Monday, February 22, 2016

Apple vs the FBI

What's up with Apple and the FBI?

Several of my friends and family have asked me about this case, which has been in the news a lot recently. A whole lot of news stories have been written trying more-or-less successfully to explain what's going on here, often with ill-fitting analogies to locks and keys, and it seems like a lot of people (including some of our presidential candidates) are just as confused about what's going on now as they were when the whole thing started. The Wired article above is really very good, but it's long, fairly-technical, and doesn't cover the non-technical side of things particularly well.

So, since y'all asked, here are some of my thoughts on the case. I'm going to be kind of all over the map here, because I've gotten questions about the moral side of things as well as the technical. I'm going to mostly skip over the legal side of things (because I'm unqualified to comment), except for a couple of specific points.

On the off-chance that someone stumbles across this who doesn't already know who I am, I'm a computer programmer, and I have worked on encryption and digital security software for a number of different companies, including 3 of the 5 largest PC manufacturers.

I'm going to try to stay away from using any analogies, and just explain the actual technology involved as simply as I can, since I know you can handle a bit of jargon, and the analogy-slinging I see on Facebook isn't making things any clearer for people, as far as I can see. There will be links to Wikipedia articles in here. You don't need to read them, but they are there in case you want to read more about those subjects.

First, a very quick run-down of what this is all about:
  • The FBI has an iPhone that was used by Syed Rizwan Farook, one of the shooters in the San Bernardino shootings last December.
  • The phone is locked (of course), and the FBI wants Apple to help them unlock it, and in fact has a court order requiring Apple to do so.
  • Apple is refusing to do what the FBI wants, for some fairly-complicated reasons.
  • A whole lot of people, including information security experts, law experts, and politicians, have weighed in on how they think this should go.

So, what's my take on all this?

Encryption does not work the way you might think it does, from watching movies or TV.


In the movies, you always see "hackers" running some piece of software that puts up a progress bar, and the software makes gradual progress over the course of seconds or minutes, until the encryption is "broken", and the spy gets access to the data they need. In the real world, unless the encryption implementation is fundamentally-broken by design, the only way to break in is by trying every possible key (we call this a "brute force attack"), and there are an enormous number of possible keys. You could get in with the very first key you try, or you might end up checking every possible key before you find the right one. Nothing about this process gives you any information about whether you're "close" to getting the right key, or whether you've still got billions of keys to try.

The data on the iPhone is encrypted with a key long enough that trying to decrypt it through brute force is essentially impossible.

The data on the iPhone is encrypted using AES, the Advanced Encryption Standard, which was developed by the US government for companies like Apple to use to secure data for their customers. as far as anybody knows, brute-force is the only way to attack AES, and with a 256-bit key (as is used on the iPhone), it'd take literally billions of years to try every possible key, if you used all of the computing power in the world.

Apple doesn't have that key to hand it over to the FBI

The key used to encrypt data on the iPhone is derived from a combination of a device-specific key, and the pass-code which the user has set on the phone. There's no way to extract the device-specific key from the phone, and there's no record of which phone uses which device-specific key. This is done on purpose, because if you could get that data, it'd make it much easier for anyone to extract your personal data from your phone.

Given that you can't get the device-specific key, then even if all of the data was extracted from the phone, you'd be faced with performing a brute-force attack on the encryption (which is impossible, see above).

You don't need the device-specific key if you can guess the pass-code to the phone

Obviously, if the phone has a 4-digit pass-code, you only need to try 1,000 10,000 different codes in order to unlock it (0000-9999). You could sit an FBI intern down in a cubicle with the phone, and a day or so later, it'd be unlocked. That'd be a really boring shift for them, but you could still do it. If the phone has a 6-digit lock code, that becomes substantially less-convenient, and you're into the range of a full-time job for a year or more.

But you might not be able to do that either, depending on the phone's settings. One of the security settings you can set on the iPhone is for it to erase the data on the phone after 10 incorrect password attempts. The FBI seems to think that this option is enabled for Farook's iPhone.

Here's what the FBI says that they want Apple to do

The FBI wants Apple to produce a custom version of iOS (the iPhone software), and load it onto Farook's iPhone, to enable them to quickly try all of the possible pass-codes.

This custom software would:

  1. Disable the "erase after 10 incorrect codes are entered" feature (of course)
  2. Allow the FBI to feed possible pass-codes to the iPhone from a connected computer, rather than requiring some poor intern to enter each one by hand.
  3. Reduce the amount of time required between entering each code, so they can check them faster. That wouldn't matter if there was a 4-digit code set, so maybe Farook used a longer code.


