Catch-all post about solving setup issues with PhpStorm, Composer, and Symfony2

I had to do some preliminary work over the last week or so to create a workable PHP development environment before diving into some moderate-to-heavy work making a small e-commerce site.  I've had a VirtualBox install of Linux Mint 12 on my laptop for a while, but it was never setup quite the way it should've been.  So, I took the time to do it right.  Unfortunately, open source software tends to have shitty documentation, so in order to prevent others from making the same mistakes I did, I'm going to list my problems and my eventual solutions.

PhpStorm:

PhpStorm is an awesome PHP IDE from JetBrains.  .NET programmers will recognize JetBrains from Re-sharper (R#).  It's not quite as all-inclusive as, say, Visual Studio.  Unit Testing and debugging don't come installed as part of the software.  Instead, it's designed to integrate with PHPUnit and one of Xdebug or Zend Debugger.

Setting up PHPUnit is fairly straightforward, but the debugger is another matter.  The (somewhat confusingly written) documentation would lead you to believe that you need to play with IDE tokens and ports and server names and other things.  Not really, at least, not in my case.

PhpStorm's debugger listener is pretty smart.  In a lot of cases it can automatically detect a debugging session.  The steps are ridiculously simple:

1. Install a debugger on your system.  I opted for Xdebug, so it was simply a matter of:

$ sudo apt-get install php5-xdebug

2. Edit your php.ini files (both the web server's and the CLI's) so xdebug.remote_enable is on, and restart your server.

3. Follow the other instructions here: Zero-configuration debugging with Xdebug and PhpStorm 2.0.  Even though PhpStorm is now up to version 5.0.2 as of this writing, the instructions here worked like a charm for me.

Composer:

Composer is a dependency manager for PHP written by Nils Adermann and Jordi Boggiano (with contributions from others).  It's nice and lightweight.  A JSON config file lists the packages you want/need for a project, and it looks at both its package repository (Packagist) and Github for them, installing them in a /current/path/vendors/ directory.

My problem with Composer was that I kept running into connection timeouts.  It wasn't a network error on my end - I have ~12 mbps downstream, so that's not a problem.  After a lot of searching, I found that the issue was caused by Composer being inefficient in its searches/downloads.  Something about it looking at both the distribution version and source version of a package.  To get better performance, a --prefer-dist option was added to the command line.  Unfortunately, that switch is not mentioned anywhere in documentation, nor in the CLI's --help option.

So, to use the option, simply (assuming a global install of Composer):

$ composer update --prefer-dist

Composer now works perfectly for me.

Symfony2:

Symfony is a modular MVC framework from Sensio.  The Standard Edition comes with a demo app, which should be removed before doing your own work.  The Standard Edition's Github README.md describes the process of removing the demo.  Unfortunately, the instructions regarding security.yml are wrong.  Simply removing those listings results in a runtime exception.  No, instead you need to provide default values.  Nice to know now.

So, there you have it, solutions to issues not mentioned in official documentation.  Hopefully I can stop others from getting frustrated.

EDIT: Thanks to Tony Quilkey, a.k.a. trq, a.k.a. thorpe for setting me straight on Composer's lineage.

Basic PC security Part Deux

Part 1

How can I look at things safely?

It's somewhat difficult to concisely talk about the browser and browsing habits because some of the issues are technical, and some are human in nature.  I'll focus on the technical first, because they're easier to address.

The web gets its interactivity through technologies like Flash and JavaScript.  Unfortunately, those very same technologies can prove to be harmful.  Flash, in particular, is known for its related exploits, both because its creator, Adobe, is slow when it comes to patching them, and because of Flash being the platform online advertisements are generally built on, which gives would-be attackers an incredibly wide target audience.  While it's less common now, attacker-compromised ad servers are a popular way to spread malware.

While not dangerous directly, JavaScript can be used to dynamically load other data, or bring the user to another destination that contains something dangerous.  While JavaScript can be turned off in the browser, many websites (like just about everything Google owns) require it, so removing it from the equation entirely is essentially impossible.

The solution for both problems come in the form of browser plugins and/or settings, depending on the browser itself.  For Firefox and Chrome, the plugin Ad Block Plus stops any and all adds (after tweaking some settings) from appearing.  In some cases, that can lead to some site functionality to break, but you can tell it to not stop ads on a particular site.  Similarly, for JavaScript, the No Script plugin stops all scripts except for those you explicitly allow.  That kind of granular control will allow you to customize your internet experience.

Bad browsing habits are a bit harder to curb.  Generally speaking, sites that offer free merchandise (like, say, an iPad), sites that offer free porn, sites that offer crass, edgy videos and images tend to be a breeding ground for malware and assholes.  I'm not sure if it's the same today, but back in the day sites like Ebaum's World crawled with bugs.  If it sounds too good to be true, or if the site would attract people who would have no qualms with screwing with other people, try to stay away.

Be aware of any downloads.  If you're downloading a document, it should end in .pdf, or .doc, or .docx.  Don't open anything from a source you're not familiar with.  That means email, images, files, etc.  If you don't know the source, you can't trust the source.

One final thing: be cognizant of what you share on social media.  Do you really want the entire internet connected world to know your address, number, work address, husband's/wife's/children's info, or pictures?  Information is power.  Don't let those you don't know have power over you.

I'm sensing a common theme... the human factor is key, huh?

