of gameplay with another, and the main complaint is that players have expectations of a game playing a certain way.

Personally, I feel this is a false problem caused by narrow-minded reviewers and fans. Games won’t get taken seriously until it’s accepted by both groups that they don’t exist merely to fit into pre-existing categories – although they certainly can choose to do so – but are individual creations and should be judged as such. There’s nothing wrong with genres as descriptive labels, as they carry a lot of useful semantics. What’s wrong is when they move from being descriptive to prescriptive.

Nobody complains that a film’s exact genre wasn’t explicitly specified before you watch it. Crossovers and variations are par for the course and often encouraged. Film reviewing and criticism moved past this single-genre categorisation long ago and a film’s entry on IMDB typically lists several genres for each individual film, reflecting the way in which different aspects are combined into each whole. Games should surely be seen in the same way.

Tycho at Penny Arcade should really know better and I am disappointed at his attitude, wanting to classify games as Either This Or That and not wanting people to experiment with crossover. Imagine if we’d thought that way 15 years ago. To paraphrase his quote towards the end of the article, “I love action games, but I don’t want to play an action game while I’m playing an strategy game”. Bye bye to the entire RTS genre then! Luckily, some people at the time noticed that although the strategy aspect did suffer a little, you gained something from the urgency of the action. And thus a new approach was born. Mixing a bit of this with a bit of that is how biology has improved species for millennia.

It’s arguable that in this case the tutorial doesn’t educate the player adequately and therefore gamers fall back to genre stereotypes, coming undone when they hit the boundaries of the metaphor. But it’s nobody’s job to explain a game in terms of other games or existing genres. If all games are to be presented and judged that way then we’re in for a boring future bereft of creativity where games can only borrow from within their genre to ‘innovate’ (if such a word could be said to apply). Cross-pollination between genres would seem to be frowned upon and God help those who might actually come up with a completely new game type. I don’t think that’s the future we want to see.

Related Posts:

• The 10 Games You Should Have Played
• Understanding what facilitates meaningful strategy in games

I recently made a post on this issue over at Gamedev.net, and thought I’d clean it up a bit to post over here, as I think it’s worth talking about. Designers are often looking for new and better ways both to create and present their design documents, and rightfully so. Just as programmers may try different languages, techniques, tools, and IDEs, designers should be looking at better tools and methods to allow them to capture their ideas, organise and prioritise them in a sensible way, and to present them to a variety of audiences, perhaps the most important of which during the implementation phase of the project being the programming team.

Our team used a Wiki for the current project, and while this choice carried several benefits, it also had several shortcomings. The positives barely need expressing to anybody familiar with Wikis – they allow collaborative work, ad-hoc reorganisation, easy cross-referencing, automatic outlining and table-of-content generation, built-in version-control, etc. Therefore I will expand upon the negatives. None of these problems are fatal, but it’s easy to fall foul of them without realising it if you’ve not used one before. So here’s what I learned from my personal experience.

Every page should be categorised. Use sub-categories if they make sense. In this modern world of tagging things rather than grouping them into hierarchies, or following Google’s “search not sort” mentality, it’s easy to overlook  the categorisation. Don’t do this! Otherwise there can be parts of the design that nobody sees. Nobody is going to recursively click every single link in the document, nor is anybody going to exhaustively read every page that is returned for any given search term.

Instead there should be discrete categories and anybody who needs to understand a certain aspect or feature of the game should quickly be able to see a clearly marked subset of the document that is relevant to them. Following from this, if you have a design team who are collaborating on the document it is useful if individual designers take sole responsibility for certain categories, ideally the features they designed or primarily work with. Each category should stand alone as a fairly complete sub-document, with external links existing just for reference. Otherwise you end up needing to be familiar with the whole doc to get anything done, which means you’ve lost most of your benefits over a normal linear document.