Can Apple do it?

Apparently so, or at least Apple CEO Tim Cook hasn't made the claim that they can't comply with the court order, just that they shouldn't be required to. It probably would not be that much work, actually. Items 1 and 3 up there should be trivially-easy to change, and #2 is probably not a huge amount of work for someone who's familiar with interfacing the iPhone to a PC. Somewhere between "one guy working over the weekend" and "two guys working on it for a week" is probably a reasonable guess.

Here's why Apple says that they shouldn't be forced to do this


It's a violation of their customers' privacy

Tim Cook says in his open letter that the FBI's request amounts to:
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. 
Earlier models of the iPhone were much simpler for Apple to bypass the pass-code on, and they've expended substantial effort over the last few revisions to make it much harder for people to break into iPhones (and newer ones are even more-secure than the phone in this case). This is valuable protection for the individual customers' data, and has contributed in large part to reducing the number of phones stolen, since they can be locked in such a way that they can't be easily re-sold. This same cryptographic technology is also what keeps trade secret information that's stored on businesspeople's phones from being copied as a matter of course overtime they travel to any foreign country.

This is not a normal subpoena, it's a special court order

Normally, law enforcement agencies will get a court order to compel a company or individual to turn over information or physical evidence that is relevant to a particular investigation. Apple has cooperated in previous investigations (and even in this specific case) with those sorts of orders. This is something else entirely.

Using the All Writs Act, an obscure 18th-century law, the FBI is trying to force Apple to engage in an activity that they wouldn't otherwise do (and which will have a negative impact on their business and customers). The All Writs act has some significant restrictions in terms of when it can be invoked, but there's remarkably-little restriction on what a court can use it to order.

Once the FBI successfully uses the All Writs Act to force Apple to produce a custom version of iOS, they will have established a precedent where they can use it to compel Apple (or any other technology company) to take whatever actions they think might be helpful to aid any investigation they might launch. Lest you think I'm veering into conspiracy-theory territory here, consider the following:

Several statements that the FBI has made to the court and in the news are either extremely naive or deliberately misleading.

The FBI has made statements both in their court filings and in the press which are simply untrue. If it weren't for the fact that the people making these claims are actual forensics experts (or work with such experts), I'd be inclined to say that they just don't know what they're talking about. Given that they do work for the FBI, I think it's reasonable to hold them to a much higher standard of clueful-ness.

It's just for this one phone for this one investigation

I can't believe that anybody would think they could get this argument past a judge. Of course if this tool exists, the FBI (and every other police/security agency in the US and every other country in the world) will require that a this custom firmware version be loaded on whatever iPhones they might have picked up in the course of an investigation. And it'd be so much easier if they could just hold on to the firmware themselves, and apply it themselves to iPhones where they have a warrant. This isn't even a "slippery slope" argument, it's just what will obviously happen.

Several news articles have mentioned China, but really any country that has a poor human rights record would obviously misuse this tool, if it was available. In particular, the Gulf states have an atrocious record on human rights, and a track record of forcing technology companies to compromise customer security to make things easier on their state security agencies (See: Saudi Arabia and Blackberry).

There may be critical information on this phone that leads to other terrorists that Farook was in contact with.

It's very unlikely that there's actually any information on this phone that'd be useful to the FBI investigation. First off, this isn't even Farook's personal phone. It's the work phone that was issued to him by his employer, the County of San Bernardino. I mean, you can never underestimate the intelligence of criminals, but what kind of idiot would plan their attack on a county facility using their county-supplied phone?

In any case, Farook destroyed his own personal phone, as well as a laptop and several other devices, before carrying out the attack. If he went to all that trouble to destroy evidence, it seems unlikely that he just plain forgot to destroy his work phone. It's much more-likely that there was never anything remotely-incriminating on it to begin with.

Secondly, the FBI already has access to backups of that phone all the way up to 1 month before the attack. So they'd only be potentially getting information that was added to the phone in the last couple of weeks before the attack.

And finally, almost all of the relevant data you might get from that phone is already in the FBI's hands through other channels. They've already got access to the call records, emails, and other communications from that phone and Farook's other devices.

Apple can make this hack so that it only works on this one iPhone, eliminating any risk to Apple's other customers.