In any system, the weakest point is where ever humans enter the picture.  We're fickle, impatient, moody, and ambitious - the perfect combination for exploitation.  Social engineering (or, in non-nerdy terms, conning/scamming) is still one of the most effective ways to compromise a system.  Attackers disguise themselves and their requests as legitimate, hoping that they're in contact with a computer illiterate mark who will be lead to give away their own secrets.  And it happens all the time.  This year's rash of Xbox Live account thefts were largely due to people duping the Microsoft employees on the customer service line.  Someone posing as Windows tech support tried scamming Ars Technica.

There are so many ways that attackers can disguise themselves, it's impossible to talk about them all in this space.  But, I can give some general tips:

1. If something seems suspicious, it probably is.
2. No reputable company will ever ask you to email them your login credentials.  They already have them, and don't need them to refer to your account.
3. Be wary of any email asking you to login to fix some error.  Call the company (and be sure to use their real number, NOT what's in the email) to verify.
4. Tech support will never call you out of the blue.  It doesn't work that way.
5. Where available, use two factor authentication.
6. When in doubt, ask your nerdy friend/relative.

Above all else, remember that there are people out there who would like nothing more than to get their hands on your money, your identity, and your very being.  Be cautious, be smart.

What about viruses and stuff?

Amazingly, it's fairly simple to protect yourself.  Windows' firewall is turned on by default.  The question then becomes, "What anti-virus and anti-malware software should I use?"

New computers come with a heap of useless crapware.  That McAfee or Symantec/Norton anti-virus that came with it?  Also crap.  They're bloated pieces of code that have low detection rates and cost money.  Horrible.  There's no need to pay for a quality anti-virus program.  While there are many free alternatives (AVG, Avast!, etc.), I prefer Microsoft Security Essentials.  It's absolutely free; no fee for initial download or any kind of subscription nonsense.  It doesn't take a lot of resources.  It's unobtrusive.  It has a high and accurate detection rate.  For my needs, and likely the needs of most end users, it's just about perfect.

For my anti-malware supplement, I use Malwarebytes' Anti-Malware.  It's also free, and is a no-nonsense malware detector/remover that can sniff out just about anything.

Do these programs make a computer bulletproof?  No.  But when combined with other preventative measures, like good browsing habits, they're very effective.

As an aside: those Finally Fast.com ads, and any other service built around "Clean up your PC!" are selling snake oil.  There's no reason for anyone to pay for that kind of service.  With the links provided above, you already have most of the tools needed to clean up your PC yourself.  Why pay someone $60-$80/hr to do it when you can do it yourself in a weekend?

So, is that it?

Well, not really.  Security is a broad topic, so broad it's impossible to completely tackle in a blog format.  My main goal is to raise awareness and curiosity.  There's no reason to not be aware of the incredibly basic steps needed to help secure yourself.  Given our ever increasing online presence, protecting ourselves on the internet is at least as important as physically protecting ourselves, our families, and our homes.  Since the only real costs involved are time and employing common sense, there's no reason not to take preventative action.

Unoriginal title for a post about general PC security (Part 1)

First, let me preface this by stating that I am not an expert in online security.  I'm not a hacker, I'm not a cryptologist.  I'm a web programmer who tends to view security from the POV of an end user.

Okay, with that said, here we go....

I've bought this $500+ piece of machinery, but you're asking me to understand how it works?

The sad fact of the matter is that many people who own computers are still largely computer illiterate.  Some are afraid to break/screw things up with their new appliance, and others are simply not interested in learning more than how to send email, visit YouTube, and do some basic office work.  The problem is that seemingly innocuous online activity can lead to a host of problems.  Addressing them isn't difficult, but it requires a bit of effort.  Just like a car needs regular maintenance to keep it on the road, a computer needs regular maintenance to keep it running and your information safe.

It's important to note, at this juncture, that there's no such thing as 100% secure.  Cyber security is always a game of catch up.  The various hackers, malware authors, and other black hat individuals and organizations out there will always have an advantage because, in a lot of cases, threats can't be addressed until an exploit has been abused.  The best we can do is engage in behavior to mitigate risk, and be prepared if an attack does happen.

What do you mean 'P@ssW0rd' isn't a good password?

Let's start with passwords.  If you do anything online, you're all but certain to have one.  A good password is long (the longer the better), contains a bunch of different characters (letters, numbers, punctuation), and isn't based on a dictionary word, or common phrases.  They should also be unique for each account (more on this in a minute).

The problem is that long passwords not based on a memorable pattern and filled with a variety of characters are hard to remember.  They're also a pain to type.  So, what people generally do is create a short, easy to remember password and then use that for just about everything.  If an online account is compromised, who cares?  It's just an account to Fluffy Birds or something unimportant, right?

Wrong.  If login info is compromised (and many times they're compromised without one knowing about it at all), then every account that uses that info is compromised.  That could mean your bank.  Your social media accounts with all the personal information about you and your family.  Your life could be laid bare for those who wish to do you harm.

So, what can be done?  I'm a huge fan of password manager software.  This software is essentially a database of all your passwords.  Even better, most come with a password generator, giving you a high entropy password at the click of a button that you can use for any account.  The password manager itself can be protected with a password, and some even allow you to use a separate key file as a second form of authentication.

The general workflow is:

Sign up for a new online account
 |
V
Open the password manager
 |
V
Generate a new password with the password manager
 |
V
See if the site/system will take it*
 |
V
If yes, you're registered, if not, keep generating new passwords until one sticks

To log into a site that requires a password, simply open the manager, and copy/paste the password into the password field.

*The unfortunate reality is that many sites put ridiculous limits on what they accept for passwords.  Microsoft, for example, limits passwords to just 16 characters, while EA prohibits certain special characters from being used.  These restrictions are completely artificial, and really only serve to negatively affect how secure your login information actually is.

