Category Archives: Editorial

Special Treatment For Chrome Makes Everyone Else Second Class Web-citizens

As a web developer I get it, testing against a bunch of different browsers is more work. Hard to justify the effort when there is this great, cutting edge browser pumping out features. One already used by a near super majority in the most lucrative markets. Even many of its most popular competitors are using it as a foundation for compatibility. And marketing too may see value in targeting Google’s Chrome browser.

Yet the reality is that unnecessarily straying from web standards, neglecting testing against other browsers, or delivering different experiences by browser ultimately pushes alternative users further and further away. This tyranny of the majority and exploiting “valuable signals” adds more roadblocks in front of those who are—or try to be—different.

As a user of an alternative browser myself it’s tiring getting opaque error messages, blank pages, or broken forms when all I want to do is some light reading and occasionally submit something. Switching to the dominant / ordained browser often reveals an easier flow, extra options, or an otherwise problem-free experience. But I don’t want to go back to a browser mono-culture.

One of the original aspirations in the web’s early days was that it enabled connecting people who were different or marginalized. A place where one could interact without being instantly judged by superficial qualities, a place outside the sameness bubble. Even if it’s just a small choice like using and supporting a different browser, let’s strive to fulfill that vision of diversity and inclusion.

Modern Game Controllers Have Too Few Buttons

Whether PC, Playstation, Switch, or Xbox the game controllers entering 2021 have settled on about 16 buttons as the norm, yet I think it’s too few in light of the complexity in modern games. Take for example Doom Eternal, the sequel to the re-reimagined Doom from 1993. The series return to fast movement now includes controls for melee combat, platform jumping, dashing, weapon mods, and equipment. For ardent fans of gaming this variety is welcome even if requires more mental overhead and dexterity. Personally though I’d rather trade the gimmicky touch inputs and multi-use buttons for more single purpose, physical buttons.

On PC players can customize their controls and draw on a full keyboard or mice with configurable buttons. Console and other gamepad-only players are stuck with a button limit from the PS1 era, dating back to 1997. Even the very experimental Nintendo hasn’t added any more physical inputs to their controllers in these past 23 years. The closest mainstream option is Microsoft’s Elite Wireless Controller which offers four more buttons, albeit with spotty game support and a hefty price tag.

My fear is that as games continue to add interesting capabilities that the same buttons will gain more and more modes until it’s as Byzantine as Apple iPhone’s home button. Weapon/equipment wheels are one symptom that this is already happening. And their impact on fast action games is so disruptive that some titles pause or slow game time to accommodate their awkwardness.

Why No Wing Commander Or Privateer Remasters?

Some large game franchises are remastering or rebooting games less than 20 years old, many of which have already aged quite well. So why can’t we get some older ‘classics’ like early Wing Commanders (1990, 1991) or Privateer (1993) at least an HD upgrade? Several spiritual successors have been attempted and there are no fewer than three different fan-made attempts.

As great as the originals were back in the day their actual gameplay is now hopelessly dated. And I say that as someone who enjoyed them as a youngster in the 90s. That said, the stories and characters retain much of their charm, despite some stereotypes and tropes. Props to those making patches and fan remakes to breath some new life into these vintage franchises. Sadly their efforts still have too much jank for my taste.

If only there were some modest quality-of-life and graphical upscaling these old experiences could be restored for a new generation. Ideally some mod support would be included so the community can carry the torch once the rights holders lose interest.

SQRL’s Fatal Flaws

Steve Gibson‘s SQRL authentication has two fatal flaws: future identities are too easily compromised and using it with multiple devices becomes more difficult over time. Since it relies on derived keys to generate each identity a single, compromised identity-unlock-key (IUK) puts all past and future secrets at risk. At least until one knows it has leaked.

SQRL tries to mitigate this derivation weakness by its ‘rekeying’ feature. Though that rekeying requires updating the identity file on all devices that need it as well as revisiting all previously used services. One must go through the rekeying and revisiting process any time ones IUK is compromised.

Such rekeying doesn’t help when one doesn’t know the IUK has been compromised. Meaning attackers with the key could create an identity before a user has tried. Then when the real user signs into their ‘new’ identity the attacker also has access, they may even have primed the account with weaker privacy settings.

Password Vaults have a similar weakness which could expose all past secrets, but no future ones. And since there is typically a different (random) password for each service the size of the data an attacker needs to extract is often larger. Bigger payloads are usually more difficult to exfiltrate completely and are more likely to be noticed.

As far as I can tell there doesn’t seem to be a solution to these fundamental issues with SQRL. But I’d love to be proven wrong. So if this assessment has any inaccuracies or you have thoughts to share then please leave a comment.

UPDATE: Full disclosure, I created a premium plugin for the KeePass Password Safe.

Single Player Commandments

As someone who enjoys older games a story campaign is often critical since multiplayer communities have typically already moved on. Yet it’s hard to overlook some advances in game usability when going back to the past. Now technically these commandments are meant to address campaigns, whether solo or co-op. Still, whether making a new game or remastering an old one, designers please consider these guidelines to avoid frustrating your players.

