Behavior Trees

The general design in Unity is to write multiple behavior scripts, and attach them to a game object.  For example, a "rotate" script and a "shoot-at-anything-that-gets-close" script are attached to an object separately, rather than combining all behaviors into one script.

I like this approach - until an object needs to only apply behaviors selectively.  At that point I realized a finite state machine (FSM) was probably the way to go.  If an object had several scripts attached to it, there would need to be an FSM script which messaged all the other scripts so they knew what state the object was in.  Ugly.

Fine - ask Dr. Google.

People are still using FSMs out there - but the new glorious technology now seems to be Behavior Trees (BT).

I'm just beginning to teach myself about this tool.  There is some comparison between BT and hierarchical finite state machines (HFSM) - the latter which I have no experience with.

An FSM will go from state to state with transition events, and have the capacity to become a fascinating conversation piece among the more super-genius programmers spaghetti nightmare.  Even very simple FSMs can be painful to look at.

BT appears to remove some of the FSM free-form.  They seem to provide a framework of limited logic-flow.  It makes me wonder if eventually processors will be optimized around BT - because it looks like a sort of graphical programming language.  More importantly, it looks like a new way of thinking and building engines.

Here is the best summary page I've found so far (and an excellent blog overall on the subject):

http://aigamedev.com/open/articles/popular-behavior-tree-design/

Browser Sandboxing

"Dad?  What's the safest way to browse the internet?"

"Oh.. borrow your friend's PC.  After you finish browsing, ask them to re-install everything.  Do this every day."


Have you ever wished you had a friend who was this kind?

Here's how.  Please take a close look at this screenshot:

This screenshot was taken from Windows Vista (see the tab at the bottom), running VirtualBox, which is running Linux Mint 12, which has Firefox browsing webpages and AdBlock Pro installed.
It is not the fastest way to browse the web.  But it is the safest.


Why would you want to do this?

The advantage to running a virtual machine (VirtualBox, VMWare, there are many to choose from) - is that it sandboxes whatever applications are running on the machine.  It's easy to take a snapshot of the machine's state and revert to that snapshot later.

Can't you do that in Windows?  Yes.  Sort of.  Windows has System Restore - but it has it's problems.

Windows System Restore automatically creates restore points, that allows reverting the state of executable files.  There are many details of System Restore I won't go into - nor claim to know anything about.  What's important is - it's all automatic.  If you wait a month or two, old restore points will be overwritten with newer restore points.

If you inadvertently install malware, if it isn't detected before an old enough restore point is overwritten, the only mechanism for removing the virus is an AntiVirus (AV) program, or manually.  So you're at the mercy of AV and websites to keep your browsing safe.

Also, System Restore is a time consuming process.  You might not want to spend 10 minutes every day restoring your system to a restore point.  With VirtualBox, restore points snapshots can be restored relatively quickly, depending on the size of the virtual machine.  I've got Linux Mint set up on a small, 8GB drive, so snapshots take about 15 seconds to save and restore.


My Horror Story

Last week I was getting ready to do my taxes on my laptop, when, browsing to yahoo.com to check e-mail, the website returned with "Welcome to nginx!".  After looking into this problem for several hours, it became clear that:

1) no antivirus program website says anything about "Welcome to nginx!"

2) the anti-spamware program I was using didn't find all the cookies that another program found

3) the process for fixing "Welcome to nginx!" involved posting log output onto a forum and waiting for experts to respond with recommendations

4) "Welcome to nginx!" issues have been showing up for several years now, with apparently many different causes


Number 3 killed me.  I didn't have several weeks to figure out what was wrong with my laptop - I needed to go forward with my taxes right away.  And doing my taxes on a potentially infected machine was not an option.

 Time to format the hard-drive and re-install the whole laptop from the ground up!

I suppose I could have relied on System Restore - but even if I reverted to the oldest restore point, there was no way to know if my system would be clean, because the source of the problem couldn't be found.


Using VirtualBox as a Sandboxed Browser

At this point it became clear that I would always be at the mercy of someone else to keep my system clean.  Websites have to be free of malware.  Antivirus programs have to stay up to date.  It's an endless cycle of malware development and anti-malware response.

The source of all malware is almost always the internet.  The only alternative is someone giving you a CD/DVD/USB disk that is infected.