I use and recommend KeePass.  It's free, it's easy to use, and it's available on just about every operating system one would want.  I use it on my iPad, laptop, and desktop, and with it, I can hit all the important attributes of a good password:

Length
Not based on a dictionary word
Character variety
Unique to each account

Okay, cool, now what?

I'll talk about browsing, but in a new post to keep things readable.

Ghost Hunters; or, That's not how science is done!

As I wait to hear from a client, I figured it was time to finally write my long awaited rant against Ghost Hunters and other shows of its ilk.  Those who know me personally know I have a seething hatred for it, but since my problems with it are many, I've never been able to succinctly express exactly why I hate it.  I figure that it's likely easier to put my thoughts down on 'paper', so here we go.

1. Assumptions

Let's first talk about the assumptions GH makes in order to have the viewer buy into what they're selling:

A. It is assumed that these people are professionals.  After all, they have a TV show.
B. It is assumed that ghosts exist.  This assumption is reiterated every time one of the people attempts to describe what they're scanning for.
C. It is assumed that the show is being truthful.

A:
The two founding members of TAPS (the GH group) are Grant Wilson and Jason Hawes.  Before the show, they were part-time plumbers and co-owned a NH hotel.  They did ghost hunting on the side.  Neither of them, nor any other members of their crew have any formal scientific training.  They are, by all definitions, normal people without formal training.

B:
We are told many times that the paranormal can do any of the following:

Emit an EM field.
Emit cold.
Can speak/make noise.
Manipulate matter (footsteps, things thrown, etc.).
Temporarily become visible.

The Ghost Hunters don't offer any explanation aside from their experience.  That leads into....

C:
Despite the show airing on cable TV, paid for by advertising and merchandise, the crew is being honest in their pursuit of the truth.

2. Faux Science

What the GH crew does is not science.  For one, real science doesn't assume that the thing its testing for is real.  Second, science is testable.  Third, science is repeatable.

The way GH works is that they find an interesting/spooky place whose owner is already predisposed to believing in ghosts.  They interview the owner, paying close attention to particular details of the supposed hauntings.  They then spend the night in the location while filming/recording.  At dawn they stop, go over the hours of media they produced, and then present their findings.

One night's worth of observations is NOT scientific.  It's the very definition of small sample size.  A real scientific endeavor would take far longer (weeks, if not months or even years) in order to weed out all the variables (seasonal changes, atmospheric conditions, etc.).  The data itself would be analyzed by professionals.  Secondary (or even tertiary) observations may be required if the initial data sets were inconclusive or raised questions.

But, what of the data itself?  Unsurprisingly, everything TAPS records is digital.  That means it can easily be altered.  Add to that the abilities of an on-site production crew, and the fact that, again, this is being done for profit, and the data has to be considered suspect at best.

"Wait!  The GH crew itself debunks things all the time!"  Ah, well that plays into....

3. The Trick's the Thing

Ghost Hunters is one of the only shows where the majority of the action takes place off camera.  Think about that for a moment.  9 times out of 10, the camera is focused on one of the member's faces when the inevitable (and there's always at least two per case for advertising breaks) surprise happens.  And, really, that's the key.  The focus on the show isn't about the place they are or even ghosts at all.  It's about the crew.  They're the stars.

Now, there are shots of EMF meters blinking their lights, and various FLIR images, and even the occasional stationary camera shot.  I go through them individually.

The EMF meter shots are always filmed the same way: a tight zoom on the device itself as its lights blink in accordance to the off-screen instructions of a team member imploring a ghost to make the device light up.  EMF meters do exist (http://en.wikipedia.org/wiki/EMF_meter), but they don't generally look like what the GH crew uses.  So, it's questionable as to whether the GH prop is legit in and of itself.  Being charitable and assuming it is, why is the camera zoomed in so closely?  There's no need for the device itself to take up the majority of the frame, especially given how often things 'happen' off camera.  I have the suspicion that since the lights ALWAYS behave on cue, someone to the side is manipulating them.

The FLIR images, being digital, can easily be manipulated in post-production.  Some, like the far-off humanoid images, likely ARE people (producers, assistants, etc.).

The stationary camera shots usually pick up some physical movement that's off to the side, in the distance, or with a small object (desk clock).  Usually something moves, slides, rolls, or opens/closes suddenly.  This kind of thing has been used to great effect in movies like Paranormal Activity.

The same sort of thing can be said about the sounds obtained from EVP sessions (Electronic Voice Phenomenon) when one of the crew sits alone in a room and attempts to talk to a potential ghost while recording audio.  Since the recording is digital, it can be easily manipulated.  More on EVP: http://en.wikipedia.org/wiki/Electronic_voice_phenomenon

What about the GH crew debunking things?  That all adds to the air of authority and truthfulness.  It's simply a way to get people to trust them.  It's really no different than a snake oil salesman plucking a 'random' member from the audience.

4. Conclusion

In the end, Ghost Hunters is not scientific.  It's not even remotely believable.  It's merely a combination of likeable everymen visiting spooky places at night while using camera tricks and post-production editing to sell a story.  There's no truth here.  Rather, it's just the continuation of a brand that's more interested in DVD sales than knowledge.

Adventures in repository land

My original Entity Framework repositories sucked.  No, they really did.  They were bloated, ugly things, each tied to a particular type, and filled with repetitious code that was far too application specific.  I mean, look at this crap:



To be fair, the code above was one of my first iterations of a repository, written before I was comfortable with C# and EF.  That said, the recent iterations of my standalone repos weren't much better.  A whole bunch of inflexible, type-specific code.

