Is the comments beneath it.

lol, is this supposed to be “hot” or something? I guess this kind of marketing works on virgins or something, but it’s funny how much this shit doesn’t even faze you once you get a girlfriend. Try again, Ubisoft — this bitch is hideous, your game looks generic, and you should probably fire your marketing department.
BTW, it’s pretty obvious that your marketing bots gave you 600 of those likes.

Wow, this chick(?) is hideous… What terrible marketing. She looks like some Las Vegas tranny with bad plastic surgery (sorry) and this is supposed to make me want to play this game? Even if you didn’t objectify ugly women to sell your shit game I probably still wouldn’t play it; looks like every other generic brown shooter.

I love how they purport to attack the sexism in the ad, while throwing out phrases like “this bitch is hideous” and “Las Vegas tranny”. My god, the irony in the sentence “Even if you didn’t objectify ugly women to sell your shit game”… So hold on, objectifying women upsets you, and you focus on whether the woman in the ad is pretty or not to judge her value?

The internet makes me so sad some days.

One of the frustrations I regularly encounter is failing to save a file in our backend tool after making modifications in SVN, which is caused by a permissions conflict. The user I run SVN as (me) is different from the user I run Apache as (_www by default), which means that if when I own a file, Apache can run into trouble trying to save it (such as through our backend tool).

For a while, I depended on a custom bash script that would recursively modify the permissions in my development folder, but I still have to remember to run that script every time I make certain modifications via SVN. Every once in a while I’ll forget and get glaring error messages. It breaks my flow, which slows me down and frustrates me. Thankfully, there is an easy solution.

Be someone else

If Apache runs as the same user that SVN does, suddenly these problems dissappear. They both have the same rights and access to the files, and no longer need I worry about running scripts to fix things.

Kick open a console:

$ sudo nano /etc/apache2/httpd.conf

Find the line that says:

User _www

And change “_www” to your username. If you’re not sure what that is, type “whoami” at the console to find out. With that done, save and restart Apache:

$ sudo apachectl restart

From here on out, your problems should be solved! (Well, you may need to change permissions on or remove certain files created by _www, like session files.) Apache will open and save files as you, so as long as you have access, so too will your web server.

A quick example

Say you have an enemy – a cute little slime-creature. And when he’s defeated, he drops a macguffin – but occasionally! Players need ten of these macguffins to progress to the next area, where there’s a boar who drops a similar macguffin. And in the next area, there’s the final creature – a gargoyle – and ten more macguffins to collect.

Three monsters, three macguffins. We want this area to be challenging, but not too frustrating, so let’s set some base assumptions: If it takes less than 100 encounters, it’s not challenging enough. If it takes more than 300 encounters, it’s too frustrating.

Now, we could just throw some numbers onto those creatures and hope, but I’ve got a better way. Let’s set up a spreadsheet with some intuition-based numbers and see how close we come.

Table 1: Drop Rates

The first thing we need to figure out is how often a player is going to get a macguffin drop from a creature. To do that, I’ve created the following table:

Column A is the name of the creature the player will be encountering. B is the chance they will beat that creature when fighting them. C is the chance they drop the macguffin they are looking for. And finally D is the number of expected macguffins from each encounter. So far, we can see that for every time you fight a slime, you can expect to get 0.07 of a macguffin. Seems pretty low, but we’ll find out just how low in a second. Let’s make a second table.

Table 2: Encounters Needed

Column A has the same creature names as before. B is the amount we need to collect before we can progress. And C is the number of expected encounters a player will need to go through to get the amount listed in column B.

And WOW are those numbers high! Seems our intuition was off, and it’s time to play with the numbers a bit to balance this out. We have some options:

• We could increase the drop rate of the macguffins. This will not only speed up the collection, but also reduce variance for players. (Variance is a topic for another time, but in short, you want less of it. High variance means that you’ll have a lot of players who fall outside of your expected numbers, which is either exceedingly frustrating or boring for those players.)
• We could decrease the difficulty of the encounters. This will allow players to collect secondary assets (gold, experience) more quickly while speeding up collection as well.
• We could decrease the number of macguffins needed. Psychologically, collecting 10 macguffins at a 10% drop rate feels a lot less like a chore than collecting 100 macguffins at a 100% drop rate.

And that’s outside of doing something crazy tricksy, like adding or removing more creatures, allowing players to buy or craft macguffins, etc. So let’s play with the numbers some, and see if we can come up with something a little more fun.

Table 3: Some Interesting Numbers

It only took me about five minutes of tweaking to come up with this, and I can already tell that it’s a lot better. For one, it only takes 191 encounters to resolve – almost exactly in the middle of our 100-300 range. For another, see how the Encounters column in the second table gently rises? It didn’t when I first started playing around with the numbers, but I quickly saw how going from 50 encounters to 25 encounters to 125 encounters would be very weird, and altered my values to suit.