Well, sure, in a trivial sense. In a much more-significant sense, this is a content-free statement. In the trivial sense, Apple cannot course add extra code to this custom version of iOS so that it only works on Farook's phone. But really, they can't do that - they have to test it first, of course, so that means it has to be installable on at least two phones. And it'd obviously be trivial to change which phones it works on later, which brings us back to the original "it's only for this one phone" nonsense above.

Additionally, this runs into conflict with the requirements of the "All Writs Act", which is the justification for this order. They're not allowed to create an "undue burden" on Apple, and having Apple set up a whole new internal process for creating thousands of custom versions of iOS for every investigation in which it might be useful is not a trivial thing.

Right now, Apple needs to be very careful about which OS updates it digitally "signs", which is the process that's needed to allow the software to be installed on customers' phones. There are hundreds or maybe thousands of Apple employees who have access to the tools and the source code to make changes in iOS. But that final step of signing an update is necessarily restricted, because the key for that process allows you to say to the world "this software is approved by Apple". They're presumably quite careful with that key. You can make the argument (and people have) that digitally-signing a file is essentially the same as a physical signature, and you shouldn't be able to compel someone to sign something digitally any more than you can legally compel them to sign a physical piece of paper.

I don't know about Apple, but at one of my former employers, we kept our code-signing key, and the laptop with the software for signing our updates, physically locked up in a safe. The key was actually split into multiple parts, which were only accessible to certain people. Because if you can sign software, you can make it do anything you want. You can remove the DRM which is used to secure purchased content, steal all of a customer's personal data, anything.

There's a larger issue at stake here - the very idea of privacy is under attack

Ever since the ratification of the Bill Of Rights, there has been a back-and-forth argument in this country over the right balance between the citizen's right to privacy, and the state's need for security. Since the development of effective commercial cryptography in the late 20th century, the debate has gotten significantly more-heated.

Privacy is a basic right, guaranteed by the Bill of Rights here in the US

The 4th Amendment to the US Constitution says:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

This controls the sorts of searches that the police (FBI, etc) can perform. In particular, they need probable cause, and a court-issued warrant. Over the last few centuries, that's been dialed back a bit, and US citizens are routinely searched without a warrant, and without probable cause. But there are still limits, and if you, your home, or your stuff is unreasonably-searched, you can contest that in court (and you might even win).

When the constitution was written, the founding fathers could not have imagined the sort of surveillance technology we have today.

In 1789, if you wanted to have a private conversation with a friend or family member, you could take them aside into a room, or go for a walk in the woods, and if you couldn't see anybody else, chances are nobody would overhear what you had to say. With a wax seal on your mail, you could see whether it had been tampered with (or read by someone else) in transit.

Modern communication systems (email, telephone, chat) are much easier to listen in on, and when new technology comes along, it has typically taken a while for the Supreme Court to come to the conclusion that whatever new-fangled communication system you use, it's essentially the same as a letter, for legal purposes. Tapping phone lines without a warrant used to be totally legal. Same with intercepting email and other electronic communications.

The question of whether or not you can be compelled to unlock your own phone, even if it contains potentially-incriminating evidence, is possibly still open, despite the fact that that seems like an obvious violation of the 5th Amendment.

Strong encryption flips the balance of privacy back to the way things were in the 18th century

When you have access to strong encryption, you have privacy by default. This is as it should be. Until the early 1990s, most encryption that was available commercially was just terrible. Since the development of the World Wide Web, the level of sophistication of the cryptography available to individuals and commercial users has vastly improved.

The US government has fought the availability of effective encryption for decades

After World War II, a war which the Allies won in part due to their ability to decrypt German secret messages, the US government set up the NSA to ensure that they had a lead in cryptographic technology. And until the growth of academic cryptographic research in the 1980s and 1990s, their expertise was unmatched. The NSA has a weird double mission. On the one hand, they're supposed to protect US military and civilian communications from foreign spies. On the other side, they're supposed to develop ways to break encryption used by other organizations, to support US intelligence-gathering. When it comes to commercial encryption, these goals are directly in conflict.

When the first truly effective encryption systems began to become commercially available, the NSA tried to keep their ability to listen in on communications by restricting the length of keys that could be used in software that was being exported. Eventually, it became obvious that that was only going to disadvantage US software makers, and the restriction was lifted.