I knew that the ideal solution would be to make my repositories as generic as I could (code to an interface, not an implementation, right?), but the existing Game repo had specific functionality not shared with the others, and, more importantly, it required the eager loading of related data, and I wasn't sure how I'd tackle that, or if it was even possible.

IObjectSet does not have the Include() method, and I thought I was sunk until I found this old blog post from Julie Lerman.  IObjectSet implements IObjectQuery, which meant that I could write my own extension method that (for all intents and purposes) overloaded Include().  Problem solved in a decidedly C# way.

So, behold my generic repository, and my Game specific subclass:


Now, what about my Game-specific code?  Simple:


When I need to do the extra Game-related things, I simply cast (canned example):


I'm not sure if this is the most elegant way to go about it.  The cast strikes me as a bit of a code smell, but since those methods are used sparingly in my project, it seems like it's good enough.  Most importantly, my code footprint has been significantly reduced, and my backend is far simpler than it was originally.

You may have noticed that my type parameters implement IHGEntity.  That's just a utility interface that allows me to access to my types' ID property, which in turn allows me to save my entities.  It is an epic one-line interface:


So, there it all it is.  I hope this will be of help to those just starting out with EF.

NOTE: Apologies for the inconsistent capitalization of type parameters in the code blocks above.  The synax highlighter is automatically making anything within angle brackets lowercase.

E3 Musings

Maybe it's because I'm an old fart, but heavily scripted 3rd person action games like Uncharted, the upcoming Lara Croft, the upcoming Star Wars 1313, etc. just don't appeal much to me any more.  They're all essentially the same game - Prince of Persia platforming + Gears of War cover/gun play.  And linear.  Suffocatingly linear.

The only reason why I still go after Rockstar's games are because they're usually pretty well written, and the open world aspect where I can at least cause some of my own mayhem.  Getting chased by cops in, say, Vice City is a game in itself.

But, yeah, I was struck by how many games simply didn't speak to me while watching the E3 presentations.  All the 'realistic' FPS games look the same.  All the 3rd person action games look the same.  Sports titles are the same every year anyway.  It's just startling to see such little innovation among the AAA titles. 

Like I asked yesterday/last night on my Twitter/Facebook, can anyone tell me the difference between the upcoming Call of Duty, Metal of Honor, and Battlefield games, aside from their titles?

---

That said, the two titles I'm most interested in are Dishonored and Watch Dogs.  Likely because they offer several ways to tackle a particular situation.

E3 potpourri

Just some random, stream of consciousness thoughts on the coming E3:

Like someone else said on the Penny Arcade forums, isn't it funny/sad that the things most people are looking forward to from Square-Enix are its Eidos offerings?

Prediction: Microsoft's keynote will be barren.  Kinect + media apps + already announced exclusives = yawn.  I'm hoping that they're lying and will do something regarding the NextBox/Xbox 720, but I'm not counting on it.

I hope that Ubisoft unveils a new Splinter Cell.  And, I hope it refocuses on stealth.  Playing Sam Fisher as Jason Bourne is fun, but I wanted more stealth capability in Conviction.  Not being able to move bodies was a grievous oversight.

Apparently there's a rumor that Sony will have a megaton announcement during their keynote, and that it has something to do with the cloud.  Some people are wondering if it's tied with Valve/Steam.  I'm wondering if it has something to do with rumors of Sony and Microsoft talking over the last few months.  Maybe some Azure?

I can't help but wonder what Bioware will show.  Likely the Mass Effect 3 apology DLC, but what else?  Their new post-ME IP?  Something Dragon Age related?

I'm curious on the JRPG front.  I haven't played a JRPG I liked in ages.  Will Final Fantasy XIII Versus finally materialize?  Anything actually worth playing in the genre?

The Wii U both intrigues and frightens me.  I can't help but wonder about the tablet controller's accessibility.  The Wiimote is already a barrier.  The tablet looks orders of magnitude ("Pop pop!") worse.

I got 38 problems but a game ain't one

Holy crap, a blog post!  First, the usual professional update:

Paying work has slowed, I've had issues receiving payment from one client, and I'm busy cleaning up code/finishing writing code on the first of my personal projects.  Naturally, I want to change its look, because I suck at design, so, yeah, more delays there.  Good times.

Now, to the meat of this post:

We're entering silly season for video games.  There's a whole bunch of corporate things going on, and E3 is a week+ away.  I figured that with everything going on, a couple posts would be apropos.

---

38 Studios.  The company that's taken 6 years to make a mediocre adventure game and a still-in-development MMO, both of which look like they have Azeroth envy.  Is it a shock that they're going under?  That they wrote a bad check for the $1.1m loan payment they missed?  That what employees are left haven't been payed since May 1, and that their health insurance ends tonight at midnight?

Nope, not really.

For a time, it seemed like every studio wanted to take the MMO crown from World of Warcraft.  The problem is that they didn't take the time to see what made WoW special. 

For one, pedigree.  WoW was the continuation of a very popular brand.  What's more is that the original developers were vets from Everquest and Dark Age of Camelot.  They had working experience in the genre. 

Second, a massive, public beta.  WoW became a part of the gaming culture even before it was released.  Popular entities like Penny Arcade were salivating over it at the time, which made it more than just another game.

Third, a good deal of luck and timing.