Of course, you’ll still want to play-test this to ensure it’s actually fun when you play it, but this is a much better starting point for your playtest than our original numbers, and it only took five minutes to find out, and five minutes to improve it a vast amount.

Hopefully you can see how much of a difference a good spreadsheet can bring to a game developer’s toolkit. I’ve still got a few more concepts I want to cover regarding spreadsheets (the LOOKUP function, conditional formatting, etc.), so stay tuned!

What are you talking about?

The point is, a few days ago, @whitney – one of the game devs I follow – tweeted the following:

Folks contact me b/c they need a female game designer. Makes me want to relabel a giant jar of mayo with MAGIC GIRL SAUCE & carry it around.

Then followed it up with:

Was also going to say I can’t wait until “female game designer” sounds as antiquated as “female doctor” but uh, people still say the latter.

And then:

Pilotess! Doctorette! Police officerina! Game designelle?

Well she’s right, you know

Well, maybe. I’m sure that in many cases – and probably the original case she mentioned – it’s just hiring managers ticking a checkbox. “Must have X number of female developers on staff.” Or worse, clueless wanna-be Zyngas thinking they can hire @whitney and have her sell them The Secret Behind Bilking Ladies Out Of Money.

But on the other hand, there can be an incredible value in adding a female to an already all-male team.

Doctorette!

Imagine you have to go into the doctor’s office and have your, ah… sensitive areas examined – you think your partner might have been cheating on you, and that rash down there is hella embarrassing and worrying. But the only doctors available are of the opposite gender.

Sure, maybe you’re strong enough and un-self-conscious enough to go get it done anyway, but there are going to be plenty of people out there who are embarrassed to the point where they may skip having the examination done at all.

Having a female doctor on-staff may save lives.

Police officerina!

10-16! 10-16! We have a domestic disturbance! Car 460, you are closest, please respond!

And yet car 416 has only male officers. Arriving on-scene, they’re able to separate the squabbling couple. The man insists that his “stupid bitch” of a wife is trying to ruin his life and he doesn’t remember who started swinging first. The lady is too intimidated by the large male police officer to say anything. In this case, having officers of both genders on-site ensures that both parties get fair, unbiased, caring, and un-intimidating treatment.

Yeah, but Pilotess?

You got me on that one. That IS ridiculous.

Okay, so… Female Game Developer, then?

I still think this one has merit. I went to a presentation at PAX East last year on “Expanding Your Game’s Market”, and expected tips about SEO, or cross-brand promotion, etc. How wrong I was. The entire presentation – the entire presentation – was about finding entirely different markets for your game. Not how to advertise better, but how to think of and appeal to entirely different people.

A great deal was said about transgender gamers. Transgender people typically tend to be very brand-loyal – when they find a company that values them and values their values, they make go out of their way to reward that effort with increased patronage. Many of the people on the panel were blown away by the fact that there were no games or game companies falling over themselves to appeal to transgender people.

But really, how can they without having someone on-staff who understands the position of transgender people? I’ll be honest, I don’t know the first thing about what it’s like to identify as transgender. I don’t have any transgender friends, or even acquaintances! So how am I supposed to make a game that appeals to that market without hiring from within that market?

Now, a market that games companies are falling all over themselves to appeal to is women. Yet a great many game companies are still composed entirely of men! Now while we all (generally) know some women that we can consult with or at least mentally model, how much more beneficial would it be to actually have a lady on-staff that can contribute regularly and meaningfully?

Hypocrite!

A little. We don’t have many female game developers at Hitgrab, true. And yet we somehow manage to put out a game that does appeal to women.

But it’s hard.

Putting yourself in someone else’s shoes – successfully – is difficult. We’ve lamented a few times the difficulties we face in trying to appeal to the various play styles and tastes of the people who play MouseHunt, especially when we don’t share those same tastes. We do our best to put the stuff we’d like to do in the game, as well as listen to our community, and put in the things that they request.

But it’s hard.

Many great, game-changing ideas fall by the wayside because they don’t have a champion. Many incredible ideas never get raised because nobody with that point of view is there. Many good, cross-gender-appealing ideas do make it in the game, but they have rough edges that only get polished off once the game is live and a full cross-section of our players have the chance to realize what does and doesn’t work.

Like I said, it’s hard.

So would I hire a female game dev as a magic bullet to make my game appeal to women? Heck no.

But would I hire a game dev with insight into the mind of a wider market – all other qualifications being equal? Sure. And that dev would have an excellent chance of being female, I’m sure.

You’re the new guy at BlokkStone Games, and you’ve had a pretty good first month. You fit in with the other programmers, and your team has made some excellent progress towards releasing their new title: Carolina Jess And The Temple Of Gloom. It’s a retro-graphics cell-based adventure game that is looking pretty sweet.

