Pitch me a Snake

I've spent a very happy day in the labs marking student work. Normally I hate marking. Exam scripts send me into a cold sweat. But this was much more fun. Rather than dead trees I was looking at live code. Each of our students in the first year was given 15 minutes to pitch their Snake game. And there have been some super ones. We are going to open up the "wherewouldyouthink hall of fame" and put some of these programs up there for download. Great stuff.

Next semester we are going to take the snake game and move it onto an XBOX. And I reckon we will be the first people in the world to do this in an undergraduate course at first year level.

Ed Gibson is "The Man"

Today we went up to Bradford for a rather special talk. The folks at Black Marble arrange seminars for IT professionals (you'll never guess who's giving the next one) and today they had managed to get Ed Gibson over to talk about Computer Security. Ed is quite a chap, an ex FBI guy who is now Microsoft UK's chief security advisor.  So a bunch of students and myself boarded a magic bus to Bradford.

We were lucky enough to meet up with Ed. before the talk. Thanks to my super advanced planning I managed to get everyone to the venue around 90 minutes early, and so we had plenty of time to sit around a roaring fire in the hotel bar and chat. Ed turned up and the first thing he did was buy everyone a drink. My kind of guy.

Then, after some superb sandwiches courtesy of Black Marble it was time to get down to the serious business of the evening. And it is serious. Ed has been there, done that, and told us some truly scary stories. For me the most interesting thing that emerged from his talk is that the computer fraudsters don't want your bank details. They want your bandwidth. If they can get enough machines on the net under their control they can pretty much take down any server, anywhere. Unless you pay them big money.

At some point we will have laws that extend far enough to catch the perpetrators and enough systems out there hard enough to resist the attacks that can turn your home PC into an agent of the bad guys. However,  until then the rule has got to be keep your system up to date. Don't think of computer crime as a "soft" crime with no real victims. The people who do it are in there for the cash, very organized and totally ruthless.

Ed made some good points on a broad canvas. The speaker that followed him zoomed right down into the low level detail. He showed how breathtakingly easy it is to attack a system. One of my programming rules is "build yourself a nice place to work". What I means is make sure that it is very easy to create, build and test the systems that you are writing. It never really occurred to me that hackers would do the same.

We were shown a tool which used SQL injection (basically a way of putting database commands into the text you feed into a web page) to stripmine entire company databases. I knew about the technique, but I never thought there would be such advanced tools for this kind of thing. The next thing that we were shown fair took my breath away. It involved changing the way that the .NET Framework itself works.

Imagine that a developer has got some permissions set on a program. And they want to stop users from pressing certain buttons on certain screens. The Forms library that ships with Windows will do this for you. With a simple property change you can disable a button. If the button is disabled it turns grey and the user can't press it. Job done.

Unless someone changes the guts of .NET so that this property change no longer works. By just changing one particular byte in the right library file a nasty person who has access to your machine can make every single button work all the time. So simple, sooo scary.

Admittedly you'd have to do something rather stupid to let someone else run their program on your machine in the first place, but the result of this is that even securely written code can now be totally banjaxed by being hosted on a corrupted system. Amazing stuff. Simple yet brilliant. And a very worthy follow on to the talk from Ed.

This was a superb evening. Kudos to Black Marble, Ed and his associate (who's name I've forgotten I'm afraid). All the students had a great time, with some pretty deep conversations on the bus on the way back. This was the first Black Marble event I've been to. It will not be the last...

And with that, I'm just going to update my virus scanner...

Robs Laws

I was talking in a Software Engineering lecture today about "Rob's Laws" amongst other things. I think it is time these were finally written down.

  1. Any given computer is too slow. No matter how fast you think it is when you get it, after a while you will think it is too slow.
  2. Any given project will take longer than you think. Even (or especially) if you allow for this. The only exception to this rule is a project you won't get paid for, or one where you have massively misunderstood the requirement and are therfore doomed.
  3. A program that is useful will have bugs in it. The only programs that can be proved to be correct are too small to do anything that you might want.
  4. A highly successful, fully working, system which contains hardware components will just about always have a massive "kludge" somewhere in the middle of it. This is the bit that has to be there, otherwise it won't work. Nobody will completely understand why it has to be there, or what it does, but they do know that if you take it out the system stops working.
  5. A customer will never ring you up and tell you their program is working fine. Never. If the phone rings, it is always bad news. Silence either means they haven't got round to testing it yet, or it is working fine. At the point where you think it has gone quiet for long enough for it to be definitely working the phone will ring and they will tell you they've just got around to testing it and have found something they don't like.
  6. As soon as you assume something about what the customer wants you are doomed. For sure.

Man with two brains

I've been acting as a customer in our software engineering practicals. Student companies have been interviewing me to find out what is really required, and I've been delightfully vague and unhelpful. Not at all like me, but probably a good learning experience for them.

Thing is, I'm also offering a consultancy service where, for the princely some of 2% of their overall mark, student teams can have a few minutes of my time to comment on their designs. What surprises me is how few teams have come along for a chat, for the potential improvement in the marks this is very good value.