I've said it before, and I'll say it again.  Trying to become the "Next X" is a fool's errand.  How many game companies have tried making the next WoW?  Remember Warhammer Online?  Age of Conan?  Anarchy Online?  SWTOR is hemorrhaging subscribers as I write this, and that's a Star Wars game from Bioware!  Even WoW itself lost a significant number of subscribers after its Wrath of the Lich King expansion. 

What's worse in 38 Studios' case is that, like I said above, their world of Amalur looks very similar to Warcraft's Azeroth.  The architecture, the environments, the people, the creatures - it all looks like WoW 2.0.  Don't take my word for it.  Check it out below:

Off the top of my head, I can see Orgrimmar, Teldrassil, Loch Modan, Gilneas, and Stormwind analogues.  This could be a drinking game.

So, let's recap:

38 Studios decided to put almost all their eggs in the MMO basket.  A genre which, over time, has proven over and over to be a bad investment.  Despite seeing the multitude of failures from other companies - both with original and existing IPs - they refused to change course.  Their one game to date, after 6 years of being in business, is Kingdoms of Amalur: Reckoning, an admitted side project which sold 400,000 copies, and is, by all accounts, decent but not memorable.  In order to differentiate themselves from other IPs, they make theirs look like an updated WoW.

... who was in charge here, again?

I feel for the employees, but man, the people at the head of the company were idiots.  I'm sure the Rhode Island taxpayers must be thrilled.

PSA

You're a young, plucky go-getter with an interest in tech and nothing but time on your hands.  What to do?  Why learn web development, of course!  So, here are some random tips for those just starting out:

1.  Learn HTML and CSS.

Seems kinda like a no-brainer, right?  You'd be amazed at how many people feel uncomfortable with the basic building blocks of the web.  Some developers learned HTML in the late 90's and never took the time to keep up-to-date on it.  They get all Unfrozen Caveman Lawyer when confronted with the modern web ("Your world of Cascading Style Sheets confuses and frightens me").  Don't be that person.

Other would-be devs feel that HTML/CSS is somehow beneath them.  That, somehow, they'll be forever isolated from the unwashed masses that have to write markup because they're a programmer, not a coder.  Don't be that person, either.

Here's the thing: at some point, the stuff you'll program will be rendered in a browser.  Even if you're a programmer, chances are you'll need to tweak templates in order to have the yummy, yummy data you massaged earlier in the process display on screen in the right place/format.  Knowing how to debug these templates when things go wrong (and they will) is essential.

Besides, both are fairly easy to learn.  HTML can be learned in a couple hours.  CSS takes a bit more time, mostly due to CSS positioning and the Box Model, but is still doable.  No one will expect you to be an awesome designer.  They will expect you to be familiar with the basics.

2. Server side language choice

In the long run, this doesn't matter too much as you'll likely learn a variety of languages if you stick with it.  But, short term, it's an important decision that must balance ease of use, availability of quality resources, and success/failure/positive reinforcement.

For me, there are only two viable choices: PHP and C#

PHP has some nice benefits - Ubiquity, easy syntax, it's dynamically typed, so you don't have to worry about type initially, and it rewards the developer with fast results.

PHP also has some drawbacks - A lot of horrible, out-of-date resources and tutorials floating around online, when done wrong PHP can teach some very bad habits, it's dynamically typed, so you may not even learn about type, and a lot of little technical things that a newbie likely wouldn't notice, but are there anyway.

C#'s benefits are - Statically typed, so one learns about type right off the bat, clean syntax, object oriented, more options in terms of more complex data structures.

C#'s drawbacks are - A much higher learning curve from the get-go, possible reliance on the .NET framework as a crutch, the MSDN (although it's getting easier to navigate).

For web development, I started with PHP.  I feel it's the best at efficiently teaching a prospective developer how forms work, how a server side language interacts with a database, and how processes on the back end eventually become things an end user experiences.  YMMV.  That said, I prefer C# now.

3. It's a database, not a spreadsheet

One of the classic mistakes a newbie can make is treating a database like a spreadsheet.  Most of the databases used with the web are relational databases.  Database tables model the relation between different sets of data.  To get the tables into the right form, developers 'normalize' them.  Here's a good primer on normalization: http://mikehillyer.com/articles/an-introduction-to-database-normalization/

Simply put, if you use your database as a spreadsheet, you're doing it wrong.

4. It's 2012.  Time to learn JavaScript

JavaScript is probably the most important language employed on the web today.  It's a vital component of many sites (Google Apps, Facebook, Twitter, to name a few), and with the upcoming improvements in HTML5, it will only become more widely used.

Despite that, JavaScript still carries a stigma.  Older end users remember a time of constant JavaScript errors, and older developers remember the browser wars.  It doesn't help that the language itself is a bit odd, and has some hidden gotchas baked right in.

That said, the emergence of JavaScript frameworks (including the ubiquitous jQuery) has all but made the pain go away.  There's no reason not to learn the basics.  With the way things are progressing, saying, "Nah, I don't do JavaScript," will be akin to saying, "Nah, I don't do email."  Get on board.

---

So, there you go.  Random thoughts on a Thursday morning.

Spring cleaning

Just a small post to myself, really.  Things I want to focus on this year (aside from actual paying projects):

Hone my design skills - I suck at design.  I think I'm a decent critic of design, but creating my own has always been troublesome.  I'm not an artist.  Even my stick figures suck.  That said, the flexible design book from A Book Apart really opened my eyes to some things, answered some questions I had never previously received clear answers to.  So, with that, I'll redesign my home site, which was made in a rush in order to get free hosting a couple years ago (it definitely looks like it was made in 15 minutes), and my awesome secret personal projects.