Now occasionally – when a player is hit, or an enemy dies – you need to add a glow to a shape. You do this by calling an internal library function written long ago: “addGlowToShape()”. Everything was working fine… until you tried using shapes that weren’t exact squares. Everything still ends up being an exact square, every time!

Dutifully, you dig up the library file, find the function in question, and are greeted with… this:

/**
        add a glow to a shape
    */
function addGlowToShape(&$shape) {

    // getstartloc
    $x = getStartX($shape);
    $y = getStartY($shape);
    global $world;
    $cells = $world->getCells();
    $shape_name = $shape->getName();
    $cellsAffected = 0;

    // do it all
    for ($rowY = $y; $rowY < $y + $shape->getHeight(); $rowY++) {
        for ($rowX = $x; $rowX < $x + $shape->getRowLength($y); $rowX++)
            addGlowToCell($cells[$rowX][$rowY]);
            $cellsAffected++;
    }

    // @todo: return false on an error
    return $cellsAffected;
}

Augh! Oh god! What is… Is that comment supposed to mean anything? And… and you don’t even use $shape_name! What is going on in there?

This, my friends, is broken glass. Broken glass all over the place. And I bet you it didn’t start out like this. I bet you it started out very simple, very maintainable – like everyone’s favourite pet code – and then evolved into this horrid mess. But how, you ask? Easily. Someone broke a window.

The Broken Windows Theory

Alright, enough dancing around metaphors here. Let me explain what I actually mean.

In 1982, social scientists James Q. Wilson and George L. Kelling wrote an article containing the following example:

Consider a building with a few broken windows. If the windows are not repaired, the tendency is for vandals to break a few more windows. Eventually, they may even break into the building, and if it’s unoccupied, perhaps become squatters or light fires inside. Or consider a sidewalk. Some litter accumulates. Soon, more litter accumulates. Eventually, people even start leaving bags of trash from take-out restaurants there or breaking into cars.

So influential was this article that it was used to justify a crackdown on vandalism, fare-dodging, and lead to all kinds of “zero-tolerance” policing in the city of New York. The theory was that if the police cleaned up all the “broken windows” (i.e. worked tirelessly to clean up the streets and absolutely prevent lesser crimes), that the overall crime rate would improve. And from 1984 (when the program began) onwards, the rate of serious crime fell dramatically. Today, the City of New York City is not the scary, drug-and-disease-infested hellhole predicted in 1980′s movies. It’s not even comparable.

This is known as The Broken Windows Theory, and it is easily applicable to programming as well. In fact, it could be rewritten as such:

Consider a function with a few coding standard violations. If the violations are not cleaned up, the tendency is for maintainers to ignore a few more standards while editing. Eventually, they may even leave unused variables from previous revisions, or forgo commenting entirely. Or consider a class. Some uncommented functions accumulate. Soon, more functions are added with no comments to describe them. Eventually, people even start copying and pasting whole sections of uncommented code elsewhere.

Sure, it’s a bit of a reach, but I’m sure you’ve all seen some version of it happen in the projects you’ve worked on.

See what happens?

Okay, so back to our example. We can do one of two things here. One, we can just slip in quietly, fix the bug, and get the hell out of there. Or two, we can clean up the function while we fix the bug. Let’s just see what happens.

First, we just fix the bug:

/**
        add a glow to a shape
    */
function addGlowToShape(&$shape) {

    // getstartloc
    $x = getStartX($shape);
    $y = getStartY($shape);
    global $world;
    $cells = $world->getCells();
    $shape_name = $shape->getName();
    $cellsAffected = 0;

    // do it all
    for ($rowY = $y; $rowY < $y + $shape->getHeight(); $rowY++) {
        for ($rowX = $x; $rowX < $x + $shape->getRowLength($rowY); $rowX++)
            addGlowToCell($cells[$rowX][$rowY]);
            $cellsAffected++;
    }

    // @todo: return false on an error
    return $cellsAffected;
}

Not so bad. I mean, we fixed that bug – we’re checking the length of each row instead of just the original row. But that function is still a mess for the next person to come by. Why don’t we try cleaning it up?

/**
 * Add a glow effect to all cells in a shape.
 *
 * @param ModelShape $shape The shape to add the glow effect to.
 * @param array      $cells The cells from the world to change.
 *
 * @return mixed The number of cells updated or false on error.
 */
function addGlowToShape($shape, & $cells) {

    $start_x = getStartX($shape);
    $start_y = getStartY($shape);

    // Get the row to stop at
    $end_y = $start_y + $shape->getHeight();

    $cells_affected = 0;

    $success = true;

    for ($cell_y = $start_y; $cell_y < $end_y; $cell_y++) {

        // Get the cell to stop at for this row
        $end_x = $start_x + $shape->getRowLength($cell_y);

        for ($cell_x = $start_x; $cell_x < $end_x; $cell_x++) {
            $success &= addGlowToCell($cells[$cell_x][$cell_y]);
            $cells_affected++;
        }
    }

    return $success ? $cells_affected : false;
}

See? See what we did there? We fixed the actual bug, did the todo, and fixed another, subtler bug that was hidden until we started going in and doing simple things like adding missing brackets.