During the Clinton administration, the NSA proposed Clipper, a cryptography system that would make it easy for law enforcement to listen in on communications (with a warrant, at least in principle), but would be very difficult for foreign governments, hackers, and others to break. It turned out to have a number of fundamental flaws, and was pretty quickly killed.

More-recently, the NSA has been possibly caught inserting a flaw into a security standard that they helped develop.

Law enforcement and security agencies now have much greater ability to collect data that's not specifically protected with encryption

Despite better security of communications overall, the security apparatus has continued to press the boundaries of what information they can gather without a proper warrant. Here are a few recent(wish) examples.

The FISA court

In order to allow allow Federal law enforcement and intelligence agencies to obtain search warrants, without having to publicly disclose what they're searching for, and who they're searching, Congress created a parallel court system, the Federal Intelligence Surveillance Court. This court provides search warrants, and has been involved in issuing court orders to compel commercial companies to cooperate with the NSA in collecting data, including information on US citizens, which the NSA is explicitly barred from collecting.

Telephone metadata collection

The NSA has been, for many years, collecting telephone meta-data (who's calling whom) for essentially all telephone call placed inside the United States (and several other countries). This only came to light because of Edward Snowden's whistle-blowing, because of course they got the authority for that from the secret FISA court.

StingRay

The StingRay system is basically a "fake" cell tower that broadcasts a signal that causes every mobile phone within range to report its location. They can be used to track the location of mobile-phone users in bulk, and can also apparently be used to intercept calls. These systems have been provided to local police forces via grants from the Department of Homeland Security, and they're used in a variety of ways that are at best quasi-legal (in that they haven't been specifically declared illegal yet).

Automated number plate readers

These machines are just about everywhere. They're used to automatically collect tolls, the police use them to search for cars that are associated with wanted criminals, repo men use them to look for cars that the owners have stopped making payments on, etc, etc. My local city has them mounted on the parking enforcement golf-carts, so they can just cruise down the street and collect the location and license plate numbers of every single car parked anywhere in the city.

And again, there's no law telling either the police or the private companies what they can or can't do with this information, so it gets used (and mis-used) for all sorts of things. The police have no need and no right to know where my car is at all times, as long as I'm actually following the parking rules.

What happens now?

I think there's a good chance that the court will make the "right" decision here, and side with Apple after considering their response. Either way, you should expect that Apple (and other manufacturers) will make additional efforts to ensure that they themselves cannot circumvent their own security systems. If the court makes the "wrong" decision, then there will be a whole lot more of these court orders issued in the near future, and that's bad news for privacy.


Monday, September 08, 2014

Predictions for Apple's big announcement event tomorrow

So, Apple has scheduled some new product announcements tomorrow, which will certainly include a new iPhone (it’s the right time of year for that). There’s a lot of buzz on the internet about the event, based on oblique references from various Apple employees that this event is about much more than just a new iPhone.

Despite the fact that I haven’t worked there in a decade, some people have asked me what I think Apple’s going to announce. For everybody’s amusement, here are my predictions, so we can all have a good laugh about them tomorrow. But first, some background:

I’m really bad at this

As many of my friends and family already well know, I have a history of really, really bad predictions of what Apple will and won’t do. A couple of notable failure in the past include:

“Apple wouldn’t buy NeXT. That would make no sense. They might license some of the technology”
When I said this, Apple was actually currently in negotiations to purchase NeXT, which ended up being their largest acquisition value-wise, until they acquired Beats Electronics this year.

“Mac OS X will never ship. It’s a doomed project”
This was while I was working on the OS X team, and more than a little depressed at the level of infighting and backstabbing going on between various teams. It took almost another year, but OS X 1.0 did actually ship,

“Clearly, the Mac will be transitioning to a new architecture again. It won’t be X86, though”
I had assumed X86-64 on AMD processors was the new target. I take some satisfaction from the fact that Apple relatively-quickly obsoleted the X86 processors in Macs, for 64-bit capable ones.  I *almost* got this one right, but I underestimated how much influence non-technical factors would have on the decision.

That’s a common theme amongst many of the times that I mis-predict what Apple is going to do - because I’m this hyper-logical engineer-type person, it always surprises me when they do something that’s not the “right” decision technically, but makes sense economically or in some other way.

Predictions

Okay, so here are my logical predictions, almost none of which will likely come to pass.