I. Thou shalt not require Internet
An Internet connection requirement for a campaign is the bane of traveling and rural players who may not have the access or bandwidth to enjoy your game. Neglecting local-network and couch co-op is similarly frustrating for these gamers.

II. Thou shalt always allow pause and skip
Being able to pause at all times is important to gamers with families and responsibilities that may interrupt play. Similarly being able to skip cut-scenes or non-core gameplay helps avoid frustration. Otherwise one may feel forced to miss critical scenes or re-experience the same thing over and over. Ideally players can even rewind, replay, and fast-forward non-interactive cut-scenes.

III. Thou shalt auto-save frequently
Automatically saving at milestones is one helpful feature of many modern games. More frequently is better, though only when there is more than one auto-save slot. If nothing else then auto-saving when a player exits—even during a cut-scene—is better than burdening players with the fear-of-missing-out.

IV. Thou shalt quick save and load anywhere
Providing easy and customizable access to a quick save and quick load is even better than auto-save. It functions as a kind of permanent pause and resume helping players feel they are in control of the experience. This too should include saving and reloading in the midst of a cut-scene.

V. Thou shalt allow changing difficulty at any time
Easier difficulty modes are essential for busy and novice gamers, yet without the ability to change the difficulty players can be trapped hours into a path ultimately too boring or frustrating for them. If resources allow then the option to automatically nerf or buff the difficulty is best, so long as the player can override this in case they find dynamic difficulty doesn’t suit them.

VI. Thou shalt provide navigation hints
Whether arrows, way-points, hot-spot indicators, or objective menus there must always be guides for players who so desire. Of course these may be reduced or completely removed when players want a greater challenge.

Please take care not to rationalize transgressing these commandments as ‘essential’ features of your game. As a designer the intended experience should be a goal—not an unmovable absolute. Also keep in mind that neglecting accessibility and usability reduces the audience capable of appreciating your games.

Did I miss a commandment? Is there one that doesn’t belong? Comments are always appreciated.

Why Can’t I Change Gamepad Controls?

A disturbing trend among some video games is gamepad support whose controls cannot be customized. While the standardization of gamepad support on PC’s has increased the number of games supporting them, for some games there is only a single configuration. For those of us who are differently abled, or simply prefer to use a familiar layout, control customization seems to be taking a step backwards.

This is surprising since personalizing controls has long been a feature of PC gaming for decades, even among small budget titles. Consoles such as the PS4 and Xbox One now offer the ability to remap keys for all games. This is a modest accessibility improvement, though it appears to come at the cost of less in-game remapping. So players who prefer to alternate between different games the situation often involves re-configuring one’s brain each time. One would hope the competition among PCs and various console platforms would drive progress towards more accessible controls.

It’s true that enterprising users and 3rd-party developers provide alternative means of remapping controls. Sadly, many of these fail to remap for multiple games at once. Steam is the most accessible and broadly available which does do per-game mapping. Still, being outside the game requires users know their games default controls and do the old-to-new mapping using only the abstract button names. It’s also a relatively unknown feature.

Despite the variety of games and genres there is a lot of similarity in game control: move forward-back-left-right, jump, crouch, action/shoot, sprint, etc. On PC the keyboard controls have defaulted to the WADS keys for forward-left-right-back, so why not have a means to change the defaults for all games at once? Certainly some games will have unique controls which cannot be standardized. In those cases in-game customization may be the best solution. Still, it would save gamers time and frustration if they could begin with familiar fundamentals when starting or switching among experiences.

If PCs and consoles increasingly become home-theater machines and gamers play a larger variety of games they too may be asking why controls are so difficult to personalize. Hopefully developers will take notice.

“User-Agent” Headers Holding Back The Web

Every time you visit a website the name and version of your browser is sent to the service. In fact with every requested image, video, and style sheet the same data is sent again and again. This not only wastes bandwidth, it also subtly encourages web makers to rely upon it as a shortcut to make services work consistently across platforms. Later browsers then include more tokens in their “User-Agent” header to maintain compatibility with these fragile services. Over time the header becomes larger and the web more brittle. For example, Internet Explorer 11 identifies itself as “Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko”. Can you tell which part communicates that it is Microsoft’s Internet Explorer?

Of course it’s impractical for every web site/service to test every possible combination of browsers and platforms. So those of us developing sites and services only test the most popular browsers at the moment. Over time this leads to a web which caters to a mix of the most popular browser of the past and present, depending upon the time any given service was last made. As more and more devices leverage HTTP for the Internet-of-things this problem may grow more complex. Web standards and feature detection can help.

With well defined standards and run-time detection of features it’s possible to avoid the trap of ‘sniffing’ the browser from it’s UA headers. And while cutting edge features and services may benefit in the short-term from taking the shortcut of browser detection, they can also leverage vendor-specific prefixes of features in flux. Once standardized the prefixes can be replaced with official and non-prefixed names.