Granted, yes, this is also a significant change that you'd need to go over with your team - we changed the signature which means we need to change everywhere that it is called from. But that's why any modern IDE will have a global find-and-replace in it. Or even just a global find-and-mark if you're the paranoid type (and I am).

And the second-order effects from this are enormous. The next person to approach this method will likely see that it has been cared for, and not want to be the first person to mess things up. Code quality goes up, code comprehension goes up, and bugs go down.

So the next time you see "broken glass" in your project, don't just walk around it - clean it up.

Set up Ubuntu

For this purpose, we’re going to be using VirtualBox – originally by Sun, recently(ish) purchased by Oracle. For my money, it still has the best mix of ease-of-use, features, and price (free). You can download the latest version here.

And while you’re at it, go download the latest version of Ubuntu Server. For this article, we’re using 11.10 (Oneiric Ocelot), which you can download here. Grab the 64-bit version.

Install VirtualBox. Before you run it the first time, you’ll want to right-click the icon and choose “Properties”. Then go to the “Compatability” tab and click the checkbox next to “Run this program as an administrator”. If you want any symlinks you create in Ubuntu to be recognized by Windows, you MUST be running the program as an administrator. Windows is funny like that.

Launch VirtualBox, then create a new virtual machine and set the Ubuntu ISO as the CD/DVD drive. (Under the Storage menu in Settings, click on the CD-looking thing under the IDE controller). Also, make sure to set up Networking as “Bridged”. Start up the virtual machine, then follow Ubuntu’s really slick install process. The only application you’ll want to install during setup is the OpenSSH server. We’ll install the rest ourselves.

When all is said and done, restart it and log in. Now the fun begins!

Set up your networking

Let’s set up a static IP address so we don’t have to keep figuring out what dynamic IP the machine obtained.

$ sudo nano /etc/network/interfaces

Edit the last part to look like this:

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.0.151
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1

You’ll have to fiddle with those numbers a bit depending on your networking configuration. Ensure primarily that the address you supply isn’t taken by anyone else on your network, and that the gateway matches the one you get when you type “ipconfig” in Windows. Restart your network to get the changes recognized.

$ sudo /etc/init.d/networking restart

Once that’s working, start up Notepad as Administrator in Windows (right-click and “Run as administrator”). Then open up “C:\Windows\System32\drivers\etc\hosts” (no extension) and add your new machine’s IP address. Now you can do things like SSH directly to the hostname or type the hostname in your browser instead of remembering the IP address.

Install Apache

This is easy, and can be handled entirely through automated utilities built-in to Ubuntu.

$ sudo apt-get install --reinstall language-pack-en
$ sudo dpkg-reconfigure locales
$ sudo apt-get install gcc make wget cron curl
$ sudo apt-get install apache2 apache2-mpm-prefork apache2-prefork-dev apache2-utils apache2.2-common

One quick thing, to avoid getting the error “Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName” every time we restart, we need to make a small change.

$ sudo nano /etc/apache2/httpd.conf

Add the following line and save.

ServerName localhost

Install MySQL

Nearly as easy. Start with the automated utilities.

$ sudo apt-get install mysql-server-5.1

No need to give MySQL a root password on your development box. Then edit the MySQL config file.

$ sudo nano /etc/mysql/my.cnf

Change the “bind-address” line in that file to point the the local server IP. (192.168.0.151 in the example above.)

Then, it’s worthwhile allowing root to log in from machines other than localhost. That way you can use whatever Windows GUI tool you like to log in to your virtual machine’s MySQL installation.

$ mysql -u root
GRANT ALL ON *.* TO 'root'@'%';
exit;
$ sudo service mysql restart

Install PHP

Now we could just use the built-in version of PHP, if we felt like taking the easy road. But that’s no fun. Let’s install PHP 5.4 RC2, so we can play around with all the new features. As an added bonus, if you get comfortable with compiling PHP now, you can recompile with whatever version and options you want later for when there’s a new release of PHP, and you don’t have to wait for your package maintainers to update.

First we need a bunch of build tools.

$ sudo apt-get build-dep php5
$ sudo apt-get install libxml2 libxml2-dev libzip-dev libbz2-dev curl libcurl4-openssl-dev libcurl3 libcurl3-gnutls libjpeg62 libjpeg62-dev libpng12-0 libpng12-dev libmcrypt-dev libmcrypt4 libxslt1-dev libxml2-dev

Next, grab and extract PHP 5.4.