Be prepared to produce hard copies of the categories. Obviously this is not really an issue if you work remotely. But if you share an office, being able to print off parts of the document conveniently is vital. A hard copy is much more convenient to use in meetings, for writing notes on, etc. Nobody wants to be pulled into a meeting about Feature X when there is no possible way you can bring all the specifications for Feature X with you to refer to. And if you can’t refer to the documents, you tend to end up designing in parallel to them.  If you can’t print off part of the document, you tend to find that people start designing features outside of the wiki for convenience purposes. And you don’t want that because suddenly your design becomes ephemeral and ethereal – an email here, a JIRA/Bugzilla comment there, a note on a pad somewhere else, because everybody was writing without direct reference to the original document.

Ensure that pages can be locked against edits, and are when appropriate. Programmers will follow the specification as closely as they can and will clear up ambiguities with the designers as needed. But the very nature of expressing s0ftware in natural language means that occasionally a designer will write something and the programmer will implement it in a way that fails to catch the spirit of what was written while nailing the syntax 100%. This is unfortunate but is essentially a problem that designers and programmers can work through, the designers learning to be more explicit and less ambiguous with their descriptions and the programmers learning to spot situations where this might be the case. A worse problem is when designers are free to work and rework their design during implementation. A collaborative document like a wiki makes this far too easy and tempting to do. Designers, wanting the best for the game and to provide the best service to the programmers, have a tendency to go back and ‘improve’ and ‘clarify’ their designs after you’ve already started or even finished implementing them. They think they’re being helpful or diligent, but actually they can cause a major discrepancy between design and implementation. Of course, in their head, the discrepancy was already there, but in the programmer’s head, the design has appeared to change significantly.  When this happens during implementation, it can be frustrating to the programmer and cause some work to be scrapped and rewritten. Worse is when it happens after implementation, and the first that the programmer hears of it is when the QA department find that discrepancy and file a bug against it, implicating the programmer for not following the design.

Once designs are given to the programmers to work on, lock the page, and force future amendments to go through an approval process. The history and revision control feature is not enough for this. QA are not going to rigorously compare the coder’s source control commit times to the designer’s wiki revision history when noting a discrepancy between ‘The Design’ and ‘The Implementation’. More than the others, this is a management issue rather than a technology issue. The same problem could conceivably happen with any design doc. However the wiki technology makes it much easier to make little adjustments here and there without anybody noticing until the damage is done.

Ensure that all pages have one owner. A good design is often a big design. In Wiki terms this can mean tens or hundreds of separate pages. As the project moves forward, some features grow, some shrink, some are removed or replaced entirely. Obviously all these changes should be signed off with the implementors as mentioned already, but then the document must remain up to date. On a regular basis coders and QA staff will use the wiki as a reference, sometimes going back to a page they’ve not used for weeks, or using the search functionality to uncover the relevant page. What is critical therefore is that what they find must be relevant and pertinent to what they’re working on. Otherwise their time is wasted: at best, they have to search again (and again), and at worst, they take some action based on this outdated design which wastes their time and potentially that of other people too.

For this reason, every wiki page should be owned by a person on the design team, and that someone should keep the page updated in sync with any changes made to the design so that the information is always correct. If you have the information categorised adequately then each category can have an owner and this becomes quite simple. But without someone being accountable, it’s assumed that someone else will keep it up to date, and this won’t happen because nobody will exhaustively check every page to see if any are out of date. If it’s not practical to have a single owner for a feature or category (as might be the case if it is being co-designed by 2 people, for example), designate one of them as having responsibility for the wiki pages.

Be disciplined regarding scratch-pad, discussion, or brainstorming pages. Wikis are a good middle ground for discussing and evolving a design. They are more convenient than email in terms of having all the information in front of you, and less time-consuming than meetings where all but one person is doing nothing but listening. Unfortunately this means that the game design document can end up with annotations, discussions, vague ideas, and other noise scattered in among the signal.  This can make it hard for programmers to see what is the agreed design and what was just discussion and ideas relating to the topic. Sometimes the problem is in the other direction and key design decisions are left stated in these discussions and not migrated to any clear specification area.