So why not uninstall the browser from the main OS?  This is exactly what running the browser exclusively on a virtual machine allows you to do.  For most browsing it does the job quite adequately.


Do It Yourself Steps

Here's how:

- Download VirtualBox (or whatever virtual machine you like best).  [If you like another virtual machine better - please tell me and I might switch.]

https://www.virtualbox.org/wiki/Downloads

- Download Linux Mint (or whatever OS you like best).  [I like Linux Mint because it's free, and it comes with Flash Player, and websites like youtube and vimeo work fine.]
  Download the iso image, which VirtualBox can open just as if it was an installation CD/DVD.  You can also burn the iso image to a CD if you like - but it isn't required.

http://www.linuxmint.com/download.php (DVD, 32-bit - or try the others)


- Create a virtual machine in VirtualBox, set it up as recommended (1024MB RAM might be overkill, but it's what I'm using, and an 8GB disk, although smaller might reduce snapshot saving/recovering).

- Run the virtual machine in VirtualBox.  This will bring up the first boot wizard and you can select the Linux Mint ISO file as a boot in the browse folder button.  This is identical to booting a machine from a CD.  Linux Mint should come up (it may require you to create a user account before logging in - just follow the steps).

- Install Linux Mint onto the virtual machine.  Once the OS is up, you'll be tempted to run various apps - go ahead.  But it's still running like an OS from a CD.  The Install To Harddrive should be right there on the desktop which will start the process of installation.  Run this.  Answer all the questions.  Wait for it to install, which takes about 20 minutes or longer.  After the install is finished and Linux has booted up from the hard-drive,  you can add the Guest Additions

- Install Guest Additions and a File Share.  If you want to transfer files between your main OS and the virtual machine, install the guest additions from VirtualBox (not from Linux) - it's in the Devices pull down menu.  It will start an app and it might complain "are you sure?" - type "yes" and hit return.  When this has finished, you should be able to create a file share from VirtualBox as part of the virtual machine's settings.  [If you took any machine snapshots before this, it may complain that the machine is not mutable and can't add a share, so do this before taking any snapshots.]

 I created a file share called VirtualBoxShare.  At this point, I could open a terminal (UXTERM or some such) and type "su" to log in as superuser, then type "ls /media" and sf_VirtualBoxShare shows up in the list.

- Mount the file share.  This is optional.  As superuser, you can transfer files around, but if you want access from the regular account, log in as su, and type "mount -t vboxsf VirtualBoxShare /home/<your username>/ShareDir" where you replace ShareDir with whatever directory you want, and <your username> with whatever your username is.  If this doesn't work, try just typing "mount" to see all the mounts available and find the file share that VirtualBox created in the previous step.  "chmod 777 /home/<your username>/ShareDir" or "chmod 777 /media/sf_VirtualBoxShare" might help too...


Bask In the Boundless Safety of Sandboxed Browsing

That's it.  From there it was easy to take a screenshot from Windows, paste it into Paint, and save the file into the VirtualBoxShare directory I had set up on VirtualBox, then open Firefox from Linux Mint, log into blogger.com and post that picture by selecting it from ShareDir - the directory I had mounted.

[And at this point, there's really no more need for any browser in Windows.  All file downloading can take place in the virtual machine, and files saved in the file share if you want to run them from Windows.]


Don't forget to take a snapshot of the disk image.  Then upon closing the virtual machine, restore to the snapshot.  Any malware that might infect the machine after taking a snapshot is wiped out in the few seconds it takes to restore to the snapshot.

Making an executable difficult to hack

Apparently it's relatively trivial to take any exe file, use disassembler and a binary editor, and modify it.  This is how cracked versions of code get published via torrent websites.

So either the exe has to be tiny, and the user always has to download it from a server to run it - but I think even that can be cracked relatively easily.  If you use an exe checksum, then the code that forms a response that uses the checksum could be modded to respond with the correct checksum - but at least that executable would have to cracked for every new version, and if the server is capable of generating a new executable every day - then it's too much trouble to have it cracked.  Creating a script that modifies the exe checksum every day seems like it would be easy to do.  But it also raises the server bandwidth.