$ cd ~/
$ mkdir tmp
$ cd tmp
$ wget http://downloads.php.net/stas/php-5.4.0RC2.tar.gz -O php-5.4.0RC2.tar.gz
$ tar xvfz php-5.4.0RC2.tar.gz

Now, we configure and compile. This takes a while. Feel free to grab a sandwich or something.

$ cd php-5.4.0RC2
$ ./configure --with-apxs2=/usr/bin/apxs2 --with-config-file-path=/etc/php5 --with-mysql=mysqlnd --enable-inline-optimization --disable-debug --enable-bcmath --enable-calendar --enable-ctype --enable-force-cgi-redirect --enable-ftp --with-gd --enable-memory-limit --disable-sigchild --enable-trans-sid --with-ftp --with-jpeg-dir=/usr --with-png-dir=/usr --with-zlib=yes --with-zlib-dir=/usr --with-openssl --with-xsl=/usr --with-gd --with-mcrypt=/usr --with-mhash=/usr --enable-mbstring=all --with-curl=/usr/bin --with-curlwrappers --enable-mbregex --enable-zend-multibyte --with-bz2=/usr --with-mime-magic --with-iconv --with-pdo-mysql=mysqlnd --enable-fileinfo --with-pear --enable-exif
$ make
$ sudo make -i install

Of course, now we have to ensure that Apache knows about PHP.

$ sudo ln -s /usr/local/bin/php /usr/bin/php
$ sudo nano /etc/apache2/mods-available/php5.conf

Add the following lines and save.

AddType application/x-httpd-php .php .phtml .php3
AddType application/x-httpd-php-source .phps

Now enable PHP (and mod-rewrite, while we’re at it).

$ sudo a2enmod php5
$ sudo a2enmod rewrite

It wouldn’t hurt to ensure that PHP is configured how we like it, either.

$ cd /etc
$ sudo mkdir php5
$ cd php5
$ sudo cp ~/tmp/php-5.4.0RC2/php.ini-production php.ini
$ sudo nano php.ini

Ensure the following are set:

date.timezone = America/Toronto (Or whatever is closest to you.)
short_open_tag = On
error_reporting = E_ALL
display_errors = On
log_errors = On
error_log = /var/log/php.log
max_execution_time = 30
memory_limit = 128M
mysql.default_socket = /var/run/mysqld/mysqld.sock

Now make sure that the logfile we specified exists and is writable.

$ sudo touch /var/log/php.log
$ sudo chmod a+rw /var/log/php.log

Finally, restart Apache!

$ sudo service apache2 restart

You should be able to visit the address of your new virtual machine (or the alias you set up in hosts) now and get your basic Apache display.

Extra step – VirtualHosts

I presume you’re going to want to develop multiple projects without having to create separate virtual machines for them all. That’s easy! We’ll just set up an Apache VirtualHost for each one.

$ sudo nano /etc/apache2/sites-available/{development url}

Add the following, then save.

<VirtualHost *:80>
    ServerName {development url}
    DocumentRoot /home/{user}{/{development url}/

    <Directory /home/{user}/{development url}/>
        AllowOverride All
    </Directory>
</VirtualHost>

Now enable your site and reload Apache.

$ sudo a2ensite {development url}
$ sudo service apache2 reload

Extra step – Shared folders

I bet you’re wondering how you’re supposed to get files on and off that machine, huh? Well, since you installed OpenSSH, you have options there, but there’s an easier way. You can just share that folder you were referencing above with a specific folder on your host machine. Make changes in Windows, and it will (usually) be reflected in the virtual machine. I’ve noticed a few times that when I’ve created a file, the Ubuntu host flips out and doesn’t properly recognize it, but a quick restart fixes it, and machine restarts are usually like ten seconds, max.

First, make sure that folder above exists on your virtual machine, then click on the “Devices” menu in VirtualBox, then click “Install Guest Additions”. This makes a virtual CD available to your virtual machine that contains the actual guest additions we’re going to install.

$ sudo mount /dev/cdrom /media/cdrom
$ cd /media/cdrom
$ sudo ./VBoxLinuxAdditions.run

Ignore the crap about x.org failing – we don’t have any GUI installed on the server, so whatever. Now shut down the machine (“sudo shutdown -h now”), and open up the Settings menu and click on Shared Folders. Click the little Folder/Plus icon on the right, and choose a Folder Path from your Windows box, and remember the Folder Name it gives you (or make up your own). Hit “OK” and start that machine back up.

We’re going to set up this machine to automatically mount that folder every time it boots up.

$ sudo nano /etc/init.d/rc.local

Add the following just after “do_start() {“:

    mount -t vboxsf {Folder Name} /home/{user}/{development url}

Now restart to check it out.