Get more familiar with JavaScript, jQuery, and maybe even Node.js - I'm not a complete newbie with JS.  I mean, I own and read Resig's book.  I'm definitely not what I'd consider to be proficient, though.  In today's development world, that's like saying, "I like computers, it's just that pesky keyboard and mouse I'm not comfortable with."

Ruby on Rails - I figure an additional tool in my toolbox couldn't hurt.  It was either that or Python/Django, and I'm not a fan of the idea of whitespace actually conveying meaning.

Longer term things:

Learn a functional language - Thinking F# is the way to go.  I mean, I already have it with VS.  Might as well learn it.

Make a game - I'm probably the only programmer nerd on the planet that's never made a completely functional, simple game.  I had the skeleton of a web-based, turn-based RPG written in ASP.NET web forms (yeah, getting to that point was as painful as it sounds), but it lies languishing on my HDD.  Since I hate web forms, I doubt I'll touch it again.  So, some kind of Tetris/Breakout clone, written either in C++ or XNA.

I'll have a plate of awesome, with a side order of shit

This post is about the Mass Effect 3 ending.  Needless to say, SPOILERS ahead.  Read at your own peril.










I beat Mass Effect 3 yesterday.  After having slept on it, I think I'm ready to talk about the ending.  First, a quick summary:

The end forces Shepard to return to earth.  Turns out the Citadel is the Catalyst, and an indoctrinated Illusive Man informed the Reapers of this fact.  The Reapers, wanting to protect themselves, take control of the Citadel, fly it to the safest area of Reaper controlled space, which is earth.  Shepard meets up with Anderson in London, and must get to the new Conduit in order to open the Citadel arms to allow the Crucible to dock.  It's a nice return to the end mission of ME1, albeit with higher stakes.

During the push to the Conduit, Harbinger lands and starts zapping people.  Shepard and his squad get caught in the blast.  Fade to white.  You take control of a broken, burned, bloodied Shepard after he regains consciousness.  He grabs a pistol, and it's up to the player to make him limp to the Conduit, shooting at Husks and other Reaper forces on the way.

When you teleport to the Citadel, Anderson is there somehow.  He and Shepard make it to a control panel, when a Huskified Illusive Man takes control of both Shepard and Anderson.  He forces Shepard to shoot Anderson (looks like it's a stomach wound... apparently this happens only if your effective fleet strength is 5000+), but later dies himself, either due to Shepard shooting him, or suicide a la Saren in ME1, depending on dialogue choices (which is another great nod to the original).

A dying duo of Shepard and Anderson sit next to each other and reminisce while watching earth and the fight.  Anderson succumbs to his wound.  Hackett calls, informing Shepard that while the Crucible is docked, nothing is happening.  Shepard crawls toward the control panel, but loses consciousness right before it.  The floor beneath Shepard turns white, and lifts him toward the heavens....

...into another part of the Citadel.  A ghostlike entity resembling the child from the opening segment of the game/Shepard's nightmares appears, and forces him to wake up.  The entity explains that he is a representation of the Catalyst, and that it/the Reapers were built to protect organic life.  According to him, organics always create synthetic life, which, in turn, attempts to destroy its creators.  The Reapers harvest the advanced civilizations, where they sort of live on in the form of another Reaper.

Since the Crucible was successfully built, and Shepard allowed it to dock, he essentially broke that cycle, and must now choose how to proceed.  The Crucible will allow him to:

1. Control the Reapers at the expense of his life
2. Destroy ALL synthetic life, including the Geth and EDI
3. Synthesis - merge the building blocks of organic and synthetic life into the next evolutionary step

In all three, the Mass Relays are destroyed, as they spread the Crucible's signal/energy through the galaxy.

Regardless of the player's choice, the next scene has the Normandy trying to escape the energy wave, only to be caught by it.  The ship crashes on an unknown planet, and Joker and a couple of crew members exit the ship to take a look at where they are.

Credits.

After the credits, on what looks to be the same planet (at night), two silhouettes - an adult and child - look to the moons.  The adult (voiced by Buzz Aldrin) talks about the infinite wonders of the galaxy.  The child wants to hear more about 'The Shepard'.  The game then loads back up to the point before the assault on the Cerberus base.

---

Personally, I liked the ending until the Catalyst ghost entity infodumped the entire thing to me.  The very last segment bothered me for a number of reasons:

1. In my game(s), I tend to play a predominantly Paragon Shepard.  He's a peacemaker, a person looking to unite the galaxy against a real threat.  As such, I got him to broker peace between the Quarians and Geth (yay, two fleets!).  Doesn't that show that there can be peace between organics and synthetics?  Why isn't there dialogue to reflect that option?

Also, the Geth didn't rise up for the hell of it.  They acted in self-defense, then fled behind the Veil.  Their later aggression was fueled by the Reapers themselves.  Why is none of that addressed?

2. The same basic ending happens, regardless of what you do: Reapers pacified, mass relays destroyed, Normandy crashed.  The whole idea of the series is to force the player to make choices that will have consequences later on.  We never see the consequence of the last choice, which is incredibly unfulfilling.  Since the same basic progression happens regardless of the choice you make, the choice itself seems pointless.

3. The Reapers supposedly save advanced organic races by harvesting them, turning the individual members of those societies into grey sludge, and combing them all into a techno-organic form.  What happens to the synthetic races after that?  Do the Reapers just destroy them?  Again, not addressed.

EDIT: And, really, why do the Reapers harvest organics at all?  Why not simply destroy synthetics when they inevitably revolt?