Use a separate namespace if your wiki provides such a thing to keep the normal searches free of this noise. The MediaWiki ‘Talk’ or ‘Discussion’ pages are a good way to handle this, leaving the main pages with the official docs. At the very least flag the page with a big disclaimer message or template that quickly tells programmers or QA that the content of this page is not gospel and is subject to change without notice. Designers should migrate authoritative information from these pages to the proper specification pages as appropriate.

Hopefully that is all useful to someone!

Related Posts:

• The 10 Games You Should Have Played
• Understanding what facilitates meaningful strategy in games

Sorry for not updating recently; real-life has been a bit busier than usual and I’ve had little time to ruminate on game development of late. But then this was always going to be a sporadic endeavour rather than a regular column so have patience! I’ve plenty of posts drafted up, they just need editing and finishing off.

Until then, a note on the length of time required to enjoy or complete games today. Personally I love RPGs, and especially those permitting a large degree of freedom for exploration such as Oblivion or the Might and Magic series. Even with more linear games I tend to have a cautious play style, spending 30 minutes on Doom 2 levels that had a ‘par’ time of 2 minutes, spending 8 hours on Thief 2 levels that others finished in 1, and so on. Recently I clocked up my 200th hour on Oblivion, and although I am tiring of it somewhat, it still holds a lot of interest and novelty to me at this point. Strangely, the time I spend on these games far exceeds that which I spend on explicitly ‘replayable’ games, such as Sid Meier’s Civilization, TrackMania, or any number of RTS games.

Anecdotally it seems like many people, perhaps older gamers, seem to want shorter and more focused entertainment these days. Is this just because they have played so many games and have less tolerance for obvious filler content? I’ve watched young children play certain platformers where they’ll happily try the same jump 20 times before they get it right, while I would probably have lost patience before half that many attempts. Or is it simply because older gamers have more free time to spare and they would rather see more variety and experience more victories in that time than playing one very long game would allow? It certainly seems the case that the industry is providing us with such games – And even when playing time isn’t decreased, the play area has shrunk and traded wide expanses for fine detail – compare Oblivion’s world of 16 square miles to Daggerfall’s 62, or look at the tiny compartmentalised levels in Thief 3 when compared to the sprawling cityscapes in Thief 2 such as the ‘Life Of The Party’ mission (the size of which which even this speed-run manages to portray effectively).

How does this trend for shorter games compare to the hours sunk into MMOs like World of Warcraft? Those of us who grew up with MUDs will recognise that this phenomenon doesn’t necessarily come from the presentation values, which in MUDs were almost non-existent, or even from the quality of the game design, since most MUDs gave you the equivalent of a text adventure with the worst parser since 1982 and an unbalanced version of the Dungeons and Dragons combat rules. Was it almost entirely from the socialising and the exploration factor? Maybe the combination of the two? (Brian Green has some thoughts on the relevance of different player types in a post made a couple of years ago.)

As much as I love long games, I know I could enjoy so many more if they were quicker to complete. I currently have over 30 games installed and which I play to a lesser or greater degree, but the 2 I spend the most time on being Deus Ex and Oblivion. These preclude me from making much progress on some other games (Bard’s Tale 2, Fallout, and Football Manager 2005 to name three that I’ve put on the back-burner for now) since the longer narrative driven games require a certain degree of attention and continuity. It’s easy to forget where you stashed some equipment or which NPC you meant to talk to next if you only play the game once a month, for example. So I suppose that is the downside of the games that are more demanding of time. Modern games are getting better at maintaining this state in the game for you – both Oblivion’s and Deus Ex track your objectives for you, whereas I have reams of hand-drawn maps for the Bards Tale games – but there is only so much they can do without giving you an in-game notepad which you scrawl notes into when you save and quit for the night.

What’s your preference – short play times or longer? Do both essentially give you the same value for money, and the payoff for your hours invested? Do you feel cheated by a game that ended all too soon, or by apparent filler put in to space out the content?

Related Posts:

• No Related Posts

Apologies in advance for the length of this entry; there’s a short summary in the last paragraph if you’re pressed for time!