$ sudo restart -r now
# After restarting...
$ cd /home/{user}/{development url}
$ ls

You should see all the files from your Windows machine. If you don’t, well… ugh. Okay, I got this fixed by re-running the VBoxLinuxAdditions.run script, the re-mounting. No clue why that worked, but it worked, so… yeah. Not questioning it.

What Else Could We Possibly Do?

Hot damn, that’s a lot of stuff, isn’t it? Well, we still have Memcache, Memcached (yes, both), and Redis to install. These are all optional, but super-neat tools, and practically essential if you want to write anything that scales well these days.

For now though, you should have a good base to work from. If anything doesn’t work, let me know, but I followed along with my own VM while I was writing this, so I’m pretty confident I didn’t skip anything.

(No, I’m not talking about Memcache, I’ve known about that for a while. I’m talking about Memcached, the younger, beefier, stupidly-named cousin of Memcache. Crazy new features, but named in a way that’s sure to guarantee dozens of Google search mismatches. Nice.)

Previously, if you wanted to be sure that your cache writes weren’t clobbering each other, you had to implement some form of locking system, which introduces the very healthy chance of deadlocks and locking timeouts. This kills the concurrency.

But with Memcached, you can do this really sweet thing called “cas()” which stands for “compare and set”. (Maybe. Depending on who you’re talking to.)

Simple usage:

$cas = null;
$m = new Memcached();
do {
    // Get user, get cas token byref
    $user = $m->get('user::4099', null, $cas);

    // Do something with your user
    $m->cas($cas, 'user::4099', $user);
} while ($m->getResultCode() != Memcached::RES_SUCCESS);

So when you’re getting your $user, you’re also getting a $cas token. This token is updated every time the cache entry is changed. When you go to write your user later, instead of calling set(), you call cas() and pass in your $cas token. Memcached will only update the user if $cas is equal to the cas token in memory for that cache entry. If it fails, it sets Memcached’s internal result code to RES_DATA_EXISTS.

Now obviously you’ll want to limit that do-while loop there to prevent infinite looping, and if you really wanted to be a speed demon, you could change that “null” in there to a callback function so this function would block less, but still – it’s pretty goddamn quick, and no need to wait for locks.

There’s just one problem. What if you need to work with MULTIPLE objects?

See, there’s a getMulti() and a setMulti(), but no casMulti(). This is even weirder, because getMulti() even passes back an array of $cas tokens. Googling for it produces complaints about its lack, or worse, people confused about the difference between Memcache and Memcached. Apparently it’s not even IN the Memcached server, which sort of blows my mind. I can think of all kinds of situations where you’d want two or more objects to be updated in-step.

So anyway, since this thing doesn’t exist natively, I wrote it.

Memcached::casMulti()

/**
 * Set an array of Memcached keys with cas tokens, fail on all if any don't match.
 *
 * @param array   $items      An array of items to store.  All items require "key", "value", and "cas" entries.
 * @param integer $expiration The expiration time, defaults to 0.
 */
function casMulti(array $items, int $expiration = 0) {
    $newCasToken = null;
    $successfullySet = array();

    // First load old versions of data, ensure cas values remain sound
    foreach ($items as $item) {
        $item['old_value'] = $this->get($item['key'], null, $newCasToken);

        // If any tokens have changed since we loaded them, WHOOPS
        if ($newCasToken !== $item['cas']) {
            throw new DataChangedException("Data changed while we were messing about.");
        }
    }

    foreach ($items as $item) {
        // On successful set
        if ($this->cas($item['cas'], $item['key'], $item['value'], $expiration)) {
            // Get new cas token
            $this->get($item['key'], null, $item['cas']);

            // Keep track of our successes
            $successfullySet[] = $item;

        // Failed set?
        } else {
            // Data has been modified, crap
            if ($this->getResultCode() === Memcached::RES_DATA_EXISTS) {
                // Loop through "successful" sets
                foreach ($successfullySet as $item) {
                    // Get new cas token
                    $this->get($item['key'], null, $newCasToken);

                    // If this item hasn't changed on us
                    if ($newCasToken !== $item['cas']) {
                        // Undo our changes
                        $this->cas($newCasToken, $item['key'], $item['old_value'], $expiration);
                    }
                }

                throw new DataChangedException("Data changed while we were messing about.");

            // Some other reason?
            } else {
                // Do something appropriate
                throw new Exception("Something else messed up.");
            }
        }
    }
}

Some caveats:

• This function assumes it’s part of a Memcached library, ideally one that extends PHP’s Memcached object, and thus $this is equal to a valid Memcached instance.
• Since I don’t have access to Memcached’s Result Object (there’s no setResultObject), it relies on Exceptions to report failures, and those pretty obviously haven’t been fleshed out.
• This is the biggie: I haven’t tested it yet. Like, not at all. I’m busy trying to set up a Virtual Machine to replace the shitty XAMPP-on-Windows thing I’ve been fighting with for years, but it’s a slow process. This will of course be updated once I get a chance to test it out, but I had an itch one evening and just had to scratch it and write this code. (I’ll also be updating this blog with the process used to create said Virtual Machine, should you choose to try it out yourself.)

