I've been at Bungie for a little over 6 months now, and they
just slotted me into their "Breaking
In" interviews on the Bungie blog.
Although, arguably much more interesting, is the recent
Penny Arcade Report on Bungie which shows a bunch of cool pix from the their
studio walkthrough.
Software Sleuthing
Software Development, Testing, and Related
Monday, May 21, 2012
Monday, April 16, 2012
Camouflaj Kickstarter Game
A good friend of mine, Jing (whom I worked with on Xbox) just started over at Camouflaj a newly minted game studio started a little over a year ago by Ryan Payton (who just came off of working on Halo 4). They are looking to create some AAA games for iOS devices, so if you are looking for some awesome gaming on your phone or pad, you should take a look at their kickstarter project which looks pretty sweet.
Saturday, January 28, 2012
Free Tool: Color Selector
Whenever I'm working on a color scheme, I often start with an image or photo to use as a basis. I will then go and suck out some of the colors I like. For the longest time I had been using a freeware tool to grab the color under the cursor, but the blasted tool had a bug which would cause it's window to blank out, and otherwise cease to function correctly.
Having finally reached my limit of patience this weekend, I went and wrote my own version of it:
Basically it shows whatever color is underneath the cursor. Pressing Alt-C will copy the RGB value onto the clipboard allowing you to paste it into your CSS file (or wherever you need the color value).
Color Grab Download (zip 160k), free to use, runs under Windows.
Having finally reached my limit of patience this weekend, I went and wrote my own version of it:
Basically it shows whatever color is underneath the cursor. Pressing Alt-C will copy the RGB value onto the clipboard allowing you to paste it into your CSS file (or wherever you need the color value).
Color Grab Download (zip 160k), free to use, runs under Windows.
Tuesday, November 1, 2011
Benchmarking Preparation Checklist
In gathering performance metrics on a piece of software, you will want to spend some amount of effort in minimizing the noise in the system (reducing the standard deviation on the numbers collected). Here are some actions which may be beneficial in giving you tighter control of your environment.
System Preparation
- Remove any extraneous peripherals. Additional peripherals may cause hardware based interrupts to fire which can interrupt the application you are attempting to profile.
- Disconnect from the network. Incoming network requests from other systems can cause spurious events to occur. If you need network access, you may want to disconnect from a Domain which has the ability to run various tasks in the background (without your knowledge).
- Disable or pause any unnecessary services. You can programmatically pause specific services using OpenService then calling ControlService with SERVICE_CONTROL_PAUSE.
- Disable UI effects. Calling SystemParametersInfo will let you disable (and then restore) miscellaneous UI elements.
- Turn off the screen saver: SPI_SETSCREENSAVEACTIVE
- Minimize popup durations: SPI_SETMESSAGEDURATION
- Turn off blinky animations: SPI_SETCLIENTAREAANIMATION
- Remove drop shadows: SPI_SETDROPSHADOW
- Enable flat menus: SPI_SETFLATMENU
- Disable font smoothing: SPI_SETFONTSMOOTHING
- Remove the mouse shadow: SPI_SETCURSORSHADOW
Process Preparations
- Flush caches. You will want to ensure that the benchmarks start from a consistent system state. One approach is to start with all caches warmed, the other is from a cold state. For the latter, here are some APIs which can help clean things up for you, assuming you don't have the time to do a full cold reboot:
- Empty clipboard (EmptyClipboard)
- Flush registry (RegFlushKey)
- Flush file volumes (FlushFileBuffers on each volume e.g. "\\.\c:")
- The OS's file system cache (SetSystemFileCacheSize with -1)
- Close or minimize any other applications. Any process which is running may have the chance to interrupt you and aside from the time lost, it will destroy any cache coherency you've built up.
- Move all remaining processes onto a single CPU core. By isolating all the remaining processes onto core 0 (for example), we can prevent as much disruption to your process as possible. You may want to run under the SYSTEM account, otherwise you won't have permission to move some processes via SetProcessAffinityMask.
- Drop priority on any above-normal processes. We will want to run at real-time, so let us make sure that nobody else has a chance to compete for time slices (SetProcessPriorityBoost and SetPriorityClass).
Running
- Set the processor affinity. Run your application on a core which it has all to itself.
- Set priority to real-time. Max out the scheduler priority so it is less likely to be interrupted.
- Capture the pipes to memory. If you are profiling a console application, piping the output to a file will probably defeat your performance metrics. Instead stick the data into a memory buffer (assuming you are launching the application under test via CreateProcess).
Afterwards
- Use GetProcessTimes, QueryPerformanceCounter, and QueryProcessCycleTime to gather baseline timing metrics.
- You may want to call GetProcessIoCounters or GetProcessMemoryInfo to retrieve additional data.
- Be sure to restore the system changes made in the preparations steps.
Thursday, October 27, 2011
Securing Chickens and Eggs
I saw a question get posted to an internal discussion group
that went something like this:
I
have a console application which uses CredUICmdLinePromptForCredentials. How can I add
support to allow a user to pipe a password from a file into my tool? For example:
type
password.txt | myTool.exe /user:user1
Answer: You
don't.