A few weeks ago, in a moment of extreme boredom, I stopped to watch the snooker player Stephen Hendry score the maximum possible ‘break’ of 147 points. (13 minute video.) Snooker is not the world’s most exciting sport unless you are a devotee, and I am certainly not a devotee. Yet with my game designer hat on, the game of snooker and the way Stephen Hendry had to play to achieve this score both become quite interesting on an abstract level.

Compared to most computer games, it’s very simple in terms of mechanics. To borrow one of Chris Crawford‘s elements of terminology, it only has one ‘verb’ – use the cue to hit the white ball at coloured balls, with the intent of ‘potting’ the coloured balls in one of the six pockets. But then several rules come into play based on which balls you hit and where they end up, dictating the score you get and whether you get another shot or not. Strategies naturally emerge from a player’s awareness of the rules, balancing need to score points with the desire to deny the opponent points. eg. by playing safety shots. Yet this all comes about when there is only one significant way to interact with the game. Compare that to first person shooters for example, where you often have several different types of weapon (allowing typically for both direct and indirect fire), consumable items for health and defence,  different stances/poses/actions to cross obstacles or use cover, and so on. RPGs are perhaps even more full of verbs; you might have melee combat and ranged combat methods, spells you can cast, items to pick up, potions to drink, people to interact with and talk to, horses to ride, maps to view, etc. These games are all well and good but it seems apparent that we can stand to learn something from examining how just 1 action can produce interesting gameplay.

Probably the main thing to take away from the games like snooker, pool, billiards, etc., is that the main action can be applied in slightly different ways to vary the outcome – adverbs, if you will. Choosing the direction to hit the white ball in is like choosing who to shoot at in an FPS, but you also get other choices here. You can attempt to hit the ball harder so that it travels further after hitting the second ball. You can also apply spin to the ball, making the white ball change direction after contact, or even sending it on a somewhat curved path in the first place. Such choices are too often absent in video games – you choose who to punch or to heal or to send a magic missile towards, but often the choice begins and ends there with the ‘what’, having no say over the ‘how’.

It’s apparent that once a player gets good enough to pot the balls quite effectively, they have to start planning ahead and looking to how they can not only pot a ball, but make it easier to pot a subsequent ball. Again, this is where the adverbs come in and the player will apply force and/or spin to attempt to not only pot the coloured ball they’re aiming at but to position the white ball effectively in order to pot the next. But there are trade-offs here, since hitting the ball too hard or with spin affects accuracy, and hitting it too softly might mean the coloured ball you’re attempting to pot doesn’t reach the pocket at all. You have to compromise your current shot a little in order to hopefully benefit your second shot a lot; but if you compromise your current shot too much, you don’t get that second shot.

A classic game from the 80s that had an aspect of this was Laser Squad (play it online here), forerunner of the X-Com games. A simple turn-based tactical squad combat game, you move soldiers around and shoot at each other. But when you shoot at somebody, you get a choice of either an aimed shot or a snap shot. The aimed shot is more likely to hit, but the snap shot takes less time and therefore gives you chance to shoot again or find cover. You had to weigh up which was most worthwhile, taking into account how many successful shots you thought you’d need to take down the opponent, how their distance from you would affect the chance of hitting them, how much ammo you had left, and so on. You knew you wanted to shoot the enemy, but there was an interesting choice in how you went about it.

Like many other abstract games such as chess, you can plan several moves ahead in snooker. But the combinatorial explosion in snooker is continuous rather than discrete and you never truly know exactly where the white ball is going to be for your next turn until it stops. This is an interesting property of any game that models physics, a system that is understood by players well enough to make broad predictions easy but exact predictions almost impossible. This allows for a sliding scale of competence as players get better at judging the outcome of their actions without there ever being a point of total mastery. (I hope to elaborate on this sort of gameplay aspect in a future post.) Games like Armadillo Run and Crayon Physics are very literal examples of this sort of mechanic, but there can probably be more subtle examples too.