With that said, let’s walk through it quickly.

You’re going to be passing in an array of items to compare-and-set, and that array should look something like:

array(
    [0] => array(
        "key" => "user::4099",
        "value" => "json-user-data-goes-here",
        "cas" => "big-long-cas-token-taken-from-get-or-getMulti",
    ),
    [1] => array(
        "key" => "user::4105",
        "value" => "json-user-data-goes-here",
        "cas" => "big-long-cas-token-taken-from-get-or-getMulti",
    )
)

I could have put $expiration in each of the items too, and maybe that’s a good idea? I figured keeping as close to Memcached’s existing methods was worthwhile, and how often are you going to need to have different expirations for everything?

Next, we get the old values of everything we’re changing, just in case we need to roll back. If any values have changed since before this function was called, SHUT DOWN EVERYTHING.

Then we try to cas each key individually. If a key is successfully set, we save it for later. If they’re all successfully set, no biggie. If any fail though, we go into recovery mode.

In recovery mode, we examine every previously-set item. If it hasn’t changed, we use cas() again to change it back to the way we found it before we tried anything. If it HAS changed, we just leave it – no sense in messing with anyone else’s work.

Yeah, so…

Now like I said, this is absolutely untested. And not in an “untested under load” kind of way – I mean I haven’t even run it yet. It might not even friggin’ compile. I’ll update this blog post once I have tested it sure, but for now, exercise caution.

And even if it does compile and seems to work, exercise caution. I wrote this late at night after a day of frustratedly poking at the Memcached docs and Google. There could be all kinds of situations where this Just Doesn’t Work.

And even if it does work in all situations as expected? It may not even be a good idea. There’s a LOT of cache reads going on here, and I really don’t know what that does to concurrency. There may very well be much more efficient ways of doing this.

So be warned. Have fun playing around with this, but try not to use it in production code.

Alternate, actually informative title: “Indie Stone Still Doesn’t Get It”

Or at the very least, Lemmy still doesn’t get it.

Barely hours after I posted, hoping that Indie Stone would learn from this latest disaster, developer Lemmy has posted an apology, and announced that he’s removing himself from further community involvement.

But while that may or may not represent a good idea, the big news in the article is the following excerpt:

No one put ‘must have thick skin’ (or ‘must make nightly off-site backups, for that matter) in my game programmer job description.

Really? Really?

First, I mean, you went indie. You made your own job description, so you can’t really complain that you’re required to do more than you were told – it was your job in the first place to find out what was required, and if it was acceptable.

Second – and this is the killer – it’s pretty obvious that “nightly off-site backups” are still a distasteful, onerous thing to him, that the entirety of the development has been a hack job from the start, and will continue to be so until yet another slapdash solution fails catastrophically. And when that happens, all the people who supported him and supported PZ’s development can expect is more hand-wringing, and more “in hindsight, it’s obvious I shouldn’t have stored credit cards unencrypted on our web server” responses.

If they ever finish Project Zomboid, I might buy it (if I’m convinced my payment information isn’t being handled by them) because it looks like it’ll be a really cool game on completion. But I’m certainly not going to invest in a pre-order, given that they can’t be arsed to exhibit a bare minimum level of professionalism.

Hell, my college homework was in source control.

Seriously.

Reddit got angry about this, and Lemmy got angry back over Twitter (account since removed, wisely).

So far, this was all something of an unfortunate morality play, but then another PZ developer popped up this morning to elucidate on the subject of Professionalism and Indies.

In as much as he is talking about people being angry because Lemmy raged at Reddit over Twitter, he’s right. (Hypocritical, of course, since they pulled his Twitter account, but whatever.) One of the differences between indies and commercial studios is that you get a closer relationship with the developers than you would if you had a PR department between you. If that relationship exposes a personality you don’t like, well, tough. Don’t invest in that game, simple.

But he also draws an arbitrary line in the sand in that article, declaring that some indies would rather just be commercial studios. Here, in his words:

There’s the type of studio that really, if they were honest, they’d like to be the first type of indie [independent studios, working for commercial clients] – everything they do is onwards an upwards to this goal. Legitimacy. A proper company. And then there’s the other type.

This type of indie never pretends to be professional. The “company” is probably just a name. It technically exists, but really what it boils down to is a guy in his underpants making a daft game. Sometimes that guy has a day-job, sometimes he’s taken a whoppping gamble and is working full-time from home.

The point is, if you’re going to throw your money at one of these indies, it’s important to know who you’re throwing money at and why. You can’t necessarily have your cake and eat it too.