My experience detecting significantly different platforms such as mobile or internet-of-things (IOT) devices do still have some valid uses for the UA header. But ultimately they may be better served by a new, simpler header or more platform-independent designs. Until then Mozilla’s recommendations are a reasonable place to start.

In recent years even the once-dominant Microsoft notes the weaknesses and problems with UA headers. Sadly, my experiments sending an empty or minimal UA header have found too many sites broken to recommend the approach to non-technical users.

How about you? What do you think of UA headers?

Is Ad Blocking A Form Of Looting?

One description of the increase in ad blocking is that it’s a kind of boycott. While that may be the view of blockers the content producers may see it differently. For them advertising pays for their effort to create the content. So when people consume their content without any payment (in the form of attention) then their incentive to produce suffers.

This ‘boycott’ of advertising—while still taking the ad-supported services—appears to have much more in common with looting. Looting often occurs when large numbers of people feel deprived or exploited. Like a kind of vigilante justice one could argue the careless and invasive advertisers have pushed users to this extreme.

Of course a boycott sounds a lot more noble. But if I’m not mistaken that would involve avoiding the entire business, not using their services while dodging payment. Picketing is another feature that can accompany boycotts. Those bothered by ads do have options to express their discontent on social media, forums, and comments; though, admitted not always directly on the site of the business itself.

Alternatives to ad-funding do hold promise: micro payments, donations, and subscriptions. Each has some friction for users to get involved. Perhaps when doing so is easier than installing an ad-blocker things will turn around.

So what do you think? Is ad blocking more like a boycott or looting? Something else entirely?

VirtuaWin Vs. Windows 10 Virtual Desktops

VirtuaWin‘s virtual desktops has long provided the ability to expand your Windows work-space without adding extra physical screens. Now that Windows 10 includes its own virtual desktop/work-space feature I’ve found it both an improvement and a small step backwards. After a few months with both let’s break down how they compare.

Here is a table documenting my findings as of January 2016. (Since Windows 10 and VirtuaWin may evolve in the future I’ll try to keep this up-to-date.)

behavior or capability VirtuaWin Win. 10 Desktops
Boss key to hide other screens Yes No
Compatibility issues with some Intel drivers Yes No
Customize number of screens Yes (up to 20) Yes (100+)
Customize shortcuts Yes No*
Jump-to-screen shortcuts Yes No
Show a window on all screens Yes No
Switching from windows with admin. privileges Yes Requires extra key press
Switching from certain** modal windows No Yes
Vertically aligned screens Yes No
Windows with admin. privileges appear on all screens (bug?) Yes No
Wrap around when switching from first/last screen Yes No
*It’s possible to make alternative shortcuts for Windows 10 desktops using 3rd-party tools like AutoHotKey.
**My LockyWindow product has used a modal window when unlocking to prevent manipulating the underlying KeePass window. VirtuaWin’s switching feature is disrupted by such windows.

While VirtuaWin is more feature packed I personally don’t miss most of the capabilities absent in Windows 10’s desktops. Those most lacking were the jump-to shortcuts and the option to wrap around from the first/last screen. Still, the ability to switch away while administrative windows have focus is much appreciated. Window management in Windows 10 Desktops also feels more user friendly than VirtuaWin’s tray pop-out.

How about you? Do you use virtual desktops? If so which solution works best for you?

Unused Work Does Not Have To Be Discouraging

Soon after being hired my boss told the story of a project he worked on for a significant amount of time; like months. It never saw the light of day. Subconsciously I think I denied that would ever happen to me, at least not for any major work. Four years later I had not yet encountered such hardship. Yet soon enough that all changed.

Worse than seeing my work tossed, I had to make the call to discard a coworker’s serious effort. After a long delay a key component of the work had been lost. So instead I had to redo the entire project from scratch. Ironically enough my effort turned out to be doomed as well.

At the very end of the rewrite, with only one feature left, I discovered the platform vendor’s latest development kit lacked any encryption libraries. (Finding out so late was a rookie mistake on my part.) When they finally produced a suitable kit the platform had changed so much I couldn’t port my rewrite in a timely manner. So with much chagrin I rewrote it again with the suitable kit and all was well–except for my ego.

Despite wasted time and resources one can typically find something good whenever work goes unused. Over the years I’ve been reminded of a few:

  • It is a learning opportunity
  • Helps avoid getting overly attached
  • New ideas often accompany do overs
  • Practice
  • Redos are a chance to develop grit

Of course these rarely add up to match the lost time or money. But if the learning opportunities are maximized it can save a lot more in the future.

It can be especially frustrating for those of us who are technical to accept non-technical reasons for work to be mothballed. For us “business reasons” can feel so abstract and intangible. It’s almost as if it’s arbitrary and frivolous. Still, businesses exist to produce a profit, and even organizations have to make trade-offs when their resources are limited.

Until time travel is sorted out, forecasting client needs or project requirements will almost certainly remain an inexact science. While we wait for our future overlords to return let’s take solace by remembering the good that can be salvaged from the ashes of our abandoned work.