Snooker allows for the possibility of combinations (4:38 to 5:14 in the original video) where you involve more than just two balls in the action, typically bouncing one coloured ball off another to pot one of the two. This is generally a more risky shot but sometimes is the only one on offer, or perhaps offers a potentially greater reward if successful. This sort of mechanic is a bit more common in video games, especially in fighting games where explicit combinations are very common, often giving you the opportunity to score more damage but taking longer and exposing yourself to more risk in the process. But it’s rare to be in a situation where you absolutely need to pull off the special move, and more often it’s better to keep it simple when losing. Would games be more interesting if occasionally you were effectively compelled to use the high risk, high reward strategy on occasion? The infamous decapitation attack of classic 8-bit fighting game Barbarian might not go down well with modern players who have little tolerance for such a severe penalty for making one small lapse of concentration, but in a player vs. environment game where the NPCs lack such fragile egos it could be an interesting and rewarding way for a player to snatch victory from the jaws of defeat.

Another interesting aspect I noticed in the snooker video was that the fact that the pink ball was not in the prescribed place on the table was considered quite important. Due to the standard initial layout and the routine of returning coloured balls to their spots, snooker players get used to balls being on their initial spots most of the time. A similar phenomenon could be observed in some first person shooters where the spawn location of weapons and health can form a crucial part of a player’s route around the map. But just as a good player must know how to play the pattern and get from one such point to another, they must also avoid being a sitting duck if the powerup has already been taken or the position is occupied. Expressed as an explicit yet abstract design mechanism, this is setting up a distinct pattern that is visible to players, while allowing it to vary. This gives players several levels of mastery; first, they learn where the items are; second, they learn the optimal routes between them; then, they learn how to improvise if something isn’t where they expect to find it or find it too heavily guarded, and so on.

Finally, snooker’s concept of a maximum break relates to the metagame. Once Stephen Hendry had reached 80 points, he had effectively won the game due to there not being enough points left for the opponent to catch up. Technically, it would be possible for him to lose, should he commit enough fouls that award points to the opponent, but in practice such an occurrence is rare enough that the current frame is usually conceded by the opponent once this stage is reached. However, in snooker it is common to play on until the current break finishes, even though the eventual score has no effect on the game in hand. Prize money was at stake here for getting a maximum break, and further cash is available to the player who scored the highest break of the tournament. Yet in actual terms of the rules the score in each break is essentially irrelevant. Something similar can be seen in things like secret areas in 3D explorer-shooter games, tracking how many kills in a row you have in Unreal Tournament, or seeing how far through Thief you can get without being seen at all. All these aspects sit somewhat on top of the game proper, but provide for an extra view on the same gameplay.

One interesting aspect of the break in snooker is that the score is largely independent of the quality of your opponent. This makes it relatively meaningful to compare them no matter who you play against. Computer games with a similar mechanic could have an online high score table, providing the score is accumulated against a standardised opponent or in a system where the opponent’s strength is less important. This takes the player beyond the individual game they played in and adds them into the set of all gamers who play that same game. This adds the asynchronous multiplay aspect that people like Ian Bogost talk about, and which seems likely to grow in popularity via web-based systems such as Facebook and Twitter. (This was done quite well in the form of play-by-mail games in the past, so it will be interesting to see if any of the techniques used there make a comeback.) XBox achievements work along much the same lines. And TrackMania is an example of a game that provides the typical synchronous multiplay when you race other players, combined with an asynchronous aspect in terms of the local and global rankings that persist from race to race.

All this suggests to me that a lot can be done with just 1 game mechanics. Although adding in extra mechanics and observing the varied dynamics that emerge from their combination is a perfectly valid route to adding interest to a game, more can be done with individual mechanics. Find some ‘adverbs’ to allow the player to make some risk/reward tradeoffs, possibly buying future success with increased risk now, or vice versa. Make outcomes understandable but not trivially predictable so that players can make plans and learn how to anticipate the outcomes. Attempt to provide ways in which the mechanic can be re-used or combined to offer high rewards or a difficult escape route out of a dead-end situation. Set up patterns and predictable situations that players have to learn, but vary them on occasion so that adaptability and resilience to change is a useful skill that can set the experts apart. And see if it’s possible to add some sort of scoring system that sits alongside the game, not necessarily influencing the gameplay directly, but providing metrics that players can choose to compare themselves on, adding interest and replay value.

