This security critique of the Tesco website is a hoot. It walks through an increasingly deep, and increasing damning, look at what is wrong with their setup, and how you can tell. The critique is well peppered with links to additional content about the problems being described, so it’s not a bad starting place to learn something about web security. It is also an accessible illustration of the type of exploration and deduction that can be used to profile a system and its vulnerability. Finally, to me, it reads as a nice lesson in why you can’t just “throw some security on your site” without real expertise. I like the concept of “unconscious incompetence” being used to describe the situation where incompetence (here about security) is being compounded by a lack of awareness of the incompetence. If you at least know what you don’t know, you’re moving a step in the right direction!
Readability versus Realism
I’ve been reading a lot about games and game design over the past few months, and this recent blog post about when visual detail in games becomes overwhelming rung true for me. It’s responding to the difficulty that can emerge when trying to actually play the stunning, complex, 3D games that are coming out, when compared to less graphically “sophisticated” games. The idea of readability, and what makes a game readable, is nicely discussed. I liked the idea, hinted at, that if your game is only playable because you have added meta-labels that appear when you’ve successfully found or targeted an object, this may be a sign your games visuals are sacrificing readability for complexity.
Playing games about making games
While Gamestar Mechanic isn’t really a fit as a development tool for my course, it’s an excellent example of a teaching game, and I would highly recommend it for anybody with a middle-school aged kid (I think that is the right age range for it). The game is structured as a quest to learn to be a game developer, but what surprised me was how much of the focus was on good design, not just how to place blocks and enemies and make things go. You start out by just playing the various types of games that might get built (e.g. platformers versus top-down maze games) and becoming familiar with the differences, but soon you start getting walked through design concepts like how to use space or how to balance goals by playing the same game multiple times with a single aspect changed to see the effect. I loved the “quest” where you get to see how balancing a countdown timer and number of lives can lead to different types of game play. Overall, there’s a lot of showing not telling.
By the end, you can start building and sharing your own games in their “Game Alley, play others’ games, and it looks like there are occasionally challenges with prizes. The site does have a premium paid section as well as the free section, which may bother some, but from what I saw you can get a lot of value out of it for free – it’s not like some sites where you’ll find yourself almost immediately coming up against the limitations of what you get without paying.
Tsk Tsk Speedometer
I really enjoyed this assessment of how a speedometer both breaks a ton of good-visualization rules, and yet is a great visualization given its purpose and context of use. I particularly liked its discussion of why you would want to change scale halfway through a visualization in this setting. Obviously, don’t break the rules until you understand them disclaimers apply, but it’s a really elegant example of how blindly following rules alone also doesn’t make good design.
Sourcecode access wanted
GameSalad is a graphical game-programming tool available for Windows now as well as the Mac (though I had to install something called the Microsoft XNA Framework which doesn’t sound horrible at all), and supports HTML5 for deploying games on the web but also iOS and Android for tablet/phone games (in the pay version). It seems like the pay version focuses on integrating tools for monetization, ads, in-game sales, and social gaming. The core of the free version is very full-featured though. The built-in behaviors and attributes are broad. It’s nicely object-oriented, which I liked about GameMaker when I used it in a course because it sets up well for transitioning to Java.
Unfortunately, for all that I wanted to decide to use it in a course next spring, I just can’t. The interface could be more intuitive/explanatory (for example, it took distressingly long to figure out that you can delete an actor from a scene by clicking it and then pressing the delete key on the keyboard, since everything else gets deleted by clicking it and then clicking a button with a minus sign in the interface). Couple that with the fact that I’m finding most of the documentation is either for an older version of the system, or perhaps for the Mac version. Working through the tutorials, I finally had to stop because some of the features referenced aren’t just in different places, they don’t even exist in the version I’m running (and yes, I checked I had the most updated version).
I could have worked around those things, given how much I was liking the tool, but the killer is that it doesn’t look like you can actually get the HTML5 code out of the tool to view and use as you like. Rather, they publish it to their site and you can embed it from there. Perhaps there’s an undocumented way around it, but currently, the site is also failing to actually produce a published HTML5 version of the game for me (I keep being instructed to wait a few minutes). I can’t find documentation that the pay version would solve this problem either.
So, if you want to play around with producing games, and are willing to have them hosted by GameSalad or pay a bit to deploy to Android or iOS, this is a nice tool, worth checking out, and the Mac version is probably smoother to use. I’m disappointed it won’t work for my course.
Blocky coding
One of my projects this month is looking into tools I might use in a very-introductory course organized around the theme of games. I’m still circling in on the exact set of capabilities I’m looking for, but since one goal of the course is to warm people up for a more intense Java programming course, exposing them to simple programming in a visual manner is appealing.
One possibility is Blocky from Google. Web-based drag-and-drop programming where constructs are puzzle pieces. The maze demo gives a nice starting point for thinking about solving problems, using ifs and loops, debugging, etc. You could make a nice little one hour “so you want to know what it’s like to program” activity just out of that. I’m less clear on how easy it would be to go a step further and use it extensively though.
Next up – playing around with GameSalad.
Machine Learning in Usability Testing
It’s an elegant idea I haven’t run into before: gather data on site preferences by selecting what version to present on the epsilon-greedy solution to the multi-armed bandit problem and just letting it run. You’re looking at a setting where effectiveness can be easily measured, such as by clickthrough, but the contrast is with A/B testing where the effect of a single change is being measured for a time and then a switch is being made, if desirable. Comments suggest tweaks/details like ensuring that a single visitor sees a consistent view of the site, at least for small windows of time.
The technique builds in the idea that, if preferences change over time, the site could automatically detect that – which the blog author and the commenters note isn’t really things work – but it gets me wondering if there *are* choices that work that way. Perhaps not in key navigation, but how desirable a piece of content is might evolve over time – perhaps code like this could be installed under a rotating banner of featured items (we have a rotating slideshow of news items at the top of the College’s website) to figure out which ones get clickthrough and have those persist with less effective ones fading out more quickly. For a place like a College which may not get many repeat visitors nor have profiles on their visitors and their interests the way Amazon and other big eCommerce sites do, this might be a lightweight method for getting some preference learning built in.
Amazing Stickman
Draw a Stickman is just delightful. Go to that page, select Episode 1, and I defy you not to say “Oh cool!” within 20 seconds. It is entirely charming. What else could you want on a Monday afternoon :)
Productivity, Travel and Passwords this week
Things my RSS feed wants me to do this week:
Stay productive after work on my side projects because if work and your homelife are all you’re doing, you’re a bum.
Go to NYC for Manhattanhenge or make plans to go back for it in July.
Buy Travel Blog the Board Game – even though from the description it is unclear where the “Blog” part of the game comes in.
Consider if I am suprised that those over 55 pick more secure passwords than those under 25.
Choosing an Analysis Tool
I’ve been learning some Octave recently and have refreshing my Python on my summer to-do list for a course I’ll be teaching in the fall, plus I’ve been running into a ton of articles about R (particularly for data visualization) that are making me think I ought to give it a look as well. So this comparison of the three from Slashdot was a nice overview from one person’s experience of which tool to turn to when: R, Octave, and Python: Which Suits Your Analysis Needs?. The comments (as always) offer some interesting input as well, including suggestions for other tools to pair up with these three to get the most out of them. I might head back to this article if I pick any of these tools up seriously for pointers of where else to go with them.