4. The Reaper reveal fell a bit flat as it came in the form of an infodump.  It would have worked better, IMO, as a slow burn.  Reveal some of it after obtaining the Mars data, and again on Thessia.  Really question if using the Crucible is a wise move.  Do more than:

"We don't know what it does."
"Well, we have no choice."
"Okay."

Using the Crucible itself should represent a choice, really.

5. There's a way to keep Shepard alive.  Have an effective fleet strength of 5000+ and chose the destroy option.  After everything is done, there's an extra scene of Shepard, buried beneath rubble in London(!), taking a big inhale.  And, apparently, it's a save state flag....

There are a couple things odd with that:

A. The Catalyst explicitly tells you that the destroy option will destroy ALL synthetic life.  Shepard is a cyborg.

B. What is he doing in London, seeing as how the Citadel blows up?

Rumors/theories are flying that the dreams Shepard was having is a sign of him being indoctrinated (he was rebuilt with Reaper tech...), and that after Harbinger's blast, he simply lost consciousness.  And, there will be new DLC/a patch/new game to address it.  I doubt it, but it is definitely odd.

---

So, there you have it.  My early morning rambling thoughts on Mass Effect 3's ending.  For the record, I loved 99% of the game.  I haven't felt these kinds of emotions since Xenogears.  It's just the ending I didn't like.

Nerd musings as I wait

Not much to talk about re: web development.  I'm waiting for one client to get back to me about an e-commerce project, and waiting for another client to pay me.  Mass Effect comes out tomorrow (hell yeah!), and, well, that's about it.

With that said, I figured I might as well blabber about one of my favorite games of all times: Xenogears.

Xenogears was released by Squaresoft (before it became Square-Enix) in 1998.  This was pretty much the Golden Age of Square, with Final Fantasy VII and Final Fantasy Tactics being released in this era, as well as Square's marked Christianity criticism era, as Final Fantasy Tactics, Vagrant Story, and Xenogears were all pretty scathing in their own way towards the Church (apologies if that sentence made no sense... it's 8:30 AM).

Xenogears (XG from now on, as I'm lazy) is a sci-fi epic, and it's also a gigantic, loveable mess.  It's incredibly ambitious.  It was also so over-budget that the 2nd disc is primarily the two main characters sitting in a chair talking about what happened, as the actual dungeons/events could not be finished in time.  It features robots and a giant pink...thing getting crucified.  It's filled with warts and facepalm worthy moments (I'm looking at you, Soylent System), and yet, in its own bizarre way, it works.

SPOILERS from here on.

XG's main premise is simple enough.  Sometime way in the future, the starship Eldridge was transporting a biological weapon - Deus - to some planet.  En route, Deus gained sentience, woke up, took over the ship, and started killing everyone on board.  The captain (who looked an awful lot like the captain of the SDF-1 in Robotech/Macross), left with no alternative, engaged the self-destruct.  The debris fell to an unknown planet.  See below (sorry for the crappy quality):

From there, the game skips forward several thousand years.  Humanity is the dominant species.  Old technology from the Eldridge - including mechs called Gears - are found, and are in somewhat common use.  Most are utilitarian models, but the various nation militaries have combat models.  What's more, technology has advanced to the point where new ones can be developed.

Gears are maintained by the Ethos, the world's dominant church (dun-dun-DUN).  Of course, the Ethos is actually a covert arm of Solaris, a technologically advanced, secret nation in the sky that uses surface dwellers as a renewable resource.  Yeah, the setting is batshit crazy.

So, there's the setup.  Here's why the game is awesome:

The characters.  There's a large cast, but almost all get their moment to shine.  They all have clear personalities, and are almost all memorable.  Even the NPCs are well done, and very few feel one-dimensional.  The villains are all flavorful, and have various motivations.

The plot.  There are many layers to the story, and XG is probably one of the best at balancing the incredibly epic with the deeply personal.  At its core, XG is a love story, and a very well written one at that.  JRPG fans tend to point to FF VIII or FF X as the best love stories in the genre.  They can't hold a candle to XG.  More spoilers:

The protagonist, Fei Fong Wong (whom I use as my Twitter avatar), and his love interest, Elhaym Van Houten (Elly), are trapped in an Eternal Return.  Through the ages, they're born, meet, and fall in love.  Every time, their relationship ends tragically, usually with one of them dying.  What's worse is that, as time goes on, they start gaining the memories of their past lives.  That tragedy, and the madness it causes, leads to the creation of one of the main villains.  The cycle itself is explained in pseudo-scientific terms (the best kind!), and opens up questions about fate and free will.  It's all well done, with small reveals here and there building to a crescendo.

Of course there's more to the game than that.  It pokes at the ideas of God, faith, death, sacrifice, etc.  It's a very dense story, but mostly orchestrated well.

The music.  Yasunori Mitsuda is a video game music master.  His holy trinity includes Chrono Trigger, Xenogears, and Chrono Cross.  Some examples:

Again, objectively, the game has plenty of flaws.  Despite them, I love it.  It's the shame the second disc will likely never get fleshed out, as a lot of big things (read: thousands-millions die) happen, but it's all off-screen.  That said, check it out if you have a PS3 and don't mind pixelated sprites.  It's available on the PSN.

And now for something completely different - how I'd fix the Final Fantasy series

First, a professional update: I haven't had much time to dabble with .NET lately since I've been doing PHP work for two different clients.  That said, my MVC projects are still going forward.  They're just on hiatus.

Okay, so that said, now to the meat of this post.