However, one of the teams for whom I'm the customer is coming to see me tomorrow. This means that I'll be commenting on the behaviour of myself, and giving advice on how to deal with me to find out what needs to be done. Very strange.

Open Daze

We had an open day at the university today. Before hand we went up town to buy a few bits and bobs (I got two DVD collections - one six pounds and the other four - quality stuff). The light was good and I took the camera.

263061774
This is a view of the Hammonds Department Store. Impressive architecture when you notice it...

Then it was up to the university to give an open day talk. Before the talk Jon showed me this which was in a recent Develop magazine.

263062261
Quite cheering really, the quote is from a Microsoft XNA person.

Then we had a huuge turnout for people who want to see what we do. So many that they were sharing the glasses in the Hive (Hull Immersive Visual Environment). I took a picture of the audience with their 3D specs on...

263062474
Those shades really suit you.....

Thanks for coming folks, hope you enjoyed the presentations. Remember, if you have any questions, feel free to get in touch.

Prepare for Icon Attack!

231272342

I've been playing with the new XNA Express stuff which lets you write games using XNA. Great fun. I'm presently creating a little 2D shooting game which is provisionally titled "Icon Attack", where you fly "My Computer" into battle against massed hordes of Windows Icons, running in fear from the "Recycle Bin of Doom".

I've just got the first bit working, which is the moving icon starfield that will provide the backdrop. I'll keep you posted (quite literally) about how the development goes. Eventually I'll put the source up for you to marvel at.....

It's always the social issues that get you...

I've been playing more with my Flickr inkifier and it is now nearly ready for release into the wild. By that I mean that I've solved all the technical problems, but now I have to deal with the "social" ones.

These are the ones which give you the most grief as a developer because there are no hard and fast answers. When I wanted to add my plugin to Live Writer this was easy. Copy the example, read the documentation and away you go. But now I have to deal with users.

To post a picture to Flickr you have to login to the service. Fair enough. There is a lovely mechanism for this in Flickr which means that once a user has authorised my plugin with them they never have to do it again. But the plugin also has to remember some stuff about the login. So questions start to arise; "Where to I store the information?", "What do I store?", "How will the user interact with it?", "Do I store the data on a per user basis?". Ugh.  

 So, wrestling with all these issues has slowed me down a bit. That and marking all the programming resit exams and coursework. Double ugh.

I suppose I'd better tell everyone

Every now and then you get a juicy bit of news which is of great advantage to those hearing of it. I've just got one of these and the urge to be a nice person and share it has got the better of me. If you are into teaching and computer science and stuff (and therefore in kind of competition with us at Hull I guess) you really should go and have a look here.

I reckon that it is a wonderful development that any computer science department should grab with both hands and run with.  We are soooo going to try and do just that...

Broadcasting to a waiting world

I did my last webcast tonight. I've been cranking these out at a rate of one per week for the last few weeks, and today was the last one. It was all about mobile game development using Direct3D on mobile devices.

I'm going to miss doing them, they were fun.  If you came along and took part, good on you and I hope you found them useful. If you missed out, you can download them and enjoy them at your convenience (or some other small room in the house).

You can get hold of the resources, and find links to the recordings, here.

As I was saying....

Did my first Webcast tonight.  Never done one before. You feel a bit stupid sitting in a room talking down a phone to a whole bunch of people you can't see, but you get used to it after a while. It is a bit scary though. There is a technique for dealing with presentations where you imagine the audience naked. In this case, they might actually have been - a horrible thought.

I'd very carefully scripted everything so that I knew just what to do and when to do it. So off I went.  Just about everything worked, although I did have to speed up a bit at the end to get to the finish without missing anything.  And I did tell my favourite joke as well, just as I promised. But of course I couldn't hear anybody laugh (so no change there). If you want to watch too, take a look here.

Rob Speaks

Do you have those "What on earth am I doing here?" or "How did I get into this?" kind of moments very often. I don't have too many and fortunately, being of a literal frame of mind, I can usually answer the questions with "Giving a talk" and "Via the lobby". I had one of those today though, just before I gave my presentation. I've met people who say airily "Oh, I never get nervous before I give a talk". Well I do. I regard it as part of the preparation process. I reckon that a certain amount of concern about the way that things are going to turn out does tend to improve the final product. When I fly home on Friday I want the pilot to be fretting to some degree about the success of the take off and landing parts.

So there's nothing wrong with getting nervous, although I have found that if you turn into a quivering wreck on stage this can cause the audience to lose some of their respect for you. I reckon the key to nailing presentation nerves is preparation. If you have confidence in your knowledge of what you are going to speak about, have tested all the props and demos, and have contingency plans if they don't work, then you can just get on and do the job. So, after some pacing of the stage, the appointed time comes and off we go. And just about everything works. And the audience seem to like it. And I finish on time (always a plan if yours is a session immediately before lunch). And they even clapped at one point. Thanks folks.