What I think of the popular rumors


iPhone 6
No doubt that this is going to be announced. It’ll be lighter, better battery life, faster. Rumors are that there will be a physically much-larger model, with a 5.5 inch screen. That’s totally ridiculous. We’ve all seen someone using one of those massive Android phones, and I think we can all agree that they look like total dorks. No way that Apple is going to make an iPhone that you have to use both hands to use.

iWatch
Not a chance in hell that Apple will produce a smart watch like the Galaxy Gear or Moto 360. Again with the “dork” factor - who even wears a watch those days? I haven’t worn a watch since I got my first  Palm Pilot, back in the day. My iPhone goes with me nearly everywhere I go, already. I look at higher-end wristwatches, and I can appreciate the craftsmanship, but I have no more interest in wearing them than any other piece of jewelry. If Apple does introduce a piece of “wearable technology”, then it won’t be a conventional watch. I could see something playing up the health-monitor angle, but a wristwatch? No way. A $300 accessory for my iPhone that saves me the effort of pulling my phone out of my pocket to read the calendar notifications? Ridiculous.

”Obvious” things, which I haven’t seen rumors about


New Macs
Weirdly, there’s not much buzz about this in the rumor-sphere. There was a little bit of buzz about that early on, given that the event is at the Flint Center, where the introduction of the original Macintosh was held, as well as the iMac, the machine that saved the whole Macintosh line. But the rumor mill died out, partly due to lack of information, and I think partly due to people being unable to figure out how a new Mac development would be any kind of big deal.

What kind of announcements could they make about the Mac that’d revitalize that line, and the company, again? There are a couple of “obvious” things they could do, based on the technology that Apple’s products are built on, and recent changes in their products.

A new Macbook Air, based on a 64-bit ARM processor
The 64-bit ARM processor in the iPhone 5s and iPad Air is this close to being a capable desktop replacement, and we already know that OS X runs on ARM (after all, iOS is basically OS X with a few additions/deletions, and maintaining processor-neutrality is something Apple’s been focused on since the Intel transition.

What would you get with this new Mac? All-day battery life, at least, but given that you could then run both iOS and OS X on the same hardware, it would make even more sense to unify them. There are already *far more* applications for iOS than for OS X, and integrating iOS app support would tie in nicely with the changes to full-screen mode that we’ve seen in recent versions of OS X.

The Mac App store already exists, so for people writing OS X apps, it’d be a simple re-compile to target the new architecture. Also, the most-recent Mac Pro was a design focussed much more on exploiting the GPU, rather than being dependent on the CPU. Any apps that are optimized for the Mac Pro will run great on an ARM machine with a proper GPU. All in all, the pain of moving to a new architecture will be much lower now than it was for the Intel transition in 2005/2006.

30th Anniversary Mac
Oh, and it’s the 30th anniversary of the Mac, so a “30th Anniversary Mac” seems like a good bet. Not sure whether that’d be a new iMac (to keep with the all-in-one form factor), or a laptop (the most-popular Mac form factor these days). Unlike the much-mocked “20th Anniversary Mac”, I expect this to actually be a product that the average Mac user would want, and that they’ll actually be able to buy.

Apple TV finally “grows up” and stops being a “hobby” for Apple
As someone who’s worked on Smart TV software, I can tell you that the problems with the TV watching experience today aren’t really the sorts of things you can solve with better hardware and software. They’re structural problems in the way TV content is produced, delivered, and consumed. Why does your fancy digital cable box take 2 seconds to switch channels? Why is your DVR’s interface so ugly? Why can’t you watch back episodes of your favorite show for any reasonable price, until they’re released on DVD? Why is it so *much* more convenient to pirate content than it is to pay for it?

It’s all down to *lack of integration* - the cable company, the folks making the set-top box, and the people making the content that makes having cable worthwhile all work for different companies, with different goals.

Apple has enough money in the bank to outright buy AMC, CBS, HBO and Netflix with cash. They’d have to borrow a little bit to buy Comcast, but not actually all that much. That’d change the TV landscape a bit, I think.

Conclusions

Based on my previous track record, here's what I think you should expect:
  • iPhone 6, with a comically-large screen. In a year, I'll deny I ever mocked "phablets" as a bad idea.
  • An iWatch (not with that name), which is a "me too" smart watch. People will buy it, because it'll be oh-so pretty. But in a year, nobody will be wearing one anymore.
  • No new Macs, except for an utterly-unremarkable "30th Anniversary Macintosh", which will be a gold-plated turd, just like the 20th Anniversary Mac
  • Apple TV continues to be that weird box that your Apple fanboy friend / relative has, that you just don't "get" why they have it.