You can just hear the derision there. Ugh, commercial studios, right? All that process and overhead and accountability, bleh. When PZ was first getting popular, I read a blog post from one of their developers about how he left the commercial games industry because it was the most miserable period of his life. Which is cool – we’ve all heard the gory details exposed by EASpouse and others. Fleeing that environment is a positive, healthy step. But there was always something about the way it was written that never sat well with me.

I guess last night I figured out what it was. At Indie Stone, “professionalism” is a dirty word.

But being a professional doesn’t mean having to give up your indie cred, or bow to the demands of marketing folk or whatever. It just means that you treat this shit like Your Job, which it now is. It means taking all the appropriate precautions to prevent shit like this from sinking you. Every instance of “bad luck” that’s struck Indie Stone so far has been entirely preventable with just the bare minimum of professionalism. If they’d read the PayPal terms that said they didn’t accept pre-orders, they wouldn’t have lost all those money and orders. Ditto for Google Checkout. And ditto for backing up your code appropriately.

You wouldn’t hire an independent caterer who didn’t wash their kitchen first. You wouldn’t hire an independent electrical contractor who wasn’t certified. These are just little one or two-person outfits, without any dreams of gaining “Legitimacy”. But they take the time to know their craft and be professionals about it.

And the dirtiest, scariest part of this all is that setting up an offsite backup in this day and age isn’t hard. At all. It’s almost harder NOT to, actually. See, source control tools were invented way back in the dark ages, and you have a million options nowadays. CVS. Subversion. Git. Mercurial. Veracity. And the interesting thing is, they all make development EASIER, not harder. First, if you ever made a mistake, you can roll your code back to ANY POINT in the development history to figure out what went wrong. Second, when working with more than one developer, it makes it really difficult to accidentally clobber changes that they’ve been working on. Finally, if your computer ever catches on fire, your source control is generally safe on another server somewhere in another city, and even that’s backed up in case that server catches on fire.

The fact that Indie Stone was charging people for pre-orders for a game, and then not expending the requisite effort to protect people’s investment is absolutely, completely unprofessional. And not in the “Commercial Studio” sense that these guys seem to dread, but in the “Basic Respect For Your Customers And For Your Trade” sense.

Now, they’re planning on continuing on (good for them!), and hopefully they’ll be able to. I know personally that losing a month’s worth of work would be devastating – moreso than the theft itself. But hopefully they learn from this, and not just to back up their code remotely. They’ve had three serious hits due to a lack of professionalism. This is the time to start looking into all their shit that they’ve been giving short shrift. Check their security for XSS, SQL injection, change every password (because you now have people who own their laptops, and a whole bunch of people on the internet upset at them). Ensure payments are still flowing properly, ensure refunds are processed immediately (because there’s going to be a bunch of those, and having their payment processing yanked on them now is going to suck BIGTIME) – double-down on this stuff.

I’d love to see Project Zomboid survive, because it’s a thrilling, ambitious project. But I hate how they’re badmouthing professionalism. You can be a professional indie without succumbing to all the soul-deadening crap that happens in a commercial studio. Long-term, it’s even easier to do, because then you don’t have to worry about having your payment processing yanked twice and having months of work stolen from you. Swear all you want on Twitter, but respect your craft, and respect your customers.

I guess my biggest problem with this article is the following:

Too often, women in geek cultures are only welcomed if they are decoration, sexy versions of the things geek men love, not equal participants or fellow fans.

Maybe I live in a weird, tiny bubble, but with the folks I hang around with, this just ain’t so. My group of friends in Oakville is fully of nerdy girls, and I hang around with them because they are smart and fun and into awesome nerdy things, not because they are “decoration.” Fully half the awesome friends I made at PAX Prime last year were nerdy girls – at no time dressed up or flaunting themselves. We met on the Harry Potter Pubcrawl and talked about nerdy shit and exchanged numbers and hung out for the rest of the con.

Of all of the nerdy girls I am friends with, the emphasis is on the “nerdy” – they’re into comic books, or games, or loose-leaf tea, or reading. That they’re girls makes no more difference than their hair colour, or height. Are other nerdy dudes so fucking shallow that ladies are shunned if they’re not eye candy? For shame.

Now on the flip side of that – if you are dressed in costume AT ALL, you are emphasizing yourself as decoration and shouldn’t be surprised when you’re treated as such. I’ve never been able to have a meaningful conversation with a lady dressed as Leeloo, BUT the same goes for dudes dressed as Master Chief or whatever. The most I ever get out is “Oh hey, sweet costume, you look great/badass/cold” and then I mosey on. Seriously, I can’t connect with you when you’re kitted out like that, it’s intimidating.

If you want to connect with and gain acceptance within a community, be as you are. Sure, there will be some sexist assholes (and perhaps the nerd community has more than its fair share due to natural high levels of social anxiety in its members), but as with all things, the cream will rise to the top and you will be welcomed. There’s no need to lower yourself to fit in.