The Long Answer:
The whole purpose for CredUICmdLinePromptForCredentials, its entire reason for existence, is to
provide users a slightly more secure mechanism for supplying private authorization
information.
- If a password is stored in clear text on your hard-drive, then it is not secure.
- If a password is sent in clear text via the command shell's pipe/redirection mechanisms, then it is not secure.
- If a password is cached somewhere (clear or obfuscated) that can inherently be used by an un-authorized person (replay attack), then it is not secure.
If you aren't
attempting to be secure with a user's password, then there is no reason to use
CredUICmdLinePromptForCredentials, just read the file or input stream yourself
and be done with it.
Public Service Announcement: If you use one of the
CredUI*PromptFor*Credential APIs, be sure to either nuke the password (SecureZeroMemory)
or encrypt it (CryptProtectMemory)
as soon as possible (i.e. immediately
after the call and/or after any verification that needs to happen).
Now, the better question revolves around how one should
secure credentials such that they can still be used in an automated process.
Unfortunately this quickly degenerates into a philosophical question as
computers are inherently insecure, especially if you have physical access to it
(debuggers, physical analysis of hardware, etc. can expose your secrets). The
issue becomes even more philosophical considering that the objective of the
tool hasn't been scoped or discussed (and wasn't in the original post).
For the purpose of this (now philosophical) exercise, we
assume that we are not on a single computer - as we are dealing with automation
and want to distribute the credentials in a file. If we were on a single
computer we might utilize the Credential Manager
to help store this information locally.
To secure some chunk of data, we need to encode it. In order
to decode the information we need a key. Unfortunately we now need to store the
private key in a secure manner. Do we encode the key to secure it? If we
fast-forward a bit, you can easily see that this quickly turns into a
"which came first, the chicken or the egg" type of problem.
Since computers are insecure, the best place to store private
information is not in a computer. The
typical place is in a human. Now we've come full circle. In order to secure the
file that contains a password, we need someone to remember a password (and
people wonder why security is tricky). Now you can see that our philosophical
exercise is flawed, so really the question is not "how do we secure the
file", but "how secure is good enough?"
Saturday, October 22, 2011
Team Cohesion
Every year Microsoft sends out a survey which the execs and
managers use to help get the pulse of the worker bees. One of the areas where
our group didn't do as well as we would have liked was around inclusion / team
cohesion. My manager asked me what I thought we could do in this area, and here
are my generalized thoughts.
Common Goal and Purpose
To start
with, there must be an underlying goal which is understood and believed.
If the goal is not clear and concise, then there is no coordinated direction. This
leads to wasted work (if it isn't truly important to the vision) and
marginalizes peoples' contributions or places greater rewards on other team
members. Dissatisfaction and discord can also set in if the team doesn't think
the goal is reachable or doesn't agree with its direction. The vision is the
foundation which your team needs to rally behind and gets everyone marching in
the same direction. Changes are needed if people don't believe or understand
why their work is important. Often this can be helped by improving
communication or cutting unnecessary features and focusing the team on what is important.
Communication
Good
communication is fundamental in ensuring everybody feels included, this means
that decisions which impact team members must be understood and believed.
Ensure that decisions are not created a vacuum, at the wrong level, or by the
wrong people. This is where strong leaders and program managers pay off, they will
help drive the features and make sure all the necessary players are informed
and brought in on decisions. Additionally, small changes such as office layouts
and organization chart optimizations can help foster easier coordination
between the individuals who are working on related technologies.
Rewards and Motivation
Exclusion
is a sure way to alienate someone from the team. Recognition, cool projects,
gifts, benefits, etc. all need to be appropriately spread around. Militaries
across the world have all used unit citations to help build a collective level
of pride in a team. It doesn't matter how much an individual contributed (if at
all) because, when recognized, everyone
in the unit got them. Individual rewards have their time and place but they can
weaken the overall team cohesion. Also, make sure that events, entertainment,
food options, etc. are all open and inclusive. You definitely don't want a
morale event to do more harm than good by alienating the very individuals you
most desperately need to improve the morale on.
All of these things can make an impact to how tightly an
individual will be integrated within an organization; all it takes is a good
leader to help kick some of these into place. But keep in mind that one of the
underlying concepts here is empowerment.
Do you encourage the employee to make a meaningful difference, or are they just
tools to get a job done?
Wednesday, September 28, 2011
HRESULTS: FACILITY_ONLINE_ID
This is page contains raw error codes. It is meant as a software developer reference, not a customer support site.
Code | HRESULT | Description | #define |
---|---|---|---|
1 | 0x8A020001 | Authentication target is invalid or not configured correctly. | ONL_E_INVALID_AUTHENTICATION_TARGET |
2 | 0x8A020002 | Your application cannot get the Online Id properties due to the Terms of Use accepted by the user. | ONL_E_ACCESS_DENIED_BY_TOU |
3 | 0x8A020003 | Application is incorrectly configured or not yet enabled. | ONL_E_INVALID_APPLICATION |
Subscribe to:
Posts (Atom)