Tuesday, February 05, 2013

One down, 11 to go

January OneGameAMonth post-mortem

January is over, and I'm done working on Rocks! (for now, at least), and it's time to go over what worked, what didn't, and what I'll do differently for February.

First, here's a link to the current version:

And here's the Github repository with the source code:

What I was trying to do:
This was the first month of the One Game A Month challenge, and I really wanted to make sure I finished something, so I'd get started off on the right foot. To that end, I tried to shrink the scale of what I was trying to do for January to something I was sure I'd be able to finish. Rather than design a game from scratch, I started with a well-known design, and implemented it on an unknown (to me) technology stack. So, I decided to do a clone of Asteroids, running in the web browser, using the canvas element for graphics, and the Web Audio API for sound.

I wanted to produce something with a retro feel, true to the spirit of the original, even if it wasn't exactly the same in execution. And I decided to do the whole thing without the use of any frameworks or libraries, both because I thought that the game was simple enough that I could just bang it out without much help, and because I wanted to actually learn the browser APIs, not some third-party library.

What went right:
Got something working very fast, then iterated
By the end of the first week, I had a playable game, if not a very interesting one. That took a lot of the pressure off, knowing that even if I ran out of time, I'd have *something* to show for it.

Scope creep (mostly) avoided
Although lots of really great ideas came to me while working on Rocks!, I managed to avoid the temptation to add in a bunch of extra features. I feel especially good about this given that I didn't quite meet the initial goals - I'd have felt a lot worse if I didn't manage to make a complete game, because I'd gotten distracted by doing something cool, but not part of the core gameplay.

Proper "retro-twitch" feel
I spent a fair amount of time tweaking the controls, to get ship movement that felt "right". I think this is something that really distinguishes my game from the other Asteroids-like games that were submitted to OneGameAMonth last month. My ship is very responsive, it turns and accelerates quickly enough to get out of trouble, which makes the player feel like they're in control of their own fate.

No Art
I didn't want to spend a lot of time drawing terrible art that I then hated. I figured that going with the vector approach would encourage (enforce?) a simple graphical design, and save me from spending hours tweaking art trying to make it look less goofy. My inability to draw well is going to be an ongoing issue for the next 11 games, too.

I "Finished" on time
Actually a bit ahead of time. Which is good, because a bunch of "real world" stuff came up in the last few weeks of January.

What went wrong:
Spent much more time on art & sound than expected
Despite the fact that I went with a totally minimalist look & sound, I still had to do a fair amount of tweaking. But with everything defined in code (see next item), it was pure tedium to make any changes in the graphics or sound.

No creative tools
I ended up doing the entire art design by sketching things out on graph paper and manually copying down the coordinates into my code. This wasn't *terrible*, but it was tedious and error-prone. I didn't produce an editor for shapes and sounds because that sounded like more work than actually finishing the game. For *this* game, that was arguably true - but a couple of features got left out, rather than going through the process of manually designing graphics & sound for them. I'm planning on using the same technologies in future games, so I'll be able to amortize the effort to produce the tools over several projects. Conveniently enough, the optional theme element for OneGameAMonth February is "sound", so I'll have good incentive to build (or find) at least a rudimentary sound editor.

What ended up on the cutting-room floor:
* High score board
* Touch browser controls
* Enemies
* Hyperspace

These are all things I intended to do, but just didn't get around to. Technically, there is a high-score board, it just doesn't allow you to put in your initials. This is because I didn't feel like I could implement it without needing to make some major changes somewhere else.

I didn't do touch controls for keyboard-less tablets and phones because I wanted to do the controls on a kind of virtual arcade cabinet presentation. I never did get any designs for that panel that I liked, so you still can't play the game out your iPad,

Enemies were going to be UFOs like in Asteroids, with an occasional power-up coming from each enemy shot down. I think I could get a fairly rudimentary version of alien AI done in a couple of days, but I just ran out of time.

What about February?
February will be crazy busy for me, so I'll be setting my sights low for this month as well. The massively-multiplayer infinite-world Sci-Fi adventure game will have to wait a month or two.

Amongst other things, I will be adopting some helpful libraries and/or frameworks, rather than trying to do everything myself. In particular, it'd be an interesting exercise to build a videogame using the Enyo.js framework, since we've never really pushed that particular use case, Enyo being more focused toward native-equivalent mobile productivity apps.