Another approach is to have self-modifying code that consists of assembly language embedded in a table and written to an area of memory to be executed.  Fine so they modify the table.  Now if it resides in 10,000 different tables (maybe use a perl/etc script to generate the tables) to obfuscate the assembly code, it requires much more work to crack.  This begins to get into the realm of "if you code this - you're crazy" and "if you crack this - you've really earned some sort of easter egg that asks you and anyone running the cracked version to at least donate to charity".

I might wind up with the common model - all code is crackable, but most of the population is honest, and half the people running cracked code only want to know precisely what it is they would be paying for if they bought the product.  And it probably helps ALOT to maintain an attitude of humility.  Am I going to go broke if some people hack my code?  What the whole problem means at the most fundamental level - work for me, and the cracker - work that could have been used more productively, and increased burden on honest users, is something to continually keep in mind.

If you have ideas, or find interesting threads on the subject - maybe something to look at.

Achievements versus Visions

I recently had a friend recommend I develop a game for the Microsoft Phone 7 platform.  So I started to look into it.  From only a small amount of digging, I found it would probably mean development in XNA, rather than Unity.  This is fine.

What stood out to me in one of the youtube "Here are all the cool games we have for MP7!" videos, was that they mention "Achievements".  This was a feature in Xbox360.  They are sort of like badges you can earn, and then when someone looks at your game profile (like all those girls who keep checking out which guys have earned the best achievements)...  well you get the picture.  Achievements are essentially a marketing tool to promote the platform, and they also provide the gamer a benefit in that they add visibility to parts of the game that haven't been reached yet.

This reminds me of my resume.  I get to take that resume to an interview, and the interviewer looks it over and says "so tell me about such and such".  But painful as it seems - it's true.  I really don't care about such and such.  Because that was yesterday's news.  And yes, it probably comes through in my voice.

So now I'm in the middle of creating a game.  I think it's worth going broke for.  Call me crazy.  And one of the features I'm looking forward to putting into the game is "Visions".  Instead of telling the player "You've gained the following worthless Achievment!" I'm going to tell them "You've gained the following Vision!"  The player gains a Vision BEFORE they work on a level or puzzle.

You see, having a vision really IS something.  It's the ability for full engagement in something you want to make happen.  That engagement will make you forget to eat, forget to sleep, forget that person who cut you off while driving to work this morning.  "Without Vision, the people perish."

Javascript Doesn't have Goto

Think that Goto is never needed in code?

Here:

if (conditionA) {

   if (conditionB) {

      if(conditionD) {

         codeD();

      }

   } else {

      codeNotB();

   }

} else {

   if (conditionC) {

      // wouldn't it be nice to put a Goto to the test in conditionD above?

      if(conditionD) {

         codeD();

      }

   } else {

      codeNotC();

   }

}

I'm encountering exactly this.  Obviously I could add a function - but it's messy when there are many nested for loops and variables that will have to be passed, and a Goto would be so simple.  Sorry - not in Javascript.

Wish I had switched to C# (which does support goto).  Ugh!

Having a Great Vision

I was recently chatting with a friend about stock trading, where the markets are going, how to survive.  He said "I think working is actually more fun."  I answered "especially when you have a Great Vision." And he replied "Great Vision comes from having an understanding of the technology."

This is absolutely true.  Until you work through technology to the point of clarity of "what is possible?", every little vision will remain foggy.  Your attitude will be horrible: "How the hell can I do that?" and then there's doubt that it can even be done.  Ghosts live their whole lives this way, going from one doubt to the next.  Shriveling away over what couldn't be done.  What a pitiful way to live!  Don't keep company with them.  Don't listen to them.  Don't take on their attitudes.

It takes a lot of digging and finding out what it's going to take.  But once that's clear, then it's just a matter of time, and doing what needs to be done, and the momentum is there that nothing can get in the way of making it happen.  It becomes very focused, and life consuming.

In fact, once that takes place, life becomes completely and wonderfully different: from living in doubt, to living with resolve.

DOS attack mitigation for Google App Engine

Maybe there's a better way - so please feel free to post comments.

For a relatively light loaded app engine server, tracking heavy request loads from the same IP address should be trivial.  This server then would respond to periodic (30 seconds or so) queries from an upload PC asking what IP addresses need to be blocked, and the upload PC issue an "appcfg.py update_dos myapp/" (pipe in your password with --passin, and use the -e <emailaddress> option) to block the app engine server from the DOS attack.