Related Posts:

• The 10 Games You Should Have Played
• Understanding what facilitates meaningful strategy in games

I may as well open the writing here with a fairly weighty topic! Comments welcomed.

In recent times there has been growing recognition of “games as art”, a term which is necessarily as vague as the wide scope of “games” and “art” allows, but which tends to evoke very specific images. The mainstream games industry tends towards heavily simulation-based 3D games with increased levels of fidelity in terms of rendering, sound, and animation, and ever-increasing amounts of ‘content’ (ie. art, sound, maps, writing, etc.) that the player gets to experience. ‘Art’ games by comparison are inevitably more modest efforts, often rendered with primitive technology (by today’s standards) and have minimal consumable content (where content could mean ). And rather than marching towards increased realism, often the game’s presentation and/or purpose is deliberately abstract, at least in part, and it falls to the player to find the meaning in it. Often there is a creator’s statement, typically designed to be read after the player has played the game and attempted to decipher it for themselves first and to add further elucidation on the developer’s influences and intentions in creating that game.

Probably the most famous examples of this are Rod Humble’s The Marriage and Jason Rohrer’s Passage and Gravitation. These can be enjoyed in as little as 10 minutes each and fully appreciated in a few moments more, after reading the author’s notes on each game.

In a time when games are generally assessed based on their content – eg. how good the story is, how interesting the maps are, how smooth the animations look – it’s good to see games being appreciated in a way that gets right down to the essence of the game rules. The ‘art’ in other games is the content and the game the delivery mechanism for you to enjoy someone else’s world or their story. But the messages these games are carrying are conveyed in the way that the way that the player actually interacts with the game mechanics – gaming in its purest form.

However, these messages are not actually intrinsic to the game mechanics, but come from metaphor, via the references to real life that the mechanics evoke. They’re the gaming equivalent of the abstract painting or formless sculpture that means little until you read the plaque next to it, perhaps transforming your perspective revealing an impressive interpretation of the subject matter. But sometimes, it instead spells out a rather far-fetched justification for what appears to be an aimless or uninspired work. (Does a preserved shark in a tank take on new meaning when labelled as ‘The Physical Impossibility Of Death Tn The Mind Of Someone Living’? Some say yes, some say no.)

It’s great that we have games that can actually mean something and can make you think. But in these examples, the game is more the medium than the message, a way to draw your attention to a subject outside of the game. It’s not so extreme as the case with a story, where the story can be delivered by game, by book, by film, by epic poem, by any number of means, and yet maintain its core features – the game is an integral part of the experience in works like Passage and The Marriage and can’t be easily extracted without removing the message too. But can game mechanics ever be appreciated in their own right, the way readers appreciate The Lord Of The Rings even if they accept Tolkien’s denial that it was a World War allegory? Charles J Pratt over at the Game Design Advance blog posed the key question several months ago: “what if [game] mechanics can’t create meaning or express anything on their own”? Lord of the Rings has intrinsic ‘artistic’ value in the same way that Michelangelo’s Sistine Chapel painting does or Tchaikovsky’s 1812 Overture does. It helps to know something about the Bible or the Napoleonic Wars when studying the cultural aspect of these works, but they’re not required to appreciate the beauty and artisanship involved. Can game mechanics exhibit similar qualities, and be widely appreciated even when they don’t represent a metaphor for something meaningful elsewhere in life, and on the other hand aren’t a vehicle for a traditional story that could have as easily been told in prose or film either?

Maybe one day the game balance of fictional combat units in a real time strategy title will be appreciated by non-gamers. Or perhaps the multi-layered control scheme for a fighting game will command respect, or the complex combat resolution rules and modifiers in a turn-based role-playing game, or the fealty and alliance systems in a massively multiplayer online game. Creating each probably requires a bit of vision, a bit of experimentation, and a bit of plain old effort, the same qualities required when writing a book, directing a film, or painting a landscape. But we seem to be quite some distance from seeing all these things in the same light.

Related Posts:

• The 10 Games You Should Have Played
• Understanding what facilitates meaningful strategy in games