Friday, January 11, 2013

Rocks! Update #2 - it's a game

It's an actual game now!

So, first things first - here's the current version of Rocks!

Rocks!

New features include:

  • updated graphics - random rock shapes, and a progression of sizes
  • on-screen instructions
  • better sounds
  • proper collision detection
  • particle effects when things are destroyed
  • more than one level
  • a "shield" that will prevent rocks from running into you

It's looking a lot more like a real game now.

Sound design is hard

Oddly enough, the hardest thing for me so far has been making those decidedly "retro", simple sound effects. The Web Audio API is very powerful, but it's also very much focused on doing sophisticated manipulation of sampled sound. I certainly could have grabbed appropriate sampled sounds, or built some in Audacity, but I wanted to push the "classic" feel of the thing, and I thought - "I've done this sort of thing before, how hard can it be"? Besides, attaching a couple of huge sample files to a game that's currently under 20kb total in size felt a bit like the tail wagging the dog.

Of course, the last time I tried to create synthesized sounds from scratch was probably 30 years ago, on an 8-bit home computer with a fixed-voice synthesizer chip. There's something to be said for the existence of fewer choices helping to focus your efforts. When you're faced with an API that supports multi-channel surround sound, arbitrary frequency- and time-domain manipulation, 3-D positional audio, dynamics compression, and all the rest, it's a little difficult to figure out how to just make a simple "beep".

Here's what I've learned so far about using the Web Audio API:

Web Audio is based on a connected graph of nodes, leading from one or more sources through the graph to the ultimate audio output
This is enormously-flexible, and each of the individual node types is jut about as simple as it can be to do the thing it's designed for. There's a "gain" node that just multiplies the input by a constant and feeds it to the output, for instance. The source nodes don't have individual volume controls (because there's the gain node for that).

There's one weird quirk to my old-school sensibilities, which is that every note requires making another source node and connecting it to the node graph. When a note stops playing, the source node is automatically removed and garbage collected. If you want to play the same sound over and over, you're continuously creating and destroying nodes and connecting them to the graph.

There's a simple oscillator source node that's very flexible
You can easily create an oscillator that uses an arbitrary waveform (square, triangle, sine, on user-defined), plays at a specific frequency, and starts and stops at a specific time. This is about 80% of what you need to make a "beep", but:

Oddly, there's no built-in ADSR envelope support
Back in the day, we'd set up ADSR (attack, decay, sustain, release) parameters for a sound, which would control how quickly it came up to full volume, how loud it was as the note progressed, and how quickly it faded. There are probably about 10 different ways to do the same thing in Web Audio, but nothing with the same simplicity.

There's no simple white-noise source
This is a bit of a weird omission, in that noise sources are the basic building blocks of a lot of useful effects, including explosions, hissing, and roaring noises. And again, there's probably 10 different ways to solve this with the existing building blocks, each with their own limitations and quirks. I ended up using Javascript to create a buffer of random samples, which I could then feed through filters to get the appropriate noises for thrust and explosions.

The API is very much a work in progress
Despite the fact I wasn't trying to anything particularly sophisticated, I ran into a few bugs in both Safari and Chrome. I imagine a certain amount of this is to be expected with an in-development API that hasn't been standardized yet.


Next Up: Enemies!

The next big feature for Rocks! is to have some enemies to chase you around and shoot at you.

Saturday, January 05, 2013

One Game a Month, One Blog a Month?

A New Year Brings a Fresh Start

I swear, I'm not going to start this post out with how disappointed I am at my lack of writing output over the last year. Oops...


The Problem

No matter how much I promise myself I'm going to update my blog more often, it tends to languish. I have a bunch of half-written articles waiting to be published, but in the absence of any compelling deadline, I can continue to look at them as "not quite ready for public view" for forever.


A possible solution

Something I've seen work really well for other people who struggle with producing consistent output are what I think of as "creative challenges". Things like the "take a picture every day for a year" challenge that a lot of people are doing to improve their photography.

I just can't face the idea of a "blog a day" challenge, though - I like the idea of something a little more long-form, and a daily deadline would force me to cut corners to an extent I'm not ready for yet.

So instead, I signed up for the OneGameAMonth challenge. Game design is one of my non-programming passions, so I feel like I'll be able to stay motivated and really try to see this through. A month is a long-enough deadline that I feel like I can produce something worth examining, and the practical problems and "stuff I learned along the way" should provide ample material for *at least* one blog entry a month.