I decided to bite the bullet and play the Final Fantasy XIII-2 (there's a catchy name) demo this afternoon.  I was curious to see if all of the negativity surrounding XIII-proper was justified, even though fans of the series (which I used to be) told me that the demo fixed a lot of what was wrong with the original game.  Having now played (but not finished...) the demo, my response can only be: really?  The sequel's demo shows improvement over the original?  Man....

First, a quick rundown of my problems with the demo:

For starters, it's confusing/convoluted as hell.  The main characters in the demo don't have much in terms of personality or character, aside from being really, really earnest.  The backstory presented in the menu says that the girl's older sister saved the world 3 years ago, but disappeared.  The boy is a time traveler.  Shenanigans await the duo.  Of course, that's all couched in made up words and terms like fal'cie, l'cie, etc.  I was hoping for a pop'cicle, but no dice.

Combat was...odd.  It's a weird mix of a watered down job system and gambit (Bioware fans - DA tactics, but not nearly as well implemented) system.  Characters have roles - like Commando, Ravager, Sentinel, etc. - which gives them access to certain abilities.  Combinations of these jobs (like, setting the girl as Medic and the guy as Commando) are called Paradigms.  These Paradigms can be changed on the fly by pressing LB/L1 and selecting a new mix.  Cleverly(?), this is known as a Paradigm Shift. 

Confused yet?  It actually makes sense in play.  Unfortunately, since the game rewards speed, generally all one needs to do is select Auto Attack, which will let the AI do what it thinks is best.  As a longtime fan of the FF series, this strikes me as funny.  The series has always been derided for its combat because in the vast majority of cases simply choosing Attack is the most efficient way to progress.  XIII adds all these layers to combat, yet Auto Attack is still the best option.  I've heard that Paradigm Shifting is necessary for the endgame/hidden content, but still, press A/X to win is still the name of the game 25 years after the original Final Fantasy was released.

There are some other small things, like the camera being too close to the characters while walking, the continued existence of battle screens, poor UI, etc.  Ultimately, as I played the demo, one thought kept repeating itself in my head - for a game that's all about speed (battles are timed, the pace in battles is the fastest its ever been in a FF game), it sure is slow.  Walking around is boring.  Conversations are needlessly wordy.  There's no emotion aside from a vague desire to stop/find something/someone.  And as someone who can handle, and even enjoy, badly paced games (hello Xenogears and Xenosaga), that's saying something.

---

So, how would I change things?

First, remove random encounters.  They've never been challenging, and they're really just a time sink.  All encounters should be relevant to the main plot or side quest.  Since that would likely limit the number of encounters, make them more difficult.  Ultimately, the goal should be to make encounters meaningful.  Having to kill a group of imps every 10-20 steps only serves to annoy the player.

Second, give the player multiple ways to complete a quest.  Final Fantasy quests fall into three categories:

Ultimate weapon/summoned monster quests, which require a bit of exploration and a lot of annoying mini-games.

Fetch/return quests.

Combat.

Sometimes they're mixed together (do hidden thing X, take secret thing Y, and kill super monster Z), but those are the general categories.  While there is something to be said about solving a convoluted puzzle (and, really, classic gaming is all about that), they feel increasingly rigid in settings as large and detailed as a FF game's.

Third, better character balance.  FF characters have the annoying tendency to be functionally the same (see: FF VI, VII, VIII, XII (to a certain extent)).  Jobs (character classes - fighter, white mage, black mage, ninja, etc.) are a great way to provide party balance, as they force the player to define roles for their characters early on.  Deviating from those roles is exceedingly inefficient, and not worth the hassle (unless you're playing a FF Tactics game, which is a different can of worms).

The problem with jobs is that there's not a lot of choice within the jobs themselves.  Usually, players will choose a job to learn key abilities, then ditch it for another. 

I suggest going the opposite route: have characters be locked into their jobs, but give the player a myriad of abilities to choose from.  From a story perspective, it makes more sense - a highly trained warrior isn't going to say "You know what?  I'm going to be a mystic healer today." - and it gives each character a role to call their own, eliminating the sameness problem.

My final suggestion deals with plot and presentation.  FF games have been pretty batshit insane/convoluted over the last 15 years or so.  Not that that's bad in and of itself.  My problem is that, generally speaking, whatever good ideas are in a FF story are buried under a mound of jargon and/or minutia, to say nothing of the Japanese-style "Say, don't show" storytelling.  If we're talking economy of plot, FF games need some TARP money.

Obviously, a good deal of this is cultural, so I'm trying to tread carefully.  That said, the older, technologically limited games in the series still had insane stories, but they were conveyed in a more concise, and thus more powerful, way.  Hell, IV's endgame has the heroes fly to a moon in a damn whale-shaped spaceship.  The moon is also a spaceship.  Crazy is part of the series, and I wouldn't want it any other way.

Unfortunately, the games have become increasingly suffocating.  The signal-to-noise ratio has dipped to 24.4k modem levels, complete with shrieking sound.  There are whole sections of IX, X, and XII that could be removed without affecting the plot at all.  That, to me, is a very large problem, and one that seems to be getting worse as the series moves on.

So, to tie this back to my first suggestion, make things meaningful.  This doesn't mean that everything must tie into the main plot.  I love side quests that flesh out settings and characters, even if it doesn't move the main plot forward an inch.  Just, remove the crap and clutter.  Let the setting and characters breathe.  Don't be afraid of emotions beyond earnestness, vague evil, and the ever Japanese protection promise.  Make the world's heart and soul shine as much as its graphics.