The Plan

I haven't planned the whole 12 months out yet, but here's what I do know my plans:
  • I will create a variety of games in different formats, including video games, board games, and card games
  • I will explore different genres in each format
  • Everything I do will be open-source on my Github account
  • I will write at least one blog entry every month, about the current game
  • If I don't finish a game in a particular month, I will not give up - I'll just do something less ambitious for the next month


The Proof

And to prove that I'm not completely full of it, here's the in-progress game for January, after two days of after-hours hacking:

It's named Rocks!

And here's the GitHub repository for it.

This is an HTML5 Canvas & WebAudio version of the old Asteroids arcade game. Because it uses some cutting-edge web features, it only runs properly in recent WebKit-based browsers. That's Google Chrome and Safari. Future games will likely be more cross-platform, but I wanted to learn a bit about the Web Audio API.


What I've learned on this project so far

This first version is very limited, and frankly pretty buggy:
  • There's no proper collision detection - it's hard to die, unless you try to hit a rock with the ship
  • The asteroids don't start larger and break up into smaller ones
  • There's no level progression, and no game-over when you die 3 times
  • No enemy UFOs yet
  • There are missing sound & visual effects
And the code is, frankly, a mess. But on the other side, there's a lot I've learned over the last two days:
  • All of the rendering is done using the Canvas line-drawing primitives
  • The sounds are synthesized on-the-fly using Web Audio units instead of sampled sounds
  • The animation is driven using requestAnimationFrame, so it should throttle back when in the background
  • The whole thing is less than 11k in size, and there's about 400 lines of Javascript in the main game file. That's smaller than a typical iOS app icon...

Friday, February 10, 2012

The simplest possible computer

The simplest possible computer

So, if we were going to build a model of the simplest possible computer, where would we start? As it turns out, you probably have such a model in your home already.


Many homes have what's known as a "three-way" switch, which is a light switch that you can turn on and off from two different locations. This circuit can be used as a simple digital computer.





By properly labeling the switch positions and the light bulb, we can use them to solve a logic problem.


Let's say that you need a system to tell you whether to have dessert with your lunch, but you have some specific rules to follow:

1. If you have a salad for lunch, you'll have dessert.

2. If you have soup for lunch, you'll have dessert.

3. If you have both soup and salad for lunch, you'll skip dessert (since you'll be over-full).

4. If you haven't had anything for lunch, you won't have dessert (because dessert on an empty stomach will make you sick).


Here's how to solve this problem with the three-way switch:


If necessary, flip one of the switches so that the light is off. Label the positions that the switches are currently in. Label one "had soup", and the other "had salad". Label the other two positions "no soup" and "no salad", respectively. Hang a sign on the light bulb that reads "have dessert".


Congratulations! You now have a computer that will tell you, based on whether you've had soup and/or salad, whether you should have dessert. Try it out, and you'll find that it follows the rules given above, and the light will only come on if you've had either soup or salad (but not both).


This isn't all that exciting by itself, but this same circuit can be used to solve an entire family of related logic problems, just by changing the labels on the switches and the light bulb. This ability to use the same logic to solve many different problems is the source of the flexibility of computers, and is what enables them to be useful for so many different things.


A new project!

I'm working on a "book" in my spare time. I put book in quotes there, because I don't know that it'll actually get to the level of being published on dead trees. Due to the subject matter, it would make more sense to publish it online (or perhaps, via something like iBooks) in any case.

It's intended to be an introduction to Computer Science for non-nerds (and/or younger folk), which I'm sure is well-covered ground, but the unique direction I'm planning on taking is to start "at the bottom" with the most basic principles and work my way up.

This is based on conversations I've had with family and friends over the last few decades, at family gatherings, at parties, and on road trips. I get the impression that a lot of folks think that there's this mysterious "other level" beneath what they understand about their computer that requires a lot of formal training to understand. I want to show that things aren't really that complicated at the lower level, and that all of the complexity is layered on top of a very simple foundation.

And, I find the subject really interesting, so I enjoy writing about it. I'm going to set up a website for he new project soon, but in the meantime, I'll put an excerpt up here to see what people think.

Update: Here it is - The Simplest Possible Computer

Wednesday, June 08, 2011

Time for a reboot...

Okay, it's now been more than a year and a half since I updated this blog. I need to get back on the horse. Stay tuned for an update soon (really)!